817-677-0515 [email protected]
Insider Threats Matter – Part One

Insider Threats Matter – Part One

Insider ThreatsMost companies recognize the security threats from outside their own organization – maybe it’s Chinese hackers trying to steal their trade secrets, or perhaps it’s a Russian organized crime ring trying to steal credit cards.  As an industry, we in the Information technology field have been doing a decent job trying to educate business owners and decision makers about the need for security.  It’s been a long road for some of us (I started down this path nearly 20 years ago), but finally, we are starting to see significant improvements in the area of security awareness.

What about Insider Threats?

But what about the “Insider Threats” from within an organization?  Do you have people working for/with you that are detrimental to your important business data health?  Are they very careless with sensitive information that could be used for malicious or nefarious purposes?  How do you know people are taking the right precautions to protect this data or information?

Security breaches from the inside – depending on which report you read – can be up to 90% of the actual threat to your business.  Why is it so high you might ask?  Well, consider the “attack footprint” or surface area by which someone can access sensitive data.  From the outside looking in, assuming you have the proper security in place, there shouldn’t be much that an outsider can get access to.  You have a website (probably hosted by some other company) and you have email (again, hosted by someone else).  However, your employees have access to everything.  Databases of customer information, spreadsheets full of data, technical drawings, credit card and account information – a veritable cornucopia of information that makes your business who you are.  And all available to someone working on the inside.

So what can you do to minimize the Insider Threats to your data but still allow the business to run? Surprisingly, quite a bit.  The hard part is identifying the vulnerable areas and determining a path to help prevent the Insider Threat from compromising your business. We will explore this further in Part 2.

To learn more about the Insider Threats in your company, contact us today at [email protected] or 817-668-6995.

6 Ways to Stay Secure Online

6 Ways to Stay Secure Online

1. Hook up to a network that you know.

Free Wi-Fi is tempting, but be sure that you consider who is providing the connection. Public connections at the local coffee shop are usually unsecured and leave your machine open to outsiders. While these networks provide a convenience, there are risks to be aware of.

2. Bank and shop with caution.

Shopping from familiar websites is a good place to start. Stick with the reputable sites that are tried and true – like Amazon or eBay. Also, when checking out and finalizing the purchase, look for the ‘padlock’ symbol or the abbreviation ‘https’ in the address bar at the top of your browser. This will ensure that you are on a secure, encrypted part of this webpage. Keeping an eye on your bank statements for suspicious activity is always a good idea, among these other best practices for shopping online.

3. Use secure passwords.

Passwords for logging into any website should contain a mix of letters, numbers, and special characters – as well as be different for each website that you log into. It can definitely be a pain to remember all of these passwords, but ask yourself which is more of a pain – remembering these, or recovering stolen personal information.

4. Lock Your Computer.

TOG Computer SecurityWhen you walk away from your machine, lock it. In Windows, it is as easy as pressing the Windows key + L. On an Apple Mac, pressing “Control+Shift+Eject” will do the trick (unless you do not have an optical drive, then you can hit the “Power” key instead of “Eject”). This practice would be the equivalent to deadbolting the front door of your home. It acts as a deterrent to the bad guys as well as a line of defense. You should also setup a password lock on your Apple or Windows machine as well.

5. Do not click on anything unfamiliar.

If an offer is too good to be true, it probably is. If you get an email from an unknown source, do not click any of the links within it – and immediately report it to whomever provides IT support to your business. If a window pops up while browsing a website, immediately close it. Familiarity is always your friend. Using your judgment and trusting your gut is the ultimate defense when online. Always play it safe!

6. Use quality anti-virus and anti-malware software.

Make sure you’re using a good quality anti-virus and anti-malware software. The free versions, while appealing, simply do not offer enough protection for today’s threats. Spend some money and save yourself grief. Or better yet, use a Managed Service Provider to manage your computer security.

3 Ways to Boost Mobile Device Security

3 Ways to Boost Mobile Device Security

1. Set a pin or passcode.

This is your first line of defense. If someone wants to access your device, they will first need to break this code. This is not an easy task (as evidenced recently by the FBI being unable to break into the San Bernardino shooter’s iPhone), and can operate as a deterrent against theft. Some device manufacturers have an option to automatically wipe your device after a few unsuccessful attempts at your passcode or pin; so, even if your phone is stolen, your information cannot be accessed. As long as you backup your phone (you are doing this, right?), you should have this particular feature enabled on your phone. For the best security for your business, you should look for Managed Service Providers (MSP) that offer mobile device management (MDM) in their portfolio of services.

2. Remote locate and wipe tools.

3 Ways to Boost Mobile Device SecurityThere are thousands of applications out there, and many involve more than just crushing candy or shooting birds at pigs. Certain software can help you locate your lost or stolen device through its GPS. Apple offers a service like this for their mobile devices aptly named Find my iPhone. For Android users, the Android Device Manager offers these services. Windows Mobile users also have this option from the Windows Phone website. Similarly, many third party applications are available in each of the app stores.

3. Keep your device clean.

Utilizing an Antivirus and Malware scanner is never a bad idea. Your phones are mini-computers, and just like your “big” computer – they need to be cleaned up from time to time. Malware and Virus threats can compromise information stored on your mobile devices. Malware has a snowball effect, and can continuously pile up until it slows downs or stops your device. Look for an MSP that offers Malwarebytes as a solution to this problem for both mobile devices and computers. It will keep your end points clean and secure from outsiders. Consider Webroot as an antivirus application that scans your downloaded apps and devices for any threats. Many MSPs offer Webroot antivirus in their managed IT services package. Equipped with Internet security, this defense will give you a heads up if it detects any malicious activity from your device’s browser.