by Ross Sivertsen | Dec 18, 2022 | Blog, Business, Information Security
Cybersecurity is a major concern for small businesses, especially as hackers’ techniques have become more sophisticated. Cyberattacks are evolving at a faster rate than companies can keep up with, and because of resource constraints, IT infrastructure is not always built to adjust to new threats.
We know cyberattacks happen when businesses don’t take the precautions to protect their data, and too many small businesses are still not taking the precautions to protect themselves.
Many times, small business people have difficulty articulating their concerns beyond “being hacked”. In the end, it comes down to “inadequate security measures” is the number one concern for small business.
All that to say…
The top 5 cybersecurity concerns for small business are:
- Protecting employee and customer data
- Hacking and malware attacks
- Data breaches
- Incorrectly configuring devices
- Lack of awareness
- Ok, that’s interesting, so what? What can small businesses do to protect themselves?
Let’s look at what issues need addressing.
- Weak passwords: It is important for small businesses to use strong, unique passwords for all accounts and regularly update them. Using the same password for multiple accounts or using weak passwords makes it easier for hackers to gain access to sensitive information.
- Lack of security protocols: Small businesses should have a clear set of security protocols in place to protect against cyber threats. This includes things like installing firewall and antivirus software, regularly updating software and applications, and educating employees on how to identify and prevent cyber attacks.
- Lack of backup and recovery plans: Small businesses should have a plan in place to backup and recover data in the event of a cyber attack or other disaster. This can include regularly backing up data to an offsite location and having a recovery plan in place to get the business back up and running as quickly as possible.
- Inadequate training for employees: Employees are often the first line of defense against cyber attacks. It is important for small businesses to provide regular training to employees on how to identify and prevent cyber threats, such as phishing attacks and malware.
- Lack of security for remote workers: With more and more businesses transitioning to remote work, it is important for small businesses to have secure protocols in place to protect remote workers. This includes providing secure access to company networks and data, as well as training employees on how securely accessing and share sensitive information when working remotely.
by Ross Sivertsen | Jun 6, 2015 | Blog, Business, Information Security, Web/Tech
In March of this year, I appeared on stage at the North American CIO Summit at Microsoft headquarters in Redmond, Wa, delivering a talk on the challenges of information protection and Cybersecurity for global mid-market companies.
After the presentation, I was interviewed by Channel 9 the Microsoft Technology Showcase channel.
Here are excerpts from the interview and a link to the Channel 9 page (below):
http://lrs.ms/MS_MTDS
by Ross Sivertsen | Mar 19, 2015 | Blog, Information Security
This isn’t going to come as any surprise to any of you reading these messages from me; simply file this little tidbit as ‘par for the course.’
Premera Blue Cross Blue Shield revealed that it was a vector for an attack that exposed health records of some 11 million of it’s customers.
In a WSJ article a couple of weeks ago, Kaspersky Lab ZAO (the Russian security firm with antivirus of the same name) revealed that organized criminals have stolen millions of dollars from US and Eastern European banks over the last two years.
Some of the most revealing information is that the culprits have been identified (as it appears) Chinese nationals. Certainly this information can be faked, but the important information I want to pass along is the dynamic and rapidly evolving landscape of computer crime.
I’m frequently asked “why should I care about the attack on an insurance company like Premera or Anthem; they don’t really have financial information.”
The reality is folks, that the people stealing this information not only have taken identity information from these companies, they’ve taken medical records. The use of which can be used for everything from unfair competitive advantage or blackmail for some individuals who have sensitive medical information they would rather not be revealed.
What was once considered targets of opportunity and the hacking attempts of ‘script kiddies’ are now sovereign nations and organized crime attacking targets of choice.
Certainly this doesn’t come as any surprise to any of you, this information stolen globally affects all of us. But here’s a scary thought for all of us… The attacks we hear about, the viruses and trojans we discover, are the attacks that have FAILED. In fact the environment is so target rich that the scale is still tipped far in the attackers favor.
So as I’ve sent out my first three tips, they all appear VERY basic, but they are the foundation of good information protection practices. My next tip will focus on the use of multi-factor authentication.
http://lrs.ms/EastEuropeHacks
http://lrs.ms/PremeraBCBSHack
http://lrs.ms/InfoSecTip1
http://lrs.ms/InfoSecTip2
http://lrs.ms/InfoSecTip3
by Ross Sivertsen | Feb 12, 2015 | Blog, Information Security
Physical hardware does not need to leave your possession for data to be compromised, particularly when you’re using equipment or network connections in public internet cafes, business centers, airports or hotels.
It is not uncommon to find spyware on such PCs. Many users may have plugged USB sticks into such computers to aid data transfer, but this is in itself a possible source of infection.
It may come as a surprise to know that a business center in a hotel can often be less securely managed than a street cybercafé like Starbucks. And when it comes to the wireless internet facilities available in hotels ad other public areas, it is easy for anyone to set up a fake WiFi network and encourage people to connect to it to capture sensitive information.
Consider using a VPN; I use a VPN on my mobile devices and laptops when ever and where ever I go. There are several good inexpensive options. I use Private Internet Access
First of all make sure your personal firewall is turned on for your PC, both PCs and Macs have them.
If you don’t have a data tethering plan on your mobile device, consider getting one and use it in place of connecting to a public WiFi
Finally you might simply want to consider only using certain sites when connecting to a public WiFi access point.
http://lrs.ms/DataSecureTravel
http://lrs.ms/SecurePublicWifi
http://lrs.ms/VPNReviews
by Ross Sivertsen | Feb 6, 2015 | Blog, Information Security
90% of all passwords are vulnerable
it takes 5 minutes to go from hackable to uncrackable… (Look I know these sound like the fundamentals but you’d be surprised at what I see people do).
In fact over a long enough timeline every passwords security drops to zero.
(Thank you passwordday.org for allowing me to shamelessly plagiarize this first paragraph)
Surprisingly you would think those who were brought up in the age of always having a computer nearby, The Millennials, would think this is as old hat as the advice to use condoms or not smoke (both of which many choose to ignore anyway), but the statistics show otherwise. Only 41% them and their neighbors the Gen X’ers changed their passwords ever or only when prompted.
http://lrs.ms/MillennialPwds
And 55% use the same password for everything.
http://lrs.ms/55PctUseSame
I could write a book on good credential hygiene, but the site for password day 2014 has several excellent suggestions.
http://lrs.ms/PwdDay
by Ross Sivertsen | Feb 1, 2015 | Blog, Information Security
Let’s start with the basics… It’s called phishing for a reason…
95 Percent of all successful attacks started with an attempt to get you to click on a link you shouldn’t…
http://lrs.ms/atks-hum-err
Seriously people; would you knowingly drive to a questionable part of town… in the middle of the night… with your doors unlocked… your windows rolled down… your wallet, purse or whatever sitting open on the front seat… cash and credit cards out in plain sight and easy reach…
AND THEN give all of your personal information including driver’s license number, social security number, passport and banking information to the first STRANGER you meet?
THAT’S exactly what you’re doing when you venture to those questionable websites (if you really need a lesson on the ones to which I refer dust me privately and I’ll be happy to give you my opinion), or click the link in the email guiding you to an heretofore unknown inheritance from the long lost you didn’t know you had.
Here’s my first tip… DON’T
Patient: “Doctor, Doctor! It hurts when I do this…”
Doctor: “Well, don’t do that!”
