Are You Having A Technology Emergency?

True North Networks Blog

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

True North Networks has been serving the Swanzey area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Biggest Cybersecurity Weakness is Your Phone

Mobile devices are one of the weakest links in corporate security, and now more than ever, companies are doing their part to protect their data, secure networks, and train their employees to take security seriously. However, the potential for mobile attacks continues to expand and recent research shows that half of all digital time is spent on smartphone apps and 68% percent of time is being spent on a mobile device. If mobile security isn’t a problem for your company yet, it will be.

Securing mobile devices is tricky and involves a heavy dose of individual responsibility. Be sure to follow the below recommendations:

  • Educate employees and upper management to make sure upper management know how dire security breaches can become.
    • Employees that travel frequently can also become easy targets without security education.
  • Encrypt corporate data using the security software your company provides.
  • Connect your smartphone to company networks via VPN connections.
  • Set a lock and PIN on your phone.
  • Use two-factor authentication whenever possible.
  • Turn on your phone’s auto-lock.
  • Use container technologies such Samsung’s Knox, which adds a layer of security to work items and segments them away from personal items.
  • Back up information to the cloud and try to store as little as possible on your device.
  • Ignore spam email and downloads that don’t come from an approved application marketplace (Apple’s App Store, Google Play, etc).
  • Keep devices close to you and within sight at all times.
  • If device is lost or stolen, notify your employer right away for remote wiping procedures.
  • Avoid unsecure Wi-Fi connections.
  • Keep Bluetooth out of discovery mode when not in use.

Mobile security is likely to become the next frontier for corporate security executives as exploits and hacks become more creative. Making mobile security a regular part of your company’s security policy and procedure framework will be critical.

 

Continue reading

Cybersecurity Starts with Training Your Employees

Training employees is a critical element of security and protecting your company online starts with making sure they are prepared to keep your computers and networks safe.  It is our shared responsibility to talk to our employees to ensure a safer environment at your company:

Talk to Your Employees About:

  • Keeping a clean machine: Your company should have clear rules for what employees can install and keep on their work computers.  Make sure they understand and abide by these rules. Unknown outside programs can open security vulnerabilities in your network.
  • Following good password practices: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). Additionally, having separate passwords for every account helps to thwart cybercriminals. At a minimum, they should separate work and personal accounts and make sure that critical accounts have the strongest passwords. Finally, writing down passwords and keeping them in a safe place away from the computer and enabling two-step authentication are other important ways to secure accounts.
  • When in doubt, throw it out: Employees should know not to open suspicious links in email, tweets, posts, online ads, messages or attachments – even if they know the source. Employees should also be instructed about your company's spam filters and how to use them to prevent unwanted, harmful email.
  • Backing up their work: Whether you set your employees' computers to back up automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.
  • Staying watchful and speaking up: Your employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer.  

Information taken from: https://staysafeonline.org/business-safe-online/train-your-employees

Continue reading

How to Create a Successful Cybersecurity Policy

As breaches become the new norm, having a cybersecurity policy becomes not just a matter of saving face, but of saving money, data, and valuable employee resources. Each year, thousands of breaches take place, resulting in the theft of over 1 billion records of personal identifiable information.

Getting Started
Ideally, your business’ cybersecurity policy should be documented, reviewed, and maintained on a regular basis. Even creating a short guide that covers the most important areas goes a long way in keeping your business protected. Visit the SANS Institute for free policy templates.

Compliance
First and foremost, make sure you’re operating within the law. For example, if you’re a financial institution, you will need to be compliant with SEC guidelines, as they will continue to focus on cybersecurity and mandate proof that safeguards are in place and designed to secure personal and sensitive information adequately to defend against cyber threats and vulnerabilities.

Infrastructure
Your cybersecurity policy should include information on controls such as:
• Which security programs will be implemented
• How updates and patches will be applied in order to limit attacks and vulnerabilities
• How data will be backed up
• Clearly identify roles and responsibilities.

Employees
No matter how strong your cyber defenses are, employees can introduce threats to your company’s networks by falling for phishing scams, posting secure information on social media, or giving away credentials. Your policy should clearly communicate best practices for users in order to limit the potential for attacks and threats. In addition, the employee policy should also cover what happens when users fail to comply with guidelines. Acceptable use guidelines can include:
• How to detect social engineering tactics and other scams
• What is acceptable Internet usage
• How remote workers should access the network
• How social media use will be regulated
• What password management systems might be utilized
• How to report security incidents

Information taken from: https://blog.malwarebytes.com/101/2016/03/how-to-create-a-successful-cybersecurity-policy/

Continue reading

Watch Out for Fake Apps!

Watch Out for Fake Apps!
The holidays have come and gone and the cyber scammers are STILL out in full force! Their latest trick is creating fake apps, tricking consumers like you into downloading them to your smartphone or tablet, and ask you to load your personal credit card information in these apps. You can guess what happens next.

How is this happening?

Apple’s App Store is getting crowded with fake impostor apps and Google Play is having the same problem. Starbucks started the first "retail app", and many stores have followed. They appear to be legitimate retail store apps, but when users install them, criminals can steal consumers’ personal information, or install viruses that capture confidential information from smartphones and tablets.
The counterfeiters are posing as well-known popular companies like Dollar Tree, Foot Locker, Dillard’s, Nordstrom, Zappos.com, Polyvore, Jimmy Choo, Christian Dior and Salvatore Ferragamo.


Here are 5 things to think about to protect yourself:

  1. Be very judicious in deciding what app to download. Better safe than sorry.
  2. If you *do* decide to download an app, first thing to check is the reviews, apps with few reviews or bad reviews are a big red flag.
  3. Never click on a link in any email to download a new app. Only go to the website of the retailer to get a link to the legit app on the AppStore or Google Play.
  4. Give as little information as possible if you decide to use an app.
  5. Be very, very reluctant to link your credit card to any app!

Information taken from New York Times:
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html

Continue reading

How to Create a Successful Cybersecurity Policy

As breaches become the new norm, having a cybersecurity policy becomes not just a matter of saving face, but of saving money, data, and valuable employee resources. Each year, thousands of breaches take place, resulting in the theft of over 1 billion records of personal identifiable information.

Getting Started

Ideally, your business’ cybersecurity policy should be documented, reviewed, and maintained on a regular basis. Even creating a short guide that covers the most important areas goes a long way in keeping your business protected. Visit the SANS Institute for free policy templates

Compliance

First and foremost, make sure you’re operating within the law. For example, if you’re a financial institution, you will need to be compliant with SEC guidelines, as they will continue to focus on cybersecurity and mandate proof that safeguards are in place and designed to secure personal and sensitive information adequately to defend against cyber threats and vulnerabilities.

Infrastructure

Your cybersecurity policy should include information on controls such as:

  • Which security programs will be implemented
  • How updates and patches will be applied in order to limit attacks and vulnerabilities
  • How data will be backed up
  • Clearly identify roles and responsibilities.

Employees

No matter how strong your cyber defenses are, employees can introduce threats to your company’s networks by falling for phishing scams, posting secure information on social media, or giving away credentials. Your policy should clearly communicate best practices for users in order to limit the potential for attacks and threats. In addition, the employee policy should also cover what happens when users fail to comply with guidelines. Acceptable use guidelines can include:

  • How to detect social engineering tactics and other scams
  • What is acceptable Internet usage
  • How remote workers should access the network
  • How social media use will be regulated
  • What password management systems might be utilized
  • How to report security incidents

Information taken from: https://blog.malwarebytes.com/101/2016/03/how-to-create-a-successful-cybersecurity-policy/

Continue reading
TOP