Businesses Top 5 IT Security Problems

Security Problems

In today’s world, companies seem to be having security issues most weeks. These issues relate to 5 main problems. Is your company guilty of any of them?

1. No Backups

A shocking number of businesses do not back up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.

Even with companies that think they are doing their backups correctly they never regularly test those backups. It is a step that businesses miss surprisingly often\ so don’t be that business that only finds out that their backup isn’t working when it is already too late.

2. Being Reactive and Not Proactive

Technology is changing on a daily basis. Attackers are always working on new ways to break into businesses, hardware is evolving faster than most of us can keep up and old systems fail due to wear and tear. A huge number of businesses wait until these issues impact them directly before they respond. This results in higher costs, longer downtime, and harder hitting impacts.

By responding to hardware warnings before it fails, fixing security holes before they’re exploited and upgrading systems before they are out of date: IT can be done right. Being proactive about your IT needs means systems do not have to break before they are fixed. This results in less downtime, fewer losses and lower IT costs for your business.

3. Poor Passwords

A surprising number of people will use weak passwords to secure their accounts. Even more will write down their passwords on a post-it note right next to the computer. In other cases many people have no passwords at all! Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too – when system changes are made it is essential to be able to trace back to the account that made that change.

With an weak or insecure password tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.

4. Little or No Staff Training

People are commonly the weakest link when it comes to IT security. Implementing IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate when staff aren’t trained to use that lock.

Often businesses can justify spending big on security hardware and software but spend zero dollars on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat, stop it at its entry point and avoid any issues that may have occurred if the staff member hadn’t had any training.

5. Weak Data Controls

Some companies take an ad-hoc, fast and loose approach to data storage. Often crucial  data is spread across many devices, copied needlessly and even left unsecured. Client data can be found regularly on employee laptops, mobile phones and tablet devices. These devices are prone to being misplaced or stolen along with any data they contain.

Most companies focus on the costs of devices and hardware purchased for the business. The reality is that the data held on those devices is always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since when the firm was first founded. Critical data is often held on single machines that hasn’t been updated because they hold that critical data. Such machines are clearly vulnerable, outdated and of course prone to failure.

Common problems with simple solutions

Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.

If you are in South Australia and need help securing your IT system, give DP Computing a call on 08 8326 4364 or at support@dpcomputing.com.au.

Do You Have a Bad Case of Password Exhaustion?

Passwords

You’re not alone! Most people use the same password everywhere – home, work, Twitter, Facebook, email and even for banking. Considering how many passwords we use everyday and are expected to remember them, password exhaustion is a real thing. It is no wonder that when yet another prompt for a password appears, users enter very easily guessed combinations like ‘abcd’ or ‘password’.

Trouble is, even if your password conforms to strict password rules, hackers are taking regular strolls around the internet and collecting logins and passwords, from either leaked details or sites with security flaws.

Then, they will try their luck with that login/password combination on other sites. They know more than half the users only have only one password and email combination, so the chance of gaining access into another one of your accounts is quite high.

As the same password is used elsewhere, one site breach follows another and another until hackers have nothing more to gain. The only way to break this chain reaction is to use a different password for each site.

How to Create Easily Remembered Passwords

Have a system or template for creating your own unique passwords, that you’ll be able to remember, but is not obvious to hackers. For example:

<character><word><something about the site><numbers><character>

Becomes:

 !K1ttyFB75!

At first it might seem complicated, but the above is really just based around the words ‘kitty’ (with an upper case K and a number 1 for the i) and ‘FB’ for Facebook. For other sites change the FB to something else.

What to Do If Your Password Has Been Hacked

You can check to see if any of your accounts have been compromised by entering your email into a site like:

www.haveibeenpwned.com

If it alerts a breach, you will need to change your passwords immediately – all of them. Use the example system above to create a new set. If you’re struggling to remember your set of passwords, consider using a secure password tracker such as LastPass. (http://www.lastpass.com) or Keepass (https://keepass.info)

If you assistance changing your passwords or setting up a secure password system, let us know on (08) 8326 4364 and we will be more than happy to help you out.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot Them

False Invoice Scam

Businesses around the world are being targeted with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most people. It is based on an old scam that used to see invoices faxed or mailed to the victims and now it has made its way into the digital world and instances are on the rise.

You may have already seen some of the less effective attempts – an email advising your domain is expiring (except it’s not from your host and your domain is nowhere near expiration) or others that describe a product or service you would never have purchased.

The new attacks though are much more advanced as they look completely legitimate and are often from contractors and suppliers you actually use. The logos are correct, spelling and grammar are spot on and they might even refer to actual work or products you regularly use. The senders name may also be the normal contact you deal with at that business as cyber criminals are able to ‘spoof’ real accounts and real people. While it is worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for.

Here are two types of invoice attacks you may receive:

1) The Payment Redirect

This style of fake invoice either explicitly states that the payment should be made to a certain account (perhaps with a friendly note listing the new details) or includes a payment link direct to a new account. Your accounts payable person believes they are doing the right thing by resolving the invoice without bothering you and unwittingly sends money to a third party. The problem may not be discovered until an invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cyber crime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

2) The Malware Link

Rather than an immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look exactly like the ones normally generated by popular accounting tools like Quickbooks, Xero or MYOB. Once your employee has clicked the link, malware is downloaded to your systems that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed (especially with new and undiscovered malware). If it does get through, the malware quickly embeds itself deep into your systems and often remains silent until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus, firewalls and spam filters up to date to minimize the risk of the emails getting through in the first place.

Secondly, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking the invoices against purchase orders, appointing a single administrator to restrict access to accounts or even two-factor authorization for payments. Simple preemptive checks like hovering the mouse over any links before clicking and quickly making sure it looks correct can also help. If anything looks off, hold back on payment / clicking until it has been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

We can help increase your security, talk to us today. Call us at 08 8326 4364 or on support@dpcomputing.com.au