The True and Unexpected Costs of Being Hacked

Security BreechThere are the normal costs everyone associates with a computer breach, like employee downtime and the costs associated with getting your network and computers fixed. But really, most businesses that haven’t been hit with a security incident view it as more of an inconvenience than a bottom-line cost. For those businesses who have come out the other side though, it’s a very different story. They know from firsthand experience that the hidden and ongoing costs of a data breach can be crippling and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close down after a cyber-attack. Here are a few of the hard, but common cold hard realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack compromises your system, things can get expensive, and the longer the attack goes, the more it costs. Latest statistics reveal most breaches aren’t identified for around 191 days and then it can take on average another 66 days to fix and contain the damage – during this time you are cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fees for IT professionals to fix everything up, the costs for new hardware and software to help prevent future incidents  and all the hours/days/weeks when your business is struggling with downtime, businesses will quickly exhaust any emergency funds they have.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. If medical data or legal files are leaked a particularly messy scenario may occur with fines coming from multiple sources.

New privacy laws also mean businesses are liable for large fines if they don’t disclose a data breach. Where this gets trickier is that the burden is on your business to know exactly what data has been stolen or illegally accessed, so that you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you will still need to hire an expert who can identify exactly data what the hackers took or accessed.

Customer retention measures

In a double crush to your bottom line, not only does your business bear the cost of fixing the hack and your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to spend more on advertising and public relations just to ensure they survive to fight another day.

The data breach disclosure may still come up in search results for many years to come. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have high level secrets to protect, your business does have data that you would like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. While large corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret (databases, client info, financial records etc).

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines and make embarrassing public announcements.

DP Computing can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians implemented a firewall or UTM device to build a virtual fortress around your business that keeps the bad guys out while letting you thrive. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe.

Ready to secure your business against breaches? Give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.

Office 365 & Email Security

Spam email

As an IT Expert, I get client calls and emails asking me about various emails they receive and whether that particular email is fake or real – almost all time the emails are fake.

To help my clients and others in a similar situation I’ve put together a video that goes through some security tips on how to protect your self from hackers and phishing attempts. The video goes through:

  • First alerts of being attacked.
  • How scammers and hackers try to fool you.
  • How to tell if an email is fake or not.
  • The Do’s and Don’ts.
  • How to tell if you’ve been hacked.
  • What to look for after you have been hacked.
  • How to prevent and protect from hackers.
  • What is 2-step and MFA?
  • What to do after you’ve been hacked.
  • Screenshot examples of phishing emails.

Check out the video below and leave any comments in the fields below.

How The ‘KRACK’ Wi-Fi Security Issue Affects Us All

WPA2 KrackedThe invention of Wi-Fi or wireless networking has been a dream come true. We can use our laptops and tablets anywhere in the office and our phones are using the main internet connection instead of sucking down data on the 3G / 4G network. It is essentially the backbone of the smart tech boom for home and business alike. Most Wi-Fi networks are password-protected with an encryption called “WPA2” and up until now this has been safe and secure.

Recently, a security flaw called KRACK (The Key Reinstallation AttaCK) was discovered. KRACK allows hackers to break into Wi-Fi networks – even the secured ones and your wireless networks are possibly vulnerable as a result.

How KRACK works?

KRACK doesn’t work via a problem with your device or how it was set up as it is an actual issue with the Wi-Fi technology itself. The attack gets between your device (eg computer, tablet or mobile phone) and the wireless access point (eg modem / router) to reset the encryption key so hackers can view all network traffic in plain text. Since just about everyone relies on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, confidential files, emails and more.

NOTE: The hacker needs to be in physical range of your Wi-Fi network to exploit this flaw and it doesn’t work remotely like other attacks we’ve seen recently. Given that most Wi-Fi networks extend well past your own home/business walls, this is small comfort, but important to know.

How to protect yourself

Run your updates: Software updates are being released which fix the flaw. Microsoft has already released them for Windows and Apple has one coming in a few weeks. So please take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update (eg Android phones), or if they’re older, may not get an update to fix the issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support. With smart phones consider using data on the 3G / 4G network instead of Wi-Fi.

Be very careful with public Wi-Fi: While your local business center, library or school campus should have expert IT professionals keeping guard over security, it is a very different matter at your local coffee shop. It is unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them an opportunity to grab your precious data.

Check your browser security: Before sending anything private over the internet, check that you are using a secure HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.

If you need help updating your devices, or want us to check if you’re safe, give us a call on 08 8326 4364 or via email at support@dpcomputing.com.au.

How To Stay Cyber Safe When Travelling

Mobile Cyber SecurityWith cloud computing people are embracing the flexibility of working away from the office (whether at home or travelling) and working by simply accessing the relevant data or applications via the internet..

When in the office, you are protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from that network those protections disappear and leave your device and the data inside at greater risk.

Cyber attackers love to collect any data they can obtain – business or personal doesn’t matter to them as it can all be sold. These days the information stored on your device can be worth much more than the actual device.

Here are 3 ways a hacker may attack:

Random Opportunity: If you have left your laptop at a café or a thief has stolen the phone from your pocket, the outcome is the same – that device is gone. Hackers take any opportunity they can to gain access to a device: including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes – if they don’t steal it the device is handed back laden with spyware.

Creating a fake Wi-Fi Hotspot: We’ve all come to expect free Wi-Fi networks wherever we go. Hackers though will take advantage of this to create their own free, unsecure network just waiting for someone to connect. Once a user is connected a hacker can  grab any unsecured passwords sent across the network.

Intercepting an Unsecure Network: Hackers don’t even need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software.

Don’t let these issues stop you using the Internet when out side the office. Just take the following precautions to increase your cyber safety and help protect your valuable data:

  1. Regularly make backups: In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.
  2. Be careful when using public Wi-Fi: Don’t use passwords or email when on a public network. Use a VPN or a 4G connection (ie tether your computer to your phones data connection) when you are accessing sensitive data or logging in to secure sites.
  3. Use passwords and encryption: At a minimum, make sure your device is password protected and has full drive encryption. With a password and drive encryption even if your storage drive is removed from the device the contents are inaccessible.
  4. Act fast after loss: If your device is lost or stolen, immediately notify the appropriate companies and people. This might include your IT provider so they can change passwords, your bank and any other financial institutions so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.

If you need further help with mobile cyber security contact us on (08) 8326 4364 or on support@dpcomputing.com.au.