For many businesses, the cloud is a backbone business tool. Yet, some worry about storing their data on the Internet using cloud technologies. Consider these approaches to boost your business confidence in cloud data security. Continue reading
Headlines are often made by firms that have been hacked by cybercriminals. These events sound high tech and sophisticated. The truth though is that a lot of the times it is an amateur attacker chancing their luck with an unpatched security hole or bad password. Physical break-ins though can affect businesses far more, cause much more damage and are much more common but get talked about far less. Continue reading
In today’s world, companies seem to be having security issues most weeks. These issues relate to 5 main problems. Is your company guilty of any of them?
1. No Backups
A shocking number of businesses do not back up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.
Even with companies that think they are doing their backups correctly they never regularly test those backups. It is a step that businesses miss surprisingly often\ so don’t be that business that only finds out that their backup isn’t working when it is already too late.
2. Being Reactive and Not Proactive
Technology is changing on a daily basis. Attackers are always working on new ways to break into businesses, hardware is evolving faster than most of us can keep up and old systems fail due to wear and tear. A huge number of businesses wait until these issues impact them directly before they respond. This results in higher costs, longer downtime, and harder hitting impacts.
By responding to hardware warnings before it fails, fixing security holes before they’re exploited and upgrading systems before they are out of date: IT can be done right. Being proactive about your IT needs means systems do not have to break before they are fixed. This results in less downtime, fewer losses and lower IT costs for your business.
3. Poor Passwords
A surprising number of people will use weak passwords to secure their accounts. Even more will write down their passwords on a post-it note right next to the computer. In other cases many people have no passwords at all! Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too – when system changes are made it is essential to be able to trace back to the account that made that change.
With an weak or insecure password tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.
4. Little or No Staff Training
People are commonly the weakest link when it comes to IT security. Implementing IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate when staff aren’t trained to use that lock.
Often businesses can justify spending big on security hardware and software but spend zero dollars on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat, stop it at its entry point and avoid any issues that may have occurred if the staff member hadn’t had any training.
5. Weak Data Controls
Some companies take an ad-hoc, fast and loose approach to data storage. Often crucial data is spread across many devices, copied needlessly and even left unsecured. Client data can be found regularly on employee laptops, mobile phones and tablet devices. These devices are prone to being misplaced or stolen along with any data they contain.
Most companies focus on the costs of devices and hardware purchased for the business. The reality is that the data held on those devices is always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since when the firm was first founded. Critical data is often held on single machines that hasn’t been updated because they hold that critical data. Such machines are clearly vulnerable, outdated and of course prone to failure.
Common problems with simple solutions
Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.
If you are in South Australia and need help securing your IT system, give DP Computing a call on 08 8326 4364 or at firstname.lastname@example.org.
You may have noticed many business websites now have a green padlock in the address bar next to the letters ‘https’. Until recently, you would have only see that on shopping or banking sites, but it is now become the expected norm for all business websites – even if you don’t need users to log in or enter credit cards. Simply put, the ‘s’ in https stands for secure and means any data sent and / or received by the visitor is encrypted.
Clearly, this is an essential feature for e-commerce sites, but why have all the info-only websites started using https too?
The New Google Rule
As of July 2018, Google will mark your website as insecure unless you use https. It is a movement they started a few years ago to make the internet a more secure place by default. Since Google pretty much rule the internet search and increasing security is always a good idea, business websites have been gradually switching over. Without https protection, someone with access to your internet connection, whether from digital eavesdropping or hacking, could intercept the information. They could also place malware onto otherwise legitimate sites and infect innocent visitors. That is why eighty-one of the top 100 sites online have already switched to https and a very large majority of others are following suit.
The Browser Bar Says It All
In the same way a green padlock in the browser bar indicates a trustworthy site, you can expect that non-https sites will be marked with a “not secure” warning. Previously, users had to click an information symbol to actively investigate the security status of sites. This shift to plain sight markers will be most noticeable on Chrome, however it is expected that other browsers will follow suit. Future visitors to your site may then be alarmed by seeing that the connection isn’t secure.
The fact that you may not be asking them to log in, enter personal details or payment is irrelevant as perceptions matter. Eventually that warning will be changed to an alarming red as Google declares war on insecure sites. As the common understanding is that a warning is bad, you may get more visitors bouncing straight away or even contacting you to report that your site has a problem.
Boosts for Secure Sites
Google is also taking its commitment to safe web browsing further by favouring https websites. This means that Google’s search algorithm is taking your site security into account, preferring https results. Since https status get preference in search results, you may find yourself climbing in the ranking while other businesses drop. It really is a win-win situation for you to implement https..
How to proceed?
It is a little more complicated than just changing a setting within your web hosting environment. You have to order an install a SSL (Secure Sockets Layer) certificate and then install it within your hosting environment. The easiest way to do this is to contact your IT technician or web developer, as they will be able to make sure that it is all done correctly and thus will keep Google happy.
We can help secure your website by migrating it to https – contact us today at 08 83264 364 or email@example.com.
Web browsers are starting to come out which detect whether a website is secured by a SSL certificate or not. On websites which don’t have a SSL certificate, browsers will start to label them ‘Not Secure’. But what is a SSL certificate and how will it benefit my website?
SSL stands for Secure Sockets Layer. Basically, SSL establishes an encrypted link between your web server and your visitor’s web browser. This ensures that all data passed between the two remains private and secure. We turn to the internet for everything from information to buying and selling and much more. With this trend, security has become an important factor.
Google tries to protect its users and is always trying to make us feel secure whilst on the internet. Not only does having a SSL Certificate improve your Google rankings but any sites with logins and contact forms are now displayed as non secure on some leading browsers. With Google’s push on this it is now becoming industry standard to have these Certificates.
This means if your website has an SSL certificate, it will display ‘Secure’ otherwise it may display ‘Not Secure’ in the URL bar on some browsers.
Encrypting your site entails purchasing an SSL Certificate and then configuring your website to run the certificate. This can be done by your website designer or if you would like us to assist or have any questions regarding this give our partner Brad a call from Company Hub on 8387 5559, 0477 779 978 or visit their website at http://www.companyhub.com.au
The invention of Wi-Fi or wireless networking has been a dream come true. We can use our laptops and tablets anywhere in the office and our phones are using the main internet connection instead of sucking down data on the 3G / 4G network. It is essentially the backbone of the smart tech boom for home and business alike. Most Wi-Fi networks are password-protected with an encryption called “WPA2” and up until now this has been safe and secure.
Recently, a security flaw called KRACK (The Key Reinstallation AttaCK) was discovered. KRACK allows hackers to break into Wi-Fi networks – even the secured ones and your wireless networks are possibly vulnerable as a result.
How KRACK works?
KRACK doesn’t work via a problem with your device or how it was set up as it is an actual issue with the Wi-Fi technology itself. The attack gets between your device (eg computer, tablet or mobile phone) and the wireless access point (eg modem / router) to reset the encryption key so hackers can view all network traffic in plain text. Since just about everyone relies on Wi-Fi so much, this might mean hackers have a front row seat to your credit card numbers, passwords, confidential files, emails and more.
NOTE: The hacker needs to be in physical range of your Wi-Fi network to exploit this flaw and it doesn’t work remotely like other attacks we’ve seen recently. Given that most Wi-Fi networks extend well past your own home/business walls, this is small comfort, but important to know.
How to protect yourself
Run your updates: Software updates are being released which fix the flaw. Microsoft has already released them for Windows and Apple has one coming in a few weeks. So please take a few minutes to make sure you’re up to date with all your patches on any device that uses Wi-Fi (your smartphones, laptops, tablets, PCs, game consoles, etc). Unfortunately, some devices may be slow to get an update (eg Android phones), or if they’re older, may not get an update to fix the issue at all. If possible, consider using a cabled connection on those older devices or upgrade to one with support. With smart phones consider using data on the 3G / 4G network instead of Wi-Fi.
Be very careful with public Wi-Fi: While your local business center, library or school campus should have expert IT professionals keeping guard over security, it is a very different matter at your local coffee shop. It is unlikely small locations such as this will be on top of security patches. Remember, a hacker exploiting this flaw only needs to be in the same Wi-Fi area as you, so be careful you don’t give them an opportunity to grab your precious data.
Check your browser security: Before sending anything private over the internet, check that you are using a secure HTTPS site. You’ll know these by the little padlock you see next to the URL, and the address specifically begins with HTTPS. Major sites like Facebook, Gmail and financial institutions already use HTTPS.
If you need help updating your devices, or want us to check if you’re safe, give us a call on 08 8326 4364 or via email at firstname.lastname@example.org.