If we told you that it is possible for others to hire hackers to launch attacks against your business, would you believe it? Well, we hope so, because it is very possible and more common than you might think. Comparitech launched an investigation into the average prices of various hacking services on the Dark Web, and you might be surprised by how affordable and accessible they are. This is just more reason to take network security seriously.
When it comes to network security, there are a lot of complex solutions that solve multi-faceted issues, some so mind-boggling in scope that it is simply overwhelming. Then there are the small-scale solutions that you can implement on a day-to-day basis that can make significant changes over time. Locking your computer is one of these tactics, and it should not be overlooked in your security strategy.
Understand the Value of Your Assets Your data is valuable—but do you know how valuable it really is, and which would cause the most harm if breached? Prioritizing protections based on this knowledge is how the IT experts do it to mitigate as much harm as possible to a business and its reputation. Ask yourself: if you were a hacker, what would you steal from you? Work with Proactivity in Mind In order to sufficiently protect your network, you need to start early by creating a comprehensive response plan that could conceivably protect your operations from the worst-case circumstances. In doing so, you are preparing yourself to react to cyberattacks and other events as they come with strategies designed to minimize and mitigate the problem. Invest Time in Employee Training Who would you rather have protecting your network: a few trained people amongst your team, or everyone following best practices to reduce your vulnerability? With everyone on the same page as far as what they should be doing is concerned, cyberthreats can be made half as severe and limited to half as often. Teaching your team to spot different warning signs of a cyberattack can help keep your business from being breached. Continue Innovating As cyberthreats and other attacks are always being innovated upon and improved, you need to match these efforts with your cybersecurity by remaining up-to-speed on the various threats and the strategies to counter them. Knowing how to respond to a cyberattack is a good thing, being able to prevent these attacks in the first place to protect your business’ assets is better. Cybersecurity isn’t a quick and easy fix, but SRS Networks can help make it a little quicker and easier for your organization. To learn more about the strategies and solutions we can offer, give us a call at (831) 758-3636.
What Do Our Smart Assistants Actually Hear? We all know that person that claims that the smart assistants are being hacked into by the government and they are listening into our conversations. For the majority of us, that conspiracy doesn’t make a whole lot of sense. That said, these devices do listen, when they are prompted to. Here is how to trigger four of the most popular assistants: Amazon Alexa devices respond to the term “Alexa,” ”Computer,” ”Amazon,” or “Echo.” Google Home devices wake up to “Okay/Hey, Google.” Apple’s Siri responds to “Hey Siri.” Microsoft’s Cortana reacts to its name, “Cortana,” or “Hey, Cortana.” There have, in fact, been instances where these smart assistants, and especially with the smart speakers, pick up some things they weren’t supposed to. If you have one of these speakers in your home, there have to be some natural security concerns, but they probably aren’t from the manufacturers. The Analysis Researchers looked into the question of what exactly these smart assistants hear and formed a paper titled, Unacceptable, where is my privacy? Exploring Accidental Triggers of Smart Speakers. They analyzed when the terms that successfully activated the assistants were spoken, finishing with over a thousand phrases. They then further analyzed them into their phonetic sounds to try and ascertain why there were so many false positives. Depending on how a user pronounced a word, some triggers were found, including: Alexa devices also responded to “unacceptable” and “election,” while “tobacco” could stand in for the wake word “Echo.” Furthermore, “and the zone” was mistaken for “Amazon.” Google Home devices would wake up to “Okay, cool.” Apple’s Siri also reacted to “a city.” Microsoft’s Cortana could be activated by “Montana.” Of course, these assistants are used on devices all over the world, and as a result found that when used in other languages had a lot of the same issues. For example, the German phrase for “On Sunday” (“Am Sonntag”) was commonly mistaken for “Amazon.” What Does This Mean for Individual Privacy? Even with the interesting nature of this analysis, the findings are a little more disconcerting. The study shows that once the wake word or phrase is recognized by the device, it immediately starts listening for queries, commands, and the like. So even though they claim to only start listening when prompted to, several different iterations of phrases can cause the assistant to start listening. The complications don’t end there, since the data is reviewed manually by people—which already destroys any notion of privacy—one of those technicians could potentially be given information that wasn’t intended to be captured by an assistant. This could potentially be devastating if the technician whose job is to manually check this information were to gain access to account information or some other PII and use it in an unethical way. The smart speaker, and smart assistant are useful products that need a little more refinement before we can completely trust them. To learn more about new technology and how it is being used, check back to our blog regularly.
However, despite these views, most people are far too lax when it comes to their own security. Let’s take a closer look. Consumers on Businesses and Their Data Practices In a recent report from advisory firm KPMG, the results of a survey that asked American consumers about their expectations of corporations and the privacy of their collected data were revealed. These results showed a few concerns very clearly, while revealing that not all respondents were fully aware of today’s most pressing cyberattacks. 86 percent of respondents to the survey felt that their data privacy was a rising concern. 70 percent claimed to be “generally familiar” with how companies collect their personal data, while 64 percent were familiar with how it was used and stored, 63 percent say they understand how it is protected, and 57 percent say they know how it is sold. Having said that, 68 percent don’t trust these companies to sell this data ethically, 54 percent don’t trust it will be used ethically, 53 percent don’t feel it will be collected ethically, and 50 percent don’t trust these companies to protect their data sufficiently. Most consumers are concerned about the theft of their social security number, with 83 percent of respondents identifying this concern. Following closely behind come the 69 percent worried about their credit card numbers. Surprisingly, only 16 percent are concerned about the theft of their medical records. Data Practices Amongst Consumers While this sounds like a decent start, the survey’s results showed a bit of hypocrisy. Most users agreed that repeating passwords, saving credit card information to a website, and using public Wi-Fi are risky behaviors, but more than 40 percent of them did these things anyways. 61 percent neglected to use all available tools to secure their accounts, as well. What We Can Learn It doesn’t matter if it’s your data at stake, or your business’… your highest priority needs to be your security. In another study, this one conducted by Harvard Business Review Analytic Services, it was shown that almost half—46 percent—of consumers surveyed had stopped doing business with a retailer because of issues with that retailer’s privacy statement. Are you willing to let half of your client base abandon your business? It just goes to show that, from the consumer’s perspective, it is our responsibility to make sure that companies are accountable for the data they collect. From the business standpoint, it shows that data security is something that can’t be slapped together or neglected. Is ensuring data security simple? Far from it… but when compared to what you risk otherwise, it’s a no-brainer. SRS Networks is here to help. We can help you to implement the security solutions and processes that will help protect all your data. To learn more, or to get started, call our team at (831) 758-3636 today.
The stimulus is not the first time that the U.S. Government has distributed stimulus checks, but as online banking has become more commonplace, the treasury has been distributing millions of checks via direct deposit and it has given online scammers the opportunity to try and steal money that by right will come to you. Here are five ways that they are going about scamming people: Avoid anything that has you sign up for stimulus money – Chances are that you don’t have to sign up to receive stimulus dollars, so be wary of anyone who contacts you claiming that you need to fill out information to enroll you. Scammers don’t just act online – There has been evidence of people getting postcards in the mail with a password printed on it and addressed to an individual. The card asks the user to go online to “access” or “verify” the individual’s payment information (bank account, routing number, etc.) Similar scams have been sent through traditional phishing messages via email, however, so read your correspondence thoroughly. You can’t get your money faster – Scammers have also contacted people promising that for a small fee, they can get their money to them faster. Reputable tax companies have services like this around tax time, so it may be just enough to fool some people. No, you aren’t getting more – There have also been reports of scammers sending people checks for more than they are owed. Later the scammer will call to apologize for the mistake and ask the person to return the difference in cash, gift cards, or a wire transfer. If the check isn’t coming from the U.S. Treasury, and you weren’t expecting another check, it is surely a scam. IRS correspondence – It’s true that some people have had to fill out forms on the IRS website in order to get their checks sent to them or deposited in their bank accounts. Scammers have set up webforms much like the ones on the IRS’ Economic Impact Payment website. The IRS typically contacts people through the mail, so if you get a message or an email from the IRS asking you to take action, it’s best to ignore it. Knowledge is the best defense against scammers. If you haven’t yet received your CARES Act stimulus money, you need to go to the official IRS website to find out why (or more likely when) you will receive your stimulus check. Have you seen any scams looking to steal people’s money? Leave your story in the comments below and check back to our blog for more information about cybersecurity, and the practices you need to know to avoid being a victim of cybercrime.
Knowing What You Have If you don’t have an accurate idea of the data you possess, how can you possibly keep it all protected? Without this information, it becomes far more likely that you will, at some point, experience a breach. Keeping impeccable records of your assets is imperative to avoiding this outcome. These records should contain a comprehensive collection of data in a well-organized and documented format. If your storage architecture could use a bit of a refresh, take advantage of that time to properly build out and implement this strategy. Using a specified architecture makes it much easier to manage the permissions of your users, as well, so it can further boost your data security. These considerations only become more important as you accumulate more and more data, and your team and clients alike entrust you with theirs. Betraying that trust would be a bad look for your business, so you need to be sure that you are subscribing to best practices. Sorting Through Your Data Once you know what you have and where it is kept, you should commit yourself to weeding through it all. How much of the data you’ve collected is really needed to support your business’ operations, and are there alternative methods to consider that might help keep this data safer while accomplishing the same thing? For instance, unless you still need them for business purposes, it isn’t wise to retain customer payment details for any longer than necessary. This just increases the opportunity for this sensitive data to be undermined and stolen. Furthermore, you should also be reexamining who in your business can access what. Different roles will naturally have different responsibilities, each of which will bring different data access requirements. Providing excessive access is opening the door to potential data security issues. Keeping Your Data Safe Finally, you need to make sure that you are prepared to protect the data you collect, which will require a lot. You need to have a predetermined storage strategy, complete with proposed defenses, identifying the devices used to store this data and the access controls to prevent unauthorized users from tampering with it. This goes for both digital versions of your data, as well as any hard copies you have. In case someone manages to breach your defenses and access your data, you need to be capable of identifying the breach at its source and preventing as much damage as possible. This is why we promote the use of both proactive monitoring services and comprehensive backup practices… they can more effectively enable you to bounce back from such a breach. If you would like assistance in implementing these solutions, or want more information about them, don’t hesitate to reach out to SRS Networks. Our team is ready to assist you, you just need to give us a call at (831) 758-3636.
Let’s take a closer look at what a firewall is, and how they help to protect your assets. Defining Firewall A firewall is something that helps keep threats and malicious entities from coming into your computer or computer network from the Internet by monitoring and controlling traffic, both incoming and outgoing. Named for the real-world barrier that is used to impede the spread of fire throughout a structure, a firewall prevents these threats from spreading in a similar fashion. These solutions are available as both hardware-based and software-based systems, and different types are available that focus on different needs and functionalities. How a Firewall Works The firewall uses a barrier of code to ensure that there is some separation between your computer or network infrastructure and the larger Internet, examining data packets as they arrive and deeming whether or not they can continue. The Difference Between Software-Based and Hardware-Based Other than the obvious difference in how they are deployed, there are some differences between software and hardware firewalls that are important to address. Hardware Firewalls A hardware firewall is a device that integrates into a network to protect it, and is often built into broadband routers. These firewalls focus primarily on inbound data and information, comparing traffic to preset conditions to deem whether or not that data will be allowed in. While this variety is very common in homes and small businesses – primarily due to its simplicity and its ability to connect to multiple devices – it does have one considerable shortcoming. Hardware firewalls only analyze incoming data. As a result, the firewall won’t detect certain, considerable issues, like if a computer has been infected and assimilated into a botnet. Software Firewalls While they serve effectively the same purpose, software firewalls have more or less opposite strengths and weaknesses. As a software firewall is installed on an individual endpoint, it only serves to protect that one device. However, it also monitors all traffic (incoming and outgoing), enabling it to identify and stop more threats. One of the biggest benefits of a software-based firewall is that it can be customized to each user, as it only covers that user’s workstation. So, if one of your users needs more forgiving permissions than the rest of your team, you can allow for them by using a software-based firewall. Why Not Use Both? To maximize your firewall-based protections, we recommend that you use both hardware-based and software-based firewalls. This assists your security twice as much, without causing any interference between the two. Combining their protections, along with implementing other key security features and tools, can help keep your business optimally secure. In fact, modern Windows operating systems come with a built-in firewall. While this protection doesn’t stop everything, when combined with managed security on the rest of your network, it serves an important part of your overall security. We can help. To learn more about the security and productivity assistance we can offer, reach out to SRS Networks at (831) 758-3636.
Why Is Everyone Swiping? When payday comes once a week or once every two weeks, how do you receive your paycheck? More than half of the US utilizes and relies on direct deposit. It’s no wonder cash has become a scarce payment method. Convenience is such a powerful underlying reason to ditch cash payment. What are the pros, and what are the cons to this convenience? Let’s first talk about some of the pros. Security! Surely, not carrying a wad of cash in your pocket is a more secure method, right? Well, that depends on the type of card you’re carrying as well as the coverage the lender has agreed to. If you have ever hidden something of value from yourself such as your license, cash, your wallet, or even car keys, then you know how it feels to be worried about your belongings. If you’ve ever fully lost one of these objects, you’re not the only one. So how would you proceed if you lost a few hundred dollars cash that was in your wallet? Well, this is where you discover the fact that a credit card is typically a superior payment method. Borrow protection has become a standard in most lender scenarios. Most banks are FDIC (Federal Deposit Insurance Corporation) covered. Yes, in 1933 and even sometimes today, people had a hard time trusting banks with their money. These mattress-stuffers have failed to realize that in nearly every case your money is actually covered by insurance. With a credit or debit card, that few hundred dollars you lost would never actually leave the comfort of your bank account. If some sort of fraudulent activity occurs where money actually disappears from your account for an unauthorized reason, lenders today are able to refund you while disabling the existing card, preventing recurring theft. How Else are Cards Protected? Credit and debit card utilization has caused strict standards of security to be implemented anywhere that accepts these forms of payment. These standards are referred to as the Payment Card Index Digital Security Standard, or PCI DSS. This mandates all businesses to protect data collected about the cardholder. This includes any and all information found on the user’s card. This information should NOT be stored, unless recurring billing or some other product or service improvement has been negotiated with the cardholder. Here are some other protection methods which further prove the benefit to leaving cash at the bank: Dynamic Card Verification Values – Your CVV value is what can prevent someone from taking a picture of your credit card as you pull it out of your wallet from actually being able to make purchases with it. This value on the back of most payment cards adds that extra layer of security that could foil a determined thief. As technology changes, even these CVV often feel the effects. Today, some lenders provide cards that utilize a different value for each time of day. Mobile Wallet – While most of us have seen commercials of someone paying for goods or a service simply by holding their smartphone up to the reader, this technology has evolved into far more than a gimmick. This method of payment, if handled properly, can be an extremely convenient and secure means to purchase things. Biometrics – Biometric technology has […]
The GDPR Prior to the ratification of the GDPR, individual data privacy was the responsibility of the individual. Outside of the EU, it largely still is, but when the GDPR went into effect it opened people’s eyes to just how many of the corporations they come into contact with were misusing their personal data. The GDPR, which grew from individual privacy laws enacted by individual EU states, provides individuals with recourse if they do not approve of the way their data is being used by corporations. Information such as names, physical addresses, phone numbers, email addresses, and medical and financial information were being shared by technology companies. Somewhere in the lengthy terms of service agreement, companies would have language that allowed them to package individual data and effectively use it as an alternative revenue stream. Consumers in the know don’t see this as fair. This level of data privacy has been roundly rejected in the United States up until recently, and those who do want to see a GDPR-like law on the books in the U.S. may not want to hold their breath. Before the GDPR was in the news, not many organizations were thinking about how data breaches could negatively affect anyone but themselves. This has led to a wholesale change in the way businesses view data management, the training of their staff, and security investments as a whole. After One Year In the first eight months, over 59,000 personal data breaches have been reported to GDPR regulators. This may be less than you may have liked to see, but it is twice as many as there were in 2017; and, of course, 59,000+ more than anyone wants. The fines levied by GDPR regulators are hefty (up to €20 million, or up to 4 percent of total revenue from the previous year, whichever is larger), so you are seeing an increase aligned and strategic approach to keeping data secure; and, reporting any data breaches that do happen quickly. If you would like to see how the GDPR has fared in its first eight months, download the DLA Piper GDPR data breach survey, here. The results of the GDPR don’t speak to its effectiveness thus far, but in future reports it will become evident that the law is working to keep individual data secure; or, at the very least, keeping companies honest. Under the GDPR, companies that sustain data breaches have 72 hours to notify the people whose information has been exposed. This strict deadline eliminates the possibilities that companies can manipulate public perception about how they are faring with data security, as you’ve seen numerous times over the past two decades. Unfortunately, the huge teeth that the GDPR was built with haven’t been used to bite non-compliant companies thus far. Fines that add up to €55,955,871 have been levied against the companies responsible for the 59,000 and change reported data breaches, an admittedly modest amount when you consider that around 90 percent of that sum was the fine levied against a single company, U.S.-based tech giant Google.. According to a French GDPR regulator, this small amount should be considered the result of it being a transition year than some type of long-term ineffectiveness of the law. It remains to be seen just how effective the law can be if […]