• Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer and more complete perspective as to where to focus available security resources.
• Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
• Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
• Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).
• Don’t Aim for Perfection – There is no such thing as perfect security.  Striving for perfection is expensive and can prove to be more costly in the end.  Improving protection and response would be a more ideal allocation of funds.  It can take a hacker several months to figure out your systems and do real damage.  Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system.

Read more about small business IT security by reading all of our blog posts on the subject.

The post 5 Ways SMBs Can Save Money on Security appeared first on TechTastic.

The short answer to that question is nothing. In the New York time’s attack, the attackers changed the newspaper’s Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Time’s attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Time’s site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.

Here are a few ways to stay safe from DNS Hacking…

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Time’s, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

DNS Hacking, What Else Can Be Done?

Set Up a Registry Lock & Inquire About Other Optional Security
A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

The post DNS Hacking: Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe appeared first on TechTastic.

This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business. If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.

Don’t Just Say You’re Worried About the Bad Guys… Deal With Them

SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. A recent study found that only 16% of SMBs have a mobility policy in place.

Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.

Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies. Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.

A Mobility Policy Is All About Acceptable/Unacceptable Behaviors

Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.

Features of Mobile Device Management Services

MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:

• Specifying password policy and enforcing encryption settings
• Detecting and restricting tampered devices
• Remotely locating, locking, and wiping out lost or stolen devices
• Removing corporate data from any system while leaving personal data intact
• Enabling real time diagnosis/resolution of device, user, or app issues
• It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.

The post Why SMBs Must Proactively Address Threats of Mobile Hacks appeared first on TechTastic.

1. Do you have Antivirus protection?

An antivirus software program can protect you from threats that originate from emails such as phishing and virus attacks. However, the most striking fact is that 61% of small businesses don’t install any antivirus software! If you are one of them, then it’s time to change!

2. How sturdy is your Firewall?

A good firewall system protects your computers from the variety of threats that exist in the virtual world. Examples include harmful cookies, viruses, worms and other such malicious programs used by hackers.

3. Do you use a Spam filter?

Using a simple spam filter for your emails keeps junk out of your inbox. The bonus to having a good spam filter is that your employees save time, as they are not distracted by irrelevant emails, but the major perk here is that the potential virus and phishing threats are lessened as spam emails are unlikely to be opened.

4. Do you do backup your data regularly?

Agreed – backups don’t really protect your data, but they are the only way to recover it if data loss does happen. So, be sure you have a regular and reliable backup plan in place – and it is actually being deployed.

Data loss can prove very costly—especially to SMBs, sometimes even resulting in them having to close down. Prevention is certainly better than a cure in such cases.

The post Is your Business Safe from Virtual Threats? appeared first on TechTastic.

1. They are asking for personal information

Remember, no bank or financial institution asks you to share your key personal information via email, or even phone. So, if you get an email where they ask for your ATM PIN or your e-banking password, something’s a miss.

2. The links seem to be fake

Phishing emails always contain links that you are asked to click on. You should verify if the links are genuine. Here are a few things to look for when doing that:

Spelling

Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing scheme email could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com

Disguised URLs

Sometimes, URLs can be disguised…meaning, while they look genuine, they ultimately redirect you to some fraudulent site.

You can recognize the actual URL upon a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.

URLs with ‘@’ Signs

If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL www.bankofamerica.com@mysite.net will take you to mysite.net and not to any Bank of America page.

3. Other tell-tale signs

Apart from identifying fake URLs, there are other tell-tale signs that help you identify fraudulent emails. Some of these include:

• Emails where the main message is in the form of an image, which, upon opening, takes you to the malicious URL.
• Another sign is an attachment. Never open attachments from unknown sources as they may contain viruses that can harm your computer and network.
• The message seems to urge you to do something immediately. Scammers often induce a sense of urgency in their emails and threaten you with consequences if you don’t respond. For example, threat of bank account closure if you don’t verify your ATM PIN or e-banking password.

Finally, get a good anti virus/email protection program installed. It can help you by automatically directing spam and junk mail into spam folders and deactivating malicious attachments.

The post Is That Email a Phishing Scheme? appeared first on TechTastic.

The post Five Things You Should Do Right Now to Preserve Your Network and Systems appeared first on TechTastic.