Contact Us For A Demo

Posts Tagged ‘cyber attacks’

Cybersecurity Safety

Tuesday, July 18th, 2017

Cybersecurity-breach stories are so common lately, the headlines no longer shock. But don’t let familiarity breed contempt. In 2017, you can’t afford to grow complacent about Internet safety. As the following examples demonstrate, it’s crucial to guard your online data:

GovTech.com

“Hacking actions at nuclear facilities targeted traditional vectors like websites, emails and Microsoft Word documents that were infected as the method for cyberattacks. It needs to be back to basics of ‘security blocking and tackling’ for many, and consideration of even traditional cyber threats.”

Big CountryHomePage.com

“The FBI and Homeland Security issued a new warning to American energy companies about potential cyberattacks on nuclear facilities…Homeland security officials say the hackers penetrated the ‘business’ side of the nuclear facility.”

Fortune.com

“A wave of ransomware attacks spread like wildfire (in June). Many Microsoft Windows-based computers—specifically, ones not protected against a vulnerability in a Microsoft messaging protocol…began seizing up worldwide, locking employees out of their desktops, and displaying ransom notes…It’s still not clear what the initial attack vector was. But once inside, the worm could spread across computer networks.”

Password Matters

A hacker’s job is to crack computer passwords to access sensitive files and data. Once they obtain the password, they can do malicious things to the information stored in an account. Or worse, they may be able to harm the accounts of other people who share computer networks. So, the argument— “I don’t need a secure password because I don’t store important information in my account”— won’t fly. Passwords are usually the weakest security link within an organization’s network. Don’t fall victim to cybercrime. Create a secure password:

Password Don’ts

  • Don’t use dictionary or foreign words, names, doubled names or first/last names and initials.
  • Don’t use simple transformations of words (7eleven, seven11, etc.) or any alphabet or keyboard sequence (backwards or forwards).
  • Don’t use your user ID in any form (as-is, reversed, capitalized, doubled, etc.).
  • Don’t reuse old passwords. Instead, choose a completely new password every time you change it.
  • Don’t consider using short words (less than 8 characters), phone numbers, birth dates, social security numbers or numbers substituted for letters (like a zero instead of the letter O).
  • Don’t use ‘password’ as your password. (Believe it or not, statistics show that up to 70% of all user-passwords are the word ‘password.)
  • Don’t tape the password under the keyboard or anywhere else on the computer, the computer’s desk or in an unlocked file cabinet. Mischievous people will look for your password in these places like a thief looks for a key under the front doormat.

Password Do’s

  • Choose a phrase, and then use the first letters (‘A stitch in time saves nine’ would be ‘asits9’).
  • Use a password that has at least two alphabetic characters (a-z, A-Z) and at least one numeric (0-9) or special (punctuation) character. Always use a mixture of upper- and lowercase characters.
  • Choose a password that is easy to remember, so you don’t have to write it down.
  • Select a password that you can quickly type. This keeps people from discovering your password by watching you type it.
  • Change your password often—at least once every three months.
  • Implement a password-protected screen saver in case you must leave your workstation without first logging off. When possible, log off or lock your workstation by using CTRL + ALT + DEL.

Smartphone Safety

Since smartphone saturation in the United States surpassed 80 percent of the population in 2016, hackers are targeting secure data stored on handheld devices. Keep your data safe:

  • Malicious people could gain physical access to your smartphone or tablet. Malicious people are rude. Someone has to say it! Protect your device with a password and run apps such as Android Lost or Find My iPhone to help recover lost or stolen smartphones.
  • Malicious emails and text messages can infect your smartphone with malware. To prevent this, periodically run anti-virus software on your device.
  • The camera and microphone on your smartphone can be remotely activated. Do not take a smartphone near classified information, and remove the battery before discussing sensitive information.
  • Wireless networks may be insecure and subject to monitoring. Use VPN when accessing wireless networks and do not access sensitive information over shared wireless networks. Turn off Bluetooth when you are not using it, to prevent hackers from exploiting your device.

About Allied Universal

Remember, cybersecurity and crime prevention are everyone’s responsibility. A convenient and affordable way to make sure you are prepared for disasters and emergencies of virtually every kind is to subscribe to the Allied Universal Fire Life Safety Training System, which has been designed to help improve and save lives. For more information about the best system out there, or to subscribe, click here.

Would you be prepared for a Cyber Attack?  

Tuesday, October 27th, 2015

Cyber Security on the Mechanism of Metal Gears.

While we usually cover safety issues relative to incidents such as falls, earthquakes, or fire, the damages of failing to observe cyber-security safety protocols—which although not life threatening— can be equally devastating. Cybersecurity Awareness Month is observed in October, and is designed to raise awareness about the risks of electronic data and information breaches that can happen to individuals, companies and organizations.

Last week, the focus of National Cyber Security Awareness Month 2015 was on the “smart world,” meaning all of the internet-connected devices that exist — from phones to thermostats. This week looks at building the next generation of cybersecurity professionals, with an emphasis on promoting education and awareness to spark interest in the field. Education is essential for companies that want to protect their critical data from hackings and/or breaches.

Tips for Business Owners

Up to 95% of breaches are caused by human error. So, it is vitally important to train employees, first by giving them context, so they understand the consequences of data breaches and hacking incidents. Then, employers can guide them about best practices such as protecting passwords, carefully guarding data relative to outside agents, avoiding phishing scams, and adhering to data storage policies. Empower employees to alert management when something seems suspicious or odd such as when someone from graphic design requests company financial data for something other than an infographic. Also, make sure staff members are careful not to post sticky notes with passwords on their monitors.

Additional best practices include:

  • Set automatic updates. Instruct IT to program automatic operating system and software updates, so the latest virus definitions and security protocols are always in place. Asking staff to perform these tasks manually opens you up to risks.
  • Establish login tracking. Login monitoring should be in place to spot external access attempts and identify employees who are accessing sensitive information or data outside their purview.
  • Set a security “fence” around sensitive data. A company’s most important data (for example, personal customer information) should be protected behind a company firewall at all times. Restrict access to this data to a select few staff members. Also, make sure it is protected from potential download to personal devices or hard drives.

Tips for individuals to protect data and avoid cybersecurity issues:

  • Follow password procedures. Using “12345” or “password” for computer passwords is not recommended. Staff members should be trained about methods for selecting strong passwords and protecting sensitive documents.
  • Avoid storing data locally. News stories often recount employees losing laptops or thumb drives, with the device contents being used for illegal purposes. Discourage individuals from storing sensitive data directly on their devices. For greater security, instruct them, instead, to access data online.
  • Protect mobile devices. Employers increasingly allow employees to use their own devices to check email and access work data. Before approving this practice, instruct employees about methods for wiping their devices if they are lost or stolen. For maximum protection, establish and follow written “bring-your-own-device” procedures.
  • Don’t download unapproved software. Malware and other nasty computer bugs often reside in seemingly innocuous software. Beware of employees downloading free PDF-maker tools from the web. This software could be a launching pad for an attack. Staff should only download IT-approved software or apps to either their computer or mobile devices.
  • Don’t click on unknown links. Many businesses are targeted with official looking emails that provide an “important link.” Clicking on the link could infect the user’s computer, which can then travel throughout the employer’s network. Encourage employees to run suspicious emails by the IT department for a thorough review and safe deletions.

Remember that safety is a daily priority, so be sure to think about disaster planning all of the time. A convenient and affordable way to make sure you are prepared for disasters and emergencies of virtually every kind is to subscribe to the Allied Universal Training System by Universal Fire/Life Safety Services, which has been designed to help improve and save lives. For more information about our system, or to subscribe, click here.

Hacking Away at Business Security

Tuesday, June 7th, 2011
Masked bandit hacking a laptop

All passwords for the Allied Universal Training System are fully-encrypted.

With the recent hack of various Gmail accounts by cyber criminals, companies are again casting an eye at ways to ensure data security and circumvent the risks associated with cyber crime. Cyber attacks are particularly difficult for law enforcement because they occur anonymously over great distances and are often conducted by highly intelligent individuals who are skilled at covering their digital tracks.

The disruption caused by cyber attack presents businesses with more than just a minor annoyance. High profile breaches, such as the recent attack on Sony’s PlayStation Network, caused significant losses, as thousands of insecure customers bugged out. As a result, Sony claimed to have lost more than $170 million as a result of the breach.

For some entities, such as utilities or defense contractors, cyber attacks cause disruptions which go far beyond the scope of financial loss. A recent survey of senior level IT professionals indicated that they hold cybercrime to be the most dangerous threat for their business, ranking above the fear of natural disasters.

Details of the Recent Gmail Account Hack:

  • Some of the hacked accounts included senior U.S. Government officials, Chinese political activists, and journalists, prompting many to suspect that the Chinese government had something to do with the attack.
  • The accounts were compromised through a phishing attack, which involves gaining access to an account by presenting the user with a legitimate-looking, fraudulent emails or texts. (Many bank customers have been caught by phishing schemes where the crook will say he represents the client’s bank and needs user account information)
  • The Gmail criminals used information from hacked email accounts to contact and infiltrate other user accounts, since people tend to trust messages sent from someone they know.

What Can Businesses Do to Better Safeguard Electronic Information?

  • Establish robust firewalls to prevent intrusions.
  • Conduct an internal employee survey to find out how many of your employees are using “1234” for their password. Prepare to be shocked by the results. Require employees to follow set procedures for password creation and changing of passwords at regular intervals.
  • A popular method for creating hack-resistant passwords is to think of a phrase such as “Cybercrime is a risk I want to manage.” Then, use the first letter of each word from the phrase to create a password: “CIARIWTM.” Then, to mix it up further, add two or three memorable numbers and a symbol to the mix: CI$AR&IW@TM. Also, use different cases instead of all caps or lowercase letters: Ci$aR&iW@Tm. Breaking a password this complicated will keep hackers at bay, since easily-cracked “1234” passwords are easier targets of opportunity. (This is for the same reason thieves prefer to break into cars that have open windows and keys in the ignition than vehicles that are locked and armed with alarms.)
  • Password reset software can be used following a breach to bring passwords back.
  • Review outside vendors who have access to your data. Even if your company has state of the art protection, it is worthless if one of your vendors operates in an open environment which can easily be hacked.
  • Carefully guard client email lists and account numbers. The recent loss of email data by Epsilon cost the company millions of dollars, as customers canceled their credit cards after they discovered their data had been compromised.
  • Run routine security updates on your computer system. But be careful not to click on screen messages from anyone other than the system you subscribe to. Make sure that your employees know they should do a hard reset (manual shut-down) if anything out of the ordinary appears on their computer screens.

A breach not only costs time and money in the short term, but it can be detrimental to customer perception and trust. This is especially true of companies that hold customer data such as social security numbers or financial information. Virtual disasters should demand the same foresight and planning as natural large-scale events such as floods, fires and earthquakes.

When a disaster strikes, prior planning and clear decisive action can help save lives.  For the latest emergency management training for facility/building managers, contact Allied Universal, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit rjwestmore.com for more information and remember to BE SAFE.