Data Security

The recent Epsilon data breach is a big reminder of the importance of data security, not to mention, the vulnerability of data. Most people think it can't or it won't happen to their organization - not true.  Don't let your guard down.  Know the ploys hackers are using to acquire sensitive data and take the basic steps (at the very least)  to keep your data safe.

What is Phishing?

Is your personal data secure?  Is your company data secure?  One of the 1st steps to keeping your data secure is knowing how people "phish" for data.  You may be surprised that email addresses and names are enough information to initiate a very specific type of ‘phishing’ attack – called ‘spear-phishing.’

Phishing

In ‘phishing’ attacks, hackers send out emails to a group of people and try to convince them to enter in their personal details – such as account names or email address or perhaps download a virus. A recent example was where an email that appeared to come from Corporate IT to all users instructed users to click on a link and enter in their user ID and password or else their account would be deleted. When the user clicks the link and enters the information they are actually giving account access to the bad guys.

Spear-Phishing

‘Spear-phishing’ attacks are even worse – spear-phishing occurs when the bad guys target a specific user. These attacks have a psychological effect on the person because they know they have a relationship with a bank, such as JP Morgan or they know they carry a Target credit card. The hacker sends a message directly to the account holder stating that your JP Morgan account may have been hacked and that you should immediately click a link and ‘update your password’. Again – your account was never really in danger, but you gave the bad guys access once you clicked the link and entered in your information.

Avoid these phishing attacks by:

• Keeping an eye on your email.
• Thinking before you click.
• Reminding staff that data privacy and protection is everyone’s responsibility.

Data Breach Prevention In Your Organization

Most small and mid-sized business owners think that they are immune from breaches.  Maybe – but the truth of the matter is that small and mid-sized businesses are a prime target because they typically don’t have the resources from an IT security perspective that a Fortune 5000 may have. Here are the basic things you can do:

• Purchase a good firewall. A good firewall, properly configured, will run you between $1500 and $5000. Money well spent.
• Implement a password policy. If your password is ‘password’, or ‘123456’ then you don’t have a password policy! If your password is taped to your screen, you don’t have a password policy! A good strong password is at least 8 characters and includes numbers, symbols, upper case letters, and lower case letters.
• Talk to your staff about security. Make sure they understand that everyone plays a role in keeping data secure. We love social media – but you don’t know what may lurk behind that shortened URL on Twitter or Facebook. Consider limiting the use of social media in the workplace to those who have a need to use it – like the marketing department.
• Talk to your staff about security. (Is there an echo here?) Don’t click on attachments in email – no matter how cute you think the dancing kitten movie may be! Don’t even open attachments from colleagues unless you are expecting the attachment. Also – remind staff that no one will ever be asked to update a password or give a password out over email, IM, or social media.
• Keep an eye on your removable drives (like USB or flash drives). Remind your staff to know what data is on them if they are taking them out of the building. You may even consider encrypting them.
• Whoever is responsible for rotating backups offsite – make sure they understand the importance of their job. The tape shouldn’t be left on the front seat of the car in the Wal-Mart parking lot while they are shopping.
• Most of all – just use good common sense!

 We are here to help if you would like to have a member of the PTG team do a security audit – contact a business PC repair technician today!