This would be an example of a page subtitle
We are clearly in an age where all our critical data and business processes, even the value of the business itself, is in a technology system somewhere. Many would like access to this business data for various nefarious reasons, and these security threats and methods are evolving daily. At Keystone, we call it a “cat and mouse game” – where the mouse hides, the cat finds the mouse, the mouse hides in a better spot, the cat finds them…and on and on. That is the game we are playing with numerous hackers. To have a chance of winning, we must evolve with them. We need security solutions for security threats today.
The threat is real – so we need Security Solutions for Security Threats NOW
There are many ways to quantify the threat – here is data to help you size it up.
- In the past 12 months – 61% of SMBs experienced an attack, and over 54% had a breach. (Source: PoneMon Institute)
- Nearly half of the cyberattacks worldwide are against businesses with fewer than 250 employees.
- Data breach costs $38,000 per breach in a small business on average; this is a very conservative
- A cyber-attack happens every 39 seconds.
- Business email compromise (BEC) attacks cost organizations an estimated $1.77 billion in losses in 2019, reports the FBI, which received a total of 23,775 complaints related to this threat.
- There are 15 billion credentials (that is YOUR passwords) available for purchase on the internet today. That is about twice the number of people in the world.
- Even if someone has little skills, they can hire someone to do a security hacking campaign on your systems, about as quickly as they could order lunch online.
To summarize, the threat is broad, and your business and personal data are not immune. The danger is constant – using scripts and tools, hackers can bring continuous pressure on your systems. And the risk is expensive for your business and society at large. The threat is real.
The Methods are Real
The threat is real because the methods are real, and they vary. There are numerous ways hackers gain unauthorized access to data. The most frequent are:
- Social Engineering and Phishing – In this case, they use online sources about you, like LinkedIn and Facebook, to know your “high school mascot” or the “city you were born in” and start working to gain access. Or they send a very legitimate-looking email from what looks like your bank and says you must log in to unlock your account. In both cases, they use you and information about you to break in.
- Weak passwords – Using systems capable of guessing thousands of passwords per second, hackers can test different words and phrases to see if they work to gain access. So, using a weak password or reusing passwords from other sites gives them a significant advantage.
- Business Email Compromise (BEC) – one of the fastest-growing methods, hackers use the first two methods to get access to your email, where they create rules to hide their activity, and begin using data in the email to gain further access or have those you deal with redirect payments to their own accounts.
- Poor infrastructure or software design and management – This goes beyond the end-user; in this method, hackers find and exploit the weaknesses in the systems themselves. They identify old, unpatched firewalls, PCs with operating systems the vendor no longer supports (like Windows XP and Windows 7), or poor programming on a web application that allows a SQL injection attack, and so many more.
- Fake WAPs – Wireless Access Points (WAPs) are the most common method of our access to the internet, and it is elementary to set up an access point in a coffee shop and call it “Starbucks Free Wi-Fi.” You may see this and connect, and it sends all of the data you need back and forth from the internet, but also examines it and looks for passwords, bank accounts, etc. and saves them for use later.
These are just a few of the methods used to give you a flavor of the types of attacks possible. The ways are real and evolving constantly. We need security solutions for security threats that exist today; if you are still focused only on yesterday’s threats, you are way behind in the cat and mouse game.
The Solutions are Available
We need real solutions to real threats – the ones of today – and not just hope and pray. We must acknowledge no solution is 100%; tomorrow will bring new dangers. You must have the right team, tools, processes, and mindset to help increase the chance your organization is safe.
As we have shown, there are continually evolving threats, and it is going to take a new investment to protect you. If we compared it to physical home security, gone are the days past when a simple lock on a door will do it. You now need deadbolts, steel doors, cameras, and home security systems with monitoring. It costs more, it also protects you to a much higher degree, but never 100%.
Keystone’s Security + and Security Premium
Keystone has always focused on keeping our clients secure, and we are proud of our record in this area. We have assembled basic security tools and methods, which have worked, but looking into the future, we must meet the evolving threats.
We have been providing what we now call “Security Basic” – the minimum you need, but still leaves gaps. It includes managed anti-virus, protection from known malicious internet sites, system patching, essential protection from ransomware, and simple email protection. It meets the threats of yesterday, but its continued effectiveness will be limited.
Security+ is our new suite of tools and processes intended to meet today’s most prevalent threats. In addition to everything in the Security Basic offering, we add the following: Enhanced email protection, Multifactor access on Virtual Private Networks and Remote Desktop access, User security training along with phishing test campaigns, BitLocker encryption on PCs, and regularly running a security risk assessment on client environments. You may note the parallels between these additional components, and the new threats we see today.
Security Premium is our top tier offering and includes everything in Security Basic and Security+. But also, we add Annual Security Penetration and Vulnerability tests – to find any holes in the environment, user skills, and policies. This service identifies and categorizes all the potential weaknesses in your environment.
Summary – Security Solutions for Security Threats Today
We understand your need for security, and the means to provide for it against today’s threats. We also understand what will be valuable to you in this goal. The threat is real, the methods are real, and we have created real solutions for you.
We encourage you to contact us and discuss how you can access these new protections. Send an email to us at Info@KeystoneCorp.com or call us at 330-666-6200
This would be an example of a page subtitle
What is the number one threat to your information technology systems? No, it is not a malevolent spy deep in Russian territory trying to steal your bank account. Nope, also not your competition’s seedy employee looking for a new product design. And no, it is not a teenager getting ready, so he can brag to his friends. These are threats, and their varied motivations are the most common reasons for hackers to attempt entry into your data systems. But the top threat is the one already inside your business – the employee who does not lock the door sufficiently or hears a knock on the door and opens it.
Employees are not usually malicious as a part of the breach that occurs; they often don’t even realize they are doing it. They are busy, focused on the important tasks of the day, and they pop-up window just said an issue had been detected with their PC, and just “Click Here to Fix it”, but clicking is like opening the door to the warehouse, and one of those threats listed above walks in and has free access. Or the same busy employee likes to get logged in quickly, and does not want to remember a long password, when a short one lets them get in faster, so they key in the tricky, “who would guess this?” password of “123456” (the most common password of 2017) and log in.
A recent study found that negligent employees are the number one cause of cybersecurity breaches. The lack of employee awareness about good IT security is an even bigger impact with the rise in mobile device computing, so a lost cell phone or tablet allows access to corporate systems. No amount of technology like firewalls, security patching, anti-virus, group policies, etc. will stop an attack when the user with access opens the front door.
The Remedy: Train Users in IT Security
They need not be experts, but they should understand the importance of IT Security, what some common best practices are, and what an attack looks like.
Keystone offers this training for our clients in a fun, friendly lunch and learn. This is important because it makes them aware and allows them to interact with our cybersecurity experts about things they see in real life. We cover two main areas:
- Types of attacks and best practices to stop them.
- What to do if you think your device has been compromised.
We want users to know what a valid request is, and what to do if they have a sinking feeling they just clicked the wrong button. Users should know we are not looking to place blame, but we are trying to secure the environment quickly.
In our training, we cover:
- Social Engineering, or as a famous hacker once said: “…much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.”
- Safe web browsing habits
- Email Compromises
- Phishing and Ransomware examples
- Good Password Policies
Good Password Policies to Help the Number One Threat to IT Security
We can’t cover everything we do in training, but one area we can share here is good password policies. A poor password is SO EASY TO HACK, so follow this to improve your protection.
- Don’t use a weak password. Oddly enough, many people use a password of … ”password”
- Don’t use anything from the common password list.
- Don’t write your password down and store it somewhere (I recently heard about a president of a company who, upon receiving this training, sheepishly pulled a slip of paper from his wallet with all of his secure passwords).
- Don’t reuse passwords across sites, have a unique one for each site. Your bank site may never be hacked, but the community bulletin board with the same password will be.
We then wrap up with some suggestions for good patterns, and tools to make it easier.
Are We Really a Target?
You may assume that you are too small for anybody to bother with, but don’t make that mistake. The Keeper Security and the Ponemon Institute reported in 2017 that “More than 50% of SMBs experienced a ransomware attack in the past year.” With the ease at which hackers can attack many systems at once, the cost of an attack is not high compared to the results they can gain by finding a user who opens the door.
What Can We Do?
Great question. First, commit to the idea and get started. Even once a year training and a quick refresher quarterly are helpful. Tools can be helpful too this but engaging an IT Services company in providing this is a great start, as they see the latest issues and attack methods. Keystone maintains relationships with our clients and users and sees the attacks (many which the user is never even aware of), and knows the systems and proclivity of the users to click the wrong thing. This allows real, personalized training and that helps reduce risks significantly.
Call us today to see how we can train your users in IT Security!