Author: Stuart Crawford

The Top 5 Cybersecurity Risks Your Company Hasn’t Considered

Exploring the leading cybersecurity threats facing business professionals today

There’s no getting around the prevalence of cybercrime today; it’s happening more and more, all across the globe. Even worse? The identity thieves and malicious attackers lurking behind the scenes are getting better at exploiting weaknesses to get their hands on confidential business data.

Understandably, business owners are often scrambling to ensure they’re doing enough to keep security tight. Maybe they invest in some “total solution” software or perhaps they overload a tech savvy employee with IT security work. Some business owners simply decide to roll the dice and hope for the best. Whether it’s doing too much or too little, business professionals often get caught up in a less-than-ideal approach to cybersecurity.

So, with all the horror stories in the headlines about companies and government agencies getting breached, what’s a business owner to do? The key is to remain focused and strategic so you can put together a level-headed plan. This involves taking a closer look at some of those gargantuan cyber threats we often forget about.

Narrowing Down the Doom: 5 Concrete Risks You Can Focus on Fixing Today

In order to develop a realistic and strategic approach to cybersecurity, you have to cut out all the noise. Put the headlines and your own fears to the side and try to stay focused on the things you and your staff can control. Think long and hard about the various ways cyberattacks could occur in your organization and then consider how you can work to close the gaps in each section.

Check out these Top 5 Security Risks that your organization must be carefully managing:

 1. Your own team

No one likes to admit that internal risks exist, but the reality is that employees are the weakest link in the cybersecurity chain. Sometimes these internal threats are malicious, but most often it’s a matter of ignorance and carelessness. In fact, human error is the catalyst for the vast majority of cyber-attacks on businesses.

The reality is, an uninformed and unprepared team can have drastic consequences for your organization’s cybersecurity. You may have employees who are more likely to click a malicious link or download a bad file from a phishing scam. Perhaps your team receives fraudulent business email compromise (BEC) scams that seem legitimate. No matter the error, your workforce – when uninformed – can put your organization at serious risk.

How to tackle an uneducated team:

The best way to counteract employees who aren’t in the know is to teach them! Yes, this will require some investment of time and resources but in the long run, your organization will be stronger and more secure.

Find ways to get your team on board and help empower them to be cybersecurity superheroes. Help them determine how to identify threats and create an environment for open and honest communication about suspicious activity of any kind. With an informed and vigilant team, your cybersecurity woes will be reduced significantly.

Password malpractice

Passwords are supposed to keep your organizational and employee data safe and secure. But when’s the last time your team changed their passwords? Is there a culture of password-sharing or posting in your office that threatens security? For that matter, have you and your team ever had an open conversation about choosing strong passwords? These are questions you must ask yourself in order to get on top of password malpractice.

How to manage password malpractice:

Like with any other part of your business, best practice for password management is to have standard operating procedures in place to ensure your team knows what is expected.

Make it a rule that passwords must be kept private and changed on a 30 or 60-day basis. Mark calendars with password change dates and makes it a group activity. Make it a rule that passwords must be unique and not repeats of old passwords or other accounts. Ensure there is a chain of command for access and control – superiors should never be sharing login credentials with employees – no matter how convenient. Finally, consider setting up two-factor authentication at all endpoints to add an extra layer of verification security.

2. Patch procrastination

In an increasingly digital workforce, hardware and software updates seem to pop-up daily. However, it is becoming blatantly clear that updated software and hardware are a critical part of maintaining strong cyber security. Why? Because updates very often include patches designed specifically to fix security holes or glitches. Who can forget the massive WannaCry scam from 2017? Even though a patch had been released in March, it had not been installed on countless machines who were then infected by the virus in May.

Even with the high profile WannaCry case, it is still common practice for many business professionals to avoid or put off software updates. Sometimes there is fear of change or increased technical issues once an update is installed – and this can happen. However, for the most part, updates are designed correctly and will work wonders by patching unseen security flaws. This can make a huge difference in keeping your network secure.

How to stop patch procrastination:

Again, schedule your updates and mark them on calendars as much as possible. Taking the time to make a physical note will help emphasize the importance of staying on top of patchwork.

Most importantly, when your machine gives you a reminder to install an update – install it! Get out of the habit of clicking “Remind Me Later” – your network will thank you. It’s not just about security either. Staying on top of updates and patches will help your systems run at optimal capacity at all times. Make updates to your new habit and explain this priority to other administrators.

3. Other organizations

This is perhaps the biggest risk that business professionals often forget. It’s not just your own cybersecurity practices you should be worried about – it’s the other companies you work with. Vendors, business partners, consultants – basically any organization that your company deals with can impact the safety of your business data.

Even if you have the strongest internal cybersecurity plan in place, if a third-party vendor has less than perfect cyber security practices, attacks could find a way to access your network. The recent Petya attack is a good example of this. The bottom line is that any company that you transmit data to and from is a potential vulnerability for your own network. The last thing you want is to invest time and money to keep your network secure, only to have it breached thanks to another organization’s lax policies.

How to counteract the poor cybersecurity practices of others:

First, its critical to make your own standards clear to the partners you’re working with. While you can’t force them to get smarter about their own security, letting them know that you take cybersecurity seriously right off the bat is a great way to be transparent and encourage their vigilance.

Second, there are technical tools available to help mitigate the risks involved with external vendors. Network segmentation or divided servers can help ensure vendors only access the necessary parts of your network and nothing else. This can be a great safeguard that will help mitigate the risk of vendor weak spots.

4. Bring Your Own Device (BYOD) chaos

Alright, it’s no secret that pretty much everyone has a computer in their pocket or purse these days. Between smartphones, tablets and laptops, taking your favorite machine on-the-go is now easier than ever. Understandably, this has translated to the workplace with the Bring Your Own Device (BYOD) craze. BYOD can be a convenient, cost-effective, and morale-boosting practice for small businesses.

However, there is a downside to letting endless personal devices through the doors and onto your business network. In fact, the security risks involved can be pretty serious. Simply put, personal devices likely do not have the same security standards and protocols that corporate devices do. This can leave your organization wide open and much more susceptible to hacks and data breaches.

How to balance BYOD benefits and risks:

Said it once and we’ll say it again: get policies and procedures on paper if your organization allows staff to bring in their own devices. Make sure your employees know the risks involved and come up with some detailed policies that will keep your network as secure as possible.

Make sure personal devices are only able to access the corporate networks through a virtual private network (VPN). Additionally, ensure that all employees have two-factor authentication set up on their accounts to maintain adequate verification. Just like all the other areas, proactive education is crucial. An informed team will make all the difference.

5. Putting Your Plan in Action: Consult the Pros if Necessary

Now that some of the basic groundwork has been laid, it’s time to ditch the hopelessness and procrastination and get your plan in action. There’s no denying that business professionals are constantly on-the-go, but making cybersecurity a top priority is a critical way to ensure your IT infrastructure is protected.

But hey, it can be a tough process to start. If you’re feeling lost or unsure, don’t hesitate to reach out to a local IT partner. A team of experts can help you begin thinking technically and strategically. It’s not just about calling someone in to fix the problem. The right IT partner will help empower you and your team so you’re thinking more like an IT expert.

Best Way to Improve Cybersecurity? Train Your Employees!

Why an informed team is your organizations best defense against cybercriminals

Cyber attacks and data loss are the last thing any organization wants to fall victim to. In an increasingly digital workforce, companies are investing in all kinds of cybersecurity efforts to ensure the bad guys can’t invade their business network. This kind of security is even more important in professional services industries like finance, law and government. The more sensitive the data, the more cybercriminals want it.

The world of Information Technology is definitely evolving and rising to meet the increasing threat. However, even as technological solutions and regulatory standards are developed, the cybercrime landscape is increasingly sophisticated and complex.

Particularly, preventing cybercrime can be incredibly difficult considering the vast majority of cybersecurity issues occur as a result of human error. That’s right. Your very own employees should be your number one concern when tightening cybersecurity. Even worse? These internal threats can be very hard to identify and address because they’re so pervasive and widespread. The bottom line is that without a ‘cyber-literate’ team, your business network will always be open to increased threat.

How An Educated Team Helps Secure Your Network  

Helping your staff become and stay ‘cyber-literate’ is critical based on the very fact that most cases of data breach and loss result from an employee’s lapse in judgment. Whether the internal threats you face are malicious – like a disgruntled and spiteful worker – or more benign – like an employee who struggles with basic email technology – facing them head-on is critical.

Minimizing human errors like downloading malicious files or clicking a malicious link can make a world of difference in reducing your vulnerability to cybercrime. So, what’s the best way to minimize human error? Educate and empower your team to be their own cybersecurity experts. Without driving awareness and understanding, your team will never be truly prepared. Take the reins and help your team better identify, respond to and report suspicious cyber activity.

Not Just a Security Boost: How Security Awareness Training Improves Employee Morale and Retention 

The really great thing about security awareness training is that it really isn’t just about tightening security. Taking the time to invest in security awareness training for your staff can be a major team-building and morale-boosting initiative. Offering your team specialized training and professional development helps you communicate just how valuable they are to your organization. Even better, it makes them want to stick around – meaning your employee retention rates will be nurtured.

You may be asking: how in the world does security training make my team more committed and loyal. The answer is simple: when you include your team in mission-critical tasks, they know they’re important and valued pieces of the puzzle. It really is that simple. If your employees feel valued, included and taken care of, they will be better advocates for your organization as a whole. This means they’ll be more committed to realizing objectives and making sure the company has all its bases covered.

Plus, it doesn’t hurt that security awareness training can be an exciting break from the boring and mundane tasks of the regular workday. Who doesn’t want a job with a little bit of excitement built in? By working with your team to research and understand cyber threats – both internal and external – your team gets to focus on something new and out-of-the-ordinary. You can even let your team spearhead initiatives and stage simulation attacks to keep co-workers on their toes. Make it even more fun by creating internal competitions or offering incentives. Do whatever it takes to help your team become the masters of the technology they use day in and out.

Overall though, the biggest benefit of security awareness training for your staff is the overall improvement of your organization’s success. With a happy, informed and productive team, your network is safe and more secure from threats of all kinds. Undertaking an educational and fun team approach to cybersecurity really makes all the difference in producing positive and lasting results. Don’t leave your cybersecurity discussions limited to manager meetings behind closed doors. Involve your team, ask for their input and make sure everyone is on the same page. This is a surefire way to keep your team feeling valued and your company successful.

Empowering your Team: Tips for Effective Security Awareness Training

So, it seems like a no-brainer: get your staff well-versed in cybersecurity objectives and all will be well, right? This is true, but it’s critical to go in with a plan. Creating an effective security awareness training program for your team means you must keep a few baseline suggestions in mind. Using these suggestions as a starting point will help you develop a custom-tailored plan to meet the needs of your business and ensure all your cybersecurity concerns are shared with your team.

Check out these preliminary suggestions for effectively training your team in all things cybersecurity:  

• Know Your Weak Spots

The first step is knowing where exactly you need your team to be extra vigilant. Are email phishing scams your biggest concern? Do you need your team to be more careful with sharing access control data? Whatever your weak security spots are, be sure to identify them and discuss them transparently with your team.

• Avoid Doom and Gloom

Of course, you want to make sure your team is aware of the threats you face, but the last thing you want to do is scare them into silence or make them constantly dread an impending security crisis. As much as possible, keep it light and keep it fun. Avoid the doom and gloom and find ways to make this a team-building exercise instead of a divisive warning.

• Empower Your Team

The best thing you can do when working to train your staff in all things cybersecurity, is to let them lead the charge. Ask their opinions about various threats. Allow them to offer strategic suggestions and provide their input. The more you empower your team to take initiative, the better they will be at protecting data on the frontlines.

• Consult an Expert

Another great suggestion when undertaking security awareness training for your team is to check in with a local team of IT security experts. If you’re wondering how to start and what you should focus on, consultation with a strategic IT partner can make all the difference in getting you and your team on the right path. IT professionals have the experience and expertise to help you build a strong internal cybercrime defense.

No matter what industry you’re in, helping your team better understand cyber threats and strategies for mitigation is critical to the success of any modern business. The last thing you want is for one of your team members to inadvertently welcome cybercriminals into your network. You really don’t have to live with this constant fear. Take the initiative to get on the same page as your team – let them know the threats you face and empower them to take action in anyway you see fit.

Once you have your own team prepared and in your corner, you’ll be better able to take on any cybercrime battle that comes your way. Consult with a team of professionals to find out exactly what you and your team should be doing to stay secure.

New Office app is a scheduling game-changer for managers and employees

If there’s one thorn in the side of every business, it’s mastering an efficient and functional schedule for the whole team. Between various levels of employees, diverse job types and differing time allotments, making a consistent and easy-to-access schedule can be a huge challenge.

Of course, in the increasingly tech-based work world, countless companies are arriving on the scene claiming to have the newest and best scheduling solution that your company MUST take advantage of. Listen, there are some great stand-alone solutions out there, but often the big promises offered don’t measure up. Even worse, what good is a scheduling solution if it isn’t integrated with all the other applications you already use for calendar tracking and communication?

That’s why business professionals of all kinds are excited about the latest app from Microsoft, called StaffHub. StaffHub is truly changing the game for scheduling in the workplace and the best part is, the application is designed with Microsoft’s familiar and functional signature touch.

Tell Me More: What Exactly is StaffHub?

StaffHub is the latest productivity application released for Office 365. The application is designed specifically to better connect staff and managers to the critical scheduling data they need each day. The application is all about easy access, easy modification and easy communication to ensure that the team is always on the same page and scheduling conflicts are put to rest.

Check out some of the BEST features that StaffHub provides:

Easy Schedule Creation and Sharing

Managers are able to easily create schedules and share the content with their employees seamlessly. The StaffHub app and its data can be accessed from any mobile device through the Office 365 app. Gone are the days of the printed schedule on the wall of the office. With StaffHub, workers can simply open the app to see their upcoming scheduled shifts.

Supreme Schedule Display and View Options

Not only is the schedule easier to create and access in the app, StaffHub makes it look better too! Say goodbye to scratched out times and names on your paper schedule. The StaffHub schedule appears on an attractive and organized grid that can be color-coded for ease. There are also many different viewing options. Users are able to switch between monthly, weekly, or daily views and tapping on an individual shift shows more details. There’s even an option to view the total scheduled hours for each employee.

Streamline Shift Switches

Ah, a manager’s worst nightmare. You spend hours creating a schedule only to get three different employees at your door requesting changes. With StaffHub, this nightmare ends now. When scheduling conflicts come up, StaffHub makes it easy for workers to request a switch. Simply tap the shift in question, select the person to switch with and voila! A request is sent directly to the manager for final approval. This way, you stay in constant control of your schedule while keeping your team happy and organized.

Integration and Communication

As mentioned, there are a lot of stand-alone apps that promise a revolutionary scheduling solution. However, StaffHub is unique in that it is entirely integrated and compatible with Office 365 apps – making communication and collaboration a breeze. Employees can exchange messages and access other content through the StaffHub app. Even better? StaffHub is compatible with Azure Active Directory, meaning managers can add and remove team members as necessary.

Streamlined Success: StaffHub Makes for Happy Managers and Content Staff

Overall, StaffHub is a great tool for streamlining processes and keeping your entire team on the same page. When team members are able to easily understand what is expected of them and access the critical data that they need, jobs get done quicker and employees are more motivated to work. While countless providers are on the market claiming to be the productivity powerhouse, it’s a good idea to peek at what you may already have included in your Microsoft Office 365.

By taking a look at your existing infrastructure before you commit to any applications or solutions, you’ll have a better idea of what specific features you need and how to revamp your tech solutions accordingly. Microsoft has been on the scene for decades – working constantly to keep up with the times and give business users the solutions they truly need.

For Office 365 users, StaffHub is hands down, the no-brainer solution for scheduling. Integration, ease of use, productivity and presentation—what more could a scheduling manager ask for?

Looking to get on top of your scheduling practices? Tired of shift-change nightmares and hardcopy schedules taped up in the breakroom? Reach out to a local team of IT experts for consultation on your best options for schedule management. A team of professionals can help get you on the right path to choosing apps that work better for you and your team.

Taking Data Visualization and Collaboration to the Next Level: Excel and Power BI Integration

Data visualization tools are all about helping to make it easier for people to work with their data. An even more important aspect of data visualization is to be able to get real actionable insights into the data you’re working with. The more easily a tool can satisfy both aspects, the better it is for both data handlers and data consumers.

Microsoft Excel is king in this regard. For most users, no other tool comes close to Excel as far as data management is concerned.

If you’re using Microsoft Office 365, you have access to yet another gem: Power BI. This suite of business analytics tools allows you to analyze data, and obtain and share insights in ways that no other tool can.

In essence, this suite of tools is designed to provide users with a 360-degree view of data, with the most important metrics all in one place. Even more amazingly, Power BI updates information in real time and makes it available across all devices.

If you’re using this tool, you can explore the data behind your dashboard with just a single click. Everything is intuitive and guides you to find the answers you need with ease.

Pooling the strength of Excel and Power BI together

While most people think they have to choose whether to use Power BI tools or Excel, the two can be used together to create a powerful combination for any range of data visualization needs.

Notice that the whole idea of Office 365 is to enhance collaboration within the organization. A complete cycle of content creation and collaboration would typically look something like:

1. Get data,
2. Analyze the data,

• Visualize the data,

1. Publish the data, and;
2. Collaborate with other teams based on the data.

Normally, teams that use Excel tend to only involve Power BI when it comes to publishing their data. In essence, you can choose to work in the tool you love when using Excel and Power BI together. You can build your data or models, analyze and visualize them using either Excel or the Power BI tools – whichever works better for you – then publish out to Power BI where you can then build really beautiful reports to share with everyone in your enterprise.

Modern BI with Office 365

The modern BI available on Office 365 provides for efficient integration of Excel and Power BI Pro and Power BI Desktop. Different interactions between Power BI Desktop, Power BI Service, Excel Online and Excel Desktop exist that bring all these together in a common interface.

Each component in this interface has a function that complements that of the other.

Excel allows for data analysis in a familiar environment

Unlike most Power BI tools, the majority of the people within organizations are familiar with Excel functionalities. As such, Excel provides not only the flexibility and freedom to connect, shape, and model your data to fit your business needs, but also the familiar interface with which to visualize data for your organization’s teams.

Power BI Pro allows for publishing of reports

These are the BI tools available online that allow you to publish your reports securely to your organization while ensuring their accessibility from anywhere on any device.

Power BI Desktop is handy in building advanced models

This is the desktop-based interface of Power BI that lets you build advanced models, queries, and reports that help visualize your data in a way that can be consumed easily by anyone in your organization. Power BI Desktop is designed to enable visual data exploration and interactive reporting capabilities powered by a freeform canvas for drag-and-drop examination.

With this interface, you can build data models, create reports based on them, and share your work by publishing it out to the cloud-based BI services.

Office 365 brings everything together

This Microsoft service provides the platform that glues all these tools together into a single fabric and makes these interactions possible. On a broader scale, Office 365 allows solid team collaboration at the enterprise level; with real-time teamwork and compliance.

Here’s a sample demo showing a typical flow of data across this Excel- Power BI interface on BI Office 365.

The essence here is to see where each of the tools: Excel, Power BI Service and Power BI Desktop come in – with the SharePoint management tool as a necessary addition.

So, from the demo, different sales teams are working directly on various excel files, putting them together. Analysts then pull in all that data and add their input (behind the scenes/including adding data from other sources) before publishing it to Power BI where the data model will sit.

From there, a designer uses Power BI desktop to create final, typically actionable reports out of the model from the cloud.

Wrap Up

Well, as you can see, this is just a sample demo of what you can achieve by integrating Excel and Power BI tools together. Nonetheless, the key takeaway is the demonstration of just how using these tools in combination can serve to enhance collaboration within your organization.

Have you ever been in a position where you are supposed to work on an assignment or important document but you forgot your laptop or cannot access your desktop? That can be frustrating, but thanks to Microsoft, as long as you can access the internet on your phone or even tablet, you can easily resume working on your assignment. Microsoft 365 is an excellent business tool that provides you with lots of options when trying to access a saved document on another device.

A closer look at Microsoft Office 365

Office 365 is Microsoft’s global offering designed to provide users with access to the company’s top-of-the-line cloud-based tools for collaboration and productivity. The service is complete with web conferencing and high definition (HD) video, calendars, business-class email, online Microsoft office suite, as well as file storage and sharing.

When you stay connected to the Microsoft Cloud, you can be sure that all programs are up-to-date and available for users on a 24/7 basis. Below is a simple outline of just a few of the Microsoft 365 apps that enable us to work from any location or device.

Using Outlook App on your phone to work on the go

When you open your Outlook Application, you will see a calendar function, a file function, and a mail function. When you tap on the calendar function, you can see how similar it is to the one that is on the desktop, which means it will be easy for you to use. The files function will help you view all recently accessed documents on OneDrive and even some of the recently shared files—very convenient!

When accessing the mail function, this is where you are able to see all files, documents, and links shared with you. You can also share a file via OneDrive.

Accessing information shared via a link

Simply click on the link and it will open into SharePoint, which will allow you to view the file. If you need to edit the file, open it in the word App and as soon as you start editing, anyone who has access to the file will see your edits right away. Such an incredible feature! This is great because, after editing, you don’t have to keep sending final copies of the same document to everyone on your team. Documents are updated in real time, which is a real time saver!

Accessing the same information on different devices

It’s frustrating to lose devices such as phones, tablets, and even your laptop. If you travel a lot, you may even damage your laptop or phone. Though this can be expensive, it’s also devastating to lose important documents. Retrieving data from a damaged phone or computer usually requires an IT expert. Data retrieval used to be such an expensive ordeal and sometimes unsuccessful. The good news is that on Microsoft 365 you don’t have to worry if you find yourself in any of the above predicaments. Here is a simple outline of how you can access your information from any device.

Open any browser and type the words office.com, then log in. A page will come up with various Microsoft 365 Applications such as Word, Excel, Outlook, and services such as OneDrive. Click on the OneDrive service, which will immediately take you to all files located on OneDrive. You will then be able to access all files that have been saved to OneDrive.

These files are all live so this means that any changes made, such as editing by anyone on your team, will be there. You can view, share, or edit these files. Let’s say you wish to edit a file that you recently shared with someone. Just open that file and you will see an editing option on the top right. You can do all your editing in the browser. This works with all files including Word, Excel, PowerPoint, and other Microsoft applications. All updates will immediately show up on any shared documents.

There are so many other noteworthy features in Microsoft 365 that can help make your work easier. If you want to learn more about these helpful features, just visit this page: www.Microsoft.ca/GetItDone

Wrap Up

Losing or damaging your phone or laptop is always stressful, but you don’t have to lose any of your important documents when you work with Microsoft 365. You may be home sick for a few days, but you don’t necessarily have to get behind on your projects. It’s possible to work from anywhere using any device with Microsoft’s helpful range of products.

Remember that you can work from home and even share updates in real-time with your colleagues. As long as documents are stored to Microsoft’s OneDrive, they’ll always be right at your fingertips. That’s the epitome of convenience!

 

eFail flaw leaves encryption users on guard and encryption providers in ‘patch’ mode

Security researchers announced this week that a significant flaw exists among popular encryption tools that are used for encrypting correspondence and digital signatures. Any and all email encryption services that use OpenPGP standard and rely on GnuPG to encrypt their data and create digital signatures are subject to this wide-reaching security flaw.

Break Down: How the Encryption Security Hole Leaves Users Vulnerable

After a nearly month-long investigation, researchers have publically announced a series of security holes that have been dubbed ‘eFail.’ The eFail flaws were identified in PGP and S/Mime encryption tools and the glitches give cyber criminals the ability to uncover encrypted correspondence. The overall scope of this security flaw is hard to estimate, as most mainstream email providers – including Outlook, Apple Mail, and Thunderbird – have been impacted by the eFail glitches.

Even worse? The investigation revealed that eFail includes an input sanitization vulnerability, dubbed SigSpoof by software developer Marcus Brinkmann. This particular vulnerability allows hackers to forge digital signatures with stolen user ID data. Again, the impacts of these vulnerabilities are wide-reaching, affecting countless popular encryption applications including GnuPG, Enigmail, GPGTools, and python-gnupg. All of these providers have included patches for the vulnerability in their latest software updates.

According to experts, the vulnerabilities were made possible thanks to an OpenPGP protocol. Regularly, when a message arrives to the intended recipient, decryption occurs by separating the information and verifying a valid signature. This process occurs through the strategic separation of information using a file name system.

However, the investigation led by security researchers uncovered that the file name entry port allows for up to 255 characters, meaning it doesn’t get adequately sanitized in the decryption process. This makes it easier for cyber criminals to modify and alter file names and fraudulently gain access to confidential data. Once they’re able to gain access, cyber criminals can read encrypted messages in plain text and send fake messages via the application in hopes of spoofing digital signature verifications.

Patch Mode: Providers Scramble to Patch Flaw and Avoid Disaster 

This widespread loophole can have hugely devastating impacts on affected users. Besides the obvious risks of data breach and forgery, the investigation uncovered that the flaw holds the potential to maliciously infect enormous parts of a user’s core infrastructure. In addition to email encryption, GnuPG tools are used for backups and software updates; the extent of negative consequences is difficult to estimate.

The investigation wasn’t just speculation either. Researches demonstrated three pieces of evidence to establish just how easily encryption and signature data can be hacked and forged thanks to the loophole. So far, the best and only solution is for affected users to immediately implement the latest available software updates. Since patches have been created, updating to the latest software versions is the only concrete strategy for ensuring the loophole doesn’t continue to leave users vulnerable.

Check out this list of platform-specific update prompts:

• Upgrade to GnuPG 2.2.8or GnuPG 1.4.23
• Upgrade to Enigmail 2.0.7
• Upgrade to GPGTools 2018.3

Navigating the Digital Business Force: Vigilance and Proactivity are Critical

The bottom line is that operating as a business professional in an increasingly digital workforce means having to think about countless potential threats to data security – even in places one wouldn’t expect. It seems a new story is making headlines every week about some scary security flaw or devastating hack. But the reality is, with a proactive and level-headed approach, maintaining strong IT security standards for your organization doesn’t have to be a long and painful battle.

The first step, however, does involve accepting that there are simply some things out of your control. Hacks happen. Security holes happen. What matters most is that you and your team are prepared to respond and that you have a detailed plan for responding efficiently and effectively. It’s no secret that the worst time to think about cybersecurity planning is when you’re already in the midst of an attack. Proactivity is the key.

Being proactive involves more than reading about the latest hacks and telling your team to be on the lookout. It means getting emergency response plans on paper and providing detailed security awareness training for your team. It also may mean upping your network monitoring and management tools and delegating some IT responsibility to the professionals.

Does your team rely on some of the encryption tools mentioned in this article? Has your team updated all software with the latest patches? Do you often wonder about the vulnerabilities that are lurking in your company network? Are you overwhelmed trying to stay on top of seemingly endless cyber threats?

Stop thinking and take action. Maintaining a secure network doesn’t have to be expensive or overwhelming. Reaching out to a team of IT security veterans is the first step in taking control of your cybersecurity efforts. Today is the day to empower your business by reinforcing your security network instead of becoming the next victim of cybercrime.

Cyberattacks in Atlanta likely to be the most damaging in US municipal history

It was only this past March that the city of Atlanta was hit by a massive ransomware attack. However, city officials are claiming an additional $9.5 million dollars is required for the ongoing recovery effort. As the city struggles to restore normal and secure operations, many are wondering how high the total bill for the restoration will get.

When the city first took action in April, costs very quickly reached nearly $3 million. A recent Reuters report called the attack “the worst cyber assault on any US city” and noted the following implications:

• Over 30% of software programs used by the municipality were uninstalled or disabled by the attack.
• Countless municipal applications and government services were stolen, with nearly a third of affected data related to critical services like police and court departments.
• The loss of over 70 municipal computers and the loss of over a decade’s worth of legal court documents.
• An undisclosed amount of lost dash-cam footage from Atlanta PD.

Worse Than It Seemed: Additional Time and Money Required for Atlanta Restoration

However, with the recent request for an additional $9.5 million in recovery funding, it’s becoming quite clear that the scope of municipal government services implicated in the attack is far larger than these earlier reports suggested. According to city officials, the additional funding will be used to rebuild applications and restore services disabled or destroyed by the ransomware catastrophe. Not to mention, this $9.5 million request is in addition to the $35 million allotment the municipal IT department will be making in the annual budget.

Funding allotments have yet to be finalized and decided, and Atlanta’s 2019 municipal budget process was postponed in light of the massive cyberattack. Atlanta Mayor, Keisha Lance Bottoms announced her administration’s commitment to determining the root cause of the attack, as well as its overall impact on municipal operations. However, with such a large attack and a new fiscal year beginning on July 1^st, the city is still struggling to respond strategically.

Maybe the Worst, But Not the First: Municipalities Increasingly Hit by Cybercrime

Atlanta isn’t the only municipality to be struck by cybercrime in recent memory. Though the scope of the Atlanta attack may be record-breaking, attacks on US cities aren’t a singular phenomenon. Just in the last two years, government departments in Rhode Island and North Carolina have made headlines. Not to mention countless attacks on emergency service departments in cities across the country.

So, the question becomes: if municipal and governmental departments are struggling, how can business professionals ensure their own data isn’t sitting prey for cybercriminals? Staying proactively informed is a great first step. Communicating with your team and developing cybersecurity best practices is even better. But even with these best intentions leading the way, cities, governments, and businesses are still at risk for data loss.

Full Throttle Response: Why Consulting an IT Security Expert Makes All the Difference

More and more, IT partners and managed security service providers (MSSPs) are playing a vital role in helping businesses – and governments – stay secure and protected. In fact, two award-winning MSSPs – Secureworks and EY – have been at the forefront of Atlanta’s recovery effort.

However, in an age of cost reduction, professionals are often wary about hiring external partners to do jobs they think they can manage themselves. This is understandable, and to some extent, business professionals do have resources available to help mitigate cyber risk on their own. The problem is, cybercrime is incredibly unpredictable. Standalone automated solutions simply don’t measure up to the reliability and expertise offered by IT security trade professionals.

Partnering with a managed IT security provider offers countless benefits, including:

• Strategic planning – Partnering with an experienced MSSP is one of the best ways to implement strategic planning. An experienced and reliable partner will perform network evaluations, identify and fix vulnerabilities, and help develop detailed and customized plans for responding to threats and attacks.

• Informed expertise – One of the most useful benefits of partnering with IT security professionals is the wealth of knowledge and experience they bring with them. Managed security experts know how to identify and properly handle all kinds of attacks including ransomware and other malware infections. Simply put, it helps to have someone on your team who truly knows the nuts and bolts.
• Best practice development – If you’re looking to get concrete procedures and best practices on paper, an IT security partner can help spearhead the process. Using their experience and expertise, IT partners can help you create strategies and best practices to continually mitigate risk at all endpoints.
• Proactive monitoring, management, and updates – Another key benefit of partnering with an IT security team is the reliability and consistency they bring. Having an IT security partner in your corner ensures there is a constant eye on your systems. Your IT partner ensures things are continually monitored and managed. Including everything from software and hardware updates to access controls and user permissions.
• Employee education and empowerment – Perhaps most importantly, the right IT security partner is the best way to get your team more informed, prepared and vigilant. A managed security provider can help educate your team about different attacks and strategies for effective response. This way, even the weakest links in your security chain are taken care of.

Making Moves: Take Action Before Cybercrime Hits Your Company

Overall, partnering with an expert increases the chances of keeping business networks and servers unpenetrated. Partners provide a wealth of information and resources that help business professionals stay focused and productive while remaining vigilant in the face of cybercrime. This helps team members better identify threats as they occur and respond accordingly to keep them from escalating out of control.

Looking to tighten your cybersecurity effort but not sure where to get started? Desperate to avoid the potentially massive costs of ransomware restoration? Reach out to a team of IT professionals today. A team of experts will do whatever it takes to ensure your data is as secure as possible. Even better they’ll make you feel empowered to be your own cyber security hero.