Category: Uncategorized

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.

TrickBot:

• Will harvest your system information so that the attacker knows what’s running on your network.
• Compares all files on your disk against a list of file extensions.
• Collects more system information and maps out your network.
• Harvests browser data such as cookies and browser configurations.
• Steals credentials and configuration data from domain controllers.
• Auto fills data, history, and other information from browsers as well as software applications.
• Accesses saved Microsoft Outlook credentials by querying several registry keys.
• Force-enables authentication and scrapes credentials.
• Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

• Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
• Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
• Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
• Apply appropriate patches and updates immediately after they are released.
• Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
• Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
• Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
• Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
• Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
• Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
• If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
• And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

Creating a business continuity plan is one of the most important things a company can do.

Business continuity ensures that your business is back up and running after a critical disruption, such as a natural disaster or cyberattack.

What Is Business Continuity?

Business continuity is a big-picture approach that ensures normal business operations are continued during an emergency. It’s designed to identify and mitigate risks, assign roles and provide clear communication to key parties.

Why Is Business Continuity Important?

Business continuity allows your business to keep running during or soon after a crisis. Not having a business continuity plan carries great risks, including:

• Loss of customers
• Extended downtime and subsequent revenue loss
• Reputation erosion
• Regulatory non-compliance

Creating a business continuity plan helps you maintain control and calm in what may otherwise be a chaotic environment.

What Are the Components of a Business Continuity Plan?

There are several core components of a business continuity plan:

• Identify the team
• Understand data
• Assess and rank risks
• Prioritize essential services
• Price and build solutions
• Develop policies and communicate
• Test and refine

Each of these steps helps to create a broader understanding of both the threats and how the company addresses them should they materialize.

How Do You Build a Continuity Team?

Business continuity needs to begin at the highest leadership levels and buy-in needs to be built at every level. Every department or business unit should be involved in order to provide perspective on what’s most important and critical across the company.

The team should comprise members who have a deep understanding of how the business works, make good decisions and communicate clearly. This team may be different from a disaster recovery team, which focuses on remediation — dealing with an emergency when it materializes.

How Does Data Fit In?

Understand your data is crucial, especially when risks and solutions become clearer. It’s important to understand what data your company has, especially information that is personal or proprietary.

Your company needs to understand how the data is collected and formatted, where it’s stored, who has access and how it’s accessed.

How Do We Identify Risks?

Risks can take on many forms, some of which are more severe than others. While most people consider natural disasters and cyberattacks as the most common threats, there are other risks that present a threat to the enterprise. Some of these other risks need to be addressed immediately, just like a fire or ransomware attack.

It’s worth repeating that business continuity is about keeping the business operational while the threat is being addressed. These risks include:

• Natural disasters
• Cyber attacks
• Data loss or theft
• Employee error
• Emerging competitors
• Shifting market conditions
• Political changes or legislative action
• Loss of customers or crucial staff

The assessment phase requires identifying the risks and ranking them. Companies should determine the following for each risk:

• Likelihood of occurring
• Potential impacts e.g. financial, reputational, regulatory

Some models define risk as the product of the two (Risk = Likelihood x Impact).

How Are Risks Prioritized?

Once the risks are identified, they need to be prioritized. The most urgent risks should be given the highest priority. One way to think about risk is to consider the services that are most essential to your business viability. Is it the production of goods or services that your customers depend on? What about processes that need to be carried out for regulatory compliance?

Part of this assessment should include the impact of incidents on your most important customers. How likely are they to leave? What do they need that you provide to them?

Next, your teams need to create solutions to the most urgent risks. These may involve recovering key data and restoring online access to applications. They may require new IT solutions that strengthen network protection and monitor activity.

The identified solutions need to be priced before the company chooses which risk mitigation work should be financed first. Cost and feasibility may require a reprioritization of the risks.

When Do We Create Policy and Processes?

An important component of business continuity is developing the governance policies around governance during and after an emergency, how communications flow and from whom, and what systems are prioritized. The processes detail roles and actions to take at each phase of disaster recovery.

Once these documents are created, it’s important to share them and educate employees about what they mean. Understanding these processes before an incident occurs helps employees to react more effectively.

How Do You Know If Your Plan Works?

Testing is an important part of business continuity. Simulated drills can identify how employees perform, how effective the plan is and what needs to be changed. The value of a business continuity plan comes from continual reassessment, reprioritization, retesting and revising.

Disasters and incidents can derail companies in many ways. Business continuity planning helps minimize those impacts on your company and keeps you running during and after an emergency. To learn more about business continuity planning, download this free template.

Email is one of the primary forms of communication for today’s active businessperson, but there are certainly some challenges when you’re on the go. It’s not unusual to start an email on one device and save it as a draft to finish up later from your desktop. This productivity hack allows you to quickly jot down ideas on your mobile phone and save the email for further refinement when you’re back in the office. See some additional best practices for keeping your email synced across devices.

The Rise of Mobile Email

The share of global web pages served to mobile phones has changed dramatically over the past 10 years, from less than 3% in 2010 to over 52.2% (and climbing!) in 2018 according to Statista. This doesn’t even include tablet traffic, which accounts for approximately another 10% of traffic in the United States. The same shift can also be seen in email, with the percentage of emails being opened on mobile devices growing to 55% or greater. Return Path, an email data aggregator, shared that the converse is true for emails opened within an internet browser; this number has dropped from 37% in 2012 to 28% in 2017. These dramatic shifts are representative of the way we create emails, too.

The End of Poorly-Worded Mobile Messages?

While it would be great to note that the increased ability to work cross-platform would mean that you’re less likely to receive poorly-worded, autocorrected emails that originated on a mobile phone, but that’s probably too much to ask. However, the ease with which you can save messages for later editing and sending may reduce the possibility that it’s obvious your email was jotted down on a mobile phone. Business professionals are more likely to take the time to create a well-written message that covers the necessary points when they’re able to re-read the note on their laptop. Few people are able to flawlessly compose a thoughtful email message on a 4″ mobile screen.

Taking Control of Your Inbox

It’s all too easy to allow your inbox to control your life and make you extremely reactive, especially when your emails are close to hand at all times on your mobile devices. It’s essential to stay organized to reduce the possibility that you’ll miss replying to an important message when you’re on the go. Try using labels for “Need to Reply” or “Respond Tomorrow” that will prompt you to draft a reply the next time you’re in the office.

Don’t lose productivity when you’re out of the office — simply jot notes to yourself for later refinement! You’ll love this time-saving trick, and your email recipients will appreciate that your emails have had a few minutes of review and editing before they’re fired out of your Sent mailbox.

Great news! You’ve posted a batch of pricey items from your business on Craigslist, and someone has offered to purchase the lot. However, when you receive the check you realize it’s not for precisely the right amount. Perhaps you contact the seller to get a revised check — and they are so accommodating that they trust you to deposit the full amount and then wire them the difference. You’ve sold your excess inventory or goods and have payment in hand, so where’s the concern?

Unfortunately, this all the hallmarks of a traditional fake check scam. Selling online is one of the three scenarios where you are most likely to find a check scammer, but it pays to always be aware that this could be a possibility. Fake checks are rampant in today’s culture, with scammers making off with millions of dollars on a regular basis. The Better Business Bureau (BBB) estimates that over 500,000 Americans are the victims of swindles involving counterfeit checks, costing each victim an average of $1,200.

How Fake Check Scams Work

First of all, there really isn’t a legitimate reason for someone to ask you to wire money back to them after handing you a check. None. If someone requests this of you, your first thought should be that there is something fishy going on — whether it’s a business or personal situation. The checks that these individuals will pass to you look completely real; even cashier’s checks that portend to be certified by a bank. Unfortunately, you’re responsible for funds from the check that you’ve deposited. This means that you will be liable for the entire amount that you wire to the criminals. Some variations of fake check scams include:

• Foreign lottery: Congratulations! You’re the winner of a (fake) lottery. Here’s your prize money!
• During the job application process you’re asked to submit a check for an application fee.
• An online buyer requests you to set up an account for them to deposit payments into

Scammers are taking advantage of your trusting nature — something that you simply cannot afford to have in today’s society.

Your Liability With a Fake Check Scam

You might think that your liability is limited in the event of a fake check scam, but the opposite is true. While your bank may make deposited funds available to you immediately or within a few days, they are simply acting in good faith that the funds are available from the check you’ve deposited. When it turns out that the check is fraudulent, by federal law you are responsible for any funds that are withdrawn against the check. It often takes weeks to untangle the conspiracy around a fake check, and banks are perfectly within their rights to withhold funds from your use to equal the amount you’ve overdrawn during that period.

Protecting Yourself from Fake Check Scams

Other than simply never accepting a check, there are a few ways to stay safe from this particular type of fraud. Any offer that asks you to submit payment to receive a prize or gift should be immediately tossed. It’s always a good idea to limit how and where you are wiring money — both personally and as a part of your daily business dealings. It’s never a good idea to accept payments that are greater than the amount you’ve requested for a particular online sale, and consider using an escrow service or other third-party payment strategies for more substantial online sales. When you’re working with a new vendor for the first time, it doesn’t hurt to quickly check out their customer service number and even Google their location to ensure that it is on the up-and-up. Avoid any exceptional offer that purports to only be available for a “limited time,” where the buyer is putting extensive pressure on you to act immediately. These are rarely legitimate, and can cause you much more frustration in the future.

The hard fact is that scammers are everywhere, and if something seems too good to be true — it probably is! If you think you have been a victim of a counterfeit check scam, you can report the issue to several government agencies including: U.S. Postal Inspection Service, the Federal Trade Commission and local authorities. Even though it may not save you from losing any funds, you can potentially stop the fraudsters from targeting others in the future.

Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?

What Should You Do To Secure Your ePHI?

Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?

If You Don’t Secure Your Data–Prepare For Ever-Increasing Fines

According to Health IT Security, in February 2019 Tennessee-based Community Health Systems (CHS) settled with the 4.5 million patients impacted by its 2014 data breach. Those patients who experienced identity theft or fraud due to the cyber attack will receive up to $5,000 each.

The lawsuit counsel also requested approval to award attorney’s fees for the case (about $900,000), as well as an incentive award of $3,500 for each patient they represented.

This is just one example of a healthcare breach and its effects. Click here to learn about some of the biggest healthcare breaches for 2018. 15 million patient records were breached in 2018 as hacking and phishing surged. This number tripled from 2017.

Don’t Let This Happen To Your Healthcare Business–What Should You Do To Secure Your ePHI? — Ask your IT provider to implement a Layered, Managed & Proactive Approach To IT Security.

This is the industry’s definitive source to prevent healthcare data breaches…

You need these 4 layers:

1. For your Computers: Your need Anti-Virus, Anti-Malware and Zero-Day Protection that’s managed by your IT Managed Service Provider so you know new updates are being applied daily.

• Managed Anti-Virus & Anti-Malware: This keeps both known and emerging viruses and malware off of your workstations and servers. Because it’s managed, it stays up-to-date with the latest cyber threats. It also protects against new viruses by using behavioral scanning and heuristic checks. These detect new, unrecognized viruses and malware and send them to a sandboxed environment away from your core systems. This is essential with all the new virus and malware threats being created each day.
• Zero-Day Protection: This provides end-to-end cybersecurity protection for your computers, as well as your networks, endpoints, mobile devices, and cloud-based services when an unknown security vulnerability in computer software or an application occurs, and where a patch hasn’t been released to handle it.

2. On Your Network: You need a Next Generation Firewall. This detects and blocks complicated cyber attacks by enforcing security measures at the protocol, port and application level.

Next-Generation Firewalls can be implemented in either software or hardware. The difference between a standard firewall and a next-generation firewall is that the next-gen performs a more in-depth inspection and in smarter ways. It brings added information to the firewall’s decision-making process. It also has the ability to understand the details of web traffic passing through, and can take action to block anything that might exploit your network’s vulnerabilities.

3. Email:  You need SPAM filtering with link and document scanning. This is a service designed to block SPAM from your users’ inboxes. It sets up an email gateway that stops the bad guys before they reach your inbox while making sure the good guys (you) aren’t bogged down trying to manage it. Many email messages today are SPAM. SPAM filtering is critical for keeping phishing emails off your computers. However, even the best filters can’t block 100 percent of SPAM messages. This is another reason why you need #4 below.

4. User Education: Different sized organizations cope with dissimilar problems, but all have employees who are usually the weakest link in their IT security. Modern phishing and social engineering attacks are a major threat to medical businesses today. Even a single unaware employee is enough for a cybercriminal to trick through email to gain access to your ePHI, data, finances and more.

Security Awareness Training tackles this problem head-on. You need ongoing education that trains your employees in cybersecurity measures and protocols via a comprehensive curriculum that includes simulated hacking and phishing attempts —This helps your employees know what to look for when using your IT systems.

To ensure cybersecurity, your staff should know…

• How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
• How to use your practice management technology without exposing data and other assets to external threats by accident.
• How to respond when they suspect that an attack is occurring or has occurred.
• Additional vital information to maintain cybersecurity.

In addition …

Ask your IT provider to implement these 4 solutions to minimize your risk:

1. Data encryption so your ePHI and EHRs are secure both in transit and storage.
2. Multi-factor authentication where your users must use two or more forms of electronic identification to access data.
3. Routinely patch and update your software programs to close any security gaps.
4. Mobile Device Management to protect your data if mobile devices are lost or stolen.

With this and a layered, managed and proactive approach to IT security, you should have a fighting chance against today’s cyberattacks.

Small business growth is a challenge of keeping up with success without crumbling under commercial weight.

Many improvements needed to reach the next stage of success can be prohibitively expensive, leading to debt and risky gambles that could fail from random chance even if you’re doing everything right.

Tech growth opportunities are becoming more affordable every day. Here are a few details to help you understand how tech outsourcing can improve your business growth.

Reduce Utility Costs

How much power does it take to run a server? What about a room of desktops?

Do you think that equipping everyone with a smartphone or tablet will solve your electrical problems? Not if they still need a server to manage files or run a website.

What about your network equipment? If your business is growing and has heavy network needs, you’re still paying for routers, switches, and hubs. What is the electrical load on those devices?

The answer to those questions is different for every business, but they’re still a cost that can be observed. Every minute of every connected device means more ticks added to your company’s electrical meter, and that adds up over time.

Not every business can operate as a lean, agile tech dream that swipes its way through the cloud. Many businesses still need desktop computers or all-in-one solutions for heavy-duty computing tasks.

Servers are still necessary for any business, whether it’s to share bulk files through the business, host a global customer-facing website, or render complex graphics. All of these tasks generate heat, which means more electricity used in cooling from air conditioning systems.

This could be a good time to discuss the best way to cool a server room. Discussions about central air versus directed pipes, water cooling for high-performance graphic design or scientific research computer may be necessary.

You could build a data center for your growing, small business. You could also struggle through a swamp of growth, making it harder to break that plateau between a small business and a powerful enterprise.

Or you could make it someone else’s problem.

Cloud Computing Turns Tech Needs Into Simple Services

Outsourcing IT services such as web servers, file hosting servers, backup systems, or even workstations is easier than ever. There may be a lot going on in the background, but for you, it’s simple: power up, log on, and access your cloud services.

Almost anything digital can operate across cloud computing. Your business could use a standard internet connection to log into outsourced servers that hold your business files and work with virtual computers that do a lot more than the standard desktop or laptop.

Virtualization allows you to spend less money on powerful workstations. Basic, reliable workstations can be installed to log in, and as long as they can handle a few basic office tasks, they can log into a virtual server.

This server and its virtual workstations are carved from massive cloud computing resources to fit the mold of what you need. Virtual machines can be erased and rebuilt quickly, and can be configured to fit greater needs as long as you give virtualization engineers a reliable set of requirements.

It all comes together to an easier to understand, consistent, and probably lower bill for your tech assets. Your business can grow on the cloud, and you can perform estimates to figure out when—if ever—you need to split off to your own IT infrastructure.

Keep in mind that great businesses still use these services as they grow to behemoths that control global commerce. Just because they can afford to build their own systems doesn’t mean it’s efficient, and it can be more cost-effective to seek outsourced IT partnerships for specific projects.

Do you have high-security data that can’t be compromised? By all means, protect what needs protecting and outsource anything else.

That said, be sure to bring up your security requirements with a system engineer. You may discover that their security standards are higher than your own, or you could enter an agreement to modernize your security.

By working with outsourced IT professionals, you’re not just buying a single service and ignoring them for everything else. If your partnered professionals lack the skills or resources for a specific task, they know where to find someone who fits the job.

Reduce Staffing Overhead

How much does the average IT professional cost? It’s more than just their salary.

When hiring a technician or engineer for a necessary, meaningful position, they need to work at peak efficiency. Just like the hardware and software they manage, a technician needs maintenance, updates, and continued relevance in the business.

A good technician can handle the task at hand. A great technician grows into new challenges, searches for other tasks that leaders may not have noticed, and innovates.

To create a great environment for IT professionals, a business needs to provide training and encourage participation in multiple industry events. They need to have their finger on the pulse of your business ventures and know their own tech potential, which often means reaching into other industries.

While doing all of this, IT professionals need to do the job that you give them. They also need to sleep. They probably need a personal life, but the work-life balance is always a touchy subject.

The question is simple: can you afford that kind of technician?

If your business isn’t creating a bleeding-edge engineer as an incubator of industry progress, neither you nor that technician is reaching their greatest potential. You’re paying them for a specific set of tasks, and in order to grow, that technician will need to reach outside of the business for their growth.

If they reach too far, you may lose that technician and the few growth opportunities you were able to pay forward. Instead, create a partnership with a business that deals in technician growth.

Outsourced IT solutions from managed IT businesses will give you access to trained technicians who are ready to handle your challenges. You are the task, the goal, and the client. You are not, however, responsible for building an entire technician.

Education And Training A Benefit, Not A Cost

Your business is still part of that growth and still provides benefits. Like any profession, experience is a steady march forward through workplaces, job sites, and challenges. Someone else is helping that technician grow, and that’s okay.

Unless your business is centered on IT education—or if you’re an engineer who really likes taking other engineers under your wing—this is a better deal for everyone involved. Tasks can be spread out across multiple technicians who can handle the same projects, but you’re quoted for the service that you purchase.

You’re not responsible for posting job applications on Indeed or CareerBuilder. You’re not responsible for sending technicians to expensive seminars with questionable benefits.

While there’s nothing wrong with taking interest in an outsourced technician’s training or even suggesting a path, the distinction is important: your business won’t sink or swim if you’re not paying for their classroom and self-study growth.

Contact an IT support professional to discuss other ways to enhance your business growth.

Financial service firms: beware. Your data is a target. A new report out of the United Kingdom (UK) cannot underscore enough the severity of the issue. But it is nothing new. The FBI has put the alarms on since 2011, from threats of account takeovers to third-party payment processor breaches to securities and market trading exploitation to mobile banking exploitation and even supply chain infiltration, among other ways. Hackers are more advanced and more prevalent than ever. What is shocking about the new statistics from the Financial Conduct Authority (FCA) is the sheer increase of breaches after the implementation of the General Data Protection Regulation (GDPR). Here’s what to know and what to do.

Alarming Statistics from the FCA

The numbers are alarming and demonstrate a real concern among financial institutions and the protection of their assets and data. The total number of breaches reported by UK financial services firms to the FCA was 145 in 2018, which was up from 25 in 2017. That makes it an increase of 480%.

The breakdown of the 145 reported breaches is shown in the below chart (as provided by the FCA) with the last three years also included — this demonstrates the stark increase in reported breaches over the course of four years.

Sector	2018	2017	2016	2015
General Insurance & Protection	33	7	1	3
Pension Savings & Retirement Income	9
Retail Banking & Payments	25	1	1	1
Retail Investments	11		1
Retail Lending	21	4	1
Wholesale Financial Markets	34	3
Investment Management	12	10	3

Why was there a dramatic increase in breaches in 2018?

There are a number of theories why financial services firms in the UK reported 480% more data breaches in 2018 than the previous year. The percentage alone is enough to send warning alarms throughout the work, but do the reasons justify the urgency?

• First, the financial services sector offers a lot of what hackers want: data and money.
• Second, much of the financial services sector has not been using the most advanced technology and artificial intelligence (AI) to protect their information and data, according to a report conducted by Accenture and released in 2018, Cost of Cybercrime: Financial Services. In fact, “only 26% have deployed AI-based security technologies and 31% advanced analytics.”
• Third, hackers themselves are becoming more numerous, bolder, and more sophisticated — alongside the advancement of technology.
• Fourth, the GDPR came into effect in 2018, which requires reporting breaches within 72 hours of discovery — so the increase in the statistics may be — in part — due to a legal requirement to report the breaches.

Thus, the combination of all these things: the financial services’ data, the desire of hackers to obtain that data, the limited protections financial services firms have had in place until recently, and the new requirement to report all play a role in the dramatic increase in reported breaches. So, not all is as bad as it seems. The increase can be in part attributed to the new requirement to report the breaches as opposed to earlier years when such a requirement was not present, and such reporting could be damaging to the reputation of the financial institution — thus, an incentive not to report until it became required.

What can financial services firms do to protect themselves better from hackers and data breaches?

Whether you are in the UK or the United States or elsewhere, financial services firms can protect themselves. It all involves a well-crafted IT plan-of-action that can include any of the below options according to the firm’s needs, wants, and specifications.

Implement and Education & Training Strategy

First thing’s first, you need to educate yourself and your firm on cybersecurity and cyber attacks. You need to know how hackers are hacking into your systems. You need to know what the latest technology is to counter hackers, including AI. You need to be informed on data management and data destruction and disposal. And you need to inform all staff and employees. The problem in data breaches is not only related to hackers hiding in a dark space using malware and other devices and software to obtain access to confidential information, but they use tricks via email and other means to gain access from, for example, unsuspecting and uninformed employees who open emails without thinking twice and who use poor passwords without consideration for how easy they are to be hacked.

An informed company and an informed staff are your first line of business. An internal team can conduct education awareness and training or else a third-party vendor can be hired to do so. It comes down to how large your firm is and what your resources are to manage it.

Assess Your Current Technology & Identify What You Need

You need to assess the current status of your technology, challenges, and vulnerabilities so that you can recognize what you need and where you need it. There are different ways or approaches a firm can take to assess its technology needs, but in general, it should include:

• Gathering information on company and employee needs, considering functional needs, software requirements, technical requirements, and security needs (i.e., natural threats from environmental conditions, intentional human threats (e.g., hackers and disgruntled employees), and unintentional threats (e.g., poor password creation or unintentional leaks).
• Reviewing the information gathered and prioritizing identified needs.
• Document the results from your findings so that you have the information in one accessible location from which you can build a plan.

Acquire the Technology You Need & Implement It

Once you have the information you need, design a multi-layered system that is:

1. Adaptive;
2. Responsive; and
3. Preventative.

Financial services firms can no longer stand to be reactive; too much is at stake. Once you know and prioritize what you need, acquire it and implement it. Research to ensure you purchase the best in technology and/or hire the best third-party vendor (e.g., a managed services firm). The goal here is to bring those statistics back down, or in the least, maintain them.

No matter how good technology gets, technical issues are still and will continue to be a major cause of lost productivity for individuals and companies. Problems with slow or crashed computers, loss of internet service, printers not working, dropped telephone calls, and other annoying little gremlins are costing companies millions of dollars a year, including yours. Whenever your tech isn’t working the way it should, you’re losing revenue and it quickly adds up.

A Sobering Statistic

To get an idea of just how costly all those little glitches are, consider the results of a recent survey by Robert Half Technology. The study found that, on average, workers spend about 22 minutes each day dealing with some type of IT issue. That adds up to an eye-opening 91 hours annually or two weeks of downtime for each employee in your organization.

So think about what that equals in loss of revenue. Some people generate more than others of course. But if you have a professional who’s billing by the hour, for example, or a salesperson who is bringing in say $10,000 per week, and they’re out of commission for two weeks each year, that soon starts to add up to some serious money.

IT issues will always be a fact of life for modern companies to one degree or the other but there is a proven way to keep them to a minimum and reduce their impact on your business operations. It all depends on how well your managed services provider, or your in-house team, addresses your needs and resources.

A Matter Of Strategy And Priorities

A good provider will devote time and resources to two key priorities:

• Optimizing your technology resources, regularly monitoring and testing your system to make sure it’s functioning at its optimal performance, and preventing problems from occurring in the first place, not just reacting when an emergency happens.
• Devising a strategy that implements the type of technology that will best serve your company’s unique and specific needs.

If you have systems and equipment in place that you don’t necessarily need, that’s a drain on your resources and budget and creates more complexity, and thus more opportunities for things to go wrong. If, on the other hand, you don’t have the capabilities you need, efficiency and productivity will be hampered.

An experienced and professional managed services provider will ensure that your organization has the right balance, providing you with the optimum in performance. They will also monitor your system in real time to spot potential problem areas, and to be able to react quickly when they do happen.

Your technology partner should be willing to work with you on a personal basis to devise a plan that will best fit your needs, and they should always be available. If you have a question or an issue, you don’t want to reach an answering machine or service.

It’s easy for a business to get used to minor tech issues and become complacent about them. But the fact is that they’re costing you more money than you know. Finding a good IT partner could be one of the best business decisions you’ll make.