Cybersecurity Awareness Is a Featured Theme in October

Every October, the Department of Homeland Security (DHS), United States Computer Emergency Readiness Team (CERT), and the Federal Bureau of Investigation (FBI) join forces to drive cyber security awareness. Cybercrime is a constant threat to individuals and businesses, alike. In fact, the risk is so significant that the US government decided to step up and offer information and resources stressing the importance of cyber security and raise awareness on the best practices to utilize how to protect your nonpublic information.

Here’s a brief overview of the National Cyber Security Awareness Month (NCSAM) themes for 2017, followed by a video made by the DHS that shows the tremendous threat that we are faced with every day and what is being done to keep us safe.

Week 1: October 2-6 – Theme: Simple Steps to Online Safety

This week highlights the things needed to keep consumers safe and ways to protect themselves. While it’s targeted more at individuals than businesses, they offer great resources for best practices that everyone should follow, both professionally and personally.

Week 2: October 9-13 – Theme: Cybersecurity in the Workplace is Everyone’s Business

Next, DHS shows organizations how they can protect against cybercrimes that target them. There will be information on creating a cyber security culture among you and your employees.

Week 3: October 16-20 – Theme: Today’s Predictions for Tomorrow’s Internet

The future has arrived and you need to be prepared. This week looks at emerging technology and how you can protect your nonpublic information moving forward.

Week 4: October 23-27 – Theme: The Internet Wants YOU: Consider a Career in Cybersecurity

The demand for those with IT security experience has far surpassed the number of qualified candidates.

Week 5: October 30-31 – Theme: Protecting Critical Infrastructure from Cyber Threats

The final week is a bit more on the technical side, highlighting the tie between cybersecurity and our nation’s critical infrastructure. As a business owner, it will affect you at every level.

Months to Milliseconds

 

You can start building a more cyber-secure business today by implementing these tips recommended by the FBI to combat threats like ransomware, and other malware attacks.

Raise Awareness:

Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s network and data.

Updates and Patches:

Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).

Auto Update Security Software:

Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.

Limit Super Users:

Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.

Access Control:

Configure access controls, including file, directory, and network share permissions appropriately. If users only need read-specific information, they don’t need write-access to those files or directories.

Filters and Application Control:

Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).

Data Backup & Disaster Recovery Plan:

Backup data regularly and verify the integrity of those backups to ensure redundancy.

Multiple Storages:

Make sure they aren’t connected to the computers and networks they are backing up.

As a IT service provider, we are always looking to stress the importance of IT security – not just to our clients, but to the community as a whole. Please take a few seconds to share this blog and help us make everyone a bit more #CyberAware. Would you like to step up your cyber security efforts? Call the IT professionals at Kite Tech at 410-356-3113.

 

Equifax Freeze PINs Aren’t As Secure As They Could Be

The Equifax data breach has been a considerable issue for countless individuals, exposing sensitive information that could lead to identity theft and so much more. In response to this breach, some experts are recommending that consumers go as far as freezing their credit lines because of the potential for breaches. Well, it all comes down to a PIN–something that can be easily guessed by a hacker under the right circumstances.

Personal identification numbers–contrary to popular belief–are the exact same thing as passwords. They are codes designed to keep someone from accessing sensitive information. However, access control devices like this need to follow the same guidelines, regardless of what they are called. They need to be complex and secure so as to keep hackers from guessing them. You should include both upper and lower-case letters, numbers, and symbols, and include them in a seemingly random order.

You’re probably thinking, “Great. Now I know enough to make my Equifax PIN as strong as possible.” Except… that’s not how this works.

Due to the way that Equifax generates your PIN, your credit lines could be placed at risk. The PINs used by Equifax are ten digits long, stemming from the date that the credit line was frozen, as well as the specific time which it was frozen. The order of these variables is the following: DdMmYyHhMm. This significantly cuts down on the amount of possible combinations available for a PIN. Furthermore, there are only a certain number of reasonable times within a day where you could apply for a credit line freeze, further limiting the amount of potential variables including the access code.

If Equifax had kept it a simple ten-digit randomized string of numbers, this wouldn’t be an issue. But that’s just not how the cookie crumbled.

As of September 11th, 2017, Equifax has addressed that this PIN generation process needs to be changed. Hopefully, the change will be enough to secure people’s sensitive information properly.

What are your thoughts about this development? Are you certain that your passwords and PINs are secure enough to protect your organization (and your identity) from being compromised? For assistance securing your personal and organizational information, reach out to Kite Tech at 410-356-3113.

 

Tip of the Week: 5 Reminders To Protect You Against Ransomware

The Internet is a vast place filled to the brim with threats, especially for businesses that need to preserve the integrity of their infrastructure and keep critical data safe. The Cisco 2017 Annual Cybersecurity Report states that ransomware is growing at a yearly rate of 350%, which is a considerable number to say the least. Here are five tips that can help you keep your business safe from ransomware infections.

Remember Your Employees

Often times it’s your employees who are the first to come into contact with ransomware. Ransomware is often spread through spam messages that lurk in the inboxes of your employees. It’s best to educate them on how to avoid ransomware in the first place, as it can quickly become a pain to deal with once ransomware makes its home on your network.

Don’t Pay the Ransom

Even if your data is threatened by ransomware, it’s not worth paying the ransom to get it back. The mindset you need to keep is that you have to assume the worst. What if you pay up and you don’t get your data back at all? You can’t trust crooks to keep their word. You’re better off reaching out to a trusted IT service provider for assistance with your predicament.

Take Regular Backups

Since you can’t trust hackers to hand over the decryption key, you’ll have to resort to a more reliable way of ensuring your data’s safety. Data backup can help you prepare for the day you need to restore your data following a disaster. The ideal data backup solution will take multiple backups of your data several times throughout the day, and send them to an off-site data center or the cloud for safekeeping. The idea here is to make sure that your data backups aren’t stored on an infected network so that they will work properly when push comes to shove.

Ensure Your Security is Up to Date

Ransomware is always trying everything it can to slip through the cracks found in enterprise security. Therefore, you must take a proactive stance by updating your network’s security protocol so that all known variants of malware can be kept out of your infrastructure. This includes updating your software solutions, including your operating system and applications, to ensure maximum security.

Be Wary of Email

As we mentioned before, ransomware prefers email as its movement medium. Encourage any and all users on your network to be cautious of any unsolicited messages–especially those that contain links and attachments.

Microsoft users who want to find out more about ransomware can do so at the Ransomware FAQ that is regularly updated in the Windows Defender Security Intelligence (WDSI) database of threats. If you want a more personalized approach to ransomware security, however, reach out to Kite Tech at 410-356-3113.

 

NY DFS Changes Again

The saga continues!  IIABNY recently learned that NY is requiring that all license holders file their exemption status on the Department’s website.  This means that each individual that has a producer license must go to the NY DFS portal, and submit their exemption status by September 27th.  You can read more about IIABNY’s efforts HERE.

Thankfully, the process is quick and painless, once you know where to go.  To help your folks stay compliant, we’ve put together the following instructions:

 

 

 

  1. Browse to the NY DFS website: https://myportal.dfs.ny.gov/web/cybersecurity/
  2. Click “Create Account”, and put in your name and email address. Then, click “Save.”  DFS will email you a temporary password.
  3. The link in the email that you receive will not work, so please note the password and refer back to these instructions for the proper website link. Once you enter your credentials, you’ll be prompted to enter a permanent password.
  4. Once logged in, you’ll click the “Submit Cybersecurity Notice of Exemption” button on the left.
  5. Type your Entity ID in the field. Your Entity ID is the same as your license number.  The rest will prefill for you.  Click “Next”
  6. For your Exemption Reason, you’ll want to choose 500.19(b). 19(b) is an exemption for employees and agents that work under the Cybersecurity Program of another Covered Entity.  Click “Next”
  7. Enter in your personal contact details and check the box to swear/affirm. Click “Submit”.

Once submitted, you should receive a confirmation via email.  Please forward a copy to your licensing manager, and keep a copy for your own records.

 

 

Artificial Intelligence: Right For The SMB?

For those of you who are unclear as to what exactly artificial intelligence is in the modern business setting, it should be noted that AI isn’t necessarily like traditional notions of Skynet from the Terminator series or Agent Smith from the Matrix. The AI we’re referring to hasn’t shown the ability to operate autonomously or made plans to eliminate humanity… at least not yet.


Rather, today’s version of AI is more of a way that computers can learn and solve problems based on information amassed in an extensive database. For example, AI might be referring to an application’s ability to understand human speech, take that audio and use it as data to more accurately predict a future purchase based on that audio, as well as, past purchases, buying behavior, demographics and other data. As the database grows, so improves the AI usable with that data.


Machine learning – It means that technology uses data collected over time to make better predictions about what you want. The idea of machine learning is not like human learning. It still requires data to be input in some way. This technology is by no means brand new but it has really taken on a new life in recent times.


ex. Amazon uses your purchase history and the history of those similar to you to better advertise and recommend you products.


Deep learning – Machine learning that is enhanced by additional layers of data to further refine predictions making it more accurate as additional layers are accumulated.


AI Already in Use


Virtual personal assistants, like Apple’s ‘Siri’ and Amazon’s ‘Alexa’, are used by millions of people. The majority of those users haven’t realized that they’re already relying on AI. Asking Siri a question and having her answer is an example of machine learning. With each edition of these VPAs, capabilities and features are improving, expanding AI abilities with each release or update. How about Netflix? The popular film/TV application uses machine learning to try and curate content of media that you’re likely to enjoy.


AI and SMBs 


Moving forward, your company will likely be met with inquiries regarding whether or not you’ve considered looking into artificial intelligence to improve operations, better accommodate customers, remain competitive with your peers who are considering AI, or any host of perceived benefits for SMBs. An investigation into AI use for an SMB can be something as simple as thinking of ways to automate processes or service customers better using technology. It’s worth noting, however, that before you can even think about using AI to bring your business to the next level, you’ll want to be cognizant of the fact that without advanced technology to handle it, exploring the use of AI is a moot point.


Software and Application Development 


Those SMBs who are curious about possibilities but have neither the time nor budget to consider exploring AI for their own use should consider that their line of business application might already be exploring AI use. Which means that even though your SMB is not going to take any specific steps toward vetting and using AI in your business model, you’ll still reap the benefits of what it has to offer.


Far from the AI of Hollywood science fiction, today’s businesses are continuing to find new and innovative ways to apply AI to business intelligence and growth strategies. While small businesses might not have the capital to form their own AI exploration committee, there are still plenty of ways they can use AI to benefit their company and its clients. Are you interested in experimenting with AI? Connect with Kite Technology Group at 410-356-3113!