Posts

Breach at eBay – Change Your Password Now

The following article is from krebsonsecurity.com

“eBay is asking users to pick new passwords following a data breach earlier this year that exposed the personal information of an untold number of the auction giant’s 145 million customers.

In a blog post published this morning, eBay said it had “no evidence of the compromise resulting in unauthorized activity for eBay users, and no evidence of any unauthorized access to financial or credit card information, which is stored separately in encrypted formats. However, changing passwords is a best practice and will help enhance security for eBay users.”

Assisted by federal investigators, eBay determined that the intrusion happened in late February and early march, after a “small number of employee log-in credentials” that allowed attackers access to eBay’s corporate network were compromised. The company said the information compromised included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. eBay also said it has no evidence of unauthorized access or compromises to personal or financial information for PayPal users.

The company said it will begin pushing out emails today asking customers to change their passwords. eBay has not said what type of encryption it used to protect customer passwords, but it previous breaches are any indication, the attackers are probably hard at work trying to crack them.

If you’re an eBay user, don’t wait for the email; change your password now, and make it a good one. Most importantly, don’t re-use your eBay or PayPal password elsewhere. If you did that prior to today, it’s a good idea to change that password to something unique at the other sites that shared it. And be extra wary of phishing emails that spoof eBay and PayPal and ask you to click on some link or download some security tool; attackers are likely to capitalize on this incident to spread malware and to hijack accounts.

eBay and PayPal users who haven’t already done so should consider using the PayPal Security Key, a two-factor authentication solution that can be used to add for additional security on both sites.”

With as many breaches occurring in only the first half of 2014, the necessity for internet and information security is at an all time high. SMBs and healthcare providers dealing with sensitive information need to protect this info from security breaches and potential data loss as a result. CLICK HERE to sign up for a security audit.

Five Ways SMBs Can Minimize Data Loss

  1. Enforce Data Security – This is more or less the managing of the “human factor.” CIOs and those in SMB management roles must communicate data protection policies to staff and ensure their implementation. Rules must be set, particularly with personal devices, to enforce security policies. It can be as simple as sending reminders to not open email attachments from unknown sources, requiring passwords be reset every few months or the banning of specific file sharing or social networking sites. In May of 2012, security concerns led to over 400,000 IBM employees being banned from using the cloud storage service Dropbox and Siri – the iPhone personal assistant. While far from an SMB, if IBM can go that far and make such a demand to so many employees, an insurance agent can certainly remind his or her marketing representative to not play Farmville on Facebook if they’re using a laptop containing company and customer/client data.
  2. Stress the consequences – both personal and business – of not properly protecting confidential data. Encourage employees to make passwords difficult to crack. Patch holes in the infrastructure’s walls by identifying the most critical data. Perhaps a trusted IT advisor can help implement processes to better protect that data’s security perimeters.
  3. Mobile Device Management – Mobile Device Management grants SMBs a semblance of control over the mobile devices used within the company. Devices tapping into company system are identified and remotely monitored and managed 24/7. More importantly, they are proactively secured via specified password policies, encryption settings, and automated compliance actions. Lost or stolen devices can be located and either locked or stripped of all SMB-related data.
  4. Snapshots – Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizeable chunks of data may not be stored in the backup and be unavailable in the event of a full restore. This can be avoided by backing up critical data as snapshots, which are read-only copies of data frozen to a specific point in time and stored using minimal disk space. These virtual snapshots are immediately available for restores in the event of data loss.
  5. Cloud Replication and Disaster Recovery Services – The cloud provides SMBs who consider data backup to be too costly, time consuming and complex with a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

6

CLICK HERE for a free network assessment.

Data Security Threats Every SMB Must Be Aware of

Human Error and Employee Negligence

1Human error, by way of unintentional data deletion, modification, and overwrites, has become much more prevalent in recent years. Much of this is the result of carelessly managed virtualization technology. Virtualization and cloud computing have enabled improved business continuity by allowing entire servers – including all data, operating systems, applications, and patches to be grouped into one software bundle or virtual server and subsequently backed up. The catch is humans must still instruct this technology how to perform, which is why so much of today’s data loss is linked to human error. The complexity of these systems often presents a learning curve that involves quite a bit of trial by error. For example, a support engineer can accidentally overwrite his backup when he forgets to power off his replication software prior to formatting volumes on the primary site.

While most CIOs at SMBs are generally accepting and understanding that mistakes happen, they must be more stringent when it comes to managing risky negligent employee behaviors in this era of mobility and accessibility. Employee negligence puts a company or organization’s critical business data at risk of being stolen by cybercriminals or malicious employees. Examples of this negligent behavior include:

  • Leaving computer systems unattended
  • Weak passwords (“password” or “12345”) or passwords that aren’t frequently changed
  • Opening email attachments or clicking hyperlinks embedded with spam
  • Visiting restricted websites

5Employee Mobility & Data Exposure

In the modern-day BYOD workplace, more people are doing daily business on their personal laptops, iPads and Blackberrys. They are also carrying around portable media like thumb drives, USB sticks and CDs.

These devices are not always backed up or secured by IT administrators. There is not only the potential for these devices to be lost or stolen but there is also a very high probability that employees using them are also accessing personal email, downloading music, browsing the web, playing games and hanging out on Facebook. This makes sensitive data susceptible to malware, viruses and hackers. All of this substantially ups the likelihood of data loss incidents.

Prevent data loss. CLICK HERE for a free network assessment.

Decreasing Business Costs and Risks of Costly Data Loss

4We live in a 24/7 global economy that is more dependent than ever on technology. Even the technology of small and medium sized businesses (SMBs) houses sensitive digital data – employee and customer information, internal emails, documents and financial records, sales orders and transaction histories. Not to mention applications and programs critical to daily business function and services. Employees at SMBs require continuous access to the critical business data needed to meet the demands of the customers or clients they service. They even want this access while they’re at home or on the go running errands. To satisfy this demand, many companies and organizations now allow employees to BYOD (Bring-Your-Own-Device) and “do business” using their personal laptops, tablets and mobile phones. The web, Wi-Fi networks and mobile devices with robust memory and battery life have made this constant access to a SMBs back office infrastructure a reality. Regrettably this flexibility and freedom is accompanied by an ominous risk of data loss.

Just a single data loss or breach can be costly to SMBs. Data losses and leaks come with lingering continuous costs that many SMBs cannot easily shake or overcome. Revenue is lost if employee productivity and customer accessibility/service are stalled by data loss. The expenses associated with internal research and investigation, system repair and maintenance, and data security protection are another heavy price SMBs must pay. If cybercrime is involved, affected customers must be notified, the potential exists for litigation, and many customers will likely never return due to mistrust.

While corporate-level data losses are well publicized, many SMBs mistakenly believe their data isn’t at risk. This mistake can prove to be a costly one.

3Why C-Suite Management at SMBs Can No Longer Ignore Data Loss

  • Following a significant data loss, it is estimated that SMBs can lose up to 25% in daily revenue by the end of the first week.
  • According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, and prolonged downtime for ten or more days have filed for bankruptcy within twelve months of the incident. 50% wasted no time and filed for bankruptcy immediately. 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss. How quickly can your business be restored if critical data is lost? When was the last time backup processes were tested to ensure all data is recoverable and business operations are quickly restored?
  • A survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.
  • The percentage of cybercriminal attacks targeting businesses with fewer than 250 employees doubled in 2012. The vulnerabilities of naïve small business owners have been noted, and hackers have now placed the proverbial bull’s-eye on these perceived weak links.

If sensitive customer data is leaked, SMBs may face overwhelming financial liabilities, which could include reimbursing affected customers and legal fees.

2

Businesses today are playing on a much bigger playing field than they were two decades ago. Any SMB that trusts the security and backup of critical business data with a limited and overburdened in-house IT team, or forsakes internal IT support altogether for emergency on-call help when things go bad (Break/Fix Mentality), is playing with fire and begging to be burned.

Any disruptive or invasive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to get critical data restored immediately to the data center, minimize downtime, protect customer and client data and soften the impact of such events.

Don’t let this happen to you. CLICK HERE for a free network assessment.

Michael St Martin|Cognoscape|ITServices

Keeping up with Technology – Speaker for your event?

With the rate of technology ever increasing and the importance it has on becoming a successful business, Michael is increasing his number of speaking engagements as a value add activity to surrounding communities.   He can easily adapt his talk to the audience or topic and speaks on all things technology and how to maximize it for your desired results.   Please let us know if you are interested in having Michael speak at your upcoming meeting.   Read Michael’s full bio below.   Thanks!

Keeping up with TechnologyMichael St Martin|Cognoscape|ITServices

Michael St. Martin

Learn what’s up with the latest technology trends and how “Strategic Technology Acceleration” can rocket your business forward.  Is your technology a competitive advantage?  Do you know how to leverage Cloud Computing? Mobile Devices? Is your network secure? Michael St. Martin will provide information and real world tips that you can use immediately to make your systems an asset instead of a liability.

Michael St. Martin is an entrepreneur and founder of Cognoscape, a Business Technology company that specializes in bringing Enterprise Class technology solutions to Small and Medium Business. While Cognoscape is the newest of Michael’s successful business ventures, his experiences include executive positions with Accenture, building sales organizations with NetIQ and Permeo and adding value to multiple IPOs’ and M&A’s.   His current passion resides in assisting business owners to utilize technology and gain a competitive advantage while streamlining their business.  

Michael has spoken to audiences both large and small, always imparting insight into the latest technology and how to apply it to the audience.   “My goal as a speaker is to give the audience something to take away immediately and apply to their business that day, while entertaining them along the way,” says Michael.   So… great and timely content, mixed with Michael’s engaging style motivates the audience into action!

Information Security and your Business

A recent study released by Symantec Corporation reveals that many small and mid-sized organizations are recognizing the importance of information security. On average, SMBs are now spending approximately $51,000 per year to protect their company information. This is a substantial increase from last year when one-third of SMBs didn’t even have antivirus protection in place. SMBs risk cyber attacks and loss of confidential data and devices.  In today’s hyper-wired world that could mean the difference between success and having to shut down.

Stephen A. Cox, President and CEO of the National Council of Better Business Bureaus states, “The average cost of fraud for self-employed and small-business owners is about $4,627.” But your bottom line isn’t the only thing at risk. By failing to protect your customer data, you could put them in danger of credit card fraud and identity theft. Below we’ll cover some simple safeguards your company can put into place to prevent information theft:

1. Employee awareness – Employees are the gateway to your company’s information. Create and implement Internet security guidelines. Then, educate your employees and make sure they are following them. This can be as simple as requiring periodic password changes to updating your employees on the latest threats and how they can prevent them.

2. Protect important business information – Use data encryption so prying eyes can’t intrude. Maintain wireless security. Limit employee access to important information such as: credit card numbers, customer information or employee records. Important data in the wrong hands could become detrimental.

3. Create a Backup and Recovery Plan – You can’t predict the future but you can be prepared for it. A virus could spread through your system or a flood could ruin your equipment. Make sure you back up your data to an external source as frequently as possible in case the unexpected occurs.

Information Security is crucial to all businesses. In recent news, the Federal Trade Commission charged social media site, Twitter, for failing to adequately safeguard user information. Their failure to protect user accounts led to account attacks on both President-Elect Barack Obama and CNN host Rick Sanchez.  Twitter has not only suffered monetary losses, but has also lost trust and respect of some of their users.

Invest in protecting your company’s data now so you don’t have to deal with a disaster later.

“When a company promises consumers that their personal information is secure, it must live up to that promise.  Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.” – David Vladeck, director of the FTC’s Bureau of Consumer Protection.

3 Points of Data Recovery

Doing data backup is easy.  Considering the needs for data recovery is where many go wrong.  There are 3 points of data recovery that must be considered when putting together a proper Backup and Disaster Recovery plan.

1. Recovery of a File – Very simple and straight forward, you must be able to recover data files.  Can you recover deleted files from every location people save files?  Most files reside on the server or in a document management system.  Are people saving these documents on their workstations while they edit them?  What happens if Microsoft Word crashes?  I am sure that the file server is backed up, but is it backed up often enough?  Daily backups taken over night are typically not sufficient in most modern networks.

2. Recovery of a Server – Many business owners take comfort in that fact their server is being backed up without ever considering what recovering the server really means.  How long will it take to get a replacement server?  Will the same type of server be available? How do people work while waiting for the hardware?  Once you have the replacement server, how long will it take to restore it to service?  With many backup solutions, restoring requires the server OS and applications to be reinstalled before the data is restored.  It adds another level of complexity (and time) when recovering to dissimilar computer hardware.

3. Recovery of a Site– Unfortunately, disasters do happen.  Here in Texas the media has been marking the ten year anniversary of the tornado that ripped through downtown Fort Worth destroying buildings and ravaging businesses.  We have also been seeing all the coverage of earthquakes.  And let’s not forget about fires.  A recent study discovered that, of companies experiencing a “major loss” of computer records, 43 percent never reopened, 51 percent closed within two years of the loss, and a mere 6 percent survived over the long-term.  Having a plan and being able to recover quickly can greatly improve the chances of the business surviving.

A Complete Solution that addresses all of these points –
A good backup system should allow for quick and flexible restores that allows for recovery of files, folders, partitions, mailboxes/messages, databases/tables using a quick and intuitive process.  A 15-minute incremental based backup allows restores to be done from any point in time, allowing for multiple versions of files, folders, messages/mailboxes, database/tables to be restored.

If any of your servers fail, a good data backup solution will include virtualization technology embedded in the Network Attached Storage (NAS) that allows customer servers and applications to be restored and rebooted in less than 30 minutes in most cases.  As you may sometimes wait several days in order to receive replacement servers from vendors, your NAS can have your business up and running.  The NAS multitasks so that, even while functioning as a virtual server, it can continue to back up data from other devices plugged into the NAS.  This technology thus allows you to remain in business without any significant loss of data backup, server functionality, or application downtime.  In case of a complete server failure the solution should support a bare metal restore to new hardware which has a different configuration, hardware and drivers as compared to the failed server.

Transmitting data to a remote site is another key component of a worthy Backup and Disaster Recovery Plan. It guarantees that, in case of physical damage to the client’s network or NAS, or even regional disaster, the data is safe. Encryption is required in transmitting data between the NAS and the remote sites, because it greatly reduces the risk of data loss incidents that plague magnetic tape and prevents man-in-the-middle attacks during transmission.  Of course a key consideration of off-site backup is the amount of time it could take to restore data over the Internet.   Solutions that offer both transmission as well as emergency delivery of a new device with the most recent image are doubly effective.

In summary, the most important aspects of Backup and Disaster Recovery are to first, have a specific plan, second have a well thought out and comprehensive plan that matches the requirements of your business and lastly, to consistently manage and test your BDR solution.   In an age of document management, EMR, paperless office, HIPAA, HITECH, Sarbanes Oxley, eDiscovery, etc., a reliable Backup and Disaster Recovery solution are paramount to the longevity of your business.

Data Backup and Recovery: 7 Questions to Answer

The statistics are gloomy: 50 percent of companies that loose their data for 10 days or more file for bankruptcy within that same time period.

Ninety-three percent file for bankruptcy within one year.

Now that I’ve got your attention, now’s the time to start preparing for disaster, before you become another statistic! The first step is

1. Who will be responsible for the plan and who will perform the actual recovery of the data? The time for pointing fingers is not when disaster strikes. The person who creates the plan and the person who performs the actual recovery may be the same—or not. Determine who’s responsible for what early in the plan to avoid confusion and misunderstandings.

2. How important is your data? Data varies in importance, helping you determine how and when it should be backed up. For instance, critical data, like a customer database, will likely require a plan that’s more elaborate, with more frequent and redundant backup sets that go back several backup periods. Less important information, such as daily user files, may simply need routine backups so you can recover the information when needed. Sift through your data and identify your most important and least important information.

3. What kind of information does your data contain? Data can contain everything from mundane, everyday information to highly sensitive and mission-critical information. Additionally, information that’s not very important to you might be important to someone else. Identifying the type of information your data contains will help you determine how secure your backup system needs to be, as well as when and how frequently your data should be backed up.

4. How frequently does your data change? The answer to this question determines how frequently you should back up your data. Information that changes daily should be backed up daily. Information that changes every few days should—at the very least—be backed up every few days. And so on.

5. When is the best time to schedule backups? Over the weekend? During the evening hours? In the morning? Backing up data generally takes less time when system use is low. Unfortunately, you may not be able to schedule backups to occur at these times. Carefully consider the best time and day to back up your information, keeping in mind that automated technology makes this easier while minimizing administrative time.

6. How quickly will you need to recover data? Apply the old adage here: time is money. Some businesses may function relatively well for a day or two without access to their systems and data stores. Others may crumble in a matter of hours. If you fall into the latter category and need to get access to critical systems immediately, create a plan that lets you do this. Prioritize which systems you need first, second and so on, and make sure your recovery solution delivers.

7. Should you store backed-up information off-site? The answer for most businesses: yes. This is especially important if you operate in an area prone to natural disasters such as tornadoes or hurricanes. In addition to storing your tapes or disks off-site, make sure you store copies of any software you need to re-establish operations, and that multiple people have the keys or access code for that location.

Avoid saying, “If only …”

No one anticipates a disaster. But we can plan for it. Today’s backup and recovery technology makes protecting your critical business information and systems easier and more affordable than ever. So stop making excuses. Start planning. Information is one of your business’ most important assets. Protect it.