Category Archives: Security

What Is Two-Factor Authentication, and Does It Increase Your Network Security?

No business owner wants to deal with a cyber attack, but do you know how much damage it can really do? The average small business that experiences a network security breach spends close to $8,700 to repair the damage. And, if you don’t protect your customers’ data, you’ll lose their trust and likely their business.

There are many things you can do to improve your cybersecurity, and some are more complex than others. One simple solution is to add two-factor authentication to all of the websites accessed by you and your employees.

Two-Factor Authentication: The Basics

Two-factor authentication is also known as two-factor verification or 2FV. It adds a second layer of security to your accounts by requiring you to add another credential in addition to your username and password. 

In most cases, you’ll receive a code by SMS (text message) which is only good for a short period of time. Unless a hacker had access to your mobile phone, they wouldn’t be able to get into the site, even if they figured out your password. Some programs or websites use different methods for authenticating, including sending a code to other “trusted devices” or using an app like Google Authenticator. 

Is Two-Factor Authentication Worth It? 

According to the most recent Verizon Data Breach Investigations Report (DBIR), 80 percent of hacking-related breaches were caused by weak login credentials. 2FV significantly improves your network security by isolating access to individual users. As long as your employees have their phones locked down with security code, fingerprint or biometrics, it will be virtually impossible for someone to impersonate an authorized user and gain access when they shouldn’t.  

You might wonder whether adding 2FV eliminates the need for you to use a password manager. The answer is no. Long, complex passwords that are changed frequently are still your first line of defense. Using a good password management program helps you stay on top of this without having to store our passwords somewhere easily accessible by others. 

2FV Is Easier Than You Think! 

It’s easy to understand how some people would think that 2FV would be overly inconvenient. However, that couldn’t be further than the truth. Setting up 2FV only takes a few minutes and the login process is only extended by a couple of seconds. In many cases, you can also authorize certain devices, so you don’t have to complete the extra authentication as long as you’re logging in from that device. 

Increase your security game today by scheduling a Network Security Assessment. During this evaluation, we’ll evaluate your information security, data protection, compliance, and performance. Contact us at 702-547-9800 to learn more about how to bolster your network security

Security Training Is the Best Way to Prevent Computer & Network Security Breaches

What’s the biggest threat to your company’s computer & network security?

It might surprise you to learn that almost 90 percent of cyber-attacks are caused by human error – an employee mistakenly clicking on a phishing email or leaving their laptop out in the open is far more likely than a criminal cyber-attack. 

Once you understand the nature of the threat you’re dealing with, it’s much easier to address it. Here are some common issues that are easily avoidable:

Increased Threat of Phishing Emails

Phishing is the practice of sending an official-looking email in an attempt to get the recipient to enter sensitive information like login credentials, credit card numbers or even their social security numbers. The senders of these emails then use the information they’ve obtained to commit fraud. 

These emails have come a long way in recent years. They now look very official, and even highly-educated executives sometimes fall victim to them. In fact, several years ago, tech giants Facebook and Google were duped out of $100 million due to phishing scams! 

You can expect to see even more phishing scams coming to light over the next months and years. They’ll continue to get more sophisticated and the cost of dealing with the fallout will grow. As of today, it’s estimated that a phishing scam can cost the average medium-sized business around $1.6 million per occurrence. 

Other Common Cyber Security Errors

While phishing is a major concern, it’s not your only computer & network security issue. Many innocent employee behaviors can leave your company vulnerable and could lead to serious consequences. Some examples include:

  • Leaving work computers unlocked and unattended
  • Leaving notes, passwords and other sensitive documents out on your desk
  • Working remotely on unsecured networks
  • Failing to delete data from devices
  • Failing to encrypt data before sending

Security breaches caused by employees who are purposely engaging in malicious behavior are rare. In most cases, they’re caused by a lack of knowledge or simple negligence. You can address this by making frequent and consistent cybersecurity training part of your internal practices. 

The Value of Security Training

While firewalls, encryption and other security measures are critical for keeping your data safe, proper employee training is your number-one line of defense. The first step is to create a clearly defined written set of cybersecurity policies and rules and distribute it to all of your employees. The second is to institute a mandatory training program that occurs during onboarding and at least once per year thereafter. 

Some of the topics that should be addressed during a training session include:

  • Overview of threats (phishing, malware, etc.)
  • Password best practices
  • Safe internet habits
  • Social media safety and security
  • Device maintenance and security
  • Preventative measures

Between training sessions, regularly test your employees and require a remedial class for anyone who fails. This will help keep the information in the forefront of their mind all year long. 

Improve Your Company’s Computer & Network Security

The consequences of a security breach are serious and can devastate a small- to medium-sized business. Fortunately, most of the vulnerabilities are preventable. Network Security Associates can help implement systems and processes to bolster your computer and network security. Contact us at 702-547-9800 to schedule a network security assessment

Password Protection Is Easier Than You Think

On June 10, 2019, Network Security Associate’s, Jeff Wagner, spoke at the Henderson Chamber Members breakfast, his presentation on network security focused on Password Protection.

Below is a short summary on how to create a strong password.

  • The longer the better
  • A mix of letters (upper and lower case)
  • Numbers & Symbols
  • No ties to personal information (tough one)
  • No dictionary words
  • The secret is to make passwords memorable but hard to guess

Using a password manager such as LastPass is a great tool for securing all the different password you need to keep track of. LastPass simplifies your online life by remembering your passwords for you. Using a password manager will make it easy to have a strong, unique password for every online account and improve your online security.

Check to see if you have a  strong password by going to  haveibeenpwned.com this site will check to see if your password has been compromised.

To learn more about network security and  password protection check out our blog article on Password Best Practices.

3 Process Documentation Best Practices

Though comprehensive process documentation is beneficial for many tasks, it’s essential when implementing technology to enhance your network security. Your process documentation must report the required steps to successfully complete a task or project, and it should also state who is completing the necessary tasks to fulfill a process. Proper process documentation ensures there is a sense of standardization every time a task is completed.

3 Process Documentation Best Practices

If your organization is in the gaming or healthcare industry, efficient process documentation provides evidence that your organization strives to adhere to the guidelines set forth by gaming or HIPAA standards. Follow these best practices to thoroughly document your processes.

1. Implement a Variety of Tools for Documenting the Process

It’s important to integrate multiple types of media when documenting your processes for maximizing your network security and enhancing your technology. Don’t feel as if you must stick to written content when documenting or explaining a process. Videos, interviews, group collaboration, and photographs are just a few items that can assist with documenting how to complete a process and determine whether the proper protocol is being followed. If you feel like your process documentation is lacking, Network Security Associates can offer tips for enhancing your documentation procedures.

2. Check the Quality of Your Documentation

For process documentation to assist your company with bolstering its technology and network security procedures, it’s essential to use high quality documentation. Your documentation should be well-written, explain the purpose or goal of the task, and reiterate why the task is essential for a secure organization. You should also remove information that feels redundant or no longer applies to the process. 

Any documents and media should be well-organized; ideally, you should include a table of contents and written headers to make it easier for employees to efficiently use the document.

3. Re-evaluate the Process as Needed

Process documentation can also assist your company with revising or updating its procedures to boast a higher sense of network security. This makes it vital for your organization to periodically re-evaluate the process, using the documented procedures. It’s also wise to make sure your documentations contain only up-to-date information and don’t cover outdated or old procedures. 

You can eliminate or revise steps that aren’t efficient, or you might utilize steps that have proven themselves helpful in other processes. Thorough process documentation makes it easier to identify what is and isn’t working for your company.

Network Security Associates can help you develop or improve your company’s process documentation. Contact us today at 702-547-9800 to get started.

Social Hacks & How to Avoid Them

So-called social hacks, also known as social engineering, involves attacks on what is perhaps the most vulnerable, easily compromised component in any computer system: The user.

A social hack is any of a number of techniques, strategies, and tactics used to convince people to give up personal information, passwords, and all of the other information necessary to access private accounts without the technical knowhow or risk of true hacking. 

Social Hacks to Watch For

Social Hacks & How to Avoid Them

Here are just a few of the most common hacks you should look out for:

  • Pretext. Would-be social engineers will often wait for a pretext to reach out to a target or create one wholesale. For example, a power outage or internet outage at your building could give them an excuse to call or email you, pretending to be from your managed IT firm. 
  • Diversion. Some social hacks work via diversion of a target from legitimate points of contact to illegitimate ones. This includes tactics, such as phishing, where you are sent via email to a website identical to a real website you use, but wholly controlled by the hacker.
  • Baiting. Baiting relies on greed to get past your defenses. It can be a USB stick loaded with free stuff and a hidden computer virus, given to you at a convention or left sitting somewhere.
  • Authority. Feigning a position of authority to trigger a panic response and get you giving up answers is a favorite for social hackers. It’s most effective in large organizations.
  • Kindness. It’s easy to get complacent about security when someone is really nice to you—and hackers are happy to exploit that for all its worth. 
  • Vagueness. Some social hacks work on the power of assumption. Hackers may lead you to believe you’re talking to someone you know.

Avoiding Social Hacks

Don’t let emotional responses rush you. Fear, kindness, pity, and confusion all work for hackers, not you. 

Never assume something you don’t know for a fact. Do you know who this person is, truly? 

Trust your instincts. If something looks wrong, feels wrong or sounds wrong, it may be wrong. Taking a moment to confirm you’re on the real website or double check to make sure you’re answering a call from the real source can potentially save your company a lot of time and money.

Follow security rules. All the rules and guidelines your managed IT support team puts forth exist for a reason. Each extra security measure makes it exponentially more difficult for any hacker, social or otherwise, to compromise a system. 

Network Security Associates can secure your systems for you, help teach employees security best practices, and make it so a single successful social hack doesn’t get into your systems. Know the risks, know what to do about them, and make sure the human element isn’t the weakest link in your security. Contact us today at 702-547-9800 to learn more.

Why do some companies fail their disaster recovery plan (DPR) audit?

Why do some companies fail their disaster recovery plan (DPR) audit? Perhaps because they did not get the right information for it. They say experience is the best teacher; thus, nothing beats what you can learn from real-world case studies. See what you can learn from the following case.

Hosting certain types of data and managing a government network legally bind you to maintain DRPs. After an audit of the Michigan Department of Technology and Budget, several failures led to a trove of helpful tips for small- and medium-sized businesses attempting to create a bulletproof disaster recovery plan.

  1. Update and test your plan frequently.
    What was one of the first and most obvious failures of the department’s DRP? It didn’t include plans to restore an essential piece of their infrastructure — the department’s intranet. Without it, the employees are unable to complete even the most basic of tasks.

The reason for the oversight? The last time the plan was updated was in 2011, leaving out more than six years of IT advancements. If annual revisions sound like too much work, just consider all of the IT upgrades and improvements you’ve made in this year alone. If they’re not accounted for in your plan, you’re destined to fail.

  1. Keep your DRP in an easy-to-find location
    It may seem a bit ironic that the best way to store your top-of-the-line business continuity solution is in a binder, but the Michigan Department of Technology and Budget learned the hard way that the alternatives don’t work. Auditors found the DRP stored on the same network it was meant to restore. Which means if something had happened to the network, the plan would be totally inaccessible.

Your company would do well to store electronic copies on more than one network in addition to physical copies around the office and off-site.

  1. Always prepare for a doomsday scenario
    The government office made suitable plans for restoring the local area network (LAN), but beyond that, there was no way for employees to get back to work within the 24-hour recovery time objective.

Your organization needs to be prepared for the possibility that there may not be a LAN to go back to. Cloud backups and software are the best way to keep everything up and running when your office is flooded or crushed beneath a pile of rubble. For more information on the benefits of the cloud go to www.nsa-nv.com/cloudservice.

 

Your DRP is more than just a pesky legal requirement. It’s the insurance plan that will keep you in business when disaster strikes. Network Security Associates professionals know the importance of combining both academic and real-world resources to make your plan airtight when either auditors or blizzards strike. Contact us today at www.nsa-com or 702-547-9800.

4 Tips for Maintaining Small Businesses’ Network Security

As a small business owner, you know every dollar counts. Unfortunately, a single cyberattack can cost your business thousands of dollars and damage your reputation. This makes it essential for your business to achieve and maintain a high level of network security. Follow these tips to secure your business against cyberthreats.

4 Steps to Maintaining Your Network Security

Network Security Associates Will Help Prevent Cyberattacks on Your Business

1. Establish Written Guidelines for Maintaining Network Security

If your business doesn’t have written policies that address items like device usage, password creation, the proper handling of sensitive information, and best practices for securing data, now is the time to get these guidelines in writing. Putting your cybersecurity policies in writing makes it easy for your employees to understand expectations. It also helps ensure every employee adheres to the same standards for keeping your company’s data secure. With written guidelines, it’s easy to periodically review your policies to see which ones require updates or further clarification.

2. Educate Your Employees About the Threat of Cyberattacks

It’s important to inform your employees about the threat of cyberattacks and their lasting effects. They may not understand the consequences of a single successful attack, or they might mistakenly believe the threat of a cyberattack is overblown. When your employees understand why they’re expected to follow certain rules or guidelines, this makes it more likely they’ll adhere to your policies. Make sure to properly train all new employees and offer refresher courses for existing employees.

3. Secure Your Networks and Files

One of the most effective ways to keep your information secure is to only use secure networks to transmit, download or store information. If you aren’t sure if your networks are secure or what steps you must take to secure them, Network Security Associates can help. You should also make sure any employees who work remotely know they are only to use a secure network when working. We can assist you with implementing cloud-based storage to protect all your company’s sensitive information in a secure location.

4. Ensure Proper Protections are in Place

Every computer should have updated antivirus software and an enabled device firewall.

This will help virus and malware from propagating from one computer to another at your office and from remote computers. Wireless networks should not be “open,” but should be locked down to ensure malicious users are unable to access your network. It’s also important to ensure you have a modern firewall protecting your network from internet hackers. It’s imperative computers, software, and devices are updated regularly. Many companies overlook patches and updates, but they are critical to protecting your environment from malware and hacks.

Not sure what steps you should take for optimal network security? Contact Network Security Associates to schedule an in-person network assessment. Our team of experienced IT professionals will help you create a plan to secure your business’s networks and data.

How the April 2019 Windows 10 Update Will Bolster Computer & Network Security

In April of 2019, Microsoft will issue an update for Windows 10. There isn’t a specific release date for the update, and it’s expected Microsoft will issue it gradually. If April comes and goes and you haven’t received a message encouraging you to update Windows 10, be patient; hiccups during the roll-out process can delay the expected timeline. Though this update doesn’t significantly change how Windows 10 operates, it offers some cool features for users and improves the computer and network security of your device.

What You Can Expect From the April 2019 Windows 10 Update

Increase Your Computer & Network Security With Help from Network Security Associates

Improved Aesthetics

You will notice a change in the appearance of your desktop screen after installing the update. This Windows 10 update will enhance the aesthetics of the light theme, allowing for better contrast between the Start Menu, Action Center and Taskbar. A few icons will also receive makeovers, so they better coordinate with the light theme’s new colors. 

Your Start Menu will also have a different appearance when you open it. Once you click on it, it will have fewer pre-installed applications. You’ll also have the option to remove more pre-installed programs you don’t find useful. The end result is a sleek column of programs that minimizes virtual clutter and shows applications that satisfy your computing needs.

A Safe Spot to Try Questionable Programs

One of the most exciting changes with the Windows 10 upgrade is the addition of the Windows sandbox. The Windows sandbox makes it possible to isolate a program in order to test it without putting your entire computer at risk, boosting your computer and network security. If the program winds up being unsafe, its effects are limited to the Windows sandbox. Just close the sandbox to remove the program permanently from your desktop. 

Changes to the Overall Windows Update Process

After this Windows 10 update, you’ll have the option to snooze your updates for up to 7 days. This gives you more time to ensure the update won’t cause data loss or interfere with your computer’s existing programs. Additionally, approximately 7 GB of space will automatically be set aside on your device for future Windows updates. This will guarantee your device always has ample diskspace to install critical updates.

Better Ease-of-Use for Cortana

Microsoft’s update will make it easier for users to utilize Cortana, the company’s virtual assistant. The update separates the Cortana icon from the Search taskbar. This will make it more convenient for users to search using a specific option. Enhancements from the update will also make it possible to search for a specific type of file, like a Word document or a picture. 

Increase Your Computer & Network Security

You don’t have to wait for the Windows 10 update to enhance your computer and network security. Network Security Associates offers a swath of managed IT services to ensure your data is always protected. Contact us today at 702-547-9800 for more information.

Mitigating Insider Threats With Proper Healthcare IT Security

Though you may associate healthcare data breaches with hackers or digital thieves halfway across the globe, an astonishing amount of breaches are by individuals within the organizations. These threats are known as insider threats; research states approximately 58 percent of healthcare breaches are by insiders. Any individual who has access to your company’s databases and programs, like employees, contractors, researchers, and volunteers, are potential insider threats. Here’s what you can do to bolster your healthcare IT security:

4 Ways to Improve Your Healthcare IT Security

Stay HIPAA-compliant With Network Security Associates’s Healthcare IT Security

1. Educate Your Employees

Insider threats to your company’s data aren’t always intended to steal data or harm your company. Sometimes, employees may look up patient information simply because it is there. They may look up data for friends and family members, for a famous individual or for other employees. Even though there is no malicious intent, this still constitutes as a security breach.

It’s essential for your employees to receive in-depth training that makes it clear this practice is unacceptable. It still qualifies as a HIPAA violation, and penalties for a HIPAA violation can include job loss, fines and criminal prosecution. It should be thoroughly communicated that employees should access information for valid, job-related reasons only.

2. Monitor and Review Employee Activity

HIPAA regulations require your healthcare organization to monitor access to patient records. However, one of the most effective ways to check that your employees are adhering to policy regarding the access of patient information, is to frequently review these access logs. Though it’s possible to do this manually, you can invest in software that makes the task much less time-consuming. 

If you detect problematic activity, it’s essential to act promptly. You should encourage employees to report any insider activity that seems suspicious. 

3. Limit the Level of Access for Your Employees

Your employees should only have access to the information that is necessary for them to do their jobs. One way to deter insider threats is to make it impossible for employees to search for records they would have no reason to search for during the course of their workday. You should also make sure your employees know they should never share their login credentials or passwords with other individuals, even if these individuals are inside the company and appear to have a valid need for the information. 

4. Complete In-Depth Background Checks

Make sure you know exactly who your company is hiring, subcontracting work to or partnering with. Comprehensive background checks are essential for a high level of healthcare IT security. These background checks should include checking references and searching for the employee on social media and Google. 

Network Security Associates has the technology and expertise to manage your data and improve your healthcare IT security, ensuring your organization remains HIPAA-compliant at all times. Contact us at 702-547-9800 today for more information.

The True Costs of Not Implementing Cloud Security

If the upfront expenses of moving your company’s data to a cloud-based server have caused you to pause your plans, it’s time to explore the costs of not using the cloud to store your valuable information. Neglecting to move your data to the cloud can cost your company more in the long run.

The Cost of a Data Breach Without Cloud Security

Get Reliable Cloud Security With Network Security Associates

The cost of a data breach continues to increase; in 2018, the average cost of a single breach for a corporation came to an astonishing $3.86 million. For small businesses, the cost can be as high as $117,000, which can, often times, be equal to the total value of the business. By neglecting to invest in cloud security, you’re potentially putting your company at risk of suffering an expensive data breach, sometimes making recovery impossible.

Cloud security offers numerous safety features not available with other forms of data storage. You have the ability to frequently back up your data and programs, so you don’t permanently lose valuable information to disaster or a technical failure. The cloud enacts multiple safeguards to prevent theft by hackers or other virtual thieves. Your end result is a safe network with secure data.

Up-Front Costs of the Cloud

You may be concerned a move to the cloud will be expensive; in reality, however, implementing cloud security requires only a small up-front investment. By utilizing a company that provides cloud services, you let the company take care of the costs associated with setting up and maintaining the necessary infrastructure to store your data. Opting for the cloud can save your organization money on operational costs related to storing and backing up your data.

Free Up Your Company’s Resources

If you handle your own data hosting and storage, you’ll have to devote resources to maintaining, setting up and troubleshooting your equipment, programs and servers. You might even have to hire more IT employees to ensure these elements don’t fall by the wayside.

Outsourcing your cloud hosting is a simple way to free up your IT resources and reduce your related expenditures. Since you don’t have to service your data hosting infrastructure, you’re able to use these resources elsewhere or reduce your overall operational expenses.

Better Adapt to Changing Customer Needs

To maximize your profits, it’s important for your company to be versatile. Implementing the cloud is one way to boost the adaptability of your business. If you need a new program or software update to better serve your clients, cloud hosting enables you to make these changes quickly and efficiently. 

Cloud servers also make it easier for your employees to work remotely from their secure devices. This makes it more convenient for your team to work from home, meet with potential clients and remain connected to the home office during business trips.

If you’re ready to get set up with cloud security, contact Network Security Associates at 702-547-9800 today!