The Cloud Isn’t a Security Blanket!
Even if you have all of your stuff in cloud, you’re still at risk of an attack. You can just as easily get infected in the cloud as you could on your local server. The hardware is similar, so is the software and so are the updates and patches. If you are accessing the cloud from an infected computer, someone may be able to access your data if that computer or device is not secure. The BIGGEST misconception with the cloud is your data is safe.
Most businesses (and their IT Support) lose focus on security.
All you need to crack the cloud is a Trojan (malicious software disguised as legitimate software). Maybe someone on your staff is working from home, clicks on a link and is infected with some malware that starts recording EVERY keystroke. Over the course of their work day, unknowing that their machine is infected, they log into all sorts of accounts—including logging into your cloud! A criminal now has the exact credentials to access ALL of your cloud data. They may ransom it, or they may just steal it. Either way, your cloud was breached. HIPAA was violated, and your business is at risk of hefty lawsuits, fines, and attrition.
continue reading
Did you realize that Google is actually down-ranking websites that aren’t taking security seriously?
Google, among other search engines, have started to take security online as one of their big initiatives.
If your site isn’t secure? Any rankings you once enjoyed might now be long gone.
And even more, web browsers are starting to communicate more clearly to web visitors if a site isn’t secure. If you load up a browser, type in your url and find something like one of the images below on your site, you’re likely repelling visitors from your site.
continue reading
Over 1.4 billion passwords found on the Dark Web. That’s almost 5 times the population of the United States.
1.4 billion records detailing passwords, usernames. Basically credentials to all sorts of social media and personal email accounts. Passwords that even novice hackers can exploit to get on your network.
Why should you worry about all of these—presumably old—password on the Dark Web?
continue reading
Phishing seems to work. Whether you’re a large familiar brand name or a small business. Whether you invest in your security every month or not (though those that get phished and have security in place are able to easily recover from phishing attacks). The fact of the matter is that employees do get phished if they’re unsuspecting.
No matter how hard you protect your network with latest technology, there’s always going to be someone that brings in a device or that works from home and gets duped into handing over credentials (by allowing criminals to key log every single action on their computers).
I’ve been warning of phishing attacks for a while now—for some more details see one of my latest videos on phishing attacks.
continue reading
I’ve worked with all sorts of organizations in healthcare and beyond and have come to one conclusions. Whether in rural hospitals or clinics with HIPAA compliance pressures. Be it the many companies that depend on credit card processing (PCI compliance). Or even local credit unions that have faced stricter NCUA security regulations in recent years.
All of these organizations are the same in many respects. The common denominator to security vulnerabilities often befall non-compliant and unaware 3rd party providers.
I have reviewed so many networks in the past 10 years—an uncountable number—and can confidently reaffirm that 3rd party vendors are often the reason I end up sending my team in to clean up networks from ransomware attacks, help address issues with failed security compliance audits. And even helping leadership teams understand and evaluate the risks they take on when simply handing the keys to their kingdoms over to vendors that they haven’t adequately vetted.
continue reading
Ransomware in 2018 has become something of a special beast. Unlike at other times, the inventions this year have produced infections targeting victims rather than randomly hunting for vulnerable targets. Targets have been craftily selected—these cybercriminals have devised a complete marketing strategy focused to speak to a very specific group of people. And their messages are so focused and specific to their targets (through effectively integrating social engineered campaigns) that many of these targets fall hook line and sinker.
Ransomware attacks the likes of some of the latest SamSam attacks have devastated entire city governments, shuttered hospital systems, EHR platforms and other businesses large and small are testaments to the effectiveness of the modern ransomware attack. They also underscore how widespread under-preparedness plagues business large and small.
continue reading
