Posts

3 ways to ensure your business is protected from cyber threats after Windows 7 end of life

/in /by

Your business and many others have run on Windows 7 for years. Now, come January 14, 2020, your entire office’s operating system is going to stop being supported by Microsoft. What does this mean for your business and its cyber safety?

Here are 3 ways you can ensure your technology environment is safe and secure following Windows 7 end of life.

Option 1:  Pay for Windows 7 extended security updates through Microsoft

This content is brought to you in partnership with Aruba Networks

Perhaps the simplest and most trustworthy solution for many businesses who need to stay on Windows 7 is to purchase extended security updates through Microsoft.

There are plenty of benefits to getting extended security updates. The obvious is that you’ll still be getting direct support from the software’s manufacturer. That sort of inside knowledge and accountability is important, for certain.  On top of that, it’s hard to match the resources that Microsoft has when it comes to awareness of the cybersecurity landscape.

If you’ve trusted Microsoft with your cybersecurity thus far, this solution is perfect.

Unfortunately, this service isn’t free. Microsoft doesn’t want to keep supporting Windows 7, so to keep getting these extended security updates you will be paying.

Right now, the pricing they have set forth is a per device cost that increases every year past the end of life of the operating system. From January 2020-January 2021, it will be $25 per computer. The year after the price goes up to $50 per device.  And the doubling trend keeps going year over year.

For the short term, this solution is perfectly viable. If your business needs an extra year to migrate over to Windows 10, paying $25 a device for extended security updates is the right move. Beyond that? Well, you’re throwing your money into life support for a dead operating system. Seems like a waste, doesn’t it?

Option 2: Rely on third-party security solutions

This content is brought to you in partnership with Aruba Networks

If you find the cost of extended security updates from Microsoft to be a little costly or not reliable enough, there are a slew of third-party solutions available.

The most important thing to consider when applying this solution to your business is to ensure that you have the correct cybersecurity in place. It can be difficult to find a one-stop top-to-bottom security solution. It’s even more difficult if you don’t have an expert on staff to manage it.

Some of the best options for third-party security are to deploy a reliable VPN and endpoint protection solution.

VPNs, or virtual private networks, are essential if your employees ever access any part of your technology infrastructure off-site. If you use Office 365 or any cloud-based solutions, VPNs ensure that anyone accessing materials over an outside internet connection are not opening your technology infrastructure up to cyber threats. For most modern businesses, VPNs are essential.

Endpoint protection is what most people think of when they think of anti-virus. It ensures that each machine it is installed on is capable of blocking cyberthreats that try to attack it. Usually, the softwares cost $10-15 per user.

Endpoint protection can be a great baseline of cyberthreat protection. If you are around enterprise size or want top-of-the-line security, endpoint protection simply won’t be enough.

Option 3: Migrate to Windows 10

This content is brought to you in partnership with Aruba Networks

Okay, so this one isn’t really a tactic to keep you on Windows 7. But there’s no easy way to put it; if you’re on Windows 7, you need to start creating a plan to migrate to Windows 10.

Sure, the other solutions presented work on some level. But in the end, they are simply bandaids you can use while you migrate your business over to Windows 10. Whether it’s tomorrow or 3 years from now, you eventually need to move off of Windows 7.

That’s the bad news, but there is plenty of good news.

Windows 10 enterprise is $84 a seat. That’s cheaper than paying for Windows 7 extended security updates past the three-year mark. It’s less of a headache than trying to piece together your own triage unit of third-party cybersecurity solutions. And, on top of that, you get the added benefits of Windows 10.

Things like regular updates, security or otherwise. Clean integration with Windows 365. A slew of cloud services your business can leverage on the daily.

It means not trying to carry your business into the future on the back of a dead operating system.

We know it can be a huge hassle to move your entire business over to a new operating system. What about all of your files? Your user preferences? What about the fact that Susan in accounting finally, after three years, knows where all of her Excel files save to?

You don’t need to worry about that, because there are companies out there who specialize in managing this exact sort of migration.

MSPs like ISG know the ins and outs of operating system migration. We can handle your file backup, your individual computer set up, your organization plan and your rollout schedule.

You don’t need to feel like the burden of migration falls only on you. Managed service experts are here and ready to ensure your migration to Windows 10 goes off without a hitch.

Experience Edge Innovation with Aruba Networks

Aruba is changing the rules of networking to create smart digital experiences. Provided by a next-generation network – one that’s software-defined, secure, and designed for mobile and IoT. You benefit from the best of both worlds: amazing experiences with amazing simplicity. Find out how>>

Benefits of superior business continuity management and how to enhance it

/in /by

Having a business continuity plan isn’t an option, it’s a necessity. If disaster strikes, you have to get back up and running as soon as possible. As a small business, you can’t afford downtime or its negative impact on your operations and your customers.

That’s why business continuity management is critical. It looks beyond dealing with the emergency itself—whether that’s a natural disaster or cyberattack—and takes into account what is required to get everything up and running again. Business continuity management is more than just a risk management process and data backup, it’s part of having a sustainable, reliable and thriving business.

Benefits of a superior business continuity management plan

Let’s look at some of the key benefits of having a superior business continuity plan.

Reducing financial risk

Consider this—according to a recent survey, 80% of businesses require a guaranteed uptime of 99.99% from their cloud service vendors. This correlates to about an hour of downtime annually, which can cost a business as much as $260,000. The further you can minimize any downtime, the less risk you run of losing money.

Preserving your reputation

Your reputation is on the line. In addition to operating losses, repeated occurrences of downtime can cause erosion of your brand. Your customers and partners could lose confidence in your ability to serve them, damaging your business relationships and referrals.

Delivering on expectations for recovery

With a comprehensive business continuity plan, you can also enable the recovery of mission-critical systems in the agreed timeframe. This sets expectations for your staff, your customers, and others. Having this well documented puts a threshold on what’s an acceptable timeframe to get back up and going. According to a recent ransomware report, 96% of businesses with a plan in place fully recover operations.

Complying with legal obligations

Another benefit is compliance with any legal or statutory obligations. Depending on your industry or the industries you serve, you may have to meet certain guidelines for business continuity. For example, financial firms have more and different regulations than other types of businesses.

Even if you are not legally obligated to meet certain standards, proving to stakeholders that you are running your business responsibly is vital to sustainability.

Offering a competitive edge

Not all your competitors will have the same robust continuity plan that you have. This could be something very important to your customers. Use this to your advantage as a strong differentiator that you have well-designed plan to deal with any disruption quickly and effectively.

How SMBs can build or enhance their business continuity plan

If you don’t have a plan, it’s time to work on one. If you do have one, it can be optimized. For help, contemplate these tips:

Business continuity is NOT the same as disaster recovery

Many companies use these terms interchangeably, but they aren’t the same. Disaster recovery focuses on restoring IT and technical operations. Business continuity is much more broad and detailed and usually includes IT disaster recovery. It outlines procedures and processes to preserve and restore business operations after a disaster, including facilities, communications, human resources, partners, customer service, and more. You need both types of plans ready to go.

Remember your plan should be fluid

Business continuity plans aren’t something you can create and then forget about. Many things will change that will need to be addressed or updated in your plan. You may add more infrastructure or need to comply with new laws. You should revisit your plan regularly to ensure it is still relevant to your current business model and customer commitments. As your company changes, it might be useful for an IT consultant to provide an assessment.

Test your business continuity plan

A plan is great on paper, but what about real life? You need to accommodate testing of your plan, which could include:

  • Table-top exercises: Your team goes through the plan looking for gaps
  • Structured walk-throughs: Every team member does a step-by-step review of what they would do and how to do it
  • Disaster simulation testing: Your team simulates an environment where a real disaster has occurred

Communicate your plan with all

A business continuity plan must be shared with all your employees. It needs to be discussed regularly so your entire team understands its importance.

If you’d like to optimize or build your business continuity plan, you may want help from an IT services and technology provider.

At ISG Technology, we have over seven decades of experience and serve a variety of industries with thousands of clients all over the world. Contact us today to see how we can serve you.

The enterprise-level Wi-Fi security primer

/in /by

Using Wi-Fi has become almost as natural as breathing.

From a business standpoint, some might say it’s critical. We’re online all of the time, every day and everywhere. We rarely consider how we are connected. All that matters is that we have a way to log in.

Wi-Fi has had a profound impact on organizations and employees. It enables users to communicate and collaborate which in turn enhances productivity, agility and ultimately, profitability. It creates opportunity, increases morale and reduces costs.

But despite being so convenient and flexible, best practices for enterprise Wi-Fi security aren’t always followed.

One of the biggest exploits to affect Wi-Fi security was widely publicized last year. Dubbed with the name KRACK, this vulnerability allowed attackers to bypass Wi-Fi security and steal sensitive data, including credit card details, passwords, emails, photos, chat messages, and the list goes on.

The vulnerabilities are real and robust Wi-Fi security is a necessity.

In a world where new cyberthreats and security exploits are unleashed on a daily basis, it’s more important than ever to stay on top of enterprise Wi-Fi security. In doing so, you can ensure your infrastructure and data is protected without compromising seamless access or enhanced productivity.

Identifying the vulnerabilities

The threats awaiting an unprotected WLAN are many.

Passive eavesdroppers can gather sensitive data, intruders can steal bandwidth and wireless traffic can be recorded easily. Even low-level attackers can launch a packet flood that disrupts your network.

If you don’t know what you are securing your Wi-Fi network against, you might as well be taking shots in the dark.

Before a WLAN can be sufficiently planned, deployed and secured, it is essential that all business assets are identified in order to protect them from the impact of theft, damage or loss. At the same time, you should determine who needs access to what and when so that you can define access policies.

WPA2-Enterprise: the recommended industry standard

When it comes to encryption and authentication, you have an increasing number of options available. The method you choose will largely depend on the level of risk that deploying a WLAN opens up and the size of your enterprise. However, the preferred and recommended standard for most organizations is Wi-Fi Protected Access 2 Enterprise (WPA2-Enterprise).

WPA2-Enterprise was first introduced in 2004 and delivers robust security and over-the-air encryption. Authentication is handled by a RADIUS server which authenticates each device before it connects. Once authenticated and connected, a personal tunnel is created between the network and the device, creating a secure connection over which all data is encrypted.

Another point to note is that WPA3 has recently been launched by the Wi-Fi Alliance. While it won’t hit the mainstream immediately, this new standard will provide strengthened user security through individualized data encryption and is certainly one to watch for the future.

Provide a better user experience for everybody

Wi-Fi is designed to allow users to connect and roam, but not at the expense of your network security.

In a business environment that is no longer restricted to trusted corporate users, you also need to secure your network for the BYOD and IoT era. Any device that can connect to your WLAN is a potential threat, whether it’s a client you have known for years or an IoT sensor streaming data in real-time.

In order to provide a positive and secure Wi-Fi experience for everybody, you must define context-based access policies that limit access by user or device. Even better, implement a guest Wi-Fi network that’s separate from your main WLAN and which will segment all guest traffic and isolate it away from your enterprise data.

Good housekeeping and points to note

Network administrators and IT security professionals should also consider these additional housekeeping tips to further secure and manage their enterprise Wi-Fi networks.

  • Deploy a wireless intrusion prevention system (WIPS) and wireless intrusion detection system (WIDS) on every wireless network.
  • Many best practice guides will tell you to change the SSID for your wireless network. It’s important to remember that the SSID is a network name and not a password. There are no security benefits of changing it, but if you need to distinguish your network name from others in the vicinity, changing it can make it more easily identifiable.
  • Ensure all equipment meets Federal Information Processing Standards (FIPS) 140-2 compliance for encryption.
  • Consider centralized WLAN management in the cloud that allows you to configure all access points, manage access policies and analyze network traffic.

Final thoughts on Wi-Fi security

Just like any segment of your network, wireless networks require robust security in order to protect data and systems, while still offering unfettered access to authorized users.

By identifying your vulnerabilities, using recommended encryption and authentication technologies and controlling access to your WLAN, you can ensure that you reap all the business value that Wi-Fi has to offer.

4 cybersecurity facts your company's leadership team should know

/in /by

As the owner or manager of a company, you entrust your team leaders to handle a number of important responsibilities to ensure smooth daily operations. One of those responsibilities should be cybersecurity. It’s essential to keep sensitive company data safe from hackers. Not only that, but viruses and malware still pose a very real threat. And today’s privacy laws and regulations demand that you be protective of customer data, as well.

If your team leaders are already aware of the threat cyber criminals pose, kudos to them. But are they as informed as they should be? And what’s more, how do you know the protection they have put in place is sufficient? Are your leaders fully aware of all the important cybersecurity facts they need to know to protect the business?

While technology has certainly facilitated the way we do business, it has also paved the way for hackers and digital thieves to take advantage of the vulnerabilities in your network. All that company data—data you rely on day in, day out to do business—is at risk. Here are a couple stats to help you understand the magnitude of the issue:

That’s why it’s important that company leaders stay well informed on a number of important cybersecurity facts. Equipped with this important knowledge, they can better combat and protect your data from the growing environment of cyberthreats.

Cybersecurity fact #1:

Cybersecurity measures often fail due to human error

This is one of the most important cybersecurity facts. Cybercriminals are pretty savvy individuals. They rely on the negligence and lack of knowledge of employees in a business to enable them to gain entry into the network or infect a computer.

Consider the damage a single employee can do. Is everyone in your office safe when browsing the internet and downloading files? Do your team leaders know how to avoid falling for spear phishing scams? Does everyone use secure passwords?

A basic education in keeping the company safe is critical, and that starts with your leadership team. Make sure they know these cybersecurity facts.

Cybersecurity fact #2:

Cybercriminals are always seeking to exploit loopholes in virus protection application

The latest version of that virus protection software you’ve installed might not stop a virus or malware developed the very next day. That’s because hackers can quickly find ways to breach virus protection software.

To combat this, software companies quickly and consistently release updates to combat new threats. But you often have to install these updates manually. In the interim, malware, spyware, or a virus could slip through.

Your IT department may take care of all relevant updates. But if policy requires the end-user to update their own machine, make sure your leaders under stand the importance of these updates.

Cybersecurity fact #3:

Offsite backups through the cloud can help protect your data

If you’ve become infected with malware, or worse yet, ransomware, then your data may become corrupted or even lost. Unless, of course, you have a backup.

But it’s possible that local backups are compromised, too. That’s why many companies utilize cloud computing and cloud-based data backup services, where data is backed up to a secure, off-site location.

While it may not change anything about how your team leaders do their day-to-day jobs, make sure they understand the importance of backups. A better understanding of the value of the data they work with will inevitably result in greater care to protect that data.

Cybersecurity fact #4:

The most common method that cyber criminals use is email

As mentioned above, employees can unknowingly click on a link in an email or download an attached file without realizing that they have just allowed malware or spyware to be installed on their system.

Team leaders must teach employees to be ever vigilant when visiting websites and downloading files, and especially when clicking on links in email. They must be taught to recognize the signs of a possible scam or fake website. No one should every download any files they aren’t 100% sure about.

Cybersecurity facts matter

Everyone in the organization needs to take cybersecurity very seriously, not just team leaders. But for many companies, a well-educated staff starts with fully-informed team leaders.

After all, it only takes one wrong click to invite a cybercriminal into your system.

The essential components for complete ransomware protection

/in /by

For criminals, ransomware is big business.

The methodology is simple: attackers target a company with malware which encrypts their data, then send a request for money, usually in the form of Bitcoin or another difficult-to-trace cryptocurrency. Should the company refuse to pay up, their data will remain encrypted and inaccessible. Or it might even be shared publicly on the internet.

Given the potential damage both financial and reputational that might result, it’s no wonder that many companies choose to pay the ransom.

Kaspersky Lab noted a thirteen-fold increase in ransomware attacks in the first quarter of 2017 compared to the previous year. With the average cost of a ransomware attack sitting at over $1,000, the danger is a significant one . . . and no company is safe.

Victims range from small businesses to huge organizations, such as the UK’s National Health Service and aeronautical engineering firm Boeing. Whatever the size of your company, protecting data against ransomware is every bit as essential as physically protecting your premises from burglars.

Here are four things you can do to ensure that you are effectively protected against ransomware.

Backup everything, often

A robust backup plan can make all the difference to a company hit by a ransomware attack.

Rolling back to a previous version may make it possible to avoid paying the ransom and resume normal operations. But beware. Ransomware is becoming increasingly sophisticated. Many new viruses are designed to seek out backups and encrypt those as well.

To avoid this worst-case scenario ensure that you employ a backup solution with versioning or one that is physically disconnected from your system, like a cloud backup solution.

Train your staff

Every staff member in your organization is a potential entry point for malware. Many attacks still succeed largely due to human error.

Indeed the “WannaCry” attack which struck Boeing was transmitted by means of a zipped file attached to an email. In order for the malware to take effect, an employee within the organization had to unzip and run the file.

Train your employees to identify fake emails and encourage a culture of double-checking the origin of any suspicious attachments. Also, establish robust procedures for employees to follow when they think they might have exposed a device to malware. A swift response can isolate the machine in question and potentially save thousands of dollars in damages.

Stay up to date

There are many reasons to keep the operating systems, browsers and plugins up to date. Ransomware prevention is just one of them.

Many ransomware attackers gain entry to a system via weaknesses inherent in out-of-date plugins and other tech. By recommending (or, better yet, enforcing) updates, you can stay ahead of the criminals and keep your sensitive data secure.

Employ ransomware protection

Last, but by no means least, you should ensure that every machine (even personal devices used for work purposes) in your organization is running malware protection software from a reputable provider. While no program can prevent every single attack, most will be able to guard against a whole raft of common exploits.

If the worst does happen . . .

If you are subject to a ransomware attack and cannot recover your data from backup, your options are limited.

Paying the ransom might seem like the most sensible course of action, but there have been numerous cases in which doing so didn’t yield a decryption key. If that happens, you’ve only added an extra cost to an already-expensive situation.

An expert might be able to help you mitigate the damage, but it is vastly preferable to avoid attacks in the first place. The time to act is now—protect your data and ensure that your company doesn’t end up on the long list of ransomware victims.

5 things every employee in your company needs to know about phishing attacks

/in /by

First things first, just to make sure we’re all on the same page.

Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.

Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!

The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.

Here are the fundamental things all your employees need to know to protect your company from phishing attacks.

1. Phishing can happen anywhere

While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.

If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.

2. Phishing can get complex

Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.

In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.

After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.

3. Phishing costs businesses a lot

Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.

That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.

4. There are multiple types of phishing attacks

There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.

“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.

“Whaling” is when a spear phisher goes after a huge target.

5. Here’s how you can recognize phishing

There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.

Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.

Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.

Finally, if a message seems too good to be true, it probably is!

Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.

5 things every employee in your company needs to know about phishing attacks

/in , , , /by

First things first, just to make sure we’re all on the same page.

Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.

Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!

The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.

Here are the fundamental things all your employees need to know to protect your company from phishing attacks.

1. Phishing can happen anywhere

While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.

If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.

2. Phishing can get complex

Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.

In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.

After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.

3. Phishing costs businesses a lot

Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.

That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.

4. There are multiple types of phishing attacks

There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.

“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.

“Whaling” is when a spear phisher goes after a huge target.

5. Here’s how you can recognize phishing

There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.

Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.

Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.

Finally, if a message seems too good to be true, it probably is!

Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.

The biggest cybersecurity breaches of 2017 and what we can learn from them

/in /by

If we’ve learned anything from the biggest cybersecurity breaches of 2017, it’s this: no one is immune from online threats. Not even the largest companies with millions in technology resources, serious cybersecurity measures and strong reputations as household names.

2017 came and went with multiple significant cybersecurity breaches involving major organizations. And the bad news doesn’t stop there. Cybercriminals aren’t going anywhere. Cybersecurity breaches are still very much a thing.

The average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected. – Juniper Research

Here are three of the biggest cybersecurity breaches of 2017, what happened, and what we can learn from them.

Equifax

One of the worst breaches of all time happened in 2017 with Equifax. Equifax, as you almost certainly know, is one of the three largest credit agencies in the United States. Their data, the data that was compromised, is extremely sensitive.

Stolen information included names of customers, their dates of birth, credit card numbers, addresses, driver’s license numbers, and social security numbers. That’s pretty much everything a cybercriminal needs to engage in identity theft.

Verizon

In July of 2017, Verizon had a major cybersecurity breach that affected over 14 million subscribers.

A third-party analytics provider, NICE Systems, was using Amazon’s S3 cloud platform to store “customer call data” from telecom providers including Verizon. Forbes

While this breach was claimed to have been brief, the 14 million affected had their data exposed, including their names, addresses, phone numbers, and most importantly, their plain text PINs. Again, this is prime information for identity theft.

This happened because some of Verizon’s security measures simply weren’t set up the right way.

Instead of a private security setting, the information was made public. Anyone with the public link could see the Verizon data, which was stored on an Amazon S3 storage server—a commonly used cloud storage for data.

Uber

While Uber’s security breach wasn’t at the same level as the Equifax or Verizon cybersecurity breaches, it was still embarrassing and alarming. In this case, the worst of it was how Uber managed things in the aftermath of the cybersecurity breach.

Uber paid a 20-year-old hacker $100,000 to keep quiet after he managed to get his hands on the personal data of 57 million users.

Instead of being transparent about the leak, Uber tried to conceal it. Not only is that illegal in California, where the home company is based, but it further erodes customer confidence. Any company that falls prey to a cybersecurity breach will take a hit to their reputation. But if you continue to mishandle things, your reputation can suffer even more.

Just ask the folks at Uber.

What we have learned

One of the major takeaways here is that while the cyberattacks have grown sophisticated and complex, there’s a lot companies of all sizes can do to be proactive. The threat is valid, but if you address potential vulnerabilities in a timely manner, you’ll be able to avoid making these kinds of headlines.

For instance, the Equifax attack was due to a flaw in a web application, Apache Struts. The tool is used to build web applications. And here’s the kicker. The problem that led to the breach was identified months earlier, but all of the Equifax machines were not updated. This allowed hackers the ability to enter.

The Uber fiasco illustrates another compelling point. If you do suffer a cyberattack, there are good ways to handle the situation and bad ways to handle it. Restoring customer trust is critical, so it’s best to be transparent and take full responsibility.

Protecting your company from a cybersecurity breach

Your company’s critical data must be protected not only for your customers and their peace of mind but for the sake of your data, as well. You need to stay ahead of ever-changing threats. Cybercriminals are constantly changing their tactics. You have to constantly adjust your protection just to keep pace.

Know where your data is stored, how it’s protected, how often that protection is updated, and utilize data analytics to strategically update your protection as needed.

Cybersecurity breaches are on the rise. Companies must take proactive steps in order to keep their data secure.

 

Data dilemma: Where does police body camera footage go?

/in , , , , /by

As recording technologies get smaller and cheaper, giving police officers cameras to wear on their bodies at all times is quickly becoming a reality. These devices have incredible implications, both for average citizens and for officers, as they allow the courts to cut through all the drama and hearsay in order to get to the truth of what exactly happened. That said, there are a few obstacles standing in the way of widespread body camera deployment.

One of the biggest issues currently facing departments wishing to bring these gadgets to the field is the storage of the video itself. Having a camera running at all times during an officer’s shift creates a lot of footage, and simply deleting this because “nothing happened” isn’t an option. After all, an officer could have recorded something of import without even noticing it. So how extensive is this storage problem, and what can police departments do to ease such a transition?

How much data can a police department generate?

Before delving into the more nuanced discussions of data storage, it’s vital to first understand exactly how much data the average police station can create. Each department will obviously have its own special needs, but a good place to start is the analysis of the Chula Vista, California, police department’s data storage given by Lieutenant Vern Sallee in Police Chief Magazine.

Sallee stated that his station had 200 sworn police officers that were using body cameras in their daily rounds. After playing around with their current setup, Sallee’s department found that a 30-minute video demands around 800 MB of storage. Accounting for all officers with cameras, Chula Vista could generate around 33 TB of data annually. To put this in perspective, Sallee stated that this is roughly the same size as 17 million photographs.

Again, it’s important to remember that this is a rough estimate for a single town. Chula Vista has just over 265,000 citizens, making it larger than the average American city. That said, such a population pales in comparison to the 8.5 million people living in New York City, and implementing a police body camera initiative in this kind of metropolis would be a whole different ball game. What’s more, these larger cities are the ones that need body cameras the most, as they generally have more violent crime requiring forceful police intervention. Clearly, simply finding a place to put all this data is going to be a challenge.

Data storage has its woes. Keeping large portions of data for long stretches of time can be difficult.

Privacy and security are huge concerns

Another major concern with these body cameras is the privacy of the people involved in the recordings. As stated, departments can’t delete a video until they are absolutely sure that nothing on it could possibly be useful in the future. This means that the actions of a lot of innocent people are going to be recorded and stored, and this has certain civil rights groups worried.

In fact, a coalition of the National Association for the Advancement of Colored People and the American Civil Liberties Union presented some guidelines to legislators in 2015 attempting to govern how these recordings are treated. The group wanted to prevent an overreaching use of facial recognition software, as well as ensure officers were only allowed to watch their videos from the day after filing a report, according to CNN.

“Police officers have the right to discuss personal matters without being listened to.”

On top of that, it’s important to remember that police officers have rights, too. These men and women will be recorded at all times during their shift, which means any private conversations they’ve had with their partners could easily be viewed by a third party. These people have the right to discuss personal matters without being listened to after the fact, and officers shouldn’t live in fear that their superiors will eavesdrop on some conversation that they don’t agree with.

Finally, and perhaps most importantly, all of this is for naught if police departments can’t keep the video files secure. A malicious individual or group could do a lot of damage with the ability to map out an officer’s day-to-day duties, and departments must therefore do everything in their power to ensure these criminals are kept at bay.

Partnering with the right company is crucial

Clearly, there are a lot of challenges to overcome when implementing a body camera initiative. That said, the pros definitely outweigh the cons if police administrators are willing to find the right partner for the job. Any officials looking for a company to assist them in their transition should definitely check out the data storage services offered by ISG Technology. We have years of experience storing information for companies from all kinds of industries, and we pride ourselves on our ability to keep our clients’ data safe. Contact us today and find out what an ISG Technology solution can do for your department.