Author: admin

An URGENT Security Warning for Businesses Running Windows 7 Or Windows Server 2008 R2 Microsoft has officially announced that it will retire support on the Windows 7 operating system and Windows Server 2008 R2 on January 14, 2020 (see the enclosed article for more details.) That means any computer or server with these operating systems installed will be completely exposed to serious hacker attacks aimed at taking control of your network, stealing data, crashing your system and inflicting a host of other business-crippling problems you do NOT want to have to deal with. This is such a serious threat that all companies housing financial and medical information are being required by law to upgrade any and all computer systems running Windows 7 or Windows Server 2008 R2 because firewalls and anti-virus software will NOT be sufficient to completely protect them (or you). This is a MUST upgrade any servers or workstations running these operating systems. And while January 14, 2020, may...

If your company is not fully compliant with Payment Card Industry (PCI) Security Standards, you could be at risk of a serious tangle with attorneys. Technically, PCI guidelines are not a hard-and-fast set of laws. However, merchants can still face hefty liabilities for not meeting them. Avoid these mistakes to keep your company out of hot water with attorneys: 1. Storing Cardholder Data In Noncompliance Programs Many states have laws regarding data breaches and, depending on where you accept cards, you may be subject to many of them. For example, Massachusetts has 201 CMR 17.00, which requires companies keeping any personal data from Massachusetts residents to prepare a PCI-compliant plan to protect that data. If a company then fails to maintain that plan, the business may face state prosecution. 2. Fibbing On The Self-Assessment Questionnaire If you have considered tampering with the reports from your company’s Approved Scanning Vendor, think again. Time invested now to fi...

The computing world is forever changing. Over the last 15 years, SaaS (software as a service) providers have offered the convenience of data backup for your cloud applications such as CRM systems, SalesForce, Google Apps and Microsoft 365. The business question is, if I’m already working with a SaaS provider and my data is already “in” the cloud, do I really need to back up my data to another cloud? After all, isn’t the SaaS provider doing that for me? Well, yes and no. Yes, your data (one of your company’s most valuable assets) is being backed up by the service provider. And yes, it’s in the cloud. And yes, these providers have backups to their backups … but are they backing up your business-critical information? Can you guarantee that? And do you have access to it in a timely manner? The answer to these questions may be no. As a rule, SaaS providers do not open backups to customers, nor do they make restoring critical data easy or intuitive. For example, Salesforce, the first commer...

While hacks against the big boys like Target, Home Depot and Sony get more than their share of public attention, cyber-attacks on small and medium-sized companies often go unreported, and rarely make national headlines. Don’t let this lull you into a false sense of security. The number of crippling attacks against everyday businesses is growing. Cyber security company Symantec, reports that 52.4% of “phishing” attacks last December were against SMB's – with a massive spike this October. Here are just a few examples out of thousands that you’ll probably never hear about: Green Ford Sales, a car dealership in Kansas, lost $23,000 when hackers broke into their network and swiped bank account info. They added nine fake employees to the company payroll in less than 24 hours and paid them a total of $63,000 before the company caught on. Only some transfers could be canceled in time. Wright Hotels, a real estate development firm, had $1 million drained from their bank account after thiev...

Social engineering is a method cyber con artists use to lure well-meaning individuals into breaking normal security procedures. They appeal to vanity, authority or greed to exploit their victims. Even a simple willingness to help can be used to extract sensitive data. An attacker might pose as a coworker with an urgent problem that requires otherwise off-limits network resources, for example. They can be devastatingly effective, and outrageously difficult to defend against. The key to shielding your network from this threat is a keen, ongoing awareness throughout your organization. To nip one of these scams in the bud, every member of your team must remain alert to these 5 Social Engineered Tactics: Baiting In baiting, the attacker dangles something enticing to move his victim to action. It could be a movie or music download. Or something like a USB flash drive with company logo, labeled “Executive Salary Summary 2018 Q1,” Left where a victim can easily find it. Once these fil...