Boost IT

Managed IT Services, Cyber Security, Network Support - Atlanta, Dunwoody, Buckhead

Cyber Security

FTC Proposes adding Detailed Cybersecurity Requirements to Safeguards Rule

by

On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”).  Most significantly, the FTC proposes to add more detailed cybersecurity requirements to the Safeguards Rule. The rule governs the information security programs financial institutions must implement to protect customer data.

The FTC is also proposing to expand the definition of “financial institution” under the Safeguards Rule and the Privacy Rule to include “finders.”  Finally, the FTC is proposing to amend the Privacy Rule to make technical and conforming changes resulting from legislative amendments to GLBA in the Dodd-Frank Act and FAST Act of 2015.

Proposed Revisions to the Safeguards Rule’s Cybersecurity Program Requirements

The Safeguards Rule establishes requirements for the information security programs of all financial institutions subject to FTC jurisdiction.  The Rule, which first went into effect in 2003, requires financial institutions to develop, implement, and maintain a comprehensive information security program.  As drafted, the Safeguards Rule has few prescriptive requirements, but directs financial institutions to take reasonable steps to protect customer information.

The FTC’s proposed revisions would add substantially more detail to these requirements.

Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, explained that the purpose of the proposed changes is:

“to better protect consumers and provide more certainty for business.”

The new requirements are primarily based on the cybersecurity regulations issued by New York Department of Financial Services (“NYSDFS”), and the insurance data security model law issued by the National Association of Insurance Commissioners.

Cybersecurity Requirements to Safeguards Rule Proposed changes include:

  • Revising the requirement to designate an “employee or employees to coordinate [the] information security program” to require designation of a single individual, referred to as a Chief Information Security Officer (“CISO”), as responsible for overseeing and implementing the program;
  • Adding requirements to financial institutions’ risk assessments, including that the assessment must be written, describe how the information security program will address the identified risks, and be performed periodically;
  • Requiring financial institutions to implement access controls on information systems, as well as restrict access to physical locations containing customer information only to authorized individuals;
  • Requiring customer information to be encrypted, both in transit and at rest;
  • Requiring implementation of multi-factor authentication for any individual accessing customer information;
  • Requiring information systems to include audit trails designed to detect and respond to security events;
  • Requiring financial institutions to develop procedures for the secure disposal of customer information in any format that is no longer necessary for their business operations or other legitimate business purposes;
  • Requiring financial institutions to develop procedures for change management;
  • Requiring financial institutions to implement policies and procedures “to monitor the activity of authorized users and detect unauthorized access or use of, or tampering with, customer information by such users;”
  • Requiring regular testing and continuous monitoring of relevant key controls, systems and procedures;
  • Requiring that financial institutions implement appropriate training and education, including verifying that key security personnel take steps to maintain current cybersecurity knowledge, and utilize qualified security personnel;
  • Expanding the requirement to oversee service providers to require financial institutions to periodically assess such service providers based on the information security risk they present;
  • Requiring that financial institutions establish incident response plans; and
  • Requiring that the financial institution’s CISO report at least annually to the institution’s board of directors on issues related to the information security program.

Source: FTC Seeks Comment on Proposed Amendments to Safeguards and Privacy Rules

How to Create a Strong Password

by

Follow these 4 tips to secure your online accounts

Knowing how to create a strong password can help prevent fraud and unauthorized access to your personal and financial information. But what is a strong password? Check out the tips below. 

1. Create Long, Complex Passwords

Shorter passwords may be easier to remember, but they usually aren’t as secure as longer ones.

  • create passwords that are at least 12 to 14 characters
  • avoid using full words
  • include a combination of unrelated, upper and lowercase letters, with numbers and special characters

2. Make Passwords Memorable—Only to You

While a secure password is usually difficult to memorize, it’s possible to make it strong and easy to remember. For example, write a sentence that’s personal to you and use the first letter of each word—along with any numbers and special characters—to create your own memorable password. Example: “I have 2 sons and 1 daughter. Their names are John, Steven and Abby.” becomes “Ih2s&1d.tnaJS&A.” This is easier to remember than picking random letters and numbers, and it’s usually more secure than using the names. 

3. Don’t Reuse Passwords

Once you create a strong password, it might be tempting reuse it for all your accounts. If you do, it’s like giving thieves the keys to your house. If hackers get your password from another account, you could end up giving them access to your bank account or other personal information. Research has shown that hackers who find previous passwords have a much easier time deciphering new passwords. It’s best to create passwords for financial accounts that are very different from anything you use for email or social media. And don’t use your your e-mail password anywhere else.

Note: When people are required to change their password frequently, they often choose weaker passwords or just change an old password slightly. Hackers know this, so if your system requires regular password updates, try to choose something totally new—and strong—when you need to change.

4. Use Technology to Help You

If you’re not a password expert—and few of us are—it might be a good idea to use a password manager. A handful of them can help you create stronger passwords, store them and even tell you how strong or weak your passwords are. Some of the best password managers are listed and compared in our post on How to Check the Dark Web to Protect Against Identity Theft.

Another way to help keep your information safe is using two-factor authentication, which we also discuss in the Dark Web post above. 2FA adds another level of security by requiring a different piece of information in addition to your password. These secondary factors could be a security question, a code sent to your phone or even your fingerprint. And when you’re setting up security questions, don’t choose an answer that can easily be found, like your mother’s maiden name. It’s usually best to format these answers like strong passwords.

Make sure you have great endpoint protection on all computers and if you’re a business, a UTM managed firewall installed.

Contact us if you have more security questions.

Do you want to know how secure your business is? Take a 2 minute Cyber Security Self-Assessment.

Interested in a full IT Assessment where you get real-time reports showing your IT & security strengths, weaknesses and opportunities? Here’s our IT Assessment Checklist.

The Scenario of the Infected Computer

by

The whole infected computer problem started when a coworker was sharing a computer to review a document and get other help. Before they realized what was going on, a pop-up window came up notifying them that you have an infected computer and suggested running a scan.

The employees ran the scan but nothing happened. Everything they clicked on contained the pop-up message that their computer was infected but by the time we heard about it, lots of other people in the office had the same problem.

The explanation started with, “So and so came over and did something to my computer.”

We were contacted because there was a problem with an infected computer and the virus quickly spread to all the computers in the office. We hear stories like this one a lot from businesses that don’t have good IT support.

Avoiding an infection

Typically, a problem like this stems from user issues like these that are easily resolved:

  1. Searching on the internet and clicking on a bad link (that they didn’t know was bad)
  2. Clicking on a suspicious email attachment
  3. Clicking on a fake website address
  4. Using a web site that is insecure (read Google Chrome Is Ramping Up Warnings When You Visit Insecure Websites).

These problems can be easily prevented. The key is recognizing the links and website addresses beforehand. Our article, How to Avoid Phishing Scams, provides tips for recognizing harmful links and online sites so you can prevent your computer from getting infected.

If you’ve clicked on a bad link or fake website that infects your computer, there is a second precaution, which is your cybersecurity software (malware, spyware, and virus protection). The message from most cybersecurity software indicates to get out! It’s warning is about not proceeding to the site unless you are certain it is a valid link or address.

The warning message was the virus

If you were to click on a bad link or fake website address, another warning message would pop up. It’s important not to click on a link in this warning message. The problem with the above scenario is that the virus was in the warning message. The message was misleading because the virus couldn’t infect your computer until the employee accepted the request to scan the computer. The computer didn’t have a virus, yet. Instead of scanning the computer, when the employee clicked on the link in the message, the virus was downloaded into the computer. Learn more in this video from the Federal Trade Commission about how the scam works.

Fixing the problem of an infected computer

You have an infected computer now, so  how do you fix it?

  1. First, backup your files. At Boost IT, we assist clients with having a backup system in place. It’s important that your backup includes everything you’ll need to reinstall on your computer. You will also want to have any product keys, in addition to your data.
  2. Second, prepare to wipe clean all the computers that are infected. Your computers have been compromised so you’ll have to rid them of the infection and then perform a system restore or clean install. The System Restore feature restores your computer’s operating system to a previous state from a previous point in time. When you wipe a computer clean, you’ll have the equivalent of a “new” computer.
  3. Understand that your antimalware, antispyware, and antivirus software is for prevention and detection. A scan will only help to identify if you have an infected computer. The software may not clean infected computers. Microsoft support discusses this briefly in this article.

If the above two steps look too complex, that’s why you hire professionals. Your time is valuable and is better spent on what you know best. Boost IT has a managed security service that can be installed for a fixed monthly fee with no downtime and our team monitors it around the clock. We have helped many clients get back up and running fast, so contact us or give us a call at 404-865-1289.

Do You Know Where Your IT is Vulnerable?

by

You might know a few people who avoid social media because they feel their personal identity will be compromised. You might also know a few people who are hesitant to use online banking for this same reason. Most of these people have no idea how many of their devices are connected to the internet and how much they are using it. That leaves them vulnerable to a cyber attack.

While having some level of caution is healthy when using the internet, we simply can’t avoid it. Knowing where our IT is vulnerable is important to preventing a cyber attack or other serious issues.

In today’s business world, you don’t just use the Internet to surf. Your devices are connected to it all the time. Based on a research report from BI Intelligence, a total of 22.5 billion devices will be connected to the internet in 2021, up from 6.6 billion in 2016.

Last year, many people experienced how vulnerable these devices were with the DYN hack. Earlier this summer, criminal hackers exploited a flaw in ‘retired’ Microsoft software, which was not routinely updated and patched for security, to infect computers with the WannaCry ransomwareAttacks like the DYN and WannaCry ransomware illustrate how much our IT is vulnerable.

Fortunately, the impact from DYN and WannaCry was not as bad as it could have been because of security measures companies have put in place to limit the damage. This includes security measures that control access to patient records in healthcare facilities, strong password protocols that help protect bank accounts, and simple updates to software and browsers.

So, even though we hear in the news daily about hacks that compromise sensitive information, there are security measures we can take to limit the vulnerability of our IT. Those security measures are needed to protect against your biggest vulnerabilities: your hardware, your software, and, most often overlooked, your people.

Assessing your hardware

A good first step to prevent a cyber attack is to perform an assessment on your IT system. This should include a security audit that evaluates how your IT is functioning and any potential risks. Remember that whether it is a point-of-sale terminal or a video surveillance camera, cyber criminals will do anything malicious to try to get into your network and closer to your valuable data, systems, and intellectual property.  And hackers love to target small businesses, despite what you may think.

Keep current with software and browsers

It is critical that you maintain your devices with continual updates of apps, software, and browsers. From your assessment, you should have a list of all your devices that connects to the internet and could be vulnerable. The best way to keep your devices current is to turn on automatic updates, anti-virus and anti-malware programs.

Take precautions when online

Even if you address all your hardware and software vulnerabilities, this is only part of the solution. You could still have issues with phishing, human error, and engineering or configuration problems. A big issue is that the tactics cybercriminals use change day to day. Anti-malware, anti-spyware, and anti-virus protections are must-have preventative security measures in a comprehensive managed security service. You also need to be wary of suspicious email, links, and websites. When something doesn’t look right, question it before installing or clicking.

With managed security services from Boost IT, we will perform an assessment of your IT security and recommend what is needed to minimize your IT vulnerability. It’s not intrusive, other than when we block the virus infections that can keep you up at night, and we can implement it with no downtime. We’ll continuously monitor your system so that you always have the proper security configurations, protection against malware, spyware and viruses, and updates to your software and browsers. For more information, contact us at 404-865-1289 or check out our IT Assessment Checklist.

Where’s My Data? The Future of Cybersecurity

by

More businesses realize cybersecurity is a necessity. Cybercrimes are on the rise and small businesses are increasingly being targeted. Cybercriminals are becoming savvier and their attacks are becoming increasingly complex. The need to stay on the forefront of information technology and IT skills development increases. Just as important is the need to be prepared and ready to respond to a threat and minimize the damaging effects.

In our last blog Cyberattacks: Why Hackers Target Small Businesses, we talked about the realistic possibility of a cyberattack. While the initial phases of diverting an attack in cybersecurity involve intrusion detection and secure software development, there will always be a risk that will get through even the best detection and development technology.

It’s no longer a question of if you will have a cyberattack but when and how you will counter it. Therefore, it’s critical that cybersecurity include risk identification and mitigation, and cloud security. These areas involve identifying risks, creating a plan of reaction and mitigation, and protecting data. It may sound complicated, but Boost IT has a managed security service that is a simple fix.

Risk Identification and Mitigation

A scary form of attack is cryptolocker, a particularly nasty type of ransomware where your computer and network are hijacked, the data is encrypted, and the cybercrimal demands a fee to unlock it. For more in-depth information, refer to the article The Ransomware Nightmare and Its Real Cost.

It costs companies large amounts of money and can take up a lot of time to unlock hijacked computers after a ransomware attack. Once you get the key, there is no guarantee you’ll get access to your data back. In some cases, your data is wiped clean.

Cryptolocker is one of the biggest risks businesses identify when it comes to data protection. By recognizing the need to plan and developing a risk mitigation plan, businesses can evaluate ways to react by developing a plan of action that helps to reduce the threat.

When developing a plan, the question often asked is, “Where is the data?”

Access to data by only those authorized is vital for the continued operation of the business. Therefore, cybersecurity professionals look at all ways to counterattack and protect the data from a breach so you know exactly how to respond to a threat and thus minimize the damaging effects.

Cloud Security

Knowing how your data is stored, who has access to it and how it is protected is extremely valuable knowledge in the face of cyber risk. Therefore, the future of cybersecurity involves more than preparation and planning against an attack. It involves taking precautions to safeguard your data so it will not be compromised and/or can be recovered in a minimal amount of time so you and your employees can get back to business.

As part of a cybersecurity measure, businesses are increasingly migrating to the cloud for data storage. This helps them to access their data at anytime, anywhere. It eliminates the question of where their data is. But it also causes businesses to rely more on the cloud providers to safeguard their data. However, as the cloud infrastructure develops, it becomes a more lucrative target for cybercriminals. Boost IT has ransomware-resistant cloud products.

As attacks become more possible on cloud systems, the knowledge in cloud security is continuously growing. Keeping up with the complexity and continuous training on cybersecurity is necessary. That is why many businesses are outsourcing cybersecurity to Boost IT. We stay on top of the innovative ways to combat cyberattacks and protect your data. To learn more, contact us at 404-865-1289.

The Ransomware Nightmare and Its Real Cost

by

Every day people go on the internet and are at risk from cyberattacks. Some of these attacks use highly sophisticated technology that can create a ransomware nightmare. Ransomware attacks by locking you out of your system and demanding a ransom to unlock it.

The Ransomware Attack

In Atlanta, there was a healthcare provider doing business as usual. One day an employee from the company received an invoice in an email that looked like a standard invoice from a doctor in their network. When the invoice was opened, the computer and all data on the company server was compromised with a cryptolocker Trojan. On the screen was a message demanding thousands of dollars in payment via bitcoin to get the password to unlock the files.

This wasn’t your average medical invoice but a particularly nasty ransomware called cryptolocker that targets computers running Microsoft Windows. Cryptolocker usually gets delivered as an emailed invoice. The email should have seemed suspicious because of the unusual sender e-mail address, but once opened, it was too late. Files were encrypted and the entire system froze, bringing the entire company operation to a screeching halt. The message clearly explained that the company’s data was encrypted and would not be restored until the ransom was paid, and there is no way around it other than restoring your data from a ransomware-resistant BDR system.

Ransomware attacks can affect everyone using desktops, smartphones, and other devices, and in every industry from medical to engineering, retail to real estate, hosspitals to public schools, and to government agencies. For a small business, it will mean the entire business’ digital assets are inaccessible. With increased sophistication from cybercriminals, ransomware is targeting bigger businesses, too, and spreading into their networks.

The Ransomware Nightmare

According to the FBI, ransomware attacks cost their victims a total of $209 million in the first three months of 2016, a stunning surge upward from $24 million in all of 2015. In addition, sometimes demand for payment is in bitcoin. Do you know how to get bitcoin if you need it? If the company doesn’t have bitcoin payment options, they must scramble to get it. But the biggest problem is loss in productivity.

Based on Intermedia’s 2016 Crypto-Ransomware Report, most businesses experience an average of two days of downtime. Business downtime is a far bigger cost than the ransom itself. It’s the loss of productivity and lack of access to critical data, even emergency data, that can create the real ransomware nightmare.

It is devastating when your data is locked or encrypted. Ransomware locks up entire systems and your servers, stops critical processes from running and denies access to the records and other data needed for major decisions. The longer it takes to get back to normal, the higher the potential for problems. Projects are put on hold and clients become upset, and customers may avoid doing business with you in the future because your system has been compromised.

In some instances, such as with the Atlanta healthcare provider, that data involved critical patient information that was needed by doctors to properly make a diagnosis or approve prescriptions. It meant a patient went untreated. And it could have been far worse if a patient’s life was at stake. There was an increased immediacy to get the data back up and running.

The Solution

When ransomware strikes, a business has a hard decision to make. Stress levels are very high. Time is of the essence. Either the business spends multiple days recovering locked files from backups or pays the ransom, and if you pay, the hacker may have your credit card information. Without proper backup already in place, businesses often have no choice but to pay the ransom. In early 2016, operations at a Los Angeles hospital came to a near halt, leaving staff to use faxes and paper notes to communicate before a $17,000 ransom was paid.

Even with a good backup plan, recovery can be tricky and take time. And unlike previous Ransomware that locked operating systems and left data files alone and usually recoverable, Cryptolocker makes extortion of victims more effective because you can’t retrieve locked files without the attacker’s private key.

The solution is a defense against Ransomware that combines education and training, proper backup and disaster recovery, regular maintenance and software updates, and improved communication. Find information in our article “Learn to Protect Yourself and Your Clients from Malware” and read about “Cybersecurity Tips for Small Business”.

Boost IT can help you be prepared. To learn more, contact us at 404-865-1289.