508-909-5961 [email protected]

Cybersecurity terminology you need to knowDo IT security terms like “phishing” and “intrusion protection” sound extremely foreign to you? If so, it’s time you familiarize yourself with these and other common cybersecurity terms. By learning these basic concepts, you’ll be more aware of the depth and scope of online dangers and, hopefully, be better prepared to deal with them. Malware […]

The post Cybersecurity terminology you need to know appeared first on Complete Technology Resources, Inc..

Cybersecurity terminology you need to know

Do IT security terms like “phishing” and “intrusion protection” sound extremely foreign to you? If so, it’s time you familiarize yourself with these and other common cybersecurity terms. By learning these basic concepts, you’ll be more aware of the depth and scope of online dangers and, hopefully, be better prepared to deal with them.

Malware

For a long time, the phrase “computer virus” was misused to refer to every type of attack that intended to harm or hurt computers and networks. The more appropriate term for these harmful programs and files would be "malicious software" or "malware." Whereas a virus is a specific type of malware that is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as malware.

Ransomware

Don't let all other cyberthreats ending in -ware confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is “ransomware,” which is malware that encrypts valuable data until a ransom is paid.

Intrusion prevention system (IPS)

There are several ways to safeguard your network from malware, but an IPS is quickly becoming one of the nonnegotiables. An IPS sits inside your company’s firewall and looks for suspicious and malicious activity that can be halted before it can exploit or take advantage of a known vulnerability.

Social engineering

Not all types of malware rely solely on fancy computer programming. Experts agree that the majority of attacks require some form of “social engineering” to succeed. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or protected information. For cybercriminals, complicated software is totally unnecessary if they can just convince potential victims that they’re a security professional who needs the victims’ password to secure their account.

Phishing

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of defrauding people using an app or a website that impersonates a trustworthy or often well-known business in an attempt to obtain confidential information. Just because you received an email that says it’s from the IRS doesn’t mean that it is. Don’t take such emails at face value — always verify the source, especially if the emails are requesting your sensitive data.

Antivirus

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well-known malware variants.

Zero-day attacks

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to fix the gap in security. However, if cyberattackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

Patch

When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest malware.

Redundant data

When antivirus software, patches, and intrusion prevention fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.

Our cybersecurity professionals are always available to impart more in-depth knowledge of the many different kinds of cyberthreats. Get in touch with us today and find out how we can help you with your IT security woes.

Published with permission from TechAdvisory.org. Source.

The post Cybersecurity terminology you need to know appeared first on Complete Technology Resources, Inc..

Read More

How to protect your business from Mac ransomwareSome of the most high-profile ransomware cases in recent memory include the WannaCry and Petya outbreaks in 2017, which infected hundreds of thousands of Windows PCs around the world. However, ransomware such as EvilQuest target Mac computers specifically. If you have a Mac, follow the security best practices below to avoid getting infected. What is […]

The post How to protect your business from Mac ransomware appeared first on Complete Technology Resources, Inc..

How to protect your business from Mac ransomware

Some of the most high-profile ransomware cases in recent memory include the WannaCry and Petya outbreaks in 2017, which infected hundreds of thousands of Windows PCs around the world. However, ransomware such as EvilQuest target Mac computers specifically. If you have a Mac, follow the security best practices below to avoid getting infected.

What is Mac ransomware?

Ransomware is a type of malicious software that holds computer systems hostage until a ransom is paid in gift cards, or cryptocurrency like Bitcoin or Ethereum. It’s typically distributed using phishing emails, but it can also spread via unsecured networks.

When Macs are infected by ransomware, users won’t be able to access their data since it’s encrypted. Ransomware messages may also threaten to release the information to the public or destroy sensitive data if victims don’t pay within a certain deadline. Healthcare and finance organizations, in particular, are more likely to pay the ransom because these organizations tend to have a lot of valuable assets, including money, and can't afford to lose access to their critical data.

Types of Mac ransomware

In 2016, the KeRanger ransomware was distributed through the popular BitTorrent app Transmission. KeRanger was signed with an authorized security certificate, allowing it to evade macOS's built-in security measures and infect more than 7,000 Mac computers.

Patcher was another strain of Mac ransomware that was discovered in 2017. This type of ransomware disguised itself as a patching app for programs like Microsoft Office. When launched, Patcher would encrypt files in user directories and ask for a ransom paid in Bitcoin. But the ransomware was poorly built, so there was no way to retrieve the decryption key once the ransom was paid.

In 2019, the EvilQuest ransomware encrypted files and tried to trick users into paying a Bitcoin ransom. Much like Patcher, however, there was no feature to decrypt files after paying, leaving those who paid the ransom with nothing.

Ransomware attacks like these can make a resurgence at any time, which is why you need to be prepared in case of an attack.

An ounce of prevention goes a long way

Preventive measures are the best way to keep your Macs safe from ransomware. This involves updating your software regularly to defend against the latest threats and only installing programs from the official App Store.

Since ransomware initially infects computers using phishing emails, make sure to avoid suspicious links and email attachments. Always be on alert even if the email appears to come from a legitimate company or someone you know.

You must also maintain offline backups and have a disaster recovery plan to keep your business running in the off chance that ransomware successfully infiltrates your systems.

Responding to ransomware

If your Mac is infected with ransomware, do not pay the ransom fee, as there's no guarantee that hackers will provide a decryption key and release your data even if you give in to their demands.

Instead, use an up-to-date anti-malware program to remove ransomware from your computer. Cybersecurity experts may also release free ransomware decryptor tools to remove the infection, so keep an eye out for these on the internet. If these programs and tools don’t work, contain the spread of the ransomware by disconnecting from the network and run data recovery procedures, provided you’ve backed up your data in an external hard drive or the cloud.

Mac ransomware attacks may not be common, but they still pose a great threat to your business. If you need more guidance, contact our team of security experts today. We stay abreast of the latest Mac security threats and know just how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

The post How to protect your business from Mac ransomware appeared first on Complete Technology Resources, Inc..

Read More

Your business’s cybersecurity needs an MSPWith the prevalence of cyberattacks on companies of all sizes these days, businesses cannot afford to relegate cybersecurity to the bottom of their budget priorities. When it comes to cybersecurity, even small businesses should partner with a managed IT services provider (MSP). Here’s why it's crucial to partner with an MSP that can implement robust […]

The post Your business’s cybersecurity needs an MSP appeared first on Complete Technology Resources, Inc..

Your business’s cybersecurity needs an MSP

With the prevalence of cyberattacks on companies of all sizes these days, businesses cannot afford to relegate cybersecurity to the bottom of their budget priorities. When it comes to cybersecurity, even small businesses should partner with a managed IT services provider (MSP). Here’s why it's crucial to partner with an MSP that can implement robust cybersecurity solutions for your business.

The numbers

According to the Ponemon Institute’s 2019 State of Cybersecurity in Small and Medium-Sized Businesses (SMBs) survey, cyberattacks have increased dramatically. Here in the United States, 76% of companies were attacked in 2019, a significant leap from 55% in 2016. Sixty-nine percent of US businesses reported data breaches in 2019, up from 50% in 2016.

The financial consequences have also increased considerably. The average cost spent by companies because of damage to or theft of IT assets and infrastructure increased from $1.03 million in 2017 to $1.2 million in 2019. Costs due to disruption to normal operations increased from an average of $1.21 million in 2017 to an average of $1.9 million in 2019.

The attacks

Globally, the most common forms of attack on SMBs are those that rely on deception: phishing (57%), stolen or compromised devices (33%), and credential theft (30%). Worse, cybercriminals are targeting SMBs more, with reported attacks having increased from 60% in 2017 to 69% in 2019.

Why managed services?

Partnering with MSPs is the most effective way to prevent attacks and protect your business from malicious threats. MSPs offer a full range of proactive IT support that focuses on advanced security, such as around-the-clock monitoring, data encryption and backup, real-time threat prevention and elimination, network and firewall protection, security awareness training, and more.

And because managed services are designed to identify and fix weak spots in your IT infrastructure, you’ll optimize the digital backbone of your business processes. You’ll have faster network performance, a solid business continuity and disaster recovery strategy, and minimal downtime. One of the best things about managed services is that you get a dedicated team of IT professionals ready to assist you for any technology problems you may encounter. This is much more effective and budget-friendly than having in-house personnel handling all your IT issues.

Being proactive when it comes to cybersecurity is the only way to protect what you’ve worked hard to build. If you’d like to know more about how managed services can benefit your business, just give us a call — we’re sure to help.

Published with permission from TechAdvisory.org. Source.

The post Your business’s cybersecurity needs an MSP appeared first on Complete Technology Resources, Inc..

Read More

5 Best practices for securing PHIProtected health information (PHI) includes personal, medical, and financial information, as well as other data created or used when a patient sought and received healthcare services. Due to the sensitive nature of PHI, it is highly valuable to hackers — and this is why your healthcare organization must do everything possible to protect any PHI […]

The post 5 Best practices for securing PHI appeared first on Complete Technology Resources, Inc..

5 Best practices for securing PHI

Protected health information (PHI) includes personal, medical, and financial information, as well as other data created or used when a patient sought and received healthcare services. Due to the sensitive nature of PHI, it is highly valuable to hackers — and this is why your healthcare organization must do everything possible to protect any PHI data it handles. These best practices will put you on the right track toward keeping PHI secure.

Educate your staff

A comprehensive data security training program is necessary to combat ever-evolving threats to the healthcare industry. Training should be done regularly and cover all the different areas of data security, including the different data breach methods employed by hackers. For instance, your employees should be educated on how to spot phishing attacks, which are the number one cause of data breaches, according to the 2020 Verizon Data Breach Investigations Report. Understanding how phishing works will help your employees recognize and avoid falling victim to such scams.

Enforce strict access policies

Implement access restriction policies to keep unauthorized users from getting their hands on PHI. This entails granting employees access to only the PHI they need to perform their tasks. For instance, accountants should not have access to data about patients’ health conditions. Similarly, physicians shouldn’t be able to see patients’ billing information.

Healthcare executives must also hold employees accountable for accessing PHI for no valid reason. Together with regular cybersecurity training, this will minimize the risk of data breaches resulting from insider threats.

Employ full-disk encryption

Full-disk encryption is an inexpensive and quick method to secure private information saved in computers and portable devices. It renders data indecipherable to users who don’t possess the matching decryption key. This means that even if one of your employees’ laptop or smartphone is lost or stolen, the thief won’t be able to access any encrypted PHI stored in it.

Build a resilient infrastructure

Malware is a blanket term for viruses, Trojans, and other harmful programs that cybercriminals use to damage systems and gain access to sensitive data. To ensure the security of PHI, your healthcare organization must build an IT infrastructure that is protected against malware of all kinds.

This involves setting up safeguards to keep malware and other threats at bay, such as advanced firewalls, intrusion prevention systems, and email filtering software. You should also consider network segregation and segmentation to block hackers’ attempts to penetrate your networks and steal PHI data.

If malware does manage to infiltrate your network, stop it from spreading by deploying next-gen anti-malware software that can detect and quarantine any signs of a breach. If such systems fail, you’d also need a data backup and recovery plan so you can continue caring for your patients even during a major incident.

Implement physical security measures

Many healthcare organizations still rely on paper-based PHI and store these in file cabinets. Secure these valuable assets by installing physical security controls, such as surveillance cameras and card entry systems, in the areas of your facility where records are stored. You should also implement strict record log-out procedures, which will help ensure that only authorized personnel can access records that contain sensitive data and that these are returned promptly.

To learn more about how you can secure PHI and other digital assets, drop us a line today. Our team of professionals can provide you with the knowledge and assistance you need.

Published with permission from TechAdvisory.org. Source.

The post 5 Best practices for securing PHI appeared first on Complete Technology Resources, Inc..

Read More