The TDSIT Blog

Six Hacking Terms Every Business Owner Should Know

Posted by Tim Stanley on Fri, Aug 31, 2018 @ 09:10 AM

hacking_terms_3

It seems like every day we're being told of yet another data breach. As a business owner in today's connected world, it's important to be educated about the risks involved. There are plenty of trade websites, blogs and newsletters where you can learn about today's threats. Like any industry IT professionals have a language they use when discussing these very real issues.

If you're new to IT, or just looking for information, here are six common hacking terms you should know when conversing with your IT security team.

  • Denial Of Service Attack (DoS): DoS attacks are used to lock resources by flooding a network or website with rapid requests that can't be serviced. This effectively shuts down the resource by crashing the network or website.
  • Dictionary Attack: A sophisticated version of the brute force password attack. Hackers try literally thousands, or even millions of randomly generated passwords in order to break through password security.
  • Logic Bomb: A logic bomb is “set off” or triggered by a specific event or sequence of events. Hacked systems are loaded with software that is awaiting a specific event, date, or series of actions to begin the attack. 
  • Malware: Malicious software or malware, is a program that is designed to disrupt a computer or network with malicious intent. 
  • Phishing: This is the most common type of attack. Often sent from a friend's email address which was attacked by a virus that hijacked their address book.
  • Zero-day Attack: A common term, a zero-day attack uses a flaw in an app or OS to gain access or control a system's resources. Zero-day is the day the first attack was identified.

There are new IT threats coming online every day. Regardless of your industry, it's important to stay on top of IT trends, risks and vulnerabilities to reduce your risk of attack.  Want to learn more? Contact us today to learn how to keep your data protected.

 

 

 

Tags: TDSIT, Small Medium business, Managed IT Services, security

Printer Vulnerabilities and Security Techniques to Keep You Safe

Posted by Tim Stanley on Mon, Feb 12, 2018 @ 02:46 PM

protection.jpg

Cybercrimes are no joke – they cost businesses over $7.7 million last year. As more companies are victimized, businesses are looking for ways to secure their computers to shield against an attack, but many overlook another major point of entry for hackers: the printer.

Printer Vulnerabilities

Printers deal with a large amount of sensitive data every day, but are often not properly secured. This is why up to 60% of cyberattacks involve printers. Printers are vulnerable from a variety of angles, including:

  • Firmware hacks
  • Hard drive data
  • Mobile printing
  • Lack of encryption
  • Unclaimed print jobs on the output tray
  • Unauthorized printer usage

Because there are so many ways someone could gain access to your data via a printer, you must use a multi-pronged approach to printer security.

Security Techniques

Good security starts at the printer. Your printer should have embedded security features to help prevent attack. Security updates should be installed regularly as they are released. No settings should be able to be changed on the printer without authentication.

Printers should also automatically encrypt all data that is sent to or from the printer, as well as what is stored on its hard drive. This will prevent the data from being useful if intercepted. The printer’s hard drive should be erased periodically and destroyed prior to recycling the device.

User authentication via passcode or other means is another way to secure your printer. Combined with pull-printing to reduce unclaimed jobs on the print tray, this can help reduce your risk of a data breach. It’s important to remember if you activate mobile printing that you use encryption and authentication techniques for that as well.

A Comprehensive Strategy

Protecting your network must involve your printers, and protecting your printers must involve your network. Because it is a complex and changing field, it can be beneficial to consult with a provider that specializes in security solutions. These experts can conduct an analysis on your network and print environment to help you develop and update a comprehensive security strategy. By filling the gaps in your security, you can reduce your risk of becoming the next victim of attack.

Printers are a major vulnerability for businesses today and must be secured. With a variety of security techniques and expert help, you can have a secure print environment to protect your sensitive data. 

How secure are your printers? If you are thinking of purchasing or leasing a new printer, be sure to download our free Ultimate MFP Buyers Guide - it will help you to understand the key questions to ask potential vendors, ensuring you get the best printer for your needs.

The-Ultimate-MFP-Buyers-Guide-Email.jpg

 

 

 

 

 

Tags: security, TDSIT, Managed IT Services

How to Protect Your Business From the Threat of Ransomware

Posted by Tim Stanley on Mon, Jun 12, 2017 @ 02:15 PM

 

ransomware.jpg


While ransomware isn't new, it has gained increasing notoriety since May 12, 2017, when a variety called
WannaCry was responsible for the largest cyberattack on record. The term ransomware is aptly named, combining the threat of malware—preventing the victim from accessing their data—with the demand for a paid ransom to ensure its release. Both individuals and businesses of all sizes are at risk, but there are a number of steps you can take to help protect your business, including those listed below. 

Strengthen Your Defenses

Protect your sensitive data from thieves, by routinely installing system updates as they become available. The latest ransomware attack was successful due to a vulnerability in Microsoft software, and while a security patch had been issued nearly two months-prior, the affected parties had failed to install it. Another effective defense involves whitelisting of software applications, which can prevent your computers from installing any programs that aren't approved. 

Think Before You Click

The simple act of opening an email, clicking on a link, or downloading materials to your computer is all it takes for malware to infect your computer or system network. The latest subversive method of access is through malvertising: embedding malware in ads placed on trusted websites. Adblockers can help prevent this type of infection, along with operating system updates and patches. User training can help reduce the amount of random clicking that takes place in your office, but it shouldn't be relied upon as your first, or only, line of defense. 

Get Your Back-Up

Disaster recovery software will ensure your data is backed up on a daily basis and stored safely in the cloud. While this can't prevent a ransomware attack from occurring it will allow you to access your data, eliminating the need to bargain with thieves for the safe return of your information, and help you to continue business as usual. 

Pull the Plug

At the first sign of infection, it's imperative that all computers are immediately disconnected from the network to prevent it from spreading further. Consider implementing periodic simulations throughout your office, as part of your risk management strategy, to save vital seconds in the event of an actual ransomware attack. 

Contact us today to learn more about the steps you can take to protect your business from the threat of ransomware with customized security solutions. 

tech_assessment_1.png

Tags: security

How to Minimize Low Tech Security Threats

Posted by Tim Stanley on Thu, Apr 27, 2017 @ 11:36 AM

low_tech_security_2.jpg

Technology has changed the way people communicate, run their households, do business, and navigate the world, but with convenience comes a price. Data security is one of the biggest concerns among business owners today, but while most focus on large scale threats such as phishing, malware, hacking and firewall breaches, attention should also be given to defending against another, potentially more serious concern: low tech security threats. 

For best results, a two-pronged approach is required with regards to data security: the first to protect against the physical loss of data, and the second, against the unauthorized access of data. While backups are vital to ensuring valuable data can be recovered, it can't prevent theft.

Here are some examples of common low tech threats to your data:

Carelessness

Sensitive information which is left on desktop trays, in unsecured filing cabinets, or in waste or recycle bins can be easily scanned, copied, photographed or stolen in the blink of an eye. Likewise, computer monitors should not be left unattended when displaying or accessing sensitive information; computers should be password protected and all screens closed before leaving the area. 

Lack of Encryption 

Both onsite and offsite backups should be securely stored, and encrypted to prevent theft. 

Unsecured Printers

Unlike the printers of old, today's printers are part of your computer network and must be secured against unauthorized access. Shared devices can use technology to create an audit trail and prevent unauthorized usage, and employees should be reminded to ensure output trays are clear and originals are removed after each use. 

Physical Theft

Portable devices such as smartphones, tablets, notebooks and laptops can be easily stolen, and should be stored securely when not in use. 

Power Issues

Power surges, outages, spikes or interruptions can corrupt or destroy your data. Surge protection should be used for all electronics to avoid damage. 

Environmental Concerns

Damage to data or devices as a result of flood, fire, smoke, or extreme temperatures can be avoided with climate control solutions, computer safe fire suppression, monitors and alarms. 

Protect your sensitive data by taking a broad approach to data security, with solutions that defend against both modern technology and low tech security threats. Contact us today, to learn more! 

 

  

Tags: security

Five Reasons Hackers Target Office Printers

Posted by Tim Stanley on Thu, Feb 16, 2017 @ 10:26 AM

security_printers_1.jpgA recent study found that fifty-six percent of businesses overlook their office printers in their overall security strategy; this is like an open invitation to hackers. Sixty percent of companies surveyed had been breached through their networked printer, and each breach took an average of forty-six days to resolve.

Are your printers protected? Here are five reasons that overlooking printer security can open your business up to the havoc of a data breach:

  1. Network Vulnerability – Even with a firewall your network may have access points a hacker can infiltrate. An overlooked printer creates vulnerability; once accessed, a hacker can gain access to your entire network.
  2. Attacks – Once a hacker gains access to your printer, they can create a myriad of problems: printers can become “possessed” - printing random jobs, transmitting faxes, or even changing settings. Printers have also been used for denial-of-service (DoS) attacks.
  3. Data Theft – Once on your network, a hacker has access to all data; unencrypted data is particularly at risk. 
  4. Hardcopy Risks – Output left at the printer opens the door to breach. Unauthorized eyes may view confidential information putting your business at risk for regulatory compliance failure and legal liability.
  5. Mobile Devices – As mobile use expands it's becoming more challenging to provide authentication and secure data transmission. Implement a mobile solution that addresses these issues.

Take simple precautions to address your printer security including:

  • Use encrypted data protocols. Disable unsused printer ports and protocols directly on the device.
  • Destroy your hard drive whenever any printer is decommissioned.
  • Support at least one form of secure authentication, whether it's an access card, PIN or print at device (pull-printing) protocols.
  • Make sure your firmware and security software is updated and current. Only use legitimate, verified updates.
  • Use a print management tool to centrally manage your print environment and ensure security protocols are followed and enforced.

Keep your business safe! Make sure that all of your print and mobile devices use the same level of security as the rest of your network. Take the time now to protect your business to avoid lost time and liability in the future.

IT assessment.png 

Tags: security

Medical Practices and BYOD Safety Measures

Posted by Tim Stanley on Tue, Feb 16, 2016 @ 12:13 PM

Medical Practice BYOD Safety Measures, Total Document Solutions, Fayetteville, AR

When physicians enter an exam room, it is frequently with a tablet or phone in hand. Through technological advancements, these personal devices allow physicians instant access to patient history, drug interaction databases and specialist reports, improving patient care both in the office and out. However, without a security policy in place, sensitive and confidential patient information could be put at risk.

A Security Hazard

Many medical offices are permitting physicians and medical personnel to access sensitive patient information on their personal devices. While this is convenient, if not properly protected, these devices can be hacked, exposing sensitive patient information. Some common risk points include a lack of password protection, not installing or using anti-malware software and accessing unsecured Wi-Fi networks. In addition, without proper security measures in place, the office could be found in violation of HIPPA and HITECH regulations and subject to fines.  

The Solution

Taking some simple steps to improve security can have a large impact on patient privacy. As part of your BYOD security policy, you should consider the following regulations:

  • All devices should be protected with a strong password that is changed regularly.
  • Personal devices should be scanned for malware prior to accessing the private network and patient information.
  • Personal devices should have anti-malware scanning software installed to help prevent hacking when on unsecured networks.
  • Use of tracking software that can delete private information if the device is reported lost or stolen.

Personal devices can help improve patient care, and with proper security measures in place, physicians and patients can safely enjoy the benefits of the medical technologies available today.

 

Tags: electronic heath records, healthcare, password security, security, Total Document Solutions, HIPAA compliance, technology trends, BYOD

Preventing Malware Attacks 101

Posted by Tim Stanley on Wed, Dec 09, 2015 @ 10:40 AM

prevent-malware-101

The threat of malware attacks is not expected to slow down; on the contrary, vicious malware attacks are expected to amplify over the coming years.  The sophistication of this type of malicious software has made it very difficult to detect and block.

To keep yourself and your business safe, here are some basic tips:

  • Update or install security software – Make sure your security software detects and blocks malware and it is kept up to date in order to prevent new versions from penetrating your network.
  • Links and attachments – Whenever you or any of your personnel receive a link or attachment in an email be sure to verify before opening.  Confirm the link is from a trustworthy source that you know. The attachment should be scanned for viruses and malware even if it has come from a reliable source.
  • Educate your employees – Hold periodic training sessions with your staff to make sure they understand the dangers of malware and how they can help keep the company safe from attacks.
  • Bringing outside devices – USB drives, laptops, tablets or other devices could easily transmit malware onto your network once connected.  Reduce the chances of transmitting these viruses by having strict security policies in place for connecting these devices.

For more information on how to prevent malware attacks, work with a knowledgeable Managed IT professional who can objectively review your current security capabilities and provide insight on ways to improve.

Here are some additional blogs you may enjoy on ways to keep your company's data secure:

The Ultimate Guide to Password Security

10 Easy Ways to Protect Your Data

Six Areas to Consider When Drafting Your IT Security Policy

 

Tags: document security, security, Small Medium business, IT services, IT Security Policy, preventing malware attacks

The Hottest Trends in Technology for 2016 and Beyond

Posted by Tim Stanley on Thu, Nov 12, 2015 @ 11:12 AM

tech trends (1)

For the year 2016 and beyond you can expect to see some exciting innovations that will help us to stay connected and make better use of these connections. Here are some of latest technologies identified by Gartner, a leading technololgy research company, that will be in the forefront this coming year:

  • Security – Regardless of the size of business, there is a real threat of identity theft, malware, virus or hacker attacks. New security techniques will be more adaptive in order to block potential attacks with sophisticated algorithms that are difficult to break.
  • Device Mesh – The proliferation of connected devices is not expected to slow down. Today we see desktops, laptops, tablets and smartphones connected. We also see wristbands and special sensors that can help to detect specific events such as heart rate or movement. Picture getting an alert when someone comes to the door of your house, or receiving a notification if your heart rate reaches a certain level.
  • Storage – With all of the data gathered by interconnected devices there will be a tremendous need to store and analyze the data. New field programmable gate arrays, or FPGAs, will allow super-speed gathering and storage of data using energy efficient architectures.

These trends are just the beginning of a vast connectivity revolution that will help people and businesses across the world have better access to information and improve their productivity.

Tags: document security, security, technology trends

Six Areas To Consider When Drafting Your IT Security Policy

Posted by Tim Stanley on Tue, Sep 08, 2015 @ 02:32 PM

It security policy (2)

In today’s hi-tech world, IT security is an issue every company needs to address. An IT Security Policy can help mitigate threats and reduce the impact of a breach. The result can be increased productivity, less IT downtime and the ability to reassure customers and vendors that any personal or financial information is safe and secure in your hands.

Many larger businesses draft IT security policies using in-house IT management and legal staff. Smaller companies without such resources may find it beneficial to work with a Managed IT Services provider to help create an effective policy.

Here are six areas to consider when drafting your company’s IT security policy.

1.  Acceptable Use - Misuse of digital assets can be a major security issue. You need to have a plan; make it plain, simple and easy to understand. Your policy should outline what’s allowed, what’s not allowed and the consequences of any violations.

2.  Passwords - A strong password is one of the best security measures you can implement. Create guidelines for your employees and explain the dangers thoroughly. Weak passwords are a common cause of compromise.

3.  Use Real World Scenarios - Real world scenarios are an effective way to train and prepare your employees and can help make recovery quicker. Spell out the different types of breaches that may occur and how to combat them. Identify common employee behaviors that can increase risk such as transferring data from an unsecure device to your office network. 

4.  Have a Plan - Taking a proactive stance can lessen the impact of any breach. Make sure employees know their role in the event of an attack and are prepared to take swift and effective countermeasures.

5.  Training - Have a training policy. It should include ongoing training to keep up with rapid technological changes.

6.  Enforcement - Employees should be clear on what’s expected and the consequences of policy violations. Brief new employees upon hiring and have them sign a statement of understanding regarding your policy. Penalties should address everything from unintentional breach or willful violation, to malicious acts like data theft.

A solid security policy can protect your business against unnecessary threats and potential liabilities, prepare staff to move quickly when disaster strikes, and train your employees to help make your business more secure!

Tags: password security, security, IT support, Small Medium business, IT Security Policy

The Ultimate Guide To Password Security

Posted by Tim Stanley on Fri, Aug 07, 2015 @ 12:51 PM

password security (1)

Think about how much information is stored across your company's computer system. Now, imagine all that information falling into the hands of a hacker. Regardless of how many devices are in your network, password security is paramount as the first line of defense against an attack.

Read on for some valuable tips regarding password management, which can help safeguard your data and deter would-be thieves. 

Change Is Good

Choose a new password every 30 to 90 days, including those on personal websites you visit, such as your email, bank or favorite stores.

Expect The Unexpected

Hackers may utilize any one of three different methods to breach your network security:

  1. Brute ForceThis type of attack occurs when a hacker uses automated software to produce a vast number of successive guesses to decipher a password. 
  2. Dictionary Attacks. Aptly named, this hack systematically enters each word in the dictionary as a potential password. 
  3. Social Engineering. Non-technical in nature, hackers use human contact to obtain passwords, whether in the form of email or face-to-face interaction. 


Common Password Mistakes

Experts agree: the number one password mistake is using "password" as your code. Other bad ideas include:

  • Using the name of your significant other, pet or child.
  • Using any word that can be found in the dictionary, even in a foreign language.
  • Using your phone number, SSN or birth date.
  • Using only all letters or all numbers. 


Password Security Tips

Get creative by changing up letters for symbols, such as "$p0k@ne" instead of Spokane. Vary the case of the letters, and use at least eight characters that are a mixture of letters, numbers and symbols. 

Lock It Up

Safeguard your new password, sharing it with no one. Rather than writing it down, use it frequently the first few days, randomly logging in and out, until you have it memorized. 

Using weak, or easy to guess passwords, makes it easy for thieves to access your computer system. Once they gain entry, they may install a malicious virus that could disable your network or steal sensitive data, potentially damaging your business. 

Tags: password security, security, Small Medium business