XSolutions’ Security Post Roundup: Apr 5, 2021
Last week’s security LinkedIn posts by XSolutions:
The Dangers Of Working From Home (4/2/2021)
Folks, I’m sure you’ve all heard of the nonsense tweet that was sent out from the official account of U.S. Strategic Command a few days ago.
The mainstream media treated the event as “cute” after discovering that a work-from-home manager’s child sent it while the computer was left unattended.
Although we’re all thankful that the tweet was not the result of a breach, it is a reminder that work-from-home employees have a responsibility to guard their work devices at all times.
This time, a child was playing; next time, it can be a cybercriminal commandeering a high-profile computer because of poor security. Please take security seriously.
NY Charity Accidentally Exposes Thousands Of Records On The Web (4/1/2021)
Cybernews recently discovered an unsecured database containing thousands of entries with medical, children legal guardian, caseworker, doctor, and child welfare data. Some of the records even included social security numbers and medical IDs.
The records were stored in CSV and text files on Microsoft Azure and accessible to anyone with the URL.
Ownership of the database has not been fully substantiated, so we have left out the possible violator’s name. However, it appears that the suspected owner runs programs in five New York boroughs, Rockland County and Puerto Rico.
Anyone who has contributed to a charity, especially within the last year, should:
* Get a Dark Web Scan immediately to see if your information has been leaked.
* Be extra careful with all unsolicited emails and NEVER click links or attachments.
* Monitor your credit.
* Periodically review medical and financial accounts for suspicious activity.
* Take immediate action should issues arise.
This is serious, folks.
Create An Incident Response Plan (3/31/2021)
Incident Response Plans are a must for all businesses. Here are some points to consider:
* Preparation: Take time to set your plan up for success by selecting an incident response team to help provide expertise. Backup all your devices and protect your systems with anti-virus/anti-malware solutions.
* Detection – Know some of the danger signs, such as performance errors, inconsistent behavior, and system error messages.
* Response – Respond quickly! Don’t panic, and work with your team to solve the problem. Try shutting down your device and restarting it in “safe mode.”
* Recovery – When things calm down, kick your backup plan into motion. Make sure the issue is fully resolved and work on recovering any lost data.
* Learning – Share your knowledge! Your friends, coworkers, and family can benefit from your experience and what steps they can take to protect themselves.
Oh, one other thing, make sure your incident response plan is tested. When a crisis happens is not the time to find any holes in your plan.
How Much Is Your Data Worth? 3/30/2021)
The sad truth is that your data is a commodity that is traded on the Dark Web. Even a digital thief with basic computer skills could hack into your accounts and do significant damage. According to VpnOverview’s report, “In The Dark,” here’s a taste of what cyber thieves are making from your confidential information:
* A Paypal account with a $12,000 balance is worth $1,200 to a hacker
* A U.S. Passport goes for $777; adding a driver’s license fetches $888; with additional ID, the thief will get $999
* Database records will net between $999 and $4,995, with a hacker purchasing from 200,000 to 65,700,000 records
You are nothing but a “cash cow” to hackers. Because they stand to make a lot of money, cybercrime will always be with us. Don’t make it easy for them.
Smart Cybersecurity Tactics You Can Do Now (3/30/2021)
Cybersecurity can sometimes be a hassle, but well worth it. Unfortunately, it’s the world we live in. Here are a few tactics you can use to increase your security:
* Use a Password Manager.
* Avoid using the same password for multiple accounts.
* Passwords should be 20+ characters and include upper and lower case characters, numbers, and symbols.
* Avoid using common words found in dictionaries as passwords.
* Install antivirus on ALL devices (PC, phones, tablets, etc.).
* Use multifactor authentication on all accounts where available.
* Encrypt drives on PCs, laptops, and mobile devices.
* Watch out for card skimmers at ATMs, gas stations, etc.
* Enforce a Clean Desk Policy. Ensure that all documents are not left unattended on desks and are locked up at night.
* Micro-shred ALL paper containing unneeded information.
* Download mobile apps only from the Google play store or Apple Store.
* Thoroughly check out app reviews BEFORE downloading.
* ALWAYS review app permissions to see if they’re in line with their functionality.
* Limit personal information on social media accounts.
* NEVER post about current or future vacations, etc., on social media.
XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Managed IT Services | Managed IT Security | Backup & Disaster Recovery| Cloud Data Protection