Our Business IT, Networking, & Computer Support Blog

Stay up to date on the latest news and happenings

Why Your Business Needs Cyber Liability Insurance

Business owners know there will always be liabilities connected to running that business. But now there’s another “liability” to add to the list: data that must be protected.

There are ways to safeguard your business against the liability of data loss, not the least of which is cyber liability insurance, which is a very specific policy that should be tailored to your business.

But before we get into details about that, let’s review why it’s becoming so important to have it. Protected data is anything that contains two or more pieces of PII (Personally Identifiable Information). PII is any data that can be used on its own or in conjunction with other information to identify, contact or locate a single person. For example, a name combined with either address or phone number constitutes PII.

Since this type of information can be used to steal identities for monetary gain, it has value, and cybercriminals are constantly trying to get their hands on it. When PII data is stolen, that’s a data breach. There are both state and federal statues in place that cover such breaches; business owners may be fined for the breach and may be responsible for notifying and protecting the persons impacted in a breach. Some actions you, as an owner, may need to take following a data breach may include notifying the state’s attorney general, sending out written notifications, and providing identity protection services to those impacted. All-in-all, the cost of a data breach can range from $150 – $300 per record. And that can add up to many thousands of dollars. For a lot of businesses, the presence of statue and the lack of insurance creates an unfunded liability.

Standard insurance, including umbrella policies, absent a cyber liability policy, will not cover these expenses go to my site. Some commercial policies have a low-cost rider that may include some cyber liability, but in most cases these will leave you under-insured and majorly exposed.

Cyber liability is a very specific coverage that should be tailored to a business. The application for such a policy is substantial and detailed. When applying, you should expect to answer a myriad of questions about your business, including information regarding revenue, headcount, your customers, types of data stored, current breach prevention measures, and much more.

While purchasing cyber liability insurance is an important step to protecting your business, simply going through the application process is eye-opening, and therefore recommended for all businesses. At the very least, the exercise will get you going in the right direction toward protecting your data, and ultimately, your business. If you have too much risk, the insurance company will deny your policy application and explain why. If your policy is too expensive for your budget, you may be able to invest a little more in preventative measures to reduce your risk.

If you find the application a little overwhelming – and most business owners do, please feel free to call us at 203-744-2274. We have helped many companies through the process and knowing your own cyber security stance is an important byproduct of the exercise.

IT Support Services CT, NY, NJ, PA, FL


There Goes The Neighborhood; Cyber-Crime is Rampant

When I was growing up we never locked our house, even when we went away for a weekend. We weren’t afraid of going out at night and we didn’t have to worry about venturing into certain areas of town. We lived in the country, in a good neighborhood with good neighbors.

Contrast that with any crime-ridden neighborhood in a big city. Residents there might have several locks on their door, an alarm system, and venturing out requires a constant state of vigilance. Quite a different scenario.

Today, though, when it comes to our corporate computer networks, the unfortunate truth is that we all live in bad neighborhoods. The entire internet-connected world is a dangerous place, requiring constant vigilance to be safe and to survive.

Every person and every company in the world that is online is being attacked every second of every day by an army of bad guys around the globe. Our mission as a network support company, therefore, is to protect information assets from those who wish to do harm. The consequences to us and our clients if we fail are considerable: financial loss, reputation damage, fines, and even business failures.  The collateral damage is that people will lose their jobs, which leads to financial hardship and crushing stress.

Why are we seeing cyber threats increasing so dramatically in frequency, type and sophistication? I think the answer, like with any commercially driven activity, lies in market conditions and economics. Consider this: For an industry to thrive, it needs a product, producers of said product, buyers of the product, a distribution system, and a way to get paid. The bigger the market and the amount of money to be made, the bigger the industry.

Product: Currently and for the foreseeable future, there is an unlimited supply of information residing on individual and corporate computer systems. This product – data –  is mined by hackers for use by themselves, to sell to others, and/or to ransom to the original owners.

IT Support Services CT, NY, NJ, PA, FL


Seven Technology Hacks and Tips to Up Your Security Quotient

When it comes to technology, the hottest issue on the planet right now is cybersecurity. You simply cannot be over-protected when it comes to safeguarding against a data breach or a cyberattack.

Whether you’re concerned about an entire network of computers, or simply your own PC or Mac, making sure you’re operating as safely as possible should always be at the top of your mind. You’ve got to be thinking about using adequate passwords and preventing virus infiltrations, or even the possibility of someone else gaining unwarranted access to your machine.

IT Support Services CT, NY, NJ, PA, FL


Ongoing Security Training is Key to Preventing a Breach

Some things in life are “set-it-and-forget-it.” Things like a Crock-Pot slow-cooker, or your DVR. IT security, however, does not fall into that category.

Instead, especially for businesses – typical targets of cybercrime and data breaches – it’s imperative that employees stay as informed and as equipped as possible about constantly changing threats. And that means they must engage in ongoing security awareness training. Why? Because hackers and cyber-criminals are opportunistic, skilled, relentless, and nimble as cats, readjusting and accelerating their methods and techniques as soon as the good guys figure out ways to stop them.

IT Support Services CT, NY, NJ, PA, FL


Social Engineering in a Digital World

Cyber security is a growing concern for any business. At least it should be.

Most companies correctly invest a great deal in securing their IT systems. They inspect data on the perimeter of their networks, servers and workstations, filter websites that may contain malicious software, and institutionalize policies assuring proper password protection.

The list of measures taken to secure data goes on and on. Yet, cyber criminals are still able to access data. How can they get past these security measures so easily? How can all of these measures be defeated so easily by someone halfway across the world?

The short answer is that they don’t always try to defeat those measures. They simply go around them.

Today, the number-one way hackers access data is by employing a tactic known as spear phishing. Their scheme involves learning as much information about a company as possible, and then using that information to convince someone on the inside to provide the data they are looking for. In short, they use information to manipulate our trust. Obtaining the necessary information to make the appeal is not difficult. Most employees post their job title and the name of their company on LinkedIn or other social media. Many companies list their executive teams on their own website, and sometimes include a bio and even photos. It’s ripe for the picking – by the wrong people.

IT Support Services CT, NY, NJ, PA, FL


The Cost of a Security Breach Could Be Closure

Security breaches stink.

At best, a malware or virus attack is a nuisance and a time-sucker, because – if it hits your business – your employees will be forced to spend their time dealing with endless pop-up ads, slowed-down systems and probably computer crashes.

At worst, a company can lose precious data or experience outages that drag on for days, and even weeks, while IT experts work (often in vain) to recover records, files, account info, content, etc. Your business can be effectively shut down – unable to function – until everything can be restored or reconstructed.

Here’s where the statistics get ugly, and, although they vary somewhat from source to source, they convey a sad story.

Research shows that companies that experience an outage lasting more than 10 days will never fully recover, being burdened with financial challenges that are difficult, in some case even impossible, to overcome.

The National Cyber Security Alliance indicates 60% of small firms go out of business within six months of a breach. 25% will never reopen after a major data loss. And 70% of small firms that experience a major data loss will go out of business in a year.

Even more sobering: 85% of all breaches happen to small businesses. And 32% of all organizations have reported that they’ve been the victim of some form of cyber-crime. Continue reading “The Cost of a Security Breach Could Be Closure”

IT Support Services CT, NY, NJ, PA, FL


Spear Phishing: a New, Targeted Twist on Phishing

You’re probably familiar with the cyberattack known as “phishing.” The hackers and crooks who engage in this send out automated mass emails, which appear to be from well-known institutions, such as banks, or ecommerce leaders, like Amazon.

They hope to catch as many unsuspecting people as possible, who become victims by falling for a ploy that gets them to give up credit card or banking information. Alternately, the email could come harboring a virus or other malware, designed to play havoc on the recipient’s computer or network. And, boom, your data is encrypted for ransom plavix drug.

Spear phishing, the latest twist on phishing, is a more insidious attack, because the hacker uses familiarity with his intended victim to make his entre and do his damage. In a spear-phishing attack, the hacker uses a victim’s web presence – yes, by stalking Facebook, Instagram and Twitter – to glean useful personal bits of info, and then crafts a specifically targeted, manually sent email that appears to be from someone the victim knows.

A spear attack email is likely to:

  • Use the recipient’s first name; instead of “Dear sir,” it’s “Hi Paul.”
  • Come “from” someone known to be associated with the recipient; a boss, coworker, or family member. Usually, however, the actual sender’s address contains just enough of a misspelling to go unnoticed.
  • Begin with a salutation that mentions a “mutual friend” or maybe something the recipient just posted on a social media site, such as a recent vacation or online purchase, in an effort to build trust.

Continue reading “Spear Phishing: a New, Targeted Twist on Phishing”

IT Support Services CT, NY, NJ, PA, FL


Some considerations for using Public Wireless

Let’s face it, we desire to stay connected to the internet at all times. So when we see a sign for free public Wi-Fi, our pulse quickens. While the convenience is great, there are some dangers to joining these public networks that should make us think twice.

When you join a network – any network, from any device – you become a ‘node’ on that network. On a public network, in an airport or hotel for example, hundreds of nodes may be connected. Each device, including yours, may have services, shares or other information available for anyone else on that network to consume. For example, if you share a pictures folder (from your laptop) so someone at home can see it, that folder is viewable by anyone on that public network. So always think about what you’re about to share. If you don’t intend or desire to share anything from your device while on Wi-Fi, you can assure this upon log in. When you join, you’ll be prompted to answer if it is a home, work or public network. Always answer “public,” as that limits what other nodes on the network can see on your device.

So now you are connected to a public network. What do you do to make sure you are secure? Be paranoid. If you are on a public network, assume someone is monitoring and capturing your traffic. Period. Is this really true? Probably not, but eventually, careless use of public Wi-Fi could come back to bite you. So it’s important to make sure that either all of your traffic is encrypted, using a VPN tunnel, or, at least, ensure that you’re always connected to an SSL-encrypted website. Use of encryption defeats the most common tactic used by cyber-crooks, the Man in the Middle (MITM) attack. This attack is run by tricking your device into thinking that another device (the attacker’s) is your gateway to the internet. All of your traffic now passes through the hacker’s device and can be inspected for passwords, credit card numbers, etc. The attacker can also redirect you to a different website or do what is called “SSL stripping” – removing ‘https’ from your URL requests and replacing it with ‘http’. This sends you to an unsecured site, allowing the attacker to view your data in plain text.

IT Support Services CT, NY, NJ, PA, FL


Layered Approach is Best Defense Against Ransomware

Recent news that a hospital in Los Angeles forked over $17,000 in ransom to hackers who infiltrated its record-keeping system, and held the data hostage, renews fears about the safety of our most sensitive information. If hackers can capture records and hold them for ransom – which most companies pay with rapidity, by the way – couldn’t they also compromise the data itself, leading to a compromise in care?

The answer is yes, which is pretty scary. But it appears that, mostly, criminals don’t want to hurt people. They just want to make money – and they know that their victims will take the easiest and quickest path to restoration and simply pay the ransom to retrieve their precious data.

Because no network is invulnerable to the category of cyber-attack known as “ransomware,” the best weapon against them is simply a strong defense. And the best defense is obtained through a layered approach.

The best first line of defense is to have a good firewall. This product filters traffic as it comes into a network. But a firewall out of the box is not enough. It’s important to utilize the firewall’s security services (at additional cost) by licensing the firewalls to unlock features such as:

  • Gateway Anti-virus: anti-virus scanning at the firewall level as internet traffic comes in as opposed to an anti-virus that is on the workstation level.
  • Intrusion prevention: this feature blocks traffic that is identified as a worm/Trojan/or other type of exploit. It also can be configured to block traffic from certain countries where the attacks are known to originate. For example, you can block all traffic coming from Russia or China, two common places of origin.
  • Content filtering: setting up rules based on key words and groups such as “gambling,” “pornography,” “weapons,” etc., as well as categories of sites that are prohibited in a workplace environment, since many of those types of sites contain embedded threats which can infect a user’s machine.

A second layer of defense is to install anti-virus software on the local machine. If traffic does not originate from the internet – such as someone bringing in an infected laptop to the network – it’s important for all other machines to have active anti-virus installed on them.

Of course, technical solutions can never be 100% foolproof, but a layered approach – coupled with consistent monitoring and maintenance, such as patching (which addresses known viruses) – is always non-negotiable.

IT Support Services CT, NY, NJ, PA, FL