Ransomware attacks have increased in sophistication, frequency and demands. In fact, the average ransomware demand in the first quarter of 2020 was $111,605, up 33% from the fourth quarter of 2019. As its name implies, ransomware is a type of malicious software that encrypts your files, and then threatens to either destroy or prevent you from getting access to your data unless some form of ransom is paid. It has even become common for penalties to occur when demands aren’t met. For instance, a number of files may be deleted for every hour a hacker’s demands aren’t met.
Should you pay a ransom if something like this were to happen to your company? Experts seem to agree the answer is no: there’s no guarantee that you’ll really get your data back. Statistically, you only have a 60% chance of recovering your data if you pay the ransom.
The best thing to do is to be proactive and not be put in this position in the first place. Some ways to build a defense:
* Make sure all employees are trained to identify suspicious links and emails;
* Backup your data using the 3-2-1 method. Create 3 copies of your data, 2 different types of storage media (external hard drive & cloud), 1 copy stored off-site.
* Keep operating systems and software up to date with the most current security patches to avoid any vulnerabilities in your system.
It is important to remember that ransomware protection is just a small piece of the cybersecurity pie.
ICC puts a number of cybersecurity tactics in place to minimize exposure and significantly reduce the possibility of an attack. At a minimum, a comprehensive cybersecurity strategy should include email security, network security, monitored backups, test restoring, employee education and Quarterly Cybersecurity Reviews. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption and financial loss.
If you don’t have the right continuity plan in place, your business could be forced to close overnight. Call ICC today to find out how to lower your risk at (970) 821-8592. ICC will work to give you the best defense strategy against a ransomware attack.
December 9, 2021
When it comes to business insurance, most managers think about health insurance, liability insurance, property insurance, but many small businesses don’t think about cyber insurance. If they do, they may not believe their company is big enough to be at risk of a cyber-attack and waive the coverage. The reality is – small companies are often targets of attacks because their network security is less sophisticated than larger companies. A cyber-attack can be very expensive and may have lasting impacts to your operations, reputation, staff and customers.
In today’s digital world, cyber insurance should be part of any company’s list of necessities to help protect its company and client data. Your customers trust that you are keeping their personal information secure. Cyber insurance generally covers your company’s liability for a data breach involving sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records. Insurance companies are becoming more stringent regarding the requirements needed to provide cybersecurity coverage. As cyber-attacks continue to increase, traditional cybersecurity strategies may not be enough to protect your business against an attack. If you are not meeting their outlined requirements, they may deny an insurance claims after a cyber-attack!
When considering cyber insurance, make sure to examine all your needs and discuss the requirements in detail with your agent. Different types of coverage include customer and employee data loss, business interruption and extortion, and payment fraud among others. Cost will depend heavily on your industry, company size and type of coverage.
It is important to remember that cyber insurance is just one small piece of the cybersecurity pie. ICC puts a number of cybersecurity tactics in place to minimize exposure and significantly reduce the possibility of an attack. At a minimum, a comprehensive cybersecurity strategy should include email security, network security, monitored backups, test restoring, employee education and Quarterly Cybersecurity Reviews. If you are missing even one piece of the pie, you may be exposed to cyberattacks and could be faced with significant business disruption.
November 5, 2021
Did you know that 92.4% of all malware is delivered via email? Cyber criminals have become incredibly good at “phishing.” Phishing is the act of sending emails disguised to be from familiar companies or people you may know with the goal to get recipients to reveal personal or financial information. Phishing emails are incredibly deceiving. They can use personal messages and sometimes make the recipient feel even scared if they don’t open the email. SPAM/Phishing filters help prevent many of these attacks, but your team members are your biggest line of defense. Training team members on phishing awareness and security can help significantly reduce your company’s risk of cyberattacks.
In-depth training is necessary to properly condition team members to identify phishing emails. It is not enough to just talk about it, it’s important to go through the steps using simulated phishing scenarios. By participating in ICC’s fake phishing tests, you can see just how many of your team members need to be trained on how to recognize suspicious emails and report them BEFORE opening. This is critical in protecting your network because once they are opened it is too late, and the hackers are already in. The hypothetical phishing scenarios effectively build team members understanding on how to confidently detect and avoid phishing attacks under safe conditions. It is important to conduct frequent training to help team members retain the habit of spotting the “phishy” emails and to stay updated on new solutions. Making the investment to mitigate phishing threats will strengthen and protect your data in the long run.
It is important to remember that phishing training is just a piece of the cybersecurity pie. ICC puts a number of cybersecurity training and tactics in place to significantly reduce the likelihood of an attack and protect your data. At a minimum, a comprehensive cybersecurity strategy should include email security, network security, backups, security updates, team member education, and Quarterly Cybersecurity Reviews to boost your defenses against cybercriminals. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption.
To learn more, check out our latest video about phishing tests. https://www.youtube.com/watch?v=fzo8pt-zXTM
To begin team member “phishing training” give ICC a call at 970-821-8592. Our training is designed to increase awareness, build good habits and make engage everyone involved.
October 13, 2021
There’s a place on the Internet called the dark web, but there’s a good chance you’ve never heard of it. The dark web is a collection of websites on the Internet that is not visible to search engines or the general user. It can only be accessed using special software. Even if you never plan to visit the dark web, you need to be aware of its existence. The dark web is where cybercriminals go to buy and sell illegally obtained materials such as compromised passwords, identity information, payment information, and much more.
Think of the Internet as having three layers. The top layer, which is what we know as the world wide web and where normal webpages reside. This top layer only accounts for 4% of all Internet content.
The next layer is the “deep web.” This would pertain to web pages like healthcare records, payment information, and subscription services – web pages that would contain confidential consumer information and have strong security protocols to access.
The deepest layer–and the one we’re focusing on here–is the dark web. The dark web hosts 6% of all Internet content. That is a scary number when you consider that the dark web serves as a clearinghouse for buying and selling stolen and illegal information. It utilizes specific software and payment methods to ensure anonymity.
If you’re just learning about the dark web, you may be feeling a bit defenseless against it. Luckily, there are ways to protect your business from the dark web. As part of its comprehensive cybersecurity plan, ICC monitors the dark web for your credentials.
It is important to remember that scanning the dark web is just a small piece of the cybersecurity pie. ICC puts several cybersecurity tactics in place to significantly reduce the possibility of an attack and protect your data. At a minimum, a comprehensive cybersecurity strategy should include email security, network security, monitored backups, test restoring, employee education, and Quarterly Cybersecurity Reviews to boost your defenses against cybercriminals. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption.
If you’d like us to do a little digging into the dark web on your behalf and put a full defense plan in place, give ICC a call at (970) 821-8592. You can also check out our latest video about the dark web on YouTube (https://www.youtube.com/watch?v=831BBl6pfEU).
September 14, 2021
The number of data breaches is increasing at an alarming rate and can happen when you least expect them. Your business’s backup strategy is a very important piece of the cybersecurity pie. If a data breach occurs, it is important to remember that time is of the essence. There are many factors to consider when designing your backup and disaster recovery plan.
Some business owners believe their data is being backed up, but that is not always the case. Many times, while onboarding a new client, we discover that their backups have not been working for weeks. If your I.T. provider is not monitoring your backups for completion and/or corruption, you may be exposed to cyber-attacks and could be faced with significant business disruption.
Additionally, when considering your backup needs ICC will review two main factors: RTO and RPO.
If you’re unsure that your system is being properly backed up give ICC a call at (970) 821-8592. ICC will work to give you the best defense strategy against a data breach.
August 16, 2021
No doubt we are living in a fast-paced, high-tech world. What we can accomplish on a computer is getting faster and more efficient, and updates to computer operating systems are coming out quicker than ever. Every month, developers like Microsoft and Apple release updates and patches to their operating systems. This is because they have identified a vulnerability in the code that needs to be fixed before a hacker can exploit the issue.
When an operating system has run its course and can no longer meet the demands of new hardware/software, the developer will introduce a new version and set a date that the old version will no longer be supported. This is known as “End of Life.” When the old version becomes End of Life, this means the developer will no longer issue security updates and patches. Outdated operating systems can present major cybersecurity risks because now the hackers can easily exploit flaws in the code to gain access.
In addition to cybersecurity, there are reasons to patch and upgrade your operating system. As time goes by, an old operating system’s performance will get slower. Employees may look for new features that won’t be available to them because of an outdated system. Additionally, in industries such as finance and healthcare, the operating systems must be current in order to be in compliance with regulatory standards.
Many small companies likely postpone upgrading their systems due to the interruption it may cause, potential software compatibility issues, or a lack of understanding to the severity of an outdated system. That is why ICC takes a systematic approach to the upgrade process and develops a strategy to deal with any problems that may occur. It is critical to proactively manage security tactics to protect your systems from malicious attacks.
It is important to remember that proactive Patch Management is only one small piece of the cybersecurity pie. ICC puts a number of cybersecurity tactics in place to minimize your exposure and significantly reduce the possibility of an attack. At a minimum, a cybersecurity strategy should include patches and updates, email security, network security, monitored backups, employee education, and Quarterly Cybersecurity Reviews. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption.
If you’re unsure about which operating system you are using or how to transition to a supported platform, give ICC a call at (970) 821-8592. We can come up with a plan that is a cost-efficient solution for your business.
Learn more about ICC at iccusa.net.
June 24, 2021
Hacking has become pretty common in the business world. Small businesses especially are frequent targets. Hackers assume small businesses don’t have the expertise or budget to put the proper security in place. Additionally, with more and more employees working from home there is a greater chance of weak links and insecure platforms being used, making it easier for hackers to get into a company’s system. It’s important to stay on top of the many ways hackers are accessing proprietary data. Read on to see ten common tactics hackers are using and how they make your company cyber-vulnerable.
1) Deep Fakes: This term refers to the use of artificial intelligence to manipulate the images of a video. People are lured into watching the video because they think it’s legitimate. They are often used in phishing scams, identity theft and financial fraud.
2) Rampant Ransomware: Ransomware is becoming more complex. It is often spread through phishing emails that contain corrupt attachments or links.
3) Tech Threats: Smartphones and handheld devices are aggressively becoming bigger targets. A cybercriminal can access an entire network through an unprotected mobile device.
4) WiFi Compromises: There is an increased chance that remote employees could inadvertently work on an open or unsecure platform.
5) Website Hacking: This involves the insertion of code into websites to access sensitive data including credit card information.
6) Cloud Attacks: Cyber criminals are aware that the cloud can be a less secure place for sensitive data and will undoubtedly use that to their advantage. Once hackers have access to a cloud service provider, they can use the cloud infrastructure to navigate from one target to another.
7) Spear Phishing: Phishing will continue to be an effective mode of security-breaching.
8) Unsupported Windows 7: Windows recently ended support for Windows 7, meaning its security measures are no longer being updated by Microsoft. Make sure your company’s systems are running on the current operating systems.
9) Untrained Employees: It is important for employers to be aware of the human factor in cyber security. Train employees on how to be cyber-vigilant.
10) Internal Vulnerabilities: Companies tend to grant sensitive data access to too many employees. Plus, companies tend to use the same passwords for multiple platforms, which is never a safe idea.
ICC takes strategic steps to mitigate these security risks and help prevent your company from being attacked. We implement the best tech practices, use new cyber technologies, conduct staff training and testing to identify a cyber adversary, and even come up with an Incidence Response Plan so your company knows how to react to potential threats. To learn more give us a call at 970-821-8592.
May 21, 2021
If your ability to function as a business depends on your I.T. infrastructure, it is essential to conduct regular reviews of your cybersecurity strategy and risks. A Cyber Security Risk Assessment is a comprehensive look at your I.T. infrastructure, identification of vulnerabilities, along with strategic planning of future I.T. needs. If you currently work with an I.T. service provider, don’t automatically assume that they are doing this. Check in with them to make sure.
Generally, a Cyber Security Risk Assessment looks at all of a company’s cybersecurity focuses on things like open ports on a firewall, missing software patches, weak passwords, and email security. Once a review is complete, your I.T. provider should furnish a report that provides an overall risk score, outlines what was reviewed, any discovered concerns and how those concerns should be addressed. ICC, for instance, provides their customers a comprehensive report with recommendations that align with best security practices.
How often your company conducts a Cyber Security Risk Assessments may depend on the type of business. ICC typically runs reviews every quarter. It is important to remember that security threats are constantly evolving and you need regular reviews to understand where you need to invest in order to protect your business.
ICC offers regular cyber reviews of your business in order to provide peace of mind knowing you will be prepared on how to react to a cybersecurity event.
For more information on ICC’s Cyber reviews check out our latest video here. To start putting an I.T. review plan in place for your business, or to see an I.T. review report sample, give us a call at 970-821-8592.
May 12, 2021
Data breaches are an unfortunate reality in the business world these days. Even with the best security measures in place, cybercrime can happen. As much effort as you put into trying to prevent it from happening, it’s smart to make the same efforts in preparing for when it happens. That includes understanding how long it will take to recover from the incident and be up and running again.
There are so many factors that can influence the amount of time it will take to recover from a breach. How much data do you have? What is your current backup solution? What type of data is it? Where is your data being stored? Has someone been monitoring the backups for completion and integrity? Is your server virtualized?
There are two strategies devised to answer those questions and to help develop the best plan to regain system functionality and restore lost data in the event of a breach:
Together, RPO and RTO help determine your system’s capacities and limitations to make your recovery plan as efficient as possible. The better the plan, the quicker the recovery will be, restoring data in minutes as opposed to days. However, data recovery plans are not one size fits all. The strategy for RPO is very different than RTO and it is important to design your backups and plans accordingly.
We get that this may be too much to assess on your own. You can rely on ICC to help you define the best strategy for data recovery. To learn more, visit our YouTube video (at https://www.youtube.com/watch?v=gHLn6xXgffk) or give us a call at 970-821-8592.
April 16, 2021
As a small business, it is important to have a plan in place that allows you to act strategically and swiftly when a cybersecurity incident occurs, like data loss or service outage that threatens daily work. An Incident Response Plan is a written set of instructions to help your staff detect a security breach, know how to respond to it, and what protocols to follow. The plan should encompass different types of cybercrime that could happen and what to do in each scenario. The plan may also include a list of personnel with their respective responsibilities. In addition to IT staff, the list of personnel may include legal, human resources, and public relations members.
There are generally six factors that will impact an Incident Response Plan:
By developing an Incident Response Plan, you are taking proactive steps to protect your company and your customers’ data, maintain a healthy reputation in the community, and avoid having to pay large amounts of money in the case of a ransomware attack. With cyberattacks up over 300% since the onset of COVID-19, having a plan allows you to have peace of mind knowing that a strategy is in place for keeping the business running in the event of a breach.
Many small businesses often don’t have the staff and expertise to come up with and maintain an Incident Response Plan. ICC can help you understand and put a comprehensive plan together so you can rest assured knowing you are prepared. ICC can also play a critical role in the implementation of the plan, technology, and any future troubleshooting.
For more information, or to get started, call ICC at 970.821.8592 or visit our website at iccusa.net.
March 23, 2021