What is a data breach?

What is a data breach?
So what is a data breach?  Simply put, a data breach is when an individual’s name plus a Social Security number, driver’s license number, medical record or financial record (credit/debit cards included) is exposed because of a hacker. This exposure can occur either electronically or in paper format. Many times, these breaches consist of the exposure of user names, emails and passwords, sometimes without involving sensitive personal identifying information. However, there is a growing trend of breaches upon companies and organizations which are exposing very sensitive information at an alarming rate.

Who does a breach affect?
Breaches impact all sorts of industries, from medical organizations, government agencies, as well as companies large and small. Some of these companies have made recent headlines; (click each company for details) Target, Michaels, Home Depot, Kmart, (click this for a full list of these breaches.) These organizations have all reported data breeches that affected millions of customers and patients.

What’s the cost?
So if your company was unfortunate enough to have one of these data breaches, you know that you are looking at all sorts of problems that you may or may not be prepared for. The fact is that a data breach can sink your business costing thousands to millions of dollars in legal fees and other expenses, if you’re not properly protected.

What about my business’s reputation?
Breaches happen, but did you ever wonder how these data breaches actually affect an organization’s reputation? Well a new survey recently found that it takes an average of one year (sometimes longer) for a victim organization to restore its reputation after a hack. Can your business survive a full year before regaining its reputation? If you like most other businesses probably not.
Related article [ Protect Your Business From Being The Next Victim Of Cyber Crime ]

What do I do to protect my business from data breach?
Jim Slick, CEO of Slick Cyber Systems, a security and networking expert for more than 30 years, recommends that every business should perform a risk analysis to understand where you’re business’s possible weakness’s exists. If you are unable to perform a risk analysis, then contact an expert to help review systems. The security experts will be able to provide guidance and then develop a plan to either eliminate or mitigate as much of the risk as possible. If you have a plan, make sure that the plan is updated and tested so that everyone within the company understands that security does not just belong to your I.T. dept., but is a shared responsibility of every employee and executive of the company. Still have questions contact Jim Slick at (570) 371-5800, or visit him online at www.slickcybersystems.com.

Don’t Be A Victim of Spear Phishing

Most of us have heard of email phishing (pronounced fishing), but have you heard of spear phishing?  Maybe not, but this is the latest twist on a phishing scam.
Spear phishing starts out as an email that appears to be from someone you know, whether it is an individual or business. However this is not from friends, family or businesses you deal with. In reality it’s from the same criminals who want to get a hold of your credit card, bank account, passwords and critical data stored on your computer.
Because the email seems legitimate and come from someone you know, you might be less vigilant and give them the information they ask for. And when it’s a company you know asking for urgent action, you may be tempted to act before thinking.

So how do you become a target of a spear phisher and his attack? In large part this is from the information you put on the Internet from your PC or smartphone. The scammers search social networking and other sites to find your page, which contains everything from your email address to friend’s information and all the post where you may be sharing to much personal information about. Using this information, a spear phisher will sometimes pose as a friend, send you an email, and ask you for something like a password to a website. If you respond with the password, they’ll try that password and variations to try to access your account on that online retail site you mentioned. If they find the right password, they’ll use it to buy all sorts of expensive gifts for themselves with your credit card. Sometimes a spear phisher might use your information to pose as somebody from the online retailer like and ask you to reset your password, or re-verify your credit card number. If you do, be sure they will cause you great financial harm.

Keep Your Secrets Secret
This may seem like common sense, but please keep your secrets, SECRET! The safety of your information depends in large part on you being careful with it. So take a look at your online presence, and see how much information about you is out there. Google your name, email address, even friends’ names and their email addresses. See what information you can find because its that simple you could be unknowingly compromising your safety, and that of your friends by sharing too much on popular social networking sites.
So take a moment to look at your posts. Be sure that there isn’t anything out there you don’t want a scammer to know? This also includes posting something on a friend’s page that might reveal a little too much about you. Always use common sense.

Use Passwords That Work
If you think about your passwords, do you use just one or an easy to figure out variations of this one password? Well, if you do either of these, stop now, because you’re making it easy for a scammer to get access to your personal financial information. I know it’s a pain, but every password for every site you visit needs to be different. Not just a little different, I mean really different to properly ensure your online safety. Be sure to use random letters and number combinations as these work best. Also don’t forget to change them frequently. Also don’t write them down and leave them next to your computer as this could compromise your security also If you need a little help remembering all the passwords. Use software that is secure, which can help you keep track of your passwords easily. (Need help with picking this software give Slick Cyber Systems a Call?)

Don’t Forget About Patches, Updates, and Security Software.
Be sure to utilize security software to include malware, and anti-virus software to fully protect your computers from these nasty little programs, which are designed to steal from you. Also when you get a notice from your software vendors to update your software, please do it. When you delay or neglect updating software this is when problems happen , which can infect your computer. Remember most operating systems and browsers updates include security patches and will help prevent many problems so don’t forget them. Because your name and email address may be all it takes for a hacker to slip through a security hole into your system. And it almost goes without saying, you should be protected by Internet security software, and it should always be up to date.

Please Be Smart
Should a “friend” email you asking for a password or other information? Please be smart and call whenever possible. If calling them is not possible, then email (in a separate email) the friend in question to verify that they were the one who really contacted you. Needless to say the same goes for banks and businesses you deal with. Legitimate businesses won’t email you asking for passwords or account numbers. If you think the email might be real, always call the bank or business and ask but never click links in the email or supply passwords.

Very important always remember: Don’t give up too much personal information online, because you never know who might use it against you or when.
Slick Cyber Systems recommends to any business that may have question please call (570) 371-5800 to discuss “Spear Phishing” or any other security questions you might have. You can also vist us on line at Slick Cyber System.

Shellshock BASH flaw leaves Mac OS X, Linux, and more open to attack!

Security experts recently discovered a flaw in the widely used Unix Bash shell, leaving Linux machines, Mac OS X machines, firewalls, routers, and many more devices vulnerable to attack.  The vulnerability, “Shellshock”, apparently has been in the BASH (Born Again Shell) code for many years.

So why is this important?  A very large number of web-connected devices such as web servers, Mac OS X, and web-powered services which run on Linux-based devices have the BASH shell as part of the core operating system.  The Shellshock issue runs very deep because of the vast number of devices running the Linux kernel. Shellshock’s roots are so deep which means that the vulnerability will still are found in unpatched systems for the foreseeable future.

In fact researchers are seeing evidence of the Shellshock BASH bug being exploited by cyber criminals.  At least one exploit attempted to install a denial of service attack bot which guess the login information for the affected servers using a list of commonly used passwords.

[Is Hacking a Website To Steal My Information Easy?]

What does this mean?

Apple, who is affected by this issue will no doubt apply patches the OS X as quickly as possible, however it’s impossible to know just how far this flaw reaches.  This issue is likely to linger on in neglected websites, older routers, and older devices—many of which are impossible to patch—providing an opening for determined hackers to sneak into those systems.

So what should you do?

Well In short, you need to watch for security updates, particularly on OS X.  Also be sure to keep an eye on any guidance you may get from your ISP or your Managed Service Provider. [Managed Services, Why Do I Want Them?] As always be cautious of emails requesting information or instructing you to run software – events like this are often followed by phishing attacks that capitalize on consumers’ fears.”

Slick Cyber Systems recommends contacting a trusted I.T. partner to discuss any concerns or questions you might have.   Or contact a member of Slick Cyber Systems tech team to discuss any concerns you may have at (570) 371-5800 or visit us online at www.slickcybersystems.com

Why backup to the cloud?

With the ever growing complexity and volume of corporate information that is created every day, corporations face the cold hard truth; without your data, you have no business … data IS the business. This is why it’s critical to have a dependable modern system to safeguard your company’s valuable business data. Cloud backup, recovery and restoration options have performed and emerged as the best most secure, cost-effective solution. Still not convinced?  We’ll take a look at a few of the key advantages that cloud can offer your business.

1. The reliability of backups and speed of recovery are improved. Tape drives are extremely unreliable for data backup. In fact it’s very common for a tape drive to malfunction without giving any warning signs whatsoever. Too often backup tapes will contain data, but won’t allow you to retrieve that data. However a cloud backup and recovery system instantly restores data regardless of your location, including individual files, the most common type of data recovery. By working with a managed service provider, you can establish Recovery Time Objectives and Recovery Point Objectives that match your business requirements.

2. Security, security, security. The security of your company’s important data is critical. Files selected for backup are encrypted before transmission to a cloud vault and remain encrypted once they reach their destination. The only decryption key resides with the customer, and these safeguards are superior to unencrypted on premise data backup and recovery systems.

3. Once you select a backup schedule, your company’s data is saved automatically, providing an transparent solution. Think of this as a set it and forget it model. This results in less operational and administrative management for data backup.

4. Smarter use of your IT resources A cloud backup, recovery and restore solution allows your business to redirect valuable IT resources to more pressing challenges or strategic initiatives within your organization. The inherent scalability of cloud backup makes it easy to evolve as your business data environment grows and changes.

5. Compliance safeguards Although your company will continue to assume liability for data security when moving to cloud backup, a provider using multiple data centers that are geographically diverse can offer a backup solution with more reliability and redundancy than tape backup.

6. Tape backup have many shortcomings, so eliminate them. If you weren’t already aware of this, but tape backups are often expensive. Not to mention vulnerable to obsolescence. Tape can be lost, or worse they can be stolen when storing or transporting off-site. What can be worse is recovering data from a tape system. It can be slow process, especially if a tape needs to be retrieved from an off-site vault. Want to learn more?

Switching to a cloud-based backup system in today’s business environment it is an important decision that requires a clear understanding of how such a solution will integrate into your business. Also know that all cloud backup solutions are not created equal.  To get answers to the most common questions that companies have about cloud backup, contact Slick Cyber Systems online or call (570) 371-5800 for more information.

Related Posts

Is Hacking a Website To Steal My Information Easy?

Managed Services, Why Do I Want Them?

HEARTBLEED BUG (Real or Hype?)

Protect Your Business From Being The Next Victim Of Cyber Crime

An alarming trend of high profile security breaches seems to be happening almost daily. So what should you do? Well if you are the Owner, CEO or Executive of a business, you need to pay attention to this trend. You can’t just sit back and hope that your business won’t be the next victim.

Everyone was made aware of Target’s highly public security breech last year, and more recently Home Depot; along with grocery chain SuperValu, and health care provider Community Health Systems.  These organizations have all reported data breeches that affected millions of customers and patients. Jim Slick, CEO of Slick Cyber Systems, a IT Managed Service Provider and security professional, said it is crucial that business strengthen efforts to thwart cybercriminals from making your business their next victim.

Slick said that for small to medium businesses the key is to build your security as an ongoing process, not just a singular event. This process is best when is consists of several layers of security:

1. Be sure to perform ongoing penetration tests to secure the operating system of external-facing servers.
2. Slick said the often hackers try to exploit software and application weakness. These exploits allow the hackers the ability to escalate privileges, access security pages ultimately compromising servers.
3. Every business should install security software that monitors web traffic by detecting unusual behavior. Using this can provide useful insight to get advanced warning of any potential attack.
4. Install adaptive authentication technologies, which are usually integrated into an application’s login page, to add an additional layer of security to an application. Slick went on to say that these adaptive authentication technologies monitor and authenticate online activities in real time by correlating behavioral analysis, profiling devices and data feeds from fraud networks.
5. An equally important piece is to block malicious, by utilizing application firewalls in front of all external facing web servers.

Call Slick Cyber Systems today at 888-850-8882 if you’d like to take the first steps in securing your customer data.

In business you need to watch your apps.

So you think you are safe when collecting an ex-employee’s mobile phone or computer? Maybe not…

Many businesses leave themselves open to possible vulnerabilities, because they don’t control cloud based accounts, according to new research from Intermedia and Osterman Research.

All too often this is not something that businesses think about when an employee leave or the company decides to layoff or terminate an employee. More often businesses are concerned with getting back mobile phones, computers and paperwork but just miss opportunities to control cloud applications and “I.P.” or intellectual property. Due to explosive growth of cloud applications employees often have access to virtually everything. Making it difficult for companies to protect and secure I.P.

Intermedia research shows that up to 89% of all ex-employees leave with passwords, and continue to access cloud applications like Salesforce, email, Facebook and other sensitive business applications , even though they no longer work at the company. And of those respondents who still have access, 45% said they retained full access to confidential information while 49% admitted to logging on after leaving the company.

Reasons seem to vary why companies are letting employees leave with passwords and active account information; the survey also found that problems seemed to occur during the off boarding process.

These lapses in security are troubling to say the least. Many companies are making it far too easy for former employees to leave with work files stored in personal cloud services. Many of these former employees are utilizing cloud storage services like Dropbox for their work and personal data often blending the two. When they leave they still have access to all the work data that is stored in the cloud. According to the survey, 68% of respondents said they walked away with company data and 88% said they retained access to the file-sharing services they used at their old job. So when an employee leaves, he or she still has access to all that work data being stored in the cloud.

So what can you expect to face with weak or non-existent approach to controlling business apps? Well it could mean stolen secrets, lost data, and security breaches not to mention regulatory compliance failures. You could also see sabotage and hacker attacks, all of which mean more money to fix.

Jim Slick of Slick Cyber Systems said, “Your business doesn’t need to be another statistic. You can implement procedures to ensure the safety of your business data.  You should implement more rigorous practices during the onboarding and off boarding of employees,” says Jim. . He went on to say, “It’s also a good idea to never share logins. You would never share logins to your personal bank account or other personal secure data, then why would you for business apps?” Jim said, “Unfortunately some businesses think they are saving money having everyone login using the same shared login, but this is not a good practice for statistical and other obvious reasons.”

Jim said, “During the hiring process, having a policy in place outlining what apps are approved and which ones are not should be used. Also, during the off boarding process, a list should include every application the employee has access to and secure them properly upon their exit.  Much of this is common sense, but business don’t do it”.

Need help developing a plan or understanding more about securing your data, business apps or cloud security contact Slick Cyber Systems on the web at www.slickcybersystems.com or call 1-888-850-8882.

Software can reduce the stress of small business.

Specialized business software like an ERP or CRM can reduce the stress of small business.  Small businesses, like boutique soap manufactures or candy makers have dreams and goals like any other business, but often those dreams are challenged daily unpredictability. Like how do I grow my revenues? Or how do I justify new capital equipment on those revenues? Not to mention how do you deal with product seasonality and even worse rising material costs?
Well unfortunately these challenges won’t go away, but your business can mitigate the impact by having a greater visibility on the key fundamentals of your business. This visibility can be the ultimate stress reducer, by letting you adjust to higher supplier costs or help you determine if it’s time to hire workers. With this extra level of visibility you can predict the upswing in business making you more nimble. Giving you the tools and ability to see trends and identify threats and opportunities before they happen is the best way to keep your business dream on track.

The bottom line?

Actually it’s the bottom line and the top line — with business software you have better control over both. Yes, it has taken years for ERP to evolve to the point where it could be relevant to small manufacturers, but now that it is, there’s no reason to delay. Thanks to the cloud and software that’s designed to work expressly for small and medium sized businesses, fears of cost and complexity are no longer justified and it’s finally time to let business software help your business dream become a reality.
Slick Cyber Systems can help you determine what software will help reduce your business stress call us today at 570-371-5800.

TSA Announces That Uncharged Devices Banned from Some Flights

The U.S. Transportation Security Administration has recently announced a change of a rule regarding electronic devices. The TSA will NO Longer allow uncharged devices such as mobile phones or other electronic devices on U.S. bound airplanes at many overseas airports.

This change in policy is part of the TSA’s effort to strengthen security at airports following credible intelligence that Islamic terror groups are planning on blowing up airliners.

These certain international airports will require passengers during security screening to turn on electronic devices such as tablets, mobile phones or laptops. If the devices you’re traveling with do not have power or cannot turn on the device will not be allowed on the plane.

In a written statement, the TSA said: “As the travelling public knows all electronic devices are screened by security officers. During the security examination, officers may also ask that owners power up some devices, including cell phones.

“Powerless devices will not be permitted onboard the aircraft. The traveler may also undergo additional screening.”
It appears that U.S. officials are concerned that these extremist groups have devised a method of turning mobile devices such as tablets or mobile phones into explosives.

Little is known about the intelligence concerning this threat, so the TSA has not specified which airports will be subject to the extra security regarding your mobile electronics.

I guess the moral of this story is to be sure to top off your mobile device to ensure its fully charged before heading off to the airport for your vacations adventures this summer.

Windows 8 Free + Windows Phones set to drop below $200.00

In a recent report by Reuters it appears that Microsoft is going to drive down prices of Windows devices and offer Windows 8 free this year. Do you have a windows phone yet? Will this make you consider windows for your mobile phones or tablets?
Consumers can expect prices of tablets and smartphones running Microsoft software to dip below $200 this year, says the company’s vice president of OEM partners Nick Parker. “We’ll reach price points that are very industry competitive for 7, 8, 10-inch devices,” Parker said, speaking to reporters after his keynote at Computex, Asia’s largest computing show. “They will really surprise you. Last year, we were in the 3s, 4s, 500 dollars. This year, we’ll be 1s, 2s, 3s.”  He also said some Windows Phone smartphones will sell for under $200 in certain markets this year.
The fast fall in prices for Windows 8 devices is the result of Microsoft’s aggressive efforts this year to gain market share in the mobile sector. The market is dominated by Google, which offers its Android operating system for free to handset and tablet developers. While Microsoft has traditionally charged for its software, it made Windows free this year for devices smaller than 9 inches, in an effort to bring the prices of Windows mobile devices closer in line to those running Android. The company also relaxed certification requirements for mobile devices, reached out to new manufacturing partners and made other efforts to encourage development of Windows tablets and smartphones.
Microsoft’s share of the tablet market was less than 4% last year, according to research firm IDC. Parker declined to say if the free offering of Windows is a permanent strategy for the company, or if it will return to charging next year.
But he emphasized that Microsoft had other ways to make money besides Windows licensing fees, such as the “freemium” model of its Skype video chat service and the launch of Office 365, which allows users to rent the software for a year instead of buying it.

Oleg Pliss stole my iPhone. Who’s Oleg Pliss?

A large number of iPhone users have been reporting recently that their beloved iPhones and iPads have come under attack. The attacks are taking the devices hostage and locking the owners out of them and going so far as to demand that they pay a ransom to get their devices unlocked.

It seems that the attack works by first compromising the iCloud account which are associated with these disabled devices. The Apple support form discussion first appeared Early Sunday Morning, but seemed to gather some steam and currently has several hundred posts of users experiencing the same issue.

The devices that have been commandeered seem to emit a loud tone, which is associated with a feature used to help find lost or misplaced devices. The devices even display a message “Device hacked by Oleg Pliss. For unlock device, you need send voucher code by 100 usd/eur (Moneypack/Ukash/PaySafeCard) to email:lock404@hotmail.com for unlock.”

There have even been some reports that if a user hasn’t assigned a strong passcode locking the device against hackers or other prying eyes, then the phone can only be unlocked by performing a factory reset. If you not familiar what this does it completely erases all stored data, contacts, apps, pictures, from the phone and returns the phone to factory default.

PC users have seen similar variations of this scam before which is referred to as a ransonware scam. In fact Google’s Android OS also was targeted by similar scams just a few weeks ago, but now iPhone, iPad users are getting familiar with the frustration caused by this most recent scam.

The forum that reported the issue seem to provide some solid proof that victims of this scam have had their Apple ID’s and passwords compromised. This allowed the attackers to remotely lock the connected iPhones or iPads with Apple’s own “Find My iPhone service”.

No one is certain how the iCloud accounts were compromised by these attackers. It is certainly possible that these accounts were compromised by hijackers who may have performed standard phishing attacks, or maybe even hacked password databases getting ahold of user credentials allowing them to hold these devices for ransom.

So what can I do to stop my iPhone or iPad from being stolen by Oleg or any other hacker?
Well first users are advised by Slick Cyber Systems to randomly generate long passwords that are unique to their iCloud account. It is also recommended to enable the two factor authentication and always use unique passwords for each device, never reuse passwords.

Users with a locked device are recommended to immediately try changing their Apple ID credentials and we highly recommend that the two-factor authentication is set up. In the event their locked device did not have a passcode associated with it, you can perform a factory reset by using a cable to plug the device into their computer while iTunes is open.

For additional help reclaiming your devices or help understanding how to make your technology as secure as possible please contact Slick Cyber Systems to have a full evaluation of your network by calling (570) 371-5800, or visiting us online at www.slickcybersystems.com.