Keeping Your Network Secure While Working From Home

Many of us are having to work from home (WFH) right now. While most companies focus on the logistics of converting their workflows and file access so that employees can get all aspects of their job completed one critical thing that tends to be often overlooked is security. Because of this there are some bad actors out there who are trying to take advantage of the situation. Hackers find it much easier to gain access to your work computer or network through a Comcast or Verizon router than through an enterprise-grade piece of hardware (which is why a corporate firewall can be well over $1000 and a home firewall is often only around $100).
Luckily there is a wide range of ways for remote workers to amp up their cybersecurity practices. As a Managed Security Services Provider (MSSP) it is our mission to keep both your network and your employees safe while working from home.
Let’s take a look at a few things you can do to help yourself your employees and your business improve WFH network security practices.

Educate Your Employees On Best Work From Home Policies

They’re the most important part of your network but also the most vulnerable so ensure that they have the tools they need to become an asset rather than a liability.
Education Education Education! Try simulation training videos with Q&A to get your employees familiar with the tools and programs you’re using to work remotely.
Use a VPN Regularly
A Virtual Private Network (VPN) has a wide range of use cases one of which is improved security by creating a secure connection between your home and the corporate network. Pretty much all businesses that use a network should invest in a VPN but especially businesses that have a lot of remote workers.

Invest in Corporate Antivirus

Hopefully your employees’ work computers already have both antivirus and antimalware keeping them secure but what about your employee’s home computers that are now connecting to your network and to your customers? If you think you don’t need to invest in antivirus think again. Not only do you need to protect your network your computers and the remote devices that connect to your business’s software but those items need to be protected by corporate-level antivirus software.

Always Use 2-Factor Authentication

Two-factor or multi-factor authentication (2FA or MFA) is a very basic and effective security measure to take for anything that involves a login or password within your applications. Most companies are now offering this feature but you need to dig into the settings to enable it and get it configured. Whenever it is available it should be required for all employees. No exceptions!

Use Cloud Storage

If you’re not using cloud storage for the myriad of use cases it offers you’re falling behind the competition. Improved security is just one aspect of the cloud that makes it so useful for homing data and applications. Anyone who was on the cloud before the pandemic hit was ahead of the curve and got a big jump on keeping their business running during the transition.

Commit to Face-to-Face Virtual Meetings Regularly

For important discussions and sensitive information opt for face-to-face meetings through platforms like Zoom instead of email or another simplistic platform that could be easily compromised.

Let the Pros Take Care of Tech and Security Maintenance for Your Business

The Logic Group will take on the task of figuring out all of the tech and security practices for your company so that you can stay focused on more important things like actually running your business and focusing on customer service. We provide 100% Unlimited Support at a Flat Monthly Rate. This includes No Travel Charges genuine Sigh-Free Customer Experience with passionate and helpful reps Tiered Cybersecurity (with employee training) and 24/7 Emergency Support. The Logic Group specializes in a variety of niches including Healthcare Pharma Legal Financial and Data Security.
Call us today to ask us about how we can add multiple layers of protection alongside your existing in-house IT Team. In a world of isolation we enjoy working with others! Get in touch with The Logic Group to learn how you can take your business’s work from home experience to the next level today!

Digital Security Tips | Blog | The Logic Group

Here’s a tip for business travelers. Just because a webpage looks like the official site of your favorite hotel chain doesn’t necessarily mean it is. Before you reserve a room for your next out-of-town meeting or family vacation make sure you know who’s at the other end of that BOOK NOW button.

The internet offers savvy travelers lots of options for getting the best deal on hotels. You can contact a property directly book through a hotel chain’s website or toll-free number visit one of those travel comparison sites or use a third-party online hotel reservation service. The choice is yours – but make sure it’s an informed choice. Some third-party sites clearly disclose that they’re not affiliated with the hotel. Others appear to mimic the look of a chain’s official site making it tougher for consumers to know who they’re doing business with.

Why would it make a difference to travelers? According to some reports people have arrived at their destination only to find there’s no record of a reservation in their name. Another concern: Reservations made through a third-party site may not count toward a hotel’s rewards program. In other instances special requests made through a third-party site may not be conveyed to the property where you’ll be staying. Another potential risk is that third-party sites could have policies about things like pre-payment cancellations or refunds that differ from the chains you’re used to dealing with directly.

How you decide to book a room for your next trip is up to you but getting the straight story about who’s handling the reservation isn’t always easy. If you type a hotel name into a search engine it’s unwise to assume that the first result that pops up will always be the official site. Some third-party reservation companies pay for the top spot on the results page or buy prominent space on the right.

What about looking for the names logos or URLs of familiar chains? Some third-party sites look a lot like the official sites so you can’t rely just on the usual visual cues. Calling a number listed online can be problematic because some third-party sites use call centers that are hard to distinguish from a chain’s official reservation line.

What steps can a traveler take to be better informed?

  • If it’s important to you to book directly through the hotel chain consider using the toll-free number or URL on your rewards card or featured in the company’s TV or print ads.
  • Whether you choose to book through a chain or through a third-party site read the details carefully with an eye out for any fees or surcharges that may lurk in the fine print or behind vaguely labeled hyperlinks.
  • If you received an email confirmation travel with a printed copy or have it easily accessible on your smartphone.
  • Before you hit the road use a number you know to be genuine to call the hotel directly. Double-check that your reservation is in the system.
  • Share these tips with your company travel office or anyone else who makes reservations on behalf of your business.

Combat Digital Theft | Blog | The Logic Group

Whether you’re traveling for business or leisure this summer chances are that as a small business owner you’ll be working on your trip. But with unsecured Wi-Fi hotspots and the potential for physical theft among other risks there are several steps you need to take to ensure security issues don’t interrupt your productivity.

Use these tips to keep your devices and data safe on the road.

Before you go

  • Back up your devices before you leave and make sure current updated security software is installed—including on your phone and tablet.
  • Ensure your current data and documents are stored securely in the cloud so that you can access your files from a borrowed device or computer even if you lose your laptop or tablet.
  • Set up features that enable remotely locking and wiping devices in case they’re lost or stolen.
  • Secure all your devices with a password or PIN. You may not use a password to log in to your laptop every day at work but on the road this additional step adds a layer of protection.
  • Encrypt your mobile devices (go to settings/security).
  • Set up a virtual private network (VPN) at work that you can use on the road to connect to the Internet. The VPN encrypts everything you do online protecting your data and devices.
  • Bring only what you really need. You probably don’t need both a laptop and a tablet. The more you bring the greater your risk for physical and digital theft.

On the road

  • Keep your eyes—or your hands—on your device at all times. It sounds paranoid but physical theft is as big a risk as data theft. Never leave your laptop phone or tablet lying around even for a moment. The cafés coffeehouses airports and hotel lobbies that travelers frequent are home to pickpockets and thieves waiting for someone to get distracted. When leaving your hotel room put electronics you’re not taking in the in-room safe.
  • Turn off Wi-Fi and Bluetooth when you’re not using your devices to prevent them from accidentally connecting to a cybercrook’s network.
  • Stay off public computers. If you must assume everything you do is being watched so don’t input any sensitive information or connect to your business network.
  • Avoid public wireless hotspots. If you must use this type of network never buy anything connect to your business network or input passwords.
  • If you don’t have VPN Use secure browsing which you can set up within the “preferences” of your Internet browser. (You’ll know you are browsing securely if the URL of the webpage you’re on starts with HTTPS instead of HTTP.)
  • Look under “settings” on your smartphone to see if your phone enables setting up a private mobile hotspot. Most newer phones offer this feature which provides added security.

Take these precautions before it’s too late—it’s expensive and potentially damaging to business if you learn the lesson the hard way. Even if you can’t take every one of these steps each one you do take increases your chances of keeping your business information safer while you’re on the road.

Cybercrimes & Small Businesses | Blog | The Logic Group

Many small business owners think that cybercrimes only happens to Fortune 500 companies or government agencies.  They’re wrong!  While the potential for gain is higher with larger entities many have protections in place to combat hackers.  Most small businesses don’t.
With extremely valuable data such as customer records intellectual property customer credit card information financial information employee records and business correspondence small businesses are increasingly becoming the target of hackers.  In their 2018 Cyber Risk report Hiscox stated that forty‑seven percent of small businesses suffered at least one cyber attack in the past 12 months.  That’s right nearly half of all small businesses have been attacked once and many have been attacked multiple times.
A majority of small business owners don’t have plans in place to deter attacks or detect them early.  Also as you know small businesses also lack the capabilities to grapple with the financial losses associated with a data breach.  While cyber insurance can help sixty-percent of small businesses will go out of business due to the inability to recover within six months of experiencing a cyber attack.
The good news is that there are ways to fight back.
Small businesses can take steps to counter this evolving threat. Companies can protect themselves with simple and cost-effective ways.

Phishing |General Malware | Compromised or Stolen devices

Malicious insider |Ransomware

 
The list above represents some of the most common threats small businesses encounter.  Since many of these attacks are using social engineering targeting employees by sending emails appearing to be from known contacts or companies in order to convince individuals to share personal information such as passwords and credit card numbers.
Implementing a training program on these schemes is critical. This is a proven way to reduce the likelihood that one (or multiple) employees will open a nefarious email by helping to better identify one.  Additionally training your team on the proper ways to create and manage passwords is important and easy.  Best practices are to use long passphrases (including numbers letters and special characters) implement 2-factor authentication and apply password encryption.
Other steps your business should consider are securing your access to the Internet using antispyware and antivirus software implement data policies and procedures and lock down your mobile devices.
You can also consult with your internal technology team or a full-service IT and network services provider like The Logic Group to help develop a plan for mitigating the impact of cybercrimes.
Contact the Logic Group today to get a free evaluation of your current situation.

Phishing and Ransomware | Blog | The Logic Group

Let’s start with phishing. Phishing is a cybercrime in which a target or targets are contacted by email telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information (PII) banking credit card details and passwords.
The information is then used to access important accounts and can result in identity theft and financial loss.
Unfortunately this type of cybercrime is alive and well. Do your employees know how to spot a phishing email? If not your entire office may be at risk. Depending on the complexity of the scam once a link is clicked the attacker can have instant access to precious data. Other programs may be slower to infiltrate your systems. Either way you need to be prepared.
We’ve got you covered. A well-designed security program that starts with employee education will protect your infrastructure with perimeter security access control authentication data integrity and confidentiality and anomaly detection. This is our wheelhouse. We specialize in custom security systems specified to your needs. And you’d be surprised at the cost! It shouldn’t cost an arm and a leg to protect your business. And with us it won’t.
Next up is ransomware which we’ve seen less of in the past few years. Nonetheless it is important to secure your systems so this may never harm your company. Because if it did it may cost enough to shut down your business for good. (Read about cybercrime here.)
Ransomware is a form of malicious software (or malware) that once it’s taken over your computer threatens you with harm usually by denying you access to your data. The attacker demands a ransom from the victim promising — not always truthfully — to restore access to the data upon payment.
Here are some ways to prevent ransomware:
  • Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.
  • Don’t install software or give it administrative privileges unless you know exactly what it is and what it does.
  • Install antivirus software which detects malicious programs like ransomware as they arrive and whitelisting software which prevents unauthorized applications from executing in the first place.
  • And of course back up your files frequently and automatically! That won’t stop a malware attack but it can make the damage caused by one much less significant.
We work tirelessly so that you can rest assured your business is protected. Give us a call today to find out your options.
610-293-2077
 

What Constitutes Effective Security Measures in Your Business?

What Constitutes Effective Security Measures in Your Business?

What Can We Do Internally to Train Our Employees?

The combination of an effective security program and employee training is crucial in keeping your business safe.
Employees are a critical part of an organization’s defense against many IT security threats. Just as having the correct technology solutions is important training personnel to recognize security threats is a critical part of any security strategy.
Training that does not engage employees or provide for continuous learning and reinforcement is not sufficient to truly make employees more security aware.
Cybersecurity employee training best practices include:
1. Complying with all local and federal laws and regulations.
2. Getting everyone on board.  The entire organization — it must be all are nothing.
3. Establishing a required baseline of assessment.
4. Creating a system of clear communication about the program.
5. Making the training intriguing and at least a bit entertaining.
6. Enforcing reviewing and repeating no set it and forget it or one and done.
7. Creating a culture of reinforcement and motivation for constant vigilance and learning.
Ivan Dimov of the Infosec Institute gathered these statistics on the effectiveness of security awareness training from a variety of sources:
  • 50% of Internet users receive at least one phishing email daily.
  • 97% of people cannot identify a phishing email and 4% of people actually click them.
  • 42% of responders to the US state of cybercrime survey asserted that security awareness training of new employees helps to deter attacks.
The same report indicated companies without security awareness training for employees suffered 322% higher financial loss to the server security.
How to Start a Security Awareness Training Program
1. Be persistent
2. Make it mandatory
3. Make it interesting so people actually do it
4. Stress the importance of security at work and at home
5. Reward employees who discover phishing emails
In the past companies tech resources could train employees once a year on best practices for security. Most organizations will conduct annual training and think it’s one and done. But that’s not enough.
Security training should continue throughout the year at all levels of the organization specific to each employee’s job. If you’re an end-user there has to be training associated with the types of attacks you may receive  for example a text or an email.  If you are in IT the attacks may be more technical in nature.
It really is the case of understanding how the threat landscape continues to evolve relative to these attacks and keep IT technical security training current.
Reach out to learn how The Logic Group can help your company protect itself from the potential losses associated with an IT security threat.
 

If It Happened to Them It Can Happen to You and Your Small Business

If It Happened to Them It Can Happen to You and Your Small Business

We often speak of the importance of computer security for your business but rarely give you examples of WHY these systems and procedures are critical.
Here are some cautionary tales of recent events that illustrate how it could happen to you.
A recent computer virus in Philadelphia caused the shutdown of the court filing system. To safeguard other systems the district and city’s Office of Innovation and Technology shut down certain court IT functions to thoroughly review and clean the operating systems.
This was a necessary step to contain the virus.
In this case there was no data breach but during the shutdown workers were unable to access their email filing systems and other electronic systems regarding the court in the First Judicial District.
Employees were only able to file their court cases on paper by coming to the court – a step that took extra labor time and a great deal of aggravation.
Our business was created to help organizations avoid similar shutdowns due to cybercrime. We safeguard your data systems and programs by implementing a cybersecurity plan so that this would never happen to you.
Can you imagine your business losing a week worth of time (or more) — with no access to emails or work procedures? How much money would your company lose that week? Could you survive it?
A saga that began with a municipal employee opening a corrupted email forced a small Florida city to agree to pay nearly $600000 to the hackers who paralyzed its computer systems — a cautionary tale for any city or business.
This could have been prevented if they had precautions in place and protocols of what to do in a Ronesomeware situation.
The Logic Group helps with the process of implementing measures and systems designed to securely protect and safeguard information (business and personally identifiable information (PII) voice conversations images multimedia and more).
An estimated two million cyber attacks in 2018 resulted in more than $45 billion in losses worldwide as businesses and local governments struggled to cope with ransomware and other malicious incidents a study from The Internet Society’s Online Trust Alliance showed.
The report suggested cybercriminals are getting more sophisticated in targeting their victims but also noted many attacks could have been prevented with improved computer security.
Don’t leave your business vulnerable.
Give us a call today at 610.293.2077 to find out how we can develop or review a security plan for your specific business.

Protect Your Business with a Virtual CISO (vCISO) | The Logic Group

Protect Your Business with a Virtual CISO (vCISO)

It seems as though every day there is news of a cyberattack resulting in a massive data breach. From Facebook to Canva to Capital One and Quest Diagnostics – so many were targeted and no industry was spared. The multi-million dollar companies with in-house protection fell short and inefficiencies were exposed.  If these mega-companies with huge investments in security are susceptible where does that leave a small to mid-sized business?  Cybercriminals are targeting small and medium-sized businesses with a lot more frequency because they know that there is little to no investment in cybersecurity. In a quick pivot some are looking toward outsourced information security to supplement their Chief Information Security Officer’s responsibilities or and seeking the support of virtual CISO (vCISO) services to avoid falling victim.

Your Business is Susceptible to Cyberattacks

As a direct result of the massive breaches millions of consumers were affected. Their personal data and information were leaked and may have made its way onto the dark web where it could be used by cybercriminals to conduct fraudulent activity. The attacked companies spent hundreds of thousands to millions of dollars trying to rectify their situations lessen the fallout and protect against future attacks. The totality of the resulting – and future – implications are still widely unknown. And they keep adding up for both the companies and the consumers.
But here is another thought. How about the other breaches that weren’t as widely reported? You know the tens of thousands of smaller businesses that were attacked but weren’t brought into the limelight?
Unfortunately cyber attackers successfully obtained sensitive data from smaller unprotected businesses who – knowingly or unknowingly – left information unprotected or at-risk. In general small businesses that have sensitive and personally identifiable data do not often have the powerful internal resources and education offered by skilled Chief Information Officers or the expensive enterprise-level security of rich companies. These smaller shops just do not have the funds and resources to hire internal professionals and implement and manage a robust security initiative. And in reality small business owners may not consider this a priority. They may not know where or how to begin in terms of data security and may be unaware of liability and potential legal and financial implications of an attack or breach.

The Security Vulnerability of Small Businesses

The latest stats show that hackers have identified this small-business vulnerability and in 2019 45% of breach victims were small businesses (1-250 employees). The same group had the highest targeted malicious email rate at 1 in 323. (data from varonis.com)
These stats show us that not only do small businesses not have processes systems and people in place to protect against potential hacks they also need more education for their leadership and employees. “Preventable” hacks can be from phishing schemes which with some education and employee training can be avoided.

Outsourced Information Security to Protect Small Businesses

Small businesses can choose to be proactive or reactive to potential breaches. Choosing to be reactive would be waiting until something happens then sinking upwards of tens of thousands of dollars to clean it up. In reality 60 percent of small companies close within 6 months of being hacked according to Cybercrime Magazine.
A proactive approach is the best option for getting ahead of this unsettling trend. However rather than seeking an affordable information security professional (who is likely a unicorn in 2020) small businesses can invest in an outsourced information security solution that can provide everything from a virtual Chief Information Security Officer (VCISO) to employee training and even testing to identify the vulnerabilities and actions that may be putting the company and its data at risk.

Proactive Data Protection Can Save Time and Money

While the announcement of breaches and dollars spent to protect and clean-up the fallout continues to rise there are ways to approach and obtain a viable plan of protection. These information security solutions can lessen the probability of falling victim and/or reduce the impact of the breach for small businesses and consumers.
Reach out to The Logic Group to learn how we can help protect your business with a virtual CISO (vCISO).