Blog

Cyber Protection: Why It’s Important

Cyber protection can be something that is easily overlooked, but doing so can be the result of your downfall. Here is why you need to take this seriously.

The average amount of money a company will lose in response to a data breach is 3.6 million dollars.This statistic shows the importance of cybersecurity in today’s rapidly expanding online world.

The internet has given us a central resource to exchange information. But as with any central resource, the level of importance the internet carries paints a massive target on its back that is often exploited by hackers.

Even the U.S. government had a budget of 19 billion dollars in 2017 to protect themselves from breaches. That amount represented a 35% increase from the previous year.

The purpose of this post is to give you a quick overview of what inadequate cyber protection can cost your business. We will then let you know how our team at Immersion Security can help.

The Effects of Cyber Attacks on Physical Assets

Protecting your physical assets may not seem like a concern in regard to cyber attacks. After all, most businesses are worried about data leaks.

Data leaks are massive liability companies who are not employing proper security measures face (and one we will talk more about in a moment). Still, it’s important also to know that every device on your company’s network could be damaged due to a cyber attack.

Many times hackers will deploy trojans, viruses and other harmful tools to render devices inoperable. This can represent not only the loss of needing to replace systems but a disruption in business operations which can also be costly.

The Liability of Identity Theft

Big companies like Best Buy and Delta regularly experience data breaches in which their customer’s vital information gets stolen. Names, addresses, credit card numbers and even social security numbers.

Just one or two pieces of information could allow a hacker to assume a customer’s identity. The hardship customers incur as a result of such a breach will likely cost the company at fault whatever it takes to resecure their customer’s identity. It could also cost a company their customer’s business.

Loss of Trade Secrets

For most businesses, your trade secrets are what set you apart from your competition. Hackers are aware of that and will use tools aimed at scraping critical internal communications. They may then hold vital information ransom.

In situations like this, companies face the hard decision of having information released or paying hackers. Having an experienced cyber protection team at your disposal can help immensely in keeping your company abreast of the latest tactics being used by hackers. It will also help you understand what you can do to keep from falling prey.

Summarizing the Importance of Cyber Protection

As the way consumers and businesses interact with the internet becomes advanced, tools used by hackers are evolving to keep pace.

Every day your company runs the risk of having its customer’s data stolen. It also runs the risk of having its hardware dismantled and its trade secrets released to the public.

To protect against those things, it’s important to have a comprehensive online security solution in place. Immersion Security can help you with that.

Immersion Security offers a wide range of virtual services that replace the need for your company to hire a costly Chief Information Security Officer.

With Immersion Security, you get a turnkey cybersecurity team made up of experts. We will ensure your security standards are compliant with state and federal regulations. We will also help you be proactive in protecting your company and customer data.

If you’d like to secure your company at a reasonable cost, be sure to contact us for a consultation.

For more general information on cybersecurity, read more on our blog.

Computer Safety Tips All Business Owners Should Know

Computer Safety Tips All Business Owners Should Know

If you own a business it is crucial you practice computer safety. Here are a few tips you can incorporate to make sure you and your information stay safe!

Business security breaches numbered nearly 700 in 2017.

As a business owner, this should be concerning. Unless, of course, you don’t think your business would ever be targeted.

If that’s what you’re thinking, think again.

Assuming you’re safe from cyber attacks is about the worst thing you can do for your business in this day and age. Even small business attacks are on the rise.

Though the thought of implementing a computer safety program may seem daunting, it can actually be quite easy.

Check out these simple, but powerful, ways to enhance your business’ security.

Focus Your Computer Safety

Knowing what data your business interacts with, sends out, and brings in, is essential to planning computer security. Some types of data will be more important than others.

Don’t waste your time and resources on fiercely protecting information that isn’t as important. Instead, center your highest security on the information that would be most damaging for you to lose or have accessed.

We can help you determine what your specific business needs.

Enhance Security

Steps as simple as requiring multiple methods of identity confirmation can go a long way in adding security to your business.

Don’t just stop at a password. Have another step for employees and/or customers when they log in.

Setting up firewalls and encrypting web pages are other simple ways to enhance your computer security.

Back Up Data

Regularly back up your data so it is stored in more than one location. This can prevent total loss of information should your system be hacked.

Be wary of back up locations, however. Cloud storage and other remote locations may be easily broken into. Research your options and make sure you’re choosing the best location to store your backed up data.

Get Your Employees On Board

If you are the only person following your computer safety plan, your plan won’t be very helpful.

Get your employees creating good, strong passwords, and make sure they aren’t making easy mistakes, such as writing those passwords down. Require that passwords be changed often.

While you want to trust your employees, analyze potential internal threats regularly. Ensure employees are following guidelines. Utilize methods to track what data is entering and leaving your system.

Running drills is a great way to see if your employees have retained and are utilizing the training you have given them.

Send out an occasional company-created scam email to see how your employees respond. Did they realize that something looked fishy? Did they report it correctly?

Plan Your Response

Having a planned response will help with recovery if you do end up being hacked.

Create a team specifically responsible for responding to threats and breaches. Make sure your employees are aware of the plan.

Letting your customers know you take security seriously will go a long way, but don’t give out any information that will be helpful to potential attackers.

Don’t Put It Off

Implementing good computer safety practices is essential to protecting your business and gaining and keeping customer trust. Don’t assume you won’t be hit. Instead, assume you will be.

Regular assessment of your business’ computer and online security measures, checking employee engagement, and keeping up with technology are all essential.

For more information on protecting your business, visit our contact page.

How To Prevent A Cyber Attack On Your Business

IBM recently revealed that the average cost of a company’s data breach is around 3.62 million dollars. Between lost revenue, lawsuits, and a damaged reputation, a cyber attack can wreak havoc on a business of any size. If you have a small to medium business, this can be a terrifying prospect.

With the rise of attacks like the WannaCry ransomware attack, more companies are having to deal with the ramifications of a weak security infrastructure. Without proper training or adequate security, these attacks are taking down larger and larger targets. The city of Atlanta spent much of March 2018 dealing with one such attack.

If you’re looking to steer clear of a complicated and taxing cyber attack, following these three tips could prevent a dangerous attack on your business.

1. Make Your Employees Security Smart

You need to start your defense with your employees. Their email inboxes, smartphones, and passcodes could be the gateway for nefarious actors to get into your companies servers. You need to instruct your customers on what to do to avoid being vulnerable.

First, start a new password protocol. Teach your employees the makeup of a good password that they can remember. Introduce two-factor authentication to your system to keep employee’s secure information safe.

Make sure that no one has access that doesn’t need access anymore. Talk to your IT department and make sure no lingering employee accounts are sitting around with admin access. If an employee was let go years ago, they shouldn’t be in your system at all.

Leaving old accounts dormant is a great way for a hacker to get access to those vulnerable accounts and then into your system. Sensitive information could leak out without your knowledge.

2. Use The Phone More

If you deal with large transactions and monetary transfers, implement a system where you reach out to your customers after you get a notification. Once a transaction is initiated, require your staff to call clients to confirm.

Your clients will appreciate how seriously you take their security and their business. Let them know that this is an added security measure and they’ll be faithful to your company for a long time. People appreciate a personal touch and professionalism when it comes to their personal data.

3. Update Software

If you’ve been putting off a major OS update, you could be missing out on some recent security changes. Hacking techniques change constantly and operating systems are changed to fight them before you find out.

Stay updated to keep the latest security challenges at bay.

Avoiding A Cyber Attack Takes Diligence

If you want to ensure that you don’t deal with a major attack on your system, you’ll have to be persistent. Attackers change their approach with every new operating system or device that comes out. Keep passwords secure and create new ones every time you have a staffing change.

If you’re interested in what’s happening in cybersecurity trends, contact us for the latest information.

New European Regulations take effect in May (GDPR)

What is the GDPR?
The General Data Protection Regulation (GDPR) is a new EU privacy regulation that goes into force starting May 25, 2018. It introduces sweeping new changes to the European privacy rules and comes with stiff penalties for companies that don’t comply!

Who does the GDPR apply to?
Any business that processes the personal data (the equivalent of Personally Identifiable Information, PII) is required to

What penalties do I have for not being GDPR compliant?
Any US company that targets customers in the EU, while collecting information from inside the EU, would have to become complaint, with a small handful of exceptions. The penalties for not complying with GDPR on multiple provisions of it can be as much as 10 Million Euros, or 2% of the WORLDWIDE annual revenue, whichever is higher, and that’s just the lower level penalties.

What do I have to do to become GDPR compliant?
Look at the types of data you have stored. Are you currently storing and/or tracking information about European clients, based in Europe? Then you will likely need to adhere to the GDPR rules. Also, consent for submissions of information will need to be explicit and clear- any form of data submission will need unambiguous collection disclaimers, as well as clear communication (email, text, messaging, etc.) and opt-out/unsubscribe functions. That’s just on the superficial level – there are a whole suite of regulations similar to PCI/HIPAA and other forms of compliance that will have to be documented, adjusted, monitored, and reported.

What can I do about GDPR compliance?
If your business has a significant web presence in Europe, or specifically targets European customers, having Immersion Security perform a security audit is a good way to assess your existing privacy and security infrastructure, and to come up with a plan to help remediate, adjust, and maintain the security of your company. Contact us today to see how we can help you!

How to Minimize Leaking

Reposted from TaoSecurity

I am hopeful that President Trump will not block release of the remaining classified documents addressing the 1963 assassination of President John F. Kennedy. I grew up a Roman Catholic in Massachusetts, so President Kennedy always fascinated me.

The 1991 Oliver Stone movie JFK fueled several years of hobbyist research into the assassination. (It’s unfortunate the movie was so loaded with fictional content!) On the 30th anniversary of JFK’s death in 1993, I led a moment of silence from the balcony of the Air Force Academy chow hall during noon meal. While stationed at Goodfellow AFB in Texas, Mrs B and I visited Dealey Plaza in Dallas and the Sixth Floor Museum.

Many years later, thanks to a 1992 law partially inspired by the Stone movie, the government has a chance to release the last classified assassination records. As a historian and former member of the intelligence community, I hope all of the documents become public. This would be a small but significant step towards minimizing the culture of information leaking in Washington, DC. If prospective leakers were part of a system that was known for releasing classified information prudently, regularly, and efficiently, it would decrease the leakers’ motivation to evade the formal declassification process.

Many smart people have recommended improvements to the classification system. Check out this 2012 report for details.

    Immersion Security

    Providers of vCISO (Virtual Chief Information Security Officer), Secure MSP (Managed Service Provider), Compliance and Consulting.

    Immersion Security is a team of dedicated cyber security experts and researchers who are dedicated to bringing the best and most up-to-date information, technology, and practices to your business.

    ADDRESS

    37 N. Orange Ave.
    Orlando, FL 32801

    PHONE

    833-828-2732

    EMAIL

    info@immersionsecurity.com