- All of our technicians are trained to watch for, and report to you, any obvious security flaws in your organization. We do this as a courtesy, even if you're not paying us to do it.
- We sign a non-disclosure agreement with all of our clients so that you can be sure no one will ever learn about security problems that we find in your organization.
"Phishing E-Mails"
The term "phishing" refers to illegal Internet activities that attempt to fraudulently obtain sensitive information. Phishing e-mails often use "spoofed" (faked) e-mail addresses to make you think they came from official sources such as banks, e-mail providers, law enforcement or the IRS. The newest variant of this attack is called "spear-phishing" where criminals spoof the e-mail addresses of people within your own organization in order to specifically target you, because their other activities have led them to believe that you personally have specific information which they need in order to commit some bigger crime. You should never reply to unsolicited email and you should never open any email attachments that you are not specifically expecting to receive. If you're using a mail client such as Outlook, even opening or viewing suspicious e-mails could compromise your computer and any other computers that are on your network.
"Phishing Web Sites"
Another phishing technique involves tricking you to go to forged web sites that look just like, for example, the website of your bank, your e-mail provider, or even your own organization. This is often accomplished by fooling you into clicking on links that are provided in phishing e-mails.
"Voice Phishing (Vishing)"
Criminals don't even need e-mails or websites to steal sensitive information. Con artists simply call you on the phone and convince you that they work for your bank or some other official institution. You are then asked for confidential information (for example to "verify" your identity and "protect your account." Some fraudsters use a rogue interactive voice response (IVR) system to recreate a legitimate-sounding copy of a bank or other institution's IVR system.
"Only Use Protected Computers and Devices"
Never access your company's sensitive information from an unprotected computer such as one in an Internet cafe, or a shared computer at home. Many people unthinkingly use personal unprotected smart phones to connect to their organization's network, not realizing that a previous or future virus infection on that phone could capture passwords and other information that the phone used when connecting to the network. Every device that connects to your organization's network -- even once -- needs to have all the latest approved security patches, antivirus software and a properly configured firewall.
"Don't Leave Sensitive Information Out In The Open"
Common mistakes include passwords written on Post-It notes (often stuck on the bottom of the keyboard), bank account numbers in Rolodex files and printouts containing account numbers, social security numbers or other sensitive information.
Everyone has seen the headlines about hackers crippling organizations and exploiting stolen data to harm innocent customers. To protect your organization from these issues, you need to devote time and energy to cybersecurity.
Cybersecurity, also known as computer security or IT security refers to the various procedures and mechanisms that are used to protect digital equipment, information and services from unauthorized access, modification and/or damage. It also involves the application of security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest.
Every organization has some security problems. We can do a complete security audit for a very reasonable cost, depending on the size of your organization. Just call us, or schedule an appointment.
We can provide you with antivirus, Internet security, anti-malware and cyber-security software at discount prices, customized for the specific needs of your organization.
We can help you define and implement incentive programs that will make your employees your best security assets, rather than your worst security risks.
We also offer comprehensive cyber security training courses to help your employees avoid mistakes that would compromise your organization.
Although there's a lot we can do to help you with your security issues, we can't do it alone. This needs to be a team effort, and there are several key things you need to know to do your part.
You shouldn't treat computer and network security as an afterthought. Dedicate time and resources to specifically addressing this problem. International Data Corporation (IDC) surveyed over 200 organizations to assess their security budgets, looking at how much they spent, and what they spent it on. Six out of ten companies spent too little (just under 10 percent) of their budget on security technology. The IDC survey also found that those organizations that spent 14 percent or more of their IT budget on security incurred significantly fewer data breaches than average.
You should institute and enforce policies that require all of your computers and other network devices (smart phones, Ipads, etc.) to have the latest approved security patches, antivirus software and a properly configured firewall.
You shouldn't rely on technology alone to solve your security problems. The recent massive security breach by Target provides an instructive example. This was the biggest retail hack in U.S. history but it didn't happen because Target lacked adequate tools and services. Six months before the breach, Target had installed a $1.6 million malware detection tool made by the computer security firm FireEye. The hackers were successful in stealing 40 million credit card numbers from Target, simply because Target employees ignored what FireEye's malware detection tool was telling them.