Category "Disaster Recovery"

Why You Need a Strong Cyber Security Threat Prevention System

Most businesses have security systems, devices, or guards in place to protect their assets from offline criminal threats. Yet at the same time, they fail to take adequate measures to protect their digital assets from cyber crime. The cyber threat is relatively new and seems an abstraction to many. If one has never been victimized, she or he might regard the threat as remote.

But unlike the physical world, geographical distance online has no meaning and anyone with the know-how, from anywhere in the world can probe and test your cyber defenses. They need only know of your existence. Imagine the physical equivalent of this situation where criminals from around the world shake and test your fence gates, doors and windows 24 hours a day. However bizarre this analogy seems, it’s an accurate one in that cyber crime unrelentingly threatens the well-being of businesses, their employees, and customers. Here’s a listing of 22 of these threats:

• Advanced persistent threats
• Distributed denial of service attacks
• Denial of service attacks
• Exploitation of insecure APIs
• Man in the middle attacks
• Browser hijacking
• Phishing attacks
• Spear phishing attacks
• Malware attacks
• Wi-fi sniffing
• Ransomware
• Worms
• URL injection
• Passive attacks
• Pharming
• Vulnerability exploitation
• Buffer overflows
• Data breaches
• Code injection
• Cross site scripting
• Zero-day exploits
• Brute force attacks

Some of the above threats attack from outside your network while others attack from within, such as from the infected device of an employee who fell victim to a phishing attack. Most of the victims of these attacks are small and medium-sized businesses because they lack the cyber security threat prevention resources of larger companies.

WHOA.com is ISO 27001:2013 and PCI DSS 3.2 certified. We take a multi-layered approach to security that includes physical security, network protection, secure multi-tenant architecture, per-tenant firewalls, host based firewalls, antivirus, and backup & replication. Why not benefit from the cyber security threat prevention we can provide? Contact us to learn more.

Some hacking methods require a certain measure of tech knowledge and skill. However, brute force hacking doesn’t. If you can follow directions, you can learn how to use a password cracking software tool. You can either buy one or download an open source tool for free. In addition, if you need pointers on brute force hacking your way into servers, there are plenty of online communities willing to help you out. This is why brute force hacking continues to be a popular method.

The method is crude because the software attempts to guess login passwords. This is done using lists of commonly used passwords as well as trying different combinations of names (first names and last names), dates (birth dates and historical dates), and words from a dictionary list.

For more random passwords, the software permutates through all possible combinations of numbers, letters, and other characters. For lengthy and complex random passwords, the brute force method may require years of permutation. However, this isn’t generally a problem for hackers because many people use simple and readily hacked passwords. In fact the most popular passwords are entries such as 123456, qwerty, and 111111.

These ridiculous passwords indicate the lax attitudes many people have towards security. They’re a way of getting around the need to memorize a password. As brute force tools get better, secure passwords must get longer. It isn’t easy to remember random passwords and regularly change them (which means recommitting them to memory multiple times). While there are excellent mnemonic methods for memorizing strong passwords, few people have the interest or motivation to learn and use them.

If your business requires strong passwords of its employees, locks out repeated login attempts, or uses two-factor authentication, brute force hackers can get around this if you keep sensitive information on hidden web pages. They need only use their tools to guess the URL of the hidden page in much the same way that they guess passwords. They keep trying until a page shows up that isn’t a 404 error.

Brute force hacking is just one of the many cyber threats your business may face. Contact us to learn how WHOA.com’s managed security services can protect your business.

Cyber crime is one of the biggest threats to businesses today, and the consequences of becoming a victim can be devastating. Yet all too often, businesses leave themselves vulnerable to attack because of the cyber security mistakes they make. Here are five common mistakes your organization should avoid:

Assuming You’re Too Small a Target

For most cyber criminals, it’s about opportunity rather than business size. If a weakness is found, they will exploit it. Once inside, what happens next depends on the criminal and what he/she finds. Basing security decisions on unfounded generalizations about how cyber criminals operate and think is a mistake, because each has their own modus operandi. In fact, some may prefer small businesses because of their weak security resources compared to larger companies.

Not Training Your Staff on Basic Cyber Security

Not opening attachments from unknown sources, not clicking on suspicious links in emails or websites, and good password management are some of the basics that every employee must know and follow. Don’t assume your new employees have this knowledge. Train them how to recognize social engineering attempts and ask them to report anything that’s out-of-place or suspicious. Security should be a part of your corporate culture.

Not Implementing Endpoint Security

Today, computer networks are often accessed by a variety of personal devices such as tablets, laptops, and smartphones. Corporate network access by these devices complicates security. Restrict or eliminate this access, or employ technology that monitors this activity.

Not Updating Your Security Software

Keep your antivirus, malware, and firewall software current. While this won’t guaranty protection against the most recent threats, it will prevent attack from well-known threats that are still capable of causing substantial harm to your company.

Not Partnering With a Managed Security Services Provider

If you don’t have an in-house security specialist, consider outsourcing this function. Today, the threat of cyber attack is real and cyber security is a must. Contact us at Whoa to learn about the layered security we provide for our clients.

When disaster strikes, you may wish you had either a business continuity plan or a disaster recovery plan. How do you know which is right for you? First, let’s look at the facts.

Disaster Recovery Plan

A disaster recovery plan does not actually mean to recover from a disaster. In fact, it means to bring the systems back online after an outage. An outage could lead to disaster, however. For example, perhaps you tried to log into your email while in the office only to find the systems shut down. The IT department goes into hyperdrive to bring everything back online, and once they do, you exhale all the nerves of the last hour. Email only makes a small portion of this IT, and you have the internal network, various software licenses and your phone system as well. Each of these elements make up a good disaster recovery plan.

Business Continuity Plan

With a Business Continuity plan, all the resources and steps required to keep your business operations online get documented. This, however, doesn’t include the recovery of an IT system. You have a number of IT departments like:

• HR
• Sales
• Customer Service
• Finance

Business Continuity plans keep the wheels turning on these departments even after an incident puts a halt to it. You may have to start your business out at 30 percent operational during the recovery phase, but the long-term goal will be to bring the company back to 100 percent operation.

If you’d like to learn more about whether a disaster recovery plan or a business continuity plan will be right for you, you can contact us via email.