Category Archives: Business Network

Securing Your Network. From Yourself!

Worrying about outside hackers is one thing, but what happens when a disgruntled employee causes more damage to your business network than any malware could have? Recently, a company out of the Netherlands that provided web hosting, Verelox, had to shut down all of its services to their customers because an ex employee went into their system, deleted all customer data and wiped out most of their servers. Verelox quickly resolved their issues but many times, these situations do not have such a nice outcome.

So how can your business take proactive steps to prevent data breaches within your business? First thing is to make sure your company has set boundaries and understands what each employee can and cant have access to. Knowing your end users is extremely important because it allows you to control who is seeing your information. Backups are extremely important when controlling your network, in the case of Verelox, they had a system of backups in place that were regularly updated, so they restored their systems with the backups they had in place.

So how big of a threat is insider damage? More than you may think. According to a 2016 IBM study, internal employees are responsible for 60 percent of data breaches. From those, over 75% of breaches are done with a malicious intent and 25% were accidental. In a 2015 Biscom survey 1 in 4 people admitted to taking data from a company after they left. Many of them did not feel like it was wrong because they were items they created while they were working for that particular business. The most shocking statistic is that 95% of employees who took company data, said they would not even receive any repercussions because their employer did not have any policies to stop them.

For the 25% that caused a data breach by accident, they most likely fell victim to a phishing email or other internet malware attempt. Educating your end users could go a very long way for your business, and is one of the best proactive tools to keeping your company data secure. Many small businesses get hit the worst when a data breach occurs because they do not have the proper resources to manage their IT and keep on it all while trying to run and grow their business.


An Investigation on Data Breaches in 2018

Recently, Verizon published their 11th edition of their Data Breaches Investigation report that looked at over 53,000 security incidents including over 2,126 confirmed data breaches. We wanted to highlight some of the key take a way’s in this report and show some of the shocking statistics businesses face when it comes to technology security in 2018. We are going to look at some of the motivating factors for hackers, what industries are affected the most and how a typical organization reacts to a cyber attack.

Who does the hacking?

73% of cyber-attacks are done by outsiders. These are organized criminal groups whose goal it is to specifically hack into systems illegally and collect information. 28% of attacks are done internally by those who may have the credentials or a way into the system with official credentials. These are especially hard to track because you never know who may be using company data for their own personal gain.

Why attack?

76% of breaches were financially motivated. Hackers are looking to steal information such as credit card numbers or social security information in order to use other people’s identities. We also see hacking in the form of malware that holds data for ransom for a fee. Found in over 39% of cases where malware was identified, ransomware is one of the most popular forms of online hacking today.

Who can be a victim?

Virtually any business that plugs in to any network could fall victim to a cyber-attack. Unfortunately, there are many ways a hacker could infiltrate in, whether it be POS, email, misuse by an employee, social media etc.  The most popular however is a direct hack by a group or person who specifically wanted to get in a particular network. Following close second is malware and phishing attempts. 4% of people will click on any given phishing campaign with 17% of all breaches happening because of human error in the everyday workplace.

Industry trends in data breaches.

Based on the Data of over 53,000 incidents and 2,126 confirmed breaches the number of the two categories for specific industries are as followed:

Accommodation: 338 breaches, 368 incidents
Education: 101 breaches, 292 incidents
Financial: 146 breaches, 598 incidents
Healthcare: 536 breaches, 750 incidents
Information: 109 breaches, 1,40 incidents
Manufacturing: 71 breaches, 536 incidents
Professional: 132 breaches, 540 incidents
Public: 304 breaches, 22,788 incidents
Retail: 169 breaches, 317 incidents

The Reaction

While most compromises happen in a very short time span, with over 87% taking a minute or less, finding out about them is a whole different story. On average, only 3% are discovered within minutes, while over 68% went undiscovered for months or more. The report states that in many cases it isn’t even the organization that recognizes the breach but an outside third party such as partners, law enforcement, or the most damaging, by customers.

Staying proactive and keeping your cyber defenses up is one of the most important things to any business in 2018. While no defense mechanism is a 100% guarantee. Having a plan and being able to respond quickly is the best chance of stopping hackers in their tracks and restoring your data.

To see the full report by Verizon click here

Contact ECMSI for a FREE network health assessment to see if your business is being effected by malware. Find out if their are any vulnerabilities in your network and what you can do to stop them! Fill out the form below.



The Threat of Social Engineering.

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

Forgot Your Password? The Future May Help.

Probably one of the most annoying things about technology today is trying to remember all your passwords, from your desktop login, social media sites, down to your online financials, a combination of words and numbers can really start to all blend together. If you’re like most of us, you probably have the same password for everything. This practice is EXTREMELY unsafe, and not recommended by any IT technicians or service providers. So, is there any end in sight to the madness? Well, current trends in biometrics may just make passwords obsolete.

Today, many cell phone users are logging onto their phones and entering all their apps with their fingerprints. Apple’s “Apple Pay” on iPhones are becoming ever more popular and allows for users to pay with their cards at retail locations using their fingerprints to authenticate the purchase. The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone and can be used as a second factor in authenticating any number of online services. Microsoft’s Hello is allowing Windows 10 users to login through facial recognition and a patent for the company indicates they are trying to develop ways to pair a touchscreen with gestures made on the screen to authenticate. Some ideas out there are even hinting at using brainwaves for authentication to unlock computers!

What will this mean for the future of passwords? Maybe soon all you will have to do is think about unlocking your Facebook page and like magic, it would work. While that may seem farfetched, who knows what the future can hold? Much of this research to eliminate passwords is being supported. In the U.K. the National Cyber Security Center is looking for proposals that will do away with passwords and is offering $32,160 in research funds per proposal.

However, while things are still in the works we will have to still stick to the “old-school” way of keeping our information safe, with your first pets name and your birth date numbers (did we get some of you??…). Until then, we recommend creating strong passwords (using capital letters, numbers and symbols) and using different passwords for each account you have.


Call ECMSI today for a free consult!