How to Train Employees to Safeguard Against Hackers

employee training puzzle pieceHackers can cause all kinds of problems with a business. In addition to planting viruses, worms, spyware, and more, hackers can steal sensitive customer, employee, and business data.  These criminals will use this information to hijack identities and make a profit.

One of the latest threats many businesses face comes in the form of ransomware. This is when hackers infiltrate a computer or network and take files hostage by encrypting them. Businesses that want to regain their data have to figure out how to break the encryption, which is next to impossible, pay up in the time allotted, or lose access to their information for good.

The worst part about hackers gaining entry to a business’s virtual operation is the damage they leave in their wake. Perhaps just as disconcerting is how often employees are to blame for letting hackers gain access. The best security measures in the world won’t work if employees are holding open the virtual front door for hackers.

As a result, you not only need to make sure you have appropriate cyber security in place; you also must take steps to train employees to spot threats, behave in an appropriate manner, and act as a line of defense against hackers. Here are a few things you should include in your training program.

Policies and Procedures

As a business owner you enact any number of policies and procedures designed to maintain a safe, efficient, and productive workplace. Some policies (like sexual harassment or discrimination training) curb offensive employee behavior and limit your liability.

Other policies like NDAs and non-compete clauses help to protect your business from leaks that could compromise confidential data. You also need to develop policies and procedures intended to teach employees how to safeguard against hackers.

You could, for example, enact behavioral policies that spell out how employees should use your network resources. Employees should not open emails from unknown senders or click suspicious links. Above all they should heed the advice of software warnings when they try to access dangerous websites.

Policies and procedures designed to safeguard against hacking could pertain to password protection, network usage, and even sharing information between employees. Taking the time to list your expectations and make employees aware can only help to keep your operation safe from hackers.

Strong Passwords

Cracking passwords is one common way that hackers make their way into your system.  Luckily, there is a lot you can do to ensure greater protections in this area. A good start is to select software that prompts users to create strong passwords (requiring 8-12 characters and a variety of letters, numbers, and symbols) and requires employees to change passwords regularly.

Your software shouldn’t do half of a hacker’s job for them by repopulating fields when the login information entered is incorrect. Instead of leaving the name in place when the password is wrong (alerting hackers that they have the correct name), all fields should be automatically cleared.

You also need to make it clear that there will be serious consequences if employees share passwords, even with fellow coworkers. Compartmentalization of data, authorization for access to different areas, and password protections only work if individual passwords remain confidential.

Recognizing Threats

There are many ways in which hackers can target your employees. They can attach spyware and malware to seemingly innocuous links or downloads thereby piggy-backing on other programs to gain access to your system.

Employees must be trained to spot these scams in order to avoid them. Your security software can go a long way toward protecting your company from hackers, but when employees understand potential threats and how they might contribute to the problem, there’s a much better chance all of your protective components will work together.

Backups

Even with proper training, employees can still make mistakes that open you up to hackers. The best defense is always a good offense.

Having backup protocols in place could help minimize damage if employees slip up and hackers find a way in. A monitoring service is a good place to start, but you should also have system backups in place so that you can shut everything down, lock hackers out, and revert to a recent save point so as to resume business operations post haste.

Free and Easy Network Security Tips for Every Office

Let’s be clear up front: every business is going to have to spend some money on network security. Not only do you need to put proper protections in place to ensure you’re not an easy target for hackers, but you also have to comply with federal and state laws pertaining to privacy. If a data breach compromises private data for employees, clients, and so on, you could find yourself in serious legal hot water.

However, once you have a firewall, antivirus/antispyware software, password protection software, and extras like VPN or FTPs in place to protect your network and your data, you’ll find that there are a number of free and easy ways to ensure that the protections you paid for continue to perform as intended. Here are just a few free and easy network security tips that will benefit every business.

Go Paperless

This might not sound like a network security tip, but if documents containing sensitive information like user names and passwords get into the wrong hands, a network breach could result. Even better, going paperless actually saves you money.

If you’re not able to go completely paperless, at least make sure to shred and recycle documents appropriately, taking every precaution to ensure that data isn’t readily available to industrious dumpster divers.

Perform Updates

Software and firmware need to be updated regularly if you want to protect your network from outside threats. Most of your hardware and software will have options in the settings to automatically check for and install updates, making the process easy for you, but if you have IT staff on hand, you may want to perform these updates manually or at least get notifications when new updates are available so you can decide if you want to allow them or not.

All of the hardware that supports your network, including computers, servers, modems, routers, and so on will need firmware and driver updates to continue functioning properly and communicating with other devices on your network. Relevant software updates can ensure that you’re protected against the latest threats. Both can help to keep you protected, but only if you check regularly and perform updates as needed.

Schedule Regular Scans

With proper updates your antivirus/anti-spyware software should protect your network from viruses and other malicious code. However, it’s a good idea to schedule regular system scans to ensure that nothing suspicious has slipped through the cracks and infiltrated your network.

Require Strong Passwords

Password protection is an excellent way to keep unwanted visitors out of your network, but only if the passwords used are strong enough that hackers can’t crack them. You should therefor require employees and online users to create strong passwords.

These days passwords should have a minimum of 8-12 characters, with combinations of capital and lowercase letters, numbers, and symbols. In addition, users should make sure not to use personal information like pet names, birth dates, addresses, and so on.

One good option is to use an easy-to-remember acronym that looks like gibberish to anyone else. For example, the phrase “My 2 dogs-Fido and Spot-are 9 and 13” would become “M2d-FaS-a9a13”.

Change Passwords Frequently

It’s not enough to create strong passwords; you should also prompt users to change them on a regular basis. This will help to stop the potential threat arising from either employees that share passwords or hackers working on gaining entry to your system.

Policies and Training

All the protections in the world can’t keep you safe from ignorance and stupidity. You must therefore set clear policies for appropriate behavior when using the network and then train all employees accordingly.

These policies could include common sense activities like keeping passwords private (i.e. not sharing them with coworkers, supervisors, outsiders, or anyone else), as well as behaving in a safe and responsible manner when using company resources. Employees should be trained to avoid email from unknown senders, steer clear of dangerous websites, and avoid clicking suspicion links, just for example.

Having such policies in place and training employees to behave properly might seem like a waste of time, but it only takes one mistake and you might as well throw the doors wide open and invite hackers in. With proper hardware, software, policies, and training procedures in place, your business has the best chance of avoiding a data breach and the resulting fallout.

What You Need to Know About Ransomware

Everyone knows how important it is to protect a business network from threats like viruses, spyware, and malware. To that end you probably have a strong firewall, antivirus/anti-spyware software, password protection, and perhaps even encryption programs and monitoring services in place.

This is all good news for your business and your customers. When you make security a top priority, you can avoid data breaches, comply with federal and state privacy laws, and keep your customers safe and satisfied.

Unfortunately, hackers and other cyber criminals are always looking for new ways to bypass protective measures and get at sensitive data. In some cases, they’re interested in stealing identities. Others are just cyber terrorists looking to wreak havoc.

The latest form of malware to gain popularity is called ransomware. If you haven’t yet heard of this threat, much less encountered it, you’ll definitely want to find ways to steer clear. Here are a few things every business needs to know about ransomware.

What is Ransomware?

Ransomware is a specific type of malware intended to disrupt use of your computer with the goal of exacting a ransom payment to undo the damage. It works by restricting access to your computer, either by locking you out or encrypting files, so that even if you can open them, you can’t actually access the information they contain.

Victims are generally given a time frame, say 24 hours, in which to pay. Most often, payments have to be made in virtually untraceable currencies like Bitcoin or deposited onto prepaid cards via MoneyGram, just for example.

Ransom amounts tend to be relatively reasonable, fluctuating between less than $100 and just a few hundred at the top end.  Victims report that payment was met with reward – computers were unlocked and files were decrypted – while failure to pay resulted in loss. In other words, many businesses felt like it was simply easier to pay up.

How Does Ransomware Get In?

Like most malware, there are two main ways ransomware can infect your computer. You either let it in by clicking and downloading a file or it can infiltrate your network through subpar security.

When it comes to security breaches, you may or may not have been able to do more. If your employees are careless with passwords and hackers get in, you probably could have prevented the problem with stricter controls. On the other hand, sophisticated cyber criminals can hack even strong defenses, so you may not be entirely to blame.

As for clicking suspicious links and downloading files, you have no one to blame but yourself. User error is the most common way for ransomware to infiltrate your system. Be careful what you download!

How Can I Protect My Network?

If you find yourself victimized by ransomware, you have two choices: pay the piper or make use of appropriate antivirus fixes available. Depending on the type of ransomware, you have a couple of options.

Some ransomware is nothing more than scareware. It tells you something is wrong with your computer and asks for money to fix it, but in fact nothing is wrong. In some cases, this threat can easily be removed by switching your computer to safe mode operation and running an antivirus scan to locate and remove malware.

Of course, this may not be possible if the malware locks up your computer so that you can’t access any programs or functions, effectively barring you from safe mode and antivirus tools. This is a little more complicated to fix, but a system restore could do the trick. At this point you may want to seek professional help.

If you’re dealing with something serious, like the now infamous CryptoLocker, however, you’re in for a fight. This malware actually encrypts your files and it is practically impossible to undo the damage without paying the ransom.

This is not to say you should encourage this type of behavior by paying. You’ll never have to if you prepare for a ransomware attack and plan accordingly.

The simple solution is frequent and comprehensive system backups. You should do it daily, at least. This way if your data is compromised by ransomware, all you have to do is shut down and revert to a backup save point. For companies that have large amount of data, backups are especially important. SiteUptime client Tradebit.com stores many terabytes of data and uses several different companies to insure that their data is backed up and safe. They have been able to avoid data loss in the past as a result of this proactive approach to backups.

Having access to multiple copies of your data will result in minimal data loss and you can avoid paying the ransom. Naturally, you’ll want to figure out how the breach occurred and beef up security should you suffer a ransomware attack, but your best defense with this type of malware is a good offense.

Keep Hackers at Bay with HTTP Authentication Monitoring

When you spend any significant chuck of time creating and maintaining a website, it becomes a labor of love. When you’re heavily invested in your creation, protecting it should always be at the top of your list. In recent years, countless horror stories have surfaced about hijacked websites, hacking of sensitive hidden info, stolen user credentials, and more. In light of this sad reality, it would be insanely foolish to neglect website security.

Basic HTTP authentication is one way to tighten up security around your site. Think of your overall security plan as the layers of an onion – the more layers you add, the harder it will be for a bad guy to break in. By enabling basic HTTP authentication on your site’s private webpages, you’re adding a much-needed layer of safety to your online masterpiece.

Understanding HTTP Authentication

In order to appreciate the benefits of HTTP authentication, you first need to understand what exactly it is. Let’s break this down super simple style, shall we? Firs, there’s the HTTP transaction. That’s just the act of a browser sending a request to a server, followed by the server’s response. Both request and response use HTTP when they’re sent.

Whenever an HTTP transaction happens, if the server has enabled HTTP authentication, the browser or client program must offer up some credentials in order to gain access. Once an Internet user enters the correct user name and password, he or she will gain access to the protected page.

Advantages and Warnings

The first major plus of using basic HTTP authentication is simply that all browsers support it. If your company runs a smaller website that’s not open to the public, this option would be a dynamite addition to your existing website security plan. If you are the head of a large (and very public) online community, then you may need to opt for a different kind of authentication plan.

If you’re on team of programmers or system administrators, then you may have used basic HTTP authentication in your trusted network environment at some point or another. Since programmers must be able to read and diagnose activity, this form of authentication is preferable due to its simplicity. Bottom line: use this authentication technique in a trusted environment or on a private network. Otherwise, proceed with caution or enable additional security features to supplement HTTP authentication.

Introducing SiteUptime’s HTTP Authentication Monitoring

Did you know that SiteUptime offers HTTP authentication along with its other website uptime monitoring services? When you purchase a website monitoring plan (you can compare the features of each here), you can add HTTP authentication for only $5 extra per month. We do all the heavy lifting – all you must do is select a user name and password for the page you want to protect, and we’ll take it from there. No coding required.

If someone tries to access the page and the login attempt fails, SiteUptime will automatically send you an alert so you can check out the situation immediately. If you have a private network with webpages you’d like to protect, HTTP authentication is for you. If you have questions about this service, contact us for more information.