The Health Insurance Portability and Accountability Act is a regulation passed by the US congress in 1996 to help streamline the healthcare system while maintaining individual ePI privacy over individuals’ health records. This regulation was put in place to allow people to transfer their health coverage, but also to minimize the risk individuals take on as far as fraud and abuse of their health records is concerned. This week we’d thought we’d discuss four ways your technology can help your organization keep its HIPAA compliance.
Directive Blogs
This is a true story, and a perfect lesson on how cybercrime and scammers use your emotions against you to get you to fall for their tricks. I think it’s also a lesson on just how helpless a victim of a scammer can become, as well as how immune the bad guys are while performing these horrible acts on people.
Password changes, multi-factor authentication, and countless changes in policy and procedure can make daily workflows more and more complicated. Cybersecurity can truly be a pain—a necessary pain, granted—but a pain nevertheless, and one that can gradually lead to burnout if you aren’t careful. Let’s go over how to mitigate the likelihood of it.
The Federal Trade Commission, or FTC, has put together a Safeguard Rule to help establish guidelines for how businesses store and interact with customer information. Enacted in 2003, this rule was recently revamped in 2021 to stay relevant with the latest technology used by businesses. Let’s look at some of the policies and procedures that your business needs to know about the FTC Safeguard Rule.
There is no denying that Quick Response codes—better known as QR codes—are a handy little invention. Just a few years ago, many businesses heavily adopted these contactless communication tools, allowing customers with a smartphone to access menus, documents, and more with ease. Having said that, we unfortunately can’t deny that cybercriminals are taking advantage of how handy QR codes are, too.
Your business’ computing infrastructure is a pretty resilient system. It has all types of tools added on to keep malicious code, bad actors, and even sabotage from ruining the good thing you have. This reliability has led to hackers changing the way that they go about their business. Nowadays, most of the attacks that affect businesses are phishing attacks. In today’s blog we will go through the elements of a phishing attack and how you can protect your business from them.
AI—artificial intelligence—has been a hot topic as of late, with it seemingly being used for any purpose you can imagine nowadays. Unfortunately, this has also included cybercrime.
However, just as AI can be a weapon for cybercriminals to use, it can also be a shield to help protect your business from threats. For instance, in phishing prevention.
When it comes to security, one often overlooked tool is the virtual private network, or VPN. We recommend that all businesses use a VPN to keep remote and hybrid workers from inadvertently putting your business’ data at risk while out of the office. Let’s go over why a VPN is so effective, as well as what you should look for in a business-grade VPN tool.
Did you know that tomorrow is World Password Day, 2023? As the result of a campaign to spread awareness of the importance of sufficiently secure passwords, it has become an annual reminder of how critical sufficient passwords are to proper cybersecurity…despite passwords not being sufficient protection on their own. In light of tomorrow’s observance, let’s take some time to review why passwords are important to get right, and what else you need to have in place.
Back in November of last year, we shared the news that Sidney Federal Credit Union members were being targeted by a phishing attack, and we have evidence that such phishing attacks have continued. As such, let’s review how phishing like this works and (more importantly) how to prevent it from working.
The Internet of Things is everywhere and that means that it’s important to understand how much of a potential security risk these devices can be. From smart speakers to smartphones, it's important that you understand how these devices can create problematic situations. In this week’s blog we will discuss how you can protect yourself against IoT vulnerabilities at home.
Businesses cannot afford to grow complacent with their network security, as it could make a significant difference between falling prey to an attack and remaining secure. The process of securing a network must be looked at holistically, from top to bottom. This idea of enterprise security is not new, but even a small business needs to keep it in mind, and these solutions are more accessible than you might think.
There is a lot made about ransomware, for good reason. It is quite simply one of the nastiest cyberattacks out there and it demands your attention. A lot of people understand what exactly ransomware sets out to do, but they don’t understand how it got that far and how to address the situation if they have the misfortune of being put in that position.
So, you’re thinking about adding to your business’ security with a camera system. This is an excellent course of action for any business to take—provided that it is approached thoughtfully and with discretion. There are many, many options out there, after all, which only makes it more challenging to make the right choice.
One of the reasons that information technology keeps changing is for the sake of the user and their convenience using it. However, if this convenience comes at the sacrifice of your business’ cybersecurity, it just isn’t worth it. This is the crux of why we always recommend that any organization seeking to use password management should invest in a reputable password management software, rather than the built-in capabilities of modern browsers.
Smartphone applications are in high demand from both a consumer and a business perspective, so it stands to reason that these ecosystems are large in scope, encompassing millions of apps on both the Google Play and Apple App stores. Have you ever wondered how these companies ensure that the apps found on their stores are secure and legitimate?
Multi-factor authentication is great when it works, but when it doesn’t, it can leave you in a pretty difficult situation. After all, what happens when all of a sudden, you cannot access your secondary authentication methods? We’re here to help you bypass this particularly challenging and frustrating scenario.
Cyberattacks are a serious problem that all businesses face in some form or another, but there are small, everyday tasks you can do to ensure that they impact your organization as minimally as possible. It takes intention and effort to protect your business and its infrastructure, but that doesn’t mean that it has to be hard. Here are three simple ways you can keep your infrastructure secure.
Did you know that World Backup Day is in just a few short weeks? While it is an important occasion for businesses to recognize, data backup should really be something you think about all the time. This is because your backup is an integral part of the backup and disaster recovery portion of your overall business continuity.
Phishing is a common issue that businesses of all kinds can experience, whether they are a small startup or a large corporation. Hackers are always trying to extol information from your employees, including account credentials, remote access to your systems, and in some cases, funds directly from a bank account. It’s up to you to teach them how to identify and respond to phishing attacks.
Phishing attacks have consistently been prominent in cybercrime throughout the past few years, not only due to their efficacy but also because there are so many avenues wherein phishing can be attempted. The first that comes to mind is email, of course, but you and your team need to keep these others in mind.
Take, for instance, a phishing voicemail…dubbed, naturally, a “phoicemail.”
Phishing is a remarkably dangerous tactic used by hackers to take advantage of those who might not be quite as in-the-know about security practices. Phishing attacks can be carried out against both businesses and individuals alike, and due to the many different forms these attacks can take—including email, text message, and even fraudulent websites—they can be quite problematic.
Let’s go over how you can train your team to avoid phishing attacks and how to appropriately respond to them when they are inevitably encountered.
Email remains a cornerstone in business communications, often containing sensitive information and other data that really needs to be protected. Fortunately, modern email platforms often enable you to add a little bit of protection, so long as you know what the process looks like.
Let’s go over how you can make your emails just that much more secure.
Regardless of your industry, there are going to be certain regulatory standards that you will be responsible for upholding. Many of these standards will be related in some way to your cybersecurity. Let’s talk about some of these cybersecurity standards, and why compliance is so critical for your business.
This past January, the Federal Bureau of Investigation issued an announcement that they had targeted and taken down the servers for a Dark Web organization responsible for the Hive ransomware group. While there is certainly cause for celebration here, one major statistic is enough reason to continue being concerned.
The blockchain has been a hot topic in the past few years, if only tangentially. With all the buzz around cryptocurrencies, it can be easy to forget about the underlying technology that powers it and its other applications. Let’s pivot to these other applications for a moment and discuss how the blockchain could potentially be involved with security needs at some point in the future.
The modern threat landscape is vast and unpredictable, and even if you think you know enough about cybersecurity to protect your business, we bet that you don’t. It’s not even just in the business world, either; individuals also struggle against cyberthreats, and so too do IT administrators. The next couple of weeks will be dedicated to cybersecurity to get across everything you need to know about it.
Remote work has seen unprecedented adoption in the past few years. While we’re all for the benefits that this trend brings, it is critical that any business that embraces remote or hybrid work does so securely.
Let’s discuss a few measures that your business can and should implement to achieve this security.
Whether you love them or hate them, passwords serve an important purpose in the realm of cybersecurity. They are the first line of defense against potential threats, yet they are also notoriously easy to crack. Some of the biggest names in technology have been working on ways to get around the challenges presented by password security, including one that we are excited to highlight in today’s blog.
Most organizations are trying to figure out how to secure their IT against the constant flood of threats out there. Unfortunately, the biggest threat out there isn’t something that you can actively protect against. Can you guess what it is?
Unfortunately, it’s your employees, and their potentially lax password practices—and while you can’t really protect yourself against insecure passwords, you can minimize the likelihood that they’ll be used.
It hasn’t been very long since T-Mobile experienced its latest major hack, but unfortunately, here we are again. Hackers have again accessed customer data, with 37 million customers being affected amongst both their prepaid and subscription-based accounts.
Let’s dive into the situation, and what can be learned from it.
Small businesses have a lot to worry about in terms of technology, but one of the things that often gets overlooked is network security. Some small businesses feel that they are too small to be considered a viable target for hackers, but they are wrong; all businesses have data valuable for hackers in some form.
When security breaches and data breaches are mentioned in the same breath so often, it’s easy to look at them as one and the same. However, we want to take a moment to explain the differentiating factors between the two, as it could be all the most important for protecting your business in the future.
Simple passwords are just not an effective security practice, so if you’re still using credentials like Password, 123456, Guest, or Qwerty, listen up. You need better password hygiene practices before you suffer from a data breach. Here are some ways you can make a better password to protect your business from threats.
For a long time, businesses that didn’t have any cybersecurity problems would never consider investing in additional cybersecurity tools. The decision-makers of these companies simply didn’t find it necessary; and many of them had a point (until they didn’t). Today’s threat landscape is much, much more complex than it was only a few short years ago and therefore businesses need to make a point to set up the security tools that will help them secure their network and infrastructure from threats. Let’s take a look at some strategies that work to help modern businesses secure their digital resources:
Unfortunately, the number of cyberattacks is consistently growing and many of those attacks target business end users. This means that any account that requires a password for access could conceivably be compromised should attackers gain access to its credentials. At Directive, we promote the use of multi-factor authentication (also known as two-factor authentication or 2FA) to mitigate some of the risk inherent with the use of password-based accounts in business.
Simple passwords are often the bane of a business’ existence. If you routinely use strings like Password, 123456, Guest, or Qwerty to secure an account, then you need to reexamine your password practices before they lead to a data breach. A good password can go a long way toward helping you in this effort.
We get it—nobody likes to think about the prospect of being impacted by a cybersecurity incident, but it’s like any other unpleasant event in that it is best to prepare for it. In fact, today’s businesses can invest in a cyber insurance policy to help prepare for such an eventuality.
Let’s go over some of the ins and outs of cyber insurance so that you are prepared to make the best choice of provider for your business.
While security researchers do their best to find security vulnerabilities in software and systems before they are actively exploited by attackers, they can’t be successful all the time. There are too many threats and too many variables to consider, and zero-day exploits are often discovered well after they are actively being exploited by threats. How can you keep zero-day exploits from impacting your business?
There is a scam going around that convinces organizations to pay for their Google Business Profile, and if you paid for this free service, you’ve fallen for the trick. Google is taking legal action against the scammers who have dragged their name through the mud, using Google’s notoriety to defraud businesses who just want to look competitive.
With so many threats out in the world, it’s no surprise that some of them target undiscovered vulnerabilities. These types of threats use what are called zero-day exploits to make attempts at your sensitive data and technology infrastructure. What is it about zero-day exploits that you must keep in mind during your day-to-day operations and in planning for the future?
It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.
Let me ask you a question: how much did you pay Google for your Business Profile? Unfortunately, if the answer was anything other than “nothing,” you’ve been scammed. Google has actually announced that they are taking legal action against scammers who impersonated the company in order to defraud small businesses.
For millions of people, the rubber ducky is a benign reminder of childhood. Depending on when you were a child, the rendition of Sesame Street’s Ernie singing “Rubber Duckie, you’re the one,” is ingrained in your mind every time you hear the term. Unfortunately, the Rubber Ducky we are going to tell you about today has only fond recollection for people who are looking to breach networks they aren’t authorized to access or deliver malware payloads that are designed to cause havoc.
I’m talking about when the heir to the Nigerian throne would reach out to your Hotmail account to help him secure his inheritance, or when an attractive woman or man you’ve never met before would email you out of the blue asking if you were single; spam has always been annoying, but back then, it was clearly just junk that could be ignored.
Today, it’s not so simple.
We aren’t going to try and pretend that the investments necessary to preserve your business’ data security are small ones. Especially at first glance, you may very well start to question if such an investment is truly necessary.
The simple fact of the matter is that, compared to the costs that a breach of privacy will incur, the investment you put into your security measures will suddenly seem like a real bargain.
It probably isn’t a question you’ve put much thought to, but tell me: who do you think feels the greatest impact from card skimming schemes, where a payment card’s data is captured so a cybercriminal can make use of the card’s associated account? While it isn’t a good situation for anyone, some are impacted more than others.
WhatsApp is one of the world’s most popular messaging applications. With over 2 billion users, WhatsApp is known for its relative security, as it is one of the few messaging applications that offers end-to-end encryption. A modified version of WhatsApp, called YoWhatsApp, has been reportedly deploying malware.
When it comes to your business’ cybersecurity, it can be too tempting to operate under the assumption that the few cybersecurity events you hear about on the news are all that happen. Unfortunately, this is far from actual fact. Let’s review some of the statistics that might change your impressions, especially if you hold the aforementioned assumption.
How Many of These Devices are in Your Office?
The more complex your technology is, the more secure you need to be. If it connects to the Internet, it needs to be hardened to prevent unauthorized access. Virtually any device can be an entrypoint for a cybercriminal or malicious software, but if you have any of these devices in your office, you need to take serious precautions when it comes to your security.
As Miguel de Cervantes wrote in Don Quixote, “...is the part of a wise man to keep himself today for tomorrow, and not venture all his eggs in one basket.” It was wise advice then, and it’s wise advice now—especially when it comes to your business’ network and your data security.
Let’s explore the concept of network segmentation, and how it can help to protect your business.
Sometimes the worst scams out there are the simplest ones. Hackers don’t need a fancy or complicated malware or algorithm to create chaos for your organization; all they have to do is convince you that the email you’ve received in your inbox is from someone of authority within your business. Let’s go over how a business email compromise is pulled off and why you need to be wary of threats like these.
Ransomware is one of the more dangerous threats out there today, and since it is so prominent and dangerous, it is a popular choice amongst hackers. To combat this threat, a community has formed around the cause, encouraging users to not pay the ransom by providing free malware removal tools for the most popular ransomware threats.
No matter how well you protect your network, chances are you’ll suffer from some vulnerability or another. That said, you can take considerable measures toward protecting your business so you don’t have to worry so much about them. Let’s discuss how your efforts today can protect your business now and in the future.
If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.
Due to the almost faceless nature of many cybercrime acts, it can be easy to see them as nothing more than the acts themselves, which is of course not true in the slightest. Behind these attacks are people, and where people performing illegal acts are concerned, there will always be concerns about other criminal acts which perpetuate the ones at the surface.
We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.
Spoiler alert: it’s really, really important.
At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.
Even if mobile malware doesn’t have nearly as much of a presence in the cyber threat landscape as other major threats like ransomware variants, it is still just as dangerous under the right circumstances. An Android banking malware called Sova, for example, has returned with a vengeance with additional features to make users’ lives miserable.
Not long ago, we shared some information about the New York SHIELD Act—Stop Hacks and Improve Electronic Data Security—and what it has changed in terms of business cybersecurity preparedness across the board. This time, we wanted to discuss all that we’ll do to ensure that your business remains compliant with this relatively new law.
How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.
This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.
Mobile devices have become a key part of our daily lives, to the point that many of us openly feel undressed without our phones. As a result, our phones go everywhere with us. However, it’s important to remember that some applications have requested access to our location information. Do all of these apps need to know precisely where we are?
User authentication is a critical security feature for a business, specifically because it helps to minimize a significant threat to your business. This is why we’re so adamant that you should require multi-factor authentication wherever it is available… but is a better way to authenticate your users on the horizon?
It’s easy to use the terms “patches” and “updates” as if they mean the same thing, and they are often used interchangeably within the same context. However, understanding the difference between the two can make a world of difference in terms of how you approach implementing each of them. We’re here to clear things up a bit and help you better understand the patches and updates you deploy on a month-to-month basis.
Okay, let’s say you’ve been infected by a ransomware attack, and (against our advice) you’ve elected to pay the ransom. That’s the biggest cost that comes with it, right?
Unfortunately, wrong. A ransomware attack comes with a lot more financial impact than just the payment the attacker demands. Let’s go over some of these other costs that can actually outpace that of the ransom.
There is always the possibility that you have been involved with a data breach and you simply have not been contacted by the affected party. Plus, if a hacker has managed to crack a website or service without being detected, you wouldn’t be notified in any case, either. Ask yourself this question: if I were to be involved with a data breach, how would I know it, and what can I do about it? And what is my data being used for anyway?
You might be surprised by some of the security breaches and vulnerabilities out there, including some for apps that you would never suspect, like Windows’ Calculator application. Hackers are always looking for new ways to infect endpoints, and nothing exemplifies this better than this particular threat, one which utilizes the Windows 7 calculator app to launch attacks against Microsoft operating systems.
Let’s begin by making one thing abundantly clear—all businesses and industries could potentially be targeted by ransomware, regardless of their size or target audience. However, as of late, some industries have been targeted more and more. Let’s examine some of the commonly targeted industries that ransomware is frequently waged against.
Let me ask you a few questions—first, how confident are you that you could spot an online ruse, and second, did you know there’s a stain on your shirt right now?
Did you look?
If so, you’ve just fallen for the school playground version of social engineering, a serious threat. Let’s discuss the kind that you’re more likely to see in terms of your business’ cybersecurity.
As a business professional, it’s your responsibility to protect your company’s digital assets from cybercrime, but the path forward is not always so easy or clear-cut. Without a thorough knowledge and expertise of IT security at your disposal, it can be challenging to protect your infrastructure as adequately as it needs to be. Here are some of the common issues that involve cybersecurity, as well as how you can address them.
Your business is your livelihood, so it only makes sense to invest in its protections so that your livelihood is secure. This will require a strategic approach. Let’s go over what your business needs to remain sufficiently secure, and what you should look for from each to get the best, most secure option.
Chances are pretty good that, by this point, you’ve heard of burnout—maybe you’ve even suffered from it before yourself—but, just in case you’re a remarkably lucky human being, it’s the phenomenon where your employees become disengaged to the point where their performance suffers. While this isn’t good in any facet of your business, it can be especially damaging in terms of your security.
Let’s get right to brass tacks. Your business is likely vulnerable to cybersecurity attacks. There are a whole lot of things you should be doing to protect your organization, but this one task is something you can do right now to save your business a lot of stress if something were to take down your network and cause a major disruption.
Insurance is a great asset, should you ever need it… including where your business technology is concerned. If you weren’t aware, there is a form of insurance—cyber insurance—that you can purchase in case your business suffers from a data breach.
Is this additional form of insurance worth the investment? Absolutely.
When we think about cybersecurity, we usually think about protecting our computers from viruses, right?
I’d imagine a few of our older readers remember a time when you would go to the store and buy antivirus software that came in a big brightly-colored box with a CD in it each year.
As you probably already know, things aren’t as simple anymore.
Anyone who has a mailbox or an email knows all about junk mail. We all receive Publisher’s Clearing House entries, calls about your car’s extended warranty, promotions for items and events that you swore that you discontinued by typing “STOP”, and just needless spam that you waste your time going through and deleting. We receive unsolicited messages every single day.
Mobile devices demand a special type of attention in order to ensure security. You want to ensure that your devices are protected as well as possible, but you also need to ensure that this does not come at the expense of your employees’ productivity or efficiency. We’ve put together a list of common security issues you might encounter when securing your mobile devices, as well as a couple of practices you can implement to work toward an adequate level of cybersecurity for your mobile infrastructure.
Businesses today have to deal with more potential problems than in any time in history. They are dealing with cost increases at every turn, personnel shortages, and a regulatory landscape that is always evolving. One of the biggest issues that can have a negative effect on a business is not having the processes and resources in place and working to secure its data and network. Today, we will look at five suggestions that can work to help your business keep its network and data more secure.
Security is an incredibly important part of running a business, but it’s extremely easy for busy employees to fall short of the security expectations you might place on them. This is why it is so important to train your employees on the many facets of cybersecurity. By training them, you are preparing them to tackle the plethora of challenges they will encounter throughout the workday.
We talk a lot about preventing threats from seeping into your company, and hoo boy, there are a lot of them. From ransomware to zero-day exploits to targeted social media attacks, there are a lot of threats out there that business owners need to be aware of. We’re not going to talk about any of those today.
Why? Because you, as the business owner, are likely a threat to your own business.
If you are a frequent reader of our blog, you know all about phishing scams. They are emails and messages sent that are designed to extort money and gain access to computers and networks for nefarious purposes. The popular IT support company Geek Squad, a subsidiary of Best Buy, is the latest company caught up in such a scam. Let’s take a look at how the scam works and how you can avoid becoming its next victim.
A quality surveillance system can help you keep an eye on your business when you aren’t there—a critical responsibility that warrants some serious deliberation if it is to be approached. With so many considerations to make, it is important to make sure that you are balancing your needs with the systems available to you.
Your network security is of the utmost importance to your business for numerous, hopefully obvious reasons. However, there are a few errors that are easy enough to make that could easily be the proverbial monkey wrench in the works. Let’s go over what these network security faux pas look like, so you can resolve them more effectively (and don’t worry, we’ll discuss that, too).