Get in Touch

Are your Business Passwords Already Up for Sale?

Over the past 12 months, I have personally spoken with over 100 Australian business owners, and found that a whopping 42% have had at least 1 Ransomware Attack or Data Breach.

I am sure you’d agree – that is just shocking. Stop tolerating….

How is this happening?

Employees, left to their own devices, don’t know how to manage passwords. This results in them being easily hacked, sold on the dark web and leaving your business as an easy target for ransomware / data  breaches.

Another independent survey* showed:

  • 60% of employees use their business accounts (often their email address) and the same passwords for everything (including for personal purposes).
  • 81% of data breaches are due to weak, default or stolen passwords
  • Worse yet, the passwords were the same as on the survey conducted last year!
  • Is your password on this list below? (link to post

Note :  Criminals read the same surveys

Once a username and password is known it is extremely valuable and likely to be useful for some time…

But what if the breach has already happened?

How would you know? What user accounts and passwords are already compromised?

Sensible Business Solutions today launches a brand new Dark Web Search service that continuously monitors the dark web for user names and passwords that are currently offered for sale and how the breach occurred.


Call Me : Kevin Spanner at Sensible to find out more on 1300-SENSIBLE (736-742)


* Survey By Keeper Security

*Not familiar with the term “Dark Web”?

There is a large portion of the internet that is not indexed by search engines like Google. This is the “Deep Web.”

The US Government created this more secure (and usually encrypted) area of the Internet. It quickly became a preferred communication channel for privacy-conscious individuals, organisations and governments to share data, without detection.

However, criminal organisations now use the deep web as a platform. The term “Dark Web” describes the pockets of the deep web that are used to buy, trade and exploit illegal items (AKA Silk Road, etc.) and illegally acquired data (credit cards, passwords, etc.).

Traditional ransomware like WannaCry has been explained a thousand ways on a thousand blogs. But one thing you may not have thought about is what ransomware would be like if it infected your mobile device. Read on to learn more.

How does ransomware make it onto your Android device?

Like its desktop equivalent, mobile ransomware needs to be installed on your device before it can do damage. For Android devices, this means mobile apps that hide their true intent. There are two ways to install programs on your mobile device: downloading them from app stores like Google Play and Amazon Appstore, or downloading them directly from websites and email links.

Surprisingly, both come with risks. Unverified sources often advertise free apps that hide malware, and the best of these can occasionally avoid detection and be allowed into monitored app stores.

What does mobile ransomware look like?

Similar to ransomware on personal computers, mobile ransomware holds data stored on your device hostage and demands ransom. For example, in the case of a ransomware that came with the "OK" app, a popular Russian social network platform that was infected earlier this year, a user is prompted to change device settings. There is no option to close the prompt and tapping Accept locks everything down and leaves you with nothing but a ransom note.

How to protect yourself from mobile ransomware

First and foremost, avoid downloading apps directly from websites or third-party app stores. Additionally, make sure you turn on Google’s security system -- Verify Apps -- which scans all the apps about to be installed on your device for potential threats. You can do so by opening your Android's settings, choosing Security, tapping on Verify Apps, and activating ‘Scan device for security threats’.

Second, install antivirus software on your device and keep it up to date.

Third, back up important files from your device to either a USB disk, a computer, or any cloud-based services. This way, you won’t lose your valuable data if you are forced to factory-reset your device.

Last, if ransomware made its way into your device, don’t pay. According to IT security company ESET, mobile ransomware very rarely includes programming to reverse the damage it has done.

Losing any type of data is an enormous inconvenience, but businesses need to be especially careful about careless employees. Data loss could result in lawsuits or regulatory fines, so it’s important that you know how to safeguard your Android against ransomware.

For more in-depth advice on how to protect yourself and your business from this threat, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

I had the craziest experience this week.

A business owner we spoke with had a ransomware attack on Monday, and his entire team of 100 staff got locked out of their network.

Clearly his current IT infrastructure wasn’t up to scratch, which lead to this problem and his team’s productivity going out the window, costing him thousands in lost revenue and hard wage costs - essentially he was paying for an empty office.

His current IT company (which let the problem into his network), scrambled on a fix and managed to get him back up and running the next day.

The most shocking thing here wasn’t that his IT company didn’t have his protection up to scratch ... it was the comment he made to us:

“It only took 1 day for our IT company to fix it and get us back up and running... Wasn’t that good! We feel no need to change providers.”

This blew my mind.

How can a small business owner:

1. Continue to pay a provider that’s not keeping their IT up to date with best practice?

2. Accept a full 8 hours of productivity loss, across 100 staff. That is at least $30,000 of wages that result in ZERO productivity for the day?

3. Then think that 8 hours to resolve the problem is a good result!

4. Want to stick with a company that caused all this headache, loss of revenue and $30,000 expense?

5. Keep operating the same way, with the possibility of having to tolerate it again?

Is this what the IT industry has come to? Is this the accepted expectation levels?

We’re really proud to be able to say that not a single client of ours has ever lost 1 hour of productivity due to Ransomware or Virus attacks.

I know it may be hard to believe, but it’s the lengths we go to, and the expectation we set for our clients.

Has this happened to you?

Do you think you’re settling too?

Do you no longer want to settle?

If you can spare 4mins, I would love to hear about your experiences or expectations around this – it’s been bugging me all week!

Stop Settling!

Last week’s massive ransomware outbreak called WannaCry that affected over 150 countries and dominated the news headlines globally was just the beginning.... We expect newer, more malicious versions any day.

This event had a massive impact everywhere, including the National Health Scheme in UK, blocking all access to patient records. Imagine what it could do to your business?

Ransomware is malicious software that blocks and encrypts computers and files (including backups) until a ransom is paid to organised crime. It spreads very easily across networks.

Organised crime reaped over USD $300million from one ransomware variant in 2016 alone. No wonder they invest in newer techniques every few months to trick people into running malicious software.

The result of such an attack may be complete loss of access to the data on all of your connected computer systems and your backups.  The resulting damage to your business, customers, suppliers and employees could be catastrophic.

Paying the Ransom doesn’t work !

Paying the ransom may often seem like the only option but it is no guarantee that the ransom won’t be increased or the damage reversed or a backdoor left open for future attacks. Contrary to opinion, Telstra’s latest Cybersecurity Report showed that in 2016 less than 1/3 of people retrieved their data after paying the ransom.

Smaller Businesses are being Targeted

Wannacry was a general attack on all vulnerable users / computers around the world.  No business is immune. Small and medium sized businesses, who often think they are too small or unimportant to be targeted are increasingly seen by criminal organisations as ‘soft targets’.

In fact, smaller enterprises like yours probably don’t have the scale and resources of larger enterprises like the UK’s NHS to survive an attack. It’s even more vital you protect yourself.

Traditional Anti-Virus Software Is NOT enough

In recent months it has become clear that conventional anti-virus solutions, though reasonably adequate to date have been far out-paced by the capabilities of modern malware.

To stay protected from the latest ever sophisticated “threat landscape” requires a proactive, managed and continually evolving solution.  These attacks can only be mitigated if continually updated layers of systems and processes are maintained to keep pace.  This is called “Active Defence in Depth”.

Until recently, this was beyond the reach of businesses of your size.

Cybersecurity Protection is Now Affordable

We have launched a Free Report on how you can start protecting your business. The 10 Most Critical IT Security Protections Every Business Must Have In Place NOW.

The WannaCry attacks are a wake-up call and urgent reminder of the ever present threat that is only one click away.  Please remember that should your data be compromised the subsequent disruption to your business could be an expensive, even disastrous test of your current defences.

ACT NOW !

“Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” That’s what The Evolution of Ransomware, a study by California-based cybersecurity firm Symantec, reported recently.

If you have any illusions that your company is safe from cyber-attack in 2017, consider just a few findings stated in a recent report by the Herjavec Group, a global information security firm:

  • Every second, 12 people online become a victim of cybercrime, totalling more than 1 million victims around the world every day.
  • Nearly half of all cyber-attacks globally last year were committed against small businesses.
  • Ransomware attacks rose more than an astonishing 300% in 2016.
  • Known corporate data breaches in 2016 include: Australian Red Cross, Telstra, Dropbox, JB HiFi, David Jones, Domino's Pizza, Snapchat, Tumblr.
  • The world’s cyber-attack surface will grow an order of magnitude larger between now and 2021.
  • In 2016, The Australian Federal Government estimated that known losses from cybercrime cost Australians more than $1 billion in 1 year.
  • There is no effective law enforcement for financial cybercrime in Australia today.

Clearly, your company’s information and financial well-being are at greater risk than ever in 2017. And you cannot count on the federal or state government or local police to protect your interests. That’s why I STRONGLY SUGGEST that you implement the following resolutions starting TODAY.

Resolution #1: Tune up your backup and recovery system. The #1 antidote to a ransomware attack is more frequent and up-to-date backup copies of all your data and software. Yet managing backups takes more than just storing a daily copy of your data. For one thing, if your business is at all typical, the amount of data you store grows by 35% or more PER YEAR. If your data management budget doesn’t expand likewise, expect trouble. What about important data stored in cloud solutions like dropbox?

Resolution #2: Harness the power of the cloud—but watch your back. Huge productivity gains and reduced costs can be achieved by making full use of the cloud. Yet it’s a double-edged sword. Any oversight in security practices can lead to a breach. Here are two things you can do to harness the cloud safely:

  • Determine which data matters. Some data sets are more crucial to your business than others. Prioritise what must be protected. Trying to protect everything can take focus and resources away from protecting data such as bank account information, customer data and information that must be handled with compliance and regulatory requirements in mind.
  • Select cloud providers carefully. Cloud vendors know that data security is vital to your business and promote that fact. Yet not all cloud vendors are the same. You can’t control what happens to your data once it’s in the cloud, but you can control who’s managing it for you.

Resolution #3: Set and enforce a strict Mobile Device Policy. As BYOD becomes the norm, mobile devices open gaping holes in your network’s defences. Don’t miss any of these three crucial steps:

  • Require that users agree with acceptable-use terms before connecting to your network. Be sure to include terms like required use of hard-to-crack passwords, conditions under which company data may be “wiped” and auto-locking after periods of inactivity.
  • Install a Mobile Device Management System on all connected devices. A good system creates a virtual wall between personal and company data. It lets you impose security measures, and it protects user privacy by limiting company access to work data only.
  • Establish a strong protocol for when a connected device is lost or stolen. Make sure features that allow device owners to locate, lock or wipe (destroy) all data on the phone are preset in advance. That way, the user can be instructed to follow your protocol when their phone is lost or stolen.

Resolution #4: Ensure you have the latest Security Technology Layers in place. The fact is that attacks are becoming more sophisticated every month. Do this at least:

  • Ensure all of your staff are regularly trained and tested on the latest threats that are designed to trick them on clicking on the wrong things. (It's just not email any more).
  • Replace traditional antivirus software with systems that monitor program behaviour.
  • Implement systems that block unusual web links (even in online advertisements).

Free Network And Security Audit Resolves Your Biggest Data Security Problems and Makes Your Systems Run Like A Fancy Swiss Watch

Ever asked yourself why some business owners and CEOs seem so blithely unconcerned about data protection? Don’t let their ignorance lull you into a false sense of security. If you’ve read this far, you are smart enough to be concerned. Contact us today at 1300-SENSIBLE (736-742) or info@sensible.com.au and we’ll send one of our top network security experts over for a FREE Network and Security Audit. It’s your best first step to a safe and prosperous 2017.

Sales
Support
Email
SHOPCUSTOMER SUPPORT CENTREEMAIL SUPPORT
Sensible Business Solutions © 2021 All Right Reserved
Privacy Policy
magnifiercrossmenuchevron-down