How to Destroy Data Properly

How to Destroy Data Properly

When we accidentally delete something, it feels like the end of the world. If a client file or new presentation is deleted, you may have to start again. Oh no! Yet deleting files is not as permanent as you may think. When it comes to destroying data properly, you’ll want to take a more thorough approach.

Deleting items, or “trashing” them, doesn’t permanently remove them from computer memory. While the data is still stored on your device’s hard disk, it’s possible someone could restore that deleted data.

Data does reach a point at which it’s no longer useful, and you are no longer required to maintain it. Nevertheless, it may still be valuable to cybercriminals. Bad actors can use names, addresses, credit card numbers, banking accounts, or health data. You need a policy to destroy paper records, magnetic media, hard drives, and any storage media.

Your obligation to protect customer and staff information extends to properly destroying all identifying data. Installing a new operating system isn’t going to do it. Encryption doesn’t do the job if the cybercriminal can figure out the password.

Some industries require you to prove you have correctly destroyed all data. Even if you have no compliance standards to meet, carefully dispose of any computer-related device. Whenever you are recycling, discarding, or donating an old computer, disk drive, USB stick, or mobile device, make sure the data is already properly deleted or destroyed. Otherwise, criminals could get their hands on confidential business information.

Fully, Safely Destroying Your Data

So, what do we mean by “properly” destroyed? You know about shredding paper documents. You can actually do the same with some devices. You might send the computer or device to a company with a mega-shredder. When compliance matters, keep a record of the chain of custody of the data throughout the process.

Overwriting the data, often called zeroing, is another solution. No data is properly deleted until it’s written over – that’s where the information is hidden under layers of nonsensical data and cannot be retrieved through disk or file recovery utilities. Think of this as writing three new books over the top of the pages of an erased book rather than just ripping the pages out.

With magnetic devices, you can neutralize the magnetism (degaussing) to break down the data. This scrambles up the data beyond recovery. A strong degausser will turn the device into a shiny metallic paper weight. An ultraviolet erase could be necessary for some erasable programmable memory. You might also need to perform a full chip erase.

If you’re really committed to destroying data, physically destroy the device. There’s the shredding solution, or you might actually pay to have the device smelted or pulverized.

Other Components to Destroy with Data

Don’t forget proper disposal of printers, too. Run several pages of unimportant information (maybe a font test) before destroying a laser p6rinter. With an impact printer (if you still have one!), you’d want to destroy all ribbons, too.

One last element you might think about? Business monitors. You’ve probably seen a computer screen with information burned onto it. Before donating or recycling a monitor, inspect the screen surface and destroy the cathode ray tube.

Now, that’s what we call being thorough about properly destroying data. Need help with proper disposal of computer data or equipment?

We can help. Contact our experts today at 504-323-7111

Want to know more?

Get in Touch with us

Locking Up Cybersecurity with a Managed Services Provider

Locking Up Cybersecurity with a Managed Services Provider

Cybercrime is not the most costly of illegal activities. That dubious distinction goes to government corruption, followed by drug trafficking. Cybercrime comes in third. Yet cybercrime does take the top spot when it comes to numbers of victims. A managed services provider can help.

Cybercrime has hundreds of millions of victims. Two-thirds of people online have experienced personal information theft or compromise. A 2018 McAfee Security study suggested that represents more than 2 billion individuals!

If any of those people works at your business, it could mean trouble for your security, too. Why? People tend to think they have too many passwords to remember. So, they use the same login information again and again. That means a criminal could leverage employee data to access business systems, too.

Cybercrime is a global problem for both individuals and businesses. The bad actors, after all, can make big bucks from their crime with low risk of discovery. The global cost of cybercrime is an estimated $600 billion a year. And no one and no business is immune.

More people are going online. Businesses are becoming more reliant on digital transactions. Cybercriminals are quickly adapting. They’re motivated, but are you?

Securing Your Business with an MSP

It’s safe to say your Information Technology team has a lot to do. Everyone at your office is working hard, but is cybersecurity getting the attention it deserves? Ultimately, there is no better way to keep your systems secure than with managed services.

A managed services provider (MSP) helps your business stay ahead of security threats. Finding out about risks or vulnerabilities after the fact is no good. That’s like closing the barn door after the prize stallion has already bolted.

An in-house cybersecurity team providing 24/7 protection isn’t workable for most businesses. It’s cost prohibitive for most small and mid-sized businesses.

Working with an MSP is a more affordable alternative. You avoid investing in the latest technology and building up an on-premises infrastructure. Instead, you pay a consistent fee for the MSP to handle technology patching, monitoring, and assessments.

The MSP uses well-tested, leading-edge tech to stay on top of cybersecurity threats. This strategic partner can:

  • set up security on your infrastructure;
  • oversee your company’s security systems;
  • ensure regulatory compliance;
  • track threats 24/7;
  • maintain strong data protection.

An internal IT team oversees many areas, but the MSP focuses on continuous monitoring. It keeps up to date on the global threat landscape and any industry vulnerabilities.

Still not convinced that paying an MSP is worth it? The average cost of a lost or stolen record was $148 per record in 2018. You might view working with an MSP as paying for insurance. With ongoing monitoring an MSP helps your business avoid security breaches. And their devastating costs (including to productivity, compliance, revenues, and brand reputation).

This extension of your security staff helps maximize resource efficiency. And their day-to-day focus is on reducing risk and minimizing damage from cyberthreats. With an MSP you add dedicated security experts to your team. Secure your technology while gaining advanced threat intelligence and customized security strategies.

A managed services provider identifies vulnerabilities and secures your business environment. Stay ahead of cybersecurity threats with an MSP. Find out more today!

Call us at 504-323-7111

Want to know more?

Get in Touch with us

Handle with Care: Sending Data Securely

Handle with Care: Sending Data Securely

In our digital economy, we send and receive information quickly online. The Internet offers immediate communication with colleagues, clients, vendors, and other strategic partners. Yet we shouldn’t prioritize convenience over data security.

What data do you send in a day’s worth of emails? Sensitive data you send might include:

  • personally identifiable information (PII);
  • credit card or payment card information;
  • attorney–client privileged information;
  • IT security information;
  • protected health information;
  • human subject research;
  • loan or job application data;
  • proprietary business knowledge.

The problem is people sending without thinking about the security of the transmission. One way to gauge the need for security is to consider how you might send that same information via the postal service. Would you put that data on a postcard that anyone could read? Or would you send a sealed, certified mailing and require the recipient’s signature?

Transmitting data on the Internet in plain text is like the postcard – anyone can read the information. And before you think that no one can actually see your data in transit, think about where you are sending from. Your office network may be password protected and secure, but what if someone waiting for their coffee at Starbucks opens the message using the free Wi-Fi network?

Anyone can intercept communications on open networks with the right tools. This type of cyberattack is common enough to merit its own name: a “man-in-the-middle” attack.

So, how can you stay safe when sending sensitive data?

Embrace encryption. Encrypting the data is like sending that sensitive information in a locked box. Encryption encodes the information to add a level of security. If encrypted data is intercepted, the scrambled data is unreadable by unauthorized users. Only a user with the correct decryption key can access the text.

Encryption also provides additional confirmation that the information is coming from a reliable source.

Your business should also require Secure File Transfer Protocol (SFTP) for sending and receiving large or numerous digital files. You may have heard of FTP, but this file transfer protocol is not encrypted. SFTP is the secure version of FTP, as it encrypts the files in transit. If a nefarious entity does intercept the files, it won’t be able to read them without the decryption key.

Specifically, encourage your employees to:

  • use encrypted email only (common providers such as Gmail and Outlook support it; others require third-party apps or services);
  • encrypt files before sending to the cloud (in case accounts are breached or services hacked);
  • never open business communications on unsecured Wi-Fi networks;
  • keep good track of laptops and other portable devices and use drive encryption in case – with encryption, a lost laptop or stolen thumb drive is more secure, and criminals will have a difficult time stealing sensitive information, too;
  • control data access – grant permission to view, edit, or send files with sensitive information only to users who need that data for their jobs.

Managed service providers help your business decrypt how to send its sensitive information. Turn to experts in cloud services and IT security to learn how to securely send and receive data.

Contact us today at 504-323-7111!

Want to know more?

Get in Touch with us

Island Hopping: Not Always a Good Thing

Island Hopping: Not Always a Good Thing

The phrase “island hopping” conjures up positive images. You might think of cruising beautiful sandy beaches on a tour of tropical islands. Too bad cybercriminals have given the term a new, less pleasant spin.

Island hopping is an increasingly popular method of attacking businesses. In this approach, the cybercriminal targets a business indirectly. The bad actors first go after the target’s smaller strategic partners. So, vendors or affiliates, who might not have the same level of cybersecurity, become stepping stones to hop.

Attackers might hack into smaller businesses handling the target’s HR, payroll, accounting, healthcare, or marketing. Then, they take advantage of the pre-existing relationship to access the final destination.

Humans are trusting. Cybercriminals exploit that. With island hopping, attackers leverage the trust established between strategic partners.

It’s quite simple: attackers gain access to Company A and send a counterfeit business communication to Company B. Company B, knowing the sender, is less likely to question a download link or opening an attachment.

After all, it’s not coming from a stranger; it’s a message from perfectly pleasant Jenny at Company A. You may have in the past already shared logins to various sites/portals, or passwords to unlock zip files.

The Rise of Island Hopping

This is not a brand-new form of attack. In fact, it’s named after a military strategy which the United States used in World War II to establish a stronghold in the Pacific Islands.

Perhaps the best-known island-hopping cyberattack was seen in the United States in 2013. Retail giant Target was the aptly named target of a point-of-sale system breach. Hackers stole payment information from 40 million customers. The first “island” in the planned attack was Fazio Mechanical Services. The heating and refrigeration firm suffered a malware attack shortly before Target’s breach. Fazio’s hackers stole email credentials needed to access the retailer’s networks.

As enterprises continue to strengthen their cybersecurity, it’s predicted that island hopping will gain momentum. According to Accenture’s Technology Vision 2019 report, less than a third of businesses globally know how strategic partners secure their networks. A majority (56%) rely on trust that business partners would uphold security standards.

Preventing Island Hopping

You may be one of the islands to hop or the attackers’ final destination. It depends on your business size and industry. Either way, your business is vulnerable to malware attack, infected systems, or a data breach. Plus, if you’re the stepping stone, you’re likely to lose the target company’s business, too.

How do you prevent island hopping? First, secure your own networks and systems:

  • Follow best practices to detect and identify vulnerabilities and reduce risk.
  • Educate your employees about the dangers of business communication scams.
  • Raise awareness of phishing schemes and social engineering.
  • Require two-factor user authentication.
  • Change all default, generic, or predictable passwords.
  • Keep security up to date (patching and system upgrades are mandatory).
  • Control who can access your networks and servers.
  • Protect all endpoints (including employee devices in a Bring Your Own Device workplace).

When it comes to cyber island hopping, your business doesn’t want to be a layover or the final destination. Keep your cybersecurity borders tight to avoid unwanted visitors.

Want to make your business inhospitable to island hoppers? Work with a managed service provider. They can help assess cybersecurity, provide a plan to reduce risk, and upgrade technology. Let us support your efforts to fend off unwanted tourists.

Give us a call on 504-323-7111.

Want to know more?

Get in Touch with us

Do Macs Get Viruses?

Do Macs Get Viruses?

Many Apple owners believe their Macintosh computers are immune to viruses. Apple itself has run ad campaigns promising its computers “don’t get viruses”. And those who have owned a Mac for years, decades even, are particularly prone to believing. After all, nothing’s happened to them yet. Regrettably, Macs do get viruses, and the threat is growing.

For a long time the argument was that cybercriminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows.

Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.

The research reflects the reality. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by total number of distinct vulnerabilities. Apple TV and Safari also made the list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac malware in 2017 than in any previous year”. By the end of 2017, the cybersecurity firm had counted 270% more unique threats on the Mac platform than in 2016.

Finding Apple’s Weak Spots

It’s obvious then that bad actors are no longer steering clear. They are actively looking for ways to exploit Macs.

A common approach is to use Trojans. Named after a gift wooden horse that hid an army, Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and open the gates to the cybercriminal.

In 2011, for instance, a Trojan called “Mac Defender” took advantage of people’s desire to protect their computers. The fake program appeared to be anti-virus software. Once the users installed it, they’d get an onslaught of pop-up ads encouraging them to buy more fake software.

Trojans get through the gates because you let your guard down. You are taken in by that supposed note from a long-lost friend. You think you want to see that pic of that famous celebrity. All it takes to stop this type of attack is suspicion of everything you might install or download.

A business would want to educate its employees about the importance of:

  • clicking on emails with care;
  • validating the source of any files they plan to open;
  • checking a website’s URL (being especially wary of those with less common endings such as .cc or .co);
  • questioning any promises of Ray-Ban sunglasses for 90% off or the latest iPhone for $29.99.

A new threat comes from within the Mac App Store, according to Thomas Reed, a Mac security researcher. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Reed found that cybercriminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.

Key Takeaway

Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe.

Find out what you can do to protect your Macs and guard against threats. Partner with a managed services provider to gauge your security levels.

Call us today at 504-323-7111!

Want to know more?

Get in Touch with us

3 Steps to Securing Cloud Data

3 Steps to Securing Cloud Data

Businesses are no longer confusing the cloud with those puffy white things in the sky. For many, the cloud is a backbone business tool. Yet, some worry about storing their data on the Internet using cloud technologies. Consider these approaches to boost business confidence in cloud data security.

#1 Encrypt Business Data

The cloud is a lucrative potential target for cybercriminals. Many enterprises have turned to this technology. In North America, nearly 60% of enterprises now rely on public cloud platforms. That’s a fivefold increase over five years, according to Forresters’ Cloud Computing 2019 Predictions.

Some cloud service providers will promise to encrypt your data in transmission. Take this precaution further by encrypting data before it’s sent to the cloud. Encrypting data turns it into another form of code. Only the person with the correct password can decrypt it. If you use a modern encryption standard, it will be extremely challenging for a hacker to break the code.

Plus, encrypting on your end first ensures the cloud storage provider only stores encrypted data. So, if their storage gets hacked, or one of their employees goes rogue, they aren’t able to read your business data. That is unless they have the decryption password. Make sure the password is strong. Don’t be one of those people still using password or 123456789!

#2 Have a Backup

Many businesses store data on the cloud as a precaution to have redundancy. Yet, it’s a good idea to have another backup copy offsite too. Just in case.

In some cases, businesses have migrated almost entirely to the cloud. All their software and files live on the cloud and they have no other copy. Don’t let this happen to you. We recommend the 3-2-1 backup strategy. This means, even for cloud-reliant businesses, having 3 copies of your data. One would be on the cloud. The other two (2) would be on different devices (e.g. on your local computer and on a backup drive).

#3 Know your Responsibilities

The cloud is a shared technology model. Partner with a cloud service provider with stringent security. At the same time, don’t count on the cloud provider to do everything. Clearly identify security roles and responsibilities. The Cloud Security Alliance reminds us that this can depend on the cloud model you’re using:

  • Software as a Service: The provider is largely responsible for security. After all, the user can only access the applications.
  • Platform as a Service: The cloud partner secures the platform. Your business must configure its own security for anything implemented on the platform. This includes securing the database, managing account access, and authentication methods.
  • Infrastructure as a Service: You’re responsible for everything built on the provider’s infrastructure. They will likely monitor their perimeter for attacks, but the rest is your job.

Cloud technology offers several advantages:

  • Enables IT to scale without investing in equipment, software, employee training, or taking up valuable office footprint
  • Offers peace of mind that data will always be available regardless of conditions at a particular business location
  • Provides up-to-date technology users can access from any device, anywhere, anytime as long as they have an Internet connection

The cloud revolution has come. When you join the ranks of those migrating data to the cloud, do so with these safety suggestions in mind.

Need help securing your data? Whether you’re backing up locally or on the cloud, give us a call at 504-323-7111.

Want to know more?

Get in Touch with us