Protecting your networks, devices, applications and data for attack, damage or unauthorized access.

Develop ‘Security Champions’ For Successful Enterprise Security Scalability

What steps have you taken to create an internal team of security champions to support your security strategy? The idea is to create “front-line support”.

Ian Amit writes, “These advocates know their businesses better than any of my security engineers could, and they are deeply embedded in their organization’s culture. And, as a result, they can provide the best context for security decisions. Our role is to equip them with our services and security expertise.”

Make your employees security assets, rather than security liabilities.

Read More…

Results Matter Cloud Services can help with coaching, education, and more. Contact us today.

Basics: How to Reduce Ransomware Risk

Ransomware attacks happen more than you think.  This is why we keep talking about.  Even just doing the basics can reduce your risk.

This article from Entrepreneur magazine are just a few of the tips you’ll get when you read this blog by Robert Siciliano.

Read More…

Advanced threat protection is important, too. Contact Results Matter Cloud Services to learn about your cyber security options.  Our Email ID Shield solution delivers proactive monitoring for compromised credentials.

Is Your Company Secure?

With over 250,000 new malware samples being created and spread every day, Results Matter Cloud Services helps keep your organization secure 24/7. Microsoft 365 and the intelligent cloud can help you protect, detect and respond to today’s modern security landscape.

As a fully integrated, end-to-end solution, Microsoft 365 helps you address new risks and opportunities and drive digital transformation to empower everyone from the executive office to first-line workers. More information is in the infographic below.

Beyond Microsoft 365 we also have services that address compromised credentials on the dark web. What is the Dark Web? Learn more here.

Contact us today to learn more about cybersecurity, Microsoft 365, or the Dark Web.

Is your company secure?

 

Ransomware Attacks Target Municipalities

If there’s one organization you tend to trust with your information, it’s the government. The truth is though that many municipalities are simply not doing enough to protect themselves, and your data. Ransomware attacks are targeting municipalities due to their valuable information and security vulnerabilities.

Canadians and American Municipalities Both Affected

The following are some of the Canadian cities that have had cyber attacks occur since 2018:

  •             Cambridge, ON, CAN
  •             Stratford, ON, CAN
  •             Wasaga Beach, ON, CAN
  •             Midland, ON, CAN
  •             Regina, SK, CAN
  •             Mekinac, QC, CAN

Recorded Future Blog compiled a list of American cities and public services hit by ransomware starting in 2013. The image below shows 2018 onwards, which is almost half of the list.

Table of US Municipalities that are Targets of Ransomware Attacks

Almost half of the ransomware attacks on US cities since 2013 have occurred in the past year and a half.

More Than Pennies

On May 7, 2019, the City of Baltimore, MD was attacked for the second time in 15 months. This resulted in disruptions to the city systems for over 2 weeks. The expected cost of the attack to Baltimore is $18.2M. The city now looks to rebuild their systems and make up for lost revenue. It is not hard to imagine that Canadian municipalities are also at increased risk for ransomware attacks.

Are You Prepared for the Consequences?

As a small business owner, or member of government, how long are you willing to allow your systems to be down for, and how much money are you prepared to lose? Have you considered the money lost during the time the business is down? The money required to rebuild critical systems? Ransomware attacks are becoming increasingly creative, and cities need to consider that any of the following could happen to them:

  • Locking out of city employees from email accounts
  • Locking out of city employees from phone systems
  • Shutdown of 911 system
  • Loss of police footage potentially affecting future cases
  • Inability to complete real estate transactions
  • Inability to pay parking tickets, taxes

Some Cities Are Stepping Up

In light of all of this, municipalities such as Fredericton, NB have taken steps to protect themselves by partnering with local companies to improve their cyber security and business continuity plans before a crippling cyberattack occurs. In this case, Fredericton approved spending of upwards of $100,000 per year for 3 years. With proper preparation, municipalities can better protect themselves and their citizens, and limit their damages and downtime in the event of an attack.

Proactive Dark Web Monitoring: What You Can Learn From The Target Corporation Data Breach

5 Cyber Security Tactics for 2019

Cyber security issues were more severe than last year. The number of attacks and breaches increased as did the tools and processes for defending against them.

The number of police-reported cybercrimes in Alberta has increased by 185% between 2014 and 2017, according to a recent Statistics Canada report. This represents the largest increase in Canada.

Here are some of the numbers for 2018:

    • Marriott Starwood Hotels reservation system, personal information of 500 million customers over four years
    • Bell Canada hackers accessed personal information of around 100, 000 customers
    • Bank of Montreal and CIBC’s Simplii Financial were hacked
    • Ransomware attacks on the municipalities of Wasaga Beach and Midland, Ontario, along with Mekina, Quebec

More challenges require us to adopt multiple tactics.

Cyber security spending is increase at a rate of between 9 and 12 percent each year.

  1. Have a Plan: Know how you will recover from ransomware because we are all targets.
  2. Create a Security Culture: Make security a core value. Building security in at the start, leaders that are engaged, and holding teams accountable for compliance are part of creating the culture.
  3. Adopt MFA: Multi-factor authentication is needed beyond more than just VPNs and privileged accounts.
  4. Use a Password Manager: This will ensure unique passwords across platforms and ensure business credentials are different from personal ones.
  5. IT and Business Aligned: Ensure the team managing your IT security has solutions aligned with the RTO (recovery time objective) and RPO (recovery point objective) that meet your business needs.

We have to fight against complacency and keep working at it.

 

Sources:

Cyber Security Awareness Month – Week 2, Buy Safe

The theme for week 2 was Buy Secure. It is important to buy devices and applications from suppliers that are reptubable. It is important to figure out if you can trust the app developer and to have a process for evaluating applications.  Learn more at Stay Safe Online or Get Cyber Safe from the Government of Canada.
infosec security cyber informationsecurity securityawareness #CSAM

October Is Cyber Security Awareness Month

The theme for week 1 was cyber security is our shared responsibility. Bringing this topic up more right can have a big payoff. It is easy to get complacent with the Facebook breach from last week for example. We have to keep at and be consistent in our message of the sensible things we can all do to be more secure. Learn more at https://staysafeonline.org/.

Facebook Data Breach: 3 Things to Do Now

facebook-app-results-matter-cloud-services-source-pixabay-lobo-studio-hamburg

The security breach was announced on September 28 by Facebook and affected at least 50 million users. The attackers exploited bugs in the platforms “View As” privacy feature, which occurred in July 2017, when Facebook introduced a new video uploader.

The uploader feature appearing as active in the “View As” feature and created an access token, which was not supposed to happen. Access tokens provide a key to keep users logged into their accounts and to provide access to other platforms. This is a convenience to reduce the need to enter login credentials.

What to do now? Reconsider the use of the Facebook login feature. Using the login feature of platforms or reusing the same password across various is not work the risk taken for the small amount of convenience.

Check your privacy settings and credential recovery options on Facebook and your other platforms. Ensure you know how they are configured and update them. Facebook had a security update post in their developer’s blog suggesting user visit the “Security and Login” tab on the sites settings menu to review platforms connected through Facebook.

Change your password to something hard to guess and unique.  This breach apparently did not get passwords but access tokens instead. It will do no harm to update your password on Facebook and your other platforms.

Enable 2FA (two-factor authentication) using a third party app like Google Authenticator or Authy, both of which are free. Two-factor authentication requires you do something to verify identify beyond supply a password. There is the option to receive an e-mail or text message but using an app may reduce the risk from the 2FA messages being intercepted.

Turning on notifications for every login to your accounts across platforms could seem like over kill, in the beginning. It does settle down once you establish the pattern of where and when you login. Knowing that helps to keep you informed.

Sources

  • https://www.darkreading.com/threat-intelligence/when-facebook-gets-hacked-everyone-gets-hacked/d/d-id/1332953
  • https://www.fastcompany.com/90245345/facebook-data-breach-4-simple-steps-to-stay-safer-right-now
  • https://www.fastcompany.com/90219499/att-gets-sued-over-two-factor-security-flaws-and-23m-cryptocurrency-theft
  • Image: Pixabay, LoboStudioHamburg

Passwords Must Be Unique For Each Website or App – MyFitnessPal

The MyFitnessPal app suffers a data breach. What does that have to do with your business? You need to make sure you continue to educate your work team about the importance of having different passwords for accounts you use for work vs accounts you use personally.  If a member of your team used the same password to access MyFitnessPal as is used to access websites related to work, you could be at increased risk.

The 3 things you need to do:

  1. Discuss passwords with your team. Moving from awareness to action improves when you can make it real. This is real.
  2. Have a common sense security policy that is understood, implemented and test it. Moving to compliance starts with education and repeat offenders need to be treated seriously.
  3. Review your security strategy. If you don’t have a strategy for cyber security you will only be able to react. Being proactive gives you more options.

#MyFitnessPal #Databreach