26 Apr 2019

Digital Disasters Happen: Do You Have a Cyber Attack Plan?

We live in an online age. As a business owner, you rely on your computer systems to keep your company running. Unfortunately, with an increased reliance on computer networks comes the increased risk of cyber security incidents.

You might think that data breaches, stolen credit card information, and ransomware attacks won’t happen to your business, but cyber criminals target businesses of all sizes in all industries. When disaster strikes, preparation can make a major difference in how these situations play out.

Why Do You Need to Be Prepared?

You might think that your company isn’t at risk of a cyber attack, but every business today faces the risk of a cyber attack. Cyber criminals target the information systems of any business. Annually, nearly 70% of Canadian organizations face some form of cyber attack. To guard against the threat of cyber attacks, many businesses will:

  • Increase online security
  • Educate employees
  • Have ongoing cyber monitoring
  • Stay on top of current cyber trends and threats
  • Invest in cyber insurance

These actions all help mitigate your risk, but sometimes risk management isn’t going far enough. Every business also needs a cyber plan. In case of a cyber attack, this action plan can guide your company through the aftermath.

Create an Incident Response Plan (IRP)

Cyber attack preparedness means having a plan in place. An Incident Response Plan (IRP) should help your incident response team know how to respond and react in the event of a cyber incident. This plan will need to be reviewed and refined over time, but it should generally:

  • Assess your business needs by considering your key assets, potential weak points, and what data is at risk. From this you can determine where to focus your plan and your security efforts.
  • State which employees or departments will look after potential incidents and what each team member’s role will be. This will help you train employees in case of an attack and help them know how to react during an event.
  • Set up a detection and monitoring system so you can catch malicious software as quickly as possible.
  • Define the difference between a major and minor incident and lay out the different processes for each.
  • Lay out recovery steps. Explain how you’re going to remove the infection and deal with the recovery actions. You’ll need to have several different scenarios laid out. Try creating general guidelines and considering the attacks you’re most likely to experience.
  • Decide on your follow-up actions. How will you explain to customers that their information has been compromised? What steps will you take with employees to help education and prevent future attacks?

This is a very general outline of an IRP; you’ll need to go more in-depth based on your specific business so that your team knows exactly how to respond, no questions asked. Having this plan ensures your team can act quickly in case of a cyber attack. Remember that every business faces unique cyber risks. So make sure to take the time to consider your businesses specific risks so you can tailor your IRP to your company’s needs.

 

While you never want a cyber incident to occur, it’s better to be safe than sorry. Having an incident response plan in place will help your business know how to respond and help you recover from an attack much faster than you would without it.

At Alt Tech, we can help protect your business from online attacks. From around the clock monitoring to data recovery, we help give you peace of mind online. Contact us today to find out more about putting a specific IRP in place for your business.

Share this
22 Feb 2019

The Biggest Cyber Attacks of 2018

There are over a million people online, and every day there are people and companies that fall prey to cyber attacks. While security researchers are always working to keep our information safe, hackers are always looking for new ways to steal it. That means there’s always a major risk for cyber attack for companies operating online. 

2018 was a big year for security breaches in Canada, the United States, and abroad. A lot of companies experienced breaches that affected millions of people. We like to keep an eye on what’s going on in the IT world, so we’ve created a list of some of the biggest cyber attacks 2018 saw, as well as some advice to help businesses avoid breaches in 2019.

Quora

The popular question and answer website was hacked this year, affecting as many as 100 million users. A malicious third party hacked into the website, gaining access to users’ names, email addresses, profile information, and passwords. Very little has been said about this attack outside what information was compromised.

British Airways

The British airline had to deal with a massive online attack when criminals hacked into the airline’s booking records. This affected records on both the website and the app. Hackers gained full access to traveller’s personal information. This included about 380,000 people’s credit card information. The airline made sure to notify people about the breach as soon as possible.

Marriott

This year Marriott was informed of an information breach that had been occurring since 2014. In this case, thieves had access to the payment cards, personal information, passport numbers, and travel information of over 500 million people. Because of this, authorities believe it could have been the work of nation state hackers.

Facebook

This well-publicized hack affected over 87 million users of the popular social network. Stolen information included people’s personal information such as relationship status, birthdate, and employer. While this breach actually occurred a couple of years ago, the information just surfaced in 2018. Due to that delay, many users are upset about Facebook’s lack of transparency.

Protect Your Company

You probably won’t experience a data breach as large as these companies, but having your information hacked could cost you thousands of dollars and significantly damage your company’s reputation. So, how can you prevent these attacks from happening in your company this year? There are a few quick and easy ways to protect your company:

  1. Protect your usernames and passwords. Making sure employees regularly update their passwords for computer logins and accounts. Changing your password protects makes it more difficult to hack into a computer, protecting you from a security breach.
  2. Update and secure your computer networks. The online environment is constantly changing and so are the risks. Have your IT team keep your security systems up to date with the latest online security.
  3. Be prepared for ransomware attacks. These attacks can happen at any time. They could come in an innocent-looking email or appear on a website. To avoid accidentally installing malware, make sure you can recognize attacks and respond appropriately.
  4. Promote cyber security training. The best way to avoid data breaches is to keep your employees informed. Educate them about cyber risks, how to recognize them, and what to do in case of an attack. 

At Alt-Tech, we can help protect your business from online attacks. We offer around the clock monitoring, system security and access services, virtual IT manager services, and more. If you’re ready to begin protecting your business online, contact us today.

Share this
24 Oct 2018

The Business Toolkit for Cyber Security Awareness Month

Were you aware? October is Cyber Security Awareness Month. As more companies move in to the online space, computer security is becoming increasingly important. You need to know how to protect your company from costly data loss.

This Cyber Security Month, the Alt-Tech team has doubled down on helping businesses learn about cyber security. Find out the hidden costs of a cyber attack and learn what you can do to protect your business from phishing scams, ransomware, and other cyber threats.

 

What is a Cyber Attack?

A cyber attack is a deliberate attempt by either an individual or an organization to breach the information system of another individual or organization. In other words, it’s someone trying to access or tamper with your information.

There are many different types of cyber attacks, which makes it hard for businesses to recognize and respond to them. Some attacks aim to disable a computer and take it offline. Other attacks attempt to gain access to a computer’s data to gain personal information or to demand ransom in exchange for releasing the data. There have been many instances of data breaches in well-known companies who house millions of peoples’ personal and financial information. However, even smaller businesses are at risk.

These attacks can happen quickly and with little warning. That makes it important for businesses to recognize a cyber attack before it causes lasting damage.

 

How to Recognize a Cyber Attack

The top cyber-attack method? Phishing. Phishing is designed so you’ll ‘take the bait’ offered. Essentially, it’s the crafting of a message that influences you to follow a link or click on a malicious attachment which will install malware on your computer. This can directly infect your computer’s operating system.

 

Here are some quick tips to recognize a phishing scam and avoid a cyber incident:

It’s Too Good to be True

Whether they’re saying you’ve won something or it’s a claim that there’s a deal on, just remember, if it seems to good to be true, it probably is.

 

There’s a Sense of Urgency

Phishing scams will often prompt you to act quickly because it is a limited time offer or because your account is going to expire. It’s best to ignore these. Most companies allow you ample time for offers or to update your account.

 

It has a Strange Hyperlink

A link may not be what is appears. Hover over the link to view the URL where you will be directed. If there appears to be something wrong (like a spelling error or a person’s name), don’t trust it.

 

There’s an Attachment

Don’t open attachments in emails you weren’t expecting. An unknown file could contain ransomware or other viruses.

 

It’s from an Unusual Sender

If anything seems out of the ordinary in an email, be suspicious. Often, phishing scams are attached to long and unrecognizable email addresses. However, phishing can be done through hacked accounts, too. Even if it’s from someone you know, if anything seems out of character or unexpected about the email, don’t click on it. If you aren’t sure, call the sender directly to see if he or she sent it.

 

The Cost of a Cyber Attack on Your Business

A cyber attack can have a lasting impact on your business. It can damage your reputation, consumer perception, or even your bottom line. Some of the hidden impacts of a cyber breach include:

 

  • Loss or Damage to Electronic Data

A cyber attack can damage your existing files, rendering them unusable. Or, it can cause you to permanently lose your electronic data. When you think about the time needed to recreate (or pay to recreate) lost files, it can really add up.

 

  • Extra Expenses

If a hacker were to damage your computers, you would have to replace the equipment to maintain normal operations. Permanent damage could also mean loss of important files or documents essential to your business operations. Replacing your equipment and files is costly.

 

  • Loss of Income

Some cyber attacks cause your computer system to become unavailable, completely shutting down your online presence. This essentially shuts down your business causing you to lose customers. For online stores, even a short period of lost sales can be devastating.

 

  • Network Security and Privacy Lawsuits

A hacker may also steal the data you store on your computers. The information could belong to your business, but it can also belong to your customers, vendors, or employees. Because you’re responsible for protecting the data, this can result in a lawsuit (or several).

 

  • Extortion Losses

Ransomware is becoming more common online. Once a hacker has collected your important information, they will hold it hostage until you pay a ransom amount. Several well-known ransom attacks have been committed recently, and the price is typically steep – whether you choose to pay the ransom or not.

 

  • Notification Costs

You’re responsible for informing people when their information has been breached. This can be a very costly expense that involves a lot of lost time.

 

  • Reputational Damage

Your company’s reputation can be very seriously damaged by a cyber attack. Loss of personal information can cause your consumers to lose trust in your business. This may discourage people from doing business with you in the future.

 

All these potential effects on your business could cause lasting and expensive damage. That’s why it’s essential for you to protect your business from cyber attacks. It’s far less costly to take preventative measures than to deal with the fall-out from a cyber breach.

Even if you don’t think you’re at risk, it’s important not to underestimate the costs of a cyber breach. Businesses that use online transactions may be more at risk, but even a traditional business can have their files and accounts hacked.

 

How to Avoid Cyber Losses

Now that you know the risks of a cyber attack on your business, it’s time to be proactive. There are many different ways you can protect your business. The following is a detailed list of best practices you can use to protect your business’ critical infrastructure.

 

  1. Choose the right cyber security defense for your business.

Not all defenses are made equal. To keep your business safe online, make sure your security solution provides real-time protection, online protection, and can look for threats across all vectors.

 

  1. Don’t trust email links.

If you receive an email from someone you don’t know (or receive an unexpected email) be very cautious of the links. They may be infected. By clicking on them, you could be falling prey to an online scam. Always hover your mouse over a link in order to inspect the URL first. If it looks unsafe, delete the email.

 

  1. Be cautious when using public Wi-Fi networks.

On public Wi-Fi networks you are visible to everyone else on the network. Prevent unauthorized access to your files – don’t trust open networks, especially when you’re sending files and emails.

 

  1. Use strong passwords and change them often.

Hackers have a very easy time if you are consistently using the same password for all your accounts. Keep your accounts secure online, change your password often and make it difficult.

 

  1. Back up your data.

If your computer system is hacked or compromised, you’ll want to have critical data stored so you don’t have to replace it. This will also help you know what information a hacker may have access to in case of an attack.

 

  1. Raise awareness and educate.

Some of your employees may not know anything about internet security. Talk with your employees and share these best practices. Create a pamphlet or presentation to help employees in their daily activities. Cyber security is a shared responsibility in any business.

Whether you’re working in the public or private sector, cyber security is a growing concern for businesses. And, as we continue to rely more on technology processes and digital storage, the concern will continue to grow. Following these simple steps can keep your company safe and secure this month!

 

Want more information on cyber threats and cyber security in Canada? The Government of Canada recently launched the Canadian Centre for Cyber Security. You can visit their website for more information.

Or, for information specific to your business, you can book a free consultation with an Alt-Tech cyber security expert. We’ll point out spots of vulnerability in your online presence and help you set up a strategy for better protection.

 

Happy Cyber Security Month from the team at Alt-Tech!

 

 

Share this

© 2010-2019 Alt-Tech Inc. All rights reserved.

Click Me