Data Net Blog

Data Net Blog

Data Net has been serving the California area since 1983, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

DNS Cache poisoning: What every SMB must know

thumb-3-2

In one of the most common poisoning attacks, the attacker poisons the DNS Cache with the aim of leading visitors to a fake website. In a DNS cache poisoning case, the attacker gains control of the DNS server and then manipulates cache data such that anyone typing the URL of the actual website is redirected to the fake one. This could be a phishing site where the attacker would have carefully laid out a trap to capture the unsuspecting victim’s personal data or secure information. For example, the visitor thinks they are logging into their bank’s website online, but are actually on the attacker’s phishing site, where they enter the login credentials.

0 Comments
Continue reading

Strengthening your cybersecurity policies

thumb-2-1

Formulating strong IT policies and laying down the best practices for your staff to follow is one of the best ways to prevent your business from becoming a victim of cybercrime. In this blog, we explore the various areas your IT policy should ideally cover.

0 Comments
Continue reading

Your Board should be helping you look out for the future

thumb-Your_Board_should_be_helping_you_look_out_for_the_future

Like most small business owners, unless you hit the lottery and started capitalizing your business all by yourself, you probably have some key shareholders who serve on your Board of Directors. You may also be finding that they are increasingly concerned about strategies to assess risk management. Most small businesses tend to overlook risk management issues—they usually just don’t have the time. Every minute is spent building the businesses and making sales. Operations and sales consume 120 percent of a small business owner’s time. In this e-guide, we’ll do a quick run-through of some topics that you may wish to address with your board as you collaborate to protect your business from cybercrime, as well as other negative events.

0 Comments
Continue reading

Is your Board addressing these two issues?

thumb-Is_your_Board_addressing_these_two_issues

We’ve been talking about how your Board and shareholders have a vested interest in understanding and overseeing how your company will defend itself against the effects of cybercrime. Here are two more areas where you will need to have plans and your board should be focussed on how they will be handled

0 Comments
Continue reading

Strategic IT planning for your business

backup-3

One thing that the best MSP can do is become a strategic partner. Your expertise is your industry, business, or profession. Trends and innovations in technology aren't your focus. However, your business can benefit from some long-term strategic planning in terms of the technology you will deploy to remain competitive. New technology will offer new opportunities. An MSP who has experience in your industry can become a partner. After taking the time to learn your business, your goals, and the competitive field in which you operate, an MSP can take a seat at the table of your business planning. At the highest level, this is where a skilled MSP becomes a significant asset as your business grows and faces new market challenges.

0 Comments
Continue reading

Cyber Crime and Security for SMBs

blog-4

Did you know the illicit trading of personal data was worth $3.88 billion last year? Cybercrime is a growing industry known for its innovation. It goes far beyond the image many of us have of some hacker kid in his basement. Many who engage in this activity are professionals and work in large teams. Some may even be sponsored by governments. If you follow the news, you can find large corporations and even government agencies who have fallen prey to hackers and had massive amounts of data compromised. Unfortunately, this has led smaller firms to feel they fly below the radar. In fact, the opposite is true. Small businesses-especially those in regulated areas such as medical, financial, and legal services-need to be hyper vigilant about security. The cybercriminals' professional efforts will outdo your amateur efforts at security.

0 Comments
Continue reading

WFH means more vulnerability to cybercrime

thumb-Blog_4_WFH_means_more_vulnerability_to_cybercrime._Here_are_some_methods_to_stay_safe

WFH opens up whole new horizons in terms of flexibility, productivity, and cost savings. But, it also opens your business up a little more to cybercriminals, as you can’t have a hands-on approach to cybersecurity, especially if your employees are using their own devices for work. This blog discusses some mechanisms that you can use to mitigate the risks of becoming a victim of cybercrime in the WFH setup.

0 Comments
Continue reading

Everyone wants to go phishing.

Everyone-wants-to-go-phishing

You are very much aware that your company or organization is at risk, every minute of the day, from cyberattacks, malware, ransomware, and even benign errors that can put your data at risk. Even a failed backup procedure could mean a loss of critical company and customer data. In today’s blog we’re just going to review one of the most common methods that bad actors use to try to gain access to your data. Phishing. Phishing isn’t a particular type of malware or virus that attacks your data. Instead, it refers to the tools cyber criminals use to get access to your data. Phishing refers generally to the bag of tricks they use to break into your house.

0 Comments
Continue reading

What an MSP does that you can’t to protect yourself from Ransomware

What-an-MSP-do-that-you-cant-to-protect-yourself-from-Ransomware

Managed Service Providers are experts in protecting against cybercrime, just as you are an expert in producing and selling a product or service. Focus your energies where they are put to the best use. Your MSP will work to protect your business from ransomware attacks. Here are several ways they will work to keep your business safe.

0 Comments
Continue reading

Leave virus protection to your MSP Doctor

Leave-virus-protection-to-your-MSP-Doctor

Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is likely nothing to do to retrieve your data until you have given in to the demands of the criminals.

0 Comments
Continue reading

Internal threats A new angle to email security

Internal-threats-A-new-angle-to-email-security

You know how important your email system is to your business. Not only is email your core communication tool but also bears a lot of weight from the legal perspective and must be accessible at all times. You have a good email security system and also ensure your emails are always backed up, archived, and stored safely. But what about keeping your email system safe from threats within your organization?

0 Comments
Continue reading

Ransomware vs. other malware attacks

Ransomware-vs.-other-malware-attacks

There is no end to the volume and type of malware out there in cyberspace. For a very long time, organizations were aware that viruses could attack their data, render it corrupted and unusable. They were also aware that malware was used to steal data and use it for–primarily–monetary gain. Sell off banks of credit card numbers, steal identities, re-sell Social Security numbers, etc.

0 Comments
Continue reading

Employee training & Cybersecurity

Employee training Cybersecurity

Employee training will form a big part of the cybersecurity initiative that you will take on as an organization. You need to train your employees to identify and respond correctly to cyberthreats. Here are some employee training best practices that you can make a part of your cybersecurity training program.

Create an IT policy handbook
Make sure you have a handbook of your IT policy that you share with every new employee, regardless of their position in the company. This IT policy handbook must be provided to everyone--right from the CEO to the newest intern in your organization. Also, ensure this handbook is consistently updated. IT is evolving at great speed and your handbook must keep up

Make cybersecurity training a part of your official training initiatives
Cybersecurity training should be a part of your corporate training initiatives for all new employees. You can also conduct refresher sessions once in a while to ensure your existing employees are up-to-date on the latest cyberthreats. At the end of the training session, conduct tests, mock drills, certification exams. Good training includes assessment. Provide follow up training for those who need it. This strong emphasis on training will ensure your employees take cybersecurity seriously.

Day zero alerts
As discussed, the cybercrime landscape is constantly evolving. Every day, cybercriminals are finding new vulnerabilities to exploit, and new methods to steal your data or to hack into your system. Day zero alerts are a great way to keep your employees updated. Has a new security threat been discovered or has an important plug-in released for the optimal functioning of a browser? Send an email to everyone spelling out clearly what the threat is and what they can do to mitigate it. Then, follow up to verify they took the necessary steps.


Transparency


Let your employees know who to contact in the event of any IT related challenges. This is important because someone troubleshooting on the internet for a solution to something as simple as a zipping up a file could end up downloading malware accidentally.

Considering the serious ramifications brought on by cybercrime attacks, it makes sense for organizations to strengthen their first line of defense against cybercriminals--their own employees.

0 Comments
Continue reading

Strengthening your cybersecurity policies

Strengthening your cybersecurity policies
Formulating strong IT policies and laying down the best practices for your staff to follow is one of the best ways to prevent your business from becoming a victim of cybercrime. In this blog, we explore the various areas your IT policy should ideally cover.


Passwords: Your IT policy should cover

  1. Rules regarding password setting
  2. Password best practices
  3. The implications of password sharing
  4. Corrective actions that will be taken in the event the password policy is not followed


Personal devices

  1. Rules regarding the usage of personal devices at work or for work purposes. Answer questions like

    a. Are all employees allowed to use personal devices for work or do you want to limit it to those handling lesser sensitive data, or to those at higher in the corporate hierarchy as you assume they will need to be available 24/7? Regardless, you should spell out the regulations that they must follow. For example, requiring a weekly or monthly check for malware and updates to anti-malware software, etc., If only certain kinds of devices, software, or operating systems may be approved as they are presumed to be more secure, then that should be addressed in the policy


  2. Discuss best practices and educate your employees on the risks related to connecting to open internet connections (Free WiFi) such as the ones offered at malls or airports.


Cybersecurity measures

Document the cybersecurity measures that you have in place for your business. This should include your digital measures such as the software you have deployed to keep malware out--like anti-virus tools, firewalls, etc., and also the physical measures such as CCTV systems, biometric access controls, etc.,
Another example of a good practice is how you handle employee turnover. When someone quits your organization or has changed positions, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc.

 

0 Comments
Continue reading

Why do you need a top-down approach to IT security?

Why do you need a top down approach to IT securityFor any organization, its employees are its biggest assets. But, what happens when your biggest assets turn out to be your greatest threats or liabilities? That is how cybercrime can change the game. In a recent study, it came to light that employee actions account for about 70% of the data breaches that happen. This blog focuses on the first step you need to take as an organization to better prepare your employees to identify and mitigate cyber threats--adopting a top-down approach to IT security.

Being a victim of cyber-attack can prove disastrous for your business as it has the following repercussions.


  • Affects your brand image negatively:  Business disruption due to downtime or having your important business data including customer and vendor details stolen reflects poorly on your brand.
  • It can cause you to lose customers:  Your customers may take their business elsewhere as they may not feel safe sharing their PII with you.

  • Can cost you quite a bit financially:  Data breach makes you liable to follow certain disclosure requirements mandated by the law. These most likely require you to make announcements on popular media, which can prove expensive. Plus, you will also have to invest in positive PR to boost your brand value.

  • It makes you vulnerable to lawsuits:  You could be sued by customers whose Personally Identifiable Information (PII) has been compromised or stolen.


The organizational mindset needs to change and acknowledge the fact that IT security is not ONLY your IT department, CTO or Managed Service Provider’s (MSP) responsibility. You need to truly believe that IT security is everyone’s business, and that includes everybody working in your company, from the C-level execs to the newly hired intern. Everybody needs to understand the gravity of a cyberattack and its impact. Only then will they take cybersecurity seriously.

0 Comments
Continue reading

3 steps you can take to protect your data in the Cloud

3 steps you can take to protect your data in the Cloud

Moving to the Cloud offers tremendous benefits for SMBs that range from lower IT costs to any-time access to data and certainly more reliability in terms of uptime. But, data in the Cloud is also vulnerable to security threats just like the data stored on physical servers. This blog discusses 3 things you can do to protect your data in the Cloud

Secure access: The first step would be to secure access to your data in the Cloud. So, how do you go about it? Safeguard your login credentials-your User IDs and passwords-from prying eye. Set strong password policies that are practiced across the board and educate your employees about good password hygiene. Also, do you have employees using their own devices to access their work-related applications and documents? Do you have staff working from home? Then, you also need to formulate strong BYOD (Bring-your-own-device) policies, so these devices don’t end up as the entry point to cybercriminals.

Educate your employees: What’s the first thing that pops into your head when someone talks about cybercrime? You probably picture some unknown person, a tech-whiz sitting behind a computer in a dark room, trying to steal your data. But, surprising as it may seem, the first and probably the biggest threat to your data and IT security in general, comes from your employees! Malicious employees may do you harm on purpose by stealing or destroying your data, but oftentimes, employees unwittingly become accomplices to cybercrime. For example, forwarding an email with an attachment that contains a virus, or clicking on a phishing link unknowingly and entering sensitive information therein or compromising on security when they share passwords or connect to an unsecured or open WiFi at public places such as the mall or the airport with a view to “get things done”, but, without realizing how disastrous the implications of such actions can be.

Choosing the right Cloud service provider: If you are putting your data in the Cloud, you need to make sure that it is in safe hands. As such, it is your Cloud service provider’s responsibility to ensure your data is secure and, accessible, always. But, are they doing all that is needed to ensure this happens? It is very important to choose a trustworthy Cloud service provider because you are essentially handing over all your data to them. So, apart from strengthening your defenses, you need to check how well-prepared they are to avert the threats posed by cybercriminals.

Complete Cloud security is a blend of all these plus internal policies, best practices, and regulations related to IT security, and of course, the MSP you choose to be your Cloud security provider plays a key role in all this.

0 Comments
Continue reading

Credential Stuffing and How It Can Lead to a Data Breach

Credential Stuffing and How It Can Lead to a Data Breach

Right now, a lot of people have had a lot more time on their hands than they typically would, so many of them are spending a lot of time on the assorted streaming services to entertain themselves. Unfortunately, cybercriminals have taken note. In light of all this, it seems like an apt time to discuss a particular threat known as credential stuffing.

0 Comments
Continue reading

Defining “Cyberterrorism” is Easier Than It Sounds

Defining “Cyberterrorism” is Easier Than It Sounds

The world is unfortunately familiar with the concept of terrorism, the use of fear and menace to intimidate those opposed to your views, beliefs, or goals. However, others may not be as familiar with the concept of cyberterrorism, beyond seeing it on television. For today’s blog, we’ll examine cyberterrorism to gain a better understanding of its methods, and how to protect yourself from it.

0 Comments
Continue reading

Network Audit

Our network audit will reveal hidden problems, security vulnerabilities, and other issues lurking on your network.

Sign Up Today!

News & Updates

There has been a good deal of controversy about how personal data has been collected, sold, and used over the past few years. Companies of all types package and sell data to create a valuable extra revenue stream for their business, and while this sh...

Contact Us

Learn more about what Data Net can do for your business.

Data Net
2445 5th Avenue Suite 200
San Diego, California 92101