Why Security Awareness Training is Possibly the Most Important Tool in your Arsenal
Cyber-attacks are on a boom these days, if we look at the stats of 2021, there is a ransom ware attack happening every 11 seconds somewhere on the globe.
call center data security
10 Steps to Prepare Your Business for a Cyberattack
In 2017, cyberattack incidents cost companies, consumers, and governments around the world $600 billion. If this figure sounds unsustainably high, consider that projections show it will only continue to rise. Forbes estimates that it will reach $2 trillion by this year. In the past, cybercrime was a problem reserved for more substantial, wealthier companies with money and consumer data to attract hackers. However, smaller businesses have also become a target. Follow these steps to help prevent data breaches at your company. Raise Awareness through Training CNBC notes that a company’s most significant cyber security risk is its employees. In fact, employee negligence remains the most significant cause of data breaches. This may come in the form of losing company equipment or writing down passwords on sticky notes. Raising awareness and regularly training employees on updated best-practices can help to eliminate many of these problems. Use Antivirus on all Devices Forbes asserts that antivirus software still plays an indispensable role in preventing cyberattacks. It helps to patch some of the vulnerabilities present in a company’s security system, smart office features, or local network. Most antivirus systems are reasonably priced and easy to use, eliminating any legitimate reasons for companies to neglect this critical step. Use Firewall to Protect Networks According to Indiana University, firewall systems block unauthorized access via private network traffic. MacOS, Windows, and Chrome OS include basic built-in firewall protection. However, additional protection may be necessary for businesses, particularly those that use WiFi networks and store large volumes of consumer data. Rely on Data Loss Prevention Tactics DLP methods help to protect cyberattacks that originate externally, internally, and even unintentionally. It involves the use of behavioral analytics and data management. Some examples provided by Forbes include the following: Conducting regular inspections Observing the movement of data Blocking Bluetooth and disabling USB ports on key devices Conduct Vulnerability Scans As one of the main DLP tactics, this involves scanning devices and networks to look for vulnerabilities. These are the loopholes hackers might exploit to get into a system. Sometimes simple updates to a system for reasons unrelated to security can create security vulnerabilities, so it is important to conduct a scan at least after each new update or patch. Monitor and Log System Use When it comes to the general security of premises, a guard’s primary role is to observe and report. To do this, they watch cameras, make patrols and log routine checks, and any abnormalities. Technology professionals can use similar practices to prevent a cyberattack or at least catch on as soon as possible. Monitoring system use and maintaining logs help to determine suspicious behavior and track illegitimate log-ins. Encourage Multi-Factor Authentication Few people like to use this feature, even for their accounts. The extra step of copying and pasting or manually typing in code is one many people would prefer to skip. Still, this is one of the best ways to protect accounts. According to Google, two-factor authentication can block 66% of targeted attacks, 99% of phishing attempts, and 100% of automated bot hacks. Use Change Control and Lifecycle Management Change control management limits and monitors system changes. For example, employees may be prohibited from making changes to firewall settings, installing new software, or removing antivirus. The tech team then logs all permitted changes. This goes hand-in-hand with managing the lifecycle of devices. For instance, some older operating system platforms are no longer supported by Microsoft, thereby creating a vulnerability issue if not updated. Physical devices also need to be properly disposed off at the end of their lifecycle. Enforce Policies through Auditing Conducting regular audits of holistic cyberattack prevention methods helps to protect data from hackers. Unlike vulnerability scans, this also includes evaluating whether or not employees have received proper training. Audits may even include budget assessments to see if more money should be allocated to cyber security and whether or not the current budget is used wisely. Incident Response Plan Every company should have crisis management plans. These include emergency plans for fire and natural disasters relevant to that area, such as tornados, earthquakes or flooding. Incident response plans for cyberattacks should follow a similar vein. Just as companies conduct fire and earthquake drills; they should also conduct routine testing of this plan. The more consumer data a company stores, the more important it is to make cyberattack prevention a priority. At Etech, we rely as much on our call center employees as our information technology team to keep consumer data safe. Contact us today for more information on how we maintain high data security standards for our clients and their customers.
Best Practices: Password Security 2019
Did you know that 81% of data breaches occur due to poor passwords? This is a staggering statistic and yet one of the simplest things for you to address. What can you do to ensure your passwords are strong enough to drive hackers absolutely bonkers? Creating passwords to ensure the security of your protected systems and information is one of the most overlooked items when it comes to cyber security. However, with a few simple precautions, we can protect ourselves and our organization from malicious actors looking to wreak havoc. Take a moment to review the tips below and begin using them to strengthen your password profile. Create a strong password: over 8 characters both upper and lowercase; do not make them too long One of the easiest ways to secure is to generate passwords that are more difficult to hack. However, as we do create more complexity, cyber criminals continually evolve in order to bypass these additional measures. With this in mind, it is no longer best practice to simply use a password consisting of alpha characters with a number or special character inserted. What we can do is create additional complexity by adding caps into our password (“AbcD”) as well as special characters and numbers (“Ab@567_cD”). Consider adopting a passphrase instead of using a password This may actually prove easier than remembering a complex password. To mix things up even more than substituting special characters, the US National Institute of Standards and Technology (NIST) recommends creating long passphrases that are easy to remember but difficult to crack. The popular web comic XKCD compared the strength of a complex password—”Tr0ub4dor&3”—and a long passphrase—“correct horse battery staple”. They found that it took only 3 days to guess the password created in with special character substitutions, while the passphrase would take 550 years to crack. Do not use words commonly found in the dictionary One of the easiest ways for a hacker to compromise a system is by launching an attack that goes through tens of thousands of dictionary words in a few seconds. Use random passwords and stay away from words commonly found in the dictionary. Use different passwords for different accounts Using the same password for multiple accounts means the hacker now has access to every account that uses the compromised credential. Secure your mobile devices; strong password and fingerprint or facial recognition We all use mobile devices to shop, work, communicate, etc. This is now a major concern in the security industry as mobile devices are becoming a primary target for malicious actors. Make sure you set your devices up with strong passwords. Use fingerprint and facial recognition technology when available. Set your device up with MDM. In the event it is lost or stolen, Etech security can remotely lock and wipe the unit. Do not store your passwords or write them down Would you write your bank account number and all access information down on a piece of paper and leave it out in the open for everyone to see? Protect your password. It is associated with your account and your activity. If can be used to access your systems and files. Do not write it down where someone else could see it and possibly use it to compromise systems or breach data. Always be on the lookout for malicious activity Remain vigilant and aware that cybercriminals are always on the lookout for someone to compromise through weak security controls. Make sure your system is running anti-malware software and report to Etech DTS if the system is behaving erratically or giving you popup messages and/or alerts. Do not click on anything suspicious. Always report anomalies. Use a password manager More and more businesses and professionals are using password managers as a means of practicing high levels of security and to help keep their sanity. With password managers, you only need to remember one password, as the password manager stores and even create passwords for your different accounts, automatically signing you in when you log on. Thanks for Reading. Have a Great Week and Stay Secure!
Five (5) Basic Data Security Protocols Every Call Center Should Have
In a study out of the Clark School at the University of Maryland, researchers found that there is a hacker attack approximately every 39 seconds. A cyber-attack on a private user can be devastating enough, but in a call center that handles sensitive customer information daily, a data breach can be disastrous. Corporate security should be a top priority in every call center. Here are five ways to protect your customers, your employees, and your company. Install Strong Perimeter Security and Protective Software Call center data security hinges on how well your systems are configured and your network’s protection capabilities. You must be able to control what information can get in and out of your infrastructure. You should also have measures in place to thwart malicious attempts to infiltrate your systems and steal or corrupt sensitive data. To accomplish this, you need both a firewall system and anti-virus/anti-malware software. This first Protocol hits from multiple points. Defending the perimeter and defense on the inside of the perimeter. When we discuss perimeter control for the organization, we are discussing the outer layer of the network infrastructure. Think of it in this way; you have a secure building with one entrance. That entrance has a security guard that controls who enters and who leaves as well as what each can bring into the building and what they are allowed to leave with. The building represents your network, and everything inside is what resides within your network (Files, users, computers, etc.) The security guard at the single entrance represents your firewall and how well he/or she performs their task represents how secure your network is guarded. A firewall is a virtual boundary between your network and the outside world. It is your network’s gatekeeper so to speak. It uses a defined set of rules to determine what information is allowed into the network and what information can leave the network. It can also be utilized to control external access for employees through the use of a configured whitelist. It is important to have a firewall to protect the security of the organization, but it may also be helpful to have additional protection for the call center itself, preventing private customer information from leaking even to other parts of the organization where it isn’t needed. No matter how strong your firewall is, there are still ways that a malicious actor can gain access to your systems. Someone introduces a malicious file to your file system (knowingly or unknowingly) is always a consideration. Phishing attempts to employee email causing someone to click on an attachment or link causing malware to be downloaded to your internal systems through their workstation. These scenarios make it possible for a hacker to gain access to your infrastructure still. Malware can infect your network, causing it to malfunction, leak private data, open back doors for malicious actors, etc. Every system (workstations, servers, mobile devices, etc.) accessing your network should have anti-virus software installed to protect against malware that gets past the firewall. Multi-layered security increases the protection of your network and the sensitive data it contains. Ensure employees use Complex Passwords and Understand How to Keep Them Safe A strong password is one of the easiest ways to safeguard corporate security. I have seen so many people use easy passwords that can be easily cracked and yet passwords are the core protection component of our identity security. An excellent password is devoid of information that is easy to obtain, such as your birthday, pet names, etc., and it should not include common words or digits that are together on the keyboard. Passwords can be easy for you to remember but should contain a combination of upper and lowercase letters, numbers, and special characters. By using a combination of these, it becomes increasingly difficult for the password to be cracked. A single set of credentials should not be used by multiple individuals to access an account and system. Employee credentials should be back traceable to only them, and their respective passwords should only be known to them. Having a unique password for each system limits access in the event of a breach. This practice can protect the main network if only one account is compromised. You can set up rules to ensure that employees choose passwords that are complex and difficult to crack. Several free password managers such as https://.www.LastPass.com/ and https://www.Dashlane.com/ are available for establishing and remembering complex passwords. Rotating passwords at a minimum of every ninety (90) days will greatly reduce the likelihood of your credentials being cracked and can also prevent repeated access to the same account. Encrypt Sensitive Information at Rest and in Transit Unless you have been living under a rock, you have heard the quote “There are two types of companies, those that have been hacked, and those that don’t yet know they’ve been hacked.” If this is true, what happens once an organization is infiltrated? We must look at the primary purpose of someone maliciously gaining access. To access and exfiltrate protected information. What if we look at it from this point of view? Even if they access the information, they can’t do anything with it. They have gone through all that effort to gain access to something they can’t even use! If your call center is receiving, processing, storing, and/or transmitting sensitive data, encryption provides an extra layer of corporate security to discourage malicious actors. Encryption turns readable text into a set of numbers or symbols called ciphertext. There are three basic types of encryption: Symmetric – The same key is used to encrypt and decrypt the message. Asymmetric – A public key is used to encrypt the message, and a separate, private key is used to decrypt it. Hashing – An algorithm is used to create a unique hash for each data set to make comparing data sets and recognizing tampering easier. Encryption allows you to protect information classified as sensitive by providing an extra layer of security. Only those who
