Sep 262014
 

Ever wondered what a hacking incident costs a business? Has your IT team set aside a contingency budget for it? Recovering from a hack unfortunately isn’t a case of just installing a new firewall or updating anti-virus software; with 2014 stats pegging the cost of a business data breach at a staggering $3.5 million (£2.1 million).

Studies over a nine-year period by the US-based Ponemon Institute confirm that – at 44% – malicious attacks are the most common cause of business data breaches.

For the average business, the costs associated with these attacks are nothing short of titanic, and the risk of going under a very real prospect.

Tip of the iceberg

The price tags for a data breach fall into three categories: direct costs (for example, hiring forensic experts and setting up customer hotline support), indirect costs (such as internal investigations and a stream of communications), and opportunity costs (the loss of lifetime value from existing customers and acquiring fewer new customers).

Easy-to-count direct costs are just the start of it: indirect costs are typically double that of the direct costs, and opportunity costs come in at a substantial 38% of the final figure.

In line with the societal trend towards a compensation culture, legal costs are rising year on year as claimants engage in ‘no win, no fee’ arrangements with lawyers, often prolonging management of the fallout for years.

Malicious attacks cost more

If a data breach is defined as one in which an individual’s personal data is potentially put at risk, then the average cost per compromised customer record is $201 (£123), but this rises to $246 (£151) for malicious causes.

Ultimately, what hackers want is passwords, and the methods of choice behind malicious attacks are malware infections, phishing, social engineering, source code injection and having accomplices on the inside.

The statistics on the vulnerability of business passwords suggest that 90% are considered hackable and that over 50% of them are hackable within minutes. Coupled with the known number of new malware strains running into tens of millions per year, the outlook isn’t great.

Small businesses are more vulnerable

Small businesses are prime targets for hackers, who know that even basic security measures such as password protection are sometimes absent.

These businesses tend to spend less on IT security, seeing it as a disproportionately large cost, but this short term strategy could have unexpected long term consequences: a study by the Payment Card Industry (PCI) Security Standards Council (SSC) found that 60% of small businesses close within six months of experiencing a breach.

To be forewarned is to be forearmed

In Ponemon’s year-on-year studies, the steps companies take in the wake of a hack form a familiar pattern: revisions in endpoint security, more training and awareness, greater use of encryption, and better identity and access management.

No matter the size of the business, if it’s passwords that hackers want, the most cost-effective factor which can mitigate against a malicious attack is a formal security policy which requires users to set up robust passwords.

Strong passwords are words or phrases which are – first and foremost – long and, for added security, complex (containing a mix of cases, numbers, and special characters). Whilst this makes them more challenging for users to remember, password management tools with single pass phrase mechanisms are a worthwhile option.

For want of a nail

As the saying goes, for want of a nail the shoe was lost; for want of a shoe the horse was lost; for want of a horse the rider was lost; for want of a rider the message was lost; for want of a message the battle was lost; for want of a battle the kingdom was lost; all for the want of a horseshoe nail…

The message is that small things can have large consequences. Business owners need to know that strong passwords are their horseshoe nails, and that they are key to securing their kingdom.

 Posted by at 9:04 am
Sep 172014
 

Blissful ignorance by employees is, more often than not, the cause of security breaches

Since the dawn of commerce, business owners have acknowledged that their greatest asset is their employees. Since the dawn of the internet, though, cyber-savvy business owners have acknowledged that they are also their greatest liability.

Studies on IT security have a common denominator when it comes to identifying the singlemost weak link in the cybersecurity chain: human beings.

The easy path

It is a natural habit for individuals to want to take the easy path. Whilst that is often put forward as an undesirable attribute in a person, there are advantages too: if there isn’t an easy path, someone will invent one, and the result may be a step forward in technology.

There are times, though, when taking the easy path can have ruinous outcomes in the business world.

In IT systems, user convenience and tight security don’t always occupy the same space, and when employees take the easy path with passwords they put your business at risk.

The mistakes that employees make with passwords are not typically done with malicious intent, or any degree of wilful negligence; it’s often a simple case of ignorance. Most commonly, though, the motivation is one of convenience.

The 10 password mistakes your employees are making

  1. Writing down passwords on notes which are kept in full view, or under the keyboard, or in a drawer, or saved in their phone’s contact list under – you guessed it – P!
  2. Using the same password for personal accounts and business accounts. If a hacker cracks the password on any of the personal accounts that your employee uses, he or she will try it elsewhere.
  3. Using the same password on all work-related accounts. Employees should use separate passwords for separate business accounts, especially if they have different permissions.
  4. Using their football team, pet’s name or family names for business passwords. Hackers can and do look up employees on social media sites and use what they find there to crack passwords.
  5. Meeting the bare minimum on password requirements. Typical password policies state a minimum of 8 characters, so that’s exactly what employees use. Even with added complexity (numbers, special characters, mixed case letters), shorter passwords are far easier to crack than long ones.
  6. Incrementing a digit on the end when asked to change a password. Hackers are well aware of this tendency, which results in easily predictable password patterns.
  7. Telling other people their password. Once a password is known by anyone else, even if it’s a colleague, the system becomes less secure, as the other person’s approach to security may not be adequately rigorous.
  8. Saving passwords on browsers. By invoking the ‘Save password’ or ‘Remember me’ option on websites, employees leave the door open to hackers.
  9. Emailing passwords to themselves so they can work from home, leaving the information in plain text rather than encrypted. Employees mistakenly think that, because email is a widely used communication tool, it must be safe.
  10. Logging in to business accounts on unsecured networks or devices. Using a coffee shop’s open Wi-Fi network, for example, or using a personal device that hasn’t been secured, leaves the connection open to snooping.

The road less travelled

If the analogy of the easy path is applied to negligent password practices, it is perhaps not surprising that one can draw an interesting clue to its solution from M Scott Peck’s work, ‘The Road Less Travelled’, in which the noted psychiatrist describes the importance of discipline in achieving a state of well-being.

If discipline is the takeaway, business owners need to be proactive in engaging the cooperation of employees to stop risky password habits. A good place to start is with a written policy on what is, and what is not, acceptable.

Arguably, a company’s security is defined by its weakest password, so owners should raise the bar when it comes to rules for password length and complexity, offering tools to test password strength, and using a password manager with a single pass phrase rather than expecting employees to remember several of them.

The consequences of a breach can be devastating: loss of assets, loss of goodwill, loss of public integrity. A disciplined approach to password policies, protocols and practices is key to maintaining a secure network. Call it a path, call it a road, it’s the only way to go.

 Posted by at 8:37 am
Sep 152014
 

law2014The my1login team are excited to be exhibiting and speaking at Law2014, the UK’s largest Legal Services Exhibition, from 23rd to 25th September 2014.

Jodie and Jo will be at at Stand 23, so be sure to come say hello if you’re attending! Our team will be there to answer your questions on how our legal customers use my1login to improve corporate security and increase billable hours.

If you don’t already have your ticket, you can register to attend for free here or call 01332 613464.

Cloud & BYOD – Practical Tips to Protect Your Law Firm

Mike-Profile600wOur CEO, Mike Newman, will also be speaking at the event. With the trend towards outsourced cloud services and the increasing use of employees’ own devices, there is a growing risk of data breaches in law firms. Mike will explain the risks that law firms face and what steps to take to protect your organisation.

Topics covered:

  • Main causes of data breaches in law firms
  • Poor password practices in use by solicitors
  • Password analysis and how to improve password strength
  • Managing Companies House codes
  • Advice on educating Employees on phishing scams and social engineering
  • Password management and BYOD
  • How my1login can improve corporate security for law firms

If you’re attending Law2014 be sure to catch Mike’s talk at 10.30am to 11am on Thursday 25th September 2014. You’re also very welcome to come by Stand 23 at anytime from Tuesday 23rd Sept to Thursday 25th Sept and say hello to Jodie and Jo!

 

 

 

 Posted by at 6:58 am
Sep 142014
 

healthcare.govMost hacks don’t hit the headlines, but when it’s the US Government’s HealthCare.gov that’s hacked, you can be sure it’ll make the news. A hacker, still unknown to authorities, recently compromised the HealthCare.gov’s insurance enrolment website. According to the Department of Homeland Security, once the hacker had gained access, they proceeded to upload malicious software to target the site’s visitors.

If it wasn’t such a serious breach, the attack vector would be comical, with the ‘hacker’ gaining access simply by using the default password that hadn’t been changed. The reason for the ‘oversight’ was that the server was in a ‘test environment’ used by the development team.

An investigation was said to have concluded that no personal data was illegally accessed during the attack, but it’s yet another example of organizations being compromised for not taking the most-basic of security measures by simply using strong passwords to protect business critical systems.

No matter how stressful, time-pressured or complex development projects may become, it’s crucial to give proper consideration to the security that underpins them. While it may seem like an acceptable shortcut, cutting corners on security can end up costing more time in the long run and do untold reputational damage should weaknesses be exploited. Neglecting security during a development is a common fault that hackers are only too keen to exploit – the US Government being the latest red-faced victim. If you have a test environment within your business, ensure that your developers take the same precautions that you’d expect them to take with live websites – and protect access with strong passwords.

 Posted by at 9:37 am
Sep 122014
 

NHSA new patient information sharing system by NHS is causing concern that it may be vulnerable to a hack, exposing millions of sensitive patient records.

The care.data programme, which is currently on hold due to concerns over its opt-out policy, will see patient records from across England stored centrally, with apparently non-identifiable data being used for clinical research and studies. Despite the concern over the security of the data, medical experts are urging patients not to opt out of because of the damaging consequences to their research work set to benefit from it.

Labour MP George Mudie had campaigned in Parliament for the data-sharing scheme to be delayed until the UK public were properly consulted. The intended opt-out system means that patients date of birth, postcode, NHS number and gender will be included in the data sharing system by default.

There will be an eventual breach of security, which is inevitable with the size of the database, the information stored in there. The human cost will be potentially disastrous to a patient whose identity and medical history is made public. Careers could be ended, jobs could be lost, insurance refused, relationships destroyed if sensitive medical facts are made public or are used by private firms or people or indeed the media. A further reason for concern is that the information will not be solely available for analysis and research in the NHS but will be made available to non-NHS organisations. George Mudie MP.

The Weakest Link

Health minister Dan Poulter promised there would be ‘robust procedures’ in place to protect patient confidentiality. However, it’s the human element that is the weakest link in any implemented security. With thousands of healthcare employees having to access the data sharing system, the strength of their authentication will come under scrutiny. Typically when employees need to access business systems to carry out their job, they will adopt practices that maximise their convenience, not maximise security. Using easy-to-guess passwords, writing them down on post-it notes, or storing them on phones are all regular occurrences from employees who need to remember passwords. When those passwords protect extremely sensitive patient data, the consequences of a breach are hugely significant.

When the care.data programme is implemented in the coming months there is no doubt that it will greatly benefit diagnosis and medical research. The counterweight is that should a security breach occur, extremely sensitive patient information will be released into the public domain. While the NHS hack threat may be a high profile example, organizations of all sizes are hacked each day due to weak employee practices, with each hacking incident estimated to cost £35,000 to £65,000.

 Posted by at 6:59 am
Sep 112014
 

The recent iCloud hack of Jennifer Lawrence and other celebrities exposed just how much trouble can be caused by inadequate security measures.

Apple confirmed that the hacker gained access to the celebrities’ iCloud storage areas by correctly guessing the answers to security questions. Undoubtedly, private individuals sat up and took note, but there’s a chilling lesson to be learnt for business owners too.

Social engineering 101

Social engineering, or the art of getting ordinary individuals – employees included – to give up useful personal details and sensitive security information, is what presents the risk to businesses.

It is human nature to tell the truth when asked questions by people who are perceived to be in a position of authority, and it is this same inclination that applies to password security questions – individuals answer them accurately. There is also a tendency for individuals to use the same passwords and security answers in the workplace as they do in their private lives.

This combination of habits is what hackers aim to exploit: if they can find out the likely answers to security questions, they can hijack an employee’s email account and gain access to a business network.

The trouble for celebrities is, because so many of their detailed personal facts are liberally sprinkled across the public domain, these answers are easy to guess. Unlike with celebrities, hackers have to actively find out facts about the particular individual or employee they want to target. Too hard? Wrong! Too easy…

Admittedly, you can’t read about Ms Smith from Accounts in Rolling Stone, OK! or Vanity Fair, but what if Ms Smith is on LinkedIn, Facebook, Twitter, Pinterest, or any other number of social media or third party sites? Granted, no one’s shouting, “Read all about it!” from the street corner, but they may as well be.

In order to learn more about an individual or employee, hackers do their homework by digging around on social media sites. Armed with personal information – often simple details like a pet’s name, spouse’s name, date of birth – they have paved the way for an easier break-in. And the unwitting individual has helped them.

Tell me lies, tell me sweet little lies

Business owners should increase awareness about the concept of social engineering and share with employees the full extent of what assets could be stripped as a result of a security breach: passwords, customer information, corporate plans and strategies, or data pointing to a financial source. After all, it is in their collective interest that the company they work for isn’t compromised.

There is a simple but effective way to reduce the threat posed by social engineering: employees can protect both themselves and, consequently, their employers, by changing their natural instinct to tell the truth when answering security questions.

The fact is, no one is actually verifying that an answer is true, just that there is an answer, and that it’s the same one each time the question is asked.

This simple fact means that, by telling a white lie, or even a supersize one, users can add extra strength to a potentially weak security measure. No system can check that a first pet really was called Spot – it’s just as happy with HotDiggidyDog. And mother’s maiden name? Why, it’s R2D2N0ne0fY0urBu5ine55, of course…

The downside to disguising the truth, as any experienced dissembler will tell you, is having to keep track of the web of lies: it’s much easier being honest. In this case, as the deception is so clearly worth the effort, using a password manager is an ideal way to store passwords and security answers – you only have to remember one pass phrase.

The celebrity photo hack was a classic case of social engineering and is directly relevant to business owners. Fleetwood Mac’s immortal line, “Tell me lies, tell me sweet little lies”, encapsulates an unusual workaround, which is why you won’t hear any hackers humming it…

Falsehoods, fibs and fabrications are not your average recommendation in the workplace, but business is business, after all.

 Posted by at 6:57 am
Sep 012014
 

Tinseltown has been hacked: nude or explicit photos of around 100 celebrities have been illegally accessed and posted on the 4Chan anonymous image-sharing platform.

The celebrities include Jennifer Lawrence, Kim Kardashian, Kirsten Dunst as well as Brits Kelly Brook, Michelle Keegan, and Cat Deeley.

How did it happen?

A suitably attired Jennifer Lawrence at the 68th Annual Golden Globes. ©iStock.com/Jennifer Lawrence

A suitably attired Jennifer Lawrence at the 68th Annual Golden Globes. ©iStock.com/Jennifer Lawrence

Jennifer Lawrence is – so far – leading the understandably outraged reaction, saying that she intends to take legal action for invasion of privacy. Whilst Ms Lawrence has confirmed that the photos are genuine, some celebs are dismissing them as fake and/or over two years old. There’s no saying, then, exactly when the first hack took place.

The perpetrator has not confirmed exactly how he or she accessed the photos, but possible hacking routes are phishing, irresponsible sharing of password details, or using the same password on multiple website accounts. Of course, a natural consequence of one celebrity email account being hacked is that it opens up the possibility of hacking further into their network – of friends, that is.

It is emerging, though, that the most likely route was by cracking weak personal passwords on Apple’s iCloud and accessing the celebs’ storage areas. Certainly no one has suggested that iCloud itself has a security flaw, but they have recently issued a patch for a piece of programming code which could help crack user accounts by using the 500 most common passwords approved by Apple’s rules. The script allowed anyone using it to repeatedly guess passwords on Apple’s ‘Find my iPhone’ service without locking them out or issuing an alert. Once in, the hacker would have access to the iCloud storage areas – and any photos there.

Although Apple has said they are aware of the photo hacking scandal, they have not issued any statement other than that they will comment in due course. If nothing else, they are likely to offer advice on how to avoid a personal iCloud security breach.

How to avoid the naked truth

Heading the list of weak links in the security chain is the users themselves: passwords are invariably inadequate when it comes to ensuring privacy from a determined hacker. Passwords can be made stronger by including numbers, upper and lower case letters, and special characters but, if you do nothing else, you should make your passwords longer – long passwords or phrases are hard to crack. ‘D0ntGetCaughtWithY@urPantsD()wn!’ would take over 200 million years to crack – yes, you read it right. No one would be interested in your photos by then. Surely?

Get to know how remote storage systems like iCloud work: many don’t realise that it syncs recorded media from all devices as soon as a WiFi link is established, or any time the device is recharged or rebooted. This means that deleting a photo on one device isn’t enough if you want no record of it; it has to be deleted from the cloud as well. (One very simple solution is to turn off iCloud backups under the iPhone’s Settings, but the downside is that you lose the option to recover records after a device failure.)

Use the security feature on iCloud that is not widely known about: two-factor authentication. In addition to the usual username and password, a one-time password is sent to the device itself and must be entered before access is granted. It’s not a default setting, though, and must be manually enabled.

So, if you don’t want to become a celebrity yourself – even if it’s only down at the local pub – use a strong password, invoke two-factor authentication and – safest of all – avoid the urge to take nude or risqué selfies. However, if the Devil does make you do it, stick to bathing suits not birthday suits…

 Posted by at 2:53 pm
Aug 282014
 

Our blog is normally devoted to non-self-promotional advice on business security, but we wanted to let you know about our new IOS app for iPads and iPhones. The new app provides one-click sign in for your web apps on your iDevice. We’ve built our own browser that has the same features you’ll be used to with Safari, but with the addition of a ‘log in’ button on the toolbar. Pressing the log in button will sign you into any website you have stored in your my1login account. So, no more trying to remember or type usernames and passwords on your iPhone. Any login you have stored in your my1login account is accessible on your iDevice.

IOS App

 

Download the new IOS App

Simply visit the AppStore on your iPhone or iPad and search for ‘my1login’ to find the new app. You can also find it on this link: https://itunes.apple.com/gb/app/my1login-password-manager/id596426753

IOS App Features

  • Securely access business logins from anywhere
  • Never forget usernames or passwords again
  • Remove the risk of employees writing down or storing passwords insecurely
  • Fully-featured browser with ‘sign in’ button which 
automatically signs you into sites
  • Access all of your desktop and laptop websites, usernames and passwords without the need to transfer them.
  • Data is protected with AES 256 encryption using a secure key phrase of your choice
  • All sensitive data is encrypted on your device so that even my1login cannot see it .
 Posted by at 2:25 pm
Aug 282014
 

Dictionaries define a password as a secret word or expression which must be used to gain entry. It’s hard to fault this definition, and yet computer users are using the same old passwords year after year: ‘Password1’, ‘Hello123’, and plain old ‘password’. Sound familiar? Not much of a secret then… passcloud

Using hashed data collected in two years’ worth of penetration tests, Trustwave, an American infosecurity company, cracked over 50% of business passwords in just a few minutes. After 31 days they had cracked 92% of them. The equipment used was nothing extraordinary, but they did use a graphics processing unit (GPU) rather than a traditional central processing unit (CPU); a GPU can perform billions more calculations per second than a similar-priced CPU. What does this mean for businesses? It means a high-probability risk of being hacked. Hackers rely on weaknesses to gain unauthorised entry to networks and, once in, can cause costly mayhem, both financial and reputational. Weak passwords have been identified as the primary cause of online accounts being hacked.

Misconceptions about password strength

In accordance with widespread business policy, passwords are typically 8 characters long (because that’s the stated minimum) and, although many require the inclusion of numbers, upper case and lower case letters, and special characters, these calls for added complexity don’t always translate into strong passwords.

These complex passwords may thwart the colleague sitting next to you (or the passer-by looking over your shoulder), but they’re not really who you’re up against; it’s hackers with their automated tools. In their study, Trustwave point out that, although many users assume that using complex combinations make a password more secure, it’s only by increasing the number of characters in the password that the cracking time is dramatically raised. For example, automated tools find it far easier to crack relatively short, but outwardly very complex, passwords like ‘N^a&$1n’ compared to longer phrases like ‘GoodLuckGuessingThisPassword’.

Ironically, IT administrators who force complexity into short passwords may, in fact, be introducing weakness by unwittingly causing users to create predictable password patterns, usually comprising a single word and tacking on the minimum required numbers and specials.

Similarly, the practice of insisting on regular changes to passwords has been shown to encourage increasingly weaker ones. Users end up creating passwords that are more easily cracked because they simply increment an embedded number, or add the next-in-line special character, or simply revert to using ever more memorable – i.e. common – keywords as the basis for the password.

Creating strong passwords

Any initiative to establish strong business passwords must begin with understanding what is behind the prevalence of passwords like ‘Password1’, ‘Hello123’ and ‘password’. Is it laziness, or ignorance, or wilful arrogance? Or is it because users think that ‘the IT people’ are really in charge of security and it’s not their problem? Sadly, it’s all of the above, but the good news is that the situation can be alleviated using some very simple measures:

  • Educate employees about the business risks associated with weak passwords: if it affects the business, it affects them.
  • Teach them how to create strong passwords: the emphasis should be on unique, memorable – even funny – phrases that have greater length rather than greater complexity. Passwords using a proper name (people, pets, places) as a basis are easily cracked and should be avoided.
  • Ask employees to test the strength of their passwords. Strength meters are good at highlighting weak approaches to password structure and, if existing systems can’t be redesigned to allow long phrases, they’re a great tool for testing short words with or without added specials.
  • Don’t impose regular resets of passwords.
  • Use a password manager, especially if users are expected to remember multiple passwords.

Whilst every business owner needs to take risks, tolerating weak passwords isn’t one of them; policies for password creation and storage should be an important consideration on every business agenda. The bottom line? ‘GetYourPasswordsSortedRightNow!’

 Posted by at 9:45 am
Aug 152014
 

A cybersecurity breach isn’t something that only happens to other businesses: tens of thousands of websites around the world are hacked each day and the number of new malware strains runs into tens of millions per year.

Hackers are after logins that give access to a money trail, or customer data, or corporate strategies, secrets, and intellectual property; others simply seek to disrupt services.

For hackers, it’s all about finding and exploiting weak links – many of them human, some of them technical. They take advantage of human frailty in the form of lazy, or predictable, or gullible behaviour, finding ever more creative ways to entice people to visit increasingly realistic fake websites, or be conned by elaborate spoofs. Organisations are at fault too: software developers and original equipment manufacturers don’t always incorporate adequate security features into their products, leaving users vulnerable to attack.

So how do hackers gain access?

  1. Server scanning. Hackers remotely scan the servers of the targeted company, looking for an entry weakness through which they can deploy commands that will cause the system to crash before executing their own code.
  2. Wi-Fi vulnerability. Most businesses have secure Wi-Fi, but hackers exploit careless employees who use open wireless networks when out of the office.
  3. Phishing and social engineering. Simple phishing indiscriminately delivers emails containing an attachment or link that automatically downloads malware if opened; they have been moved up a peg using social engineering techniques, targeting specific employees with a seemingly business-relevant attachment or link, or one tailored to the employee’s personal interests.
  4. Infected websites. Websites which are likely to be used by a company are targeted: hackers look for weaknesses on the website, using them to embed code that will infect visitors to the site.
  5. Planting code into web-entry databases. Web-based forms that are used to collect and store a user’s details may be targeted by hackers who, instead of entering the expected personal details, input code that will be executed rather than stored as inert data.
  6. Stealing or guessing passwords. Stealing passwords involves trickery: users receive a fake email asking them to reset their password using an enclosed link. Guessing passwords is easier than it sounds: 90% of passwords are drawn from a list of only 1000 variants.
  7. Stealing IDs from third-party sites. Knowing that some people use the same usernames and passwords for both work and other websites, hackers look for employees of the targeted company on third-party sites and attempt to steal the details from there.
  8. Hijacking email accounts. After researching the background of a targeted employee, hackers prepare a list of possible answers to security questions and use the company’s password-reset mechanism to change the password and access their email account.
  9. USB devices. Even when formatted, some USB drives can appear completely empty, so memory sticks loaded with malware is one way hackers use to gain entry. Another is using USB to connect devices which can spoof a network card to divert internet traffic and record keystrokes – that nice rep that has asked if he can charge his smartphone on a company PC could, in fact, be hijacking passwords.
  10. Inside jobs. Financially desperate or disgruntled employees, undercover recruits and on-site service providers constitute an ever-present threat from within.

Foiling the attempts of hackers requires a systematic approach; in the same way that you wouldn’t lock up your premises at night and leave the windows open, every potential entry point needs securing.

How to protect your business

Ensure that all employees are trained about potential security threats and that they use strong, unique passwords – the same password should never be used across different accounts. Always use the latest version of your operating system’s software, as well as that of your browsers: out of date add-ons are targeted by hackers as a way to redirect those browsers and siphon off user data. Antivirus software should be set to update automatically; alternatively, updates should be downloaded only from the developer’s site, not from links in pop-up reminders. Think backups and encryption.

The adage that prevention is better than cure couldn’t be truer here; undoing damage after a security breach can be – at the very least – time-consuming and costly. Building business systems without information security measures is asking for trouble; without defences, it’s really just a matter of time before your business gets hacked.

The solutions are out there and their implementation is straightforward. Now is the time to review your security provisions…before the cybercriminals do.

 Posted by at 8:12 am