Posts

A data breach could cost your business everything if you don't have the correct remote cyber security measures in place.

The Cost of a Security Breach: Is it Always Business As Usual?

What is the Cost of a Cyber Breach?

A hacker stealing your information during a cyber breach is a bad situation. However, a hacker stealing your business’s information might be worse.

Running a successful business always implies a degree of risk. However, in today’s day and age, companies are finding themselves encountering a form of risk that often goes unnoticed: cyber attacks.

If a cyber criminal launches a cyber attack on your business the damage could be irreparable.

Think about it. A cyber attack leads to a huge loss of profit and productivity but thousands of dollars in fees. Not to mention the loss of business that follows.

The average cost from damage or theft of IT assets and infrastructure increased from $879,582 in 2016 to $1,027,053 in 2017.  The average cost due to disruption to normal operations increased from $955,429 to $1,207,965.

Even worse than this, according to Inc. 60% of all small business fail within 6 months due to cyber attacks.

41 percent of companies have over 1,000 sensitive files open to everyone, according to research by the Varonis Data Labs.

How Do Cyber Attacks Work?

Cyber attackers look for unsecured folders the moment they gain access to a network. Why? Because folders open to global access groups.  Global access groups include everyone, domain users and authenticated users. This gives them easy access to business plans, customer and employee data, credit card information and much more.

Overexposed data presents a huge risk to businesses of all sizes regardless of the industry or location. For small and medium size businesses, however, it could mean millions of dollars in losses, reimbursements, and legal fees that end up bankrupting the business.

Small businesses are often targets of cyber crime, yet invest less than $500 in cyber security.

What Are The Most Common Types of Attacks?

 

In the Ponemon study, 48 percent of small and medium sized businesses (SMB’s) report social engineering/phishing were the most common kind of attack.

54 percent of respondents in the study claimed data breaches occurred due to negligent employees or contractor.

Cyber Attacks in Remote Work

Phishing attacks:

Phishing is considered the top cause of data breaches. Hackers send apparently legitimate emails with dangerous links or attached documents. When a target clicks on the link or opens the attachment, a hacker gains access to their device. The link will contain malware or ransomware that corrupts and freezes important data.

Employees might work on personal devices which might not have the same protections as a company owned computer. As a result, the personal device might be more vulnerable to malware and other viruses. Make sure you use a company issued device whenever possible. Not just for the sake of the company, but for the sake of the remote employee as well. No one benefits when a device is breached.

Insecure Passwords:

53 percent of people rely on memory to keep track of their passwords. Therefore, they choose passwords that are easy to remember.  That makes it easy for a hacker to decipher an employees password by simply going through social media. It allows hackers to even access various accounts if the employee is using the same password.

Wi-Fi Security in a Remote environment: 

In an office environment, IT departments can protect employees and control network security. In a remote environment, however, employees probably don’t have the same protections. Hackers exploit networks with WEP security protections rather than WPA2, for example.  WEP settings are the standard Wi-Fi protection for average users.Even inexperienced hackers can download tools that allow them to break through this type of network.

Remote workers don’t realize how insecure they are until something happens. All remote employees need to consider what type of network they have at home before accessing company data. Using a VPN (virtual private network) also helps in protecting against certain types of attacks on remote workers.

During the lock-down period in 2020, there were record spikes in cyber attacks on remote workers. Hackers leverage remote workers’ devices to gain access to systems that would otherwise be more secure.

The Damage You Don’t See

Even assuming an SMB survives a cyber attack financially, the reputational damage would be just as catastrophic.

Security is everything in a business, both internally and to prospective clients. If a cybercriminal hacks your business, exposing your data, no one will want to take the risk of doing business with your company. The perception that your business is unreliable or even a liability can destroy your credibility and tank your business completely.

In the worst of scenarios, you may not even notice you’ve been breached for weeks or months, at which point recovery will be next to impossible.

One of the reasons so many businesses fail is because they have an inadequate strategy for managing cyber attacks.  SMB’s may have fire walls, anti-virus software, malware protection, and encryption but they don’t plan for the event of an actual breach.

While businesses focus on keeping attackers out, the actual data itself remains accessible and vulnerable to attack.

Businesses are losing more records in a data breach. Companies represented in the Ponemon study lost an average of more than 9,350 individual records as a result of a data breach in 2017, an increase from an average of 5,079 in the 2016.

A business needs a fully redundant system to access their applications and data and regular offline backups stored in multiple onsite and offsite locations.

Nerd Support’s experienced team can guarantee a secure business and keep your data safe. A breach doesn’t have to mean failure.

With a business continuity plan that is tailored to your needs your needs, you can get peace of mind knowing your information is safe.

Contact us today for a FREE IT Test! Or call us at 305-551-2009.

Nerds Support Contact Us Leaderboard

A team working on a an IT solution project

Three Easy Ways to Improve your Security

Cloud-based storage and computing lets you get out of the IT business and focus on doing running your business. It’s also, as we’re about to see, far more secure than traditional servers and storage.

Even now, more companies are depending on the benefits of cloud tech for remote work.

Furthermore, there are many big name companies that have found success by migrating to the cloud.

If you’re a smart business owner, you’ll see the writing on the wall. Cloud technology is essential for businesses’ success.

So without further ado, here are three ways to take advantage of cloud security:

1. Move your files to the cloud

Cloud file sharing and storage saves you from disaster. Say bye to lost attachments, file size limits and unsecure collaboration. More importantly, it puts the security of your files in the heavily-protected server room of an IT partner or technology provider – so you have a far safer back-up of all your files as well. It’s the easiest of all the cloud security steps and it dramatically improves your security overnight.

Security

Business owners use the cloud because the data stored on it is safe. Why is it safe? Because data stored on the cloud is distributed through redundant servers and never stored in just one place. Meaning, hardware failure of any kind becomes a non-issue.

If there is damage to your hardware due to a flood, storm or any other reason, your information remains secure.If a company like Cisco is vulnerable to a power outage chances are you are too.

Cloud servers also have automatic backups and multi-factored authentication to prevent data loss or theft.

This is especially helpful if your company has valuable or sensitive data. Security features on the cloud help protect against social engineering techniques like email scams. However,  there are also safe practices when emailing that can help mitigate threats.

Cost Savings

Annual operation costs drop significantly when using the cloud. Rather than pay for Internal IT software, everything is stored online or in a private server. Separate storage becomes unnecessary and so does much of your hardware and software costs.

Easy Sharing

If you’ve ever used Google Docs or Dropbox, you’re probably familiar with file sharing. File sharing is function of the cloud. A cloud environment facilitates remote work, communication and increased productivity as a result.

CIA uses the cloud for their most sensitive data and workloads

2. Move your applications to the cloud

Save over $30,000 a year by switching to the cloud per application

You probably already use cloud apps too. Facebook, Gmail, Slack or Office365 are all examples of cloud tech. However, you can also put your most important on-site apps, the ones stored on your computer, on the cloud. Application virtualization transforms any non-cloud app into a cloud-based app, easy, so your users  can access it from any device. 

Examples include :

1 . Quickbooks

2. Descartes

3. Thomas Reuter

For example, Nerds Support is a Quickbooks hosting provider. Which means businesses looking to adopt Quickbooks application services through us. Cloud based applications like Quickbooks are the best options for businesses that need to work remotely. Quickbooks hosting for remote work is a popular option among medium and small business for its accessibility.

Those times that you leave your laptop at home and have to rush back to pick it up before your 10 am meeting are gone. You can access that Excel and Powerpoint presentation in an instant.

Automation & Backups 

Creating data backups is among the biggest issues businesses face. Between dealing with complex client data, customer service, and business operations, it’s hard to remember to back up files and valuable information. This makes you vulnerable to data loss. With cloud storage, data backups are automated and routinely performed to prevent data loss or correct data mistakes that may arise. 

Data backups are good for medium and small businesses for many reasons. They also prevent ransomware attacks like the ones that plagued New Orleans in 2019.

3. Move your desktops to the cloud

Managing many PCs is a lot of work and can lead to many unsecure devices. Simply because businesses don’t have good data management practices. Your users can work on any device, any browser, anytime. And if they leave their laptop in an Uber, the airport, or at home, no problem.

Contact us today to start migrating your apps to the cloud. 

Outsourcing your tech responsibilities creates opportunities to scale and grow your business. But also consider what kind of cloud provider you’re trusting with your operation? You also need to establish a cloud migration plan. 

Nerds Support has over 17 years of experience, working with small and medium sized businesses in IT Cloud Solutions.

Nerds Support Contact Us Leaderboard

FinTech Compliance Cloud Computing Thumbnail

How Financial Services Keep Data Safe On The Cloud

If you’d like to read more about how financial companies are using the cloud to innovate, click here.

A 2019 Global Wealth Study by Boston Consulting group reported financial services firms are hit by cyberattacks 300 times more than other companies. Financial institutions have a lot of sensitive data cybercriminals can monetize if accessed. That is why the financial services industry is so heavily regulated .

The US has experienced huge breaches of consumer data the last few years. The most famous example in recent memory is the Financial Technology, or FinTech, company Equifax. They experienced a data breach in 2017. The breach compromised the personal financial information and social security numbers of more than 146 million people.

FinTech gives consumers access to mobile banking, personal financial data and other services. However, since FinTech is so recent, it doesn’t have a regulatory framework yet. In the US, for example, in the mobile payment industry there are eight federal agencies with minor oversight over finance. Moreover, all 50 states have their own rules. It’s a very different story for Financial organizations and as we’ve seen above, for good reason.

As we’ve seen, lacking a regulatory framework impacts more than just a financial firm. It puts consumers at risk. In the financial industry, achieving regulatory compliance should be the focus for financial institutions big and small.

Cloud Security and Compliance

For a financial firm, credibility is everything. No organization wants to be fined, shamed or, worst of all, left behind by clients. Therefore, firms need to understand the challenges ahead to achieve compliance. Compliance is one of the biggest reasons financial firms are skeptical about engaging in a cloud strategy. However, once you understand how compliance is achieved in the cloud, the transition won’t seem so daunting.

Cyber Threats

As mentioned above, cyber security threats are sophisticated and aimed at getting your firm’s information. Hackers use a variety of methods to compromise your infrastructure for financial gain.  You can’t discuss cloud compliance without mentioning cloud security. As the workforce becomes increasingly mobile it gets easier to attack organizations operating on insecure networks. As a result ransomware is the most common attacks and is now a $2 billion- per-year industry.

One important thing to keep in mind

One of the main concerns that come up when considering financial cloud compliance is that customers don’t manage their own IT infrastructure.

That’s why it’s important to stress the fact that cloud compliance is a two way street. Managed IT service providers have a contractual obligation to their clients but clients must rely on best practices and regulations to look out for their interests as well.  In other words, a specific provider, be SaaS or HaaS will offer certain compliance and security features, but it’s up to the client to responsibly implement those features. With that said, we move on to the features themselves.

FinTech Compliance Cloud Computing Statistics

What’s Covered by a Financial Cloud provider?

It depends. Since the every cloud provider differs in their services and the way they present information, CPA’s and financial companies should review each cloud option carefully. That means choosing the appropriate cloud provider. Like shoes, cloud providers are not a one-size-fits-all.

Things to look out for when choosing a cloud provider:

1) What data will be stored in the cloud and what will remain in house. Why?

2) Where the data will be stored. Some providers don’t give you this information.

3) Service Level Agreement (SLA). Due to the compliance and regulations standards in the financial services industry, your firm might have to carefully review the types of services the provider offers and which align with your needs.

4) Encrypting Data. Keeping with compliance standards means encrypting sensitive data to protect it.

5) Systems & access controls. Data security is a big compliance mandate. You should know who at your firm has access to what data and what your cloud provider has access to as well.

Regulations and Guidelines

The important thing is that a firm become aware of the regulatory policies and procedures it’s expected to comply with. The Financial Cloud provider should have documentary records of how they plan to meet compliance in the cloud.

The GLBA ( Gramm- Leach- Bliley Act) and the SOX (Sarbanes- Oxley) Act are two main pieces of legislation that deal with the storage and maintenance of information within a financial institution. Therefore, to help with compliance a cloud provider should share information and supply your firm with access to necessary documentation.

Nerds Support’s white paper on compliance details SOX compliance and regulations.

Conclusion

Whether your firm chooses a private cloud or public cloud, compliance guidelines must be met to ensure optimal security. Cloud service providers and financial organizations should continue to improve their processes. Otherwise, your organization will be penalized or even breached. The data migrated from a firm to the cloud is valuable and entrusted to you by your clients. And when you mishandle that data, you run the risk of losing everything.

Accounting Firm Scams Vulnerabilities Thumbnail

Top 5 Vulnerabilities Accounting Firms Face

It seems like every other day institutions big and small are experiencing some form of cyberattack. Local governments, banking institutions, tech and networking companies have undergone some sort of cyber breach. However, accounting firms are likelier than other businesses to fall victim to a cyberattack due to the wealth of sensitive client information they store in order to conduct business.

Since cybercriminals are always exploiting vulnerabilities and finding new malware to access financial information of accounting clients, it’s important to understand cyber threats your firm faces in 2020. So when an accountant thinks about cyber risks they’re susceptible to they think about attacks from outside the firm. Unfortunately, the cyber threats that could negatively impact the firm are ones that firms are responsible for. The good news is they can be prevented.

Here are five  main vulnerabilities CPA’s face today.

Why are CPA Employees at the Root of a Data Breach?

1) Human Error

Human error is the leading cause of accounting mistakes and it’s also the leading cause of cyber security threats. 90 percent of data breaches are caused by human error, according to a study by Kaspersky.

Bring your own device (BYOD) culture puts financial firms at risk when accountants neglect to check their network security. If an accountant has sensitive data on their personal device and decides to go to a coffee shop like Starbucks, it’s possible that a hacker can access that information because the user’s connected to a vulnerable, public wifi network.

Solution

Establish strict guidelines to limit the use of personal devices when handling accounts and client data.

2) Weak Passwords

Among the most common mistakes accounting professionals make is setting up weak passwords for accounts. Accountants should create separate passwords for their email, applications, and systems according to best practices. The reality is accountants, like many other people, tend to use the same password for all three. As a result, they make a hacker’s job much easier.

Passwords are a lot like keys. Imagine if you had one key for your house, your car and your business.  All anyone has to do to ruin your life is get hold of that key. Now, lets push this analogy even further. Imagine that same universal key. Not only does it provide access to all these valuable things but every night before you go to bed you leave it under a flowerpot outside for safe keeping. It might not be as obvious as leaving it out in the open, but it wouldn’t take long to find.

That is exactly what accountants do online. They create passwords that are easy for them to remember. Passwords are often anniversary dates, names of pets or loved ones, or the schools they studied in. Like the key in the flowerpot, a thief might not know exactly where it’s is hidden, but after some snooping around and persistence, they’d find it.

Social Media is a Hackers’ Greatest Tool

In today’s world of social media and online communication, personal information is available to everyone willing to look for it. A cyber criminal just needs to do a minimum amount of work looking through social media accounts to find anniversary dates, names of pets or loved ones, and the schools a target studied in.

That’s not to say accountants should rid themselves of all social media and eliminate their online presence. That’s a very extreme approach and, more importantly, is impossible. We shop online, we bank online, we purchase food online, we buy tickets online. All these things create a profile of who you are and can be leveraged to gain access to your accounts.

Solution

It is essential for accountants to set strong passwords for all their accounts. What are strong passwords? A strong password is a combination of letters (capital and lowercase), special characters like punctuation marks, and numbers or numerals. Stay away from passwords relating to your personal life as often as possible. A hacker will use whatever information they can to infiltrate a firm.

To avoid this firms should consider simple security methods like having users change their passwords monthly or at least quarterly and limit access through mobile devices. Also using multi-factor authentication software when accessing accounts can prevent breaches.

Accounting Firm Scams Vulnerabilities Statistics

3) Phishing

This leads me to the next cybersecurity danger CPA’s face: Phishing. Phishing emails are used to manipulate the reader to click on a link or attachment infected with malware or a virus. They are a form of social engineering. Whether  you’re a large firm or small you’re vulnerable because statistics are on the hacker’s side.  All it takes is one successful attempt to access the firm’s data. In other words, they only need to trick one employee to access the firm’s data.

Phishing attacks a varied and wide-ranging. They can come in the form of a credit card alert, a notice from a non-profit, a package shipment delay and others. However, now that there’s more awareness of phishing scams, scammers adapted to make attacks even more believable by hyper focusing on a specific target.

A target phishing email is known as spear phishing. Cybercriminals use everything they can find on the target to legitimize the email. They’ll make references to people in your life, places you’ve lived in, things that you’ve done to give you a false sense of security. For example, if you get an email from a store you’ve shopped at offering you deals on products you’re likely to buy, you’re likelier to open the email without question.

Avoiding spear phishing attacks means having the proper securities in place and training personnel to create a security first culture. Businesses can use phishing simulations to train accountants to recognize them also.

4) Malware

Malware is installed through a phishing email attachment or link to an infected web page. The scary thing about malware is that it can stay dormant for weeks or even months before it’s used to steal information or take over systems. There are even ways to purchase malware online through the dark web. In other words, cyber criminals no longer need to be tech savvy to deploy malware. They can be anyone.

Solution

Since Malware is installed through social engineering, the solutions are the same.  Accounting firms should have protocols in place to alert IT personnel when a request comes in through email. Managed Service providers, like Nerds Support, have alert system that notifies systems engineers of potentially fraudulent emails.

Our e-book goes into more detail on the benefits of e-mail and spam security services.

5) Cryptojacking

Cryptojacking is relatively new and unlike malware attacks, its goal is to mine cryptocurrencies on behalf of the hacker by using the victim’s devices. They gain access to the devices by using phishing techniques. They imbed crypto mining malware in popular websites in the form of free browser extensions.

Crypto currencies are valuable to hackers because they’re untraceable and can be used for purchase and exchange on the dark web. Furthermore, the attractive thing about cryptojacking is that it runs secretly and can go undetected for a long time. And since nothing gets stolen or encrypted, there’s little incentive to do anything about it.

 Solution

Other than training firms should implement endpoint protection/antivirus software that detect crypto miners. IT support should create a continuity strategy in case of an attack.  Another thing you can do is keep track and maintain browser extensions.

Conclusion

An October 13 story by CNBC reported that Cyberattacks cost small companies $200,000 on average. 60% of the businesses attacked go out of business within six months. Accounting firms are among the most targeted types of businesses today. Moreover, cyber crime has become the fastest growing type of crime costing businesses 5.2 trillion worldwide in the next five years.

Pandora’s box has been opened and now more than ever CPA’s cannot afford to take unnecessary risks. Adopting strategies and continuity plans to limit the impact of cyberattacks and phishing scams is key.

 

P.S. Cloud accounting is a growing field and provides unique solutions to many of these problems. Click here to read our blog on why cloud backups are a good solution for CPA firms.

CPA Firms Data Cloud Protection

How CPA Firms Benefit from Miami Data Protection

All companies today have data. It could be anything from personal files and client data, to product information and financial transactions. In fact, data is one of the most important assets to a company. For that reason, data protection should be a serious consideration for any company. Data protection included guarding the data and making it available to employees who need it. Moreover, it requires ensuring the data is correct and updated as well as keeping the data confidential.

Data is currently the lifeblood of a business. That is why Facebook and Google became the tech giants they are today. The amount of data they have over their users is so valuable, industries depended on them to drive business, develop relationships and predict behaviors.

Imagine if that data were stolen and used for nefarious purposes. Imagine if it were sold on the black market or bought by a third party. You don’t have to be Facebook or Google to appreciate the severity of a situation like this. If your industry fails to protect both client and employee data, this could destroy your business.

Customers have a minimum expectation that your firm or business will keep that data safe. Data governance builds trust and trust builds a business. There are practices that everyone needs to follow to protect important data from breach.

Now more than ever, you find data hacks and attackers everywhere online. 53 percent of companies experienced a cyber-attack in the last year. This was up from 38 percent the previous year. This is why finding the right services that offer data protection in Miami is a good idea. Ransomware and hackers in particular are hitting accounting, the financial services industry and even educational companies all over the world.

Data protection keeps hackers from taking advantage of human errors

Whether you like it or not, human errors can appear from time to time in just about any business. And yes, they can lead to lots of downtime. Hackers will wait for such an error to appear and they will immediately gain access to your business information. If you don’t store your information adequately, hackers will just attack your business, and that can lead to a huge set of problems in the long term.

Training

This is such a huge issue that government regulations are now in place that make data governance a requirement. An important component of safety measures is security awareness training. Employees need to understand the importance of data security and procedures.

Online Safety

Our online activities reveal aspects of our daily life. What we search, where we enter our names, home address, and phone numbers. Facts about our education, our shopping habits, all of these things are recorded on the internet.

The amount of information that can be found on the internet is staggering. People expose their private lives online on a regular basis and that means these details can be exploited to gain access to employee information at work.

Data protection keeps hackers from taking advantage of human errors.  There are three main human errors that cyber attackers leverage to gain sensitive data:

Error 1: Phishing

Phishing and pretexting account for 93 percent of social related breaches, and email attacks are the most common.
The biggest mistake companies make is to neglect cyber until an attack or breach occurs. What every financial organization, accounting firm, and any business with sensitive data needs to do is create a security focused culture. Taking the time to address important warnings and issues in brief meetings or short five minute videos can give your business a huge advantage over cyber criminals.

Error 2: Poor passwords

81 percent of company data breaches are due to weak passwords. That’s because people recycle the same passwords across their various online accounts. Not only do people use the same passwords, but they continue to use those passwords as long as possible until it they’re told to change it by an IT department or affected by a cyber-attack. Businesses need to take an active role in helping their staff develop password good password hygiene. The reason many people use reuse these passwords are fear of forgetting. In fact, it was the number one reason for reuse. 61 percent of users admitted this in a poll by Lastpass.

There are password manager software applications that collect data and store it in encrypted databases. Nerds Support uses password expiration tools that instructs users to change their password every 30 days.

Error 3: Unauthorized access to devices

Although  industries  have become more mobile through smartphone technology, tablets and laptops, companies still issue devices to their employees. Over half of working adults allow friends and family to access employer-issued devices at home. Furthermore, it’s possible for employees to download malware that could gain access to important data and applications.
Implementing security controls on devices like two factor authentication and password protection is necessary in this case to avoid these risks. Also, introducing a thorough and comprehensive information security plan that addresses such concerns will lead to a more cyber secure culture within the workplace.

This is especially important for accounting firms due to the sensitive nature of their data. Financial firms are also vulnerable to these types of human error and critically impact the business. Nerd Support’s cloud accounting technology mitigates these risks by implementing rigid compliance centered practices.

Data protection Safeguards Against Breaches

Daily data backups, storing your data in an undisclosed location and taking the security measures mentioned above can go a long way. Data protection needs to be a top priority for all industries, because not only will you lose data, you’ll lose trust and eventually clients.

 

CPA Firms Data Protection Statistics

 

Daily data backups, storing your data in an undisclosed location and taking the security measures mentioned above can go a long way. Data protection needs to be a top priority for all industries, because not only will you lose data, you’ll lose trust and eventually clients.

Data Protection saves you money

The average total cost of a data breach is 3.92 million US dollars, according to extensive study by the Ponemon Institute. The average size of that data breach is 25, 575 records. In other words, 25,575 records are stolen on average whenever there is a data breach. Having strong protections is not a luxury, it’s a necessary investment. Most companies don’t realize this until a breach has taken place. The true financial impact is immeasurable when you consider future losses due loss of trust, credibility as well as the fines and fees.

Data protection keeps your company in compliance with the law

All businesses must safeguard their data. In Florida it’s important to remain compliant with the Florida information protection act of 2014. It’s a lot easier to avoid any potential lawsuits this way too. And, the most important thing, this way you can create powerful business relationships with each client.

By following compliance standards many of the vulnerabilities associated with human error are eliminated entirely. So you need to find IT solutions that take compliance not only into consideration but make compliance the basis for those solutions.

For accounting, it’s GAAP compliance standards that should be met. In the case of financial services, using FINRA approved cloud storage services is key.

What Happens When Data Protection is Underestimated?

There were huge data breaches in government run facilities in the past year. Ecuador was victim to a data breach that compromised the information of up to 20 million people. This included adults and children, dead and alive. To give you a sense of scale, Ecuador has a population of 16 million people. These attacks are only getting worse as hackers expose long neglected security weaknesses.

If you want to make sure that your company data is safe, contact Nerds Support for more information. Our dedicated data protection services team can give you a free consultation to discuss your industry and compliance needs.