Blog

3 Ways to Prevent CEO Fraud

CEO fraud is one of the rising cyber security threats that businesses are faced with. This type of fraud is called a Business Email Compromise (BEC) incident because hackers usually first make contact with the victim via email. In it, the cyber thieves impersonate a high-level executive, such as the CEO of the company, to trick the individual into wiring funds to a fraudulent, overseas account. This type of theft often fools many employees since it looks legitimate on the surface.

The end result is that CEO fraud can cost a company millions if the hackers manage to execute the scam successfully. However, there’s some good news. There are ways businesses can prevent this type of scam from occurring in the first place. Here’s a look at what businesses can do to prevent CEO fraud scams from taking place:

Educate Employees About CEO Fraud

Since incidents of CEO fraud is on the rise, it helps to educate employees as to what CEO fraud actually looks like so they can avoid getting involved with the scam. This can be accomplished through security awareness training, which can help prevent incidents of fraud from occurring in the first place. Employees need to know what a typical fraudulent email looks like and also how to avoid taking part in the scam once the threat is identified. Increasing employee awareness and training them about all aspects of cyber security, not just CEO fraud, are important measures for guarding against cyber scams.

Implement Better Email Filtering

There are a few telltale signs that can show whether the email truly came from a C-level executive or if they came from a scammer. While employees can certainly be trained as to how to spot the difference themselves, it also helps to set up better email filtering so that employees may not even see the fraudulent emails. Scammers use tactics such as spoofing the company’s domain name, spelling the company’s domain name incorrectly, and placing the CEO’s name in the from line of the email even though the email didn’t originate from the company.

Develop Secure Wire Transfer Protocols

Wire transfers are a big part of CEO fraud scams since the hacker’s main goal in impersonating the c-level executive is to get the victim to wire transfer large amounts of funds to a bank account. Imagine if the employee believed the scammer and was about to transfer the requested money. Having stringent wire transfer protocols in place could further prevent the scam from being successfully executed. For example, if the policy states that wire transfers can only be made if the CEO or other executive approves it first, this could prevent the scammer from obtaining the money.

Are you concerned about cyber security threats such as CEO fraud but are unsure of where to start? Contact Roan Solutions for help creating a cyber security plan that can handle threats such as CEO fraud.

Posted in News

Rising Cyber Security Threats for 2017

There’s no doubt that cyber security is a big threat for businesses today. One of the issues businesses of all sizes are faced with is the fact that once they get a handle on one type of threat, another security concern takes its place. While the goal of any company is to create an all-encompassing plan that will cover all the threats, it does help to stay current on the subject since it can help companies create effective strategies on how to handle them.

However, to accurately prevent these threats, it helps to define what they are. Keep in mind that all the standard threats still exist, such as malware, phishing, and viruses, and businesses should plan accordingly. However, there are some that have become more common. Here is a look at some of the top cyber security concerns that businesses may face in 2017:

Internal Threats

These days, businesses shouldn’t only be concerned about cyber security breaches that come into the company from the outside. Currently, most businesses seem to focus on preventing hackers from getting into the network from the outside. As it becomes harder for them to breach the networks from the outside, they tend to explore options that will enable them to breach systems from the inside.

To do this, hackers often attempt to manipulate employees, often by blackmailing them. Other internal threats to be concerned with include internal espionage and even CEO fraud, which is where hackers emulate the CEO and upper level management as a way to gain information. Note that most of these threats can be prevented through adequate employee education.

Ransomware  

Although ransomware has been around for some time, it has increased in its frequency over the past few years. Ransomware is defined as a type of security breach where a malicious piece of software, or malware, embeds itself into a computer system and blocks users from accessing it. The cyber criminals responsible for this type of security threat offer to unblock the system as long as a sum of money is paid.

Once a company is infected with ransomware, it can be difficult to reverse the damage. The FBI doesn’t advise paying the ransom, but they do admit that these cyber criminals are difficult to catch. From a business’s perspective, even if access to the system is restored, the loss of revenue could be devastating. Besides creating an extensive plan that would protect the system backups from the threat of ransomare, it is important to educate employees on how to prevent a ransomware attack in the first place.

Because cyber criminals are becoming increasingly more aggressive, it is important that businesses not only understand the threats, implement a cyber security plan that will fully protect the business. This not only includes the standard measures such as firewalls, virus and malware protection software, and a solid data backup plan, but also making sure that employees are fully educated on the risks and what to do about them. Contact Roan Solutions for more information on how to do that.

Posted in News

Email Security Best Practices for Businesses

Email is an important part of business communications and when done correctly, it can certainly make people’s jobs easier. Employees have come to depend on email but at the same time, emails can make businesses vulnerable to threats such as malware, worms, viruses, and spyware. Fortunately, businesses don’t need to stop using email altogether to create a safe environment. Implementing the following best practices can make email more secure:

Know What’s at Stake

Before implementing a strategy for making email more secure, it helps to know what the risks that insecure emails can cause because that will help businesses formulate a plan for safeguarding against the risks. Specifically, what would happen if sensitive information within the emails ended up in the wrong hands? How much money does the company stand to lose if an email infected the computer with malware, spyware, worms, a virus, or another threat? In the majority of cases, these threats could result in a loss of data and that, over time, could cost the company money.

Implement Email Security Measures

At the very least, businesses need to utilize email security measures that are available today in order to control the threats, such as malware, that can be present in emails. For most businesses, the choices for how to secure their email are constantly growing. Here’s a look at some of the in house measures businesses can take:

  • Dedicated Email Server. One strategy businesses can use is to have a dedicated email server that will isolate the emails from the rest of the company’s applications. If an email is infected, it will have less of a chance of infected the rest of the company’s information.
  • Automatic Updates. Another thing that can help increase email security is to stay on top of any software updates that need to be made with email software programs as well as virus protection software.
  • Content Filtering. Sophisticated content filtering can further protect a business from emails that contain security threats. It can also help control spam emails. While many email companies provide their own in-house filters, there are programs out there that are even more effective than those.

Use Cloud Based Email

While the above suggestions are certainly helpful, they are a bit outdated in today’s environment. Cloud based email is an extremely reliable solution that doesn’t require businesses to have a dedicated emails server, or implement filtering and security measures. Cloud email systems like Microsoft Office 0365 and Google’s business mail solution allow for encryption and also come with their own filtering and security measures. This is a much better solution for businesses.

Ensure Employee Compliance

However, implementing email security measures can only take a company so far. Employee compliance to internal email security policies, knowledge of the types of problems negligence with their own email inboxes can cause, as well as informed leadership, can all go a long way to increasing overall email security. It is up to company leadership and the IT departments to set policies that will help keep workplace emails safe and secure. However, it is up to the employees to implement these policies and remain diligent when policing their own email accounts.

Need help making business emails more secure? A managed IT service provider helps companies make these types of decisions. Contact Roan Solutions for help creating an email security plan that best suits the company’s needs.

Posted in News

4 Cyber Security Threats Plaguing Businesses

4 Cyber Security Threats Plaguing BusinessesThere are many cyber security threats that businesses are faced with today. Of course, there are always ways for businesses to prevent these threats from impacting them. However, in order for companies to minimize these threats, they first need to know what they are. After knowing what their security threats actually are, they can then develop an effective cyber security plan. Here’s a look at the threats of which businesses need to be aware:

Data Breaches

Data breaches are a threat to businesses of all sizes and the major problem with them is that it not only puts sensitive company information at risk, but also customer data. Cybercriminals steal data such as credit card information, company information, and other personal information. Companies can combat this threat by following industry compliance guidelines, such as HIPAA or PCI-DSS guidelines, and by diligently updating the company’s security features, such as changing passwords on a regular schedule and updating the firewalls.

BYOD Vulnerabilities

While the Bring Your Own Device, or BYOD, phenomenon has revolutionized the workplace, it has also brought with it a new set of security concerns. From a security standpoint, BYOD is hard to monitor. Since companies often leave individuals who are largely in control of the security of their devices, it can be incredibly hard to monitor the threats that can come from BYOD. IT departments should consider creating company-wide policies policing the security of these devices so they can better control these threats.

Malware

Malware includes anything malicious that is designed to damage a business’s devices, such as its computers. Malware can include spyware, viruses, and Trojans. There are several ways to prevent malware from infecting the company’s devices and to other parts of the IT infrastructure, such as servers. To combat this, it is important to make sure that each device has an adequate firewall and up to date malware detection and cleanup software program installed.

Insider Misuse

Many people don’t realize that not every cyber security threats originate from the outside. There are some external concerns to address, as well. One of the biggest internal problems is referred to as insider misuse and is classified as a data breach originating from within the company when one or more individuals access information that goes beyond what they need in order to perform their daily duties. Whether intentional or not, this type of data breach puts the security of the company at risk because the information could often fall into the wrong hands.

It’s true that cyber security is an issue for businesses of all sizes and it certainly does help to develop an effective cyber security plan that is tailored to the business. However, in order for that to happen, it’s important to know what the threats really are. For more information about how to protect your business from these cyber security threats, contact Roan Solutions.

Posted in News

Security Benefits of Using a Managed IT Provider

Security Benefits of Using a Managed IT ProviderBusinesses today are faced with multiple security threats, such as viruses, malware, hackers, and other issues. In order to properly manage these threats, it helps to have a dedicated team of experts whose main role it is to keep the business’s assets secure. Security breaches pose multiple threats to businesses, such as sensitive data leakages and downtime, which both can result in lost revenue for the company.

In order to minimize these issues, it helps to have a solid security plan. Unfortunately, businesses often don’t have the right IT team in place to handle these security issues. In this case, using a managed IT provider can step up the company’s game when it comes to security. Here are the security benefits companies enjoy when using a managed IT provider:

Access to Top Security Technologies

One of the major roles of a managed IT provider is to optimize the company’s IT infrastructure. Since security measures are part of the infrastructure, this is something the managed IT service will provide, as well. Not only that, but they add a level of expertise to the security protocols that a company’s existing IT department may not have access to. Tasks such as building security firewalls, installing top of the line virus protection, and implementing email spam filters are all things the service provider could install to beef up security. Not only that, but they’ll be able to use the industry’s best technologies in order to perform these tasks.

Perform Constant Network Maintenance

It isn’t enough to implement the security protocols while building the IT infrastructure. The network needs to be continuously monitored and assessed so that maintenance can be performed. The problem is, IT departments are often strapped for resources, which means that these tasks aren’t always being performed. If these maintenance measures aren’t taken, it can make it much easier for a threat to breach the IT infrastructure and put the company’s valuable assets at risk. Activities that could raise red flags include network activity from a certain IP address outside of the business’s normal base of operations, software updates, and an increase in spam emails to employee email addresses. These all should be addressed before they pose a serious threat.

Adherence to Industry Policies

In some industries, it isn’t necessarily enough to implement security measures that will keep the business’s assets safe. There are some policies that need to be adhered to, as well. The problem is, industry standards are always changing, and many IT departments aren’t staffed well enough to keep up. With managed IT providers, however, this isn’t the case since they always stay current with industry policies, such as HIPAA and PCI, as part of their ongoing training. These compliance standards often have protocols that will help keep the company’s information assets more secure.

Managed IT service providers can help keep a business’s valuable assets more secure. For more information on how Roan Solutions can help, click here.

Posted in News

Internal Network Security Best Practices

Internal Network Security Best PracticesWhen creating an internal security plan, many companies focus on the external side without realizing that internal network security can also be a factor. In thinking about it, it makes sense to focus on network security within the company. Despite the fact that most of a company’s valuable information assets are found internally, the theory seems to be that most of the threats will come from the outside. This may not necessarily be the case. Here’s a look at the best practices companies can follow when creating their internal network security best practices:

Insure Proper Patch Management

Patches are unique pieces of software that are designed to update existing applications and software programs. This is beneficial because patches can fix bugs, security vulnerabilities, and other problems with software that could leave data insecure. It is up to company IT departments or the managed IT service provider to come up with a strategy that will insure that the patch management protocol is effective and timely.

Create and Enforce Password Protocols

Although passwords are designed to create a level of security that will protect sensitive information, they can also be easy to hack. IT departments should not only create a set of password guidelines and protocols for employees to follow, but they should also enforce these policies. When IT departments create these guidelines, they should also insure that they are compliant with industry guidelines, such as those created by HIPAA and the PCI-DSS guidelines.

Use an Effective Firewall

Typically, firewalls are used to create a security barrier between the internal network, which is where sensitive company assets are located, and an Internet source from the outside, which tends to be insecure. Failure to use a state of the art firewall to secure this barrier can impact your internal network security. Once vulnerability enters the system from the outside, it can be difficult to contain from within. Good internal security begins with an effective firewall.

Regulate Workstation Internet Use

While it may seem convenient to allow employee’s workstations to access the outside Internet connection, this can leave the company vulnerable to outside security threats, such as malware and viruses. Company workstations at the very least should have regulated Internet usage through techniques that limits access to only known good sites. Once a machine from within the company is controlled by a hacker or is infected with something malicious, it puts the rest of the company at risk.

Install Adequate Protection

Antivirus, antimalware, and antispyware software programs are typically looked at as a way to help companies cope with malicious threat contracted from the outside. However, these programs can help with internal security threats, as well. Care needs to be taken to insure that the best programs are installed on company machines to help control threats both internally and externally.

When assembling a companywide network security practices, it’s important to make sure that protocols are set up for the internal network, not just the external one. Contact Roan Solutions for more information on how to set up an effective internal network security protocol.

Posted in News

What to Know About PCI Data Storage Guidelines

At the core of the Payment Card Industry’s Data Security Standard, or PCI DSS, is to protect the sensitive credit card data that companies store for their records. As a global organization, the PCI Security Standards Council is concerned with the security of this data from a worldwide perspective and their standards impact organizations across the globe, such as financial institutions and software developers who are responsible for creating the payment processors.

The council’s mission is to create a set of standards and guidelines that businesses of all sizes could follow in order to keep stored credit card information and customer data secure. Businesses that need to accept credit card payments need to maintain PCI DSS compliance in order to keep this data safe. Here is an overview of some of the guidelines and how to adhere to them:

Follow Data Storage Guidelines

The main goal of the PCI DSS security standards is to regulate how businesses that have a legitimate need to collect credit card payments store and maintain this customer data. It is important for these businesses to know not only how to store the data but which information is able to be collected to remain compliant with the standards. For instances, entry devices and payment processors that these businesses use need to be approved by the PCI Security Standards Council. All the major credit card brands require PCI DSS compliance so it is important that businesses that accept payments such as American Express, Master Card, Visa, and Discover adhere to the guidelines, as well.

Know What isn’t Allowed

Besides knowing what the guidelines are for remaining PCI DSS compliant, it is also important to know what not to do. For example, businesses should be wary of storing sensitive data unless it is deemed absolutely necessary. It is also wrong to store sensitive PIN numbers or the three or four digit verification code that is located at the back of credit cards. These are safety features and making sure that this information isn’t stored offers another level of security. All printouts generated from PED terminals should be masked, and data should never be stored in devices such as smartphones and laptops that are considered insecure. PCI DSS guidelines require a certain level of security in order for the businesses to remain compliant. It is also important to limit the number of people who are able to access the sensitive data, and to also prevent those who aren’t authorized from getting at the information.

Confused as to how to remain compliant with the PCI DSS standards? For businesses that accept credit card information from their customers and clients, it is important that the PCI DSS standards are adhered to in order to keep sensitive data safe and secure. Please contact Roan Solutions for assistance on how to keep credit card data safe by maintaining PCI DSS compliance.

Posted in News

How to Maintain PCI-DSS Compliance

Credit cards

Keeping credit card data secure is a top concern for businesses of all sizes. Not only that, but credit card information isn’t the only thing that’s at stake – the sensitive customer data that is associated with the credit card information is also something that needs safeguarding. That’s exactly why the industry enacted the PCI-DSS regulations – to keep this sensitive information secure.

Businesses, however, often need clarity as to how to remain compliant with these standards. It isn’t a simple matter of visiting the issue of PCI-DSS compliance only once. It is important to make sure that the standards are maintained. Here’s a look at how businesses can secure this sensitive data by following the PCI-DSS regulations that have been set up by the industry:

Analyze Existing Systems

The first phase of staying current with PCI-DSS compliance standards is to assess the current system for vulnerabilities. Take inventory of all IT assets that involve data storage as well as credit card payment process methods. It’s also a good idea to identify all cardholder data that the company has stored as well as the systems that are used to store this data. The goal is to identify existing problems so that they can be addressed.

At this stage, it’s also a good idea to make sure that the firewalls, virus protection software, and servers are all up to date. Out of date equipment and software is much easier for hackers to crack. This is also the time to check if data encryption methods are up to the industry standards.

Address Vulnerabilities

Once the systems are fully analyzed and the vulnerabilities are identified, the next step is to take action. The first step is to assess what the current PCI-DSS standards are so that they can be enacted. The PCI-DSS Security Council is in place to analyze existing threats and make sure that they update their guidelines accordingly. As a result of that, compliance standards could change throughout the year. Knowing what these changes are can help businesses keep their data safe.

After becoming acquainted with the guidelines, IT departments are well poised to adhere to the guidelines while also addressing the existing security vulnerabilities. This includes installing new firewalls or updating existing ones, updating the anti-virus software, updating other software programs, and making sure that the company’s equipment is up to date. The process of keeping equipment and software current is something that should happen on a regular basis.

Many companies only assess their systems once a year to make sure they remain compliant with PCI-DSS standards. However, compliance is something that needs to be regularly maintained, and only checking once a year can leave sensitive information vulnerable. It is much better to continually check all systems to make sure they are all up to standard. However, businesses are often unsure of how to proceed. Roan Solutions can assist businesses maintain their PCI-DSS compliance standards.

Posted in News

Businesses Should Update Their Cyber Security Strategies for 2017

businesses-should-update-their-cyber-security-strategies-for-20178Once a company’s initial cyber security plan is set up, many of them believe that’s all they need to do. That couldn’t be further from the truth! As hackers get more sophisticated in their tactics, it’s so important to change the cyber security plan accordingly. Not doing so could leave businesses vulnerable to security breaches, which could put sensitive company and customer data at risk. For many businesses, this could translate to lost revenue and depending on how bad the security breach was, it could even force the business to close. Here’s a look at what businesses should do in the New Year to make sure their cyber security strategies are up to date:

Develop a Good Password Strategy

Passwords are the first line of defense when it comes to cyber security. Many businesses don’t require their employees to change their passwords often enough and in doing so, make it much easier for hackers to crack. Another issue is that employees often generate the passwords themselves, and they often select passwords that are easy to guess. Company IT departments should set the requirements for how often the passwords are changed, as well as the rules for coming up with passwords that aren’t easy to crack. The best bet is to use passwords that are generated randomly and have no personal meaning to the user.

Consider Using Two-Step Verification

Now that hackers have gotten more sophisticated, it isn’t enough to require only a password to allow access. No matter how strong the password is, a diligent and experienced hacker could likely still crack it. To make the security measures more effective, consider using a two-step verification process that would require the user to provide an additional piece of information after the password was added. The two-step verification provides a much stronger first line of defense against security breaches than just a strong password alone.

Mitigate Security Risks With BYOD

Bring Your Own Device (BYOD) capabilities have revolutionized the workplace. By enabling employees with the ability to use their personal devices, such as their smartphones and tablets, it does help increase productivity. The downside is that it poses another security threat that needs to be addressed. When businesses of all sizes implement BYOD, many of them fail to enact cyber security policies to go along with it.

To make company data more secure, IT departments should examine the existing policies and make changes to these policies. First, they should ensure that the Internet that employees have access to be secure and reliable. Another way they can make BYOD safer ad more secure is to inform employees as to which device settings they should enable or disable and also control social media and application usage on their devices.

The New Year is a great time to make sure that existing cyber security policies are as effective as possible. By reviewing the existing plan and making any necessary changes, businesses of all sizes will look forward to a more secure New Year.

Posted in News

PCI-DSS Compliance and Protecting Sensitive Credit Card Data

All businesses that accept credit card payments are at risk for experiencing a data breach. Often, these incidents are reported in the news – but not always, which means that these cybercrimes happen more often that people think. Large businesses have the resources to recover from these data breaches when they occur, but the same isn’t true of smaller businesses. Often, a data breach of even a small number of credit cards can cause the business to lose too much revenue and eventually need to close.

However, no matter the size of the businesses, the ideal situation would be to prevent these cybercrimes from happening in the first place. By taking a few preventative measures, such as continually monitoring networks and to maintain PCI compliance, it is possible to prevent these data breaches in the first place. Here’s a closer look at what can be done:

Maintain PCI-DSS Standards When Creating Internal Policies

It is critical that all businesses maintain PCI-DSS, or Payment Card Industry Data Security Standard, when formulating internal policies for the process of taking payments and handling customer data. These standards are in place to protect both the customer and the businesses, and compliant with them is crucial for safeguarding this information. It is also important to educate all staff members not only concerning these policies, but also on how to properly handle sensitive customer information.

Establish a Plan for Monitoring Networks

Businesses need a solid plan for monitoring all company networks in order to decrease the chances that they’ll become the victim of a cybercrime. Most businesses need a Security Monitoring Appliance in there network to monitor, detect and report on suspicious activity and to assess if there is an existing vulnerability that needs to be addressed, or even if there is a data breach that is already occurring. The idea behind early detection of suspicious activity is to identify possible breaches before they ever start or when they are in the early stages. Here at Roan Solutions we can provide network monitoring and suspicious activity detection 24/7.

Keep All Company Systems Up to Date

One of the things that can make a business’s sensitive data vulnerable is out of date equipment and software. It is crucial for IT departments to keep systems patched and to also keep antivirus programs updated and constantly online. When software systems remain unpatched, this enables hackers to find ways to easily breach the system. Antivirus software offers another layer of protection but it needs to remain updated to be effective.

By following these steps, it is possible to prevent these potentially devastating cyber security breaches from occurring in the first place. This is especially important for small businesses that may not have the resources large businesses have access to. Please contact us for more information on how we help businesses protect their credit card data, keep their sensitive data safe, and help insure PCI compliance.

Posted in News
NEED IT SUPPORT FOR YOUR COMPANY? CONTACT ROAN SOLUTIONS:
Sign Up to the IT Newsletter from Roan Solutions:
* indicates required


Featuring Recent Posts WordPress Widget development by YD