It may sound simple, but pressing the Windows Key+L when you step away from your computer can save your business from serious security threats.
Although phishing emails and other “virtual” scams make up the bulk of cybercrime activity, some hackers will try to physically access a computer on a company’s network to steal data. This tip is especially important if you have computers in a public area.
On a Windows PC, pressing the Windows Key+L will lock your PC and take you to the sign-in page. On a Mac, Ctrl-Cmd-Q will do the trick and lock your device.
Like many things, virtually locking up your devices is part of building a vigilant security culture within your organization.
Does your organization need help making a game plan for cyber resilience? Facet offers free cybersecurity assessments for businesses! You will receive valuable information about your company’s current security and know where you can improve to prevent breaches and attacks.
Do your employees use sites like Dropbox, Google Drive, and other personal cloud sharing services to collaborate and work on projects and tasks? If so, you could unknowingly be exposing yourself to huge financial losses.
“Shadow IT” is the practice of using programs and websites for work activities without the knowledge or approval of the organization’s IT provider or IT department. While this is an “older” term, the practice has become increasingly common as file sharing sites grow in popularity and upload speeds quicken.
Software like Dropbox and Google Drive can help your team collaborate and work together easier, especially at a time when many companies are choosing a work-from-home or hybrid approach for their employees. However, it’s important to weigh your options and acknowledge the risks of using these tools.
If one of your employees quit without notice today, or had to be terminated unexpectedly, would you know where all their important work documents are stored? Would they be on their workstation, a cloud solution your IT team set up, or dispersed on the employee’s personal file storage accounts?
It’s important to ask these questions because a situation like this will almost certainly happen at some point to every business. If important files are on an employee’s personal storage, they can walk away with customer data and other valuable information.
Not only does this open you up to the threat of a disgruntled employee taking customer data or other documents to a competitor, it also means that if their personal cloud storage is hacked, your data is as good as gone.
If you work in a regulated industry like healthcare, insurance, or finance, you especially need to be on the lookout for shadow IT programs. Doing your due diligence and putting in proper security and IT practices can save you from costly data privacy lawsuits in the future should you be audited.
As a business owner, how can you set your team up for success and avoid these pitfalls?
The first step is to make sure that your IT firm or IT department is monitoring downloads and new software installations on company equipment as part of routine security practices. If you aren’t sure if your current provider does this for you, ask them. From here, you can choose to block or allow certain sites and downloads at the firewall level.
Additionally, offer your employees a better way to work collaboratively with cloud sharing programs made specifically for businesses. These programs allow employees to store work files for themselves and share documents and information within the organization. Call Facet today and ask for more information on options for secure work on the cloud.
Questions About Cybersecurity and Other IT Issues? We can help!
This month’s recipe is from Facet’s Customer Advocate, Nick Baker!
Nick says these crepes are “debatably my favorite food ever.” His recipe for authentic French crepes can be customized with a wide variety of savory and sweet ingredients for a different flavor every time you make them.
This recipe is also available on the blog.
French Crepes
Ingredients 2 eggs 1/4 cup butter, melted 2 1/2 tbsp sugar 1/2 cup all-purpose flour 1/2 cup milk 1/8 cup water 1/2 tsp vanilla dash of salt
Whisk all the ingredients, except the flour, together. Add in the flour, a little bit at a time, whisking just until the flour has been mixed in.
Let the crepe batter rest for a few minutes. Then, give the batter a quick whisk again before using.
Grease a non-stick, 6″- 8” skillet with unsalted butter and heat over medium heat. Pour about 1/8 cup worth of batter into the pan and tip the pan from side to side to get the batter to spread out throughout the pan. These are a pain to make on a electric stove.
Cook each side of the crepe for 30 seconds before gently loosening up the edges with a spatula. If it lifts, then the crepe is ready to be flipped. If it doesn’t lift up very well, give it 10 to 15 more seconds and try again. Gently lift the crepe out of the pan, then flip over into the pan and cook the other side for another 10 to 15 seconds; remove to cool.
You can experiment with using only egg whites, only yokes, and other combinations depending on your preference. Its also fun to experiment with the flour type depending on ingredients used.
Breakfast Crepe My favorite ingredient is simply honey. Butter Whip cream and strawberries Sometimes I will crack and egg onto the crepe and cook it on the crepe adding cheese and other ingredients available. Then, folding the crepe in to quarters, making it easy to eat with your hands.
Savory Crepe Ham and Cheddar Mozzarella and Pepperoni Be creative
Taking small steps can mean avoiding big breaches and threats.
Now that we’ve made it through the holidays and into the coldest part of the winter, let’s brighten things up by discussing some easy resolutions you and your team can make this year to reach your cybersecurity goals!
To make a resolution stick, experts agree it should be structured around habits and behaviors, not lofty, pie-in-the-sky wishes or outcomes. If your goal is to be more financially responsible, for instance, they suggest resolving to create a weekly budget that you follow religiously.
Similarly, if you make a resolution for your business, structure it around habits and real, measurable outcomes. Don’t just resolve to get your IT in order, or get your data more secure. Success for these goals isn’t easily measured, so try for something a little more pinpointed.
I challenge you to choose one of the following resolutions for you and your team, and write them down.
Why write them down? Often, a resolution is just a wish until you write it down—then it becomes a goal.
Even if you only choose one of the following goals, these small changes can make a big difference in your company’s security.
Conduct weekly, monthly, or quarterly security training with your team. We have videos you can share with your team, or we can provide written resources that you can teach from.
Why do this?
Human error remains the number one cause of data breach in the U.S., and security awareness training has been proven to be an effective defense strategy against it.
Topics include: identifying phishing emails and how to report them, BYOD (bring your own device) policies and how to navigate them, how to create strong passwords, and how to prevent physical access to your network.
Training only takes a few minutes and can save you incredible amounts of time and money!
If you’re still using the same password for multiple accounts, resolve to change them to a unique value as you visit each site.
Why do this?
Password breaches remain a leading way hackers access your data.
This only takes a couple minutes per site, and by the end of the year, you will have more security across the web.
You may want to start with a dark web scan from Facet to see which, if any, of your passwords have been involved in hacks, and change those first.
Ask your IT department or IT provider for a password storage recommendation. There are many methods, physical and electronic, for storing passwords. Some are more secure than others, but can be inconvenient, so it’s important to find a method that works for you. Remember that no password storage method is 100% failproof.
Implement an MFA (multi-factor authentication) strategy.
Why do this?
MFA is easy to implement and has a HUGE security payoff. By simply tapping a quick push notification on any mobile device, users can prevent attacks on your company’s network.
No longer a lengthy or obtrusive practice, MFA is simple “gate” you can put up to protect from intruders and hackers.
Contact us today for more information on MFA and our other security suite offerings.
Increasing security can feel like an overwhelming task to undertake, but you can make real progress one step at a time.
Facet Technologies specializes in managed services and IT in Peoria, IL, surrounding areas, and nationwide. We can find a security solution that works for you, offering firewalls and other hardware appliances, security software, dark web scanning, and more.
Fill out our contact form below to find out more about our Security Suite and set up an audit of your network security.
This month’s recipe is from a Facet team member known Jason Hahn, Facet’s Director of Business Solutions and #1 Cardinals fan. Jason has been a part of the Facet team for over 20 years now!
Jason is sharing his favorite salsa recipe. The ingredients are blended in a food processor to get a great smooth consistency! Let it chill for a couple hours to get the best flavor. Jason says that his wife and daughters love this salsa on taco night!
1. In food processor place jalapenos and onions. 2. Process for just a few seconds. 3. Add both cans of tomatoes, salt, sugar, and cumin. 4. Process all ingredients until well blended but do not puree. 5. Place in covered container and chill. 6. A couple of hours of chilling will help blend and enrich the flavor. 7. Serve with your favorite thin corn tortilla chips.
I’m sharing a recipe for one of my favorites, Anisette Cookies. If you’re not familiar with anise flavoring, it’s vaguely reminiscent of black licorice, but much milder. Very fragrant.
The recipe calls for both lemon extract and anise extract (just trust me). If you’re going for “wow” factor and want to pack a flavor punch with these cookies, include the lemon.
If you’re not into lemon, or want a more neutrally delicious cookie, swap in vanilla extract. This is what I do if I’m bringing the cookies to somewhere with a big crowd and I want to play it safe. People tend to expect a vanilla flavor from cookies with this color and this frosting, so sometimes you don’t want to knock their socks off with lemon and anise all at once. Alternatively, you can put a little yellow food coloring into your glaze to signal that they are lemon-y.
Lemon Anisette Cookies Yields 3 dozen little cookies
Ingredients:
1 cup butter, softened
¾ cup sugar
1 teaspoon anise extract (I double this for a stronger flavor)
In a stand mixer or with a hand mixer, combine butter and sugar and beat until it’s creamy.
Stir in flavor extracts.
Mix in eggs.
Add salt and baking powder and mix.
Mix in flour. The dough should be just a bit crumbly but should stick together when you roll it into a ball.
Form 1-inch balls with the dough and place them on an ungreased cookie sheet. It’s important that all the cookies be about the same size for even cooking.
Bake for about 15 minutes until the bottoms of the cookies are just slightly turning gold.
Place the cookies on a rack to cool.
Make your glaze—mix powdered sugar with milk until it reaches the desired consistency. Add coloring if desired.
Dip cookies in the glaze and place on parchment paper or a rack to harden.
More Companies Will Be Denied for Cyber Liability Insurance in 2022 than Ever Before—Here’s How to Prepare
Cyber liability insurance (also known as cybersecurity insurance or cyber insurance) is soaring in popularity. Why? Businesses are being hit by ransomware and other cybercrimes at unprecedented rates, and we’re hearing about it! At this point, most business owners know someone who has been hit by a pricey cyberattack.
That’s not to mention those who have already suffered through a cybersecurity breach—once you’ve been hit, you’re going to do whatever you can to avoid it again. Cyber insurance should be thought of as another part of your disaster recovery plan. A cybersecurity policy can be the difference between shutting your doors and staying in business.
New numbers came out this autumn citing a significant uptick in cybersecurity insurance denials for 2022. As ransomware payments skyrocket, insurance providers are asking clients to prove their cybersecurity readiness and preparedness before approving a policy.
Why is it harder to get approved for cyber insurance in 2022?
Cybercrime is a big business, and as a crime, difficult to bring to justice. Most cybercriminals are located offshore, targeting U.S. consumers and businesses from across the world. They form syndicates and groups, and reorganize if necessary. It’s hard to hit a moving target.
At this point, cybercriminals are “winning” the game. The U.S. is desperate for cybersecurity experts and professionals and is having a tough time finding them.
Large insurance companies know that these crimes will continue to worsen over the next year. The premiums they charge cover the costs of ransomware and downtime payouts and allow them to take a profit, and these costs are rising as ransom sums reach record numbers.
In response to this, insurance companies are becoming more selective in who they bring on as clients. Questionnaires are getting tougher, as are the criteria for a payment in the event of a breach. Business owners must prepare accordingly.
Should you lie on a cyber insurance questionnaire? Should you stretch the truth?
In short, no.
If you lie on your application, you won’t get a payout in the event of a disaster, so you will be paying for nothing. Insurance providers investigate claims to make sure that all the proper security defenses were in place at the time of the event, and if they were not, they are not under obligation to pay out.
If you are caught, you also have a chance of being denied for coverage outright.
What do you need to do to be approved for cyber insurance?
The good news is that insurance providers publish requirements for cyber policies. Your insurance broker might refer you to a security expert such as Facet to ensure that you have the required security stack in place to get cyber insurance.
Most insurers will require a questionnaire to be filled out by your internal IT department or your IT provider. This questionnaire covers things like your network environment, firewalls, antivirus protection, MDR (managed detection and response, if applicable), multi-factor authentication, email security and filter, employee training and education, and backups. They may also ask if your security team is in-house or outsourced. There may be more categories or less depending on the insurer.
If you are working on an outdated network with poor security, you may not be approved for cyber insurance. More importantly, you may be leaving your company open to hackers and other cyber threats.
You can fight this with a great security stack and trusted advisors to keep your company protected. At Facet, we are constantly updating our offerings to fit the needs of our customers and keep them safe. Our strategies are at the forefront of the cybersecurity landscape.
We work with many clients to ready them for cyber insurance policies. If you have any questions about how we can help you develop a secure environment and a disaster recovery plan, contact us today to learn more.
We also offer a weekly cybersecurity tip email that goes straight to your inbox! Just fill out our contact form and let us know you’d like the weekly tips.
