Welcome to the latest edition of our monthly newsletter! This September, we’re highlighting practical IT tips that can have a real impact on your business. You’ll find advice on preventing data loss, improving your password security, and gaining key lessons from the CDK hack. And don’t forget to check out our upcoming events – they’re a great way to keep up with industry trends and connect with like-minded professionals. We’ve filled this edition with tips and opportunities to help your business thrive, so dive in and see what’s in store!
We understand that not everyone loves technology as much as we do. As a Managed IT Services Provider, we are committed to providing practical and useful tips to help make your business more efficient and profitable through the intelligent use of technical solutions!
Explore practical IT strategies to safeguard your business, prevent data loss, and improve cybersecurity.
Stay updated on industry trends through expert tips and upcoming events, and ensure your organization remains resilient and secure.
Are you worried about your business's data security? Do you ever wonder what causes data loss and how to prevent it?
Then this article is for you.
Intelligent Technical Solutions (ITS), a managed security service provider (MSSP) with years of experience safeguarding hundreds of business data, is here to guide you through enhancing your data security. This article will arm you with the knowledge and strategies to safeguard your business against data breaches and loss.
It’ll answer specific questions like:
By the end of this article, you’ll have actionable strategies to enhance your data security.
Data loss isn't just an inconvenience; it can spell the end for many businesses. Shockingly, 93% of companies that suffer from significant data loss go bankrupt within a year.
The misconception that cybersecurity is a concern only for larger corporations has left SMBs particularly vulnerable, making it crucial for these businesses to adopt robust data security and recovery plans.
Here are the top causes of data loss:
Human error remains a significant cause, with employees inadvertently deleting data or mishandling hardware. A substantial portion of data breaches involve some level of human mistake.
The landscape of cybersecurity attacks is evolving, with 2023 seeing a record high in data breaches. The Identity Theft Resource Center reported that by September 2023, data breaches had already surpassed the previous record-high by 14%, affecting over 66 million victims.
Cybersecurity Ventures estimates that by 2025, cybercrime costs will reach $10.5 trillion annually, reflecting a 15% year-over-year increase.
Hardware can fail due to age, wear and tear, or physical damage, causing data loss.
Over time, the physical components within hardware can deteriorate, leading to wear and tear that compromises functionality. Additionally, unexpected physical damage from incidents such as dropping a device or exposure to water can cause immediate and often irreparable harm. Environmental factors like extreme temperatures or humidity also play a role in accelerating the degradation of hardware components. As hardware ages or gets damaged, the likelihood of malfunction increases, potentially resulting in data loss or the need for costly repairs and replacements.
Software corruption can result from bugs, failed updates, or compatibility issues. This remains a consistent concern for data integrity in the digital realm.
Natural disasters can directly impact physical storage infrastructure, but recent discussions focus more on cyber threats. However, the evolving climate and increasing frequency of natural disasters pose a continuous risk to physical and cloud-based data storage solutions.
RELATED: Business Recovery: What to Do After a Natural Disaster Strikes?
Insider threats include intentional deletion or theft of data by employees or contractors. Approximately 31% of all data breaches in 2023 can be attributed to insider threats, which include employees, contractors, or other internal actors. This highlights a significant portion of data breaches emerging from within organizations.
Direct theft of data, whether through cyberattacks or physical theft of devices, is a significant concern. IBM estimates that 32% of cyber incidents in 2023 involved data theft and leak, indicating more attackers favor stealing and selling data over encrypting it for extortion.
Preventing data loss is paramount in today’s digital age, where the cost and frequency of data breaches are escalating. Implementing strategic measures can safeguard your organization's data effectively. Here's an expanded overview based on best practices and statistics:
A robust data protection policy is fundamental. It includes elements like defining the scope of data protection, establishing GDPR principles, and outlining lawful data processing. Ensuring confidentiality, integrity, and availability of data is central to protecting against breaches and unauthorized access.
Clear communication about data security policies and the consequences of non-compliance is crucial. You must also understand the different data types that require protection and ensure their security to prevent fraudulent activities, hacking, and identity theft.
With mobile devices being common points of vulnerability, securing them is essential. Practices such as data loss prevention (DLP), encryption, and firewalls help safeguard data from theft, loss, and unauthorized access.
Snapshots offer an efficient and reliable method for data backup, reducing the risk of data loss during restoration processes. This technique complements other data protection strategies by ensuring data integrity and availability.
Cloud services are pivotal for modern data backup solutions, offering cost-effective and scalable options. Emphasizing cloud data security is vital as the move to cloud storage increases the attack surface for potential breaches.
Statistics underscore the impact of data breaches, with 21% of consumers willing to switch to a competitor after a data breach. The average global cost per breach reached an estimated $4.45 million in 2023, illustrating the financial importance of investing in data security to mitigate risks and protect the organization’s financial stability.
These expanded points and relevant statistics underscore the critical need for comprehensive strategies to prevent data loss and protect against the escalating threat of data breaches in the digital landscape.
Understanding the causes and implementing the strategies discussed can significantly mitigate the risk of data loss.
With expertise in preventing data breaches and ensuring business continuity, ITS provides the tools and knowledge your business needs to stay secure.
Don't let your business become another statistic. Take action today to strengthen your data security measures and ensure the longevity and success of your enterprise. Here are some resources you can read through to help you do that:
Be honest - how often do you forget your complex password and then resort to constant resetting?
Many of us manage multiple online accounts, from banking to social media, which leads to the common dilemma of choosing between strong, complex passwords and ones that are easy to remember but potentially insecure.
Many companies also require complex passwords as part of their Standard Operating Procedure (SOP) for online accounts, but people often forget them because they’re too complex.
Is there a middle ground?
At Intelligent Technical Solutions (ITS), we understand the difficulties of maintaining password security while balancing convenience. We are dedicated to demystifying password security for both individuals and businesses.
This article promises to share exactly how long you should hold on to a password and provides the latest insights and practical tips for effective password management. We invited Ed Griffin, Security & GRC Executive at ITS, to add his insights into this topic.
By the time you’re done reading, you'll be equipped with actionable strategies for creating stronger passwords and managing them efficiently, ensuring your online accounts are well-protected.
The advice on how often you should change passwords has evolved over the years, reflecting changes in technology, security threats, and understanding of user behavior.
Instead of adhering to a rigid schedule (e.g., every 90 days), passwords should be changed based on a risk assessment.
Ask questions like:
If you answer “yes” to any of these questions, it's time to change your password. Immediately update your passwords if there are any signs of a security breach or if you suspect your password has been compromised.
But you might also be wondering – why shouldn’t you routinely change your password anymore?
By requiring you to constant password changes, you're counterintuitively weakening your password strength. First, password changes no longer constitute a red flag for administrators, making it less likely for them to catch a hacker doing the same thing.
Secondly, constant password changes – especially for people with no password manager – often result in weaker passwords for easier memorization.
However, some government guidelines still require scheduled password changes. For example, the latest PCI DSS and HITRUST standards still require changing user account passwords every 90 days.
In these scenarios, if you’re a password administrator, you should evaluate your needs and decide whether constant or minimal password changes fit your organization better.
So, as a company, where does that leave you when creating strong passwords? Here are some more guidelines to help you with this task:
While not directly correlated to building a strong password, it’s your responsibility to regularly educate employees about the importance of security hygiene, including the use of strong passwords, recognizing phishing attempts, and securing their devices.
“Password management best practices... it's like herding cats,” Griffin explained. "There's no way to have folks completely adopt them. Even if an organization agrees with our concerns, understands the risks, and has a desire to implement good security, when it's time to go through, there's always someone who doesn't want to do it.”
He points out that there will always be team members who are non-compliant. Maybe they don’t understand why they should follow the guidelines, or they put off implementing them, or they think they know better.
“There's always going to be a resistant sub-population, but all we can do is continue to educate and challenge them, and hopefully, over time, most folks will be compliant.”
Deploy strong password assessment tools to encourage or enforce the creation of strong, unique passwords or passphrases that:
Password management systems like Keeper will help provide the oversight needed to enforce these rules.
“Companies should have some centrally administered password management platform,” Griffin said. “From that, we can do things like analyze which users are logging into the password management system regularly. And even though we might not be able to see what the passwords contain, we can see how many secrets they have stored and how often they are accessing their account.”
“So, that will help identify users who are not using the system and thus likely are non-compliant with password best practices.”
Encourage the use of reliable password managers and a centralized active directory. These tools can generate and store complex passwords for each of your accounts, reducing the need for frequent changes due to forgotten passwords and making it easier to use unique passwords for every service.
When asked about the security of having a centralized password system, Griffin said:
“We're going to have many more defensive layers around that single system than we could when we had 1,000 different individual independent systems. Sure, nothing is 100% safe from compromise, but bad actors, if they're going to get into our stuff, they're going to have to be serious about it.”
If possible, enable multi-factor authentication (MFA) or two-factor authentication. This adds an extra layer of security, making it significantly harder for attackers to gain unauthorized access even if they have a password.
Boosting your password security isn't just about changing them on a set schedule. It's about getting to know the ins and outs of your digital world, understanding the precious data you're safeguarding, and keeping an eye on the ever-evolving threats.
Think of password security as a journey—one where you're constantly learning, adjusting, and staying on your toes. It's about staying updated with the latest cybersecurity, ensuring your team is on the same page, and actively using the best strategies to keep your business safe.
Looking ahead, let's take the tips in this article and check your network – get a free network assessment to jump-start your password cybersecurity journey.
Now’s also the perfect time to start using these resources to protect your network:
Many businesses overlook the importance of keeping track of their critical website information. Not having a well-kept list of all your essential website logins and ownership details can lead to significant productivity drains. Let's discuss why this is important and how it can affect your business if not properly managed. The risk is when one of the core elements of a website has issues, your website and email could go down until it is addressed.
In this article, our goal is to help you understand the basics so that you can make good decisions about your website and never face your domain going down for any significant period of time.
We understand some people are going to need help with this one, but we do believe it is critical for most businesses since this is what controls both your website and your email.
Imagine this scenario: your website suddenly goes down, and you have no idea why. It could be due to a problem with your domain registration, DNS settings, or hosting. If you don't have the necessary information readily available, resolving the issue can become a time-consuming nightmare. Here’s why each piece of information is vital:
Having all your website details well-documented and easily accessible is critical to maintaining your online presence. By understanding these basics and keeping your information organized, you can avoid significant productivity drains and ensure your website remains up and running smoothly.
If you need help organizing your website details or understanding these concepts better, please contact us. We're here to help ensure your business stays online and productive.
Following these simple steps can safeguard your business against unnecessary downtime and productivity losses.
Stay proactive and keep your website details in check!
On June 19, 2024, a ransomware attack hit CDK Global, a critical software application provider to around 15,000 car dealers across North America. The CDK software helps auto dealers track inventory, conduct credit checks, generate interest rates for auto loans, and complete sales contracts.
For two weeks during the attack, many dealerships were relegated to pen and paper. They were forced to conjure up alternative methods for their daily operations, deal tracking, employee payments, and customer relations.
This crisis isn't just a cautionary tale for the automotive industry. It should serve as a wake-up call for organizations across every sector. The incident should force you to take a long, hard look at your critical systems and make you ask yourself: Do I have a plan B?
Intelligent Technical Solutions (ITS) is a managed security services provider (MSSP) that has helped hundreds of businesses bolster their cybersecurity to defend against all kinds of cyber-attacks. In this article, we'll take a closer look at the CDK hack and the lessons we can take from it.
Here are the top things you need to know about the CDK cyber incident:
The CDK Global hack was a ransomware event. Details as to how the attack was executed have not been shared at the time of this writing. In addition, analysts suspect it was caused by a new Russian-linked hacking group called Blacksuit.
No official statement regarding the ransom has been released. However, media outlet Bloomberg reported that the hackers are asking for millions of dollars. We don’t yet have official word if customer data was exfiltrated. If that is determined to have occurred, the severity of this incident will increase dramatically, with multiple lawsuits and regulatory oversight enforced from the FTC.
The cyber incident wasn't isolated to a single attack. CDK Global suffered an additional breach while they were recovering from the first cyberattack. That suggests that the systems may have been vulnerable during the recovery process, or that the initial security issues were not fully resolved when the systems were brought back online.
Automakers, auto dealers, and car buyers are all affected by the attack. It caused widespread delays as dealerships resorted to pen and paper to complete deals. That has caused frustration among customers, which has led to delayed or canceled purchases. The impact on customer satisfaction can also potentially affect the long-term reputation of the affected dealerships.
In addition, many automakers are unable to track sales and inventory through their dealer networks.
Hackers want to cause as much disruption as they can. That’s why many hacking groups are now targeting companies in supply chain-style attacks. Their goal is taking down entire industries because they can demand more money.
Last year, the real estate industry suffered a similar fate when software provider Rapattoni was hit with a ransomware attack. The attack downed the multiple listing service (MLS) systems that many real estate agents used across the country, causing widespread disruption.
If there’s a lesson that you need to take from these incidents, it’s that cyber-attacks are growing more sophisticated, and becoming more devastating.
Most businesses today are deeply interconnected in a web of outsourced, cloud-based services. While that has democratized access to sophisticated business tools, unfortunately, it also opens you up to third-party risks. The CDK hack highlights that risk. Here are some key lessons about third-party risk management that you can draw from this incident:
Earlier, we asked you to look at your critical systems and ask yourself if you had a plan B. If you don’t, now is the time to start developing your contingency plans, redundancies and parallel systems. Ideally, these systems would already be in place, but if you don’t have them yet, there is still time to work out a plan B today.
This will ensure that you are prepared for prolonged outages, such as those experienced by CDK system users.
It’s safe to say that CDK Global is not having a great time dealing with this incident. According to reports, the company had to pay a ransom of $25 million to resolve the breach. Worse, it will cost them millions more just to recover, because they still have frustrated customers and possible legal issues to contend with. The truth is, there’s no scenario where CDK Global gets out of the situation unscathed.
That’s why the best way to deal with a cyber-attack is to prevent it altogether. To do that, you will need to prioritize your cybersecurity and invest in it. Seek out cybersecurity partners who can help you find the right tools, enforce best practices and provide security training for your team.
Remember, implementing advanced cybersecurity measures isn't cheap. But it’s just a fraction of the cost of suffering a major data breach.
The CDK Global hack serves as a painful lesson, not just for the automotive industry, but for all sectors. It highlights the value of having alternative operational plans in case of similar incidents, as well as how important it is to invest in robust cybersecurity measures. Once you understand these lessons, you can better protect yourself against future cyber threats and ensure resilience against potential disruptions.
ITS is a cybersecurity services provider that has helped hundreds of businesses build robust cybersecurity against all kinds of threats, including ransomware. If you need help bolstering your cyber defenses, schedule a free security assessment with our experts.
You can also learn more about ransomware and third-party risks by going through our Learning Center content:
ITS Cares is an employee-led volunteer program providing help through donations and community service.
Ilonggo Aspins stands for the local effort to rescue and care for Aspins, short for "Asong Pinoy," which are native mixed-breed dogs in the Philippines. The shelter, based in the Ilonggo-speaking region, focuses on providing a second chance for these stray, abandoned, and abused dogs by rehabilitating and rehoming them. The organization also works to raise awareness about the importance of animal welfare and adoption, while showcasing the resilience and loyalty of Aspins, which are often overlooked compared to purebred dogs.
Jam, a Solution Consultant from ITS, celebrated his 30th birthday by donating 30 sacks of dog food, dog cakes, and Jollibee meals to support the shelter and its hardworking team.
Ilonggo Aspins Facebook Post:
The shelter expressed gratitude for Jam’s generosity, sharing how the donations made their day memorable and helped the rescues.