Limetree Labs

Keep IT Fresh

Cybersecurity

IT Security 101

By

it-security-101

IT Security is a critical aspect of any successful business. The need for organizations to implement IT Security measures to protect sensitive data and to prevent cyber-attacks has never been greater.

Cybersecurity, also referred to as computer security or IT security, involves the methods of protecting computer systems, data, and networks from access to and attacks by unauthorized users. These attacks typically have malicious intent, and frequently involve accessing and possibly stealing data or personal information, extorting money, or disrupting business operations.

Threats & Damages

The Facts:

  • Over 50% of cyber-attack victims are small businesses
  • Over one million new viruses and malware are released yearly
  • Number of attacks are increasing by a large amount every year
  • Breaches cost small business over $80,000 on average
  • 33% of businesses that suffers a data breach report a loss of revenue
  • More than 50% of businesses that experience unrecoverable data loss go out of business within a year

Top 5 Threats

  1. Phishing Emails
  2. Compromised Passwords
  3. Mishandled Data
  4. Website “Drive-By” Attacks
  5. Unpatched Vulnerabilities

Phishing Emails

What is it?

Phishing emails are fraudulent emails disguised to look like legitimate messages from trusted senders.  Phishing emails may appear to be from your bank, the Post Office, or someone you know.  The sender tries to get you to open an infected link or file, steal your login credentials, or trick you into sending them information.

95% of all enterprise cyberattacks use phishing.

How can you prevent it?

  • Always double-check the sender’s email address, not just the sender’s name in an email.
  • Never click on unexpected website links or open unexpected email attachments.
  • Never use a link in an email to log into a banking or business site, go directly to the website yourself.
  • When in doubt, always check with Limetree Labs.

Compromised Passwords

What is it?

When your password is stolen, either by a phishing attack or as part of a website or service breach, that password is added to “Dark Web” databases and used to try to breach other accounts.

Nearly all instances of your email or Facebook being “hacked’ is a result of a compromised password.

How can you prevent it?

  • Do not re-use the same password on multiple accounts.
  • Use strong passwords of 12 or more characters.
  • Use a secure password manager, such as Passportal at work, and Lastpass at home.
  • Do not re-use the same password on multiple accounts.

Mishandled Data

What is it?

Unintended mishandling of sensitive data by employees is one of the leading causes of corporate data breaches.  Common occurrences include accessing company data from an insecure network, losing an unencrypted laptop or storage device containing data, or accidentally sending unencrypted data to the wrong person.

How can you prevent it?

  • Encrypt sensitive data before sending it by mail or courier.
  • Use encrypted email when emailing sensitive data.
  • Don’t use public “Free WiFi” when working with company data.  Use a 4G hotspot or trusted WiFi.
  • Have IT wipe any personal device that handled company data before selling or recycling it.
  • Do not upload company data to public services (Dropbox, iCloud, etc.)

Website “Drive-By” Attacks

What is it?

Hacked or compromised websites, or advertisements on legitimate websites, that try to infect your computer by loading the web page.  Symptoms include a website suddenly re-directing you to a different site, or a full-screen pop-up with a fake “You are infected” warning.  These attacks try to get you to download or run a malicious program, and can even infect un-patched systems without any user interaction.

How can you prevent it?

  • Never click on or run a download from a website popup message.
  • Don’t try and download “free software”, ask IT if you need an unfamiliar program installed.
  • Use the keyboard hotkey ALT+F4 to close fake websites.
  • Be careful not to click on ad links in Google search results, as they can lead to malicious sites. 
  • Always call Limetree Labs if you think you have loaded a malware website.

Unpatched Vulnerabilities

What is it?

Most of the patches and updates you are prompted to install on your computers and phones are security fixes.  Without these fixes, our devices are much more vulnerable to malware, and “Drive-By” exploits.  The vast majority of viruses and ransomware infections happen on out of date and unpatched systems.

How can you prevent it?

  • Restart your desktop at the end of your workday, and leave it online over the weekend.
  • Run system updates on your phones and tablets.

To learn more about how you can protect your business from cyberattacks, reach out to Limetree Labs today. Call 208-901–3350 or email hello@limetreelabs.com to set up an appointment.