Category Archives: Data Security

Why Your Business Needs a Cybersecurity Plan – and How to Do It

cybersecurity plan

A Cybersecurity Plan Can Help Defend Your Business Against a Cyberattack

Cyberattacks are on the rise and know no boundaries. A single cyberattack can cost a business hundreds of thousands to millions of dollars, depending upon your size, compliance requirements, and the extent of the breach. This includes lost revenues, remediation costs, compliance penalties, and unforeseen legal complications. Not to mention, a data breach will likely result in a tarnished reputation, which can have long-term effects. Developing a written cybersecurity plan is something every business should consider.

63% of small and medium-sized enterprises experienced a data breach in 2019, and more than 4.1 billion records are exposed every year. Thanks to the COVID-19 pandemic and the sudden transformation to a remote work culture, these numbers are rising quickly. In 2021, it’s expected that a cyberattack incident will occur every 11 seconds (nearly twice the rate seen in 2019)!

A properly written cybersecurity plan will ensure networks are secure, sensitive data is protected, and cybercriminals are kept out.

Six Steps to Help You Develop A Written Cybersecurity Plan

Step 1: Identify Your Company’s Sensitive Data

Begin by identifying all the data points you need to protect, such as employee social security numbers and payroll information, customer data, credit card information, and company secrets (i.e., proprietary formulations and patents). Create a visual representation of every category and every location where copies are stored. Note whether each location is encrypted, backed up, secured behind your firewall, or saved in an unsecured place (such as the local drive of an employee’s desktop/laptop, or an unsecured external drive).

Step 2: Define Who Can Have Access to the Data

It’s important to define who can have access to which data, and what level of permissions each person has. For example, an employee may need to see certain data, but perhaps they are not authorized to edit or delete that data. In other cases, there may be entire directories or folders that simply do not apply to a person’s role, and therefore should be locked down as a security measure.

Step 3: Protect All of It

Once you have identified everything that needs to be secured, determine what steps are required to protect them. For example, some of the security services we include in our Managed Security Service package includes:

  • Managed Antivirus
  • Patch Management
  • DNS Perimeter Security
  • Email Security and Encryption
  • Disk Encryption
  • Firewall with Unified Threat Management
  • Managed Backups
  • And more

Step 4: Create a Detection and Alert System

Set up a system that will alert you if an incident occurs, including the ability for employees to report problems. For example, ACT uses a Security Operations Center (SOC) and Security Information and Event Management (SIEM) tools to manage risk through ongoing monitoring and detection and alert the proper specialists so they can provide remediation.

The SOC team is comprised of trained security specialists and security engineers. Their job is to analyze data, assess risk, and remedy any vulnerabilities that may exist. The SIEM tools aggregate data, monitor activity, detect abnormalities and vulnerabilities, and alert the SOC team to problems. Together, a SOC/SIEM solution offers a powerful detection and alert system.

Step 5: Develop a Response Plan

Once a breach is detected, an immediate response is necessary. Ensure everyone knows their role by documenting who does what and when. Your first steps will be to contain the attack, shut down the entry point, and restore business operations.

Step 6: Develop a Recovery Plan

Once business operations are restored, it is time to assess the damage. Determine what, if anything, was lost or stolen. Find out what legal obligations you have to customers, vendors, and board members to communicate the breach. Then begin identifying how the breach happened and how you can prevent it from happening again.

In Conclusion

Developing a cybersecurity plan is just the beginning. It maps out what you need to do to protect your network and data adequately. But like most things, the devil is in the details, and implementing a comprehensive security solution can be a daunting task.

If you have questions about any of the above steps or would like to learn more about ACT’s Managed Security Service offering, don’t hesitate to contact us.

15 Best Security Practices to Help Prevent Cyberattacks

Preventing a Cyberattack Begins with Your Team

Do you know what your company’s greatest vulnerability is when it comes to a cyberattack?

It’s your people! Employees unknowingly click on malicious links and download a host of viruses and malware every day. 

Here are some disturbing facts about cyberattacks that employees inadvertently assist with:

  • 91% of cyberattacks launch through phishing emails, which infect organizations with ransomware.
  • 81% of hacking-related breaches are due to compromised passwords.
  • 78% of employees claim to know the risks of clicking on unknown links, yet admit they still do!
  • One of the top malicious email attachment types is a .doc, the extension used by Microsoft Word. Most employees admit they would always open this document, believing it to be legitimate communication.

Since your employees are your first line of defense, it’s vital to create a culture where security is top of mind. But people are fallible, which is why we are outlining some best practices you should implement immediately to secure your network and data.

15 Best Security Practices to Prevent a Cyberattack

  1. Install Operating System Security Updates and Service Packs. Software companies regularly release updates, patches, and security fixes to defend against known vulnerabilities. It is critical to update your servers, workstations, software applications, and browsers every time a patch is released.
  2. Be Proactive with Your Antivirus Software. At the most basic level, ensure antivirus software is running on all devices, automate daily scans, check that it is updated regularly for the latest vulnerabilities, and educate staff on running manual scans on new downloads. You may also wish to inquire about NextGen Antivirus solutions.
  3. Implement a Firewall with UTM. Standard firewalls used to be the gate that kept the bad guys out. However, end-users are now clicking on malicious emails and websites, unknowingly opening the door and inviting cybercriminals. Implement a firewall containing Unified Threat Management (UTM) features that provide a suite of protection against today’s increasing threats.
  4. Enforce Strong Password Policies. Implement a system that forces employees to change passwords periodically and not reuse past passwords. It’s also an excellent practice to teach them how to use passphrases. For example, the phrase “to be or not to be” might be represented as “tbOn2b.”
  5. Use Multi-Factor Authentication (MFA). Multi-factor authentication provides an extra layer of network security if someone is hacked and login credentials are stolen. When users attempt to login to the device or application in question, they receive a text or email alerting them to the login and providing a unique code. That code must be used to gain access. Therefore, assuming the hacker does not have access to the email or text alert, they would remain locked out.
  6. Create Firm-wide Data Storage Policies. Consider a firm-wide policy that restricts where sensitive data and Personally Identifiable Information (PII) can be stored. Do not allow this level of information to be copied to an external drive or saved outside your secure network. When using external drives, such as a USB flash drive, disable auto-run so that drives are scanned before files open on your network and discourage personal USB drives from being plugged into a work computer.
  7. Encrypt Internal and External Disk Drives. Even with data storage policies in place, we highly recommend encrypting internal and external disks as an added layer of protection. This extra layer of security protects your data if a computer or drive is lost or stolen.
  8. Assess Your Remote Workforce. Home offices represent a tremendous security risk. How are your employees accessing and saving data? Are they transferring files through email? Are they using personal devices for work? Is their home Wi-Fi network adequately secured? Assess the risks, and then take the necessary steps to remedy the vulnerabilities.
  9. Backup Data Regularly. Backups should be automated and run regularly (e.g., every day, every hour, or real-time, depending upon your business). Backup storage is another best practice that should not be ignored. It’s OK to store a backup on-site, but a redundant copy should also be kept in a secure cloud-based platform and tested periodically to ensure they work.
  10. Implement Email Security Software. Email is the most significant source of security breaches. Cloud-based email security systems stop threats before they ever make it to your company’s mail server. Spam, viruses, and malicious URLs are some of the easiest ways for ransomware to infect users.
  11. Erase Hard Drives. Before disposing of or selling old devices, including computers, tablets, printers, copiers, external hard drives, flash drives, and fax machines, securely wipe all data. Simply deleting files is not a secure method. Anyone with recovery software and evil intentions will be able to access the data, putting you at risk.
  12. Implement a Mobile Device Management (MDM) System. Whether you are a BYOD (bring-your-own-device) organization or issue firm-approved devices to your employees, it is difficult to ignore mobile device management. Laptops, tablets, and smartphones are often used for business and require their own degree of protection. An MDM system manages your mobile devices, pushing installations, installing updates and patches, managing applications, and even provides you with the ability to wipe a mobile device clean should you and your employee part ways.
  13. Implement DNS Perimeter Security. DNS is the starting point for internet connectivity across all devices. DNS Perimeter Security provides an additional layer of network security across all platforms, protecting companies from malware, phishing scams, botnets, and more.
  14. Establish a Guest Wi-Fi Channel. Establish a Wi-Fi channel that guests, clients, patients, and vendors can use when on-premises. It should restrict access to all sensitive areas of your network and limit where they can browse.
  15. Provide Employees with Security Awareness Training. Educate employees on what they can and cannot do on their work computers. Teach them how to recognize malicious emails and strengthen spam filters by reporting suspicious emails and events.

Clearly, there is much that goes into adequately securing one’s network. But with cyberattacks on the rise, preventing a cyberattack must be a priority for every business. Implementing the items discussed above will strengthen your network’s security.

If you need assistance with these best security practices, don’t hesitate to contact us.


*Statistics from IBM and the Ponemon Institute’s “The Cost of Insider Threats Global Report 2020,” Verizon’s 2020 DBIR Report, and Cybersecurity Ventures Security Report.

How to Establish Your Business Continuity Plan

Business Continuity Planning

Why Every Company Needs a Business Continuity Plan

A Business Continuity Plan is a formal document that outlines how your business will continue to operate during an unforeseen emergency. This includes a wide variety of events, such as:

  • Natural disasters (such as fire, flood, or earthquake);
  • Power outages (which can cripple a healthcare facility or manufacturer);
  • Virus outbreaks (like COVID-19);
  • Long-term internet disruption;
  • Cyberattack (which can compromise entire networks and expose sensitive client data, patents, patient history, and customer bank accounts);
  • Cloud provider outage;
  • Critical vendors being compromised or going out of business; or
  • The sudden loss of an owner or other key player.

A Business Continuity Plan can keep your business up and running during the worst of circumstances. It can also help protect your brand and retain customers, safeguarding your company over the long-term.

It’s a bit like insurance. You invest in it and hope you never need it. But when you do, a well-written Business Continuity Plan can mean the difference between protecting your livelihood and losing your business.

What You Should Include in a Business Continuity Plan

A comprehensive Business Continuity Plan (BCP) should include contingencies for everything from business processes and technology to human assets and physical locations. Specifically, it should contain:

  • Disaster Recovery Plans for every conceivable emergency scenario, detailing how critical operations will be maintained during short-term and long-term outages;
  • An Information Technology (IT) Disaster Recovery Plan, covering data security and accessibility, as well as software, hardware, and equipment requirements;
  • A Crisis Communications Plan, detailing how the company will communicate its situation to customers, patients, vendors, shareholders, and the general public;
  • An Employee Assistance Plan, outlining what management expects of employees during the emergency, and how they will support employees during the disruption.

The Four Areas of a Business Continuity Plan

Business Impact Analysis

A business impact analysis (BIA) is a systematic process used to evaluate the potential effects of an interruption to critical business operations. During this risk assessment, operational and financial consequences should be considered for different loss scenarios, capturing the impact of a pandemic versus a cyberattack, for example.

Here are a few important things to consider in a BIA:

  • Identify all critical business functions and processes. Record how each task is performed, who performs it, and the impact on the business should it be interrupted. Consider the effect for a day, a week, a month, and so on.
  • Identify key contacts for every department and division and their responsibilities.
  • Record the company’s organizational structure and identify alternate points of contact, should the structure be disrupted (for example, if a team leader were to become incapacitated).
  • Consider all vendors the business relies on. How would a business interruption impact them? How would you be affected if they had a business interruption? Identify “Plan B” vendors if they are critical to your operations.

There are many tools available to help create and organize a BIA, including questionnaires, data flow diagrams, and BIA software that can help you gather the necessary data.

Recovery Strategies 

After identifying the critical components, you must prioritize them. Identify what resources you have in place currently to protect the company from a negative consequence. Then conduct a gap analysis to determine what additional support you require to get things running again in the event of an emergency.

Keep in mind that recovery strategies may vary along with the disaster that has occurred. For example, if your network is compromised, who knows how to stop the breach and restore your backups? If you have to evacuate your space suddenly, how would you replicate your working environment?

Plan Development

This is the stage when everything comes together in a formal document that will ultimately be shared with all relevant personnel.

  • Document a framework for how recovery will take place, organized by department and solutions.
  • Develop a recovery team that will be responsible for oversight and coordination. All members should have copies of the plan on a flash drive and printed inside a binder.
  • Identify relocation plans, should your physical space become compromised, or an evacuation becomes necessary.
  • Consider manual workarounds for all critical processes, should your technology or machinery become compromised or inaccessible. For example, can scheduling or reporting be completed in an old-fashioned way (paper and pencil)? Should schedules, appointments, or deliveries be printed daily, so customers and patients can be contacted in the event of an office disruption?

In addition to the above, you will need a comprehensive IT Disaster Recovery Plan that addresses the company’s data, software, and hardware needs, as well as accessibility. For example, in the event of a cyberattack, how will you stop the breach, recover your data, and keep operations running in the process? Should your office be inaccessible for any reason, which employees can work from home, and how will they do so? You’ll need to consider remote access, security protocols, software and hardware needs, and much more.

Testing and Training 

Every aspect of a business continuity plan must be tested and proven. Everyone must know what is expected.

  • Begin by simulating different types of disasters. Ask yourself: what worked, what could have gone better, and what was forgotten?
  • Update the plans according to your findings, and test again.
  • Train staff on all relevant aspects of the plan, and ensure the processes are documented so new employees can quickly be brought up to speed (you never know if a disaster can happen during an employee’s first week).
  • Ensure there are multiple copies of the plans, on-site as well as off-site, in print as well as digital.
  • Update the plans as needed to account for new technologies, infrastructure, processes, team members, etc.

Failing to Prepare is Preparing to Fail

Businesses fall into three categories when it comes to business continuity planning:

  • Those with a formal plan are quickly able to resurrect their operations in the event of an emergency. It is likely these businesses already planned for work-from-home scenarios, and in the current pandemic, experienced minimal downtime.
  • Businesses with drafts of untested plans and loose guidelines may or may not be able to mitigate their losses. In the case of COVID, most companies had time to fill the gaps in their planning and get their teams operational. Had the emergency been an immediate shutdown due to a natural disaster or cyberattack, this group may have suffered more.
  • Businesses who have placed business continuity planning on the back burner, hoping never to have to deal with it, suffer the most. These companies are left exposed to business interruption, data loss, revenue loss, as well as eroding customer trust, long-term lost business, and a jeopardized brand.

Emergencies capable of crippling a business can happen at any time, to a business of any size. Don’t get caught unprepared. Feel free to contact us if you would like to discuss your Business Continuity Plan.

Ransomware Protection Guide

Ransomware has become an epidemic in today’s IT world. It has locked down hospitals, universities, small businesses, and individuals all over the world. We’ve updated our Ransomware Protection Guide to include additional tips to help you protect yourself and your business.

What is Ransomware?

Ransomware is malware that infects your computer by locking access to your files until you pay a ransom – usually in Bitcoin. The malware typically gets on your computer through a malicious email or website. Hackers can also deliver it straight to your computer if it’s already been compromised.

Ransomware is replacing credit card theft as the number one scam for cyber criminals. Unfortunately, antivirus software alone is not enough to protect you from this threat. 

How Can I Protect My Data from Ransomware?

ACT recommends multiple layers of protection to defend against the latest risks. Here are some best practices to protect your network against ransomware:

  • Backups

    • If set up and maintained correctly, backups are the only guaranteed defense against ransomware. This goes beyond a periodic copy of your data. Best practices include snapshot image-based backups that are captured multiple times per day and kept securely both on-site and off-site.
  • Antivirus and Anti-malware Software

    • This is technology 101. Everyone needs to be running antivirus software on all their appliances…yes I said all. Desktops, laptops, iPhones, Androids, Macs, etc. Nothing is off-limits these days.
  • Firewall with UTM

    • In the old days, firewalls were the doors that kept the bad guys out. The problem now is that end-users are clicking on malicious emails and websites unknowingly, opening the door and inviting them in. Many firewalls today contain unified thread management features (UTM) that provide a suite of protection against today’s threats.
  • Operating System Security Updates and Service Packs

    • When was the last time your servers or workstations were updated? Microsoft is regularly releasing updates, patches, and security fixes to keep their operating systems up-to-date against vulnerabilities. Make sure you are installing them timely.
  • Email Security Software

    • If you find yourself weeding through dozens of junk emails on a daily basis, then it’s time to upgrade what you are using for email security. Cloud-based email security systems can stop threats before they ever make it to your company’s mail server. Spam, viruses, and malicious URLs are some of the easiest ways for ransomware to infect users.
  • Password Policies

    • Enforce strong password policies, encouraging passphrases, forcing employees to change passwords periodically, and not allowing them to reuse past passwords.
  • Multi-Factor Authentication

    • Use multi-factor authentication (MFA) for an extra layer of network security. Even if your passwords are stolen, MFA should prevent hackers from gaining access.
  • Domain Name System (DNS) Intelligence

    • DNS is the starting point for internet connectivity across all devices. Providers are now using DNS to secure networks in ways beyond the standard security products out there. This gives clients another layer of security across all platforms in their organization by protecting them from malware, botnets, phishing, and others.
  • Security Policies

    • One quick and easy way to help reduce the risk of ransomware on your network is to limit employees’ access to the network. There are a number of ways to do this. For example, you can remove permissions to specific files and folders, lock down desktops, and remove administrator roles for standard users, just to name a few. Keep in mind that malware can only access what the infected employee has access to. Thus, limiting employee access minimizes the threats.
  • Education

    • Employees are the front line to most businesses. Any email they open, attachment they click, or website they browse could be compromising the business. Many ransomware attacks can be prevented through employee education and training. This can be as simple as creating handouts for employees to review periodically, or maybe an occasional lunch-and-learn session. Remember, know before you click!
  • Did I Mention Backups Backups Backups?

    • Backups are so important that it has made the list twice. And don’t forget, the only way to truly know if your backups are working is to run a periodic test. Don’t wait until your network is compromised to find out that your backup may have failed.

So ask yourself: Is your business safe? Contact us to learn how a Security Assessment can help you determine how well your network is protected.

A 12-Step Approach to Protecting Data and Securing Your Network

In virtually every business environment, a wide variety of personal and ‘approved’ devices are used throughout the day. This includes computers, tablets, smartphones and other Wi-Fi enabled devices. Each piece of equipment puts your entire network at risk if it is not properly secured and managed.

You have a responsibility to protect the private information you collect about everyone you interact with. Whether it’s your employees, customers or business providers, you likely store an incredible amount of sensitive information, such as social security numbers, credit card numbers, and other sensitive data. A system breach could result in hundreds or even thousands of individuals having their privacy and finances compromised. That is why defending against ransomware and viruses is a top priority among businesses today.

Ask yourself:

  • Do you have policies and procedures in place to secure every device you provide?
  • Are you sure you have adequately secured your network?
  • Are you confident all your data is backed up daily, both on-site and off-site?
  • If there is a system failure or breach, do you know how you will identify and stop it? And are you confident your operations can be brought back online without loss and in a timely manner?

If you cannot confidently answer ‘Yes!’ to these questions, keep reading.

It is highly recommended that businesses of every size have multiple layers of protection in place to secure their data and defend against the latest risks. Below is an example of ACT’s 12-Step Security Plan that is implemented for all clients. These are areas you should address within your own companies – at a minimum:

  1. Ensure all devices – desktops, laptops, smartphones, and tablets – are running the most up-to-date antivirus software available.
  2. Upgrade your firewall with Unified Thread Management Features (UTM).
  3. Install the latest security updates/patches to your operating system.
  4. Implement a cloud-based email security system to capture spam, block phishing scams, and stop threats before they ever make it to your mail server.
  5. Implement a secure DNS solution that can protect your business beyond its perimeter.
  6. Enforce strong password policies, encouraging passphrases, forcing employees to change passwords periodically, and not allowing them to reuse past passwords.
  7. Use multi-factor authentication (MFA) for an extra layer of network security. Even if your passwords are stolen, MFA should prevent hackers from gaining access.
  8. Implement a hybrid solution that combines an on-site backup system that synchronizes real-time with a secure cloud-based storage system, providing maximum protection and quick restoration in the event of a disaster.
  9. Periodically test the backup system so you are 100% certain it’s working.
  10. Document a disaster plan to ensure your entire team understands what to do in the event of catastrophe.
  11. Implement network security policies that limit access to certain parts of the network.
  12. Educate staff, vendors, and anyone else who accesses your network on what they can (and cannot) click or download.

Ensuring the areas above are addressed on an ongoing basis should keep your company’s network and data secure. To learn more about this approach and how it can help protect your business, contact us today.

Why Do Hackers Want My Data?

Hackers Want Your Data

By: David R. Herman – Director, Technical Services

Hacking has become so commonplace that many people have begun disregarding the potentially disastrous consequences of it. Why do hackers hack, anyway? Why are we burdened with the inconvenience and expense of firewalls, anti-virus programs, content filters, and having to sort through pages of spam selling you the next super vitamin.

As in many other facets of life – follow the money! While it’s true there are some hacking groups that use hacking as a canvas for their social messaging, bragging rights, corporate espionage and other reasons, the vast majority of ‘professional’ hacking is for personal and financial enrichment.

This article aims to help you understand what a serious effort is being made to steal and make money using YOUR data. Now is the time to ensure you are putting enough resources toward protecting your data (as opposed to glazing over and rolling your eyes every time your IT professional starts warning you about ‘those vile hackers’).

So how do hackers make money from your data? By selling it, of course!
Here are some of the most common ways hackers are profiting from your data right now:

  • Ransomware. Hackers encrypt the data on your computer or network so you cannot access it, essentially holding it ransom. Then they offer to ‘sell it back to you’ for a fee. Once you pay, they usually give you the key needed to decrypt it.

    – Motive: Financial gain through the direct sale of data back to its owner.

  • Stolen Financial Data. Credit cards, social security numbers and other identifying information can be used for immediate identity theft exploits. Hackers collect this information and then sell it on the deep web to groups skilled at using it to perpetrate identity theft. It is its own business and it’s happening 24 hours a day, 7 days a week.

    – Motive: Financial gain via short-term identity theft.

  • Stolen Data. If you’ve been to a doctor in the past few years, you’re familiar with the term ‘HIPAA guidelines.’ For providers, HIPAA causes numerous headaches as it forces practices to create special procedures, train their staff, and even invest in specialized software. As a patient, HIPAA provides you with data privacy and security provisions meant to safeguard your medical information. As medicine moves toward electronic medical records, it opens the door to medical data fraud. When a hacker obtains your medical data they can submit fraudulent claims, resulting in insurance and Medicare fraud, costing the industry billions of dollars each year ($6.2 billion according to a recent IBM/Ponemon report). Furthermore, since medical records contain personal data that is biometric and never changes, skilled groups can re-use this data for future identity theft exploits long after the data is obtained.

    While the example above is specific to the healthcare industry, it’s important to note that any industry with sensitive data about its clients is at risk, including the accounting, legal and financial industries.

    – Motive: Financial gain via short-term and long-term identity theft and insurance fraud.

These are just three of the more popular exploits we see every day. Unfortunately, there are many more, and they are ever-evolving. So, the next time you see a bright red and yellow pop-up warning stating ‘Your computer is vulnerable,’ don’t ignore it. There are full-time hackers working hard to get at your data.

Want to stay ahead of the hackers and keep your data secure? Give us a call to assess your vulnerability and secure your data.