A recent Gartner report from May of 2016 estimated that 78% of enterprises use, or plan to use Office 365 within the next six months, up 13% from a previous survey taken in 2014. Talk about market share! The business case has been easy though... Office 365 gives businesses communication and collaboration tools with minimal up-front costs and next to no ongoing maintenance costs of managing the solution in-house. No upgrades, no new servers, easy and flexible scalability. It is clear from the numbers Microsoft doesn't need any help in selling the solution.But what about the security concerns surrounding Office 365?
Regulated IT Compliance Blog
Ransomware is the big bad cybersecurity bully that is getting all the attention due to its aggressive nature. It's a type of malware that immediately restricts access to the infected computer system in some way, and demands that the user pay a ransom to the hackers to remove the restriction. Here are a few assumptions you should not make about ransomware, and the facts behind this cyber threat:
Cleveland winters can be brutal. If it's not lake effect snow, its wind and ice. And recently, while Cleveland is experiencing a relatively mild spell, the southern half of the country endured a treacherous ice storm, and the dreaded words "polar vortex" are never far out of people's mind this time of year. Cold weather can cause expensive damage to infrastructure, and this includes your IT infrastructure in your building. Here are some tips to keeping your network safe during extreme winter conditions:
Reports this week surfaced from New York City-based Avanan’s cloud security researchers that a new attack method, Punycode, against Microsoft’s Office 365 business email was unleashed. This new phishing scam goes undetected by default security and bypasses many desktop email filters. The goal of the attackers is to steal Office 365 credentials through an identified gap in Office 365 phishing filters.
Tags: Security Threats
Most organizations know and understand the importance of backing up their data. In the world of hackers, ransomware, and reliance upon networks and data, there have been too many stories of businesses collapsing after a disaster that resulted in data loss. According to a 2016 Ponemon Institute Study, 90% of businesses that lose data as a result of a disaster are forced to shut down within two years. Yet the same study found that only 35% of SMBs have a Backup and Recovery Plan place. And those that do still question their confidence in their backups and ability to recover if and when needed.
Vigilance and Common Sense. When it comes to cybersecurity in your business, whether you are a credit union that faces annual IT examinations, a health care company that must comply with HIPAA, or a non-profit that holds sensitive donor data, strong cybersecurity measures can be summed up with those two practices. vigilance when it comes to password policies and updates, and common sense when it comes to training your employees on opening up attachments or giving out information. Forbes recently hosted a live twitter chat on cybersecurity, and confirmed that when applied with vigilance and common sense, you are best able to protect your business, and yourself, from would be attackers.
Today, I am sitting at a Technology Summit for Ohio Nonprofits, where enCompass is both an exhibitor and a speaker on IT Security. During sessions, exhibitors sit at their booths and get their work done, as well as mingle and network. Since I am speaking, I felt it would be a good time to review my presentation, seeing as I am feeling slightly more prepared than Trump but not as much as Hillary was for the debates. While reviewing my slides on the state of IT Security, I had the idea of writing a blog post, as the ideas are ones any business, for-profit or nonprofit, can benefit from.
A great deal of time, energy and budgets are spent securing your network. From firewalls, antivirus solutions, and end user training, the investments start to add up. However, nobody would argue its necessity, as cyber attacks are on the rise and our data is increasingly vulnerable. It's important to not overlook the data that is housed and accessible from outside your network on employee's remote laptops, tablets and mobile phones. In a survey of nearly 1,000 IT professionals earlier this year, 21% revealed that they suffered a security breach involving a mobile device. The majority of these attacks resulted from connections made to malicious Wi-Fi hotspots and malware.
Bring Your Own Device (BYOD) has long been a struggle for regulated businesses who struggle with balancing IT security and efficiency. Tools such as Mobile Device Management (MDM) have made the dilemma easier on IT departments. Microsoft, for example, has taken that a step further by including MDM as an option that can be implemented through your Office 365 deployment. You can manage and secure mobile devices when they're connected to your organization by using Mobile Device Management for Office 365. Mobile devices like smartphones and tablets that are used to access work email, calendar, contacts, and documents have security policies and access rules. If violated, or a mobile device is lost or stolen, MDM gives you the ability to remotely wipe the device, or lock it.
Earlier this year, the FBI released a news bulletin alerting us to the rise of Ransomware attacks. We have seen this for ourselves with recent reports of such attacks, especially on financial institutions and healthcare companies. In the case of financial institutions, small banks and credit unions are increasingly targeted, as hackers are "banking" on lax policies and practices for data backup as compared to their larger counterparts. For hospitals, the sensitive and crucial nature of their patient data makes them a prime target for attackers. Since ransomware usually presents itself in “Spear Phishing” attempts, where an unsolicited e-mail will come from an unknown sender (or in some cases, a sender that may look familiar to the reader), with an attachment that is then executed, any software designed to detect and prevent these attacks is only as good as the last known attack and subsequent update. Therefore, there are two very critical components you must have in place to protect your company from Ransomware: user education and good backups.
Whether you are a credit union or a hospital, a bank or a dentist's office, a financial advisor or a pharmaceutical rep, regulators in your industry are coming down hard on lax cyber security practices, and mandating more to prevent cyber attacks. According to SecureAuth, over 90% of healthcare organizations have experienced a breach involving the loss or theft of patient data in the past 24 months. A Price Waterhouse Coopers study found that 45 percent of financial institutions suffered from economic crime in 2015. A February 2015 NAFCU survey reports credit unions, on average, spent $136,000 on data security measures and $226,000 in costs associated with merchant data breaches in 2014. With these kinds of numbers it’s not a question of "IF" your organization will become a victim, but WHEN.