Rincon India Solutions Pvt. Ltd.

Tag: Cyber attacks

  • Reblog: 3 Ways to Safeguard School Networks to Avoid Cyber Attacks [Infographic]

    A school’s network is all too often an open invitation to hackers. Discover 3 ways to protect networks and keep sensitive data safe!

    The majority of today’s schools are connected online and are facing the same cyber security dilemma as other businesses. Even when school districts and universities have massive budgets, they often fall short of having the right security measures in place to protect sensitive data. Hackers see limited security capabilities as an open invitation for quick profit, whether they’re after financial information or anything else they can use for identity theft purposes.

    In the education field, not all cyber attacks have the intent of stealing sensitive data. In 2015, hackers launched Denial of Service (DoS) attacks on public schools in Miami just as thousands of students were about to take new standardized tests. When students reached the writing portion of the Florida Standards Assessment, they fell upon blank, white screens after a testing vendor’s login server was targeted. Although attacks like these aren’t designed to steal information, it’s clear that they can be just as disruptive. In the age of technology, cyberattacks can be the equivalent of pulling the fire alarm to avoid a test. Check out the infographic beside for a few more examples of recent school cyber attacks, and to see how technology in education has evolved.

    When hackers gain access to a school’s network, it’s safe to say that the results are never good. The good news is that with a few safeguards in place, data loss and disruptions like the one mentioned above can be avoided. Let’s take a look at a few ways to make school networks less attractive targets for hackers.

    1. Establish a strong BYOD Policy

    In the era of laptops, smartphones, tablets, and even smart watches, the majority of today’s students have access to some form of connected device or another. Many schools embrace this and incorporate mobile computing into the standard curriculum. It’s even common for educational institutions to issue mobile devices to be used for schoolwork. It’s commonplace that schools allow students to connect their devices to the internet through their network, but it also raises concerns. Establishing a firm “bring your own device” (BYOD) policy can help manage the risk of data breach when tech-savvy students have access to school networks.

    As part of a BYOD policy, many school districts segregate administrative and guest networks. Implementing a “guest” network for students, visitors, and even some staff members to connect to with their devices works well because it keeps sensitive data on the administrative network and also makes traffic much easier to monitor according to how a BYOD policy defines secure internet usage.

    2. Protect school-owned technology when it’s offsite

    We’ve all grown accustomed to using mobile computing devices while on-the-go, and education staff is no exception. Teachers are typically given laptops for home use, whether it be for grading schoolwork or researching for in-class material, and some even travel with their laptops to conventions. When users connect to wireless hotspots in hotels, cafes, airports, or less-than-secure home networks, they are no longer protected from whichever security measures their school may have in place. Most people don’t carefully monitor their browsing or usage habits, and all this unmonitored offsite connectivity increases risk immensely. There’s the chance that the laptops themselves contain sensitive data and are likely to get hacked on open networks, or they could more easily come back to connect to the school network chock full of viruses or other malware.

    Remote filtering technology is a way to protect laptops and mobile devices when they’re being used on other networks than the school’s. With remote filtering, all registered devices are forced to connect to the internet through a web security gateway. This ensures that web traffic from these devices is subject to the web access and security policies of the organization, no matter where somebody logs on. It’s a relatively inexpensive option that could save schools from many potential headaches.

    3. Upgrade the way you send files

    The most widely used method of sending and receiving student records and other sensitive data is email. While there are highly secure email servers that some schools may wish to opt for, this still doesn’t eliminate the fact that hackers still have ways to access data via phishing scams. Hackers often pose as legitimate senders and use phishing emails that trick individuals into providing access to sensitive information. In a recent example of phishing, a Canadian university was defrauded for $11.8 million when hackers posed as a construction company requesting updated banking info.

    Incorporating a secure file exchange solution into your network environment guarantees that sensitive data like student records, banking information, etc. gets to the right recipient. Using features such as two-factor authentication (2FA), all file transfers require user authentication on both ends. When incorporated into a security policy, banks, parents, healthcare organizations and other schools who are on the receiving end of sensitive file transmissions are required to quickly and easily authenticate themselves before any data downloads or uploads take place. Nobody can therefore pose as anybody else and school data remains safe.

    Want to find out more about solutions that can take your school’s data governance to the next level? Speak with an expert today to learn more! Contact us sales@rincon.co.in

    The original article can be found here.

  • Reblog: 3 Major Data Security Risks Every Business Should Know About

    Let’s face it – regardless of size and industry, the success of any organization relies on sensitive data. In 2016, news and media outlets were flooded with stories about cyber attacks – from the personal records of nearly 30,000 FBI and Department of Homeland Security workers’ personal records getting hacked, to dozens of celebrities’ private photos being leaked online. Terms like data security and cybersecurity that were once reserved for IT and security professionals became household names. Just last month, what’s considered to be the biggest ransomware attack in history hit tens of thousands of computers all over the world, disrupting businesses of all sizes.

    With a growing public awareness of the data security risks organizations are faced with, companies of all sizes are under more pressure than ever to keep operations running smoothly without any interruptions from cyber attacks and other data security incidents.

    The truth is that when organizations lose sensitive data, they face an extensive list of liabilities. Costs associated with data breaches can include reimbursement to customers, data recovery fees, and even worse – legal fines. Perhaps the worst consequence of a data breach is that it damages an organization’s reputation. Research conducted by Unisys Corporation revealed that the majority of people would not only lose faith in an organization in the event of a data breach, they’d stop doing business with them altogether. Who can blame them? When cyber attacks and other types of data breaches occur, it’s the public’s health records, credit card numbers, and more that are at stake. Let’s take a look at some of the most prevalent data security risks affecting businesses in 2017, and examine a few ways that organizations can fight back and take their data security to the next level.

    1. Employees Don’t Know How to Protect Data

    Up until recently, security skills in the workplace wasn’t a topic of discussion, much less part of a standard employee training regimen. Most people just assume that their organization’s IT department has the whole “data security” thing covered. It’s safe to assume that unless we work for a company specializing in IT security, the average worker goes about their day handling and sending sensitive data without thinking about hackers or data loss. It’s actually the lack of security awareness and skills that makes organizations an easier target for hackers or disgruntled employees who have access to networks and admin accounts.

    When organizations implement an information security and risk management (ISRM) strategy, it raises awareness and helps everyone to do their part. An ISRM strategy will look different from organization to organization, but a solid internal strategy involves identifying vulnerabilities and putting a few best practices in place. For example:

    Mandatory compliance training for all employees in environments where protected health information (PHI) and personally identifiable information (PII) changes hands regularly. That’s right; not just doctors, administrators, mortgage brokers, and account managers – all employees.

    Training sessions that teach employees best practices such as managing passwords for various devices, locking workstation screens when leaving your desk, the proper handling/destroying of paper documents, or any other small actions that make a big difference when it comes to keeping sensitive data protected.

    Internal vulnerabilities are one of the biggest threats facing sensitive data, and security training and skills growth in the workplace must be ongoing if organizations want to reduce the risk of data breaches.

    2. Fax Machines aren’t Secure Enough to Protect your Data

    When most people hear the word fax, they picture a bulky, outdated technology, but the truth is that many organizations – from schools to healthcare clinics and government offices – use it on a daily basis. Fax technology has certainly come a long way, with organizations now able to send and receive faxes on multifunction printers (MFPs) that also serve as scanners, printers, etc. But even though faxing as we know it has evolved quite a bit, it still relies on physical machines to transmit sensitive data.

    Fax machines, in any shape or form, require physical maintenance and are subject to human error. In larger organizations, entire departments may be working off a single centralized machine in order to send and receive important data. Not only does this bottleneck the workflow, it increases the likelihood that sensitive documents are left lying around in the open. Now take this likelihood and imagine the risk involved when two or more organizations send each other data via fax. Even if you can be sure that all of your organization’s physical, network, and process security measures are in place, can you say the same about your recipients? Certain regulations, such as the Health Insurance Portability and Accountability Act (HIPAA) that set the standard for protecting sensitive data in healthcare, require that subcontractors and business associates must also be in compliance.

    Increasingly, organizations of all sizes are choosing to transition over to cloud faxing solutions. When you fax online using software that communicates with fax machines, MFPs, and also faxes directly to a recipient’s email, you ensure that faxes get exactly where they need to go. You eliminate much of the risk associated with paper documents lying around and falling into the wrong hands. As an important bonus, cloud fax solutions are built with the robust security features that help organizations maintain HIPAA compliance or meet many other industry regulations that may apply.

    3. Email Isn’t as Secure as you Think

    It’s no secret that email is the most prevalent method of communication used in business today. Thanks to the internet, we are sharing more than ever, making email an inexpensive and highly effective business tool. It’s so prevalent that for many of us, “catching up on emails” can become a challenge on any work day, no matter which industry we may work in.

    Some practices rely solely on email to send and receive sensitive data. Email is used all the time to send sensitive information like purchase orders, patient information, debit receipts – and the list goes on. Email is also readily available on mobile devices, making it a more accessible tool than ever. While email is rapid, effective, and universally used, it is inherently non-secure. This might best be summed up in an article from Digital Trends:

    “Email isn’t secure because it was never meant to be the center of our digital lives. It was developed when the Internet was a much smaller place to standardize simple store-and-forward messaging between people using different kinds of computers. Email was all transferred completely in the open – everything was readable by anyone who could watch network traffic or access accounts (originally not even passwords were encrypted). Amazingly, email sent using those wide-open methods still (mostly) works.” Read the full article here.

    With this in mind, IT professionals work hard to protect communications from within their organizational infrastructures. One of the best ways to do this is by using encryption, which scrambles email content until its unlocked by a recipient. Encryption can be done on the level of servers, networks, and individual messages. The downside of encryption is similar to security issue when using traditional fax: efforts might be made on your organization’s end to keep data secure, but can you be sure about your recipients? Since most people on the workforce manage dozens if not hundreds of email contacts, the answer is probably not.

    A secure file exchange solution offers a basic way to get sensitive files where they need to go while protecting their confidentiality and availability. Secure file exchange platforms that integrate with your email are an easy-to-use alternative for sending sensitive data. Some use double encryption, which requires recipients to use a key that’s generated when a transfer is initiated as an additional security measure. While designed to be user-friendly, the right secure file exchange platform will also come with plenty of advanced management, auditing and security features so that administrators can customize it to their organization’s specific needs.

    The original article can be found here.

    Looking for a secure file transfer solution that will help your organization save time and money while keeping you in regulatory compliance? Contact us: sales@rincon.co.in