Why Your Organization Needs An Internet Use Policy

Employee Avatars working on a policy checklist.With computers and Internet access being such an integral part of every business, and the Internet filled with everything from gambling to x-rated websites, it is critical that every business has an Internet Use Policy in place.

This policy can help prevent your employees from accidentally or intentionally causing harm to your company or your company’s reputation. While you don’t want to give your employees the idea that they are living in George Orwell’s 1984, you want them to have a clear understanding of practices that are and are not appropriate during work hours. It is necessary for companies and organizations to create an Internet policy that everyone can live with.

Why Have An Internet Use Policy?

The purpose of a business is to make money, and for non-profit organizations, it is to fulfill the mission. In order to accomplish this, the company or organization has to have productive employees. The Internet can be a time drain and often prevent employees from being as productive as they should be.

With such a wide range of information available on the Internet, it is necessary to clarify the company’s expectations of its employees regarding Internet access. With a strong policy in place, the employee, as well as the employer, will find Internet use less confusing and frustrating.

Read more

Share

How You Can Protect Your Business From Crypto Ransomware

Image of a laptop computer and "Your personal files are encrypted" notification

 

You know it is very bad news when you see the message above on your computer screen: That is what a crypto ransomware notification looks like. And if you’ve been following the news lately, you’ve certainly heard about how cities and local governments in Texas, Florida, Maryland and others have had to deal with cases of ransomware infections.

It initially started out as an annoyance: you click on a link and ads popped up on your computer screen. Then it progressed to fake anti-virus scams that installed nag screens on your computer and tried to force you to pay to remove the nag screen.

Crypto Ransomware is a new form of virus attack that encrypts files, making them inaccessible, until money (a ransom) is paid to the people responsible for locking or encrypting the files.

Big picture? Think of your QuickBooks database, Excel spreadsheets that contain vital business data, the PowerPoint presentations that took countless hours to create, and on a more personal note, the pictures and videos you’ve painstakingly collected over the years. All gone, unless you pay a ransom to the cyber criminals.

Read more

Share

Basic Computer Security Practices for Non-Profits

Some Basic Computer Security Practices To Keep Your Non-Profit Data and Employees Safe

Malware Prevention

There are all sorts of danger lurking on the Internet, whether it’s through a bogus email attachment, a link that was accidentally clicked, or a visit to an infected website. There are dangers within the organization as well. These are commonly referred to as “Insider Threats”.

Here are some computer security practices you can implement to protect the data and employees of your non-profit organization.

  • Regularly scan computers for spyware

Spyware or adware hidden in software programs may affect the performance of  the organization’s computers and give attackers access to sensitive data.
Make sure you use a legitimate anti-spyware program to scan computers and remove any of these files. Many anti-virus products have incorporated spyware detection.

  • Keep software up to date

Install software patches so that attackers cannot take advantage of known problems or vulnerabilities.
Many operating systems offer automatic updates. If this option is available, you should turn it on.

If updates and patching is too tedious for you and your organization, you can outsource the task to a service provider. You can see details of what patch management covers here.

Read more

Share

Credential Management Vulnerabilities Exposed By Breaches

Credential Management BreachThe recent breach of OneLogin is once again shining the spotlight on the safety and sanity of entrusting sensitive data to cloud-based credential management services. OneLogin provides single sign-on for cloud-based applications.

What Is A Credential Management Service?

Credential management services that offer Single Sign-On or SSO are great, but as we are beginning to find out, it could also be a single point of entry to a treasure trove of sensitive data for cyber criminals.

How Does A Credential Management Service Work?

The way credential management services work is that after a user of these Identity and credential management services sign into their account, the service takes care of remembering and supplying the customer’s usernames and passwords for all of their other applications. It pretty much attempts to save the user the pain and stress of trying to remember numerous passwords, security questions and other hoops people normally have to jump through just to access some online services.

What Is The Problem With Credential Management Services?

While a lot of these services promise secure access to, and a simplified Identity and Access Management (IAM), the recent spate of multiple breaches of LastPass and now OneLogin makes us wonder just how efficient and  secure these credential management services really are. And here is why: a single compromise exposes the credentials of all users, especially if that data theft includes the ability to decrypt encrypted data [thanks to Mark Maunder of Wordfence for that emphasis].

A breach that allows intruders to decrypt customer data could be extremely damaging for affected customers.

The vulnerabilities in credential management services like LastPass were so bad that Tavis Ormandy, a security researcher at Google’s Project Zero wondered if people were “really using this lastpass thing” because he took a quick look and could see “a bunch of obvious critical problems”.

Read more

Share

How Nonprofits And Associations Can Prevent Ransomware Like WannaCry

Ransomware Prevention

On Friday May 11, 2017, the world learned just how vulnerable computer networks can be when not fully protected as it experienced a well-coordinated ransomware attack, known as WannaCrypt, or WannaCry.

Note: Ransomware encrypts files and makes them unusable unless payment (ransom) is made within a specified time. Malware and ransomware like WannaCry prey on weaknesses in network security systems due to out-of-date firewalls, operating systems and antivirus programs.

Are You at Risk?

That worldwide attack caused Britain’s National Health Services to cancel surgeries, shut down at least 40 major organizations across more than 99 countries, including a wide array of Russian and Chinese private and public institutions.
By the time the dust settled, this large world-wide cyber-attack, described by Europol as unprecedented in scale, infected more than 230,000 computers in over 150 countries.

Unlike previous ransomware, this attack did not spread by phishing emails, but used a leaked hacking tool or exploit called EternalBlue that was developed by the U.S. National Security Agency (NSA) to spread. The target of the ransomware were computer networks which had not installed recent software security updates (also commonly known as patching).

Read more

Share
Share
Share