In 2018, billions of people were affected by data breaches and cyberattacks and not only did people lose money, but they also lost their security. We hear about these cyberattacks every day and it's easy to think, "Why should I protect myself if the stats are against me?"

Or are we against the stats?  52% of us use the same passwords for different online services. This means that half of us have decided we're happy to risk our financial security and personal identity, and that can be a costly mistake. It turns out, one of the easiest ways you can protect yourself from becoming just another statistic: use a password manager. At Five Nines, when a company comes to us for managed IT solutions, we consider how they can tighten up their data security. Let's talk about ways you can quickly improve your cyber-security habits so you avoid the risk and become less of a predictable target. 

1. Choose a password that's not obvious.

 According to the National Institute of Standards and Technology's updated guidelines as of 2019, your passwords should be user-friendly and memorable, but not easy enough for a stranger to guess. You can use longer phrases that are easier to remember than complicated passwords, such as “I support the NE Huskers.” You should also avoid overly simple passwords. Hackers take bad, commonly used passwords like "huskers1" and try to test it against lots of people to see who they can breach online. Since many people in Nebraska probably have a password like this, it's a good rule to avoid this style of password.

2. Use a password manager to track all of your passwords in one place.

At Five Nines, we recommend two password managers: LastPass and 1Password. LastPass has a free option and allows you to automatically save and fill passwords on Windows, macOS, Android, and iOS devices. It can automatically change passwords for you and even shows you how strong your passwords are on its platform. The Emergency Access feature also lets you pick one or more contacts who can access your passwords if anything were to happen to you.  

1Password is a great paid option for families or small businesses who want to store some of their passwords  and it's Watchtower feature lets you know if any of your passwords are known to be compromised. Bottom line: you can vary up your passwords more often when you have a place to put them. 

3. Be aware of data breaches.

Stay aware of when breaches are reported and when they do, double-check that your information wasn't compromised. Right now, according to a new report by Risk Based Security, 2019 is on track to being the “worst year on record” for data breach activity. Besides checking places like the Identity Theft Resource Center (a California based non-profit that puts out information on the latest data breaches), you can also use free tools, like Credit Karma. Their identity monitoring service will alert you about data breaches and exposed passwords so you're in the loop about a potential threat. Your managed IT solutions provider should discuss potential data breaches with you. 

As IT professionals, we know how cumbersome changing passwords can be, but these are the tools we use at Five Nines, and we hope by passing them along, your information stays safe and out of sight.  We’re here to help as your managed IT solutions provider.

Have questions on how this affects your business? 

Typing in a simple username and password is no longer enough to protect your data in the business technology world, which is why multi-factor authentication is such an important security measure. The cybercrime industry is after our most vulnerable information, and businesses are now forced to fight back with stronger cybersecurity practices.

According to the Verizon Data Breach Investigation Report, 81% of confirmed breaches involve weak, default, or stolen passwords. Multi-factor authentication is something that will benefit both your users and your organization. 

WHAT IS IT?

According to Yubico, there are plenty of opportunities available for hackers to take advantage of, as 55% of users do not use any form of multi-factor authentication at work.  While it is good to have a strong password, taking extra precautions is always recommended. When using multi-factor authentication, a user is only granted access into an account after completing extra steps to confirm that it is indeed their account. For example, if you are trying to access your email, instead of only entering your password for access, you may also receive a push notification on your mobile device to confirm that it's actually you. If the information doesn't match up, you don't receive access to the account.

How else does multi-factor authentication protect your personal information? If a hacker attempts to gain access to your account, you should receive a notification of some sort to complete the second step of logging in. If you are not attempting to access your account, and you are alerted by a notification, that is an immediate sign that someone could be trying to hack you. From there, you will have the ability to respond immediately by changing your passwords and contacting your IT provider. 

YOU HAVE OPTIONS

While any form of multi-factor authentication is a good start, here are some options you can consider:

• Any multi-factor authentication that requires an SMS, email, or voice call with one-time codes.

• "Push" prompts where users receive a notification on another device with an "approve" button as a way to confirm it is really them attempting to access their account.

• Universal 2-factor security keys users can plug directly into their computer to confirm access.

A strong security tip is to ensure your accounts are protected with strong, unique passwords and the best multi-factor option you can reasonably use. There are plenty of multi-factor authentication platforms out there, so it's important to consult your IT team on an option that works best for your business. While you can make multi-factor authentication an optional security setting, many businesses decide to make this extra step required to ensure they are following the strongest security practices.

Want to learn more about how you can take your cybersecurity to the next level? Sit back, grab some popcorn, and watch this FREE Five Nines Power Hour Webinar: A Layered Approach To Cybersecurity.

Cybercrime is a real threat to all businesses, SMB's included. Statistics are only showing an increase in cyberattack methods, and successful attacks result in a significant loss of productivity and data. We want to show you why we stand by Cylance for Five Nines and our partners.

THE BASICS

Before diving into what Cylance is, it's important to understand what the software is protecting you from.

Malware: software that is intended to damage or disable computers and computer systems.

Ransomware: a type of malicious software designed to block access to a computer system until a sum of money is paid.

Since 2013, there has been a significant increase in malware and ransomware. In fact, since 2014 there have been over 120 million new malicious programs per year, and ransomware attacks have increased over 97% in the last two years. According to Symantec, 1 in 13 web requests lead to malware, up 3% from 2016. These statistics show that cybersecurity threats are at an all time high, which is why having the right tools in place to keep your organization protected is so important.

Want to jump straight to our free in-depth webinar about all things Cylance? Click here. 

WHAT IS CYLANCE

Cylance is a tool that prevents cyberattacks with artificial intelligence (AI). Artificial intelligence is the development of computer systems where systems are able to perform tasks that normally require human intelligence. Cylance is able to do this through machine learning, an application of AI that provides systems the ability to automatically learn and improve from experience without being explicitly programmed.

Cylance began in 2012, and has over 6,000 global customers, as well as over 10 million endpoints, and those numbers are growing each day. Cylance developed predictive endpoint threat prevention, which allows the software to predict, and then block cyber attacks on the endpoint in real time using pre-execution AI algorithms. They have an extremely high success rate at 99%+. Cylance also doesn't need a cloud connection to stop malware, as it can still do its' job without an internet connection, making it a one-of-a-kind product in the industry.

WHY COMPANIES CHOOSE CYLANCE

There are several reasons why Five Nines and other companies choose to utilize Cylance.

Effectiveness. Cylance is an extremely effective program with 99.7% effectiveness against all known malware.

Simplicity. Cylance is also very simple to manage, companies don't have to spend a lot of time managing it once it is set up within their environment, yet it increases ROI up to 250%.

Performance. Cylance only has a 1-2% impact to CPU, therefore user systems run faster, hardware lifespans are extended, and network bandwidth is reduced.

Cybercrime is a real threat, but protecting your business doesn't have to be guesswork. If Cylance is something that interests you, and you would like to see it in action while learning about how to apply it to your own business, our Power Hour might be a great resource for you. While the information above is a great overview, it may be more impactful to see exactly how Cylance works. 

Click below to access our free webinar, Cylance - Proactive Protection For Your Business, and tune in as one of our engineers provides in-depth information on Cylance while taking you through a series of demonstrations where you can see the software in action.

You might be thinking to yourself, cyber insurance… is it really necessary? Think about it this way - cybercrime damages will cost the world $6 trillion annually by 2021. A lot of these cybercrimes will be conducted over the internet as a Symantec study showed that in 2017 1 in 13 URL's were identified as malicious, an increase by 3% from 2016. Regardless, the internet has continued to become a large part of how organizations work and operate, and that trend is only going to increase as technology advances even further.

What will also continue to advance is the way cybercriminals try to attack businesses and exploit data online. For example, Symantec found the number of URL's resulting from malicious botnet traffic increased by 62.3% from 2016 to 2017, and the number of URL's resulting from phishing activity rose by 182.5% as well. While managed IT organizations and IT professionals will always do their best to set up IT infrastructures for success, technology will consistently evolve and change. In order to stay ahead of the curve, and have peace of mind, cyber insurance may be a practical investment for your organization.

WHAT DOES IT COVER?

Cyber insurance is a sub-category of general insurance that is meant to protect businesses and/or individuals against internet-based liability and risks. While general insurance may cover tangible aspects, it will not protect your organization's intangible information. Cyber insurance is typically broken up into 2 categories of coverage: first-party and third-party cyber liability coverage. The first-party coverage will take into account the direct losses to an organization, while third-party coverage will extend to claims taken by the organization's customers as well. Another way cyber insurance may cover your company is through a method called incident response, where your organization could receive support via legal services, public relations services, forensics, and much more. Coverage will look different for everyone, it will all depend on your organization as well as your provider, but a huge area of coverage for business is typically loss caused by a data or security breach. Cyber insurance may also cover trademark liability, business interruption caused by a data breach, restoration efforts, etc. 

THE SAVINGS

Whenever there is a data breach, data isn't just compromised, organizations will almost immediately lose money as well. There will be legal fees and costs associated with the breach, as well as organizational downtime, forensic investigations, recovery costs, etc. The point of cyber insurance is to save your organization from all of those unforeseen costs if you are ever put in that position. With a study showing that 54% of companies experienced one or more successful attacks that compromised data, investing in cyber insurance has the potential to save you a lot of money.

Click below for free presentation slides presented by Unico Group at the NE Tech Summit titled: Your Digital Shield - How Cyber Insurance Protects You. This presentation covers how cybercrime is not a matter of "if", but "when", as well as the common misconceptions in regards to cyber liability insurance.

THE PEACE OF MIND

According to Cyber Insure One, the cyber insurance market is expected to grow from $2.5 billion in 2015 to $7.5 billion by 2020, which shows that cyber insurance is becoming a standard component when it comes to organizations executing cybersecurity strategies. While cyber insurance is NOT a replacement for additional cybersecurity efforts, it will provide you peace of mind knowing you wont be left with piles and piles of costs trying to restore your business if you were to ever fall victim to an attack. It's all about asking yourself if you would rather know you are supported and covered in the event of a cyber attack, or if you would rather take the risk and deal with the costs later on if your business was ever impacted.

The right cybersecurity efforts will protect you, the right cyber insurance will give you peace of mind, but it is all about focusing on what solutions will best support your business. Don't overlook the rising statistics that reflect cyberattacks and data breaches each year, take time to map out solutions that will protect and reinforce your organization and your IT environment.

Want to learn more about what we recommend in terms of cybersecurity efforts? Click below to download the free Five Nines webinar about Cylance and how it proactively protects businesses.

A new technological threat has been increasing in popularity and strength in recent years - botnets. These are not the kind of botnets that productively crawl search engines to provide you with the best search results, these botnets are malicious and have the potential to hijack your computer.

Here's what you need to know about botnets:

WHAT ARE THEY?

Botnets are controlled by an administrator, meant to either crawl the internet or directly hack into your computer. These botnets are highly illegal, and are typically used for the purpose of making money or stealing data. Once a botnet hacks into your device, it runs in the background of your computer as your device gets added to a network of other computers that have been attacked. Your computer then waits on commands from the botnet administrator. Some of these commands include emailing spam to a significant number of users, shutting down websites, generating fake website traffic for financial gain, or generating "pop-ups" that entice users to pay a fee to get a botnet off of their computer. Botnets are not decreasing in popularity, as Fortinet found 268 unique botnets through their data so far in 2018, which is a 3% increase from their last study.

Related: Be Prepared to Fight Cybercrime with User Training 

WHAT ARE THE RISKS?

The initial risk of your computer being hijacked by a botnet is that it can run in the background and remain undetected for a significant amount of time. During this time, other risks include the loss of money, access to your data, stolen passwords, and potentially complete control of your device. According to the 2018 Fortinet study, 58% of botnet infections last one day. That may not seem like a long period of time, but 24 hours is all it takes for your organizational data to be compromised.

HOW WILL YOU KNOW IF YOU'VE BEEN INFECTED?

Botnets are usually very hard to detect - occasionally an antivirus software may pick up on botnet activity, but they are typically designed to fly under the radar. If your computer has been infected with a botnet and added to a large network, your device may start to consistently run slowly. If you are worried about whether or not your device has been infected, or if a website you want to view has malicious content, visit this Fortinet Web Filter Lookup as a resource.

Related: Cylance - Proactive Protection for Your Business

PROTECTING YOUR BUSINESS

There are several precautions you can take to avoid getting infected by a botnet. First of all, be sure that your computer operating systems are updated as soon as new updates are available. Botnets are often installed within the flaws of your operating system, so staying on top of updates could protect your system later on. Ensure you have implemented security software that can provide proactive protection for your business. It's also important to be weary of clicking on suspicious website links or attachments, especially from emails that don't seem right.

For the tell-tale signs of what NOT to click on, click here. 

Malicious botnets are consistently searching for easy targets. Make sure you keep your devices updated, educate your team on what suspicious links and attachments look like, and pay attention to whether or not your device begins to run slowly. Consult your IT team if you feel uneasy about your computer being compromised. It's always better to be safe than sorry and to becoming an easy target for botnets.

.BANK is not just another way to change up your domain name, it's a proactive and protective measure put in place to give you peace of mind that your customers are protected. Phishing in the financial industry is all too common, as it is the #1 cyberattack and starting point of most breaches. This reason alone is why .BANK domains are so important to implement.

If you'd like to skip straight to a downloadable flier that further explains how .BANK protects your customers, click here.

Not convinced yet or want more information? Here's why you should register for a .BANK domain:

VERIFICATION

Having a .BANK domain provides extra verification for your organization, as only verified members of the global banking community are approved for these domain names. These domain names make it easy for your customers to distinguish authentic emails or communications from your financial organization in comparison to a phishing attempt.

According to Kaspersky Lab, in 2017 the share of financial phishing increased from 47% to 54% of all phishing detections, which is a record-breaking high for financial phishing. You want your customers to confidently recognize and communicate with your organization, and without a .BANK domain nothing is promised. Anyone can register for a generic domain such as .COM or .NET, but only legitimate financial organizations can register for a .BANK domain name.

Related: What is Phishing?

EXTRA SECURITY MEASURES

Kaspersky Lab also found that more than every 4th attempt to load a phishing page was related to banking phishing. Financial organizations are the "big catches" when it comes to phishing, which is why extra security measures must be taken. These special domains include those extra security measures, from further authentication, to an increased level of encryption, to abuse monitoring and compliance enforcement so that only verified financial organizations can utilize .BANK domains.

Further authentication is just another road block in recognizing and stopping malicious attempts to steal personal information. If your customers see something linked to a .BANK domain, they know they can trust it. An increased level of encryption will help to drastically decrease the chance that customers are redirected to sites disguised as your own that could steal their account information. .BANK domains also come with compliance and requirements to maintain a strong level of security, so financial institutions must allocate a point of contact from their organization to help continue to verify their organization.

Related: Fight Cybercrime With User Awareness Training

.BANK domains play a huge role in preventing cybercrime in the financial industry. Phishing attempts are becoming more and more common, and financial institutions are the big catches. With the security, verification processes, and requirements of obtaining a .BANK domain, you can ensure your customers that anything from your domain name can be trusted and that their data is safe with you.

For more information on how .BANK protects your customers through verification, domain name integrity/domain name system security extensions, and strong encryption, click below.

Once spam hits your email inbox, you become a target. When it comes to technology, humans tend to be the weakest link in most IT security situations. Attackers will constantly try to trick them, manipulating users to click on things that they shouldn't through a variety of methods. Oftentimes, these "tricks" are via email, as email platforms can target a very large number of people and is a very "budget-friendly" attack. If users happen to click the wrong thing within the spam email, bullseye, internal data then becomes exposed.

Since email is commonly used as a way to exploit users and their data, spam filtering has grown in importance and relevance. Organizations must utilize a spam filter to reduce the risk of users clicking on something they shouldn't, in turn keeping their internal data shielded from a cyber attack.

First, take a moment to test how secure one of your top-of-mind passwords really is by clicking this link:

https://lastpass.com/howsecure.php

Did the test tell you that you needed a stronger password? Did it tell you that your password is strong enough? Do you use that same strong password for everything?

When users have to make up a password, two strategies are typically used:

1. They use a password that is simple and easy to remember.
2. They use one strong password for every single account. 

These strategies are good in theory, but bad when it comes to security purposes, which is why password managers are highly recommended to break the cycle of bad password practices.

It's something everyone does several times a day - typing in a password. And for 92% of people surveyed by SecureAuth Corp. and Wakefield Research, the SAME passwords are being typed in for all of their accounts. While this may seem like the easiest solution to consistent password annoyances, this type of online behavior leads to the 91% of Americans who have experienced an online breach at some point in their life. See the correlation?

According to LastPass, passwords are the key to our digital lives, and users often forget the importance of passwords because of the "inconvenience" they may cause when trying to do things online. The importance of the information that is kept online is worth going the extra mile to protect, which is why we recommend the use of password managers to ensure your organization and its' employees are maintaining secure online habits.

WHY PASSWORD MANAGERS

Having one strong password simply isn't good enough anymore with the current technological landscape.

Over time, users have gradually become connected to more and more accounts that require passwords, which generated the habit of users wanting to use one password for everything to avoid getting locked out of accounts. While it may be habitual to input the same password for everything, the increased amount of data breaches that are seen in the media have made it apparent that it's best to have a unique password for every account that requires one, to ensure overall account security.

That's where password managers such as LastPass or 1Password come into play. These applications assist users in organizing and safely storing all of their different passwords. Gone are the days of putting pen to paper and storing sticky notes around your desk with all of your passwords on it, now all passwords can be easily accessed and found in one application. When logging into an account, all you have to do is retrieve your password for that account if it's not memorized from your password manager. An extra 15-30 second step that can save you time and money in the long run. Not to mention, your accounts are way more secured as a result. 

WEAK PASSWORD TESTS

Ensuring your employees are maintaining a high standard of strong passwords is also necessary in keeping your organization protected. Five Nines conducts tests internally to monitor all user passwords for any potential vulnerabilities. These tests are similar to the one you took above, but on an organizational scale. Conducting these tests not only provides peace of mind that employee passwords are secure, it also holds employees accountable in keeping password safety top of mind. These tests are conducted along with the use of password managers for an extra boost of security.

Maintaining high security of your IT environment requires time, money, and extra effort. Compromising internal files and data due to poor password practices simply isn't worth it. Take the time to set up a password manager account, encourage fellow employees to do the same, and take the extra few seconds to  avoid a security breach.

It's worth it, we promise.

It's always best to be prepared for the worst to keep your organization at its' best. Click below for a free Ransomware Rescue Guide to have on hand that will guide your team through the initial steps of a potential ransomware attack if you ever experience one.