Menu

Blog Archives
De-de Mulligan

Home / Blog

Author Archives: De-de Mulligan

A Crash Course on Internet Safety for Our Children

A Crash Course on Internet Safety for Our Children

Online access is all around us and it’s especially prevalent with children. While it has many redeeming traits, including instant entree to global information from a variety of tools, it also has a dark side that includes:

  • Inappropriate content
  • Cyberbullying
  • Online predators and
  • Smartphone addiction

It’s that dark side I want to address today with simple tools and techniques to protect your children. Given that access to information is exploding using digital assistants and wearable technology, I expect this issue will continue to be a challenge for years to come.

Tips that Work

  1. Talk to your children regularly about your safety concerns. Make sure they NEVER reveal their full name, address, phone number age or school location.
  2. Remind them they are only allowed to share their passwords with you, their parents.
  3. Online predators want photos of your children and/or to meet them somewhere. Talk about this danger and encourage your children to come to you when they receive these requests.
  4. Have your child immediately report cyberbullying to you and school officials.
    Look at these tips from gov for ways to prevent it. Be sure they do not respond to cyberbullying emails, texts or social posts as these just add fuel to the fire of a bad situation.
  5. Use tools to monitor their online activity. Let’s face it: As much as you talk and try to be aware of their online activities, you can’t be with them every waking moment. Software programs can help. PC Magazine recently came out with their assessment of the top 10 monitoring tools on the market. The other key benefit: It will filter out inappropriate content when conducting an innocent search on Google and keep them away from websites you don’t want them to have access to.
  6. Have only one family PC and put it in the common area so it can be easily observed.

  7. Limit smartphone and PC screen time.
    1. With the newest edition of iOS, Apple will be integrating Screen Time, currently a separate app, into the operating system. Users can receive a weekly summary of application usage and parents can set time limits on each one. Look for other operating systems to follow their lead.
    2. Make dinner time, smartphone and TV free.
    3. Only allow so many hours per week on the computer, especially during the summer and on weekends.
  8. Add a cybersecurity solution to keep out unwanted traffic.
    Nowadays, hackers are smart. They will try and get access to your children through a method called spear phishing aimed at their social media accounts. The right home cyber solution can prevent these attacks from happening in the first place.

Understand the Laws

The Children’s Online Privacy Protection Act (COPPA) helps protect children under 13 years old from predatory or harmful websites. Each web administrator must have parental consent if they are collecting personal information from a child within this age category. Parents that believe an operator is violating COPPA, may submit complaints through the FTC’s website, www.ftc.gov, or call their toll-free number, (877) FTC-HELP.

The National Center for Missing and Exploited Children has much information about online exploitation and encourages you to report such activity to their tip line at (800) THE-LOST.

Be sure to contact your local law enforcement agency if your child has received pornography on the Internet.

Axiom Defender Home is Your Ticket to Home Protection

Our solution is installed just behind your connection to the internet, usually through a cable or DSL modem. By being the first stop in and the last stop out, the Axiom Defender inspects all internet traffic — also protecting your family against anything on the dark web, crypto-jackers, ransomware, or malware. Get started now with a 30-day free trial!

 

How to Make Your Passwords Worthless to Hackers

How to Make Your Passwords Worthless to Hackers

Passwords have been around since the dawn of computers. Initially they were meant to prohibit employees from accessing the wrong accounts and keep competitors away from your company’s trade secrets. However, they have long outlived their effectiveness in today’s cyber risk world.

According to Verizon’s 2017 Data Breach Investigation Report, compromised passwords are, by far, the most prevalent gateway for hackers to get into personal and company information. 81% of data breaches last year occurred via weak or stolen passwords. Believe it or not, 17% of users still use 123456 and 10% use password as their passwords.

Here are six password strategies to keep bad actors at bay.

Create Hard-to-Guess Passwords

There’s been a lot of discussion about what makes up a good password. Most organizations endorse a password practice of length, made up of alpha, numeric and special characters. The problem is you may not remember it if it’s too difficult. Even worse, you’ll store it on a sticky note beside your computer, so you can reference it often.

NIST recently came out with a recommendation to choose a very obscure long phrase, something you only know. For example, your favorite movie as a kid. Or your childhood best friend’s first and last name. Their research states the right choice, if it is more than eight characters, is more effective than a combination of letters, numbers and special characters.

Use Different Passwords for Different Apps

If you use one or two of the same passwords for many sign-ins, you will make a cybercriminal’s day. Create a unique password for each sign-in.

Change Them Often

Establish a policy regarding password changes. I recommend they be altered at least every 90 days.

Use a Password Manager

Only want to remember one password? Companies like Dashlane, LastPass, and RoboForm store all your passwords in one location.

Use Multi-Factor Authentication (MFA)

First, there were passwords. Then, there was two-factor verification. Now, prepare for multi-factor where a password, code and something unique to you (i.e. voice, face, fingerprint) identifies that you should have access to that data.

While MFA isn’t available everywhere, I strongly recommend you implement 2FA now, so when the next layer is available, you are ready.

Check for Email Breaches on a Regular Basis

Using a tool like have i been pwned? can help identify which applications associated with your email address have been compromised and the type of data that was stolen. Change passwords immediately for those apps at risk.

 

Brought to You by Axiom Cyber Solutions

Even with the best password strategy, you still need a holistic solution that makes your company’s data nearly impenetrable. We’ll monitor your network 24 hours a day and update your systems hundreds of times per day to ensure your organization has the highest levels of protection. Give us a call today at (800) 519-5070 to learn more!

Own a Cannabis Business? You Need Cybersecurity

Own a Cannabis Business? You Need Cybersecurity

You wouldn’t necessary think this, but a cannabis business holds a treasure trove of information bad actors are anxious to steal. Because the industry is in its infancy, hackers are very attracted to it, hoping cybersecurity isn’t even on your radar. If they get in, they will sell your data on the dark web, encrypt it for ransomware, or even worse, provide it to your competitor down the street.

Consider this: At a minimum, your business holds a customer’s personal, and perhaps, their medical information. This includes their date of birth, driver’s license number, SSN, credit card number and medical information.

Add to the fact you are bound by at least two regulations, HIPPA if you are a medical marijuana establishment and PCI-DSS if your business accepts credit cards.

This blog will focus on ways to protect that data and keep your business going and growing!

Five Proactive Measures to Protect Your Business

  1. Use an airtight Point of Sale (POS) system.
    Make sure your POS network offers end-to-end encryption for credit card transactions. In addition, call your provider and review how your customer’s data is protected, where it is stored and how you will be alerted if critical updates are needed on the system. If there isn’t a systematic process to their offering, switch POS providers as soon as you can.
  2. Establish a system integration plan.
    Your business may have several apps such as QuickBooks and BigCommerce that you want to sync on a real-time basis with your POS system. While this makes great business sense, you may be leaving gaps for cybercrimes to happen. This is where a good cybersecurity audit comes in to measure your vulnerabilities and fix them before they become problematic.
  3. Keep employees out of data silos they don’t need to do their jobs.
    Establishing who can access your data and at what level is vital to making sure one of your own doesn’t accidently open the gate to a hacker.
  4. Make sure your operating systems, applications and anti-virus software is up to date.
    This is the number one method cybercriminals get into your system.
  5. Outsource cybersecurity.
    Look for a firm that has the following capabilities:

    1. Security Operations Center that can continuously monitor your network
    2. Security Information and Event Management analytical tool that provides real-time analysis of security alerts generated by applications and network hardware
    3. User and Entity Behavior Analytics models to identifies typical and atypical behavior of humans and machines within a network.

About Axiom Cyber Solutions

We can provide your cannabis business with a holistic solution that is nearly impenetrable, using all the tools and techniques listed above. We will monitor your organization around the clock and make hundreds system updates per day to keep hackers out. Contact us today for more information!

A Cybersecurity Action Plan for Your Virtual Workforce

A Cybersecurity Action Plan for Your Virtual Workforce

According to Global Workplace Analytics, approximately 50% of all organizations have positions where employees can work remotely, all or some of the time. This number has grown 115% in the last thirteen years and is expected to continue to rise in the coming years.

However, with this flexibility, comes potential risk to your data. As virtual workers pick up and go from their home to the local coffee shop to a client meeting, the level of system security diminishes. The risk is especially high in open, and usually free, Wi-Fi areas.

The good news is there are practices you can implement today to make the virtual worker’s environment safer.

7 Cybersecurity Practices for Your Remote Workforce

  1. Make sure every operating system, applications, antivirus and anti-malware software is up to date. This can be a challenging task to complete if your workforce resides all over the country and only comes into the office once or twice a year.

    However, if you hire a cybersecurity company, they can identify your vulnerabilities through an assessment, know where your risks are and help fix them right away.

  2. Make cybersecurity training mandatory. You can help users identify suspicious emails, spear phishing and who they should call if they aren’t sure about a message. Reinforce the training in conference and video calls. Be clear about the repercussions if they violate protocol.
  3. Activate a Virtual Private Network (VPN) service. If your workforce must sign in via a public network, the right VPN will provide a high level of encryption for all transactions going to and coming from your company.
  4. Implement Perfect Forward Secrecy (PFS). These are specific key agreement protocols that gives assurances your session keys will not be compromised, even if the private key of a server is hacked. This is good protection if the remote user’s laptop or tablet is infected with malware. It limits the hacker’s access to one server or a partition of your cloud services.
  5. Be able to disable and wipe clean remote devices. If a worker’s device is stolen or lost, its vital you can disarm it right away.
  6. Establish a different password policy. According to the National Institute of Standards and Technology (NIST) passwords need to be obscure, long and For example, putting together alphanumeric combinations a user can remember, but no one else will, can be almost impossible to crack. An example might be a house address of long ago, the user’s favorite childhood sport and their last movie title.

    In addition, the NIST determined that changing passwords every few months did not enhance security, because most users don’t make significant changes to their existing password when forced to make a change.

  7. Implement proactive practices.
    Rather than being reactive to a situation, put in place the following:

    1. Outsource cybersecurity. The right organization can continuously assess, monitor and protect your network and workforce no matter where they are or what time they access their data.
    2. Obtain cyber liability insurance. In the event of a breach, in which personal information, such as Social Security or credit card numbers, are exposed or stolen, this will garner you the protection you need.
    3. Establish a remote workforce policy. The key is to be fair to everyone and still protect your business. Many individuals enjoy working from home because they have more freedom, don’t have to make a long, stressful commute and can have more balance in their lives. Gain buy-in to the policy and have consequences if individuals violate them.

Axiom Cyber Solutions Can Manage Your Remote Users

Our Managed Cybersecurity Solution which includes next-generation firewall Intrusion Detection and Prevention (IDS), managed anti-virus, network monitoring, and patch management is available for a low monthly subscription fee. Contact us today for more information!

7 Cybersecurity Threats Every K-12 School Faces

7 Cybersecurity Threats Every K-12 School Faces

Ransomware. DDoS. Phishing. Identify theft.

Sadly, schools across the United States are becoming very familiar with these terms. In fact, recent research indicates that K-12 institutions will have the highest rate of ransomware attacks of any industry in the coming years.

For example, the release of sensitive student and teacher information can lead to identity theft. A hacker’s encryption of students’ grades and teachers’ lesson plans can lead to loss of productivity (especially if they are not backed up) and thousands of taxpayer dollars being spent to replicate data that is gone.

As you to turn to the 2018-19 school year, this is your opportunity to make cybersecurity a budget priority. Here are seven reasons why it’s important:

  1. Clickbait.
    The email may look legitimate but unfortunately, it is not. Embedded in the text is a hyperlink that sends you to a malicious site. This link has now taken down your school’s system.Solution: Ensure every employee has the highest email filter settings for spam, phishing and executable files. Employees should also be trained on what suspicious emails look like and always report suspected emails to the IT department.
  2. Outdated Technology.
    Your school may feel they need to hold onto computers and tablets until they break. The problem with this plan is they may not support the current operating system, which opens you up to a cybersecurity breach.Solution: Do a complete inventory of all your computer equipment. Make certain it runs iOS 11.3.1 for iPhones/iPads, macOS 10.13.4 for Mac computers and Windows 10 for PCs. For all devices that do not support these versions, disengage them from your network today. Purchase new devices to replace them before or during the next fiscal year.
  3. Not Paying Attention to Patches.
    All operating systems require patches from time to time.Solution: When your computer tells you updates are needed, complete them within a few hours. It will require a restart however, many patches have security updates within them.
  4. User Error.
    When users are allowed access to sensitive and/or confidential data, there is always a risk for exposure.Solution: Partition student, administration and public networks. Practice whitelisting which allows only a handful of individuals into the classified information, blocking nonessential personnel from that data.
  5. Allowing Weak Passwords and not having a Change Policy.
    Passwords less than 14 characters are problematic and/or not enforcing changes of the passwords can lead hackers right to your data’s door.Solution: Make strong passwords a norm, along with two-factor authentication. Provide an automated system that requires password change every 60- to 90-days.
  6. No tools.
    Its time to think of your school network, more like a bank. These financial institutions have a vault, security guards and cameras – different methods to keep your money safe. The same goes for cybersecurity. You need the right tools to keep all the data out of the hands of hackers.Solution: From Mobile Device Management to cybersecurity audit and monitoring, speak to a cybersecurity expert for a full understanding of the best tools for your school system.
  7. Vulnerability testing is nonexistent.
    Without continuous checking, hackers will continue to try and access your data. 

Solution: Initially, you need a cybersecurity organization to analyze the vulnerabilities in your network and recommend fixes. Once those solutions are in place, its vital to have 24/7 monitoring of your network to ensure your data is safe.

Start a Conversation with Axiom Cyber Solutions

We can protect your school from cyberthreats at a very reasonable cost! Give us a call at (800) 519-5070 today to learn more about our offerings!

5 Cybersecurity Obstacles Small Businesses Face

5 Cybersecurity Obstacles Small Businesses Face

I have spoken to hundreds of small business owners and general managers over the last few months about cybersecurity. Many present one or more of the following five reasons as to why they don’t have data protection in place.

Ultimately, they don’t think their data is worth stealing.

Ironically, this is exactly the attitude most bad actors hope for. With systems that are minimally secure, cybercriminals can have a heyday with your company bank accounts, confidential employee information and customer files. Roughly 50% of all small businesses who suffer a cyberattack go out of business within six months. We don’t want you to be one of them.

Let’s look at these hinderances and discover ways to overcome them.

 

Five Most Common Stumbling Blocks to Cybersecurity

 

“We have no money.”

Small or large, this is the number one hindrance I see moving forward. Most decision makers think cybersecurity solutions cost hundreds of thousands of dollars per year. They already set in mental motion either severe budget cuts in other areas or an unbudgeted approval by management needs to occur. Neither position is attractive, so nothing happens.

Cybersecurity doesn’t have to be expensive. Our SecureAmerica solution starts at $299 per month – giving your business the protection it needs 24/7!

 

“We backup our data regularly, so there’s no risk.”

Really? How regularly – every transaction, once a day or a few times per month? Regular backups will allow your business to limp along after you install new operating systems, applications and put new passcodes on everything. This can take days, if not weeks to complete.

But the fact is, your data has been stolen and encrypted. Depending on the number of records and sensitivity of that information, you may have to pay ransomware to get the records back, which will also impact your budget.

Our solution monitors your network for any vulnerabilities, phishing or scraping attempts, and stops ransomware attempts before they happen.

 

“We have malware protection on each device, so we’re covered.”

While this is certainly important, it isn’t enough. Bad actors are smart and constantly trying to find ways to enter your system. In addition, many of them roam around your servers for days or months before they retrieve anything, which makes your systems all that more vulnerable. Malware protection is a piece, but it isn’t the entire solution.

We offer complete protection of your entire network, down to the device level.

 

“We’re too small to be hacked.”

87% of small businesses don’t think they will ever be hacked, yet 50% of them are. No one is too small. If you have a business that interacts with clients, vendors and employees, you can be a victim.

Bottom line: Every business needs cybersecurity.

 

“Our IT guy is handling our cyber protection.”

Is he really? How much has he been trained on cybersecurity? How will he be able to detect a breach? How soon can he detect it? These are the hard questions you should be asking. IT “guys” are good at installing and managing your systems, but without the proper tools, they can be in the dark about a data breach as much as you are.

 

Axiom Cyber Solutions Has You Covered

Our SecureAmerica Threat Defense Platform takes in multiple open and closed source threat feeds daily. It is built on Artificial Intelligence and Machine Learning to not only parse the latest threats but predict future ones as well.

With a low monthly subscription cost, you can have a complete cybersecurity package. Give us a call at (800) 519-5070 or send an email to info@axiomcyber.com for more information.

 

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

United States healthcare organizations, from small two-person offices to massive hospitals, need to draw their attention to cybersecurity. While many medical personnel don’t understand or think they need it, a recent report by the U.S. Department of Health & Human Services on cybersecurity disagrees.

The industry must come together to address this growing concern and this blog will give you six solid ways to do so.

 

Why Healthcare Organizations are Targeted

According to the Identity Theft Resource Center, social security numbers have the possibility of being more exposed in healthcare than any other industry.

In addition, because doctors’ offices, hospitals and suppliers are often interconnected with Electronic Health Records, once a cybercriminal breaches one system, it’s much easier to crack into others.

Unlike credit card numbers that are generally used within a few minutes to a few days of being stolen, health records are valuable to a bad actor up to ten years after they capture the data. If the patient information is sensitive in nature, it can be used a blackmail against them.

One other important note, health records are ten to sixty times more valuable on the dark web than credit card information.

 

How Bad Actors Get In

Nurses, doctors and administrators typically don’t understand data breach risks; therefore, cybercriminals access patient records in one or more of the following ways:

  1. While smart devices help diagnose and treat patients, they often have the lowest level of encryption which make them great entry points
  2. Legacy hardware that doesn’t support current operating systems and applications and software that hasn’t been upgraded and updated is another method
  3. Electronic Health Records (EHRs), that are purposefully or accidently given to the wrong individuals
  4. Patient portals that do not have end-to-end encryption

Unfortunately, even today, only 25% of all U.S. hospitals have a designated cybersecurity specialist, according to Healthcare IT News. This makes reporting and monitoring difficult.

Ignoring Cybersecurity is Risky Business

If patient data is stolen or compromised, your organization will be held accountable under HIPPA guidelines and will incur heavy regulatory fines. In addition, if enough records are exposed, your brand reputation will suffer leaving patients to possibly seek other medical options. Last, if your records are held for ransomware, you may have to pay millions of dollars for return of those records.

 

Six Effective Cybersecurity Solutions

  1. Put one individual in charge of cybersecurity.
    Whether you run a small office or a sprawling medical complex, one person needs to oversee cybersecurity. This person will set policy. They will be the conduit to others to report problems and suspected breaches.
  2. Complete a benefit/risk analysis of all connected devices.
    What is the value of each device? Is there an alternative product that offers a better cybersecurity choice? What is your BYOD policy? A complete analysis should be completed before moving to the next step.
  3. Set in place cybersecurity standards and practices.
    Once a thorough analysis of your hardware, software and network solutions is concluded, which should include virtual workers and suppliers that can tie into your network, you are armed with enough information to move forward on an effective policy. Work with outside consultants who can analyze your vulnerabilities effectively.
  4. Subscribe to updates from the Health Care Industry Cybersecurity Task Force.
    This 21-member task force is responsible for researching and making recommendations on healthcare cybersecurity initiatives. They offer best practices, on an ongoing basis, to prepare your organization against an attack.
  1. Implement a strong continuous monitoring solution.
    Effective cybersecurity starts by protecting the data that resides on the network. Failure to have 24/7 monitoring can result in data loss, ransomware and impact your brand integrity.
  2. Outsource cybersecurity.
    The funding required to hire, train and keep cybersecurity talent may simply not be available for small-to-medium medical facilities. Tack on assessment software and monitoring solutions, which can be enough to push your small IT budget over the edge, not allowing you to move forward on other needed equipment upgrades. Outsourcing handles all of the above concerns and more.

Axiom Cyber Solutions Can Protect Your Medical Establishment

We offer the world’s first polymorphic cyber defense platform that can identify the newest threats, vulnerabilities, and automatically dispatch updates in real-time. This included ransomware and DDoS mitigation, as well as, dynamic dark web protection. Contact us today to learn more about how we can protect your data today!