These days virtually every device, app or website requires a password. It is estimated that by 2020, the number of passwords used by humans and machines worldwide will grow to 300 billion. With that many passwords flying around, it’s important to consider some common mistakes and password best practices.

9 common mistakes when creating passwords

The 2019 Verizon Data Breach Investigations Report found that 80% of hacking-related breaches involved weak password credentials. In their 2017 report this data point was 81%, so the lack of change shows how much of an issue weak passwords continue to be. Varonis has found that 65% of companies with 500+ users, never prompt users to change their passwords. It is also estimated that 28% of adults in the US use the same password for all of their online accounts.

Troy Hunt identified some of the worst passwords in version 2 of his Pwnd Passwords. Included in the list were 123456, 123456789, qwerty, password, 111111, 12345678, abc123, password1, 1234567, and 12345. The National Cyber Security Centre in the United Kingdom found in a breach analysis that 23.2 million victim accounts worldwide used 123456 as the password.

CNBC outlines 9 of biggest password mistakes:

  1. Changing passwords too often
  2. Making them too complex
  3. Not screening them against lists of compromised passwords
  4. Recycling the same passwords
  5. Being too familiar (using pet names, birthdates, etc.)
  6. “Remembering” password on a device
  7. Using common, easily hacked characters (123456, qwerty, etc.)
  8. Not password protecting mobile devices
  9. Storing a password list on computer

Password Best Practices

Now we know what not to do! Let’s review recommended best practices for setting and storing passwords.

  • Create a strong password – There are lots of opinions about what makes a strong password. In general, a strong password has a combination of upper and lower case letters, numbers, and characters. Opinions on password length range between from 8 to over 20 characters. Ensure you create a strong password for each account/website/device.
  • Stay away from the obvious – Avoid common passwords like noted above and easily identifiable information.
  • Leverage twofactor authentication –  With two-factor authentication just having your password isn’t enough. This precaution requires a PIN that is sent to you via email, SMS or app, to be entered with the password.
  • Test your password – Make sure your password is up to security standards by running it through an online testing tool. Microsoft’s Safety & Security Center offers a password testing tool that helps individuals and organizations create passwords that are less likely to be hacked.
  • Use a password manager – While people are good at remembering a great many things, relying on the human memory to store important passwords is risky. A password manager stores the unique passwords you have created for every website and will even help come up with passwords. It generally installs as a browser plug-in to handle the capture and replay of passwords. Recently, PCMag reviewed popular password managers for 2019, including Dashlane, Keeper Password Manager & Digital Vault, and LastPass Premium.
  • Change your passwords – It is tempting to keep using the same password, but changing your password periodically is a good idea. The Better Business Bureau suggests changing passwords every 30 days. However, many security professionals believe changing passwords frequently makes things worse as people have too many passwords to remember and use simpler passwords. Definitely change your passwords when there has been a security incident or cyber attack, unauthorized access, or you have logged into an account on a public computer.

Protect you and your information

Take the following steps to protect yourself and your data:

  • Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  • Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  • Ensure you and your employees are regularly trained on cybersecurity, proper data handling and storage, and password protection practices.

Remember, it only takes 1 weak password to compromise your systems, network and data.  Don’t be a victim, proactively protect your systems, network and invaluable data by implementing these 9 tips of what not to do, and 6 tips on what to do.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Backing up your data is like insurance. You need to do it so you’re prepared when disaster strikes. From natural disasters to hardware failures to malware, the threats are significant. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures claims that today, a business falls victim to a ransomware attack every 14 seconds – and this number will increase to every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018.

Not all backups are equal. Businesses can choose between backing up data to the cloud, or backing up data locally and on-site.

We’re going to shed some light on cloud vs on-site backups, and top considerations when evaluating which option makes sense for your business.

An Overview of Backups

Backup refers to the one way copying of data (folders & files) from one location to another. It’s a snapshot in time, or your data, at that time. Generally, most users and small businesses backup files to external hard drives, servers, or the cloud. Backing up is the most reliable way to protect your data and ensure business continuity when you experience major problems such as hardware failures, viruses, or natural disasters.

Individuals and businesses can either backup their data in the cloud (cloud backup) or locally (on-site).

Cloud Backup 

Cloud based backup services eliminate the need for you to have the necessary infrastructure in your business to backup locally.  This includes local storage hardware like external drives, storage servers (NAS devices), tape, optical storage and related hardware. Data backed up to the cloud is encrypted and transmitted securely over the internet to a data center that houses the hardware on your behalf. Cloud backups come in a few flavors – private, public and hybrid.

Private cloud refers to a network, hardware and storage dedicated to a single organization. It is a costly option for anyone other than a large enterprise.

Public cloud refers to a cloud services provider who supplies the infrastructure and backup service; shared across many individuals and businesses. Public cloud providers provide greater scalability. However, data security is a concern since data is stored outside the organization. Popular public cloud backup services include Data Deposit Box, iDrive, Carbonite, Acronis, AWS Backup, Azure, Google Drive and iCloud.

Hybrid cloud is a mixture of both private and public cloud. Many hybrid cloud scenarios backup the majority of data with a public cloud solution; as it’s more scalable and cost effective. A private cloud may be used for sensitive data that is contractually obligated, or is required by law or regulation, to stay onsite.

On-Site backup overview

On-site backups are typically housed in an office. Data is backed up to devices such as network attached storage, storage servers, and tape. Generally, the backups are stored onsite for a period of time and then archived in secure offsite storage. Often organizations start by backing up to an on-site device, but find the cloud backup services to be a more viable solution because of recovery time, security, and costs.

Research by Clutch predicts 78% of small businesses will back up their data on the cloud by 2020. While the Acronis  2019 World Backup Day Survey found 48.3% of businesses rely exclusively on cloud backups and 26.8% use a combination of cloud and on-premise.

Which Backup Option is Right for You?  Top 3 Considerations for Choosing Cloud vs On-Site Backup

Recovery Time Time is money and the longer it takes to recover your data after a disaster, the higher the financial impact. Recovery time is highly dependent on how you’ve been backing up your data. On-site backups take hours, days, or even weeks to recover, depending on how and where they are stored. With cloud backups recovery time may range from minutes to hours. Only an internet connection is needed to start the recovery process.

Security – Backing up data on-site exposes it to the same risks as your business. Risks include natural disasters, fire, technology failures, and cybersecurity breaches. Cloud backups alleviate some of these issues as data centers are protected by tight security and have redundancy built-in.

Costs – With on-site backups you’re responsible for both the cost and maintenance of the infrastructure required. Costs include software, hardware, personnel, and overhead such as electrical. With a cloud backup solution you’re only responsible for the costs of storage you use. Backup-as-a-Service (BaaS) providers like Data Deposit Box charge a flat rate monthly fee based on the amount of data stored (measured in GB) per month. Additionally, they provide an easy to use calculator to help estimate your monthly storage costs.

When considering which option is right for you, it’s also important to think about the following:

  • Protecting your most valuable asset – data
  • Backup best practices require firms to keep 3 copies of data (one primary, two backups (usually 1 as a primary backup, 1 on mirrored on disaster recovery equipment)
  • Offsite, real time cloud storage of your data is the only true way to protect you against hardware failures, a disaster (flood, fire etc.), and malware

Don’t wait for a disaster or malware to strike. Protect your data!

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The question isn’t if your business will experience a disaster, it’s when. From hardware failures to natural disasters to cybercrime, the threats to your business are growing in number and severity. Seagate reports that 140,000 hard drives fail in the United States each week. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019, and every 11 seconds by 2021. CNBC reports natural disasters cost the United States $91 billion in 2018. When your time comes, what impact will downtime have on your business?

The impact is huge

Gartner estimates the average cost of downtime to a business is $5,600/minute or ~ $300,000/hour. With this number in mind, it’s not hard to see that cyber threats have the potential to have a devastating impact on a business. Osterman Research found that 22% of businesses with less than 1,000 employees cease business operations after a ransomware attack. And the impacts aren’t just financial. For businesses that do survive, disasters also negatively impact morale, company reputation, productivity, and customer loyalty.

Is your business ready?

With natural disasters, cybercrime, and technology failures in the news everyday, every business must have a disaster recovery plan, right? A survey of SMEs (small and medium-sized enterprises) by Riverbank IT Management research found that 46% of SMEs don’t have a backup and disaster recovery plan. For those that do have a plan, 23% have never tested it. A 2018 Global Data Risk Report by Varonis found 21% of files in an organization are unprotected. So when disaster does strike, and there’s no plan or protection, if you’re lucky enough to survive, the financial and non-financial cost will be enormous.

The good news? Research from Datto shows that 90% of businesses with a disaster recovery plan fully recover.

Building a disaster recovery plan

A disaster recovery plan outlines the policies and procedures an organization needs to follow should a disaster strike. The objective is to protect the company’s most valuable assets (data, systems etc.), reduce downtime, financial impact, and get the business back online as quickly as possible to minimize impact on employees, customers and the brand. Plans can differ depending on the type of disaster, but the objective is ultimately the same.  There is lots of research and commentary on disaster recovery plans. Here are some of the key elements to consider:

Emergency response plan – Outlines the actions to mitigate damage to people, property and an organizations’ ability to function during a disaster.

Business continuity plan –  Logistical recovery plan used to restore normal business operations and processes in a disaster situation.

Contingency plan –  Often referred to as Plan B, a contingency plan addresses how an organization may respond to a future situation.

Business impact analysis – Process that determines and evaluates the potential impact of an interruption to critical business operations as a result of a disaster or emergency.

Recovery Point Objective (RPO) – Think about how often systems backup. When a disaster strikes and systems go down data can be restored based on the most recent backup. It is important to determine the frequency of backup that makes sense for an individual business. Would restoring data to the previous hours, days, or weeks data be sufficient to get the business live again?

Recovery Time Objective (RTO) – How long can systems be down before data is recovered and business goes back to usual? The RTO may vary by system. For example, it might be determined that an organizations’ Point of Sales (POS) system needs to be recovered in a matter of hours; while, an email system could be down for a day or two.

Communications plan – During a disaster communication is key. Ensure a plan is in place for communicating to employees, customers, partners and even the general public. In the case of a cyber security breach a communications strategy will help reduce the negative impact on the business.

Testing and training – Run drills to test the effectiveness of disaster recovery plans. Drills provide a great opportunity to tweak plans before a real disaster strikes. Ensure employees are informed about disaster recovery plans and trained on processes regularly.

Backup data – Regularly backup all of your important data at both the organizational and individual level. This ensures minimal disruption during a disaster. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Phishing gets lots of media attention; however, for many it is a bit of a mystery. What is phishing? Are there different types of phishing? How can you prevent a phishing attack? Let’s investigate each of these areas in detail.

What is phishing?

Wikipedia describes phishing as a fraudulent attempt to obtain sensitive information, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Attackers will spoof their email address to appear like someone else, set up fake websites, and disguise website URLs. It is becoming harder to figure out who and what you can trust. Avanan’s 2019 Global Phish Report found that 1 in every 99 emails and 1 in 25 branded emails is a phishing attack. Microsoft and Amazon are the most popular brands used in phishing emails. Additionally, 30% of phishing emails slip through security programs, so the threat is significant.

Phishing campaigns have two primary objectives:

  1. Obtain sensitive information – Phishing emails often seek to get you to reveal important information, such as your username or password. This gives the attacker the necessary info to access a system or account. It is very common for messages to appear like they are from your bank, credit card company, or a number of other places you would expect to be reputable.
  2. Distribute malware – The emails that aren’t stealing your credentials are trying to infect your computer with malware hidden in attachments (you can read more about malware in our blog here). Often these .zip files or Microsoft Office documents will appear to be something you are expecting, but in reality it is malicious code. In 2017, it was estimated that 93% of phishing emails contained ransomware attachments.

Types of phishing

There are a few different types of phishing. However, the one thing they all have in common is the fraudulent attempt to obtain sensitive information. Major categories of phishing are:

Spear phishing – Attackers craft a message targeted at a specific individual. Social media sites are often used to identify the target and gather information for the attack.

Whaling – Similar to spear phishing, but the target is a high-value person. The target is generally a person with power, a CEO, senior executive or board member, at a large organization.

Clone phishing – Attackers clone a legitimate previously delivered email and replace the links and/or attachments with malicious code. Clicking the links or opening the attachments enables the attacker to take control of your system and send additional malicious emails masquerading as you.

Phone phishing – Similar to email phishing, the caller claims to be a trustworthy entity like a bank or the government. They try to scare you with a problem that must be cleared up immediately. Their objective is to access account information or have you pay out money.

SMS phishing – These attacks are carried out by SMS text. The text message contains a malicious link that enables the attacker to obtain sensitive information.

Identifying and preventing a phishing attack

The harsh reality is that at some point virtually everyone and every organization will experience a phishing attack. The cost of phishing is significant. In 2018, the FBI’s Internet Crime Complaint Center reported that companies around the globe lost $12.0 billion due to business e-mails being compromised. The cost goes beyond just dollars and cents. Phishing attacks lead to decreased productivity, loss of confidential data, and damage to company reputation. Deloitte reports that 1 in 3 consumers will drop a company like a hot potato after they experience a cyber security breach.

However, there are steps you can take to reduce your chances of becoming a phishing victim.

  • Trust your gut – If something seems too good to be true, then it likely is. Be suspicious, not trusting. Legitimate organizations will never send emails asking you to provide personal information over the web. A quick Google search with the subject or text from a suspicious email will often identify if it is a known phishing scam.
  • Double check URLs – Before you click or enter personal information double check URLs. It is very common for a link in an email to say one thing but the URL is totally different. Mouseover a link first to see if it is legitimate.
  • Look for URL redirects – Make sure you are going to the URL you expect and not a different website with a virtually identical design.
  • Don’t trust urgent/scary emails – Attackers are generally trying to create a sense of urgency or fear. Question emails that are telling you to “Act Now” or “Pay Now”. According to KnowBe4 in Q1 of 2019 35% of phishing emails started with the subject line – “Password check required immediately.”
  • Watch for questionable attachments – Attachments are one of the most common ways to distribute malware. If it looks even remotely suspicious don’t trust it.
  • Don’t share personal info on social media – Avoid sharing personal information such as your birthday, phone number, or address on any publicly accessible social media platforms.
  • Educate, educate, educate – Knowledge is understanding. Regular training on new threats and what to look for are key to preventing a phishing attack.
  • Protect your data – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

You hear news reports almost daily about ransomware taking down organizations around the globe. Cyber Security Ventures estimates a new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021.

What is ransomware?

Ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access. In some cases, ransomware threatens to publish confidential data unless a ransom is paid. Norton breaks down the different types of ransomware – Cryto malware, Lockers, Scareware, Doxware and Ransomware as a Service (RaaS).

Stages of a ransomware attack

Ransomware attacks can be broken down into four different stages. What starts off as a simple click in an email, or a download from the internet, or a website visit, can very quickly lead to a whole lot of trouble and enormous expense.

Stage 1 – Phishing

One of the most popular ways for cybercriminals to access your system is a phishing email. Statistics indicate 1 in 25 branded emails are phishing emails. Avanan, a cyber security platform, reports the two most popular brands phishers pose as are Microsoft (42%) and Amazon (38%). Additionally, the Avanan research finds phishing attacks fall into a few different categories – credential harvesting (41% of attacks), extortion (8% of attacks), malware (51% of attacks), and spear phishing (0.4%).

Stage 2 – Burglar prowling

Once a link is clicked and the malicious code downloaded, the burglar begins to prowl. Your computer is compromised. Ransomware starts infiltrating your computer in a matter of seconds. In 2017 the WannaCry ransomware spread like wildfire and in a matter of hours encrypted hundreds of thousands of computers in over 150 countries. Ransomware looks for files on your computer, network, and in the cloud to encrypt.

Stage 3 – Locked out

Encryption of files on your local computer can happen in a matter of minutes. Within a few hours, encryption will impact files on your network or in the cloud. Once the malicious software takes hold, it will lock you out of your most important folders, files and data; giving you no access until you pay. Files in Saas based applications like Dropbox and Office 365 are the most likely to be impacted. Kaspersky found 65% of businesses hit by ransomware in 2017 lost access to a significant amount or even all their data. Additionally, they discovered 34% of businesses hit with malware took a week or more to regain access to their data. Coveware’s Ransomware Marketplace Report estimates the average number of days a ransomware incident lasts, to be over a week at 7.3 days, up from 6.2 days in 2018.

Stage 4 – Ransom request

Your files are encrypted and the cybercriminals are demanding you pay a ransom to regain access. Do you pay? Research indicates that 97% percent of United States’ organizations refused to pay the ransom. However, 75% of Canadian, 22% of German, and 58% of UK, companies paid the ransom. Datto reports the average ransom for a SMB is between $500 to $2,000. So while the ransom itself isn’t significant, the downtime from an attack can cripple a small business. Additional research from Datto found the average attack is 10 times more costly to the business than the ransom itself. Attacks cost a business $46,800 on average and the ransom requested averages $4,300 per attack.

Protecting your business from a ransomware attack

There is no single solution that will protect you and your business from a ransomware attack. Antivirus software, email/spam filters, and regular software updates are a few things you can start with. Focus more time and resources on:

Cybersecurity training People are one of the weakest links when it comes to cybersecurity, as a result make sure you EDUCATE!!

Backup and disaster recovery plan – Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

Does having antivirus software on your computer protect you and your data from cyberthreats? What else should you be doing? Backups, software updates, firewalls, there are lots of options to consider.

Let’s start with a few basic definitions:

Virus – A small program or piece of computer code that alters the way a computer operates without the knowledge or permission of the user. A computer virus executes and replicates itself.  The worst computer viruses of all time include ILOVEYOU, Melissa, WannaCry, CryptoLocker, Conflicker, Mydoom, and Shamoon.

Antivirus software – Helps protect your computer against malware and cybercriminals. Antivirus software looks at data traveling over the network to your devices and searches for known threats and monitors the behavior of all programs, flagging suspicious behavior. The most popular (based on market share) antivirus software includes Avast, Microsoft, ESET, Symantec, and AVG.

Backup – Backing up your files is one way copying – a snapshot of a version of a file or data, from one location to another (computer drive to hard drive, computer drive to file server or NAS, computer drive to cloud drive), at a specific point in time. It is used to protect a file, in case of loss or corruption. If a user wants access to a backed up file, they will often have to restore that file to their computer, from their backup. The most popular backup products are Data Deposit Box, iDrive, Carbonite, Acronis, AWS Backup, Azure, Google Drive and iCloud.

Firewall – A network security system that monitors and controls incoming and outgoing traffic on your network. The most popular firewall products for business includes Barracuda, Bitdefender, Cato Networks, Kaspersky, and FortiGate.

An Overview of Antivirus

Antivirus software is a key element of any cybersecurity strategy; but, it does have limitations. Traditional antivirus software is becoming less and less effective. 73% of attendees at Black Hat in 2017 felt traditional antivirus software no longer services a purpose. In the past antivirus software could protect against 80-90% of security threats but now it is believed to protect against less than 10% of threats. A 2018 report from McAfee found there were an average of 480 malware attacks a minute. The reality is cybercriminals are savvy and have found other ways to gain entry onto computers and networks, ranging from Adware to phishing to sophisticated malware.

Limitations of traditional antivirus software:

  • It’s reactionary – Antivirus software countermeasures only start when malicious code or a virus is found. As a result, it may be too late, unless you’ve backed up using versioning.
  • Needs regular updates – Hackers are always one step ahead of the Antivirus software companies. Unless you’re updating almost real-time, you could be exposed.
  • Performance issues – Antivirus software runs continuously in the background. As a result, it requires a significant amount of memory and resources.  This can have a significant impact on the speed of your PC and/or network.
  • Human negligence – Even the best antivirus software can’t protect against people who aren’t educated about malware and internet security practices. Often, infections occur through poor computing practices.  Learn more about what NOT to do here.

An Overview of Backups

Backup refers to the one way copying of data (folders & files) from one location to another. Generally, most users and small businesses backup files to external hard drives, servers, or the cloud. Backing up is the most reliable way to protect your data and ensure business continuity when you experience major problems such as hardware failures, viruses, or natural disasters. Various software and services automate the process of backing up at the schedule you determine. Cloud based backup services eliminate the need for you to have the necessary infrastructure in your business.

Not all backups are equal.  To backup properly, your backups must use versioning.  Versioning ensures incremental backups of changed documents – storing different versions as it changes over time.

Data Deposit Box provides cloud backup protection and peace of mind – guaranteed. With Data Deposit Box you can backup and manage everything with one app. You can backup an unlimited number of devices to your account, including Windows and Mac OS servers and computers, iOS and Android mobile phones, Synology and QNAP NAS devices.

Antivirus + Backups = Excellent Protection

A combination of antivirus software and cloud-based, versioned backups will provide you with the confidence that your important data is safe from hardware failures, viruses and natural disasters.

Follow these best practices to protect yourself and your data:

  • Stay up to date – Keep your devices and their software (antivirus, OS, firmware, applications) up to date. Schedule 10 minutes in your calendar each day to check for updates.
  • Use firewalls – Install firewalls on routers and devices.
  • Backup to the cloud, with versioning – Implement a cloud backup solution to ensure your important data and files are safe, and ensure you have versioning turned on.
  • Education – People are one of the weakest links when it comes to cybersecurity, as a result make sure you EDUCATE!!

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The title of an article in The Economist says it all – “The world’s most valuable resource is no longer oil, but data”.

Let’s start by defining data. Simply put, data is a collection of facts and statistics for reference or analysis. The processing, interpreting, organizing, and structuring of data creates information. Information is knowledge and has real value to a business that grows with more data.

Where is all this data coming from?

IBM notes that every second we create new data through computers, mobile and Internet of Things devices, wearables, beacons and more.  By 2021 there will be over 50 billion smart devices connected around the world and each of those devices will be collecting data.

An IDC study titled Data Age 2025, sponsored by Seagate, predicts worldwide data creation will grow to an enormous 163 zettabytes (ZB) by 2025. Additionally, the research also noted these key findings:

  • The number of embedded devices will grow from less than one per person to more than four in the next 10 years.
  • In just 8 years, the average person will interact with a connected device nearly 4,800 times a day.
  • 75 percent of the population will be connected, creating and interacting with data by 2025.
  • By 2025, over 25 percent of data created in the global datasphere will be real-time in nature, and IoT real-time data will make up more than 95 percent of this.
  • Almost 90 percent of all data created in the global datasphere requires some level of security, but by 2025 less than half will be secured.

How much is data worth to your business?

A significant amount of money is spent on collecting, storing and securing data. What is the value of that data to your business? In an article on Raconteur Doug Laney, vice president and distinguished analyst at Gartner’s data research business, says information-savvy companies with a chief data officer, enterprise data function and data science professionals currently have a book value twice the market average. MITSloan Management Review says data has become a key input for driving growth, enabling businesses to differentiate themselves and maintain a competitive edge.

With the rise in the volume of data being collected comes a rise in cybercrime. The 2019 Official Annual Cybercrime Report by Cybersecurity Ventures, predicts cybercrime will cost the world in excess of $6 trillion annually by 2021, up from $3 trillion in 2015.  Accenture’s Ninth Annual Cost of Cybercrime global study estimates security breaches are up >11% over the past year and 67% over the last five years.

Why is data so valuable?

As noted above, the processing, interpreting, organizing, and structuring of data creates information. This information provides your business with the critical insight needed to:

  • Improve your products and services
  • Enhance customer experience and satisfaction
  • Increase employee productivity
  • Improve business efficiency

An improvement in any one of these areas will have a significant impact on your business. There is no question that data is valuable, but is it really the world’s most valuable resource? That’s entirely subjective but there’s no one that’ll argue its importance and potential impact on industry.

How do you protect your most valuable asset – data?

When something is important you must protect it. Take the following steps to protect your data:

  1. Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  2. Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  3. Train all employees on cybersecurity, proper data handling and storage, and password protection practices
  4. Secure access to digital and physical information using antivirus, infrastructure (like firewalls), endpoint encryption, and related technology
  5. Don’t collect data you don’t need.

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

It’s with great sadness that we announce that Tim Jewell, Founder and Chief Executive Officer of Data Deposit Box, passed away Sunday August 18th in Toronto, Ontario.  The entire Data Deposit Box family mourns this loss.  On behalf of our Board of Directors, management team and employees, we extend our deepest sympathies to Tim’s family. Tim brought passion, experience and positive energy to Data Deposit Box.  He was loved by all.  In May of this year, the company announced a medical leave of absence for Tim. Siva Cherla was appointed as interim CEO during his leave.

More information about Tim can be found here

For those wishing to pay their respects:

Visitation at Mt Pleasant Funeral Centre, 375 Mt Pleasant Road, 4pm-8pm Tuesday August 20
Celebration of Life Wednesday August 21, at Rosehill Venue/lounge at 6 Rosehill Ave. near Yonge and St Clair at 7pm- 10pm

Donations to the Red Door Family Homeless Shelter are appreciated in lieu of flowers www.reddoorshelter.ca

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

The answer will surprise you.

Data loss is a battle organizations big and small are constantly fighting. According to a recent Gartner report, global spend on Information Security and Data Protection will reach USD $124 billion in 2019.  This figure is expected to grow at 11% CAGR to USD $284.5 billion by 2025.

Companies worldwide are spending billions on infrastructure, endpoint and application security to prevent unwanted breaches/hacks/intrusions. Capital One  was one of the most recent companies to experience a breach, with the social security, bank account, and personal information of 106 million people stolen.

However, are hacks and breaches the real cause of data loss in companies?  The answer may surprise you.

In 2019 a Shred-it survey conducted by Ipsos highlighted that nearly half of all C-Suites (52%) and one in three Small Business Owners (SBOs) say human error or accidental loss/deletion by an employee/insider were the primary cause of data loss.

That’s right, the primary culprit of data loss in many cases is human error. From accidental deletion, to lack of cybersecurity training, to misdelivery of information – humans are one of the weakest links when it comes to data loss and breaches.

Let’s look at data loss and the human element in more detail.

Accidental Deletion

Accidents happen – right? Your employees create, save, update and delete files every day, so screw ups will happen. Consequently, at the business level regularly backing up all of your important data and information is critical. For employees understanding how to properly save, store, delete or move files is crucial.  In particular, with the popularity of shared sync services like Dropbox, Box and network drives, where an accidental folder deletion can wipe critical files from everyone’s computer, this has become critical.

Lack of cybersecurity training

Are your employees able to recognize a phishing attack? Do they know how to recognize suspicious email attachments? Cybersecurity training can’t be a one-time occurrence it needs to be an ongoing priority for all employees. Malware and ransomware are constantly evolving and so should your training. Additionally, the handling of confidential information requires even more training to ensure there are no breaches.

Poor user passwords practices

A 2018 Verizon Data Breach Investigations Report found over 70% of employees reuse passwords at work. A “staggering 81% of hacking-related breaches leveraged either stolen and/or weak passwords.” From weak passwords to reusing passwords to sharing passwords, it is clear better education is needed. Two factor authentication, secured connections and password encryption are additional ways to improve the security of your data and prevent loss.

Misdelivery of information

Your employees always send information to the right people – or do they? Misdelivery of information was the fourth most frequent action that resulted in data breaches, according to the 2018 Verizon Data Breach Investigations Report. Encouraging employees to double check email addresses, encrypting emails with sensitive information and limiting the ability to send sensitive information outside of the corporate network – are ways to ensure the right information is getting to the right people.

Employee Turnover

When an employee leaves an organization information frequently goes with them. Information maybe deleted or taken with the employee on a USB key or cloud drive. Regardless, organizations must ensure all employee data is kept within the walls of the organization and is accessible. Employees should regularly backup to corporate servers or the cloud and they should be discouraged from saving files on their local computer.

What can your organization do?

Transforming your company’s cybersecurity practices can take months or years. In the short term, here are a few actions you can start with:

  1. Regularly backup all of your important data at both the organizational and individual level. For instance, implement an easy to use endpoint backup and protection solution like Data Deposit Box. Try it for free here.
  2. Ensure versioning is in place for files, sync and backups. This means saving versions of documents to protect against accidental deletion and for audit purposes
  3. Train all employees on cybersecurity, proper data handling and storage, and password protection practices
  4. Secure access to digital and physical information using antivirus, infrastructure (like firewalls), endpoint encryption, and related technology

 

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days

To understand malware and ransomware we need to first define what each is. Let’s start with the basic definitions:

Malware is a broad term describing any malicious code or program, including viruses, worms, and trojans, that provide an attacker with control over your computer, server or network.

Ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access.

Taking a closer look at Malware

Symantec breaks down the different ways malware infects targeted computers:

  • A worm is a malicious program that replicates itself and spreads from one computer to another without a host file. Worms are frequently found in files, however in this case the entire host file is considered the worm.
  •  A virus is a small program or piece of computer code that alters the way a computer operates without the knowledge or permission of the user. A computer virus executes and replicates itself.
  •  A trojan horse is an imposter, a program or files that appear to be something you need but in reality is malicious. Unlike a virus a trojan does not replicate itself. Rather, you invite it onto your computer, most commonly by opening an email attachment.

Where does ransomware fit in?

As noted above ransomware is a type of malware which takes full control of your system and requires a ransom payment to regain access. In some cases, ransomware threatens to publish confidential data unless a ransom is paid.

Norton breaks down the different types of ransomware:

  • Crypto malware – This type of ransomware encrypts files to extort money. The WannaCry ransomware is likely one of the most recognizable examples of crypto malware. It targeted thousands of computers around the world and spread quickly through corporate networks across the globe.
  • Lockers –  This type of ransomware infects your operating system and completely locks you out of your computer.
  • Scareware – A fake software that represents itself like an antivirus or a cleaning tool. It typically claims to have found issues on your computer and demands money to resolve the issue.
  • Doxware – This type of ransomware is often referred to as leakware and it threatens to publish your stolen information online unless a ransom is paid.
  • RaaS – “Ransomware as a Service” is malware hosted anonymously by a hacker. The distribution, payment collection, and file decryption are all handled by a hacker in exchange for a portion of the ransom.

How do you protect yourself?

Malware and ransomware continue to have significant impact on individuals and organizations around the globe. Here are a few key things you can do to help protect yourself:

  • Backup your data
  • Use security software
  • Regularly update your software and systems
  • Be wary of email attachments
  • Educate your employees

Secure cloud backup and storage for all your devices with one easy to use app

Try free for 14 days