5 Cyber Security Lessons Learned from Covid-19

5 Cyber Security Lessons Learned from Covid-19

We hope you enjoyed the first lesson in our five part series detailing business continuity and disaster recovery strategies in the wake of the Covid-19 pandemic. The second part of our series focuses on cyber security lessons learned during pandemic.

Ontech provides IT support for Milwaukee and surrounding area businesses. In the aftermath of 2020, organizations have a heightened concern when it comes to cyber security, particularly those in healthcare, insurance or finance due to HIPAA and PCI compliance concerns.

With ransomware in healthcare (and other sectors) at an all-time high, these 5 cyber security solutions should definitely be taken into consideration to maintain a secure network and avoid downtime.

Lesson 1) Remote Work Presents Security Challenges

As the number of remote workers rapidly grew in 2020, greater Milwaukee businesses found they had less control over their workforce at a time when more control was needed.

cyber security lessons covid 19

 

This lack of control created many headaches for a wide variety of organizations and telecommuters, but those who were prepared reacted quickly, implementing controls by:

  • Setting strict security standards for remote workers, including the use of business grade software, virtual private networks, enhanced password controls and the use of monitoring software.
  • Restricting data only to users who need it. This least access policy has always been important, but in a remote work environment it is absolutely critical. The recognition that different departments may require different levels of access was one of the most important cyber security lessons of the Covid-19 pandemic.

Lesson 2) Robust, Modern Email Security is Critical

In a remote work environment, email takes on a new significance, supporting project updates, keeping workers in the loop and creating ad-hoc meetings. In 2020, many businesses found that email was also the weak spot in their cyber security protocols, and in the aftermath, those organizations took steps to:

  • Upgrade Spam Filters: Implemented modern spam filtering methods to stop phishing attacks in their tracks. This spam filter technology integrated artificial intelligence (AI) to identify problematic messages and keep them out of employee inboxes.
  • Enable multi-factor authentication: The use of multi-factor authentication has always been important, but it took on a new significance in 2020, as Covid-19 lockdowns forced businesses to send their workers home. Both Gsuite and Office 365 offer multi-factor authentication as a simple setting that can offer added peace of mind.
  • Implement security awareness training: Email remains the #1 target for remote workers, and email security is an integral part of any effective cyber security protocol. It’s no secret that employees are the greatest security threat. Phishing became an even bigger problem in the wake of the Covid-19 pandemic, cyber criminals took advantage of users who were unprepared to work from home. And since phishing is often a gateway to ransomware attacks, the stakes could not be higher. One great way to remediate this risk is by testing employee awareness of phishing techniques through security awareness training.

Lesson 3) Utilize the Swiss Cheese Analogy for Network Security

When you look at a single slice of Swiss cheese, it seems pretty permeable, with lots of holes for air to pass through. But when you stack a dozen slices of Swiss cheese one on top of the other, you get a slab you can no longer see through.

This is known as the Swiss cheese analogy, and it can be applied to everything from pandemic response and public health to IT security and managing a remote workforce.

A multi-layered response to cyber security challenges created by the pandemic is essential, and you can build your own nearly impenetrable stack of Swiss cheese by:

  • Having a solid spam filter in place.
  • Integrating security awareness training for both onsite and remote workers.
  • Integrating managed security services to patch servers, maintain IT infrastructure and keep critical systems up to date.
  • Deploying advanced technology, including real-time threat detection and response, backed by cutting edge technologies like artificial intelligence, machine learning and even a 24/7 network operations center (NOC). Identifying threats before they materialize will become increasingly important in the coming years.
Could your network use a fresh pair of eyes? Request a Network Discovery. This complementary on-site evaluation is a great way to understand the strengths and weaknesses of your IT infrastructure.

Lesson 4) Strict Technology Use Policies Are Becoming Increasingly Important

As 2021 gets underway, businesses are finding their technology use policies need to be stricter than ever before. At the same time, those technology use policies must also be adaptive to the needs of the mobile user, including newly remote users.

In response to this lesson, businesses everywhere are:

  • Updating remote access and bring-your-own-device (BYOD) policies to address a new wave of cyber threats and give newly remote workers the support they need.
  • Reassessing their corporate IT security architectures, along with support needs for remote workers and remote access. In response to the challenges of the Covid-19 pandemic, businesses are increasingly adopting mass scale changes that incorporate risk/context-based mechanisms for security authentication.

Lesson 5) Secure All Tools and Credentials

The security of tools and user credentials has always been important, but just how vital it is will be an enduring lesson of the Covid-19 pandemic.

To implement this lesson, we encourage greater Milwaukee organizations to:

  • Use secure communication tools like Microsoft Teams. Take steps to secure these tools through the use of multi-factor authentication.
  • Keep software up to date, ensuring hackers cannot exploit easy to overlook technology tools like webcams and microphones.
  • Use password managers along with best practices for password use including minimum length and complexity requirements, disallowing the reuse of credentials, denying bad passwords and prohibiting the sharing of passwords.

If your greater Milwaukee area business has questions about any of the topics discussed today, please feel free to call our support team at 262-522-8560 or send us a message online.

We hope you enjoyed this look at the five biggest cyber security lessons of 2020, and we encourage you to check out the next piece in our series. Part three of our five part series will be on the Availability of Data, a critical subject for anyone doing business in 2021 and beyond.

Cyber security lessons
The Rise of Ransomware in Healthcare

The Rise of Ransomware in Healthcare

Unsurprisingly, the healthcare industry has been struggling under the weight of the COVID-19 pandemic. But this year, we saw another threat to the solvency of cash-strapped hospitals, medical clinics and other providers that could put their survival and the well-being of patients at risk.

This threat is none other than ransomware and it has now massively infiltrated the healthcare industry. In October earlier this year, the FBI issued  a warning about the impending threat that ransomware poses to the US healthcare system.

And while ransomware may not be life threatening the way COVID-19 is, the results of a ransomware attack can be truly devastating for hospitals, medical professionals and even patients themselves.

Why Target Healthcare Organizations?

The reasons behind this is simple. Hospitals and medical clinics are often viewed as “soft targets” by perpetrators of ransomware attacks. They know hospitals can’t afford to have their IT infrastructure compromised, and even a short-term outage could put the lives of patients at risk.

At the same time, hospitals are struggling with monetary shortages, especially in the wake of the COVID-19 pandemic and the cancellation of elective surgeries and other revenue-generating procedures.

With tight cash flow, few hospitals have the resources to field an entire IT team. The resulting lack of experts puts them at risk.

The statistics behind ransomware in the healthcare industry are startling enough to spur every healthcare administrator into action.

Healthcare Cybersecurity Statistics in 2020

  • Over the past five years, ransomware attacks have cost the health care industry more than $160 million, a significant problem in a world of rising hospital and medical costs.
  • Data breaches are far from isolated incidents. Nearly 9 in 10 healthcare organizations experienced a breach in their cyber defenses in the past two years alone.
  • Hospitals depend on connected web applications to deliver critical patient care, but nearly all of those apps are vulnerable to ransomware and other forms of cyber-attacks.
  • More than 80% of healthcare professionals surveyed said that cyber security was one of their biggest concerns.
  • According to a recent survey, nearly one quarter of ransomware victims in the healthcare field admitted to paying a fee to get their data back.

The fact that so many healthcare organizations are willing to pay ransom is exacerbating an already bad situation and increasing the threats for everyone else.

The results of a ransomware attack can be dire, not only in terms of patient care and safety but in terms of fines and fees. Healthcare organizations that lack a vigorous cyber defense are leaving themselves open to millions of dollars in governmental and private sector penalties.

The Greatest Ransomware and Cyber Security Threats to Healthcare


Not content to merely disrupt an operation, the latest wave of ransomware attacks focus on taking networks down completely, putting patient care and hospital operations at risk.

Surprisingly, many of these threats are still coming by email, with phishing attacks, targeted spear phishing attacks and broad spectrum messages designed to capture the largest number of victims. These targeted emails are becoming increasingly sophisticated, allowing them to slip through even the most rigorous spam filters.

How to Stop and Reduce Cyber Threats

The dangers posed by ransomware is expected to quadruple over the next few years. But healthcare organizations are not helpless in the face of this onslaught; there are steps that hospitals, medical clinics and private doctor’s offices can take to protect themselves and reduce their risk of being victimized.

Reduce the Risk of Ransomware with Security Awareness Training

With users being the weakest link, security awareness training is the number one thing healthcare organizations can do to protect themselves.

With this innovative cyber security solution, healthcare organizations can schedule simulated phishing campaigns to test their own users on a quarterly basis, targeting various parts of their organization in a deliberate and highly effective manner.

Financial spoof emails can be sent to the hospital accounting department, while fake shipping and receiving invoices and UPS and FedEx updates can be sent to shipping and receiving to test their security awareness.

This type of training is critical given the current situation and the growing dangers that healthcare organizations now face. Even today, a surprising number of employees continue to fall for phishing emails targeting widely used products like Office 365 and Google.

Good spam filters work by recognizing when the name and email address does not match, and this is a good first step for healthcare organizations that want to improve their safety. Spam filters can help by reducing the number of phishing emails and ransomware attempts that make it through, but a layered security approach is the ideal approach.

The reality is that one cyber security solution is not enough. Think of the Swiss cheese analogy where one layer is stacked on top of a second layer, on top of a third layer so that cyber threats would need to penetrate multiple layers before getting through to your network.

How to Spot Phishing Emails

Healthcare organizations can protect themselves from ransomware in the following ways:

  • View your email inbox with skepticism. Take the time to read incoming messages and report suspicious emails to your IT department or managed IT provider.
  • When it doubt, pick up the phone. Call the apparent sender of the email to verify authenticity. (i.e. If you receive an email from the bank, call the bank directly to make sure the message is real.)
  • Educate yourself about the kinds of spoof emails that are out there. The threats you and your staff face will be key to an effective cyber defense.

how to stop phishing

A proactive cyber defense that includes security awareness training, the use of quality spam filters and reliance on experienced IT managed service providers will be key going forward.

If the healthcare industry is to survive not only the COVID-19 pandemic but also the ransomware epidemic, a smart, proactive layered security approach is necessary in 2020 and beyond.

ransomware in healthcare
IT Budgeting in 2021: 4 Helpful Tips

IT Budgeting in 2021: 4 Helpful Tips

IT budgeting in 2021 is always an important topic for IT managers. From justifying investments to maximizing budget, it can be challenging to predict what the coming year will hold. With 2020 coming to a close, everyone is hoping for better days ahead in 2021. As the calendar turns over, IT managers throughout the greater Milwaukee area are looking over their IT budgets and trying to make the most of every available dollar.

From lock downs and work at home requirements, to the ever-growing threat of ransomware and cyber-attacks, it’s no secret that 2020 has thrown some curve balls – particularly when it comes to IT operations.

Ransomware became more of a serious challenge for many businesses and proactive protection is critical. Whether you want to protect your enterprise-level IT infrastructure, or that of your small business, organization or local government municipality, you need to maximize your available dollars.

1) IT Budgeting Steps to Prevent Data Loss in 2021

Losing even a few critical files could be devastating – Ontech suggests emphasizing data protection in your 2021 IT budget. Consider these data backup protection tips as you finalize your IT budget.

  • Reliability: Have a solid backup and recovery plan in place. In the unfortunate event you suffer a ransomware attack, an up-to-date, reliable backup will help you survive the attack.
  • Security: Look at the security of your local appliance. Data security is only as good as its weakest link and a thorough assessment is vital. Make sure off-site storage options are secure.
  • Off-site Retention: Check your off-site retention policies. Where you keep your backups matters. Look at how you are handling that important data.
  • Frequency: Assess the frequency of your backups and think about how far back those backups should extend.

2) Avoid Common Backup Mistakes

Sometimes what you fail to do can hurt you. Here are 4 common backup mistakes to avoid in the coming New Year.

  • No redundancy: Your backups are not redundant. Redundant backups are essential for ransomware protection, data recovery from hardware crashes and other problems.
  • No testing: Backups are not tested. If you have not tested your backups, you could be in for an unpleasant surprise when you need them.
  • Reactive instead of pro-active approach: Backup failures went unnoticed. Either in-house IT or your outsourced IT partner should monitoring your backups along with any failures so they are addressed right away.
  • Too little data: Your organization only has three days’ worth of backups. When it comes to your data, three days of backups are not enough. Look for ways to create a comprehensive data backup when building your 2021 IT budget.

3) Move to the Cloud

More than 3 out of 4 of Ontech’s server migration projects today support businesses migrating their operations to the cloud. When evaluating your IT budget in 2021, consider that cloud-based storage is simpler, more robust and far more secure than keeping your data locally.

Need a solid data backup solution? The Microsoft Cloud/Azure platform is a solid choice for businesses who no longer want or need onsite hardware. The flexibility of cloud storage is one of Azure’s best assets, with month to month and annual options along with the ability to pay variable costs based on usage.

Adding users and changing software is easy. With a cloud-based platform, you get access to the latest operating systems, along with the ability to add users any time you need.

Worried about incompatibility conflicts? With cloud-based solutions, you can spin up a virtual server in Azure to test software compatibility and ensure your software is compatible with the cloud.

If your workforce is mobile or employees will be working from home in the near future, make 2021 the year you move data to the cloud.

4) Consider IT Solutions That Support Mobility

With telecommuting becoming the norm and workers demanding mobility, IT solutions that support these changes has never been more important.

With laptop sales now exceeding sales of desktop computers, it is predicted that there could be a shortage of laptops moving forward. If your 2021 IT budget includes buying laptops, you may need to act fast.

If you are looking to improve collaboration in your workforce, tools like Microsoft Teams provide easy collaboration and support for virtual meetings.

In terms of security, mobile device management (MDM) goes hand in hand with mobility. This service is now widely available through GSuite, Microsoft and managed service providers.

Last but not least, consider incorporating VoIP solutions into your 2021 budget. With Voice over Internet Protocol (VoIP), every laptop or smartphone can become an office phone. This allows employees who are working from home to communicate safely without giving out their personal telephone numbers.

Mobile Security Checklist

Use this mobile security checklist to ensure compliance and secure your IT infrastructure throughout 2021 and beyond.

Building a robust, yet affordable IT budget can be a challenge, but with careful planning, you can maximize your budget and create a strong, stable, secure IT network.

If you need help with your upcoming IT budget, call Ontech Systems at 262-522-8560.

All Ontech customers receive a free IT budgeting meeting, and new customers are encouraged to contact our support team by phone or online to learn how we can help with your IT budget for the coming year.

Local Government Cyber Security

Local Government Cyber Security

Local government cyber security is facing a serious epidemic that threatens to drain funds, upend budgetary assumptions and leave communities without the services they have come to rely on. This epidemic is none other than cyber crime and the problem is growing worse with each passing year.

As the private industry beefs up its cyber defenses and employees become more cautious about clicking links and answering unsolicited phone calls, hackers have changed their tactics and targeted a new class of victims – local government.

The statistics speak for themselves.

Cyber Security Statistics for 2020

Unfortunately, government agencies are now the most frequently targeted organizations, suffering more than 15% of all cyber-attacks in 2020. Cyber criminals know that a successful cyber-attack on a local government will have an outsized impact, and that can increase the odds of a payout.

For example, when the city of Atlanta was targeted with a ransomware attack, millions of ordinary citizens were impacted for weeks while employees and IT experts struggled to bring their systems back online.

Ransomware in particular is an insidious problem and infections are spreading rapidly. In 2020 alone there has been a nearly 50% increase in the number of ransomware variants in the wild, making it difficult for non-IT experts to protect themselves and their systems.

Local government cyber security
In just the past year, cybercrime has affected a number of local communities including large cities, small towns and even unincorporated rural areas. No one, it seems, is immune from the dangers of cybercrime.

Aside from political upheaval and a global health crisis, 2020 also ushered in a new age of ransomware attacks aimed specifically at municipal governments already struggling under the weight of the COVID-19 pandemic.

Cyber Threats: Obstacles Local Government Organizations Face

Cyber criminals are well aware that local government organizations often lack the resources to fully protect themselves from known and emerging threats.

Some of the challenges municipal organizations face include:

  • Limited budgets and lack of funding: Local governments often lack the resources for a robust cyber defense which leaves them vulnerable to hacking and ransomware attacks.
  • Lack of IT expertise: Few local governments have dedicated IT staff in place to resolve vulnerabilities or offer security recommendations.
  • Insufficient cyber awareness: Municipal staff are skilled at what they do, but similar to the private sector, employees lack the training, knowledge and awareness to distinguish legitimate emails from phishing attempts.

Maintaining Personally Identifiable Information (PII) Compliance

While it is important for local governments to prevent losses, PII compliance is also a consideration.

  • Municipalities can be held liable when someone within their organization becomes aware of an issue and the organization fails to take action.
  • For local governments that accept credit card payments, PCI compliance is vital. Many municipalities fail to comply because they are unaware of how this type of compliance works and why it is so important.
  • Using a free email service like Hotmail or Gmail can put local governments at risk. If these email systems must be used, proper tracking technology is essential. Every piece of email that flows through the municipal system, no matter what the platform, must be carefully tracked and archived.
  • Care must be taken when publishing agendas, meeting minutes, resolutions and other information online so this information is freely available and accessible to the public.

The 3 Most Common Ransomware Attacks

The details surrounding cyber-attacks vary greatly which makes prevention particularly difficult since the game is always changing. Three of the most common ransomware to watch out for are Ryuk, CryptoLocker and Cryptowall.

Should You Pay the Ransom?

With any luck, your municipality will never suffer a ransomware attack, but if you do, like so many others, you’ll find yourself with an important decision to make.

Should you pay the ransom, or should you refuse the extortion attempt and work to rebuild your systems from backups and other available resources?

At first, paying the ransom may seem to be the path of least resistance, but there is no guarantee that payment will end your problems, or even get your files back. You are dealing with criminals after all.

Some hackers will destroy your data just because they can, even if the ransom is paid. Even if you do pay and get the decryption key, the attackers might only give you 80% of your data back – or perhaps nothing at all.


 

But consider this: paying the ransom may actually harm you more in the long run.

When you pay the ransom and get the decryption key, that key could actually contain a beacon that leaves what hackers call ‘breadcrumbs’.

These breadcrumbs identify you as a ‘known payer’ and basically flag you as an organization that is likely to pay the ransom a second time. Before you know it, a few months down the road they send out another piece of malware that searches for the beacon and they target you all over again.

Does Cyber Liability Insurance Help?

Even if you have cyber liability insurance, paying the ransom and filing a claim will drive up your premiums and hurt your budget in the process.

If you want to protect yourself and your citizens, we encourage you to contact Ontech Systems to assess your vulnerabilities and take appropriate action.

The Average Financial Loss

The results of cyber-attacks can be devastating for local governments and the communities they serve. A single cyber-attack can disable systems for weeks on end, leaving those who rely on local government services scrambling for assistance in an already trying time.

For local municipalities, the losses can be devastating. In the last few years, the average ransomware payment has nearly doubled, and that trend is only accelerating. Hackers go where the money is, so naturally this has led to a significant increase in ransomware attacks on local governments.

How Local Governments Can Prevent Cyber Attacks

In short, prevention is the key. Recovery from a ransomware attack or cyber breach can take months and cost millions of dollars, and no local government wants to be put in that position.

If you want to protect your local government organization from the growing danger of cyber-attacks, consider these 8 steps to get started.

1) Data Backup: Become Ransomware Proof

One of the best ways to guard against data loss in the event of a ransomware or cyber-attack is by creating a robust data backup plan.

2) Managed Security Services

Consider managed security to reduce risk and uncover potential vulnerabilities before they become serious threats. Ontech Managed Security includes a ransomware guarantee as long the solution is running on your network.

3) Take a Proactive Approach

Take a proactive approach to antivirus protection and systems patching, either through a managed IT service or on a regular basis manually.

Be prepared for future compliance regulations. More compliance is expected to be coming down the pipeline, so taking steps toward securing your network now can ensure you’re protected and not vulnerable to fines or violations down the road.

4) Regular Risk Assessments

Conduct a third party network security assessment. Ontech recommends regular network risk assessments every 1-2 years to maintain a secure local government network.

5) Clear Separation between Network Components

Confirm there is a clear separation between servers, networks and environments. Separating the various aspects of operations can be critical to mitigating damage should a cyber-attack occur.

6) Cyber Security Basics

Don’t overlook low cost solutions and cyber security basics to avoid potential threats. Some actions, like requiring strong passwords, security awareness training or limiting employee access require little to no investment. Use this cyber security checklist as your guide to protection and compliance.

7) Cyber Liability Insurance

Purchase cyber liability insurance to protect your organization, your employees and the people you serve.

8) HIPAA Compliance (Where Applicable)

If your local organization has a health department, ensure they are HIPAA compliant. HIPAA compliance is a big deal for local governments with dedicated health departments.

More Than Just Monetary Damage

In a growing number of cases, the perpetrators of ransomware attacks are now corrupting databases, erasing critical files and wreaking havoc on municipal networks, all while they await their ransomware payments.

The result is often millions of dollars in financial losses, along with thousands of invaluable, confidential records.

By the time the ransomware payments are received, often in untraceable virtual currencies like Bitcoin, extensive damage has already been done, and some of that damage may be irreversible.

For this reason, we always encourage local governments to take a proactive approach to fighting cybercrime. It is not enough to wait until the demand has been sent; mounting a robust cyber defense now is more important than ever before.

Whether you need assistance evaluating your network or you have questions about local government IT services in general, please feel free to reach out to our support team online or by phone at 262-522-8560.

Reduce local government cyber security risks
6 Best Practices When Working from Home

6 Best Practices When Working from Home

The way people work has changed dramatically in recent months. As the coronavirus crisis raged on and lock downs went into effect, employees everywhere were sent home in droves.

Armed with their laptops and some rudimentary training, that new army of telecommuters were left to their own devices, forced to set up home offices, act as their own tech support and somehow protect the intellectual property of their employers. Is it any wonder targeted phishing attacks and ransomware demands came rolling in?

Cyber security awareness month

The simple answer is no, and now businesses are seeing the results. Now that the dust has settled, it’s time to revisit the best practices that can make working from home safer and more secure. And since October is Cyber Security Awareness Month, now is the perfect time to introduce and reinforce those lessons.

Best Practices for Working Remotely

Here are six best practices all home-based workers can follow to secure their data while working from home.

1) A Secure Internet Connection

When you work from home, you are entirely reliant on your internet connection, and the safety of the data you work with is only as good as the security of your connection. If you want to work safely at home, you need a secure internet connection that is safe from prying eyes.

Work from home employees should ideally use a virtual private network (VPN) or a LogMeIn product to connect to the company network. These products create a secure tunnel through the internet, protecting intellectual property and proprietary data from unauthorized access.

2) Control Access to Company-Owned Devices

Access control is critical for all home-based workers, but maintaining that control can be difficult. In office-based environments access control is relatively easy, but at home there are roommates, spouses and children to worry about.

It is important for businesses to secure the devices home-based workers will be using. They can build in automatic screen locks, robust passwords and other safety measures. Encrypting hard drives and changing from default passwords and multi-factor authentication are additional steps businesses can take to protect work related devices – regardless of what environment they are used in.

3) Determine the Access Devices Have to the Business Network

The devices your home-based workers use will obviously need access to both the internet and the company network, but the level of access they are granted matters a great deal. Allowing those devices too much access or a higher level of access than is absolutely necessary is extremely risky.

It is best to follow the principle of least possible access when it comes to connected employee devices. Workers in the accounting department, for instance, do not need access to files created by the marketing team.

4) Consider the Endpoint

Security for home-based workers is a multifaceted issue, and it demands a multifaceted approach. If you want to keep your workers and data secure, you need to make sure the endpoint is properly protected.

If you have adopted a bring your own device (BYOD) strategy for your remote workforce, you will need a plan to secure those devices, including applying updates and running antivirus and anti-malware software. If workers are using company-provided devices, you will need a plan to keep those devices secure and up to date as well.

5) Backup Your Data – and Test Your Backups

No matter where your workforce is located, it is critical to back up your company data on a regular basis. If you do not have a solid backup plan in place, you are living on borrowed time, and sending your workers home will make an already bad situation that much worse.

It is vital that you have a backup plan in place that includes daily backups, real time backups for your most vital files and ongoing testing of the backups you create. It is not enough to have those backups; if you want to protect your business, you need to know those backups are working the way they should.

6) Keep Business and Personal Devices Separate

When employees are working from home, there is a strong temptation to simply use the devices they already have. Some companies have reinforced this, drawn by anticipated cost savings and other supposed benefits. Even so, there are real reasons to keep business and personal devices separate, including enhanced security and a reduced risk of outside intrusion.

If you are looking for an easy way to enforce that separation, Maas 360 could be the answer. Maas 360 is a product designed to handle mobile devices and laptops, and once the solution is implemented you will know what is happening with everything installed on that device.

Whether your kids installed software for their online classes or your spouse downloaded a sports betting app, Maas 360 will make the appropriate adjustments.

A remote, home-based workforce can have a number of benefits for your company, but there are risks as well. Hackers are already targeting telecommuters with phishing attacks, and the problem is only expected to get worse.

If you want to protect yourself and your remote workforce, utilize these six best practices and contact us if you need guidance or support.

Ontech’s support team is standing by to ensure your workforce and IT network can remain secure during this challenging time. Call 262-522-8560 with questions or to get remote workforce support today.

how to work remotely
9 Proven Ways to Secure Your Website

9 Proven Ways to Secure Your Website

With the hot topic that cybercrime has become today, you may have diligently followed our cyber security checklist and established a data backup plan, replaced outdated servers and engaged in security awareness training for employees.

But often times, an overlooked aspect of IT infrastructure is your website security. Quite often, business websites don’t reside on a local network, but instead at a third party managed hosting provider.

A common mistake is the assumption that by choosing a reliable hosting provider, your website is by extension secure.

Many modern-day websites are built using content management systems (CMS) like WordPress or Joomla.

But when it comes to software, a “set it and forget it” approach leaves your website vulnerable to security risks. Cybercriminals know that CMS installations like WordPress that make up about 37% of websites today.

Naturally, they constantly look for ways to exploit this. But regardless of what software or programming language your website utilizes, these security measures can help you enhance the security on your website. Here are nine proven ways to boost security on your website.

1) Use an SSL Certificate

The use of a SSL certificate creates a secure environment for both visitors and website owners. In technical terms, a SSL certificate is a small digital file that enables an encrypted connection. Without it, visitors run a higher risk of getting their data stolen. It’s similar to putting a letter in an envelope before mailing it.

If you want to know if your website is using an SSL certificate, just look at the URL; if you see a padlock icon in the browser bar, there is an SSL certificate installed successfully. If not, you either don’t have an SSL installed or there are unsecure elements on your page that are not referencing the secure URL.

2) Ensure Regular Backups are completed

Most web hosts include daily backups and in most cases, those backups take place on a daily basis. If you need more frequent backups, you can adopt an additional backup plan to keep your website and its content protected. If you frequently update your website, it’s a good idea to have more than one backup run on an hourly basis so you can quickly restore the website without losing your work.

3) Use Secure Usernames and Passwords

If your website is running on a CMS, one of the best ways to secure your website is by using strong usernames and passwords. Opting for a totally unique username rather than ‘admin’ can go a long way. Long and complex passwords that are changed frequently are best. This applies to your hosting account as well, but let’s not forget your domain provider.

Hackers have been known to target popular registrars like GoDaddy and once they gain access, they’ll redirect your website to another unscrupulous site without your knowledge. Many web hosts and registrars now offer multi-factor authentication for added security.

4) Delete Unnecessary Users

When a staff member is terminated, it might be easy to overlook all the areas of access they had as an employee. Your first thought might be to restrict their cloud access to important business documents, but if the employee had login access to the website (at any time), don’t forget to remove their user account.

Unscrupulous motives aside, if that staff member got in the bad habit of using the same login details over and over, this could present a huge security risk for your website. With just a little research, a hacker could compromise their email, trace it back to your business website and sell those credentials on the dark web!

This is why every business should have a process in place to remove employee access whenever a change in employment status takes place. Ideally removal of access should take place before the separation, but at the very least, access should be removed the minute the former employee walks out the door for the last time.

5) Exercise Precautions with Uploaded Files

There may be times when employees, customers and others will need to upload files to your website, but you should exercise extreme caution before allowing those uploads to go forward. Scanning potential uploads for viruses and other malware is essential, as is vetting the individuals and entities that plan to do the uploading.

It is important to have a formal plan in place that details things like who is allowed to upload files, what kinds of files can be uploaded and how those uploads can be monitored and secured.

Website development

6) Select Reputable Website Hosting

While it is possible to host your website on your own server, if you lack the capabilities for server maintenance and don’t want to outsource it, you could opt for an external web host. If you need a reliable hosting partner with an excellent reputation and robust security measures in place, contact Ontech Systems for a recommendation.

7) Install a Security Plugin

There are a variety of security solutions available on the market today that can enhance the security on your website. If your website runs on WordPress, consider installing a security plugin like Wordfence. Another option is a solution like Sucuri that offers security measures like website firewall, backups, DDoS protection, malware removal and more.

8) Keep Software and Plugins Up to Date

Installing software to protect your website and enhance security is only the first step. If you want to keep your website secure, updates should be installed as they become available. Many solutions have an auto-update option available since updates are released frequently to combat cyber threats.

9) Enable Spam Protection

Unsolicited emails containing infected links are one of the major cyber threatsthat businesses face today. All it takes is one click by a single employee to infiltrate the entire network if the proper security measures aren’t in place. Since many hacking attempts originate via unsolicited emails, solid spam protection is an absolute must.

If you want to keep your website protected, you can use strategies like Google recaptcha or plugins like Akismet for comment spam on WordPress. Securing your website can be tricky, but you don’t have to face it alone.

For over 8 years, Ontech has partnered with Net Success Marketing to provide our company and clients with a full spectrum of website design, development and digital marketing services.

Whether you need assistance migrating to a new web host or you want to enhance security on your website, we can provide you with guidance on all aspects of IT security to keep your business and website safe from cyber threats. Contact our support team today to get started.

How to secure your website