Blog

By srost 09 Sep, 2022
Your partner in personalized IT solutions for 30+ years.
By srost 30 Aug, 2022
In 2019, New York State Governor Andrew Cuomo, signed the Stop Hacks and Improve Electronic Data Security Act, otherwise known as the SHIELD Act. The Act went into effect on March 21, 2020. The SHIELD Act is a required guideline set by NYS to further protect the identity and security of NYS individuals’ private information, whether your company resides in NYS or does any business with New York residents. “Any person or business that owns or licenses computerized data which includes private information of a resident of New York shall develop, implement and maintain reasonable safeguards to protect the security, confidentiality and integrity of the private information including, but not limited to, disposal of data." Private information includes social security numbers, driver's license numbers, account numbers, credit/debit card numbers, fingerprints, retina images (ex: face ID for smartphones), usernames/emails/passwords, and more. The goal of this act is to help further protect against identity theft. To reach guidelines stated in the SHIELD Act, NYS requires every business to have reasonable security measures in place. Businesses will be in compliance with the SHIELD Act if the proper security measures are set in place. Security measures as defined by this new law are: Designates one or more employees to coordinate the security program Identifies reasonably foreseeable internal and external risks Assesses the sufficiency of safeguards in place to control the identified risks Trains and manages employees in the security program practices and procedures Selects service providers capable of maintaining appropriate safeguards, and requires those safeguards by contract; and Adjusts the security program in light of business changes or new circumstances Your business will also be in compliance if you currently meet the requirements of: Title V of the Federal Gramm-Leach-Bliley Act (15 U.S.C. 6801 to 6809) Regulations implementing the health insurance portability and accountability act of 1996 (45 C.F.R. Parts 160 and 164) Part Five Hundred of Title Twenty-Three of the official compilation of codes, rules and regulations of the state of New York (Cybersecurity Requirements for Financial Services Companies) Any other data security rules and regulations of, and the statutes administered by, any official department, division, commission or agency of the federal or New York state government as such rules, regulations or statutes are interpreted by such department, division, commission or agency or by the Federal or New York state courts. Any breach in security is now required to be reported directly to the New York State resident whose information allegedly was stolen. Failure to comply with the SHIELD Act will result in a fine from the New York State attorney general. Read the official SHIELD Act text here . ACC is dedicated to assisting our clients with their compliance requirements, including initial steps as well as ongoing efforts while needs change. Contact us here to start a discussion and request a compliance audit.
By srost 10 Aug, 2022
In the growing list of ways threat actors are trying to access and steal data and information, we want to take a minute to talk about attacks that happen on a device most of us carry around all day. Cell phones are increasingly targeted for phishing attacks via SMS (text messaging), also known as "smishing." Why? First of all, we’ve come to trust our smartphones as the device that solves a lot of our problems, like googling an actor we can’t remember the name of, or like replying to an email while on the go. By targeting a device we trust (whether subconsciously or not), the attacks are often more successful because we let our guard down. Secondly, because they’ve become almost as unique and valuable as social security numbers, cell phone numbers are highly sought after info in a data breach. The attacks happen for different reasons and use different techniques. The following is a list of just a few examples methods and contexts they come in: Unsolicited text messages from banks, service providers, and superiors. Most play upon some sense of fear, such as account cancellation, someone stealing money from your bank, being accused of a crime or wrongdoing, or harm to your family. Often, they will impose a sense of urgency to illicit a response. They will request that you text back or go to a link to fix or activate something. Anyone with an email address can send you a text message. All mobile providers have an email-to-text conversion address. There are many web/app-based free text messaging services that require no verification of identity to use. SMS is a major form of 2-factor authentication for applications; therefore, it’s a target. So, how do they obtain your mobile number? There are quite a few ways that you might not even think of because they’re so engrained in our everyday lives. 1. Many rewards programs utilize your cell phone number as your identity. Retailers with brick-and-mortar stores will ask for your phone number when you check out, and anyone nearby can hear it. 2. Most businesspeople list their cell phone number on their business cards, email signatures, and presentations they give. 3. We use our cell phone number at many publicly accessible locations, such as pizza shops, restaurants, doctors’ offices, hairdressers, and grocery stores. What can you do to protect yourself? Generally, you should avoid interacting with the message’s content or sender, but here are some specific actions. Do not rush to action; take your time evaluating a text. Do not reply to any texts that are unsolicited. Do not click on links from unsolicited texts. Report the suspicious number to your cell phone provider. Delete the message to avoid inadvertent responses. It's important to make sure your colleagues are educated about these risks and the protective measures they can take. We suggest sending this post to them or setting up a seminar in your office with ACC's cybersecurity experts.
By srost 08 Jun, 2022
Part of an IT professional’s job is to ensure their company’s network is secure, helping to prevent attacks that lead to downtime, lost/stolen data, and severe frustrations from end users and management. Many times, the biggest threat to the carefully chosen layers of security is the end users themselves. They click on unfamiliar links, visit sketchy websites, or give credentials and information out to the wrong person, among other things. But we can’t place all of the blame on them; old habits die hard, and technology constantly changes. We have to continuously educate end users and ourselves on best practices and make sure they’re building good habits when it comes to technology use. There are multiple steps in creating and maintaining a secure network, but here are three of them. 1. ALWAYS VERIFY SOMEONE’S IDENTITY BEFORE GIVING OUT INFORMATION Social engineering attacks have always been the easiest way to obtain credentials and sensitive information. Why take the time to hack a system when you can pretend to be a vendor or someone else and get the info gift-wrapped to you by an end user? Calling and pretending to be a representative from a vendor, even a big name like Microsoft, is a popular strategy. If an end-user has never talked to this caller and has the slightest doubt if they’re really from the company, no information should be given. If it’s a vendor your company does business with regularly, hang up, call the main point of contact there, and ask for verification. Taking the time to do this can save headaches down the road. The same thing applies to spoofed emails that appear to come from a coworker. Requests for passwords, money distribution, or any sensitive information should always follow a multi-step verification process. Options include a verbal confirmation or signed form for the request. The bottom line is that legitimate companies will never ask for an end user’s password or other sensitive info over the phone. When in doubt, verify! 2. BE WARY OF URLS/LINKS THAT LOOK ODD Links to webpages are everywhere, including in emails, in text or ads within a webpage, in text messages, in apps, and in other places. We’ve been clicking on those links since AOL told us we had mail in the 90s, but that was over 20 years ago, and our behavior needs to change with the times. Today’s headlines and titles are meticulously crafted by clever marketers to entice people to click (we may or may not have intentionally written our post title this way…). Often, this is to increase views and website traffic with the intention of gaining new business. Sometimes, it’s done with malicious intent. People will click on links and unknowingly visit web pages that contain malware, ransomware, and all sorts of mayhem if they don’t exercise caution. Here are a few ways to spot sketchy links: The grammar and spelling of the surrounding text are poor or beyond comprehension. Letters are replaced with similar characters, such as 0 for o in google.com (g00gle.com) It’s in a message from someone you know, but the wording is very unlike that person. The top-level domain is something besides the more common .com, .org, or .gov. Examples include .ru, .download, .xyz, and .science. Shortened links (bit.ly, ow.ly, etc.) on web pages, in emails, or even on unfamiliar social media posts. Of course, a sure-fire method is to just not click on it. 3. ADD AND MANAGE LAYERS OF NETWORK SECURITY It’s not all up to the end users. The IT department/professional is responsible for putting layers of security in place as a multi-directional defense (to keep threat actors from reaching in and internal staff from allowing them in). Depending on the business type, applications, and data needs, among other things, the network security components needed will vary. Businesses in the healthcare, financial, and human resources sectors typically have higher cybersecurity compliance requirements because of the sensitive data they acquire and store. In addition to creating a strong network defense, IT professionals must keep informed on changing technologies, new threats, and the best ways to mitigate risks for the business. Businesses also utilize outside IT firms for various reasons, including larger projects, consultation, and additional helpdesk support. It’s important that outside firms are vetted and questioned about the solutions they recommend. They should always be able to back up their recommendations with solid reasons that tie back to the business, especially when the business’ network security and data are at stake. IN THE END… Education and prevention are key steps to protecting your business’ network from intruders who aren’t allowed access. If you’re at all unsure about the security of your network, contact us .
By srost 31 May, 2022
1. Lock Your Computer This is by far the easiest habit to build, and no, we don’t mean physically locking your computer. No matter what size organization you work with or if you work from home, locking your computer screen every time you walk away from it is a layer of protection. Let’s say someone social engineers their way in to your office and has physical access to computers. You walk away to attend a meeting or use the restroom without locking your screen. They now have free reign to do whatever they want while you’re away. It’s just not worth the risk. Lock it down! Here’s a handy keyboard shortcut for locking Windows PCs:
By srost 25 Apr, 2022
WHAT IS HTTPS, AND WHAT DOES IT DO? In general, HTTPS creates a more secure means of communicating information over an insecure network. It’s important when we’re putting our personal information—like a credit card number, social security number, date of birth, or confidential health information—into a website form. If that information is intercepted by people who don’t have the right to have it, we’re going to have a bad day. However, it’s more necessary today that any website, no matter if it has a form or just text and images, be secure. Without proper and ongoing security, threat actors (aka the bad guys) can harm your visitors and business by doing things like changing the content on your site, adding links to malicious sites, or “eavesdropping” on a visitor’s activity on your site. A BRIEF HISTORY OF HOW WE GOT HERE In 2010, the Electronic Frontier Foundation and The Tor Project released a browser extension that automatically made websites use HTTPS. Fast forward to 2014, and Google started a heavy push to get website owners and developers to make their site more secure by implementing HTTPS across the site. In July 2018, Google Chrome automatically marks all non-HTTPS websites as “Not Secure.” And because Google is…well…Google, they have the clout to make big changes standard across the Internet.
By srost 09 Apr, 2022
Microsoft Teams is a unified communication and collaboration solution that includes useful business utilities and features, such as text and video chat, file storage, and integrations with other applications. As security is a top priority for any solution we vet and recommend to our clients, one of the key things we like about Teams is its security. It supports over 90 regulatory standards and laws, including HIPAA, GDPR, FedRAMP, SOC, and more, and is continuously updated for persistent security efforts. If your organization is already using Office 365, chances are, you already have Teams as part of your subscription. Check out these additional features of Teams that could be useful for your organization, especially with staff who are working remotely. For within your organization: Text and video chats one on one with other staff Group chats with multiple staff Company work hub allows you to create smaller teams around departments or projects with different permissions levels for team members. Create channels, which is where the bulk of the work gets done Document and file storage/integration with Sharepoint, etc. Text chat, postings to all team members (or tag individual members), audio or video meetings with screen sharing Scheduled meetings (integrate with Outlook), ad hoc meetings For outside your organization: Hold team live events with up to 10,000 attendees Designate producers and presenters Take questions from attendees With your board of directors: Schedule and invite board members from your calendar right inside Teams Hold board meeting virtually with audio/video and screen sharing Post board files and information to a SharePoint site and link into Teams meeting Up to 250 attendees Record meetings to post later These are just some of the main features of Teams that we’ve found our clients find the most useful. Want to see more? Contact us here! We’re happy to give you a demo and tour of the application and its many uses.
By srost 28 Oct, 2021
Central New York's security experts from Secure Network Technologies and ACC Technical Services provide a webinar on cyber security and protecting your organization from cyber threats. View the webinar here: https://youtu.be/CibfgOmusPc
More Posts
Share by: