No matter how “bomb-proof” we make your network, you and your employees can still invite a hacker in if you click on a link or open an attachment in an e-mail sent by a cyber-criminal. Some spam is obvious (can you say, “Viagra at a discount”?) but others are VERY cleverly designed to sneak past all the filters and trick the recipient into opening the door. Known as a “phishing” e-mail, this still is the #1 way hackers get around firewalls, filters and antivirus, so it’s critical that you and your employees know how to spot a threatening e-mail. Here are four types of e-mail ploys you should be on high alert for.

The Authority E-mail.

The most common phishing e-mails are ones impersonating your bank, the IRS or some authority figure. The rule of thumb is this: ANY e-mail that comes in where 1) you don’t PERSONALLY know the sender, including e-mails from the IRS, Microsoft or your “bank,” and 2) asks you to “verify” your account should be deleted. Remember, ANY important notification will be sent via old-fashioned snail mail. If it’s important, they can call you.

The “Account Verification” E-mail.

Any e-mail that asks you to verify your password, bank information or login credentials, OR to update your account information, should be ignored. No legitimate vendor sends e-mails asking for this; they will simply ask you upon logging in to update or verify your information if that’s necessary.

The Typo E-mail.

Another big warning sign is typos. E-mails coming from overseas (which is where most of these attacks come from) are written by people who do not speak or write English well. Therefore, if there are obvious typos or grammar mistakes, delete it.

The Zip File, PDF Or Invoice Attachment.

Unless you specifically KNOW the sender of an e-mail, never, ever open an attachment. That includes PDFs, zip files, music and video files and anything referencing an unpaid invoice or accounting file (many hackers use this to get people in accounting departments to open e-mails). Of course, ANY file can carry a virus, so better to delete it than be sorry.

If you want to talk to a security specialist about an employee cyber security training program, call now to schedule your free consultation.  859-899-8841

Hurricane season brings some of the most harrowing, widespread destruction the United States has ever been forced to weather. But, despite the enormous, tragic cost of these natural disasters, the people of these communities persevere. In the wake of widespread wind damage and flooding, communities band together. Thousands of volunteers and neighbors are working as one to rebuild and find the way forward. There is no doubt, however, that the havoc wreaked by hurricanes will produce aftershocks that will echo through affected areas for decades.

To anyone who turtled up in their attic in the middle of the storm or just saw a picture of the wreckage in the news after the hurricanes departed, the physical damage caused by the storm is obvious. What’s less obvious is the effect these storms have on the futures of the survivors, the reverberating impact that cuts thousands of life plans short and forces individuals to completely change their course in a cruel reversal of fate.

“Forty percent of small businesses don’t survive these events,” said Russel Honore, the previous Joint Task Force commander for Hurricane Katrina. The electrical grid is knocked out for days, and businesses are forced to close the office for what they hope is a temporary period due to flooding.

Each day that a business can’t provide service, it’s bleeding money — a cost that many businesses, especially the little guys, can’t absorb. So, they close for good, their buildings go up for lease and those who were once the heads of promising young businesses are now unemployed, in the market for a job in a city up to its neck in water.

Just as common is a business that finds its central data structures wiped out by physical damage. Following a hurricane, most businesses near the storm should have little trouble cleaning up and remodeling following nasty flooding, but if their servers, computers and network infrastructure have been wiped out, it’s a completely a different story.

Oftentimes, a catastrophic loss of data will shutter a business for good.

According to the Verizon Data Breach Investigation Report, 61% of breaches hit smaller businesses last year, up from the previous year’s 53%.

And, according to UPS Capital,

► Cyber attacks cost small businesses between $84,000 and $148,000.
► 60% of small businesses go out of business within six months of an attack.
► 90% of small business don’t use any data protection at all for company and customer information.

Almost two-thirds of all cyberattacks are now directed at small business and individuals.

These are scary numbers, to be sure, but there is good news: Businesses that migrate their data to the cloud are at significantly less risk of losing vital data. This is not only because your typical cloud service will back up your up-to-date data with several levels of redundancy, but because most cloud services are actually more secure than their on-site counterparts in general.

And make no mistake, businesses with on-site data are susceptible to loss far beyond physical disasters like hurricanes, flooding, earthquakes or solar flares. Don’t forget the risks disgruntled employees, freak accidents and, especially, hackers pose to your precious data. While it’s true that all of these risks still exist with cloud-based services, they’re much reduced. A 2012 Alert Logic report stated that “on-premises environment users actually suffer more [hacking] incidents” than cloud-based users, while also being subjected to “significantly more brute force attacks.” When you think about it, this makes sense. With your entire system backed up on a number of off-site locations, it’s much more difficult for hackers to encrypt the entirety of your data and hold it for ransom.

That said, not every business absolutely needs the cloud to stay secure. Certain business models need on-site structures for various reasons, and a few find it more cost-effective. Still, the cloud is definitely something that any savvy business owner needs to examine closely as a potential option. It could mean the difference between flourishing in the next fiscal quarter and going under.

If you want to talk to a data backup specialist about your disaster recovery plan, call now to schedule your free consultation.  859-899-8841

New internal improvement projects can add so much to a company. Solving problems related to efficiency, workflow, and communication often determine whether a business can outpace their industry competition.

Unfortunately, projects often suffer from a lack of organization, leadership, and clarity. This is where project management comes into play, and this is another one of Integrity IT’s specialties.

The benefits of a skilled third party are enormous. Since Integrity IT has practical experience in designing successful project management programs, you reap the benefits of partnering with objective professionals that haven’t been clouded by the same assumptions inherent to your particular office culture.

Instead, with Integrity IT’s project management guidelines, you remain on task and take each project step in the proper order. Change isn’t easy, but the positive changes resulting from a new project need to be unlocked in order to realize new goals.

Allowing Integrity IT to help set a blueprint for your new IT project will create benefits that can be felt both financially and psychologically. Get the most out of your project without pulling your hair out in the process.

Trust Integrity IT for all of your IT project management needs!

Every business generates a certain amount of information. While some accumulate more than others do, all of them are well served to use it in the analysis of past performances, current initiatives, and future endeavors.

That’s why Integrity IT places such a heavy emphasis on information security. Not only is data one of your most important business tools, it’s also one of the most vulnerable assets. Countless companies each year suffer immeasurable damage due to lost or stolen data.

The nefarious organizations that specialize in compromising data intentionally target employees because they are often the most vulnerable area in a company’s security network. While machines can be fortified with security layers, it sometimes only takes one accidental or absentminded action by a human to undo them, thus rendering a hole in the protection.

Integrity IT helps businesses overcome this potential weakness by converting it into a strength via the promotion of best practices and a strong internal security culture. A company built around information security awareness becomes fortified and stable, one assembled to avoid the catastrophic pitfalls of data loss and data breach.

Prioritizing information security doesn’t have to be a confusing prospect. Partnering with Integrity IT places your team in the hands of experienced professionals, and the expert knowledge they take away will help your business prosper safely for years to come.

No matter the size of your company, we have IT solutions to match your needs. Contact us for more details.

DID YOU KNOW?

39% of adults use the same or very similar passwords for multiple online services, which increases to 47% for ages 19-29.

The average employee has 191 passwords.

PATHWAY OF DISASTER

1. Work credentials are used for Personal Sites
2. Sites are hacked and breached daily.
3. Stolen data is sold at auction on the Dark Web
4. Data is used to build a highly personalized attached against your business.

What is the Dark Web?

• A Hidden Universe contained within the “Deep Web” – a sub-layer of the Internet
• Reachable only through a special browser
• Search Engines like Google, BING, Yahoo only search 0.4% of the indexed or “surface” internet.
• The other 99.6% of the web consists of databases, private academic and government networks and THE DARK WEB.
• The Dark Web is estimated 550 time larger than the Surface Web.
• You can operate Anonymously = illegal activity.
• Comes with the warning “Don’t Try This At Home”
• Never enter the Dark Web on a regular computer, especially one linked to a network.

How Does Knowing What’s in the Dark Web Help You?

• If you chose to monitor the Dark Web for your business credentials, you will quickly know when they show up for sale on the Dark Web.
• Change your passwords immediately to something complex and very different from the password stolen.
• Breaches are typically not discovered for months after the breach occurs. This provides a proactive method to reduce the likelihood of being a victim.

How Does This Service Discover Credentials on the Dark Web?

• The data discovered is verified
  • Some sources don’t guarantee if the data is real or fake
• Includes not just an email address
  • Includes the associated PASSWORD
  • Includes the source of the breach once acknowledged by the victim. Until then it includes the place it was found, ex. ID Theft Forum.
  • Includes type of other credentials discovered with the breach – address, SS#, etc.
• Data harvested from sites that require credibility or membership within the hacker community.

How is Data Stolen?

• Keylogged or Phished
  • Data was entered into a fictitious websites or extracted through software designed to steal PII (Personally Identifiable Information)
• 3rd Party Breach
  • Data exposed as a part of a company’s internal data breach or a 3rd party website.
• Accidentally exposure
  • Data accidentally shared on a web, social media or peer-to-peer site
• Malicious
  • Data was intentionally broadcast to expose PII

Encrypted Data

• Many site encrypt your password
• Encryption is better than clearly seen
• Encrypted passwords can be unencrypted ~25% of the time using websites
• This is an example of an encrypted password: C0a20267f9f1e4469f8eb7bf45704218293412db

FREE 1-TIME DARK WEB SCAN

• Enter your work email to scan your business domain.
• One per business
• https://www.integrityky.com/free-dark-web-scan/
• Results are reviewed in a confidential meeting

WEEKLY CYBER SECURITY TIP EMAIL

• Sign up online
• https://www.integrityky.com/my-security-tips
• Unsubscribe anytime

Verizon released it’s 11th annual Data Breach Investigations Report recently.

Joe Danaher, CRISC
Integrity IT
Chief Information Security Officer

It is considered a reliable and trusted resource by the IT Security community.

The 18 page Executive Summary and the 68-page full report are both free to download HERE.

Here, we provide an even shorter summary for you:

• Ransomware is the top Threat delivered via Phishing (40% of all incidents).

• Financial motivation is the top motive for attacks.

• 28% of all attacks involved Insiders, most of which we due to mistakes they made and not malicious intent.

• Healthcare, Retail, Public Sector, Education saw increased attacks while Finance and Manufacturing saw a decrease.

• Most compromises occurred in minutes but went undiscovered for months.

Recommendations:

• Early Warning systems (like IDS (Incident Detection System) /SIEM (System Incident and Event Management)
• Security Awareness Training
• Data retention and access policies
• Patching promptly and accurately
• Data/Device Encryption
• 2 Factor Authentication
• Physical Security

All the items listed above are more urgently needed than every before.  With 28% of the attacks involving employees making mistakes, the first step is to get employees into an ongoing training program, like PII Protect – Call NOW for a free version: 859-899-9-8841.

Keep security at the forefront.

SIGN UP FOR WEEKLY SECURITY TIPS

Learn how much of your company’s credentials are being sold on the Dark Web

FREE 1-TIME DARK WEB SCAN

If you would like us to discuss a Security Improvement Plan with you, call now for an appointment with a vCIO: 859-899-8841

In order to be successful, businesses need to watch their expenses. Recurring expenses deserve a special amount of scrutiny because they really add up over time. Alternative solutions are often preferable.

With IT costs, one place where you can cut recurring costs is by avoiding the hassle of purchasing and maintaining in-house workstations and servers. Integrity IT makes this possible by providing private cloud solutions to its customers.

The average business can expect to spend money replacing machines every three to five years. It doesn’t take a lot of math skill to imagine how this impacts the bottom line. Plus, when businesses wait too long to replace aging machines, they risk experiencing downtime, disappointing customers, and losing their valuable data.

Integrity IT’s private cloud plan provides simple yet powerful solutions that keep your business on the cutting edge. Maximize your potential with better IT and updated workstations, while moving away from capital expenses and maintenance hassles.

Let Integrity IT provide for all your IT needs. With a unique blend of security expertise and real-world experience, there’s no reason to count on anyone else. Start today by taking advantage of of Integrity IT’s private cloud solution.

Victor, System Engineer at Integrity IT, Explains Key Backup Considerations

Victor is a Systems Engineer at Integrity IT, managing backups for our clients and our own!  We asked him, what is important to know about backups and recovery?

Backups, it is something everyone wishes they had when technology goes south, like the insurance policy you didn’t size right or bother to purchase.

The need for backups and reliable data recovery is becoming the number one priority for many businesses, and it should be. Even hard drive companies are starting to build data recovery services into their warranties and obviously at a price to the buyers, why are they doing this? Most people are ignorant towards the risks to their data and recovering that data from broken hardware is becoming more commonplace as our reliance on technology grows.

The case for having backups is easy to make just pulling together some stats that were gathered in the last decade.

• According to the National Archives & Records Administration 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankruptcy within one year afterwards.
• The cause for data loss are almost equally split between hardware/system failures, human error, and malware.
• Over 55% of small businesses are NOT prepared for data loss (Clutch)
• 25% of all PC users suffer from data loss each year (Gartner)

With the recent increase in ransomware attacks, backups are the only things organizations can lean on when their network security fails. Having a current reliable backup is a vital part of the network security plan for your businesses.

There are a few questions to consider with your current backup solutions and its effectiveness in your organization.

1. How are your latest backups being validated? More than 20% of the installed backup solutions proved to fail in allowing the recovery of any data at all according to study done in Minneapolis (Ontrack).
2. Are your backups running frequently enough? Determine this by the amount of change in your data from day to day and how much you can live without if lost.
3. Is your backup data distributed according to what the 3-2-1 rule dictates? Data needs to reside in three places on two different forms of media and at least one copy of the data needs to exist offsite.
4. If you needed to recover from the offsite location how quickly could you get your hands on that data? Uploading a few gigabytes every night doesn’t mean you have a workable offsite backup. We had a client that needed help with reworking their backup solution, they came with the complaint that their current provider was taking 72 days to get their data from the cloud to the local network!

Being the backups/recovery expert has exposed me to just how terrible things can get when a backup is not in place. The losses range from a 10-year collection of family memories, to pending lawsuits that hinged on the lost digital evidence.  The damage has been painful to witness. What a relief when a good backup is in place, and especially when it is validated on a regular basis.

Back to the insurance analogy, when all is well, we assume we are covered sufficiently; we don’t give much thought to the limits, options, and fine print until we are forced to use it when disaster strikes. Having a backup is similar; most of us would rather assume backups are working and haphazardly setup something just to settle the concern, but when failure occurs unfortunately quite often damage is irreversible.

If you’d like to speak with an expert about the current state of your backups, request a FREE 1-hour Backup Consult –  Click Here

Are you planning to open a business or have you recently begun planning ways to make your new venture more professional? One way to demonstrate professionalism to your potential customers is to correspond via your own business email account.

While a Google account might get you started, once you are ready to take the next step with your business, you should turn to Integrity IT, your best local resource for IT solutions, including complete email service.

You need security and uptime with your email. When email is compromised or down, business grinds to a halt, and the company’s reputation may suffer. Integrity IT’s professional-grade email helps you avoid trouble without compromising your budget in the process.

Plus, our flexible solutions allow you to take advantage of either an on-premise or a cloud-based email platform. No matter which solution you choose, you are equipped with top-notch archiving, spam filtering, encryption, and heightened security.

Email is often one of the first impressions your customers get from you. Allow your employees to make the most of it with a professional email hosting solution from Integrity IT. It’s all backed by our team of professionals, and we’re always ready to help when you need it.

Make the right call by contacting Integrity IT today!

Running a business requires the ability to wear many hats, handling many different tasks while delegating others. A smart business owner understands how to utilize their strengths while seeking out support in other areas.

When it comes to IT services, you really need to be immersed in it on a daily basis in order to navigate the balancing act between new technology and the security that must accompany it. Let either one slip and you end up trailing the competition or losing customer confidence.

Integrity IT is the trusted IT services company partner to businesses both large and small. Our service offerings can be molded to suit company needs, and we provide hands-on expertise that allows for quicker technology adoption.

Integrity IT’s core services span everything from managed services, healthcare IT, and project management to IT consulting, virtualization, and data backup. Cloud services are a specialty, as well, featuring private cloud servers, email hosting, file sharing, and cloud security services.

What else? Integrity IT covers all aspects of IT security with program development, assessments, and complete IT security as a service. Add software development to the list and you get a clear idea of how versatile and thorough Integrity IT is.

Make the wise choice and hitch your business to an experienced IT services company–Integrity IT. Our seasoned professionals are ready to help you get started now.

If you started your own business, chances are that you’re capable of dreaming big dreams. So what happens when you try to achieve those dreams but existing technology doesn’t have the solutions you need in order to implement your plans?

You should contact the software development experts at Integrity IT. Our trained staff is experienced at taking customer ideas and translating them into robust, functioning software pieces that can be integrated into existing company systems.

That means that your business does not have to be limited by what can be found on the current market. Fitting your business needs into generic solutions often results in subpar results full of compromise and incomplete functionality.

Providing software as a service is just one more way that Integrity IT helps its customers gain an edge on their competition. Plus, when executed well, customized software solutions help employees perform their job tasks more efficiently and with less frustration.

Integrity IT is ready to help you focus on how to translate your ideas about better work flow into working software programs. Don’t settle for applications that weren’t created to suit your needs. Let Integrity IT help you forge your own path.

For some business owners, this may be an alarming thought, but to the realists of the world, this is a rational question that must be asked. Our experience tells us the reason is simple: Either you’ve been hacked in the past already, or you will be hacked in the near future.

What you do with this information is critical. Some will do nothing and talk about steps they may take down the road; however, the wise ones will respond to the threat by taking precautions against attack ahead of time.

You see, hackers will indeed find you and your machines eventually. That much is pretty clear based on statistical data. It’s also clear that small businesses are especially susceptible to harm from cyberattacks.

While this can be a daunting issue, you shouldn’t face it alone. Integrity IT is your professional IT security company partner, and we’re particularly suited to assisting companies with their IT security solutions, plans, and office culture.

With years in the business of helping business customers prevent cyberthreats and avoid the behaviors that create security holes, Integrity IT can assist you with a customized plan for your company.

You have IT security needs, and Integrity IT has the solutions. Let us show you how you can prepare yourself against hackers and work with a greater peace of mind.

Running a business is a complicated endeavor. No matter what your industry may be, you rely on technology to a large degree, and that makes you vulnerable. Forming a plan to deal with these inevitable vulnerabilities is an essential part of business planning in 2018.

Integrity IT makes security planning simple for its customers. With years of experience and proven solutions, we take all the guesswork out of it and allow businesses to implement real solutions that help avoid IT trouble.

Obtaining the proper technology is only half the battle, though. It needs to be paired with technicians who understand both the technology in place and the business that is utilizing it. Integrity IT provides it all.

Today is a great time to take initial steps to improve your cybersecurity. The 2nd Annual Cyber Security & Technology Conference is set to take place on Thursday, September 20th from 8:00 AM – 5:00 PM EDT at the Distillery Square in Lexington, KY.

Come and learn best practices on how to build a strong, sustainable plan, customized for your business’s unique needs. You’ll take away the knowledge you need to inform your staff and keep your systems safe.

Purchase your tickets now for a better peace of mind in the future!

2nd Annual

Cybersecurity and Technology Conference

www.cybersafeky.com
September 20, 2018
8 am – 5 pm
Distillery Square at the Grand Reserve
903 Manchester Street
Lexington, KY 40511

Agenda

8:00 AM
Registration, Breakfast, EXPO

8:30 AM
Welcome

Sponsor: The Lane Report, Donna Hodsdon

The Ever Changing Threat Landscape

Karl Ackerman, Principal Product Manager, Sophos

Adversaries are moving from malicious executables and weaponized documents to file-less malware and “live off the land” attacks that have a much lower probability of detection but do all the damage. We will walk you through the coming threats and how to prepare to manage them.

Sponsor: Sophos, Dolph Smith

The NotPetya Story

Joe Danaher, CISO, Integrity IT

We will walk you through the anatomy of a breach using a compelling example that crashed the world.

The Dark Web Scan

Bryan Pryor, vCIO, Integrity IT

Most of us here have our personal information on the Dark Web. Why does it matter to your company?

10:45 AM  EXPO

11:00 AM

Stories from the Front Line

Maximo Bredfeldt, Sales Engineer, and Phil Miller, President, Integrity IT

11:30 AM

Sponsor: Kentucky Aerospace Industry Consortium, Stewart Ditto

The Insider Threat

Jaime Lisk, Consultant, Hanna Resource Group and Joe Danaher, CISO, Integrity IT

We will discuss the threats that arise from within your company, controls and best practices for reducing incidents and responding quickly.

Online Cybersecurity Training Platform

Jennifer Erena, Integrity IT

Why use an online training platform for cybersecurity education to strengthen your weakest link?

12:15 PM  LUNCH and EXPO

Enjoy lunch, visit exhibitors, and network

1:30 PM TECHNICAL Breakout

THIRSI

Bob Salmans, Security Engineer, Integrity IT and Linux Academy*

How to leverage open source tools to assemble a comprehensive managed security tool

Machine Learning and Exploit Prevention: Essential Technologies in Endpoint Protection

Matt Pannebaker, Sales Engnieer, Sophos

Machine Learning seeping into many areas of our lives, from voice recognition to self-driving automobiles.  How does Machine Learning work, and why is it an essential technology for a next-generation endpoint protection solution to embody?   What does exploit prevention bring to the protection of your endpoints?

1:30 PM C-LEVEL Breakout

Disaster Recovery Planning: Why and How

Phil Miller, President, Integrity IT

Build and Maintain a Culture of Security

Joe Danaher, CISO, Integrity IT

Ask the vCIO

Phil Miller and Bryan Pryor

3:45 KY Experience – Kentucky Ale

To end the day on a fun and social note, we will wrap up the day exploring Kentucky’s rich history with Peter Weiss from Alltech sharing stories and tastings from their award-wining Kentucky Bourbon Barrel family of brews!

4:30 Evaluations and Farewells

Parking at the Event

The main door for Distillery Square is located at the front immediately to the left of the Grand Reserve covered entrance (grey star on map) – enter here.

*Linux Academy has a special offer – annual subscription $299 through 9/24 ($150 off the regular price)!

In nature, a fallen log might appear dead, but it provides a valuable role in maintaining a healthy ecosystem.  In technology, logs often sit virtually dead to the world.  You need to understand and utilize the valuable role they play in maintaining a healthy network.  We’ve asked Security Engineer, Bob Salmans to explain the role of logs in your technology systems.

Bob Salmans, Security Engineer

All of our systems from firewalls, to switches, to servers, and just about every other device, have the ability to write a whole lot of helpful information to a log.

Now why on earth would we need these logs?  I’m asked this question quite often believe it or not. The simple answer is, “without logs, how do you know what’s happening on your systems”?

Take for instance, your car. When you take your car into the shop because the lights on your dash are flashing odd-looking symbols, the technicians are going to plug your car into a computer and examine your cars logs. When something happens in your cars computer it records these occurrences in a log, just like the servers at your office (or in the cloud) do. As you can see, logs help provide technicians with clues as to what’s going on “under the hood”, or in your server.

There are other reasons to have logs as well, such as compliance. What? I have to have logs to be HIPAA or PCI compliant? Absolutely! And not only that, but you have to be examining the logs too. Now lets have a little math fun. You have 2 servers and a firewall at work that creates logs. Each of these devices will easily log 10,000 events daily. In order for a single person to examine all of these events in a single 8-hour workday, they would need to read and evaluate roughly 1 event per second. I don’t know about you, but I’m definitely not that good. So should we have someone doing daily log reviews? The answer is yes, but instead of a person manually examining the logs, we use a tool referred to as a SIEM.

A SIEM (Security Information & Event Management) is a system that analyzes all of your logs and provides insight as to what you should investigate. SIEM’s filter out what is normal and what is not, allowing you to manage by exception. This makes log analysis possible, and much more accurate than having a person attempt to review logs manually. SIEM’s also keep a copy of your logs in the event a breach occurs and the attacker erases the system logs. This allows us to provide incident response and identify what happened, because without logs it’s nearly impossible to figure out what really occurred.

How about a little anecdote? A while back we were asked to assist a company in figuring out why one of their accounts kept getting locked out. Long story short, their servers had been compromised and the bad guys were living on them, serving up fraudulent websites and using the servers for malicious activities. If this organization would have had a SIEM in place, they would have seen many thousands of login attempts, part of a brute force attack. They would have also seen remote connections into their server from questionable countries of origin. There would have been plenty of time to take action and prevent the breach from occurring, if a SIEM was in place.

Yes, hindsight is 20/20, but now you have foresight, so you can decide whether a SIEM is right for your organization. Integrity IT can provide you with a SIEM and SIEM management to act as an early warning system to watch for both internal and external threats. The best part is, you don’t have to hire someone to manage the system and try to figure out how to interpret data. We can take care of it all, leaving you to do what you do best, manage your business.

Ask for your Free Security Consult Today

For months, we’ve been planning big things for the 2nd Annual Cyber Security & Technology Conference, and the day has finally arrived. Hopefully you plan on joining us at Distillery Square today to find out some great information on how to keep your business safe.

Not only is cyber security important, it’s truly essential. Hackers are lurking everywhere on the Internet, and no business will be spared hacking attempts of some kind. The key is to be prepared ahead of time, and Integrity IT will help you do so.

During today’s conference, you can expect to learn a lot from guest speakers like Karl Ackerman, Jaime Lisk, and Matt Pannebaker, as well as from Integrity IT’s own Phillip Miler, Joe Danaher, Bob Salmans, Bryan Pryor, and Maximo Bredfeldt.

Topics include “The Ever-Changing Threat Landscape,” “The Notpetya Story,” “The Dark Web Scan,” “The Insider Threat,” “Online Cybersecurity Training Platform,” and many other intriguing subjects related to cybersecurity.

If you act now, there’s still time to join us. Attend the 2nd Annual Cyber Security & Technology Conference 2018, and you’ll be better prepared to protect your company’s systems and educate your employees so that you can all remain focused on the work you really love.

Visit http://cybersafeky.com for more details now!

Sites are hacked every day.

Just this week:

• Total Compromises: 13,394
• Top Personally Identifiable Information (PII) compromised: Domains (13,916)
  • Clear Text Passwords (7,014)
• Top Company Size: 1-10 (4,172)
• Top Industry: Education & Research (1,232)

Your Information IS for sale on the DarkWeb.  It travels quickly across the world and is viewed by thousands in a weeks’ time[1].    Once on the internet, whether on the surface internet (what we know of as the internet) or on the deep / dark web, you cannot erase it.  Many evil things happen on the dark web, it’s not just about stolen credentials.  Drugs are sold; people are sold; counterfeit money is sold; access to your server is sold.   Your stolen PII can be used to create what looks like a “real person” or to steal your actual identity to open credit card accounts, or even get healthcare.

So, You should behave as if your information is compromised.

Many breaches are not publicly disclosed, but your information is still on the Dark Web, for sale.

It’s hard to change your email, address and phone number, so that is not the plan.  Focus on being aware of breaches and strengthen your password strategy.

MUST-DO Practices

Minimize the impact of the Dark Web having your email by avoiding the use of your WORK email on websites, unless necessary.

CHANGE that compromised password where-ever it, AND ANY VARIATION of it, is being used.  When you take inventory, you will be surprised at how many logins your have created with the same password.  They add up quickly.

• Use LONGER passwords, like phrases or a combination of several unrelated words.
• Use a password manager, like LastPass, and get it to create long (14-16 characters), complicated passwords. You only have to remember the ONE that get’s you into the app.

Use 2 FA (2 Factor Authentication). So they have your login and password, but they don’t have your phone that gives you a 1-time use pass code to complete your login credentials.  Many programs and websites have this as an OPTION, turn it on.

Other great practices:

Monitor for breaches. Some think this is controversial.  If you assume your credentials are compromised and act accordingly, what will monitoring do to protect you?  Our point of view is – you cannot ALWAYS be “on” AND on average, compromised credentials are not reported until 15 months after the breach occurs.  Monitoring for identity theft and monitoring the Dark Web helps alert you immediately, which gives you the power to react more quickly and not wait until you remember to review ALL your vulnerabilities.  A faster response to incidents is proven to lessen the impact, so why not, it is not very costly.

Business level monitoring – DarkWebID provided by Integrity IT constantly looks for your domain (ex. @integrityky.com) and sends alerts when something new is posted.  Executives can also monitor their personal email address since they are often intertwined in business. The cost to your business is about $1,200/year (discount for managed services clients).

Personal level monitoring – the website “Have I been pwned”, shows you what type of data is found based on an email address. This is free.  Many have received free Identity Theft monitoring from a company involved in a breach, like Equifax and Anthem.  You can subscribe to this type of monitoring through Spotlight ID, IdentifyForce, LifeLock, or ID WatchDog.  Prices for individual monitoring range from $120 – $300/year.

https://haveibeenpwned.com/

https://myaccount.google.com/security-checkup

Monitor your credit card and bank accounts regularly. With the great convenience of auto-pay, it’s easy to not look at accounts for months. Set appointment reminders to do so monthly.

File your taxes early before a criminal does it for you.

Review your credit history 2-3 times a year. You have one free report per year from the three agencies, use them 1 at a time and stagger your reviews.

https://www.annualcreditreport.com

After the enormous breach of Equifax[2], many people have frozen their credit, so criminals cannot try to open accounts with your stolen information.

https://www.identitytheft.gov/Info-Lost-or-Stolen

https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs

If you think your identity is stolen, report it immediately. Notify your banks and credit cards.

https://www.identitytheft.gov/

Do not use PUBLIC WIFI – it’s an easy target for criminals to intercept your activity. Just wait for a secure connection or get a hot-spot for business use.

[1] The experiment conducted by security vendor BitGlass

[2] 143 million Americans data was compromised in the 2017 Equifax breach

Businesses are increasingly making use of cloud solutions to solve complex IT issues that address both internal and external needs. Helping employees tackle work challenges more efficiently often demands a bold leap into new technology.

Integrity IT makes that leap a lot easier by addressing the inevitable security questions that accompany cloud services. Not only will you learn about how to adopt your new cloud solution, you will get vital information about how to adapt your overall security program, as well.

The wisdom of utilizing Integrity IT pays off with a coherent cloud computing strategy based on a combination of your company’s vision encompassed within a truly secure framework. Leaving nothing to chance, your business can depend on the reliability of its cloud investment.

You may not have an IT expert on staff. With Integrity IT in your corner, though, you have a trusted advisor. That means you spend less time worrying about IT details and can dedicate more of your focus and resources to the core of your business.

Your valuable data is being stored in the cloud. Could it be lost? Can someone access it without proper authorization? Don’t leave these important questions to chance. Contact Integrity IT and let us help you embrace the benefits of cloud technology while avoiding the potential pitfalls in the process.

The dark web is often known for the illegal activities conducted there, and while not everything on the dark web is illegal, it’s most appealing factor is its anonymity. The dark web is often a place where stolen data and personal information is bought and sold following a data breach or hacking incident. An article on Experian takes a look at what your personal information is worth on the dark web and how you can help protect yourself from being exposed.

How much is your information worth to an identity thief on the dark web?

• Social Security number: $1
• Credit or debit card (credit cards are more popular): $5-$110
• With CVV number: $5
• With bank info: $15
• Fullz info: $30

Note: Fullz info is a bundle of information that includes a “full” package for fraudsters: name, SSN, birth date, account numbers and other data that make them desirable since they can often do a lot of immediate damage.

• Online payment services login info (e.g. Paypal): $20-$200
• Loyalty accounts: $20
• Subscription services: $1-$10
• Diplomas: $100-$400
• Driver’s license: $20
• Passports (US): $1000-$2000
• Medical records: $1-$1000*

*Depends on how complete they are as well as if it’s a single record or an entire database

• General non-Financial Institution logins: $1

Note: Prices can vary over time and prices listed below are an estimation and aggregation based on reference articles and hands on experience of Experian cyber analyst the last two years.

How are criminals purchasing this information on the dark web?

 Information can be bought and sold a variety of ways on the dark web, however the most common include:

1. Purchasing data as a single item, such as a Social Security number.
2. Purchasing bulk data, such as batches of the same information.
3. Purchasing bundled data containing various types of information bundled together.

The cost of personal information on the dark web fluctuates, but what is responsible for the change?

The four main factors driving the cost of personal information on the dark web include:

1. The type of data and the demand for it. The cost often depends on the type of data and the need or ability to use that data.
2. The supply of the data. If there is less data available for a cybercriminal to purchase, the value of that data increases.
3. The balance of the accounts. The higher the balance in the stolen account, the higher the cost of the data. The balance could be the amount of money in a particular account as well as points value (i.e., a loyalty account).
4. Limits or the ability to reuse the data. If the data being purchase can only be used once, the value of that data is worth less to a cybercriminal than data that can be reused multiple times or across various platforms.

How can you protect yourself?

Data breaches are becoming increasingly common and are often outside of your control. It is important to help minimize your risk of a hacker gaining access to your accounts by utilizing healthy password practices and by keeping your personal information private unless it is absolutely necessary to share.  Keeping antivirus software and all other software up to date will also play a crucial role in protecting your information, as these updates could contain security patches to fix potential vulnerabilities that could expose your information.

It is also recommended to run a dark web scan on your email address, utilize a dark web monitoring tool and monitor your credit report for potential red flags that your identity may have been compromised.

MORE TIPS When Your Credentials are on the Dark Web.

Request a Free 1-time Dark Web Scan