Databranch Monthly Tech Talk

IT Solutions for the Workplace

December | 2022

What's Inside?

01 - Monthly Update from Mike

02 - Happy New Year from Databranch!

03 - Stronger Passwords as New Year's Resolution

04 - Changes in the Cybersecurity Insurance Market

05 - Cybersecurity Attack Trends for 2023

Did you know:

The first-ever VCR was

the size of a piano!

Happy New Year from your Databranch Team!

Databranch would like to wish you and your family a safe New Year.

In observance of the upcoming holiday, our Databranch office will be closed:

- Monday, January 2nd.

All network monitoring services will continue as usual but support will not be available.

We will be open for normal business hours on the following Tuesday, January 3rd.

We wish you well and hope you have a safe and happy holiday!

Monthly Update from Mike

Have you scheduled any employee cybersecurity awareness trainings for 2023 yet?

It’s often something that gets put on the back burner after things like revenue initiatives and software upgrades. Yet, human error is a big driver of cyberattacks.

People don’t usually click on phishing links because they want to, many just don’t know any better.

Others may know better, but rarely hear management talking about cybersecurity. So this makes them feel like it’s not a priority.

One fact that may surprise you is your reduction in risk with well-trained employees.

When teams are regularly taught security awareness it can reduce cyber risk by as much as 70%. That’s a big difference!

Think about that when looking for ways to improve your bottom line this year. Reducing risk reduces the chance you’ll get hit with a costly cyberattack.

If you need help putting together engaging security awareness training, just let us know.

Our Breach Prevention Platform provides weekly micro-trainings and quizzes for all of your employees to help keep security top of mind all year long.

You can reply to this email or give us a call at 716-373-4467 x 115 to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.

Regards,

Mike Wilson

President - Databranch

Make Stronger Passwords your New Year's Resolution

Stolen login credentials are a hot commodity on the Dark Web. There’s a price for every type of account from online banking to social media.

Even password management companies face threats such as LastPass who has recently released a statement about a security breach they're facing.

Databranch continues to monitor the LastPass security incident and we recommend that all users update their master password as a precautionary measure.

Not sure what constitutes a strong password? This article provides some guidance on how to create a strong, unique and complex password.

Continue reading below to learn other ways you can reduce the chance of your online accounts being compromised.

Use Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is the best method there is to protect cloud accounts. While not a failsafe, it is proven to prevent approximately 99.9% of fraudulent sign-in attempts, according to a study cited by Microsoft.

When you add the second requirement to a login, which is generally to input a code that is sent to your phone, you significantly increase account security. In most cases, a hacker is not going to have access to your phone or another device that receives the MFA code, thus they won’t be able to get past this step.

The brief inconvenience of using that additional step when you log into your accounts is more than worth it for the bump in security.

Use a Password Manager for Secure Storage

One way that criminals get their hands on user passwords easily is when users store them in unsecured ways. Such as in an unprotected Word or Excel document or the contact application on their PC or phone.

Using a password manager provides you with a convenient place to store all your passwords that is also encrypted and secured. Plus, you only need to remember one strong master password to access all the others.

Password managers can also autofill all your passwords in many different types of browsers, making it a convenient way to access your passwords securely across devices.

Use Leaked Password Alerts in Your Browser

You can have impeccable password security on your end, yet still have your passwords compromised. This can happen when a retailer or cloud service you use has their master database of usernames and passwords exposed and the data stolen.

When this happens, those leaked passwords can quickly end up for sale on the Dark Web without you even knowing it.

Due to this being such a prevalent problem, browsers like Chrome and Edge have had leaked password alert capabilities added. Any passwords that you save in the browser will be monitored, and if found to be leaked, you’ll see an alert when you use it.

Look for this in the password area of your browser, as you may have to enable it. This can help you know as soon as possible about a leaked password, so you can change it.

Don’t Enter Passwords When on a Public Wi-Fi

Whenever you’re on public Wi-Fi, you should assume that your traffic is being monitored. Hackers like to hang out on public hot spots in airports, restaurants, coffee shops, and other places so they can gather sensitive data, such as login passwords.

You should never enter a password, credit card number, or other sensitive information when you are connected to public Wi-Fi. You should either switch off Wi-Fi and use your phone’s wireless carrier connection or use a virtual private network (VPN) app, which encrypts the connection.

Looking for Password & Cloud Account Security Solutions?

Don’t leave your online accounts at risk. Contact Databranch today at 716-373-4467 x 115 or info@databranch.com if you would like to enhance your security and want to discuss you options.

Article used with permission from The Technology Press.

What's Changed in the Cybersecurity Insurance Market?

Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.

Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach including remediating a malware infection or compromised account.

Cybersecurity insurance policies will cover the costs for things like:

Recovering compromised data
Repairing computer systems
Notifying customers about a data breach
Providing personal identity monitoring
IT forensics to investigate the breach
Legal expenses
Ransomware payments

The increase in online danger and rising costs of a breach have led to changes in this type of insurance.

No one is safe and even small businesses find they are targets. In fact, they often have more to lose than larger enterprises as well. You can read more about how small businesses are attacked by hackers 3 times more than larger ones here.

The cybersecurity insurance industry is ever evolving. Businesses need to keep up with these trends to ensure they can stay protected.

Demand is Going Up

The average cost of a data breach is currently $4.35 million (global average).

In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.

Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. With demand increasing, look for more availability of cybersecurity insurance.

Click here to visit our Recovery Time Calculator to determine how much it would cost you to recovered from a disaster.

Premiums are Increasing

An increase in cyberattacks has been accompanied by an increase in insurance payouts. This means that insurance companies are increasing premiums to keep up.

In 2021, cyber insurance premiums rose by a staggering 74%. Insurance carriers aren’t willing to lose money on cybersecurity policies.

Certain Coverages are Being Dropped

Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nationstate” attacks. These are attacks that come from a government.

Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.

In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.

Another type of attack payout that is being dropped from some policies is ransomware.

Insurance carriers are tired of unsecured clients relying on them to pay the ransom. So many are excluding ransomware payouts from policies. This puts a bigger burden on organizations.

Want to learn more about Ransomware? This article explains what it is and how you can further protect your business from it.

It’s Harder to Qualify

Just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer.

Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene.

Some of the factors that insurance carriers look at include:

Network security
Use of things like multi-factor authentication
BYOD and device security policies
Advanced threat protection
Automated security processes
Backup and recovery strategy
Administrative access to systems
Anti-phishing tactics
Employee security training

We can help you with a thorough review of your technology environment to provide the tools you need to get your Cybersecurity Insurance in place. Contact us today at 716-373-4467 x 115 or info@databranch.com to see how we can help.

Article used with permission from The Technology Press.

What Cybersecurity Attack Trends Should You Watch Out for in 2023?

Cybersecurity risks are getting worse as attacks continue to get more sophisticated. They are also often perpetrated by large criminal organizations who treat these attacks like a business.

To protect your business in the coming year, it’s important to watch the attack trends. We’ve pulled out the security crystal ball to tell you what to watch out for.

Attacks on 5G Devices

Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Any time you have a new technology like this, it’s bound to have some code vulnerabilities.

One-time Password (OTP) Bypass

This alarming new trend is designed to get past one of the best forms of account security – Multi-factor authentication.

Some ways this is done include:

Reusing a token
Sharing unused tokens
Leaked token
Password reset function

Smishing & Mobile Device Attacks

Mobile devices go with us just about everywhere. Look for more mobile device-based attacks, including SMS-based phishing (“smishing”).

Learn more about smishing and the signs to look out for here.

Elevated Phishing Using AI & Machine Learning

Criminal groups elevate today’s phishing using AI and machine learning. Not only will it look identical to a real brand’s emails, but it will also come personalized.

Looking for ways to increase your cybersecurity? Contact Databranch today at 716-373-4467 x 115 or info@databranch.com to speak with one of our experienced team members.

You can also visit our website for a free Baseline Security Assessment that could help identify weaknesses in your technology infrastructure.

Article used with permission from The Technology Press.

Technology Trivia

Why does Google rent out goats?

The first person to email us at info@databranch.com and give a correct answer gets a $25 Amazon Gift Card!

Need a Laugh?

Computers are like air conditioners...

They stop working when you open Windows.

If you were forwarded this email from one of our great Databranch clients and would like to receive future updates, reply to this email and we will add you to the list!

Databranch www.databranch.com