410-208-3933 11004 Manklin Meadows Lane, Unit 1, Ocean Pines, MD 21811

410-208-3933
        | Client Support | Blog

Cards Blog

Cards Blog

Your Business Has Been Hacked – Now What?

Cards Technology

Data breaches are common and are becoming more dangerous every day. Cards Technology founder and CEO Sam Card shares some best practices on how to protect your business from breaches and how to respond when – not if – you have a data breach.

What possible impacts would a breach have on my business?

Sam Card: One of the first impacts of a breach is to your business reputation. You owe it to your customers to let them know about the hack; unfortunately, this can mean your customers now view your business as risky and unprofessional. To help mitigate that, you may have to subscribe your clients to an identity monitoring service for a year which could cost thousands of dollars. Add credit restoration services to the mix and cost becomes another impact.

The main impact, of course, is to your data security. With access to your sensitive information and server, hackers can use your system for illegal activities like crypto mining where they mine bitcoin all day – using your computers. Or, they may even host an illegal web site using your server.

What’s important to have in place to help deal with any breach situation?

Sam Card: Develop and implement a breach response plan so you and your team know what steps to carry out. Part of this plan includes assigning people to an incident response team which typically includes an executive team member and staff from IT, legal and public relations.

What can I do to regain my clients’ trust after a data breach?

Sam Card: It’s all about how you deal with the situation. I think as long as you’re truthful and honest throughout the whole process, customers are going to be understanding. It’s important to be prepared and to let customers know what steps are being taken to protect their information. If you’re caught unprepared, you’ll look silly to customers. Many businesses are not having business continuity and disaster recovery (BCDR) conversations with their IT providers, and this is a mistake. Regardless of the size of your business, hackers are targeting you and you need to be prepared.

What steps should I take to help prevent this situation from occurring again?

Sam Card: I don’t think you can ensure that – it’s not if you suffer a breach but when. When you engage with a Managed Service Provider, a certain level of security is put into place based upon how much you are willing to risk and how much you pay to prevent cyberattacks. So, you are protected from the things your system is designed to monitor. Unfortunately, there’s always some new hacking tool or cyberthreat out there that you aren’t protected from. So, it’s possible that you will go through more than one data breach. The best practice is to talk with your cyber security provider to make sure you have the right balance of security and risk for your organization.

 

Why Microsoft End of Life Matters to Businesses

Cards Technology

If your business is running Microsoft Windows 7 or Server 2008, you need to prepare for end of life. Sam Card, CEO at Cards Technology, explains what you need to know for your business.

1. What’s the difference between end of mainstream support and end of extended support?

When a product is first released, it is under mainstream support. Users receive software updates, patches and technical support. About 3 to 4 years after the product is launched, the software reaches “end of mainstream support”. At this point – what they call “extended support” – you’ll still receive updates and patches, but no additional features will be developed, and major bugs will not be addressed. Eventually, the product reaches “end of extended support” where the developer releases no updates or patches and no longer provides technical support of any kind.

Microsoft’s Windows 7 and Server 2008 reached the end of mainstream support in January 2015 and will enter the end of extended support on January 14, 2020.

2. Why does Windows 7 and Server 2008 end of life matter for my business?

While your operating system will continue to work after January 14, 2020, your security won’t be up to date. This is problematic if you need to meet regulatory requirements, like HIPAA or PCI. Without updates and security patches, you will no longer be compliant.

Ignoring the deadline by failing to upgrade your systems will increase your chance of being hacked. After January 14, 2020, viruses created for Windows 7 or Server 2008 can be more easily transmitted computer-to-computer or spread through phishing. When an operating system is reaching end of life, many 3rd party software developers will also stop supporting their software on the end of life operating system, usually even before the end date. This will affect your team’s productivity because business applications you rely on for daily tasks will eventually stop being compatible with your outdated operating system.

3. I didn’t include the upgrade in my IT budget for 2019. What should I do?

I’ve been having this conversation about end of life with clients since last year. Some even started buying new computers in the fall of last year. But if you don’t have a budget to purchase new hardware along with the upgrades, you can start by upgrading to a valid Windows 10 license. If your equipment is aging and can’t support the operating system upgrade, you can look into leasing options, like hardware as a service or a virtual desktop platform.

4. Why upgrade to Windows 10?

We rarely encounter problems with Windows 10 and clients who experienced frequent issues with Windows 7 have been far more satisfied with Windows 10. Overall, it is faster and more user-friendly, offers better organizational tools, includes new security features like Advanced Threat Protection, and increases your control through the start button.

Be the ‘Big One’ that Got Away: How to Survive Phishing

Cards Technology

Phishing, whaling and spear phishing are attempts by hackers to steal sensitive and personal information to gain access to your business or personal accounts. Because phishing accounts for 90% of data breaches, Sam Card, Cards Technology founder and CEO, discusses what you can do to protect yourself and your business from these hacking attempts.

Q: What are phishing attacks and how can they impact the security of your business data?

Sam Card: Phishing attacks are social engineering attempts designed to steal user data like passwords and user names. Firewalls and antivirus software typically are successful at stopping hackers from getting into your network so hackers have come up with an easier way to get this information – phishing emails. The emails are disguised to look like they are from a trustworthy source so users can be tricked into giving out sensitive information such as passwords and even credit card numbers.

Once hackers have this information, they can impersonate you which is where the main security impact is. Acting as you, the hackers send out emails to your contacts asking for more information to access even more online accounts. You might not know for months that you’ve been hacked as hackers often sit tight for a period of time after stealing credentials before exploiting your stolen information.

Q. Are Office 365 users targeted by attackers?

Sam Card: It’s not that Office 365 users are being targeted per se. Because the use of Office 365 is so widespread, hackers disguise their phishing attempts to look like they are coming from SharePoint, Teams or Outlook, for example. Since most people recognize messages and notifications coming from Office 365 they are more likely to trust and act upon them.

Q. What type of data could a hacker gain access to if they obtain your credentials?

Sam Card: When a hacker has access to your email account, for example, they can figure out a lot – where you do your banking, where your company stores its files, what your Facebook account is. With this information, hackers can easily get access to more private information like names and addresses of your customers and other data about your business that is commonly used to aid in identity theft schemes.

Q. What steps can your business take to prevent these types of attacks?

Sam Card: One of the best defenses is to have proper data governance policies in place. Part of this system is a data loss prevention and retention policy to identify where data should be stored and how long it should be retained (or not). Policies can be set up to prohibit users from saving information in the wrong location or accessing data they aren’t permitted to access. More importantly, data governance policies can trigger alerts if specified types of data are used inappropriately or shared outside of your company.

Cybersecurity awareness training is the other essential piece to protecting your business information as human error is currently the weakest link in cybersecurity. Employees must be trained to recognize phishing attempts and then be tested regularly to continually train them on how to deal with them. Even after awareness training, people typically still click on a phishing email because they can look very convincing. Business leaders should make sure employees feel safe and understand that they must report it to the IT department if they click on a phishing email. If no report is made, the hacker has a much-improved chance of not being caught and realizing high levels of success with their attack.

 

Learn How to Outsmart Hackers while Protecting Your Business – Q&A with Sam Card

Cards Technology

As seen in The Maryland Coast Dispatch

In the past 12 months, over 50% of small businesses have been breached by a hacker. Fears are on the rise and many people worry they’ll be the next one attacked. The key to learning how to outsmart a hacker is understanding how they operate. Sam Card answers questions about how hackers operate and what you can do to avoid being hacked.

Q: How do hackers access my computer system and how will I know if I’m being hacked?

Sam Card: It used to be that hackers used brute force to gain access to small businesses’ systems. Now, however, they’re much more cunning. Some use social engineering tactics to target your LinkedIn page, monitor connections, then use phishing scams to trick people into providing their credentials. Others monitor the dark web for stolen passwords and confidential information they can use or sell.

If you’ve been hacked, detecting the hacker’s presence might not be immediately noticeable. They may spend time lurking in your system learning your habits to better impersonate you for malicious purposes. Only when a colleague inquires why you sent an email asking him to “wire $10,000 to a Florida bank” will you recall clicking on an unusual email link several days earlier.

Q: Why is it so difficult to find out who these hackers are?

Sam Card: Unfortunately skilled hackers are not easy to catch. They mask where they came from and cover their tracks. They intentionally use hard to trace payment systems, like Bitcoin, that are easy to obtain and exchange, and provide anonymity.

The best strategy for your business is to take precautions to avoid being hacked.

Q: Will my cybersecurity system protect my business from losing everything and what should I do to protect my network?

Sam Card: Cybersecurity systems are only as good as the tools in them. First, consider what level of security your business needs, and how much risk you can tolerate. What if your business is hacked? Will you pay the ransom? Can you afford to have stolen data used inappropriately? Your answers to questions like these help you determine how you should protect your business.

It’s essential that you develop a multi-layered approach. Educate your staff on cybersecurity awareness so they can identify potential scams. Implement strict password policies. Change passwords often and employ multifactor authentication to help prevent unauthorized access. A good IT provider will provide continuous monitoring of your systems to identify any suspicious activity and take immediate action.

You have to make it difficult for a hacker to attack you. By creating a multi-layered security system you can help protect yourself from becoming another statistic.

 

Why a Ransomware Attack is so Detrimental to Small Businesses – Q&A With Sam Card

Cards Technology

As seen in The Maryland Coast Dispatch

Ransomware is an increasingly common method of attack for hackers against individuals, small businesses and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world. Sam Card discusses why SMBs are a target and what you can do about it.

Q: Why would hackers be interested in my small business when they can go after the big guys?

Sam Card: You may hear about the larger organizations in the headlines, but lately it’s the small businesses that are becoming the primary targets for cyber-attacks. The main reasons that hackers find small businesses to be an easier target than larger corporations are because of vulnerable security systems, minimal formal security training and weak security policies.

Vulnerable security systems can include things like out-of-date anti-malware and endpoint security, network firewalls and email security solutions. Also, there seems to be an absence of regular cybersecurity training for staff to avoid phishing email scams or improper data sharing. Finally, infrequent network monitoring and poor password practices have been reported as “low hanging fruits” that hackers look out for.

Q: What are some immediate things I can do to protect my business?

SC: Understanding the techniques that cyber hackers use to attack your systems is a great first step in getting ahead. Things like diverse delivery systems and complex coding are common entry points into your system, and the more you know about how they are getting in, the better you can protect yourself.

Developing a multi-layered security strategy is another crucial element to protecting your organization. You may think a simple anti-virus program is enough, but there are much better tools now that work together in tandem to ward off sophisticated attacks and ensure the correct back-up options are implemented.

Educating your team on the best cybersecurity practices is another imperative step in the security puzzle. Today’s employees are regularly exposed to attacks through everyday entry points like email and mobile. Training employees to recognize threats is an essential part of complete cyber security.