Eight Negative Impacts of Technology

Negative Impacts of TechnologyAs a company that specializes in providing digital solutions for organizations of many shapes and sizes, we often witness the excitement generated by the access to new technology. But we also see the negative impacts of technology, especially with kids. As financial company Credit Donkey warns, “In a world of instant gratification and continual distractions, technology has the ability to make users easily distracted, impatient and continually bored. Technology can also make users forget important information, communicate in shorthand, and be incapable of deep thinking.” But of the many negative impacts of technology, we believe these are the eight most important.

1. Depression and Other Mental Health Issues

A University of Michigan study found that Facebook use led to a decrease in happiness and overall life satisfaction. The cause of depression may be exaggerated expectations triggered by online reality, and unrealistic social comparisons. Says Saju Mathew, M.D., a Piedmont primary care physician, “When we get on social media, we are looking for affirmation, and consciously or not, we are comparing our life to the lives of others,” he says. “As a result, we may not enjoy what’s in the moment.”

Also, research from the University of Gothenburg in Sweden found a link between heavy cell phone use in young adults and depressive symptoms. This is what some call “Chronic Smartphone Stress,” which is caused by constant anticipation of a message, email or other notifications, and the depression that might follow from the lack of them.

2. Lack of Sleep

Most adults sleep with their cell phones nearby, and so do their children. In fact, four out of five teens sleep with their cell phones in their room, and nearly a third of them sleep with the phones on their beds. Unfortunately, as The Washington Post reports, “The blue light emitted by the screens of mobile devices has been associated with poor sleep, researchers say, but mobile devices also can cause emotional stimulation—through violent games or engaging forms of social media—that also can impair sleep or simply delay the moment when people fall asleep.” A lack of sleep impacts your health and personality.

3. ADHD

As any school administrator can tell you, there has been a tremendous rise in ADHD over the last 15 years. In fact, there has been a 43% increase in ADHD or ADD diagnoses between 2003 and 2016 according to the Center for Disease Control and Prevention (CDC). While the exact connection between technology and ADHD is incomplete, a study published in the Journal of American Medical Association reports teens who frequently use modern digital media platforms, such as social media, also show an increased risk of ADHD. And a study done at Duke University found that, at-risk adolescents experienced more conduct problems and higher ADHD symptoms on days they used technology frequently.

4. Obesity

The increased obesity in children has been well documented. According to the CDC, 18.5% of America’s youth is now considered “obese,” compared to just 5% a few decades earlier. One cause of obesity is a lack of physical activity, and children who overuse electronic devices are less physically active. While play time has been shown to improve mood and increase self-esteem, sedentary activities (such as Internet use) not only lead to decreased physical activity, but have been linked to feelings of social isolation and depression.

5. Learning Barriers

As Credit Donkey reports, “Studies show that students, and people in general, are less apt to remember information because they know they can find it within seconds online. The study also shows that students are more likely to remember where to get the information rather than remembering the information itself.”

Additionally, a survey by antivirus company McAfee found that 21% of students admitted to using their internet devices to cheat, such as by texting a friend, looking up answers or even sending pictures of their exams to others. The same survey reports that 47% of those students reported knowing someone who used a device to cheat.

While the Internet can be a great source of learning, these reports remind us that they can also be a barrier to it, and one of the negative impacts of technology.

6. Decreased Communication and Intimacy

According to a Pew Research study, 25% of married couples admit to texting each other while home at the same time. Also, 25% of couples have felt their spouse or partner was distracted by their cell phone when they were together—and that number jumps to 43% for younger adults (18 to 29-year-olds). While the study reports that 74% of adult Internet users say the Internet had a positive impact on their marriage or partnership, 20% said the Internet impact was mostly negative.

7. Cyberbullying

You may already know that cyberbullying is the use of the Internet, cell phones, video game systems or other technology to send or post messages intended to hurt or embarrass someone else. A 2007 Pew Research study found 32% of teens were victims of cyberbullying. Nearly a decade later, a 2016 study by the Cyberbullying Research Center found those numbers were nearly identical. The National Crime Prevention Council puts that number even higher, at 43%. The NCPC also reports:

  • Nearly 20 percent of teens had a cyberbully pretend to be someone else in order to trick them online or get them to reveal personal information
  • Seventeen percent of teens were victimized by someone lying about them online
  • Thirteen percent of teens learned that a cyberbully was pretending to be them while communicating with someone else

Yet only 11% of teens speak with their parents about incidents of cyberbullying.

8. Loss of Privacy

With a few clicks, anyone can discover someone’s Facebook page and collect contact information, pictures and much more. The information can then be used for hacking and viruses. Anyone with email knows that hackers are constantly scheming to get people to reveal credit card information, social security numbers and so on.

Stopping the Negative Impacts of Technology

Many of those negative impacts of technology can be avoided with better and more open communication along with increased cyber education. This not only provides a greater awareness of one’s own actions, but helps users recognize the actions of others. As a leading provider of Internet security services, as well as cloud services and other technology solutions, we see the good and bad of technology every day. Technology can be a wonderful thing, bringing people closer together, delivering a nearly unlimited access to knowledge, promoting freedom of expression and providing countless conveniences from shopping to learning. And while the pitfalls are also numerous, so are the resources available to combat them.

If you have any questions about the negative impacts of technology, please reach out to us at Single Path. As experts on cybersecurity, we are always eager to share our knowledge and advice, just as we are always delighted to discuss the many services we provide for schools and businesses.

Contact us

The Why and How Behind Protecting Student Data and Teacher Data

In May of 2017, The Economist declared that data has replaced oil as the most valuable resource in the world. This means organizations that keep a lot of data, such as schools, are at significant risk from those trying to steal it. Districts and individuals who follow best practices for protecting student data and teacher data, however, can help stave off many threats.

The Numbers Behind the Why

In 2018 alone, K-12 schools reported 122 cyber attacks, resulting in “the theft of millions of taxpayer dollars, stolen identifies, tax fraud and altered school records,” per an article in Campus Safety magazine. Just one of those attacks affected 500,000 students and staff in the San Diego Unified School District, where names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices were stolen.

Those 122 cyber attacks were just the successful ones. In May 2018, the K-12 Chief Information Officer at the Kentucky Office of Education Technology testified to Congress that four billion attempted attacks had been launched against Kentucky’s education data infrastructure over the last academic year. It was also reported that phishing attacks had increased 85 percent from the previous year (see our previous blog posts on phishing techniques, Part 1 and Part 2). 

Why Teachers are at Risk

Teachers are targets because of the vast amount of demographic and administrative data that the school or district collects including teachers’ names, addresses, dates of birth, photos, Social Security numbers, banking information, performance data, health conditions, education credit information, and work records. Stealing this information can lead to identity theft and financial fraud. For example, recently hackers infiltrated the Cleveland school district’s payroll system, and were able to steal a large number of employee paychecks. Hackers did the same to teachers in the Atlanta Public School district.

Why Students are at Risk

Like teacher data, student data is also vulnerable as schools collect an ever-growing amount of information to meet state and federal requirements. Protecting student data is important as it can be particularly attractive to hackers due to clean credit histories and the availability of hard-to-collect information such as students’ mothers’ maiden names. How profitable can hacking be? According to a report from the Parent Coalition for Student Privacy, a child’s Social Security number can be sold for $25 to $35 on the dark web. Multiply this by hundreds or even thousands of students, and one school’s data base can be worth six figures.

How To Start Protecting Student Data, and Teacher Data

Protecting student data, and teacher data, is an ongoing job that involves a lot of time and resources. At the very least, you should incorporate the following seven best practices for protecting student data, and teacher data, as soon as you can.

1.    Secure Devices

While network protection may seem like your first priority, protecting your physical assets is just as important. A stolen computer can include a goldmine of data. As we wrote in a previous blog post, “The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school.” Keep unused computers locked safely, and track all the hardware you have. You can’t protect what you don’t know you have.

2.    Encrypt Everything

Encryption scrambles text to make it unreadable by anyone other than those with the keys to decode it. By keeping back-up files as well as emails and shared files encrypted, hackers will be unable to read them, should they gain access to them.

3.    Make Strong Passwords

As we’ve reported previously, 60% of people use the same passwords for everything and 81% of data breaches are due to weak, default or stolen passwords. Too many people repeat the same password over and over, so if one password is stolen, many sites are compromised. Other users choose passwords that are easy to remember, but also easy to guess. A password manager can be a critical tool in creating impossible-to-replicate passwords.

4.    Back-Up Data

The easiest way to thwart a ransomware scheme is to have a back-up of your data. Back-ups also protect you from any sort of disaster, whether natural or hacker-originated. Cloud computing can make backing up data, and restoring it later, much easier. Complete cloud migration now can eliminate a lot of headaches later.

5.    Educate Staff

Most data breaches stem from human error. For example, the 2017 Equifax data breach, one of the biggest in recent memory, was blamed on a single employee failing to follow security warnings. Even the most senior IT professional can make a mistake, but the more someone knows about threats, the less of a chance they will fall victim to one. That’s why training your staff on best practices, such as how to spot a phishing email, or what not to divulge on social media, can make a big difference.

6.    Educate Students

Not all students may fully understand the criminality of cybercrime, whether they are attempting to hack a school’s network or conducting a DDoS attack as a prank (which is exactly what happened to the school district in St. Charles, Illinois). Per an article on educational tech news provider EdSurge, “Students could potentially piggyback onto unsecured WiFi networks without ever leaving school property, making them susceptible to cybercrime. Providing lessons in ‘digital citizenship’… can go a long way to help protect school assets and the student’s identity.”

7.    Call Single Path

Most districts have limited expertise or resources to plan, implement and share the processes needed to protect their teachers and students. Often, a third-party provider will best be able to monitor, manage and protect the school or district. At Single Path, that’s exactly what we have done for many school districts, such as Great Lakes Academy in Chicago. Our comprehensive suite of services, including managed cloud services and security offerings are designed for businesses and schools to assess, prepare and protect against risk. Let us help you start protecting student data and more.

Ask us how to get started! 

Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked.

Many of us are constantly worrying: why did I click that link? Why did I go to that site? Why did I respond to that email? While there are many things we can do to keep ourselves and our organizations from being hacked, everyone makes a mistake every now and again. But being aware of the telltale signs you’ve been hacked can change the up-all-night question from, “Have I Been Hacked?” to “What Should I Do Now?” And asking that question can make all the difference.

  1. My Gadget is Too Slow!

Your computer is working fine, zipping along, and then … you wait. And wait. Your software gets sluggish, or constantly freezes or crashes. The commands you type take a few extra moments to respond, and your apps take forever to open. If you start noticing some of these symptoms, your gadget may be infected with viruses, trojans or worms. “Have I been hacked?” Quite possibly. Malicious software usually runs in the background, eating up your gadget’s resources while it’s active, often slowing down your system to a crawl.

  1. Why Am I Getting So Many Pop-up Ads?

Did you know malware can add bookmarks to your web browser, website shortcuts to your home screen, and modify the pop-up ads that you get while browsing? And when you click on that pop-up you could download another virus or be taken to a corrupt website selling bogus products or services to get your credit card information. “Have I been hacked?” If you start noticing browser pop-up ads from websites that don’t normally generate them, then the answer is probably, “yes.”

  1. I Got a Ransom Message!

Ransomware is malware that makes your data inaccessible unless you pay a ransom, often in online currency. “Have I been hacked?” If you get a ransomware demand, it could be fake, but there’s also a significant chance your data is gone unless you pay up. If you have a good, recent backup, you can simply recover the data without paying the ransom. If you haven’t backed up your data, you are at the mercy of the hackers holding your ransom. They might send you an encryption code to unlock your data if you pay the ransom. Then again, maybe they won’t.

  1. My Online Password Doesn’t Work!

You’ve typed your password five times. It’s the same password you always use. You’re getting annoyed it’s not working, and so you ask yourself, “Have I been hacked?” Someone might have logged in to your account and changed the password. But how? Per a current article by CSO online, this is most likely to happen after you’ve responded to a phishing email that looked legit, but wasn’t. You get an email you think is from a coworker or a vendor, and you share personal information, and next thing you know a site, with your credit card information conveniently stored, is in someone else’s hands. This is also why using the same passwords on multiple sites is a bad idea. Contacting one website to report fraudulent use is a challenge;  trying to remember all the dozens of sites with your password may be impossible.

  1. I Got An Antivirus Message!

This scam was a bit more prominent a few years ago, but it still comes up every now and again. Typically, you will get an antivirus warning after your computer has been infected. Get protection now! Your system may be compromised! Danger, Will Robinson! “Have I been hacked?” You bet. Clicking on the link takes you to a professional-looking website where they ask for your credit card number and billing information. The hacker now has control of your system and your credit card. It’s win-win for them (and lose-lose for you).

  1. “Where Did This Program Come From?”

Sometimes malicious programs are disguised as legitimate software. But if you don’t recognize the program it may be malicious. Unwanted software is sometimes installed at the same time you install another program; free programs you download from the web are often to blame. “Have I been hacked?” It’s a strong possibility. Always read your license agreements–some free programs actually admit they will be installing spyware or malware onto your computer to avoid legal action against them. They assume you’ll never read the agreement. Most people don’t.

“Have I Been Hacked?” If the Answer is Yes, Here’s What You Need to Do Now

If you have been hacked, you’re not alone. Research company Vanson Bourn found that 44% of organizations they surveyed had suffered multiple hacks in the last year, with an average loss of more than $1 million per company. Have I been hacked?” If so, you need to act quickly and:

  • Change all your passwords. Do this from another machine, as hackers can capture your keystrokes (commonly called keystroke logging). Don’t repeat any password on more than one page.
  • Use a password manager. Coming up with memorable and hard-to-uncover password for every site is nearly impossible. A password manager will create secure passwords and store them for you.
  • Enable two-factor authentication. If you’re not already doing this, use two-factor authentication for all your passwords. A hacker will need both your password and access to a physical device, like your phone, to access a site.
  • Report fraud. Always report fraud right away. Contact your bank and put a freeze on all your vulnerable credit cards immediately.
  • Update your antivirus software. While not 100% effective, these do work. Use a well-known provider. Some antivirus software is created by hackers, and the software will infect your machine, not protect it.
  • Check for new accounts. Open your Inbox, Spam, Trash, and Sent email folders to see if your email was used to set up new accounts—such as emails with subject lines that say, “Your account was successfully created.”
  • Reinstall your operating system and back up files. Reinstall your operating system, wipe your hard drive clean, and retrieve your backup files.

Or, call Single Path

Ideally, before you say,Have I been hacked?” you’ll take action to avoid that problem, such as calling Single Path. We can help restore your system after a hack, or even better, help prevent one from happening. Our Security Offerings give you a line of defense that leave hackers frustrated and seeking easier prey. And our Managed Cloud Services give you access to leading technology with the most recent security patches, without the need for ongoing investments. So, instead of asking “Have I been hacked?” you’ll be saying, “I’m glad I called Single Path.”

Ask us how to get started! 

How to Perform a Cyber Security Risk Assessment in Five Steps

How safe is your organization from cyberthreats? The best way to answer that question is by performing a thorough cyber security risk assessment. A cyber security risk assessment—the process of identifying, analyzing and evaluating risk­s—is the only way to know which cybersecurity controls you need, and how to prioritize them. Without such an assessment you could waste time, money and resources on events which might have minimal impact, and be ill-prepared for events that might have significant ones.

These Are the Steps You Need to Perform Your Own Cyber Security Risk Assessment:

  1. Review Your Resources

Before you can assess risk, you should review all the resources you need to protect.  Don’t just audit the resources you think might be at risk. Assess everything that connects to your network. Hackers will.

For example, did you know smart watches can be hacked to steal ATM PIN numbers and passwords, merely based on your hand movements? Or that someone can take control of a presenter’s screen and screen controls by hacking into video conferencing technology? In your cyber security review include IoT devices, unused desktops, and everything you use on a daily basis including telephones (landline and smart phones), applications and routers. A cybersecurity risk assessment will identify not only hardware but customer data and software.

  1. Identify Threats

Threat identification should include anything that can damage your infrastructure, cost you money from lost revenue, threaten intellectual secrets or infringe customer (or employee, or student or family) privacy. While a professional will be able to identify those threats more thoroughly than you can yourself, you can still perform a cursory review of them. For example, malware and viruses are obvious network risks.

The hardest part, and why a professional cyber security risk assessment is important, is identifying those lesser known risks, such as from your printer or voice mail. A professional will check to see if firmware updates have been made, as well as the status of your firewall and antivirus software.

Don’t forget to consider threat assessment from an internal standpoint as well. As

Jorge Rey, chief information security officer for accounting firm Kaufman Rossin recently said, “I think small businesses [are] worried about threats that [aren’t] even affecting them. They’re all freaking out about hackers, but they’re not even looking at their own employees and their access to systems and … data.”

  1. Rate Risks

Not every risk listed in your cyber security risk assessment is a high priority, and determining the risks, and impact of those risks, will help you determine where to focus your security attention and dollars. You should rate each risk on a scale of low to high. This will help you prioritize your initial and longer term efforts. For example, you could rate your risks according to this scale:

  • High – Substantial, possible crippling and unrecoverable impact
  • Medium – Damaging, but recoverable or inconvenient
  • Low – Impact is minimal and easily worked around

An example of a high-risk resource would be your perimeter routers. A router with outdated firmware could let hackers run rampant. Conversely, a low risk resource might be data or documents that do not have sensitive information, or that is publicly available.

  1. Analyze Protection

You likely have basic protocols in place, but how much protection do they really provide, and where are you the weakest? Hiring a professional (like Single Path) may be critical in completely understanding how well you are protected from each possible threat. DDoS security, adequate cyber security monitoring services, and employee training are basic proactive protection measures you should be taking (and which we have written about many times before on this site).

  1. Calculate Risk

Calculating risk will also help you determine what areas to prioritize, and what threats need immediate financial support in order to implement. Two questions to ask are: What is the chance of each incident occurring, and what amount of risk, if any, am I willing to accept? Your type of organization, such as whether you are a business or school, or a public or private entity, will no doubt greatly influence that decision.

When determining the likelihood of each event, you will need to list every breach point and possible point of origin for an attack, both external and internal. Depending on network complexity, this could involve dozens of breach/source pairings.

Single Path Can Help

Creating a cyber security risk assessment is not an undertaking that can be finished in an afternoon. It takes careful analysis, and quite a bit of experience. After you finish your initial steps, and have a basic grasp of your potential risks and vulnerabilities, you will want an outside expert to fill the gaps and take an unbiased, knowing look. At Single Path, we’re well-versed at doing exactly this. Single Path can help identify trouble spots, give advice on how to prevent problems, and also provide guidance if problems do happen. Our impressive menu of security solutions will go a long way to protect your valuable assets, and your organization from risk. A cyber security risk assessment is a critical step in protecting your organization. Ask us how to get started.

What You Don’t Know Can Hurt You: The Perils of Inadequate Cyber Security Asset Management.

cyber security asset managementWe’re often surprised at how frequently companies fail to adequately track their IT resources. But while tracking the life cycle of your IT devices is important to assure you maximize their value, it is also a critical safety issue. BYOD devices, mobile devices and third party cloud service providers only enhance the need for effective cyber security asset management.

A Wake Up Call

A recent, much read and passed around blog post from cybersecurity expert Daniel Miessler detailed many of the issues regarding lax cyber security asset management. Miessler wrote: “Asset management is arguably the most important component of a security program, but I know of virtually zero companies that have a single person dedicated to it.” He goes on to point out that, “Companies pay hundreds of thousands a year to keep snacks in the break rooms. They pay to send people to training and conferences that usually have very few tangible benefits … But pay 100K a year to have a list of what we’re actually defending? Nope.”

The Life Cycle of IT Assets

An IT asset life cycle refers to the stages that an information technology asset goes through during its time of ownership. Determining the current life cycle stage for each IT asset is a necessity for effective cyber security asset management and may look like this:

  1. Procurement. It should be a matter of course that, whenever an asset is purchased, it is recorded in your organization’s asset management system, and your IT devices and software should be no exception. Information should include model numbers, serial numbers, name of manufacturer and the department the equipment was purchased for.
  2. Distribution of assets. Recording to whom the assets are distributed, or redistributed, is the next necessary step to take for cyber security asset management. Many organizations lose track of who has what devices, and this can only get more muddled as employees leave, shift departments and so on. You’ll also want to tightly control what devices run which software assets; employees who have access to programs they won’t use or don’t need may only needlessly impair security.
  3. Maintenance and Upgrade. Software and hardware updates often have security patches (see our earlier post about the importance of patching). Each update or patch should be recorded, and verified. An organization should also record the last time a device was scanned or antivirus software run, or antivirus schedules.

Be thorough. In 2014, JP Morgan Chase overlooked one of their network servers when providing a security update. Hackers were able use this exposed server to steal data from roughly 83 million customers.

Maintaining devices also means making sure employees aren’t uploading or using unauthorized or unmanaged software. This software may be benign, or it could be an entry point for a hacker to invade

  1. A list of log-in users for each device. Even if a device is assigned to one specific employee, a device may be shared or passed around. Keeping a list of every user for each device can help protect them, especially when a staff member leaves, as a reminder their log in should be deleted.
  2. Disposal/Retirement. When a piece of equipment has run its course, don’t forget to verify that all the information on it has been wiped clean, so that company data is not vulnerable to hackers. You also may want to cancel or transfer licenses.

Keep in mind that cyber security asset management cannot be a one-time only chore; it’s success hinges on its continuity. You have to know when each asset changes hands, becomes outdated, needs updating and so on.

As cybersecurity company Compuquip says, “IT asset management is a lot of work—which may explain why so many companies fall behind on this critical task. But, the importance of asset management for your company’s IT components cannot be overstated.”

Let’s Get Started With Your Cyber Security Asset Management

Our recent blog post on cyber security monitoring stressed the importance of being proactive in keeping your organization safe form cyber threats. Cyber security asset management is a critical component of proactive security, and can be the difference between rebounding quickly after a cyberattack and not recovering at all. Understanding the importance of an active cyber security asset management system is a first and proactive step, but you also need to put that understanding into action. Single Path can help. We offer a wide selection of security offerings including infrastructure patch management, 24/7/365 network monitoring services, proactive desktop and server security and more.

Let us help get your asset management program started. Contact us for more information.

6 Ways to Improve Employee Cyber Security Awareness, for Businesses and Schools

According to Accenture’s Cost of Cyber Crime Study, the average cost of cyber crime in the United States reached $21.22 million per organization last year (compared to $17.26 million the year before). But you can’t depend solely on your IT department for your cyber security. After all, a chain is only as strong as its weakest link. Improving cyber safety means increasing employee cyber security awareness throughout your entire business or school.

Here are the 6 top ways you can get your employees on board to increase engagement and improve employee cyber security awareness.

  1. Education

Do your employees or staff know:

  • Working remotely using an unsecure Wi-Fi connection leaves computers vulnerable to attacks?
  • Using personal, unsecured devices for work can open the door to compromising an organization’s network?
  • What employees say and do on social media can be tracked by cybercriminals and used against them in the workplace?

Chances are, some if not all of those points may surprise some people on your team. Most experts agree that the #1 key to cyber security compliance at a business or school is educating staff on the risks. For example, in addition to the above bullet points, does everyone on your team know how to spot a Phishing email (see our earlier blog post, How to Spot a Phishing Email), or the risks of using a thumb drive (see our post, USB Security Risks: When Flash Drives Become Dangerous)? An educated team, with increased employee cyber security awareness, makes for a more secure organization.

  1. Assign Mandatory Training

Recently we came across an article in Forbes Magazine that recommended, “Employees and management from all industries should be assigned mandatory cyber security compliance training every year.” This requirement can be administered with computer-based training modules and tied into annual reviews. When implementing training you’ll want to ensure executive and management support, a way to measure success, and also consider incentivizing participation (for more information, check out our earlier blog post, We’re Only Human: The Importance of Security Awareness Training.)

You may want to work with an outside partner to implement training, such as Single Path. We’re well versed in educating and training staff in the most up-to-date cyber security best practices.

  1. Establish and Promote Simple Procedures

More often than not, employees are happy to follow procedures as long as they are aware of them, and they are easy understand. Create organization-wide procedures for your team to follow. Make sure they are functional, actionable and simple.

Once you have those procedures in place, figure out the best way to communicate them within the organization. Keep communication friendly, and avoid hard-to-understand cyberspeak. Says Ashwin Ramasamy, co-founder of marketing intelligence company PipeCandy, “We use comic book-like imagery and sci-fi and comic language in posters across the office that reinforces the message without being suffocating.” Choose a method of communication that will resonate with your team.

  1. Encourage Reporting of Incidents

The best-trained employees can still fall for a hacking ploy from time to time, such as opening a file or clicking a link without thinking. Even IT professionals fall for these tricks. But if a user feels foolish for falling for an attack, and are embarrassed, he or she is less likely to report it. Create a reporting system that rewards staff for reporting suspicious messages, and that allows them to share mistakes without penalty or stigma.

  1. Have Employees Manage Initiatives

Rather than protocols created only by management, make cyber security policy an employee-managed initiative. Create a committee with representatives from every department, and make it their responsibility to set procedure, communicate policy and enforce compliance. Department participation, where everyone feels included, helps ensure individual buy-in.

  1. Make Awareness a Part of New-Employee Orientation

Employees expect to learn rules and processes when they start a new job, and making cyber security a part of their new-employee orientation stresses its importance, and immediately lays the groundwork for your expectations. An employee handbook is also a great place to publish protocols and procedures.

Your Employee Cyber Security Awareness Partner

To implement an employee cyber security awareness program it helps to have a proven partner. Single Path has helped countless businesses, schools and other organizations create a robust, living program that connects employees and staff to best practices. We can help you create a functional and effective cyber-threat strategy for your school or business. Single Path Security offerings are extensive, collaborative and modern.

Ask us how to get started!

Five Top Cyber Security Threats for 2019

Cyber security concerns have been around for as long as there has been cyber-anything. The first computer virus was found infecting computers in the early 1970’s and the first malware author was convicted in 1988. Those early infections were primitive compared to today’s hacking threats, which continue to grow more complex and sophisticated. While it’s vital to be prepared against any contingency, no matter how remote, we consider these to be the top cyber security threats for 2019.

Cryptojacking Rising

Ransomware has grown by 350% according to a report by Dimension Data, and accounts for 7% of all malware. It has been reported that ransomware costs American businesses north of 75 billion dollars a year, with most attacks never publicly disclosed. The biggest increase in ransomware is expected to take the form of Cryptojacking, also known as “Cryptomining malware.” We discussed the problem of Cryptojacking in a recent blog post, in which we described how hackers can hijack computer processing power to mine cryptocurrency. We expect these cyber security threats for 2019 to continue to grow.

Software Subversion Expanding

As Security magazine reports, “While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing.” In other words, the software you download may be infected, giving hackers a back channel into an entire network. Malware has even been detected in open source software libraries. Another variant is this: hackers may offer software that is spelled slightly different than a popular application (such as adding an “s” or leaving out a letter), with the only other difference being the inclusion of malware. So be careful what you download, even if it’s from a seemingly trusted source.

Cybercriminals Uniting

One of the top cyber security threats for 2019 is due to the expanding resources available to cybercriminals. Historically, many cybercriminals have worked alone, or in small groups. That’s starting to change. The proliferation of hacker forums and chat groups have launched a robust black market where cybercriminals buy and exchange malware, botnets and other criminal resources. The availability of these rogue offerings means that even inexperienced, or less able, hackers can launch sophisticated attacks. These “malware-as-a-service” opportunities will only continue to grow, which will result in an increased number of cyberattacks, especially in regards to identity and credit card theft. If you think the threats are numerous now–and they are–an aggressive and nearly overwhelming wave of attacks may be on the horizon.

Synergistic Threats Increasing

GandCrab has been in the news frequently. Discovered in January, GandCrab is a ransomware Trojan horse, encrypting files on a computer and then demanding payment to decrypt them. Just recently, the group behind GandCrab has targeted users visiting adult websites, asking for money to keep silent about their potentially embarrassing visits. This, however, is just a ruse to mask their real intent. When a user clicks on the email link, he or she inadvertently installs the GandCrab ransomware onto his or her computer.

GandCrab has grown to be so large, they are actually soliciting cybercriminals to partner with them. As McAfee reported, “At the end of September, the GandCrab crew started a ‘crypt competition’ on a popular underground forum to find a new crypter service they could partner with.” This will let the GandCrab organization expand its criminal activities in new, unforeseen, ways.

In 2019, many experts, including Security magazine, predicts attackers will continue to combine tactics to create multi-faced, or synergistic, threats. To combat them, organizations will also need to synergize their defenses.

Social Media Misinformation Mounting

The proliferation of Russian-originated Facebook pages influencing the 2016 U.S. presidential elections has been well documented by news sources across the world. So it shouldn’t be a surprise that cybercriminals are eyeing social media as offering rich opportunities for criminal enterprise, with posts and pages displaying an impressive degree of professional-looking design for dishonest purposes. Botnet operators are able to test messaging just like a marketer, including the use of hashtags, to determine the success rates of their misinformation.

Social media platforms are aware of the potential abuse, and are focusing their resources on stopping it, but with so many users, and so much data available on sites, criminals will further focus their resources on these big-scale platforms.

Protect your business from the Cyber Security Threats for 2019

These five cyber security threats for 2019 are just the tip of the iceberg. There are many more threats out there, many of which we may not even be able to imagine yet. The only thing an organization can do is to be prepared with smart, sophisticated technological resources and by adhering to best Internet safety practices. Consider Single Path your partner in anti-crime. Single Path Security Offerings run the gamut from employee training to insider threat solutions. We’ll help you be prepared for the cyber security threats for 2019 and also those still to come.

Ask us how to get started!

Six Steps to Creating an Effective Business Continuity Plan

You take all the recommended cybersecurity precautions. You back up. Your staff is trained on processes. You have firewalls in place, passwords that are hard to decipher, and the most recent security patches in place. Yet, you still worry. You’re not alone. According to a recent survey, businesses ranked cyberattacks as their #1 threat, with data breach a close second. But if you are victimized by a cybersecurity incident, what do you do now? If you have a business continuity plan in place, the answer to that question is easy: follow the business continuity plan.

A business continuity plan is not the same as a disaster recovery plan, although they have a lot of similarities. As CIO magazine explains, a BC plan is about “maintaining business functions or quickly resuming them in the event of a major disruption,” while DR “focuses mainly on restoring an IT infrastructure and operations after a crisis.” In other words, DR is specific to IT, while a business continuity plan is concerned with the continuity of the entire organization (we discussed the six things you needed to include in your disaster recovery plan in an earlier article).

When you create your business continuity plan, make sure you take into account these six criteria:

  1. Conduct a business impact analysis

As Ready.gov reports, your business continuity plan should start with a complete analysis of the consequences of a business disruption and can include:

  • Lost sales and income, or delayed sales or income
  • Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
  • Regulatory fines
  • Contractual penalties or loss of contractual bonuses
  • Customer dissatisfaction or defection
  • Delay of new business plans

Your Business Impact Analysis should also detail various risk scenarios and prioritize the order of events for restoration.

  1. Get everyone involved

If you are making the assumption that IT security is solely the responsibility of the IT department, think again. Your entire organization should be working together to protect its data and systems. Consider holding a brief workshop on IT security, create a business continuity management committee with members within and outside the IT department, and consider the impact and recovery on each member of your staff.

One crucial area of involvement is with your leadership team. As reported by Disaster Recovery Journal, it’s important for executives to support a culture of collaboration and to be transparent. “If executives support a culture of transparency, people will be more willing to reveal and troubleshoot problem areas in your organization’s processes. Down the road, this could help the organization mitigate a major vulnerability.”

  1. Establish work-arounds

Ready.gov paints this scenario: “Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now?”

Developing manual workarounds eliminates uncertainty. For example, listing contact personnel (along with phone numbers and contact information) and providing specific details, such as how to document transactions manually, gives your team direction. You may need to reassign staff or even bring in temporary assistance if systems fail. How will you do that? Plan it all out now in your business continuity plan.

  1. Keep data on the cloud

The best way to ensure your business can continue to run, is by backing up all your data on the cloud. A cloud service ensures that an organization’s critical data and processes are secure off-site. An organization can then quickly ramp up their systems in the case of a disaster. If you’re not already on the cloud, check out our earlier posts, 12 Reasons to Move Your Business to the Cloud and 9 Facts to Know About the Risks of Moving to the Cloud, and How to Manage Them.

  1. Ready crisis communication efforts

How prepared is your organization to quickly and effectively respond to and communicate with the public—and each other–during or after a cybersecurity incident? If you are hit by a breach, you may need to issue statements to the press, customers, partners, vendors and staff. We recently posted an article about emergency communication preparedness, in which we stressed the importance of drafting some templates that cover various scenarios. As we wrote: “it’s faster and easier to tweak a message than to write one from scratch for a multitude of mediums, and even multiple languages, if needed.”

  1. Test your business continuity plan

The time to ensure your business continuity plan is effective is before you need it. Is it comprehensive? Are there gaps? For example, are contact phone numbers correct? Are you able to restore data from the cloud without significant barriers or challenges? Since the network may be down, are there hard copies of the business continuity plan, and are they distributed to all the members of the team?

As suggested by CIO magazine, testing options for your business continuity plan include a table-top exercise in a conference room with the team looking for gaps, a structured walk-through or “fire-drill,” often with a specific disaster in mind, and disaster simulation testing in which an actual disaster is simulated involving all the equipment, supplies and personnel (including business partners and vendors) that would be needed.

  1. Call Single Path

While all the steps above are important there’s a seventh step that may be just as vital: call an outside partner like Single Path. As experts in cloud services, IT security solutions and more, Single Path works with businesses, schools and other organizations to protect them from cyberattacks and help them recover when they’re hit. Planning, monitoring and adhering best practices go a long way to protecting your customers or clients, team members, vendors and your own business. Calling a partner like Single Path, and getting your business continuity plan published, are important first steps.

Ask us how to get started!

How to Spot a Phishing Email

Business organizations and schools are under cyber attack. Just this past week, it was reported that the FBI uncovered a phishing email scam aimed at stealing funds from New Jersey state employee online payroll accounts. The emails requested employee login credentials, which the criminals could then use to redirect an employees’ direct deposits. A similar ploy was recently directed at school employees in Atlanta, and the FBI Internet Crime Complaint Center (IC3) has issued a public warning about phishing email payroll fraud.

The Telltale Sign of a Phishing Email

A simple request to confirm login data, such as in the recent New Jersey state employee scam, may seem legit at first glance. Often these emails may seem to come from the organization itself, a vendor or software provider, or another trusted source. Some of these phishing email schemes are amateurish, but others are more sophisticated and harder to detect. Here are some signs an email may not be on the up-and-up:

  • Subject lines that seem “too good to be true.” They probably are.
  • Subject lines that make threatening statements. Common phishing subjects are “Your account is about to close,” or “Final Warning.”
  • Non-personalized, generic introductions. Look for terms like “Hello Valued User” or “Attention Client.”
  • “From” addresses that may be misspelled or misconfigured. For example, the email may come from someone @ “company-corporation” or “cmopanycorporation” instead of “companycorporation.”
  • Direct links. Always go directly to the source rather than clicking on an email link, or hover over the link to check the actual long-form URL, and not the shortened version displayed in the email text. You may be surprised to see where the link is actually pointing.
  • If you’re not sure, follow your gut. A phone call or personal email confirmation to a colleague or vendor may not only confirm if an email request is on the up-and-up, but alert someone their email might be hacked.
  • And in all cases, never open unexpected attachments, which could have viruses or malware attached.

The FBI also suggests, in response to the New Jersey phishing email scheme, these additional precautions:

  • Employees should forward suspicious requests for personal information to the information technology or human resources department of their organization.
  • Ensure that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.

Happy NCSAM

This month (October) is the fifteenth annual National Cybersecurity Awareness Month, an annual initiative to raise awareness about the importance of cybersecurity.

There is plenty of information you can find in support of NCSAM, but one report we found particularly helpful was the Cybersecurity Awareness Toolkit for Small and Medium-Sized Business, as published by the Cyber Security Alliance, Facebook and MediaPro. This toolkit includes a great deal of information on how to identify phishing email tactics.

The toolkit also splits organizational emails into three general buckets, with warnings on why these groups may be targets:

General Population Phishing. The best way into an organization’s network is through its employees, especially when their level of alertness to cyber crimes may be uneven.

HR Manager. HR professionals must be particularly wary when it comes to phishing emails seeking personal information, as they are often the keepers of employee tax and health documents.

Executive Phishing. As privileged users, many executives have greater access to an organization’s network, making them particularly attractive phishing targets.

Whether someone is on the top rung or still climbing the company ladder, their awareness of phishing email techniques can make a big difference in the security of an organization.

Phishing, Solved

We recently wrote a two-part blog post on phishing, and the most common techniques hackers are using to steal your information (check out our phishing blog post part 1 and phishing blog post part 2). Among those techniques we described were phishing email schemes, just like those in New Jersey and Atlanta.

No matter what phishing technique is used, everyone always thinks, “It won’t happen to me,” or, “I’m too smart to fall for that.” But even the best of us can make a mistake. So, what do you do when you mess up, or someone at your business or school organization does?

Contact Single Path. At Single Path, we are experts on beefing up your online security to protect your organization from malicious schemes including employee training of best practices, proactive desktop, server and network infrastructure patch management, and the installation of backup protection. We are also experts at helping you rebound from an attack or natural disaster. With Single Path Security offerings you have access to a wide range of collaborative and customized protective services. Let us help you avoid being victimized. After all, falling prey to a phishing email scheme is a mistake, but doing nothing to prevent it from happening may be an even bigger one.

Ask us how to get started!

School IT Safety: Five Tips for Smarter Physical Security

At Single Path, we spend a lot of time thinking, acting and working on ways to protect computers electronically—backing up data in case of system failure, keeping private information away from hackers, ensuring safe and trouble-free 1:1 learning environments and more. But we know that keeping schools safe also must include physical security, and technology can play a vital role in maintaining it. Physical security includes the use of on-premise safeguards to monitor and protect the facility from theft, intruders, sabotage and even stopping vandalism.

The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school. But how can you build a secure and safe school environment? Following these five steps is a start, and will go a long way to keeping your school safer.

1. Build a Culture of Security

An organization’s employees are its first line of defense. Train your staff on security awareness, such as locking and encrypting their systems, choosing safe passwords and only sharing confidential information with those who need to know. Making security top-of-mind and habitual is an important component to overall school security.

2. Teach Safety

It takes a village to ensure safety: go beyond your staff to educate everyone. Computers are great resources for children in both learning and social interaction, but schools should also educate them on how to protect their information online and offline, especially in school environments where personal devices may be used. Mark Hickman, COO of global data security company WinMagic said—as quoted in an article from School Planning and Management Magazine—“Teaching about Internet safety and data security is fundamental in providing the tools and knowledge required for youth to understand their role in protecting their valuable personal information.”

3. Secure Rapid Communications

We recently wrote a post, How to Create Your School Cyber-Threat Strategy in which we detailed one of the most important physical security measures you can take—installing or incorporating a robust and simple communication system. The ability to send timely alerts, warnings and information is vital in times of imminent threat such as from a natural disaster or intruder.

4. Assign a Security Manager

An in-depth guideline from the National Center for Education Statistics (NCES) highlights the need for a security manager to lead security efforts. That manager can be a current staff member or a new hire. According to NCES, the Security Manager should have four main responsibilities:

  1. Increase staff awareness of security issues.
  2. Provide for appropriate staff security training.
  3. Monitor user activity to assess security implementation.
  4. Educate the staff and leadership on the importance of security for both the individual and the organization.

5. Be Smart

One of the keys to staying safe is simply being smart and avoiding common mistakes. The folks at biometric software and security service provider Bayometric detailed some common security mistakes. This list is relevant to all organizations, including schools and school districts, and includes:

  • Not keeping and following documented standard operating procedures for security
  • Poor employee awareness about security, not conducting any training or workshop
  • Not taking security breaches or crimes seriously within the organization
  • Cutting budget to security measures to save money
  • Not aware of the security breaches or crimes happening in neighborhood
  • Not listening to safety concerns of employees
  • Poor disposal practices of sensitive documents
  • Unattended security measures or poorly maintained security equipment

Find a Partner

We titled this post “Five Tips” but really, we probably should have made it six—as this final tip is just as important. Find a partner to help. We know you and the staff at your school or organization are busy. We know how easy it is to put things off for later. That’s where we come in. At Single Path, we have worked with businesses, government organizations and schools to provide complete IT and Security Solutions. We can review your current security protocols and make recommendations for improvement, train staff, find, buy and install optimal technology solutions and so much more. Waiting can be a mistake; you never know when security is needed, and tomorrow may be too late. We can help keep your school safe, including staff and students, by providing you with smart security choices now.

Ask us how to get started!