Marketing breaching GDPR is a real issue! The General Data Protection Regulation (GDPR) has had a profound impact on how businesses communicate with prospects and customers, and how they conduct their marketing. There are still businesses that believe that once users consent to their marketing campaigns, they can use the gathered personal data however they want.
But this can get you in a world of trouble!
GDPR is much more complex than getting consent from visitors and users. While many news outlets have placed emphasis on how consent is handled, it’s actually about the way businesses handle and protect personal data, what they use it for, and how they seek permission to use it. GDPR is not a directive – it’s a regulation, and it’s legally binding. Companies could easily breach GDPR with their marketing efforts, and here the 6 common ways it can happen:
#1 Contacting people without active consent
GDPR regulates consent in extensive detail, and according to their regulations, consent must offer real choice, and users have to be in charge! It needs to be prominent, and users should have no issues understanding it. It should also be always requested on its own, not as part of any terms or conditions.
The only valid consent according to GDPR is a positive opt-in and requires you to disclose any third-parties that rely on that consent. You should also provide an easy way to withdraw consent.
#2 Automatic opt-ins
Automatic opt-ins were a common method to trick users who weren’t paying attention to consent. Such tactics are considered predatory and are considered marketing breaching GDPR tactics. Any tick boxes that are pre-ticked or say “click to opt OUT” are a huge breach.
Remember: The only type of consent accepted under GDPR is a positive opt-in.
Where are you storing your lead lists? While it’s very convenient to have them readily available on a shared Google Drive or OneDrive document, that’s a very poor practice and definitely a GDPR breach if you have the link set to public for sharing.
How long you keep the information is also important. Under GDPR’s data minimisation principle, holding information for too long is a marketing GDPR breach,so it’s important to delete it as soon as you don’t need it.
#4 Obtaining lists without confirmation of consent
One way marketers fill up their sales pipeline is with purchased lead lists. There’s a lot of third-party lead generator sites that are willing to sell lists to you. But you have to be careful when buying lists.
If these generators don’t have active consent from users on distributing their data to other parties, then YOU will be the one who’s breaching GDPR as soon as you contact those prospects.
You always need to have proof that they consented to be contacted by you, whether they gave the consent to you directly, or through third parties.
#5 Ignoring erasure requests
Users who have given consent to collect and process their data have the freedom to withdraw that request at any time. They can also request that you delete all the data that you have gathered on them. Not answering those requests is considered marketing breaching GDPR.
Do you know how to erase data? Do you know how much time you have to get back to them once they send a request?
Data security is the staple of a successful business in this era, and most businesses invest into at least basic cyber security. After all, it’s much more affordable when compared to the aftermath of a data breach. Before you implement security measures that will keep your business and reputation safe, you should know what type of data you deal with, and you can do that with data discovery tools.
What’s Data Discovery and How Does It Help My Business?
The importance of data discovery in cyber security is experiencing rapid growth because of stricter regulations like the General Data Protection Regulation(GDPR) that mandate all businesses should be well aware of what kind of data they collect and how they use it. But what is data discovery anyway?
Data discovery is a business process of collecting and analysing data to gain insight into trends and patterns. This insight helps businesses shape their critical business decisions.
And while most businesses today will happily collect data to make data-driven decisions, they will often fail to store and protect that data in a systematic and logical manner.
This causes two critical issues:
When data is disorganised, it will impact data analysis and affect the end result, which can lead to bad business decisions.
Disorganisation also increases the risk of data being accessed by unauthorised entities, either through a data breach or because it was accidentally disclosed by an employee.
Data discovery helps businesses not only collect and analyse data, but it also shows them where and how data is stored and who has access to it, which gives them a good idea of how safe that data really is.
Data Discovery in Cyber Security
Because data discovery provides quite a number of benefits to a business, it’s safe to assume it can help with cyber security too. So what’s the best way to use data discovery in cyber security, and what benefits will this bring?
It is the first step to becoming GDPR compliant. Businesses gather all kinds of data to gain insight into the latest trends and preferences, and for this purpose, they often store sensitive data from their users and customers.
GDPR requires that ALL businesses that deal with personally identifiable information (PII) from EU citizens to disclose they are using and storing this data.
In addition, they must have consent from the user/customer to store all that data, and keep records of consent too. If they don’t, they are not allowed to store it.
Any type of data that can lead to the identification of an individual falls into this category: name, address, online identifiers, ID numbers, IP addresses, even cookie identifiers.
It helps you implement the right cybersecurity measures. It can be hard to choose which cybersecurity measures are the best option for your business.
Firewalls and secure networks are a good start, but without implementing data discovery in cybersecurity, you won’t have a structured overview of your data, or who has access to it.
This also helps you implement data encryption that limits further data sharing and disclosing it to somebody without the right authentication.
It helps you identify security threats quickly. When you have a unified and structured overview of your data and can see who accesses it and in what way in real time, you can quickly respond to any type of threats.
Machine learning and AI solutions can help you automate this process and monitor users’ access and detect any anomalies.
For example, if there is a sudden surge in data access from a specific access point, you will get a warning to investigate. In case you determine there was indeed a breach, the scope of the breach will be very limited.
Data Discovery Brings Your Cyber Security to a Whole New Level
With increasing volumes of data flowing through your on-prem or cloud data centres, you need solutions that will not only give you insights into trends but what type of data you have, where it’s stored, and how many of your employees have access to it. By structuring your data according to sensitivity levels and implementing solutions that limit access and keep a watchful eye on how it’s used, you will be able to thwart cyber security threats before they become a problem.
Cybersecurity is a vital part of every business that deals with any type of sensitive data. With online threats becoming more diverse every day, and the increasing regulations like GDPR. It is imperative that businesses stay on top of the latest cybersecurity developments for 2019.
Here are the most important things to consider when looking for ways to improve cybersecurity for businesses:
Hacking Is an Industry Now
Hacking has become a lucrative industry, with certain types of data being more valuable than others. Medical records, for example, are worth ten times more on average than credit card details.
Because there is so much money involved in hacking, it is not surprising that hackers are launching highly sophisticated attacks that are hard to detect and can be disruptive not only to normal business operations, but also to wider government-operated systems, like power grids for example. As such, hacking threats should be taken seriously, because a data breach can easily bring your business to a halt or end it altogether.
It’s Harder to Detect Breaches
Ponemon’s 2018 Cost of Data Breach Study states that it takes 197 days on average to detect a breach. After that, it takes another 69 days on average to contain a breach. This is a very long time for a breach to go undetected, costing businesses millions. For smaller companies, such a devastating breach could mean the end of their operations. Larger companies have an easier time to recover, but it still takes months or years.
Third-Party Apps and Vendors Are Common Vectors of Attack
With cloud computing being the new norm, it can be hard to confine sensitive data within an isolated data centre in your office. The majority of data today is stored in the cloud, with many businesses sharing data no only internally, but also to external third-party vendors or applications.
If these apps or vendors do not take adequate security precautions resulting in a data breach, the business can still be held accountable for the loss of sensitive data. Make sure then to check all third-party vendors your business deals with.
Data Protection Is More Important than Ever
Businesses who don’t invest in cybersecurity should be held accountable. It doesn’t really matter whether it was just an oversight or due to negligence – if the someone steals valuable data, there should be serious consequences.
Lawmakers are becoming aware that cybersecurity is an important aspect that needs to be regulated seriously. We are already seeing the adoption of stricter laws and regulations – the General Data Protection Regulation (GDPR) is just one of them.
Not only do such laws and regulations force businesses to improve their security, but they also help protect users against predatory practices like selling data to third parties without the user’s explicit consent.
Any business who is serious about what they do should have transparent data collection and usage policies. They should have adequate security and encryption for their data.
AI Helps Companies Protect Against Attacks
Advancements in AI and machine learning have made predictive analytics an ally against cyber attacks. Businesses have more overview of their real-time security than ever before. And predictive analysis helps them promptly detect anomalies in their operations. This is especially beneficial for the financial sector such as banks, and other businesses will reap the benefits as well.
As a business owner, you should be aware of the cyber threats lurking about. Know also that no target is too small for hackers. Make sure to update all your software regularly and educate your employees. Ensure that any third-party vendors or applications you deal with are taking cybersecurity seriously too.
Human interaction is the element that makes social networks so great, and businesses use it to connect with their user bases on an individual level. This human connection is also a vector used by hackers to get access to classified information, as well as access to internal networks and data. Such techniques are known as social engineering hacks.
Social engineering hacks is when hackers present themselves as trusted and friendly individuals or businesses to get their targets to disclose privileged and sensitive information. This tactic requires lots of research on the target to be successful, and the attack if often specifically aimed at individuals who have low-level access within their organisation, as this is enough to get access to everything else once they are in.
Research and reconnaissance include scanning the targets online behaviours and patterns, and social media accounts are a treasure trove of information. This is why it’s so important that all employees keep their social media accounts secure. The following seven tips will help keep social media accounts safe from hackers:
#1 Avoid Taking Part in the Things that Have Your Personal Details
Do you know all those various quizzes that “analyse” your social media account to tell you which “Game of Thrones” character are you most like, or tell you what kind of salad you are? How about some extensive personality tests that ask you to disclose super specific information about yourself to tell you what type of personality you are?
Always make sure to check what type of information you reveal and authorise access to. Many of them will require you to allow access to all your online images, your whole friend list, or your bio and personal information that might include phone numbers and emails. Only use such things if you can be 100% sure that the information you share will be used solely for marketing purposes and not compromise the security of your account.
Password strength is what makes or breaks the security of your social media accounts. First of all, make sure to use a strong password. The holy trinity of strong passwords is a combination of the following:
Lower- and uppercase letters
Have at least 8 or more characters in your password, and never use personal details and information like your kid’s names or birthdays in your passwords, as this makes access easier. To minimise the risk of being hacked, change your password regularly and never use the same password for multiple accounts. If you have trouble remembering all your passwords, use a trustworthy password manager instead.
Once something is on the web, it stays there forever. Your online behaviours can be tracked, and most people don’t think they are valid targets to be tracked online, so they will reveal too much on too many public places.
Imagine sharing your personal or work email, where you live, or images of your kids and your home to any stranger you meet on the street. It would be quite reckless, wouldn’t it? This is exactly what many people are doing online when they don’t think about their privacy settings and post publicly on their social media accounts.
When using Facebook or any other social media site, make sure to limit your posts and images to your friends only. If you wish to share something publicly, always ensure that it can’t be something used to get access to your accounts or to follow your actions online. Also be wary of friend requests from people you don’t know. Chances are, at least one of them might just be trying to get access to your information.
#4 Up Your Account Security
A strong password is just a first step towards a safer account. Wherever possible, use additional security in form of two- or multi-factor authentication (2FA or MFA) – they will ask you for an additional code that’s generated just for you once you type in your login credentials. This way, if someone manages to crack your password, they will not get any further because they won’t have the code they need.
#5 Use Quality Antivirus Software
Make sure to have good antivirus protection on your PC. Your antivirus must not only regularly scan your PC, but also monitor your online activity. Such suites will immediately let you know if there’s an infected link or attachment in your emails. It can also scan social media messages and quarantine it before you could click on it by mistake.
#6 Only Install Apps from Trusted Sources
Since there’s limited access to good antivirus software for mobile phones, stay safe by only installing apps from trusted sources. Examples of trusted sources are Google Play and Apple’s App Store. Apple, in particular, is very strict when it comes to what apps are allowed on their store. They do a full scan and inspection of every app before it can be approved and published in their store.
#7 Log Out of Devices and Close Old Accounts
If there are some accounts you are not using anymore, it doesn’t mean they are safe from hackers. Always close all old accounts you are not using anymore. This way, you make sure hackers don’t get access to them and use them without your knowledge.
Also, make sure to log in on trusted devices and on trusted networks only. Make it a point to log out of all your active sessions regularly. This will help those services recognise anomalies in your login patterns and detect a possible breach easier.
Have a proactive approach towards your social media security and you will be a very hard target for anyone trying to get access to your accounts. It will be a challenge for anyone to launch social engineering hacks against you.
Have more questions? Check out our Smiley Geeks IT Help Membership from only $69 a month!
Contrary to popular belief, the hospitality industry is an excellent target of cybercrime because of the sheer amount of personal and sensitive data held. In fact, there are several businesses that have already faced data breach fines.
Every day, hotels, hostels, and restaurant chains handle credit cards, emails, contact preferences, home addresses, and other sensitive data from millions of customers, and hackers want to get their hands on that information.
A data breach can go undetected for quite a long time, as some of the cases below demonstrate, which would only increase the GDPR fine nowadays!
Here are 6 hospitality businesses who have recently faced data breach fines, and the cybercrime that caused them.
Back in 2014, Hilton hotels were a victim of a data breach, followed by another breach during 2015, which resulted in the data loss of over 360,000 customers. The data that was stolen held sensitive information like credit card numbers, names, addresses, and more.
The biggest issue is that Hilton failed to inform its customers about the breach in a timely manner. It took them ten months after they learned about the breach to inform their customers. This resulted in a $700,000 fine for lack of adequate security and failing to inform customers about the breach. If this had happened recently, their fines would be much higher under GDPR – they would probably have to pay around $420 million.
Radisson Hotel Group faces fines under the newly adopted GDPR. The breach was discovered in 2018, with Radisson claiming to have promptly informed the EU regulators within the 72-hour timeline. It was detected in the Radisson Rewards database, and some members of their Rewards programs were compromised.
Apparently, credit card or passwords were not stolen. Stolen data included names, addresses, email addresses, company names, Rewards member numbers, and frequent flyer numbers. As a result, the hotel chain might be facing a €10 million fine.
Even Trump hotels aren’t spared of data breaches. The hotel chain suffered a data breach back in 2014 when over 70,000 credit card numbers and other personal data were stolen via the payment processing system that was infected. The now president Trump agreed to cover the $50,000 fine that was issued because the hotel chain didn’t bother to inform their customers about the breach even though they knew about it for months.
Restaurant chain Wendy’s had to pay a hefty fine because of the data breach that happened in 2015 and 2016 when 1,025 POS systems used at their locations were infected with malware that led to a lot of stolen credit card info. It is reported that over 18 million cards were compromised in the breach.
Many of these cards were used to commit fraudulent online purchases. As a result, Wendy’s had to face a class action lawsuit from affected financial institutions and consumers. Wendy’s reached a settlement that required them to pay $50 million by the end of 2019.
Zippy’s restaurant chain based in Hawaii suffered a data breach in November 2017. They first discovered the breach in March 2018. All cards used during that time might have been affected. The compromised information included credit card numbers, expiration dates, names, and security codes.
There is no information about how many customers were affected, but a class action lawsuit was filed against FCH Enterprises, the owner of Zippy’s Restaurant. It’s worth noting that not only the restaurant chain was affected. The other franchises held by FCH – Napoleon’s Bakery, Kahala Sushi, Pearl City Sushi, and Pomaika’i Ballrooms. FCH reached a settlement and agreed to pay $725,000.
Probably the case that got most traction is the large data breach that occurred with the Marriott hotel chain. Personal data and credit card details, even passport numbers and dates of birth of more than 500 million of their customers were stolen. The Marriott group includes hotel chains such as Sheraton, Westin, W, Le, Meridien.
The breach was first discovered in September 2018, while detailed investigation revealed ongoing unauthorized access dating back to 2014. They did encrypt sensitive data such as credit card information. However, the group stated they cannot be sure that encryption keys were not stolen too.
The most concerning part is that this was ongoing for four years, meaning security monitoring profoundly failed. The fine: $3.5 billion dollars plus $915 million from ICO GDPR.
With the rising risk of data breach and rising prices of fines, make sure you protect your customers’ sensitive data. This is especially true with the GDPR in place. By doing so, you avoid fines and ensure your guests rest easy knowing their personal information is safe with you.
The last several years have revealed that hospitality businesses are vulnerable to cyber attacks. Many major hospitality players being victims of cybercrime that was in some cases undetected for years. In a separate post, we have cited six hospitality businesses that faced data breach fines resulting from hospitality business hacking.
Hackers are becoming increasingly innovative in ways they gain access to secure hospitality systems. In contrast, the hospitality sector is lagging behind in security measures. Businesses often don’t treat cybersecurity as a priority but prefer to focus on customer experience only, which can have far-reaching consequences in case of a breach.
The most common factors that contribute to hospitality business hacking and data breaches include the following:
#1 The Number of People Involved
It is the nature of the hospitality industry that makes hospitality businesses such targets – there are so many customers and staff involved that hackers easily benefit from those numbers. Sooner or later, somebody will make a mistake and click on a malicious link delivered into their inbox from a spoofed email address, and that one click is often enough to get access to everything.
Once inside, hackers will easily find employee credentials to get access to sensitive information, such as customer names, emails, addresses, current residence, credit card information, loyalty programs and points, and more, and use all that information for monetary gain or to sell it on the dark web.
Another big issue that contributes to the high vulnerability of the hospitality sector is the current hospitality retention rates. Retention rate in the hospitality industry is quite low in comparison to averages or other industries. In the UK, the annual staff retention level is just over 70%, which is concerning since the average retention is usually around 85%. Not only are staff usually less interested in the long-term protection of the business, but frequent changes of users and passwords often leads to bad practices like sharing or logging in for each other.
#2 Unsecured Networks Result in Hospitality Business Hacking
One of the easiest ways hackers are able to access guest and employee data is through Wi-Fi networks that are poorly secured and unsecured. While it’s hard to make sure a Wi-Fi network is 100% secure against attacks, hospitality businesses can do a lot to minimise the risk.
First of all, a network should never be unsecured. While it might seem like a great perk – use your network easily without having to ask for a passcode – this also means that anyone can access it, hackers included. The passcode should always be complex to avoid hackers simply guessing it. Businesses should avoid setting up “12345” or the business name as the passcode.
In addition to the right encryption settings for all the networks, it’s important to separate them too. Guests should always have a separate network for all their devices. Sharing the same network for business devices and guest devices is a recipe for disaster. Some of your guests may not be as innocent as they appear. They may be accessing your internal systems and data whilst also enjoying your coffee.
#3 Lack of Understanding
Another fault of many businesses in the hospitality industry is their lack of understanding of cybersecurity. Hotels are now interconnected digital systems that compete for customers by introducing new digital experiences. As such complex systems, they have a large number of endpoints – like the above-mentioned Wi-Fi networks, but also HVAC systems, Points of Sale (PoS), electronic door locks, smart devices – through which customer data is accessed and stored.
It’s true that they do adopt new technology and software to streamline their operations. But their outdated security measures don’t cover new security threats. You see, each of the endpoints used can also be an entry point for hackers to steal data. Sometimes, it’s enough to delay updating your PoS system for hackers to get a successful entry.
Because hospitality businesses deal with such a large amount of sensitive data daily, it’s of utmost importance that they also understand the risks that come with the benefits of new software and tech solutions.
#4 Cybersecurity Isn’t Their Focus
Most hospitality businesses will agree that customer satisfaction and the overall experience with their brand is what matters most. The competition is fierce, and it’s very easy to lose customers. In their battle to retain customers, they will often prioritise to spend their money on user experience. As a result, they streamline all their internal operations towards this goal.
Providing a seamless experience in every single one of their locations require interconnection of all hotels from the same chain. For this reason, they are able to easily share their data on customers between locations. This way, the customer’s preferences when it comes to rooms and suites and other data that help make them feel welcome is accessible at any time, no matter which of their hotels the customer walks into. Such data sharing happens within the hotel chain national network, which all hotels have access to.
This interconnectedness can have far-reaching consequences – just one breach into a single hotel from the whole chain is enough for hackers to quickly gain access to their whole system and steal information from central data points.
#5 Lack of Education Lead to Hospitality Business Hacking
With a lack of understanding of why security systems are crucial for all the digital systems in the hospitality industry, cybersecurity is often put into the back seat. This, in turn, results in a severe lack of education for staff members and partners.
If employees working in hospitality do not know how to spot risks, the chances of hospitality business hacking skyrocket. Not all employees are tech-savvy or IT professionals. Some of them don’t know how to spot a phishing attempt. However, with the right training, you can greatly reduce the chances of being hacked.
The best approach here would be to have cybersecurity staff that will take proactive measures to keep all systems secure. Therefore, it’s not a bad idea to appoint a Chief Information Security Officer (CISO) who would oversee all security-related operations. The CISO ‘s responsibility includes setting up a plan in case a breach happens.
The Right Measures Help Detect a Breach Quickly
The hospitality industry will remain a high-risk target for cyber attacks, and there will always be a risk. However, taking the right countermeasures will minimise hospitality business hacking. This ensures that if a breach does happen, there are rules in place that will help detect it quickly. Consequently, businesses take the right course of action.
As businesses are undergoing digital transformations, IT is becoming a critical part of their business success. With consumers expecting hospitality to match the digital era with new customer experiences, it’s often one of the things that are left behind!
So whilst basic IT knowledge goes a long way in hospitality, having a dedicated IT expert is still the best solution. Most business owners are now faced with a critical decision: to choose between an IT managed service provider vs in-house IT team. How are they different? Which one is better? How safe is it to let someone else take care of your IT needs?
The choice between an IT managed service provider vs in-house IT teamoften boils down to the size of the company and its specific needs. Here’s a rundown of the pros and cons of each option.
In-House IT Team: Pros and Cons
In-house IT staff usually handle day-to-day IT operations and requirements. Startups and small and medium businesses will often start with a single IT expert who will handle their IT needs. As they grow, however, they will also need more than one IT expert to keep track of everything.
It’s not that in-house teams are without benefits:
They will have intimate knowledge of your operations and know your infrastructure in and out.
They can be immediately available when you need them.
On the other hand, having a full in-house IT team is often limited to large enterprises only. A full IT team when you’re a small or middle-sized business is just not possible financially. Not only would they eat up resources but you need a place to put them day-to-day too!
The cons of in-house teams seem to be more prevalent when it comes to IT requirements of most hospitality businesses:
The costs run high: They will be your full-time employees, meaning you will have to cover their salaries, benefits, training, NI, and other expenses.
The emergencies increase costs even more: The cost of intervention often goes up considerably in case of emergencies that happen overnight, and you have to pay overtime.
Team members are not bound to your company: If they decide to leave for what they think is a better opportunity, they are free to do so. When they leave, they will take all their expertise with them and you’re stuck with tech you don’t know how to run, unless you employ a team – which is even more expensive!
In-house teams can rarely keep up with all the latest IT developments or industry trends, meaning that parts of your IT infrastructure will inadvertently become outdated. It’s their job to keep things running, not constantly innovate!
Often limited to reactive interventions instead of proactive IT strategy development.
Is an IT managed service provider better than in-house IT teams? Let’s see what they can offer.
IT Managed Service Providers: Pros and Cons
Business owners are often wondering how is an IT managed service provider better than in-house IT teams.It seems logical that hiring a third-party provider to take care of your IT needs would be less efficient.
But this is a common misconception.
Managed service providers actually improve efficiency. They deliver higher quality services because IT is their speciality; it’s all they do. They are experts who continuously improve their knowledge by following the latest developments.
When a business hires an IT managed service provider, they will reap the following benefits:
Paying a lower price for hiring them than you would for keeping an in-house team. Their services are available for a flat monthly rate, which makes budgeting for IT super easy. You benefit from economies of scale here, because ultimately, you won’t be the service provider’s only client – but that means they are more affordable!
They are available around the clock and can monitor your systems at all times.
Your operations will rarely be disrupted: Managed service providers have service level agreements (SLAs) that are legally binding. They guarantee to provide the highest possible uptime and service quality. It also means that should you move to someone else, they should provide you with all the procedures and documentation necessary to ‘hand-over’ your day-to-day.
Managed service providers also have access to the latest technological solutions, software, and industry contact. This means that all your IT needs will be up to date as soon as there’s one available.
Of course, there are also some disadvantages of managed service providers:
Finding the right fit for your business needs takes time. Sometimes, trial and error is the only option to find a managed service provider who has everything you need.
Sometimes, service packages can be arranged in such a way that you might need to pay for some services you don’t really need. Still, many managed service providers will happily let you make a fully custom package.
The biggest concern is their on-site availability. Your MSP should always be able to provide some level of physicality! Particularly for 1st line support which often involves users directly.
IT Managed Service Provider vs In-House IT Team: Who Wins?
Is an IT managed service provider better than in-house IT teams?Our verdict is a big fat YES because they can offer everything an in-house IT team does, and more! Ultimately, you pay for a ‘service’ rather than a person when it comes to an IT managed service provider and therefore you know you’re always covered!
Comparing an IT managed service provider to an in-house IT teamshows that you will ultimately save more money by opting for a managed service provider.
Having up-to-date software is also a crucial point – it ensures you are well protected against cybersecurity threats and attacks that are becoming more elaborate over time. Your IT managed service provider will make sure all your security definitions are up to date, that they never expire, and that your business and customer data is secure.
IT managed service providers free up the time you would otherwise spend on the challenging tasks related to your IT. They are not just your IT support, they are the technological catalyst for your business. Working with you to develop the right strategies to acheiveyour your long-term goals.
You’ve probably been in a situation where you desperately need an internet connection for your devices while you’re out and about. Most public places offer free internet. Public Wi-Fi, however, is risky business, and it’s best to avoid it.
The Risk of Public Wi-Fi
Coffee shops, airports, hotels, and restaurants offer their Wi-Fi without a second thought, but most lack proper security measures. Those networks are often the prime spots for hackers to execute their attacks and get access to sensitive information or spread malware. One of the most concerning ways they do this is with a device called Wi-Fi Pineapple.
Primarily, Wi-Fi Pineapple is used by companies specialised for penetration testing networks of various businesses. Even though the original use of the device is to audit wireless networks and test for vulnerabilities, hackers realised they could use it too.
How Hackers Use Wi-Fi Pineapple
Because Pineapple is so cheap (the whole kit costs about $100/£75), hackers use it to get access to sensitive information or spread malware.
They set it up as a fake Wi-Fi hotspot (known as a rogue access point –rogue AP), which enables them to do an attack called “Man-in-the-Middle” (MitM).
They fake a network SSID (name) that sounds reputable, like a hotel name, by changing one letter in the name, and then wait for unsuspecting users to connect their devices.
Once connected, they will intercept all communication between devices and the web.
Another way they can get your device to connect automatically is to spoof the SSIDs saved by your device.
When you have Wi-Fi on, your device will actively scan the surrounding for networks that you have saved and enabled auto-connect.
Your device does this by actually broadcasting the SSID of all saved networks.
Wi-Fi Pineapple can read those broadcasts, rename its SSID to match one of your saved networks, and your device will automatically connect to it.
It’s always better to tether your internet connection from your phone to avoid those risks.
Advantages and Disadvantages of Tethering Your Internet
Tethering is easy to set up –basically, you use your phone’s data plan to get an internet connection. It can be done via Wi-Fi, Bluetooth, or USB.
Advantages of Tethering
Safer than using public Wi-Fi
Your personal hotspot; nobody else can use it
Safe to browse all sites and log in to sensitive websites too (like a bank account)
Disadvantages of Tethering
Some carriers block this option, and you might have to pay extra fees to use it.
Can drain the phone battery quickly if the phone is not connected to a power source.
Can use up your data plan if your connected devices are not set up to treat the connection as a metered one.
Even so, battery drain or a small one-time fee is acceptable when compared to the risk of losing your personal information or business accounts because you used public Wi-Fi.
How to Tether Your Phone
For Wi-Fi tethering, you should go to:
Settings > Wireless & Networks > Portable (Wi-Fi) Hotspot > Set Up Wi-Fi Hotspot.
Enter SSID (name) of the Hotspot.
Choose a security option – always go for WPA2 PSK (safest encryption).
Set up Password.
(Optional) Choose an AP Band – 2.4 GHz is the default, but you can go for 5GHz too if your devices support it.
Turn on HotSpot, find it with your device, and connect to it.
For USB tethering, you should:
Connect the phone to your device via USB.
Go to Settings > Wireless & Networks > More… > USB Tethering and activate it.
Go to Settings > Cellular or Settings > Personal Hotspot.
Turn on Hotspot using a slider.
You can choose to connect your devices via Wi-Fi, Bluetooth, or USB.
For Wi-Fi, you will have to set up Wi-Fi Password first (under Personal Hotspot).
Bluetooth connection only works with Macs, PCs, and third-party devices;to connect other iOS devices, you need to use Wi-Fi.
For USB, you will need the latest iTunes on the device you want to connect.
Keeping your personal and business data safe wherever you might be should always be your primary concern. Particularly in this day and age.
Even though public Wi-Fi networks are convenient, you are at high risk every single time you connect to them, even if it’s just for a few minutes. Tethering your internet is simple, convenient, and gives you your very own personal and secure hotspot.
Email accounts are used as the most common point of entry by hackers to get access to networks and either disrupt services, steal information, or spread malevolent software to more accounts. But, if you improve your email security, you can prevent this!
So, What Is Email Security?
Put simply, email security is a term that encompasses all the measures taken to secure access to an email account and contents of all emails of that account.
15 Ways to Improve Your Email Security
Email accounts are fairly easy to hack, simply because of the sheer number of email accounts there are. With everybody having at least one account, a simple error like clicking an infected link is often enough for them to gain access.
Coupled with a lack of knowledge, some people are easy targets, and can be the weak link for businesses or home offices to get a malware infection or lead to a security breach.
This is why it’s important to be up to date with email security measures and be able to spot hacking attempts.
Here are some of the ways you can improve your email security and help keep your personal and business data safe.
1. Use Strong Passwords
Weak passwords are one of the simplest ways to get access to an email account.
Often, people use simple passwords out of convenience, but this makes them more vulnerable. Most services won’t even let you have generic or weak passwords anymore and demand that passwords have at least eight characters, must include upper- and lowercase letters, at least one number, and one special character.
Our tips for strong passwords include:
Avoid using meaningful passwords – like the name of your spouse, children, or pets, birthdates, and similar. It’s best to use everyday items that don’t have much meaning. For example, look around your room or office and pick an item or two, then use them to make a password.
Change your password every 3-6 months. Set a reminder on your phone or work calendar to do so.
Avoid leaving all of your accounts logged in on multiple devices ALL of the time.
Don’t write your password down and stick it to your desktop screen! (it happens more often than you think!)
Think it’s hard to steal your password? Read this:
2. Use Two-Factor Authentication (2FA)
This puts an extra layer of security in addition to a username and password. It makes it harder for attackers to gain access. With 2FA, the user, after putting in their username and password, also has to input additional information, such as an additional PIN or password, or a security token.
3. Avoid Logging In to Free Wi-Fi and then Signing into an Email
While free Wi-Fi sounds great in theory, in practice, it’s chock-full of hazards. Using public Wi-Fi puts you at risk of being hacked, as hackers might be using the same network to gain access to other devices – if you log in to your email account, they can easily get access immediately.
If you truly need internet access out in the public, it’s best to use your phone and tether a connection instead (just make sure you use encryption while doing so).
4. Use Professional/Paid Services and Avoid the Free Ones
While free email services are convenient (for example, Gmail), they don’t have all the features you might if you’re a business. Always opt for professional and paid services (for example, G-Suite email services) as they have priority support and better security features.
5. Educate Yourself
One of the best ways to stay secure is to be aware of all the risks and ways hackers might try to get access to your email. It’s extremely important for businesses to train their staff as well, to minimise the risk of someone accidentally clicking an infected link.
6. Use Anti-Virus That Includes an Email Scanner
Anti-virus software will scan your device for malevolent activity, but it’s not a bad idea to get AV software that also includes an email scanner. Such scanners will actively scan all links and email attachments and alert you about infected items.
7. Don’t Click Links from Emails and Don’t Log In on Email Pop-Ups
If you are unsure about a link from an email, never click on it. The link might lead to a site that downloads and installs malevolent software to your device. Any pop-up window that requires you to log in to your email is likely a scam too. Always log in through the actual service.
8. Check the Original Sender
If you receive an email that seems to be a bit off, always check the sender. Often, the sender name will be spoofed to make you believe they are someone else. You can do so by hovering over the “From” to see the actual email address and not the name of the sender.
9. Help Your Provider
Every time you mark an email as spam or junk and report them, you help your provider filter the emails better in the future. This way, harmful emails will never even manage to reach the inbox.
10. Be Careful Signing Up for Things.
Using the same email for all the services – from those you use regularly to some obscure mailing lists, is always a bad idea. Always have a “throwaway” or temporary email address for services or websites where you only need one-time access.
11. Check Who Has Your Email
Never share your email on just any websites or public places. Also, avoid posting to public forums with your main email address to make sure it’s not collected and ends up on spam lists.
12. Protect Sent Emails
Use encryption services to protect all sent email. Some services even make it possible to see the email only if the recipient has an authentication code, and you can redact access at any time you see fit. We use Microsoft’s Azure Information Protection and recommend it to our clients for automatic email and file encryption.
13. Be Careful What You Share Online
Avoid sharing personal information that could give hackers an idea on what you are using as a password! And I’ll say it again, don’t use obvious personal information as your password!
14. Run Regular Backups
With so many ransomware attacks happening lately, make sure your data is backed up regularly, just in case!
15. Be Careful About Apps
Avoid installing apps from third-party sites on your computer, browser, or phone. They are often infected with malware. Instead, only download from trusted sources, and always regularly update them.
These are all ways to improve your email security, whether you’re a personal user, have a business account, or are looking for organisational email security! Just remember, the more measures implemented, the higher the security of an email account.
Summary: With Microsoft Threat Protection (MTP), Microsoft has announced big changes coming to their security apps. Focusing on bringing a unified solution that correlates data across their cybersecurity services, they want to offer an end-to-end security solution that will help users stay one step ahead of sophisticated cyber attacks.
With the global cyber security landscape becoming more diverse, it is becoming increasingly difficult to stay protected against cyber security threats. The cyberspace is a new battlefield, and businesses should always assume that someone is attempting to hack into their systems and exploit their environments.
Microsoft Threat Protection (MTP) Is the Answer to New Cybersecurity Threats
Microsoft Threat Protection (MTP) is the most exciting update of the Microsoft Ignite 2018 that was held from September 24 to September 28, 2018, in Orlando, Florida. The Ignite Panel on Microsoft Threat Protection explained a large portion of the changes coming to their cyber security services.
What Is Microsoft Threat Protection (MTP)?
Microsoft Threat Protection is Microsoft’s latest response to the increasing complexity of the digital estate and security issues that come with it.
Anything connected to the internet can be attacked. This not only includes laptops, tablets, phones, but also IoT devices such as smart meters, smart watches, and others – all of them are possible vectors of attack. The endpoints in the environment that are a target of cybercriminals are not just computers or phones, but complex systems like smart cities, sensors, smart cars, and smart energy grids.
These are coordinated and intelligent attacks, and it’s been an ongoing game of cat and mouse, where cybercriminals land a blow, the security experts respond, then cybercriminals find new exploits, and so on.
Microsoft Threat Protection aims to break this cycle and ensure to stay one step ahead by using the power of cloud computing, automated responses, and scaling capabilities to secure everything.
Why Did Microsoft Decide to Develop MTP as an End-to-End Security Solution?
The digital environment is more diverse than ever before, and Microsoft Threat Protection aims to offer a solution that protects enterprises and their digital environment against a growing number of sophisticated cyber attacks.
Once a cybercriminal gets access to any device within a system, they also get access to everything that the device has access to, searching for additional logins on the affected device to move across your whole environment.
Microsoft Intelligent Security Graph
The Microsoft Intelligent Security Graph is the foundation of all the security services included in Microsoft Threat Protection. It gives insight into various attack vectors and shows how many security threat signals are coming in daily from consumers and corporations – 6.5 trillion signals a day. Those signals are gathered from users, corporations, and Microsoft services.
The graph shows just how many signals are detected in various areas, such as Outlook, where over 400 billion emails are analyzed, or from 1.2 billion devices that are scanned each month, where over 5 billion threats are detected in that time.
Every single security alert and signal that is received is part of a larger attack, and it’s difficult (and very expensive) to correlate all signals across all devices. The Microsoft Intelligent Security Graph requires analysis by more than four thousand in-house security specialists, with over $1 billion invested each year into cyber security.
It is virtually impossible for most enterprises to have access to such security skills and budget to correlate all threats to their digital estate. Microsoft, therefore, offers enterprises the ability to use Microsoft’s vast cloud computing capabilities and insights by choosing MTP as their ultimate cyber security solution for all digital devices and assets you have in their environment.
How Microsoft Security Solutions Used to Work…
Before this, Microsoft’s threat protection was divided between their various services, which meant that cyber attacks could happen outside of those areas, in the gaps that were not covered by a specific service.
By bringing all these services closer together and having multiple apps address the different aspects, those gaps are covered and the risk of a breach is lowered.
What Services Does Microsoft Threat Protection Include?
Microsoft Threat Protection isn’t a single app that covers all cyber security needs. It’s a group of services that work together to ensure all attack vectors are suitably covered from multiple angles.
The Services included in MTP are as follows:
Azure Active Directory – This covers identity and access management.
Azure Advanced Threat Protection (ATP) – This covers detection of advanced attacks across the digital environment.
Microsoft Cloud App Security – This is a Cloud Access Security Broker (CASB) that covers data protection in the cloud environment.
Microsoft Intune – A part of Microsoft Enterprise Mobility and Security, Intune is a cloud-based service that helps you manage mobile devices, apps, and the way workforce accesses and shares company information.
Windows 10 – These are updates to existing security services like the Windows Defender.
Azure Security Center – This is a unified security management system that protects hybrid workloads running in Azure and other environments.
Windows Defender Advanced Threat Protection – Windows Defender is getting new capabilities that include post-breach detection, investigation options, and response.
Office Advanced Threat Protection – This covers malicious attacks found in emails, collaboration tools, and links.
Office Threat Intelligence – These are threat protection capabilities across all Office apps.
Windows Server Linux – This covers Linux based servers.
Exchange Online Protection – This covers email filtering, spam and malware protection, as well as protection against messaging policy violations.
SQL Server – A protection through advanced machine learning.
Those services work in tandem to secure the five pillars of cyber security. This gives them greater coverage of possible attack vectors and in case one service doesn’t address a specific vector, the other will. These are the five pillars:
Identities – This pillar includes vectors such as users and admins and is protected by the following services: Azure Active Directory, Azure Advanced Threat Protection, and MS Cloud App Security.
Endpoints – This includes all types of devices and sensors that could be possible vectors for a breach. It’s protected by Microsoft Intune, Windows 10, Windows Defender ATP services.
User Data – All email messages and documents are protected by Microsoft Cloud App Security, Windows Defender ATP, Office 365 ATM, Office Threat Intelligence, and Exchange Online Protection.
Cloud Apps – All data stores and SaaS solutions/apps are covered by MS Cloud App Security, Office 365 ATP and Exchange Online Services.
Infrastructure – All enterprise servers, virtual machines, networks, and databases are protected by Windows Server Linux, SQL Server, and Azure Security Center.
How Do Enterprises Use and Benefit from MTP
A good example of how enterprises benefit from MTP is Telit, who has over twenty years of experience in IoT and offers end-to-end IoT solutions. They use Microsoft’s services to protect everything: from IoT Products, over Services, IoT consulting, and building systems for enterprises.
They realized quickly that by having a unified system, they can address any security issues more efficiently and save a lot of money when compared to using different providers for each aspect of their business.
Your enterprise will benefit because instead of using the top services for each category, the MTP unified system can secure all of the following, and more:
Mail protection and encryption
Mobile device management
Securing data and apps
Data classification and governance
Data loss prevention
Identity protection and privacy
Microsoft Threat Protection addresses the following cybersecurity pain points and helps enterprises by offering the following:
Integration – All security products should aim to be closer together and better integrated. This improves response and automation and closes gaps is security where attackers often operate.
Intelligence– The power of the cloud can improve security across all apps.
For example, businesses can have an overview of each user activity and get alerts on unusual activity or devices for each of their accounts or identities.
MS combines machine learning to detect deviations from usual patterns in user/ID/machine behaviour and activity.
Automation – The focus is placed on incidents that are most important, not all of them. This saves time on mundane and routine tasks through automated actions for each type of attack.
Alerts are correlated across machines and network to figure out how it happened and whether it’s part of a larger incident.
The incident takes X number of alerts and groups them together, shows the timeline of all alerts, and shows affected machines, emails, users what investigations and actions were taken.
By combining services to correlate alerts, better detection and response is achieved, and it’s easier to secure all the attack areas, strengthening the overall security.
A User-Centric Approach – Solutions are geared toward how users work.
For example, in emails, you will be able to display the underlying URL instead of the text part to immediately see if the link was spoofed. This offers security against threats targeting users (phishing etc) while not undermining the user experience.
Ecosystem–Intelligent Security Association – Instead of trying to cover every security aspect on their own, Microsoft is working with over thirty leading security tech providers to expand security coverage.
The Purpose of MTP
Microsoft wants to take a more active part in the realm of cyber security, and their threat protection gives them an important role of a cloud security provider. With their Intelligent Security Graph analysis, their Microsoft Threat Protection combines integration, intelligence, and correlation, and gives enterprises access to their computing power and scale.
Ideally, MTP will offer the following:
Protection Against All Attack Vectors – The optimal solution is to stop all attacks, but since this is impossible, it should stop as much as possible from breaching the system.
QUICK Detections When a Breach Occurs – Since some attacks will sneak by, it is crucial that they are detected as soon as possible.
Response and Remediations – Once a breach is detected, adequate action should be taken. Here, automation options help take care of smaller threats by automatically remediating them, while larger threats will be brought to attention and the system will await input on what to do with them.
While MTP will make it easier to protect every aspect of your digital estate, user education and training are important too. Here, MTP wants to help businesses teach their employees about security risks, what they have to understand, and why they might be targets.
Ultimately, Microsoft Threat Protection should reduce complexity, time, and lower costs on incidents by offering an end-to-end security solution that also works with external security providers to truly extend their cyber security reach where it matters.
Whether you’ve had a data incident in the past and you need to write your report ASAP or you’re being proactive about the future, our Data Breach Report Blueprint has everything you need to write a comprehensive report, and more importantly, understand how to analyze the data breach from a business perspective and stop it happening again.
Whether you’ve had a data incident in the past and you need to write your report ASAP or you’re being proactive about the future, our Data Breach Report Blueprint has everything you need to write a comprehensive report, and more importantly, understand how to analyze the data breach from a business perspective and stop it happening again.
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.