With the summer weather arriving and beaches opening for Memorial Day weekend, many people will be tempted to pack up the family and take a weekend trip. While most of us are aware of the basic safety guidelines that need to be maintained in public, there is another aspect of your life that you need to keep safe: your computer.

Just because restrictions are relaxing in some areas doesn’t mean cybercrime is taking a vacation as well. And while you might want to bring your laptop or other devices with you on vacation, there are some key safety tips that you can follow to maintain a secure network and a worry-free vacation.

 

 

KeyCyber Safety Tips for Vacation

1. ENABLE A PASSWORD OR PIN LOCK ON EVERY DEVICE YOU HAVE BEFORE LEAVING.

This one might seem obvious because most of us have some kind of security on our cell phones, tablets, or other smart devices. But many people don’t use that same level of security on their computers, which can lead to pretty negative consequences, especially if you happen to accidentally leave your computer in a public space or unattended in a hotel room. The best way to ensure that you are keeping your computer secure is the enable a password every time you start or reboot your computer, as well as a password every time you wake your computer. You should also decrease the amount of time that your computer sleeps before requiring a password. If you have it set currently to require a password after being asleep for 15 or 30 minutes, consider lowering that to 5 minutes. It might be a little inconvenient but that’s better than leaving all of your data out there for thieves and hackers to access.

2. TURN OFF YOUR BLUETOOTH CONNECTIVITY ON ALL DEVICES.

It’s easy to forget that you have Bluetooth turned on, especially when you’re working from home and you have a headset or headphones on all day. But sitting at home is not the same as sitting in a hotel lobby or bar. Hackers can easily access your sensitive data through your Bluetooth connection without you even knowing. Depending on the strength of your Bluetooth signal, it could even be someone in the next room that is able to access it. Bluetooth offers a lot of convenience and the thought of turning it off can seem unnecessary, but it’s better to take these measures before something catastrophic happens.

3. DO NOT CONNECT TO UNSECURED WI-FI NETWORKS.

Everywhere we look, there are advertisements for free Wi-Fi and high-speed internet access in coffee houses, restaurants, and bars. But before you connect to one of these free networks, keep in mind that, without being password-protected, you are opening up your computer or smart device to everyone else who is on that network. You don’t know who else is sharing this connection with you, and you need to make sure that you take precautions and only log on to password-protected networks, like the kind offered at most hotels.

4. USE A VPN AT ALL TIME, EVEN ON A SECURED NETWORK, AND MAKE SURE YOU’RE ONLY ACCESSING SECURE SITES.

Using a VPN when on vacation or on an unfamiliar network is key to maintaining the security of your data. A VPN will make sure that whatever network you are on, your personal data is secure and encrypted, and not accessible to cyber criminals. This is especially helpful if you find yourself accessing sites that are not secured. If a URL starts with https, then you know that the page you’re on is most likely secure and legitimate. But many hackers will set up sites that can look very similar to the site you’re looking for, but the URL will start with http. These sites can look very similar to the site you’re trying to access, such as your bank or email, and they can trick you into revealing login credentials and other personal information. They can even quietly install malware on to your computer without you knowing. The best practice here is to ensure that you always have an extra level of security when you’re on vacation.

5. KEEP AN EYE ON YOUR FINANCIAL ACCOUNTS REGULARLY.

There’s nothing worse than going on a fabulous vacation, only to come home and realize that someone has hacked your bank account or credit cards and stolen money from you. It can take years to recover from identity theft, so the best way to ensure that your finances are secure is to check them regularly. You should ONLY be logging into your bank and credit card accounts through a password-protected network while logged into your VPN, but once you’re in your accounts, just take a quick look to make sure nothing looks suspicious. Most people assume that hackers will take a huge amount of money at once, but it is just as common to have smaller and less noticeable amounts taken regularly. And if you do see any suspicious activity, contact your bank or credit card company immediately to report the activity and protect your account.

6. LOCK UP YOUR DEVICES – LITERALLY.

You’ve enabled all of your passcodes and PINs, you’ve secured your internet connection, and you’ve followed all the guidelines for keeping everything on your devices safe and secure. But what about the devices themselves? If you’re going to be out of your hotel room for a prolonged period of time, utilize the safe in your room and store those devices until you get back. It offers you the added protection of knowing that your devices are secure and allows you to disconnect and really enjoy being on vacation.

7. RESIST THE URGE TO POST YOUR VACATION HIGHLIGHTS ON SOCIAL MEDIA UNTIL YOU RETURN.

Whenever you’re on vacation, you’ll inevitably take pictures and videos of all the fun you’re having, and then you’ll want to share that with your friends and family on Facebook, Instagram, Twitter, and other social media platforms. However, in doing so, you are creating a timeline and a schedule that someone can see who doesn’t care as much about your pictures as they do about the fact that you are out of town and your home is empty and vulnerable. While you may have a security system installed, or someone housesitting for you, that isn’t going to stop a criminal from breaking in and stealing your valuables. If you really want to share your pictures, you can always securely email them to family and friends or post them all when you return home safely so everyone can enjoy them then.

8. FINALLY, ENJOY YOUR VACATION!

To say that 2020 had a rough start is an understatement. Although cities and states are reopening differently, if you are able to take a vacation, even if it’s just a day trip to the local beach or an overnight trip to a favorite vacation spot, don’t let the stress of cybersecurity keep you from enjoying yourself. With summer on the way, there’s plenty of opportunity for fun in the sun, and it’s safe to say we all deserve to enjoy ourselves.

Here’s hoping you’re staying healthy, happy, and safe this summer!

Credential stuffing might not be a phrase you’re very familiar with, but it is becoming one of the most common ways that hackers can take over your personal accounts. The ideology behind credential stuffing is that most people use the same login information on multiple sites, so if a hacker can obtain your username and password for one site, they can try to use it to access your other accounts. Since between 0.1%-0.2% of login credentials are used on multiple sites, this is a relatively successful cyberattack.

How Does Credential Stuffing Work?

The way credential stuffing works is relatively simple. Hackers gain access to username/password combinations via a website breach or password dump site. They set up a bot that is able to simultaneously log into multiple accounts while faking different IP addresses. Then the hacker uses this bot to test this login information on several sites, including social media, online shopping, email accounts, even banking or credit card sites.

Once they gain access, they’re able to take control of the account and all of the information stored inside. They can steal stored credit card information, sensitive personal information, and other confidential information. In addition, the hacker can use the account to send emails or create transactions, which can cause significant damage to your personal and financial security.

So how can you avoid falling victim to this? Here are some key tips:

• Avoid using the same username/password combination on multiple sites. While it might seem inconvenient to have to remember a different password for every site, it’s essential for your security. Additionally, there are tools such as LastPass that will securely store your passwords for you, and even automatically fill them in when you go to login to your accounts.
• Make your passwords as complex as possible. Utilizing a combination of upper and lowercase letters, numbers, and symbols make it harder to guess. Also, make sure your password is as long as possible, and doesn’t include words like the name of your pet or spouse as this is easy information to guess.
• Whenever possible, enable multi-factor authentication, or MFA. This will give you an extra layer of protection when logging into your accounts by requiring you to verify that you’re the one logging in. This is usually done with a verification code via text or email, or by requiring you to answer previously established security questions.
• Change your passwords on a regular basis so even if your username and password become available to hackers, they won’t be able to use them to access your accounts.

Cybercrime is an ever-evolving industry, and hackers will always be looking for new and better ways to steal your personal data and sensitive information. By staying vigilant and implementing these tips, you can be confident that your accounts and data are protected. And if you have any questions about how you can improve your cybersecurity infrastructure, contact the experts at TAG Solutions and learn how we can keep your network and data safe and secure.

One of the most important assets in every business are the employees, but they can also be the weakest link in your cybersecurityframework. One wrong click in a malicious email can unleash malware into your entire network and compromise all of your sensitive data and confidential files. However, there is a way to ensure that your employees are capable of contributing to the safety and security of your business, and that is through user awareness training.

User awareness training is comprised of two essential components: educating your employees about cybersecurity threats and how to recognize and avoid them; and developing a comprehensive cybersecurity policy and regularly updating it. The first component, educating your workforce, is critical because they are the ones who can be the weakest link in the chain.

Cybersecurity is Everyone's Responsibility

Cybercriminals are clever, and they will do whatever they can to gain access to your data and exploit your network. Cybersecurity is the responsibility of every single person in your organization, and even the tiniest mistakes can have devastating results. So staying up to date on the threats that exist, regularly educating your employees, and even utilizing software to test your employees’ cybersecurity awareness is crucial for maintaining the integrity of your network and data.

In addition to educating your employees, you also need to develop a detailed cybersecurity policy to outlines all of your cybersecurity measures and best practices that employees must follow, and make sure they review that policy on an annual basis.

This policy should cover everything from acceptable use of company equipment; to password requirements; to what kind of firewall and antivirus protections need to be in place and how often they need to be updated. The difference between the policy and training is that the policy tends to be more formal and incredibly detailed, where the training needs to be more engaging and digestible for your employees to truly retain what they need to know.

User awareness training is something that every business needs but not every business actually does. One cybersecurity incident can cost hundreds of thousands of dollars, and can lead to loss of customers, loss of revenue, and even the permanent closure of your business. Don’t take any risks with your company – contact TAG Solutions today to learn how we can help educate your employees and establish a cybersecurity plan that ensures the safety and security of your network.

When evaluating an MSP, one of the biggest considerations needs to be whether or not they are equipped to keep your data and network safe and secure. One of the many ways to do this is to see what kind of security certifications they have. SOC-2 compliance is one of the most important certifications that any IT provider can have. It was developed by the AICPA (American Institute of CPAs), and when an MSP achieves this certification, it demonstrates their commitment to ensuring the safety and integrity of your business and network.

 

Trust Service Principles

There are 5 main “trust service principles” that make up SOC-2: security, availability, processing integrity, confidentiality, and privacy. Let’s delve into each of them in more detail:

Security

The security principle controls who has access to your data and your network, and helps to maintain the integrity of those. Often this principle employs access controls, which allows your business to customize who can access different files and sensitive data based on their user role and job level. Additionally, this principle will utilize antivirus software, firewalls, and multi-factor authentication, or MFA, to ensure that there is no unauthorized access into your system.

Availability

This refers to the accessibility of your business’s systems, processes, and software, specifically as stated in your SLA (service-level agreement). Essentially, this stipulates the minimum acceptable accessibility that both your business and your MSP have agreed upon. One of the keys to this principle is that it monitors your network for any kind of security-related incidents that may affect accessibility. This includes monitoring network performance, site failover, and any security incidents that would affect your ability to access your essential business processes.

Processing integrity

This principle is essentially measuring whether your network is doing what it should be doing. It needs to be delivering the data you need at the speed you need it. It makes sure that data processing is complete, valid, accurate, timely, and authorized. It is important to note that this principle refers to the integrity of how your data is processed, not the integrity of the data itself. If the data is corrupted, this will not be part of the processing integrity principle. So maintaining quality assurance measures, as well as monitoring the data processing itself, is still a critical part of your business.

Confidentiality

This principle is relatively straightforward: confidentiality ensures that your data is secured from people who are not authorized to access it, and that it is encrypted and only available to those who need access to it and other trusted entities. This can be achieved through the use of a variety of security controls, such as firewalls for both the network and applications, MFA, and other rigorous security measures. This is the best way to make sure that your data stays out of the wrong hands and that your sensitive data and company information is not compromised in any way.

Privacy

This principle is essential for every business, especially those who store sensitive customer data and privileged information. It covers the collection retention, use, disclosure, and disposal of this data. Often this is outlined in a company’s privacy policy. This data typically includes personal identifiable information (PII) such as names, contact information, email addresses, and even more sensitive data such as social security numbers, bank account information, and credit card data. Many businesses must comply with certain security measures to ensure that this data does not fall into the wrong hands, and if it does, the consequences can be catastrophic. In addition to being subject to fines and possible litigation, your business could lose customers, revenue, and deal with irreparable damage to your reputation.

Maintaining these 5 principles can be difficult and overwhelming for a business to maintain on its own. By hiring an MSP or IT provider who is SOC-2 certified, you can rest assured that your business is in the right hands and that the IT professionals you’re working with know how to keep everything safe and secure so you can focus on the other aspects of your business. TAG Solutions is proud to be SOC-2 certified, and this allows us to provide the highest level of service to our customers. To learn more about what we can do for your business and how our SOC-2 certification sets us apart from the competition, contact us today!