Are Your Applications Vulnerable to Data Breaches?

With all this talk about how vulnerable small businesses and individuals are to hacking, it can seem like the applications we use every day are an afterthought in the battle against malware. Application security is one of the most important kinds of cybersecurity because  web applications (and mobile applications) work with staggering amounts of sensitive customer data.

How an application developer handles security can be a defining moment for the success of the application. Ignoring application security can carry ethical, legal and financial consequences. Actively addressing security isn’t just the right thing to do; it’s also a fantastic move in terms of public relations and customer experience.

The Frequency of Application Security Failures

The security failures of application developers are well simple, but so routine that they’re difficult to correct. In 2016, an estimated 72% of applications had at least one major encapsulation error. Security issues were most prevalent in mobile applications; 95% of recently tested mobile apps had some kind of security issue, and 80% exhibited critical or high-risk vulnerabilities.

The good news is that 45% of organizations plan on scaling up their application security spending in the next 12 months. It’s likely that stagnant security budgets are a contributing factor to the lack of progress in application security in recent years.

How Developers Are Addressing Security

Many application developers are catching on to the increasing importance of applications security and reacting accordingly. Some are focusing on combating malicious practices that cause downtime. Netflix is one recent example. By rerouting user traffic to servers in other regions, Netflix has been able to devote entire regions’ worth of servers to use as a live-fire testing zone to run security simulations. In one recent test, Netflix DDoS’d (Distributed Denial of Service) itself in order to find areas of vulnerability and engineer more effective solutions.

Developers that are getting on board with increased security spending should begin to see results within the next year. Outsourcing application security responsibilities is more viable than ever. Editors spot mistakes that writers miss due to their familiarity with the content. Similarly, third-party security specialists can find flaws in code and functionality that developers may skim over after months of working on an application.

In the meantime, there are many options for end users to take security into their own hands.

What You Can Do to Improve Security

Not all aspects of application security fall at the developer’s feet. There are many precautions that users can (and should) take to further secure their information.

Using random and complex passwords is one of the best possible ways to prevent your accounts from being compromised. Keeping track of dozens of passwords can be a burden, so consider using a password management program to keep track of and automatically enter passwords on your personal devices. Stay away from passwords that carry personal significance.

In the office, consider implementing dual-authentication, and require employees to lock up their workstation at the end of the day. Keep in mind that with the increased use of mobile and personal devices for work purposes, your network perimeter doesn’t end at the walls of your office; it now extends to every employee’s pocket and home desk. Proper cybersecurity education can help employees spot the warning signs associated with poorly secured apps.

Web applications are already ubiquitous and will only become more common and more powerful with the passage of time. The potential of application development will only be fully realized once security is prioritized as highly as functionality.

How Safe is Your Data?

Cybercrime will cost $2 trillion by 2019. This incredible figure means that we are less than two years away from cybercrime costing enough money to fuel a G8 economy (Italy, the current eighth-largest economy in the world, has a GDP of $1.8 trillion). The staggering impact of cyber crime is compounded by the fact that it only seems to be getting more common. 2017 has already seen two major waves of destructive ransomware.

Attacks like these are causing many business owners to question the security of their own data. Small businesses are often viewed as soft targets by malicious parties. To complicate matters further, cyber attacks are uniquely deadly to smaller businesses. An estimated 60% of small businesses that suffer a cyber attack go out of business within six months.

Now more than ever, it’s important to evaluate your current technological resources and determine if you’ve taken the necessary steps to protect your data.

Do You Have Backups in Place?

Even if a deadly cyber attack never comes to pass, there are plenty of everyday threats to data that doesn’t have a reliable and recent backup.

In the old days, backing up your data was a simple but time-consuming process. You’d spend time every few days loading all of your data onto an external hard drive just in case something happened to your main storage device. Thanks to the emergence of cloud computing, however, backing up your data isn’t just easy – it can be instantaneous as well. When you work in a digital workspace like Google Drive, all of your work is saved in real time in a massive global infrastructure. That means spilling your coffee on the computer or accidentally closing out of your document won’t cost you hours or days of progress.

Working in the cloud is only one layer of redundancy, however. For comparison, the military uses upwards of 10 redundancies. Working with a professional IT expert can help you put all the necessary processes in place to ensure your data is safe from destruction.

Have You Reduced the Risk of Human Error?

The best-laid cybersecurity plans rarely survive first contact with an untrained employee. Ensuring that your employees are able to identify malicious schemes like phishing or malware can go a long way towards making your business a hacker’s nightmare. Even if you invest time and money in firewalls and other precautions, all it takes is one click on a bad email to compromise your entire network.

Luckily, professional cybersecurity training is widely available. If your business works with technology in any capacity, such training is worth it. Implementing policies like dual authentication and requiring employees to shut down and password lock their workstations at the end of the day can be massively beneficial.

Controlling access to your facilities is important as well. Using surveillance and controlled access technology in your offices and other buildings can ensure employees are working safely and effectively, and it prevents additional unauthorized access to your secure information.

If you reach this point and feel that your business may not be as insulated from cybercrime as it could be, there’s no time to wait. The Preferred Technology Solutions team is standing by to help North Texas businesses gain peace of mind through data security. Just reach out today to kick off a discussion and begin the process of making your business a bastion against malicious cybercrime.

Email icon representing phishing attacks

Google Phishing Attacks Under Investigation

Google Docs Based Phishing Attacks

The phishing attack campaign used Google email addresses to target users by sending an email to share a document for collaboration. Once the targeted users accepted invitations, they were encouraged to login which allowed the phishing program access to their email accounts. Google has taken action to protect users, including removing the fake Google Docs pages and disabling the offending accounts.

Google Confirms the Attack

Initial reports say that Journalists were the main target for the Google Docs vulnerability, however, many different individuals working in many industries report receiving said emails. Google has confirmed it the phishing attacks through their own internal investigation and we are urging our partners to be vigilant for the time being. Here are some things you can do to safe:

  • Even if a sender is known pay close attention to what you might be clicking especially direct links.
  • When opening documents from an email, proceed with caution when opening compressed ZIP files.
  • Immediately report any and all suspicious emails to us.

Here is some information on how to prevent phishing attacks.

Security Concerns for Every Business

Security is a practical and ethical issue for every business owner. Adopting the right approach to security in your business will help to define you as a manager and play a major role in the way your business grows. Unfortunately, security is a wide-ranging and complex issue, and there’s no universal solution. Threats are both internal and external, human and automated. It’s impossible to completely insulate your business from disaster, but you can certainly take precautions. Therefore learning about the various security threats to your business is the first step to finding an appropriate solution.

External Security Threats

External threats are likely what come to mind when you think of security concerns from your business. These threats include phishing, spyware, ransomware, and other nasty pieces of software. This can lead to expensive and dangerous data breaches and downtime that can be deadly to your business. One study by the Denver Post indicates that 60% of businesses that suffer a cyberattack go out of business within six months. In addition, cyberattacks disproportionately target small businesses. In some highly regulated industries, security breaches can warrant fines on top of the actual damage of the attack. The increasing number of external threats makes network security more important than ever.

Digital threats aren’t the only external threats, however. When you operate out of a brick and mortar office, there’s always a slight risk of old-fashioned crime. A combination of cybersecurity policies and surveillance technology is the best approach to handling external threats.

As dangerous and annoying as external threats can be, the trickiest threats aren’t the ones trying to force their way into your network.

Internal Security Threats

The good news, however, is that most internal threats aren’t malicious. The bad news is that most internal threats aren’t malicious. In a business that works heavily with technology and data, human error and equipment failure can be devastating. Without proper employee education and backup procedures, your business is no match for an accidental keystroke or unexpected system crash.

Educating employees on proper cybersecurity procedures can go a long way to prevent the kinds of human error that open up your business to outside threats. Making sure that employees are aware of the dangers of malware is a key first step. Implementing two-factor authentication policies and requiring periodic password changes can make your business more secure.

Surveillance is a great way to curb other internal threats. A video record of the events in your office can ensure a fair resolution to conflicts and deter unethical actions. If your business operates out of a warehouse or another risky environment, surveillance technology can document whether or not employees are following safety procedures.

Every business has a unique set of security needs, and at Preferred Technology Solutions we don’t believe in a one-size-fits-all security solution. When we work with you, we get to know you, your business, and your industry – and we design a solution that’s custom-tailored to fit your needs. If you think your business might be vulnerable to any of the threats discussed here, don’t hesitate to seek out a solution. Just give us a call to discuss what can be done for you – no strings attached.

Security Breach

What a Security Breach Will Cost Your Company

More and more often we see stories in the news regarding data breaches at major companies, from the Sony hack that put the data of millions of gamers onto the open marketplace to the Home Depot breach that put the credit card information of thousands of their customers onto the Web. The Ponemon Institute, which tracks such incidents, estimates that the average cost of a security breach is $3.5 million, with the lowest that they have knowledge of at $750,000 and the highest at nearly $31 million.

 

The volume of these attacks is on the rise, with credit card companies, banks and other financial institutions leading the list of companies that have to deal with hackers on a regular basis. Other companies aren’t safe either, though, as all information, of any kind, will command some kind of price on the black market. Hackers will go after any storage that they find is easy to breach in the hope of finding some sort of paydata.

 

This means that your company isn’t safe either – any data is a commodity, and its loss may hurt you more than it lines the criminals’ pockets. Having all of your client information deleted, for example, can spell the bankruptcy of your firm, and in more ways than you realize. Not only will you no longer be able to have their history and such, but you’ll have to go to them, hat in hand, and explain that their data is no longer secure. This is not only embarrassing, but it’s also a bad blow to your company’s reputation.

 

Reputation is important, especially if you have a bad one. You don’t want to be known as the company that lost data. Customers expect companies to realize all these threats and have security in place to prevent it, making it your responsibility to guard against them even if they are a lot more sophisticated than conventional means can handle. Sony is a good example: it took a public apology by the CEO and the board for a horde of angry gamers to stay on as customers, and even then many left and took their wallets elsewhere. The consequences for Home Depot are still a little unclear, but their stock took a tumble as shareholders started selling in anticipation of disappointing profit figures.

 

Security is no small matter. It can decide the future of your business. Unlike an individual, as an entrepreneur you can’t rely on free options or on downloadable programs; you’re going to have to enlist the services of IT security professionals who can set up a suite of protection for you and who will monitor your security situation at all times. It may not be cheap, but the alternative can cost you a lot more.

New “Bash” Security Threat Surfaces – Preferred Technology can help ensure that you are protected with our “Effective IT” Solutions

Do you remember the catastrophic “Heartbleed” security bug that started wreaking havoc on people and businesses in April?

Well, a new security bug has surfaced, and it is being referred to as “Bash.” It has been widely stated that this bug will be even more disastrous than Heartbleed was.

If your system falls victim to Bash, an unauthorized user could gain control of your entire system! That could be completely devastating for your company.

To learn more about the severity of Bash, click here.

In the midst of this harrowing announcement, there IS good news – Preferred Technology can help ensure that you are protected with our “Effective IT” Solutions.

Remember, here at Preferred Technology, we are the security and data recovery experts! Contact us today, and let’s work together to keep your assets safe.

Network Security

Can you imagine the devastating effects that an attack on your corporate data would have on your business? Sometimes, in these situations, businesses NEVER recover – and, if they do recover, it’s a lengthy, painstaking process. Do you really have the time to worry about that kind of disaster occurring?

Here at Preferred, our goal is to give you the peace of mind that you need and help you ensure that your information is safe if an attack occurs. Preferred’s Resource Security Analysis enables you to easily identify your network’s vulnerability from both the outside world and your internal user community.



A customized solution – tailored to fit YOUR needs!

If you obtain a security solution from another company, chances are, they’ll simply provide you with a one-size-fits-all solution. So, what’s different about security solutions at Preferred? We take the time to get to know YOU. A certified engineer will be in contact with you, analyze your business needs, and create a custom security solution for your business based on those needs – there’s no better way to get EXACTLY what you need.

Testing your security – the same way an outside attacker would!

When we test your security, we think like a hacker by pinpointing any “weak links” in your system. After we’ve identified your potential risks, we supply you with a proactive, practical plan of action so that you can put a halt to anything putting your data at risk! By thinking like a hacker, we give you the peace of mind you need to know that your system will be safe from attack.

You can rest assured knowing that your business is protected and your assets are as safe as they can be!

Instead of worrying about the day-to-day details that keep your business running efficiently, shift your focus to the “big picture” and you long-term business goals!


Our certified, enterprise-level engineers in Dallas are committed to developing the most effective solution possible for YOU! When you call us during the work day, you’ll talk to a PERSON – not an automated system. One of our engineers will then analyze your business needs and create a customized security solution for you based on those needs.

Don’t risk your assets. Protect them! Contact us to speak to an engineer in Dallas and get your personalized solution – it’s the most effective way to keep your business safe!

Fortinet Security Research Leads Expertise on Mobile Malware

SUNNYVALE, Calif., Sep 22, 2011 – Fortinet® – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions, today announced that in just five years, the number of mobile malware has grown from 52 to over 2,500*. With more than 15 years of experience in cryptology, security protocols and operating systems, Axelle Apvrille has conducted in-depth research on mobile malware such as the Symbian Yxes worm, the Zitmo Trojan and more recently Spitmo, the latest Android malware which intercepts SMS from financial institutions and is the first to spread without the help of Google’s Market or any other third-party markets. The threat of mobile malware is now reality for Android users: records showed that a single malicious sample was downloaded more than 200,000 times**.

Media Alert: Application Security, Beyond the Firewall

SUNNYVALE, Calif., Sep 20, 2011 – Fortinet® – a leading network security provider and the worldwide leader of unified threat management (UTM) solutions, today announced that Application security has evolved far beyond the old days of “allow” or “deny” at the firewall. The rapidly changing nature of applications has made enforcing network security extremely challenging for organizations looking to stay ahead of the latest threats. Traditional firewalls and stand-alone network security solutions cannot detect many of today’s most popular applications, creating dangerous gaps in network security strategies. This session will provide examples of how attackers are taking advantage of the latest applications to hide malicious content, and the range of options offered by network security vendors that organizations can use to detect and block these threats.