Malware Protection & Attacks

How to Protect from Malware Attacks

Protect from malware attacksHow to Protect from Malware

Protecting your company data is the most critical task your IT department has. This team of specialists works tirelessly to keep out intruders only to have their coworkers inadvertently let them differently. While your business may have many safeguards in place to catch and clean up these mistakes, there are ways to prevent malware attacks before they happen. Protect from malware attacks ? How?

Additional Layers of Security

You may think your employees are the most vigilant in the world, and they may very well be. However, without a layered security system in place, cyberattacks can still break through. Your business needs an extensive security suite of antivirus, firewalls, and antimalware software to help keep out unwanted visitors.

Using Updates and Plugins

One of the easiest ways for a hacker to attack your infrastructure is through holes in your company’s software. Whether it is the operating system, internet browsers, or mobile devices, keeping titles up to date is one of the most important things you can do to protect corporate data.

Browsers, operating systems, and plugins often receive regular security patches from their manufacturers. It is easy for you to push them off and let them wait until a more convenient time for your employees. However, by doing so, you are cracking a door for intruders to exploit. Once the updates roll out, act immediately to ensure the best coverage. Immediate action is doubly true for mobile devices which often get up off due to low storage or battery power.

On web browsers, ensure all employees enable the click-to-play plugin. Many attackers use the ads to install their viruses on to unsuspecting computers. These ads autoplay and often found on well-known sites. The click-to-play plugin stops Java or Flash ads from running, unless the user clicks on them, helping to reduce the chance of accidental infection.

Safe Browsing

Companies often restrict their employees online browsing abilities. However, even sites that your business has deemed okay for workers to visit need to be used with caution. Employees should do the following every time they go on the internet.

  • Log out of websites when finished: It does not matter if it is a social media site you regularly use to update information for the company or a banking site you use to check your balance during lunch, always log out. Hackers with the right skills can use your browser’s cookies to gain access to places you remained logged into.
  • Use Secure Connections: Sites with padlocks to the left of the URL provide a secure connection between your system and the website server. This added encryption helps to protect against intrusions in the data stream.
  • Strong Passwords: Don’t use passwords that are easy to guess such as birthdates, pets’ names, or anniversaries. Passwords should contain upper and lower cases letters as well as numbers and special characters. For optimal protection, you need a different password for each site you log into.

Other Important Tips

Most employees defer to their local IT department in the event of a computer malfunction. It is the best practice because you know that the gurus of IT are going to clean the system without infecting it further. However, for employees who work from home, having access to the local IT department might not be a feasible option. These workers are more likely to be taken in by fake tech support numbers that may appear on the screen when their system gets infected. Corporations can help by making sure all employees, home-based and onsite, have access to the correct contact for software and hardware support.

Also, educate your workers on phishing and spoofing scams that may appear in their inboxes. It is essential that you remind them never to call the institution the message is from to verify authenticity before using links. Learning how to spot phony messages can protect both your company and individual workers from data loss.

Malware attacks can happen to any business, big or small. Taking steps to protect your infrastructure and training your employees on safe practices can curtail any malicious intrusions. Even the most secure systems can still be successfully attacked, so in addition to education and layered security, you should also backup your data. CloudAlly offers complete backup and recovery solutions for Office 365, G Suite and Salesforce, allowing you to quickly recover data in the event of a malware attack.

Microsoft Video: Malware Attacks

How to maintain G Suite security settings ?

Setting G Suite Security Settings

If maintaining security is not at the forefront of your business model, then you are opening yourself up to hackers and data loss. G Suite offers security features to help protect your employees’ accounts and maintain your company’s data integrity.  This blog post will explain how to maintain: G suite security settings.

View User Settings

As a G Suite administrator, you can access user security settings to ensure password strength is up to code and turn on two-step verification security protocols. To do this, you must first log into your administrator account and access the administrator console.

  1. Click users.
  2. On the user’s screen, you can verify the status of two-step verification enrollment. If you do not see a column listed for the two-step verification, click the more icon and choose select columns to expand your screen to include any missing options.
  3. Select the user whose security settings you wish to check.
  4. Click Security. Again, if security is not an option, select show more to find the missing section.

Two-step verification

If the user has enabled the two-step verification, the backup verification codes are accessible by clicking show backup verification codes. Google suggests all G Suite users utilize the two-step verification process for maximum security. As an administrator, you can disable this feature if an employee no longer has access to the mobile number they used to set up their security.

To begin the two-step verification initiation process log into your administration console and select set up two-step verification for your domain. At this point, you should notify all your users of your new security protocol and include instructions on how they can finish setting up their enrollment.

All users must opt into the two-step verification themselves regardless of company policy. After they choose to opt-in, users need to navigate to the two-step verification page to set up their codes. Once on the two-step verification page, select Get Started.

  1. Enter the email and password associated with the G Suite user account.
  2. Click the start set up button.
  3. When prompted, enter a mobile phone number in which to send a text message containing a six-digit verification code.
  4. Verify the phone number by entering the six digit code which you received.
  5. Choose to add the current computer as a trusted device. If the machine used to set up the two-step verification is and not your regular computer, do not select “trust this ”
  6. Confirm that you want to use two-step verification.

Unless the computer is a trusted device, each time your user logs in they will be required to enter the six-digit verification code. Mobile devices using Gmail and Google calendar may require app passwords in addition to their verification code. The app password is entered once and remains the same until the user updates their login information.

Password Strength – G Suite Security Settings

As the G Suite administrator, you can help protect your users’ accounts by monitoring and managing the length and strength of their passwords. Setting a length requirement prevents users from creating short passwords which are easy to hack. Start by logging into your G Suite administration console.

  1. On the dashboard navigate to security and then basic settings. If the security option is not visible on your panel, select more controls to browse to the security features.
  2. In the section labeled password strength, enter a minimum and maximum length the user passwords must abide. For example, must be between eight and 20 characters.
  3. Click save.

Also in the security section of the G Suite administration dashboard, you can monitor how secure user passwords are. Navigate to the password monitoring area of the security section. From here you can view a graph showing the overall strength of your users’ passwords. This bar graph will change over time depending common passwords that are known to be vulnerable and your password length requirements.

Keeping your G Suite user accounts secure is your best line of defense against hackers and data loss. It is also a good idea to back up all G Suite user information. CloudAlly offers an affordable backup service for all your G Suite accounts.

HIPAA compliance software – Office 365 HIPAA

Office 365 HIPAA

HIPAA Compliance Software

hipaa compliance softwareProtected health information is an important subject in the technological age. The use of mobile devices such as smart phones and tablets make it more consequential for companies to have protections in place. With the use of online services, like Office 365, HIPAA compliant takes on a new level of complexity. Not only does your business must have regulations and safe practices in place to protect sensitive data, but the online service must have HIPAA compliance software measure as well.

The IT manager can easily be confused by which services have the proper protections in place to help safeguard data.  A quick search and hundreds of names appear, all claiming to have the certifications necessary to meet your needs. While many do, not all are as compliant as they pretend to be. So, one wonders is Office 365 HIPAA compliant?

Certified to Protect

Microsoft has robust security features necessary to help protect information stored on their servers. The company offers two-factor security authentication to help keep your accounts secure. In short, Office 365 is HIPAA compliant.

As an Office 365 user, there are some things you must do to take advantage of their compliance standing. All companies using Office 365, must complete a business associate agreement, or BAA, with Microsoft. Once in place, Microsoft, for their part, will do everything in their power to ensure your protected health documents are secure.

Configuring Office 365 Email

After signing a BAA, Microsoft helps you set user emails to comply with HIPAA regulations using the Exchange Online Protection program. Only administrators can configure these settings, as they are reached from the Exchange Admin Center page.

Office 365 Backup
Once on the Admin page, select Compliance management, then select Data Loss Prevention. From here click on the “+” sign and select New DLP policy from the template. Scroll until you find HIPAA and choose template.

By default, Office 365’s HIPAA rules scan messages for Drug Enforcement Agency (DEA) number and Social Security numbers. However, if you need more coverage, you can add:

  • US Passport number
  • US Bank Account
  • US Driver’s License
  • US Individual Taxpayer Identification number

To add any of these items to your HIPAA configuration, just select them on the template. You can also customize rules to add fields such as Date of Birth.

Once enacted, Microsoft scans each email for selected sensitive information. In the event of an incident, Microsoft reports it as dictated by their standard notification procedures to the system administrators.

Office 365 HIPAA Compliance Is Not Enough

Using an email service that is HIPPA compliant, like Office 365, is not sufficient. Microsoft is only responsible for maintaining security on their end of the agreement. It is up to business owners to use best practices to protect customer information and comply with HIPAA regulation.

Adding two-factor security authentication is just one step to help protect your files in an HIPAA regulated situation. Using encrypted email when sending data contributes to protecting your customers from potential information loss.

Another step you can take is limit who on your staff can send emails concerning patient information. Limiting who can access and edit client files is also another way to protect sensitive data.

Patient consent forms, which must be signed for health information to be shared with anyone other than the patient, are the responsibility of your office. Microsoft does not take responsibility for this document. It is up to your staff to obtain and retain written permission. Under HIPAA regulation, this agreement is obtainable via email. However, you must inform the patient of any potential risks they may have using email to communicate sensitive data.

Properly managing where protected health information is the most important thing you can do to maintain HIPAA regulation. While mobile devices often come with Office 365, it can only help to increase the risk others gaining access to patient information. Misplaced laptops and cell phones can lead to stolen documents if saved internally.

Having a cloud backup in place can act as a barrier to malicious data loss. Storing information in the cloud keeps it from being stored on the hard drive of a mobile device that is easily lost. However, if you choose to store your information in the cloud, make sure your backup service is HIPAA compliant to adhere to government regulation.

CloudAlly is certified ISO 27001 and is thoroughly HIPAA compliant software. We offer business associate agreements with all clients who ask for them. Our Office 365 backs up email, calendar, tasks, and contact data.

Try us free for 15 days, no credit card required to sign up

Data is Security in the Cloud to cloud backup Solutions

A Practical Guide to Ensure Your Data is Secure in the Cloud for Cloud Backup Solutions

As more and more businesses turn to the cloud, it is vital to protect the data that is stored in the cloud. Furthermore, the transactions need to be secure and safe to ensure that the cloud-based services run smoothly and securely.

The vast expanding mobile device ecosystem spearheads the computing over clouds. Businesses of all sizes, from start-ups to SMEs to Fortune 500 companies, have started leveraging the significant advantage of the cloud to roll out more services across all areas to strengthen their businesses, especially when working with Cloud to cloud backup Solutions.

In fact, the cloud has proved to become a must-have and not only a nice-to-have for businesses to excel. But how secure is the cloud and its access? How safe is the data stored and managed? These questions still prevail and this article will present a few factors to ensure your business or data is secure in the cloud.

Cloud Whereabouts

During the time of mainframes, a huge amount of data was stored in centralized computer systems, such as mainframes, that were small enough to be placed in a single location.

However, at the moment, the data exist virtually somewhere in a corner of the world without even the user knowing where it is stored. How secure is the physical location and what sort of environmental, fire and safety measures are ensured by the cloud storage provider to keep it safe?

These things are rarely thought about as more and more businesses want to establish quickly and reach out to the market. Knowing the physical location of your data and how it is secured is an important factor to consider before moving to the cloud.

Secure Protocol

In business and financial apps, the volume of transactions becomes a prime concern. Managing such a volume has to address two things: firstly, the real-time processing of the transactions and secondly, the transaction has to be secure and free from any kind of hacker attacks.

While this may seem of little interest to the cloud-based entertainment businesses, it is the prime concern for financial companies fearing to move to the cloud.

Cloud to cloud backup Solutions show Statistics from the Ponemon institute report indicate that around 43% of companies experienced threats which originate from attacks on the data that is stored in the cloud.

The cloud provider has to ensure the use of secure protocols, such as SSL, IPsec, HTTPS or any other applicable protocol, for safer transactions and storage of the data. There are many public and private cloud providers claiming to provide a secure infrastructure, but most of these break down when the transactions reach high volumes. The providers need to be thoroughly verified for the use of the protocols and the volume of data that is being managed by their cloud infrastructure.

Strong Access Policies

There are many layers of security that have to be built when dealing with the cloud infrastructure. The first level of security has to originate from the user who accesses the cloud data on a daily basis. Almost 60% of the data that has been compromised originate from the employees who access the cloud data, according to Data Breach Industry Forecast.

Strong access policies and privileges have to be set while migrating your business to the cloud. Passwords also have to be strong enough and the level of access needs to be defined. They have to be administered by strict security policies and should be changed periodically to protect the access to the data stored in the cloud. This can be combined with a multi-way authentication of the

Adopt and Control Bring Your Own Device

As cloud-based apps mostly cater to the mobile ecosystem, it is difficult to control the device that the user will use to access his or her data stored in the cloud. This becomes a perennial challenge, since new devices are being rolled out every day by device manufacturers. Companies adopting Bring Your Own Device (BYOD) pose a greater risk in the cloud- based work environment. This is because the IT policies are difficult to set on these devices, especially when they are new.

However, it is equally important to adopt these devices because discouraging them will hamper the cloud-based services. Security policies have to be evolved to ensure that the cloud protection measures are taken care of while adopting the BYOD for any organizations doing business in the cloud.

Encrypt the Data when dealing with Cloud to cloud backup Solutions

While this may make things a little slower and make the cloud more expensive, encrypting the data is one of the secure ways to protect your data in the cloud.With public and private key mechanisms, the data in the cloud can be kept secure and even if there is a compromise in the cloud, the data are rendered useless by the attacker.

This would still not completely protect the data arising from the physical and environmental threats, but the data remain in safe hands with the encryption keys only known to the user who uses them.

As said before, the cloud security needs to be built in layers right from the system to the user and in every part of the network nodes that sits between the user and the physical cloud.

Test Your Cloud Thoroughly

As clouds seem to be secure for smaller volumes and data, the vulnerability creeps in once the data grow and the volume increases tremendously.

The hardware and performance capability seems to throw great threats in terms of security and availability. So the cloud needs to be planned in a scalable manner and security aspects have to be built.

Test your cloud in a defined and random manner to ensure it does not break down or become vulnerable to the attacks as it grows in size. Things like the middle of men attacks, stress testing, and penetration testing will help evaluate the cloud’s security before it is put to use.

Adopt the Right Access Tools

A right key is a solution to the right lock. Similarly, the use of the right tool is the safest way to keep your data secure.

The use of VPN-based access and setting up host-based intrusion prevention systems are important to have a secure cloud environment. Furthermore, this can be administered by firewall policies to allow the apps that are intended to use the cloud environment. This will prevent unwanted access to the data that is managed by the cloud.

Get a Cloud-to-Cloud Backup Solution

You may be assured by your cloud provider that your data will never be compromised or lost. However, can you leave your businesses dependent on someone else?

Also, it is not just about data loss opportunities. Even a single downtime for a couple of minutes can break your business, especially if your business deals with a huge amount of data.

You may remember Google Drive went down the first week of October this year. This means you can face downtime even with the biggies like Google. So, an inevitable solution for this is a cloud-to-cloud backup solution.

You should get your online data backed up daily and automatically to different cloud storage. This will ensure that, even if you experience data corruption or theft with your online data such as Office 365 or Google Apps for Work, you can still recover it as your data are already backed up to a cloud storage, such as Amazon web services, as a backup.

This will thus ensure that you never have to be worried about data loss and that you can focus on your core business operations.

Data is very precious in the present day and securing it should be of prime importance to businesses running in the cloud. Thus, a secure cloud is a key to winning the confidence of your customers and a success in the cloud environment itself.