954-866-1600    Get SUPPORT

Evolution Networks Blog

Evolution Networks has been serving the South Florida area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Cyber Security Protection and Compliance for HOAs is a Must Have

hoa-cyber-security

Community associations and board members can land themselves in hot water and find themselves liable if a cyber attack occurs. In addition to the loss to the association if funds are stolen, there may be compensation to owners if thieves steal their funds or personal information.

Board Members Can Be Liable

Community associations and board members can land themselves in hot water and find themselves liable if a cyber attack occurs. In addition to the loss to the association if funds are stolen, there may be compensation to owners if thieves steal their funds or personal information. There is also the expense to defend a potential lawsuit and resulting reputational damage to the association. Penalties may also be assessed if the targeted association failed to comply with state data-protection statutes. These statutes vary, which is why it’s important for an association to understand its obligations under the law.

The Importance of Cyber Security

To help mitigate risk, it’s important for the association to have a cyber security policy in place. This includes:

  • Review governing documents and local laws. These official documents will set up a foundation for adding a new cyber security policy.  
  • Determine which individuals will handle the data and which individuals will ultimately manage cyber security. Keep close tabs on who gets access to sensitive data and who gets administrative privileges.
  • Outline a plan of action if security breaches or criminal hacking occur.
  • Set up a list of rules for using association mobile devices or computers to ensure that unauthorized people will not be able to access confidential information.
  • Establish a data breach plan. To prepare for a potential data breach, there are several resources from trusted authorities like the Federal Trade Commission (FTC). The Online Trust Alliance has an online guide about data breach preparation and the FTC offers resources that explain the process of securing association data and protecting customer data.
  • Provide board members with a set of guidelines. These cyber security principles can help community associations better understand new policies and see how to respond to potential cyber attacks and data breaches. They are key to bringing everyone onto the same page regarding cyber security policies and procedures.
  • Teach residents about cyber security. Educating residents about cyber security should be a priority for the association. This can be done via the community’s newsletter, emails or letters directly to residents, along with tips posted on the community website.
  • Ensure that the association software is secure, with features that defend against malware and protect sensitive and confidential information.  This includes creating strong passwords, updating software regularly, investing in an anti-virus solution, encrypting all data, and ensuring regular back-ups are being made, among other measures. Make sure the management company will not be sharing the association’s private data with third parties or storing data on servers that are shared with other businesses or clients of the data host.

Secure Cyber Liability Insurance

In addition to having a cyber security plan in place to help mitigate the risk of a breach, it’s also critical for an association to carry Cyber insurance. Note that General Liability insurance does not cover the impact of a data breach on the association. A Cyber policy includes first-party and third-party coverages. First-party coverage is for losses and damage to the business, while third-party coverage is for losses that an outside entity incurs due to a cyber event. A policy can be designed to pay for first-party expenses that include:

  • Legal and forensic services to determine whether a breach occurred and assist with regulatory compliance if a breach is verified
  • The costs involved to notify affected customers (homeowners, condo owners) and employees
  • Customer credit monitoring
  • Regulatory defense & penalties – coverage for defense costs and fines or penalties for violations of privacy regulations
  • Crisis management and public relations to educate customers about the breach and rebuild a company’s reputation
  • Business interruption expenses as a result of the breach
  • Cyber extortion reimbursement for perils including credible threats to introduce malicious code; pharm and phish customer systems; or corrupt, damage, or destroy your computer system

A Cyber policy can also be designed to pay for the following third-party expenses:

  • Judgments, civil awards, or settlements a client is legally obligated to pay after a data breach
  • Electronic media liability, including infringement of copyright, domain name, trade name, service mark, or slogan on an intranet or Internet site

Policies, including the scope of coverage, terms, sub-limits, deductibles and other important factors, vary from one carrier to the next and it’s important to work with an experienced insurance professional in designing a Cyber insurance solution that meets the needs of the association.

Source: NI

0 Comments
Continue reading

If you use Microsoft Office 365, you need to be aware of this new attack.

office-365

A  spearphishing attack is spoofing Microsoft.com to target 200 million Microsoft Office 365 users in a number of key vertical markets, including financial services, healthcare, manufacturing and utility providers.

Researchers at Ironscales discovered the campaign targeting several thousand mailboxes at nearly 100 of the email security firm’s customers, Lomy Ovadia, Ironscales vice president of research and development, said in a report posted online Monday. Other industries being targeted including telecom and insurance companies, he said.

The attack is particularly deceiving because it deploys an exact domain spoofing technique, “which occurs when an email is sent from a fraudulent domain that is an exact match to the spoofed brand’s domain,” Ovadia wrote. This means even savvy users who check sender addresses to ensure an email is legitimate might be fooled, he said.

The attack is comprised of a realistic-looking email that attempts to persuade users to take advantage of a relatively new Office 365 capability that allows for them to reclaim emails that have been accidentally marked as spam or phishing messages, according to the report. The messages come from sender “Microsoft Outlook.”

“Specifically, the fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation,” Ovadia wrote. “As inferred by the message, the link will redirect users to a security portal in which they can review and take action on ‘quarantined messages’ captured by the Exchange Online Protection (EOP) filtering stack, the new feature that has only been available since September.”

Once a user clicks on the link, they are asked to type in legitimate Office 365 login credentials on a fake log-in page controlled by attackers to harvest and likely sell on the dark web, according to Ironscales.

One interesting aspect of the campaign is its success in getting past secure email gateway (SEG) controls. Typically, exact domain spoofs aren’t very hard for them to detect, according to Ironscales; the company found in previous research that this tactic was represented in less than 1 percent of total spoofing attacks that bypass SEGs in a given year.

“Even non cloud-native and legacy email security tools are fairly efficient at stopping these sorts of attacks,” Ovadia noted. “The reason why SEGs can traditionally stop exact domain spoofing is because, when configured correctly, this control is compliant with the domain-based message authentication, reporting & conformance (DMARC), an email authentication protocol built specifically to stop exact domain spoofing (SPF/DKIM).”

However, Ironscales found that Microsoft servers are not currently enforcing the DMARC protocol, which means the exact domain spoofing messages get through controls such as Office 365 EOP and Advanced Threat Protection.

“Any other email service that respects and enforces DMARC would have blocked such emails,” Ovadia wrote. “It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure.”

The situation is particularly curious as Microsoft is typically one of the top domain names if not the top domain imitated by hackers in phishing campaigns, he observed.

To mitigate attacks, Ironscales advised organizations to configure their email defense and protection systems for DMARC, which should detect and reject emails coming from the latest Office 365 campaign, according to the report.

“Advanced mailbox-level email security that continuously studies every employee’s inbox to detect anomalies based on both email data and metadata extracted from previously trusted communications can help stop email spoofs that slip through the cracks,” Ovadia added.

0 Comments
Continue reading

Your Business Processes Are Everything

Your Business Processes Are Everything

The word “procedure” can easily be perceived in a negative light nowadays. It just sounds so… rote… compared to the exciting and dynamic buzzwords that so many “thought-leading, influencing, social media innovators” today toss around. Now, we don’t mean to disparage these personalities - we just want to emphasize that these innovations rely on a foundation to support them, and these foundations are based on business procedures and processes.

0 Comments
Continue reading

What Does It Mean to Plan for the Worst?

What Does It Mean to Plan for the Worst?

You don’t need to be repeatedly told just how important risk management is. If you did, you probably wouldn’t have made it this far. One problem you see from business owners today is that while they understand just how many problems there are--and which ones they need to find solutions for first--they want to grow their company so fast that they overlook potential problems and end up hurting their business as a result. This month, we thought we would talk a little bit about contingency planning and how, if it is done right, it can have a marked effect on your business’ ability to carry-on after a problematic event. 

0 Comments
Continue reading

Tip of the Week: Extend Your IT Budget

Tip of the Week: Extend Your IT Budget

Budgeting for your technology can be pretty difficult. You never really know when some problem is going to present itself and cost your business an arm and a leg. Since you can’t always see what’s coming, saving money when you can is important. Let’s take a look at a few ways that you can save money on your business’ IT.

0 Comments
Continue reading

Small and Medium-Sized Businesses Need to Prioritize Data Management

Small and Medium-Sized Businesses Need to Prioritize Data Management

For the small business, being more efficient with resources can make a massive difference. In fact, it can be the difference between organizational sustainability and organizational failure. The bottom line is that, no matter how big or small they are, today’s businesses need to be smarter to compete. As a result, some businesses have begun to utilize data management platforms (DMP) in order to put themselves in a better position to understand their business, their market, and their customers. Let’s take a look at the DMP, and how it works to help businesses like yours be more effective.

0 Comments
Continue reading

How IT Benefits a Small Business’ Growth Potential

How IT Benefits a Small Business’ Growth Potential

When we discuss our service offerings, we understand that it can all seem like a little much, especially to the small business that - up to this point - has never needed all these fancy solutions to operate effectively. However, there are a few considerations that the business this scenario applies to needs to account for. For instance, is it certain that these solutions are unnecessary?

0 Comments
Continue reading

Small Businesses Using Emerging Technologies to Get Ahead

Small Businesses Using Emerging Technologies to Get Ahead

If your business uses technology to be more productive and efficient, you know that as soon as you buy a piece of new technology, there is another one right behind it that has more power, or better features. This is true for consumers as well. This constant innovation is what has made technology a viable option for many small businesses. After all, if computers hadn’t been innovated on constantly, they’d still be the size of a room (or wouldn’t exist at all).

0 Comments
Continue reading

Outsourced Project Management: A Good Option for Small Businesses

Outsourced Project Management: A Good Option for Small Businesses

Small businesses often have to rely on different means to achieve the same level of project management as enterprises. This is due to the demands of project management being significantly different in scope, but also the way that your company implements new technology solutions. Instead of worrying about the specifics of project management, you can outsource these responsibilities to a managed service provider.

0 Comments
Continue reading

Small Businesses Face Challenges in 2018

Small Businesses Face Challenges in 2018

The modern small business will face several challenges in 2018. The world is changing, and with it, so is business. For many small businesses, this can either be looked on as the opportunity they’ve been waiting for, or, it can be viewed as the beginning of the end. No matter what situations you are faced with this year, understanding what problems your business faces, and how to solve them is imperative to your small business’ success.

0 Comments
Continue reading

Unpaid Invoices are a Major Problem For SMBs

Unpaid Invoices are a Major Problem For SMBs

While many different people open businesses, the primary reason that they all do so is to make money. A positive cash flow is essential if the business is to generate funds that support a cause or provide a decent living. However, to collect this cash flow, a business must have their invoices returned. As it happens, this doesn’t often occur in a timely manner.

0 Comments
Continue reading

House of Representatives Makes Moves to Support Small Business

House of Representatives Makes Moves to Support Small Business

Without competition, there would not be businesses. However, this competition needs to be fair in order for small businesses to embrace new opportunities that arise. A U.S. bill that allows for both of these goals has passed in the House of Representatives and will be voted on in the Senate.

0 Comments
Continue reading

What Effect Could Artificial Intelligence Have On Your Business?

What Effect Could Artificial Intelligence Have On Your Business?

Artificial intelligence is becoming more and more accessible to businesses of all sizes. In fact, it is swiftly becoming apparent that businesses that aren’t actively considering how to leverage AI in their processes are doing themselves a disservice.

0 Comments
Continue reading

Let's Talk Tablets

Tablets are definitely becoming a staple in the consumer electronics world. For the longest time, the tablet PC was an expensive, clunky device that just didn't wow consumers. Some businesses had adopted tablets back in the day, but they were difficult to use, hard to support, and they simply didn't perform for the price tag. However, like many consumer electronics, Apple reinvigorated the tablet market with the original iPad, and now it would seem tablets are here to stay. The question is, are they right for businesses?

0 Comments
Continue reading

Disaster Recovery and Why it Matters to Pembroke Pines Businesses

When you mention the term 'disaster recovery,' most people think about the big ground-shattering events like earthquakes, fires, floods, tropical storms, etc. While these natural events are certainly disasters and devastating in their own right, smaller things can constitute as a disaster for your business, and they aren't seasonal.

0 Comments
Continue reading

5 Tips for Saving Money on your IT

Saving a little on your technology can go a long ways, but cutting too many corners can lead to additional problems and expensive downtime. Here are a few ways you can cut costs without creating long term issues.

0 Comments
Continue reading