The “S” in HTTPS is More Important Than You May Think

It would be an understatement to say that security, particularly encryption, is important while browsing the web. Though it was only recently that encryption became a major pain point for government regulation, encryption has been around for a very long time. The average user can get a taste of online encryption through the average website security certificate.

Hypertext Transfer Protocol, with an S on the end for “security,” is designed to protect a website visitor’s privacy by encrypting information sent from the website to a receiving server. Ordinarily, the connection wouldn’t be private, so data can be accessed while it’s in transit. This is why HTTPS is commonly used on pages that require sensitive credentials, like passwords, usernames, credit card numbers, Social Security numbers, and so on. For example, banking institutions and other accounts that are linked to financial credentials (like any payment pages on websites) need to be using a security certificate to guarantee the user’s security.

One good way of describing online encryption is like a pipe. A normal HTTP connection is like a transparent pipe that you can see through. Hackers can collect data while it’s in transit because the pipe is see-through. Now, imagine the same pipe, only with an opaque hue to it. You can still see the insides, but they’re hidden and jumbled to the point where you can’t get a clear image. This is what it’s like for hackers to see encrypted data; they may have stolen it, but it’s locked down and indecipherable, making it essentially worthless.

The main thing that the average business owner must understand about HTTPS and online encryption is that you need to drill best practices of handling data into your employees as early and as often as possible. Before entering sensitive information into any website, be sure to look for the following abnormalities:

  • A lack of a security certificate: Before you enter any information into a website, make sure that it’s protected by a security certificate. You can verify that a website is secure by clicking on the green padlock icon next to the URL’s name in the address bar. It’s important to keep in mind that, while SSL and TLS might largely seem like the same thing, SSL is an antiquated security protocol that, thanks to vulnerabilities like POODLE (a man-in-the-middle exploit), could be dangerous.
  • Suspicious URLs or domain names: Sometimes hackers will create a site that looks exactly like a banking institution’s website, and use it to steal credentials. They will use sneaky tactics to make you think that what you’re looking at is the real deal, but look for out-of-place letters, numbers, or symbols in the domain before thinking you’re in the clear. Basically, the site that you’re on should be the institution’s official site. If something looks out of the ordinary, contact the organization through the information that you have on file.

Contact Us

For more great tips and tricks on how to stay safe online, be sure to contact JDL Group at 1-(844) 493-0015.

It would be an understatement to say that security, particularly encryption, is important while browsing the web. Though it was only recently that encryption became a major pain point for government regulation, encryption has been around for a very long time. The average user can get a taste of online encryption through the average website security certificate.

Hypertext Transfer Protocol, with an S on the end for “security,” is designed to protect a website visitor’s privacy by encrypting information sent from the website to a receiving server. Ordinarily, the connection wouldn’t be private, so data can be accessed while it’s in transit. This is why HTTPS is commonly used on pages that require sensitive credentials, like passwords, usernames, credit card numbers, Social Security numbers, and so on. For example, banking institutions and other accounts that are linked to financial credentials (like any payment pages on websites) need to be using a security certificate to guarantee the user’s security.

One good way of describing online encryption is like a pipe. A normal HTTP connection is like a transparent pipe that you can see through. Hackers can collect data while it’s in transit because the pipe is see-through. Now, imagine the same pipe, only with an opaque hue to it. You can still see the insides, but they’re hidden and jumbled to the point where you can’t get a clear image. This is what it’s like for hackers to see encrypted data; they may have stolen it, but it’s locked down and indecipherable, making it essentially worthless.

The main thing that the average business owner must understand about HTTPS and online encryption is that you need to drill best practices of handling data into your employees as early and as often as possible. Before entering sensitive information into any website, be sure to look for the following abnormalities:

  • A lack of a security certificate: Before you enter any information into a website, make sure that it’s protected by a security certificate. You can verify that a website is secure by clicking on the green padlock icon next to the URL’s name in the address bar. It’s important to keep in mind that, while SSL and TLS might largely seem like the same thing, SSL is an antiquated security protocol that, thanks to vulnerabilities like POODLE (a man-in-the-middle exploit), could be dangerous.
  • Suspicious URLs or domain names: Sometimes hackers will create a site that looks exactly like a banking institution’s website, and use it to steal credentials. They will use sneaky tactics to make you think that what you’re looking at is the real deal, but look for out-of-place letters, numbers, or symbols in the domain before thinking you’re in the clear. Basically, the site that you’re on should be the institution’s official site. If something looks out of the ordinary, contact the organization through the information that you have on file.

Contact Us

For more great tips and tricks on how to stay safe online, be sure to contact JDL Group at 1-(844) 493-0015.

Hack a Hospital and Get Blacklisted By Other Hackers

Hackers are notorious for committing cybercrimes and exploiting what seems like everybody and anybody. Yet, just as there exists honor among thieves, there’s an unwritten rule within the hacking community: leave hospitals alone.

Of course, if you’re familiar with the activity of hackers, then you’ve perhaps heard of stories of hospitals and healthcare institutions getting hacked. To be sure, any organization handling healthcare records makes for a tempting target to a hacker. These records contain very personal and sensitive information that can be sold for big bucks on the black market (this is one reason why protection laws such as HIPAA are put into place). However, if a hacker chooses to act on this impulse, they do so at the risk of being shunned by their own.

While it’s one thing to stealthily steal files from a hospital server unit, it’s even more of a dastardly deed for a hacker to unleash a ransomware attack on a hospital network. This is due to the fact that attacks like ransomware will disable a computer until a ransom is paid to the hackers. As you can imagine, if a hospital were to have any of its equipment taken offline, then patients in critical condition would be unable to receive the care they need until the system is back online. Potentially, a move like this could result in death.

What could motivate a hacker to attempt a hack where human life is on the line? For the hacker attempting such a hack, it’s perhaps because the crisis it creates makes for a higher chance of a payout. Compared to hacking a business that’s prepared for a ransomware attack and can afford to brush it off and lose a few hours or a few days-worth of data (depending on when the last backup was made), hospitals must act as quickly as possible to get their system back online, which very well could mean paying the hacker.

What’s worse, even if a hospital pays a hacker’s ransom, there’s still no guarantee that they will regain control of their system, which could translate to a significant loss of life. Given the possibility of such a sad situation, it’s easy to see why hackers will blacklist any of their peers known for going after hospitals. After all, where do the hackers go when they get sick? That’s right, the hospital.

To give you a hacker’s perspective on the matter, ZDNet references a forum where hackers discuss, get this, the ethics of hacking. “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong.”

While these words may be somewhat comforting for a hospital administrator to hear, keep in mind that there are some hackers who disregard any form of ethics altogether, so the risk is still there. Also, for the average SMB not associated with healthcare, there’s likely no “hacker’s code” protecting your organization from being targeted. In fact, regarding the typical SMB, hackers can build a pretty solid case on why they should pull the trigger on a hack attack.

Therefore, whether your business is in the crosshairs of hackers or not, every organization needs to be prepared and have a security solution in place that can withstand such attacks. This defense plan must include a way to defend against even ransomware, which means backing up your data with BDR and having a means to restore your backed up copy as quickly as possible so that downtime is at a minimum.

Contact Us

To make sure that your business is prepared for anything that a hacker throws at you, call JDL Group today at 1-(844) 493-0015.

Hackers are notorious for committing cybercrimes and exploiting what seems like everybody and anybody. Yet, just as there exists honor among thieves, there’s an unwritten rule within the hacking community: leave hospitals alone.

Of course, if you’re familiar with the activity of hackers, then you’ve perhaps heard of stories of hospitals and healthcare institutions getting hacked. To be sure, any organization handling healthcare records makes for a tempting target to a hacker. These records contain very personal and sensitive information that can be sold for big bucks on the black market (this is one reason why protection laws such as HIPAA are put into place). However, if a hacker chooses to act on this impulse, they do so at the risk of being shunned by their own.

While it’s one thing to stealthily steal files from a hospital server unit, it’s even more of a dastardly deed for a hacker to unleash a ransomware attack on a hospital network. This is due to the fact that attacks like ransomware will disable a computer until a ransom is paid to the hackers. As you can imagine, if a hospital were to have any of its equipment taken offline, then patients in critical condition would be unable to receive the care they need until the system is back online. Potentially, a move like this could result in death.

What could motivate a hacker to attempt a hack where human life is on the line? For the hacker attempting such a hack, it’s perhaps because the crisis it creates makes for a higher chance of a payout. Compared to hacking a business that’s prepared for a ransomware attack and can afford to brush it off and lose a few hours or a few days-worth of data (depending on when the last backup was made), hospitals must act as quickly as possible to get their system back online, which very well could mean paying the hacker.

What’s worse, even if a hospital pays a hacker’s ransom, there’s still no guarantee that they will regain control of their system, which could translate to a significant loss of life. Given the possibility of such a sad situation, it’s easy to see why hackers will blacklist any of their peers known for going after hospitals. After all, where do the hackers go when they get sick? That’s right, the hospital.

To give you a hacker’s perspective on the matter, ZDNet references a forum where hackers discuss, get this, the ethics of hacking. “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong.”

While these words may be somewhat comforting for a hospital administrator to hear, keep in mind that there are some hackers who disregard any form of ethics altogether, so the risk is still there. Also, for the average SMB not associated with healthcare, there’s likely no “hacker’s code” protecting your organization from being targeted. In fact, regarding the typical SMB, hackers can build a pretty solid case on why they should pull the trigger on a hack attack.

Therefore, whether your business is in the crosshairs of hackers or not, every organization needs to be prepared and have a security solution in place that can withstand such attacks. This defense plan must include a way to defend against even ransomware, which means backing up your data with BDR and having a means to restore your backed up copy as quickly as possible so that downtime is at a minimum.

Contact Us

To make sure that your business is prepared for anything that a hacker throws at you, call JDL Group today at 1-(844) 493-0015.

Scams to Look Out for and What You Can Do to Prevent Them

There’s no question that cybersecurity is an important part of managing a business, especially with so much technology in your office. Yet, the real challenge comes from making sure that your employees know and understand best practices, and are willing to adhere to them. Here are some easy ways that you can help your employees understand just how important IT security really is.

Change Passwords Frequently

Password security is a big problem for both the commercial and domestic computer user. Too often you see stories about users having passwords like “password” or “123456.” To help your team avoid this, create a handout that has the following best practices on it:

  • Make your passwords long (at least 16 characters). The longer, the better, as this makes the passwords more difficult to guess.
  • Make your passwords complex. Use a plethora of special characters, numbers, and both upper and lower-case letters.
  • Never use the same password twice. When a hacker steals a password, they may try to use it on other related accounts.

Of course, a password manager makes these tips much easier to accomplish; particularly one that allows you to share passwords across your organization’s network. You can group together users and distribute credentials as they’re needed, synced in real time to their devices. As a bonus, you can use complex passwords without the frustrations of forgetting and remembering them.

Watch Out for Spam

Hackers will often spread spam in the hopes that someone will slip up and offer important credentials or personally-identifiable information via email or phone call. We’ve outlined a couple of common spam situations below, so that you know what to look for:

  • A big congratulations: If you get an email saying that you’ve won the lottery or a big winner who needs to claim the prize, you can disregard it as spam. In general, if something is urging for immediate action, you might want to think twice about what it is.
  • Fake law enforcement threats: Hackers know that people are intimidated by the authorities, so they will create messages claiming to be from the FBI or local law enforcement. They will then declare that you have done something wrong and that there is a fine. Messages like this use fear against you, so be careful not to fall into the trap.
  • Spear phishing tactics: These are tactics in which hackers will target specific users and tailor their attacks to the individual. Details to look for could include customized phone numbers, addresses, and personal information regarding their schedule or workplace. Since the attacks don’t look like generic spam, they can fool users.
  • Whaling schemes: These are top-tier social engineering threats that almost don’t classify as spam due to how dangerous they are. Whaling schemes, or CEO fraud, is when a hacker impersonates the business owner in an attempt to get financial departments to wire transfer funds to offshore bank accounts. Look for inconsistencies with email addresses, or simply ask the one who has sent the message, if it’s a real request or not.

Many of the above email threats can be mitigated with an enterprise-level spam blocking solution. Spam blocking keeps suspicious messages from hitting your inbox in the first place, which increases the chances that your employees won’t see them at all. However, there are still some that might manage to squeeze past filters. Therefore, the only real way to prevent these problems is by taking proactive security measures.

To learn more about cybersecurity, reach out to JDL Group at 1-(844) 493-0015.

There’s no question that cybersecurity is an important part of managing a business, especially with so much technology in your office. Yet, the real challenge comes from making sure that your employees know and understand best practices, and are willing to adhere to them. Here are some easy ways that you can help your employees understand just how important IT security really is.

Change Passwords Frequently

Password security is a big problem for both the commercial and domestic computer user. Too often you see stories about users having passwords like “password” or “123456.” To help your team avoid this, create a handout that has the following best practices on it:

  • Make your passwords long (at least 16 characters). The longer, the better, as this makes the passwords more difficult to guess.
  • Make your passwords complex. Use a plethora of special characters, numbers, and both upper and lower-case letters.
  • Never use the same password twice. When a hacker steals a password, they may try to use it on other related accounts.

Of course, a password manager makes these tips much easier to accomplish; particularly one that allows you to share passwords across your organization’s network. You can group together users and distribute credentials as they’re needed, synced in real time to their devices. As a bonus, you can use complex passwords without the frustrations of forgetting and remembering them.

Watch Out for Spam

Hackers will often spread spam in the hopes that someone will slip up and offer important credentials or personally-identifiable information via email or phone call. We’ve outlined a couple of common spam situations below, so that you know what to look for:

  • A big congratulations: If you get an email saying that you’ve won the lottery or a big winner who needs to claim the prize, you can disregard it as spam. In general, if something is urging for immediate action, you might want to think twice about what it is.
  • Fake law enforcement threats: Hackers know that people are intimidated by the authorities, so they will create messages claiming to be from the FBI or local law enforcement. They will then declare that you have done something wrong and that there is a fine. Messages like this use fear against you, so be careful not to fall into the trap.
  • Spear phishing tactics: These are tactics in which hackers will target specific users and tailor their attacks to the individual. Details to look for could include customized phone numbers, addresses, and personal information regarding their schedule or workplace. Since the attacks don’t look like generic spam, they can fool users.
  • Whaling schemes: These are top-tier social engineering threats that almost don’t classify as spam due to how dangerous they are. Whaling schemes, or CEO fraud, is when a hacker impersonates the business owner in an attempt to get financial departments to wire transfer funds to offshore bank accounts. Look for inconsistencies with email addresses, or simply ask the one who has sent the message, if it’s a real request or not.

Many of the above email threats can be mitigated with an enterprise-level spam blocking solution. Spam blocking keeps suspicious messages from hitting your inbox in the first place, which increases the chances that your employees won’t see them at all. However, there are still some that might manage to squeeze past filters. Therefore, the only real way to prevent these problems is by taking proactive security measures.

To learn more about cybersecurity, reach out to JDL Group at 1-(844) 493-0015.

3 Compelling Reasons Why Your Business Should Move to the Cloud

Businesses are turning to the cloud because it’s designed to make operations easier and save them money. In light of these benefits, organizations that have yet to move to the cloud may be missing out on some serious advantages by continuing to do IT the hard way. If you’re still unsure about the cloud, then consider how these three features of cloud computing can change how you do business.

The Cloud Takes the Burden Off of Running an In-House Network

A business that hosts their data and IT infrastructure in-house is in charge of overseeing every aspect of maintaining their network. This includes everything from putting out fires when things go wrong to procuring new equipment. For many organizations, what makes this responsibility challenging is the obvious fact that they’re not an IT company. However, by owning all of this equipment an organization essentially has to take on some very technical responsibilities requiring professional knowledge.

The advantage of hosting your data and applications in the cloud is that you’re essentially outsourcing this responsibility to a cloud provider whose sole job is to oversee and protect your data. This frees up resources to better invest in your business goals, and gives you peace of mind that your data is being handled by professionals so that nothing is being overlooked.

Cloud Offers Flexibility

Today’s business environment makes accessing your work while on the go practically a necessity, and hosting your data can prove to be a complex endeavor when sharing files and information internationally. ITProPortal explains, “Global expansion has increased the need for international data centers, especially as security and privacy concerns lead to strict regulations that vary from country to country… Cloud computing with an established cloud partner with physical data centers across multiple geographies means your data can ‘live’ in just about any jurisdiction, and mitigates this problem.”

Plus, providing your workforce with anytime, anywhere access to their important files along with the ability to collaborate on projects in real-time is a huge bonus that will boost the productivity efforts of your business.

The Cloud is Secure

In the early years of cloud computing, one of the loudest arguments against the cloud was that it couldn’t be trusted because you’re essentially handing over sensitive data to a third party provider with unproven security protocols. However, with the rise of cloud computing in recent years, the public cloud option has undergone security upgrades by leaps and bounds and the data centers hosting your data have vast resources to commit to the security of your data–resources that organizations lack. Therefore, today’s cloud options give users the security they need without having to sacrifice flexibility.

When all three of these features are considered, going with the cloud allows businesses to do much more for less. This allows organizations to better distribute their resources toward profit-making initiates, while enjoying the benefits of a professionally maintained IT infrastructure, without having to pay for an in-house IT staff.

Contact Us

To get started with cloud computing for your business, call JDL Group at 1-(844) 493-0015.

Businesses are turning to the cloud because it’s designed to make operations easier and save them money. In light of these benefits, organizations that have yet to move to the cloud may be missing out on some serious advantages by continuing to do IT the hard way. If you’re still unsure about the cloud, then consider how these three features of cloud computing can change how you do business.

The Cloud Takes the Burden Off of Running an In-House Network

A business that hosts their data and IT infrastructure in-house is in charge of overseeing every aspect of maintaining their network. This includes everything from putting out fires when things go wrong to procuring new equipment. For many organizations, what makes this responsibility challenging is the obvious fact that they’re not an IT company. However, by owning all of this equipment an organization essentially has to take on some very technical responsibilities requiring professional knowledge.

The advantage of hosting your data and applications in the cloud is that you’re essentially outsourcing this responsibility to a cloud provider whose sole job is to oversee and protect your data. This frees up resources to better invest in your business goals, and gives you peace of mind that your data is being handled by professionals so that nothing is being overlooked.

Cloud Offers Flexibility

Today’s business environment makes accessing your work while on the go practically a necessity, and hosting your data can prove to be a complex endeavor when sharing files and information internationally. ITProPortal explains, “Global expansion has increased the need for international data centers, especially as security and privacy concerns lead to strict regulations that vary from country to country… Cloud computing with an established cloud partner with physical data centers across multiple geographies means your data can ‘live’ in just about any jurisdiction, and mitigates this problem.”

Plus, providing your workforce with anytime, anywhere access to their important files along with the ability to collaborate on projects in real-time is a huge bonus that will boost the productivity efforts of your business.

The Cloud is Secure

In the early years of cloud computing, one of the loudest arguments against the cloud was that it couldn’t be trusted because you’re essentially handing over sensitive data to a third party provider with unproven security protocols. However, with the rise of cloud computing in recent years, the public cloud option has undergone security upgrades by leaps and bounds and the data centers hosting your data have vast resources to commit to the security of your data–resources that organizations lack. Therefore, today’s cloud options give users the security they need without having to sacrifice flexibility.

When all three of these features are considered, going with the cloud allows businesses to do much more for less. This allows organizations to better distribute their resources toward profit-making initiates, while enjoying the benefits of a professionally maintained IT infrastructure, without having to pay for an in-house IT staff.

Contact Us

To get started with cloud computing for your business, call JDL Group at 1-(844) 493-0015.