Cyber Security & Big Data Analytics

Cyber Security & Big Data Analytics

I recently attended a symposium on “New Strategies for Encryption and Protection against Data Breaches”. The keynote speaker was: Steve Lutinski, Director, Cyber Security Services, Verizon Enterprise Solutions. Steve introduced Verizon’s DBIR Report (Data Breach Investigation Report) for 2017. You may view it here: https://www.verizonenterprise.com/verizon-insights-lab/dbir/.

Some of the points that were brought out by Steve were based on mid to large size companies but the same points remain for all size businesses.

  • It takes 208 days for a company to discover a data breach.
  • 82% of bad actors (data hackers) hack in in minutes.

The three most vulnerable areas according to the report are:

  • Education

Who – 71% External Hackers (data mining)

What – 56% Personal

Why – 45% Money (Intellectual Property)

How – 67% Breaches

 

  • Health Care

Who – 32% *External Hackers

What – 69% Medical Records

Why – 64% Financial

How – 81% Breaches

*Most breaches are from internal people – 68%

 

  • Public Sector

Ransom Wear Attacks Are #1 among All Industries

2015 – 1000 Attacks

2017 – 8000+ Attacks

26% of all Security Incidents Were DOS Attacks

 

Human error is still the number one cause for hackers breaching web sites, mail servers and data bases. Verizon is going to be pushing two step verification for every level.

Google and Google Chrome is going to start to block http in the next several months. Certificates for https will be mandatory in order to be found in the Google searches.

EU Compliance Evolves. General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU. This will effect American companies within the next 100 days.

Verizon is recommending that when possible even in local communities, IT personnel should, PREPARE – be PROACTIVE – PARTNER with fellow companies and professionals.

Jim Mahlmann

COO

NetCetra LLC

What Do You Know About Your Domain Name?

A company’s domain name remains one of the major unseen issues facing a lot of businesses on line. I am still amazed how many businesses are not truly in control of their domain names. They think that they are because their web site comes up and that they see the domain they picked a few years ago. But who actually owns the domain name and who gets emailed when it is time to be renewed? This is such a big problem that it has actually developed into a cottage industry. The most common issue happens when the web designer is given permission to register the domain name. Most businesses do not understand it, don’t want to understand it and just let the designer handle it. Most of the time, they get it right but not all the time. The more inexperienced designers put their own information in the registration and figure they will change it after they finish designing the site or do not even know how to do it correctly. So, the site is completed and it is up and running. A few years later it goes down because the email address associated with the site is not businesses and but the designer, who either is not in business anymore, changed their email address or does not respond to that email address. It happens all the time.
The owner of a domain name should have:
• The name of the registrant company it was registered with
• A user and password to get into the control panel of that company
The minimum a business should have is a current breakout of the “Whois” information. This information shows:
• The Registering Company
• When it was purchased
• When it expires
• The Registrant (owner of the domain)
• The Administrative Contact (controller of the domain name, 1st. level)
• The Technical Contact (controller of the domain name, 2nd. Level)
• Domain Name Servers Addresses (Where the site is hosted)
The contact information should have current addresses, phone numbers and email addresses. Most registrations companies send out “review info” notices every two years. This is where the problem generally occurs. When it is wrong, that is when email notifications, for review and 45 days before domain name expirations, are sent out. If they are not responded to in a timely manner they are then picked up by companies that will sell it back to you at very high rates. Generally this happens when the site goes down and the business cannot figure out who has control of the domain name. Again, this is a common problem.
The best way to avoid this situation is to be involved in the sign up of your domain name. If you already have a domain name then go to internic.com and go to their link, “whois” and look up your domain name. It will give you the name of the registering company. Go to registering company and go to their web site “whois”. At that point, if you do not agreed results, call that company’s support phone number. They will walk you through the procedure to reclaim your domain name. Do not wait till your site goes down. Also, make sure to privatize your domain name in the “whois” so you are not overwhelmed with sales calls and emails.
NetCetra is a little different than most web design, hosting and marketing companies. We handle domain registration through Open SRS. So, we control the entire process. Our clients can contact us to fix any issue with their domain name.
All this information is very helpful when companies receive fake notices that their domain name is expiring and they include an invoice which is a total fraud.
Know Your Domain Name
Jim Mahlmann
COO
NetCetra LLC

The Current State of Web Sites

Interestingly enough, in the 24 years that I have been designing web sites as well as marketing and hosting them, they have gone through many changes. The one aspect that has not really changed in all this time is the complexity in designing a web site. We see the ads for ways to  build a site in less than one hour. Yes, you can do this but the problem is twofold. Let’s say that you want to leave your hosting company that you created it on, good luck moving it. These sites are created using WYSIWYG, “What You See Is What You Get”. This is not clean programming. It is literally thrown together by a software program with the only logic being that everything will end up where you want it when you first create it. This makes it very difficult to make major changes or transfer it to another server. Also, if you want to add internet marketing to the site for visibility on searches, it is extremely difficult. A professional programmer knows how to set up a web site so a marketing person can develop a marketing campaign with site changes and modifications on a regular basis. Automated site development can not accomplish this.

This leads to another issue that is occurring quite a bit with web design. Years ago, one person could create a web site and add it to a server for hosting and register a domain name. It is no longer that easy to do. Web sites that represent a brand new business web site, domain name and hosting can accomplish this fairly easy. But, the problem with this process occurs when the business owner tries to expand the web site with professional email addresses, a data base or wants better customer support. You are now limited if you do not have a team of professionals behind you.

One of the biggest problems that we face at NetCetra is the client that uses an inexperienced web designer, who is trying to do everything himself. Saves the client money up front but then pays for it with the additional outside support and time it requires to get the project completed. Our favorite is the designer who is creating a new site for one of our hosting clients and convinces them to move the site to the hosting company they are working with. Our support team generally gets an email asking us to change where the domain name is pointing to from our servers to the new hosting company. The problem with this is, the owner of the domain name has control over that. Our support team tells them that and they don’t understand why we cannot do it. Then, the support team asks them where they are putting the email address information. Again, lots of confusion and eventually they generally say that there is no problem. They are going to start all over again. That’s fine if the client is not storing messages and contacts on our mail server.

The bottom line regarding web site design, hosting and marketing is if you want it done correctly, you will really need a team of professionals to do correctly the first time. Web sites are constantly expanding for even the smallest client. Google adds requirements all the time i.e.; responsive web sites and secure web sites. You must comply with these rules if you want Google to keep you visible to prospective customers.

Net Neutrality – Will it Cost Us More on the Internet?

Net Neutrality is about to change. Under the Obama administration, Net Neutrality meant that everyone delivered data at the same rate of speed. Now making companies like Verizon, Comcast and AT&T “common carriers”, they will be able to throttle the speed of any site that want to. Companies like Netflix and Amazon Prime would be slowed down on streaming video delivery unless they pay a higher fee.  Like every other additional charge, it would be passed on to us.

According to Wired, “AT&T and Verizon used data limits for anticompetitive purposes, effectively ruling that the two companies could exempt their own video services from customers’ data caps but still charge for data used by their competitors’ services.”

The internet is the golden goose that has not truly helped the feds as much as they wanted. This could increase taxes to the fed once service providers are called “common carriers”. The fed would tax the additional service through the FCC like our phones for additional fees. An example of this for my firm is Vimeo. Right now we pay around $400.00 per year to stream client content. This ruling would likely double the fee and add new levels to subscription fees. Not everyone likes the commercial aspect of YouTube and prefers the control Vimeo gives them. It will cost more to keep this standard. How much more will you have to pay for that Netflix movie?

These changes could happen as early as next year. So be ready to pay more.

 

Jim Mahlmann

COO, NetCetra LLC

National Cyber Security Awareness Month

Based on our support logs from clients regarding their email and web site access support requests, every month should be Nation Cyber Security Awareness Month. Some folks still don’t understand that you cannot use simple passwords anymore. Most good programs will not allow you to do that. They are now asking you to include upper case as well as lower case letters, numbers and symbols.

Here are some quick tips:

  • Use a password generator – There are very good free programs that will add good passwords and store them for you
  • Change your password regularly – Many programs are now requiring this. Another good reason to getting a password program.
  • Do not Keep Using the same few passwords
  • Do not write passwords down in a file
  • Do not let browsers keep your passwords – This is a very easy hack for experienced tech people
  • Be very careful with secret questions – Do not pick easy questions then you are asking for trouble.
  • Do not use public terminals – a major mistake this where spying is always happening
  • Always shut your browsers when left idle. Shut down your PC when not active.

This may seem like an inconvenience but avoiding that first major hack is pretty important and can be very costly.

Jim Mahlmann

NetCetra LLC

Should a Small Business Have Cyber Insurance?

I am asked this question almost every week. It is really small business data breach insurance. All the publicity regarding hacked servers in the news media has spooked a lot of people. It seems just about everyone in this day and age uses the internet to promote their business and or products and services. That alone will not require any insurance. But if you are collecting client information and storing it on a PC or server in your office that has a vulnerability issues written all over it.

You might think that most data breaches are caused by hackers or malicious attacks. But more than half of data breaches are caused by system glitches and human error.

  • An employee mistakenly sends a batch of personnel files to the wrong email address.
  • A credit card company calls to inform you that credit cards used at your business were compromised through your point of sale system.
  • While on business travel you lose your cell phone, which has sensitive customer information stored in your email’s Inbox.

Data that is maintained in a cloud environment is somewhat safer. You are relying on that vendor to have the correct security. Once again, this should not be taken for grant it. You should be discussing the software you have or are about to invest in with an internet specialist or your IT professional.

Here are some of issues that you must consider if a breach occurs:

  • Breach notification to customers
  • Credit card monitoring services
  • Costs to retain a public relations consultant to help restore your reputation
  • Consulting and forensic fees to identify and resolve the cause of a data breach
  • Defense and settlement costs if you are sued for alleged failure to prevent unauthorized access to, or use of, personal information

You can probably get a get an “add on” to your business liability policy that will cover the above actions.

So my answer to the questions regarding a small business needing Cyber Insurance is most likely “yes” if you fit into the above description. If you are having a vendor handle one of these areas for you, I would discuss their plan of action for stopping problems and if a breach does happen what is their response.

It is only going to get more complicated and your business is going to more involved with data type tools and software.

Jim Mahlmann

COO

NetCetra LLC

The Dark Side of the Internet

I was amazed how many people never heard of the dark side of the internet when asked by a State of NJ Security officer at a recent seminar for small businesses on internet security. Going there is not advised but being aware of it and what it is is imperative. It is interesting to hear what people say or think when you mention this area of the internet. It is not dark but it is pretty scary to see what can be purchased and done there. I am especially talking to parents with kids in high school and beyond. The danger does not seem to disturb them the same way, so surfing around seems OK to them.

All it requires to get there is to go to torproject.org.  It looks innocent enough. According to the home page everyone uses it. It was started by our government a few years ago to help people in suppressed countries view what the rest of the world saw on the internet. The problem is it not only hides those people but it hides terrorists, drug dealers, gun smugglers and pedophiles to name a few. Buying ransom wear to attack some business is a snap. Buy it there for $3 or 4 and you can even get someone, for part of the proceeds, who will set up the product to try and infest whoever you are after. They even have a rating system for every different malware that is offered. Comments about how good the software is, with rating system.

Would like to know where to buy a semiautomatic weapon? Not a problem. How about a great deal on legal and or illegal drugs. Paying too much for a prescription? They have the deals. They showed us one site that sold pot and guns. The main reason they cannot bust these sites very easily is the fact that they are up and then gone in a few days. Shipping is never a problem. Everything is shipped by the regulars like; UPS, Fed Ex and US Mail. Things are just packed in regular consumer boxes. Maybe a few boxes of laundry detergent that contain a broken down weapon are delivered to a person’s door.

We saw one search engine result that had 234 pedophile web sites available.

Dark, no, Scary, yes.

One thing that people use who go on this level of the internet is a flash drive with the programming and bit coin wallet on it. This way it is plugged in and no one knows you are using it. Nothing visible on your computer and they showed us a variety of flash drives that did not look like flash drives. One looked like a chap stick.

The US government started it and continues to support it as well as other countries and individuals. Be alert.

You Tube Is It for Your Business

I get this question asked quite a bit. The answer to this question has changed over the years. I use to say that it depended on the type of business. Now I cannot think of any business that would not prosper from using a You Tube channel to increase their visibility. You Tube, which is owned by Google, is the second most active search engine after Google’s search. People like the stickiness of videos. Now that mobile is taking over the internet presence of most users, videos make perfect sense. A lot folks would rather view something then read it.

So what does the average business have to offer in a video? Meeting the owner is a good start. Testimonials are always great. One of my client, Joel Braun Construction, used his smart phone to show the before and after of a bathroom reconstruction and then interviewed the owner. He captured all the important aspects in three minutes. Added the video to Facebook as well as his You Tube channel and web site. We made sure to add some descriptive keywords to You Tube’s description.

Another client of ours, Lang Smoker Cookers, has been very successful using video. I was at his farm in Georgia when I mentioned to him that we had several request regarding starting a fire in the Lang Smoker Cooker. Ben Lang added wood to a smoker; I pulled out my smartphone and videotaped him starting a fire. I added it to his new You Tube channel and imbedded it in his site and newsletter. Within 3 months we had over 60,000 views. We realized that we had hit on a great way to stay in front of both prospective and current clients. We then added channels for user testimonials, tips and cooking school. In the three years, that we have been using these channels, we have had over 1.5 million views.

The point is that anyone can do the same thing using a smart phone or doing something a little more professional with a videotographer. Think about your clients or someone you would like to have as a client. Talk to them on the video as if they were there

The last point I will add is, if you have a business that can offer tips on how to fix or install something, these are great.  I used this type of video to fix my storm door to learning how to add a chart to Excel.

Very Powerful Suff.

Big Data

Here it comes and you don’t even know what it is or what it is doing to you and your internet habits. Big Data is the culmination of all your movements on the internet. Congress gave companies permission to track and sell this information to any customer that can afford it both in price and volume. It allowed UPS to figure out the best route to take with their trucks to reach your house or office. It lets Dell Computers decide what you, the consumer, wants.

One of the programs that came out of this is called Programmatic Buying. It allows brands to use audience insights and technology to tailor messages to the right person, at the right moment, in the right context. It helps brands respond to real-time signals on an impression-by-impression basis across screens and across channels. For example, if a mom’s online shopping gets interrupted with errands, programmatic buying can help the retailer she was visiting reach the mom on her smartphone as she shifts to shopping on-the-go. That’s just one of an unlimited number of scenarios brands can use to engage audiences with programmatic buying. Does this sound familiar? It is sometimes called “remarketing”. You may have looked on an ecommerce site at a product and all of a sudden after you left, it seems to be following you on ever commercial site you visit.

It is now being formulated for the smaller merchant. Companies like Double Click, owned by Google, will be leading the technology. They feel today’s consumer is connected, interested and engaged. Think about all the people that sit there and stare at their smart phone. That is the market.

Example: Nike’s Phenomenal Shot pushed the boundaries of real-time advertising to capture the energy and excitement of the World Cup. Within seconds of a memorable match, or shot, Nike delivered immersive 3D display ads across sites and apps in 15 countries. Fans were then able to interact with these moments, making them their own, and share them on social networks. Real-time buying made it possible for Nike to deliver a beautiful, mobile-rich media experience with over 2 million engagements.

Like it or not, if you are a businessman who sells a product or service and wants to engage the younger generations, you better start studying or get someone that can guide you through it.

Jim Mahlmann

COO

NetCetra LLC

Your Secured Web Site Will Be a Google Rule

Generally when you shop on line, you will notice that the web address uses a SSL certificate. You will see a lock before the address that shows something like https://www.shoponline.com. What does this actually do for you and the web site? It protects where you go and what you do on that web site. The main reason for it on eCommerce sites is to protect your credit card and billing information.

Recently, congress has decided to allow vendors to sell your surfing patterns and demographics. This is called “big data” and it is very important information for larger companies. Big data allows business to figure out what you do online and how to sell you products and services and other things by tracking you on the internet. Google has responded to this ruling by making a ruling of their own. As we all know, once Google determined that the majority of people viewing the internet were using smart phones, they then required web sites to be responsive to all size screens in order to be found in their search. Now they have announced that in the next several months that they are going to require web site owners to use a SSL to secure their site to protect their visitors. They said that when the policy goes into effect, if a web site is not secure, they will not show up in the Google search.

This means that when you have the SSL or https added to your web site, the person going to your web site cannot be tracked at all and all cookies are blocked in your site.

This is a major rule change by Google like the responsive web site to make your internet surfing a better and safer experience. The bottom line is, if you own a web site and need to be found in the Google search engine, which represents 75% of all searches, then you going to need a SSL certificate. They can be purchased yearly or up to three years from your hosting company. They vary in price BUT do not settle for a free one. These are not valid. If you have a C name domain, i.e.: shop.mydomain.com as well as a regular site with that domain name then purchase a wild card certificate. It will cover all web sites that use your main domain name.

JIm Mahlmann

COO

NetCetra LLC