Google+ August 2019 ~ High Tech House Calls
Expert Computer Consulting for Homes and Small Businesses

Let there be hope...

Life has changed there is no doubt and we wanted to reach out to see how you are doing.

As we go through this interesting time, we are trying to look at this as an opportunity to focus on our family and on friends like you. Let us use this extra time to catch up and talk more. Let us cook food that is not fast, but interesting and satisfying. Let us learn to enjoy a time to try new things. Let us find ways to enjoy time at home!

Computer Security

If my client base is any experience, anyone can be a victim of a Ransomware, Malware or Virus attack.

What can you do about it?

I conduct audits of your entire computer infrastructure and apply best practice solutions to plug the security holes on your computers, Smartphones and networks.

Now offering consultations to give you the best protection possible:


404.229.0839
carlthorne@hthcatlanta.com

Jack of All Trades, Master of Many

Jack of All Trades, and Master of Many

We provide technical support for:


Homes and small businesses

Windows and the Mac OS platform

iPhones and Android Smartphones

Wireless and wired networks

New device setup

Old device upgrade or repair

One-on-one training

Remote assistance


How To Stop Malware

Monday, August 12, 2019

A Quick and Dirty Guide to RAM: What You Need to Know by Gavin Phillips

RAM is the short-term memory of your computer. It’s where your computer keeps track of the programs and data you’re using right now. You probably already know that more RAM is better, but maybe you’re looking to install more RAM now.
Shopping for RAM can be confusing, though. What’s the difference between DDR3 and DDR4? DIMM and SO-DIMM? Is there a difference between DRR3-1600 and PC3-12800? Is RAM latency and timing important?
Read on for explanations on the different kinds of RAM, how to read RAM specifications, and exactly how RAM works.

What Is RAM?

RAM stands for Random Access Memory. It acts as a middle ground between the small, super-fast cache in your CPU and the large, super-slow storage of your hard drive or solid-state drive (SSD). Your system uses RAM to store working parts of the operating system temporarily, and the data your applications are using actively. RAM is not a form of permanent storage.
Think of your computer as an office. The hard drive is the filing cabinet in the corner. The RAM is like an entire office workstation, while the CPU cache is like the actual working area where you actively work on a document.
The more RAM you have, the more things you can have quick access to at any one time. Just as having a bigger desk can hold more bits of paper on it without becoming messy and unwieldy (as well as requiring more trips back to the filing cabinet to reorganize).
Unlike an office desk, however, RAM cannot act as permanent storage. The contents of your system RAM are lost as soon as you turn the power off. Losing power is like wiping your desk clean of every document.

RAM Usually Means SDRAM

When people talk about RAM, they’re usually talking about Synchronous Dynamic RAM (SDRAM). SDRAM is what this article discusses, too. For most desktops and laptops, RAM appears as a stick that you can insert in the motherboard.
Unfortunately, there is a rising trend for super thin and light laptops to have the RAM soldered to the motherboard directly in the interest of saving space. However, this sacrifices upgradability and repairability.
Do not confuse SDRAM with SRAM, which stands for Static RAM. Static RAM is the memory used for CPU caches, among other things. It is much faster but also limited in its capacity, making it unsuitable as a replacement for SDRAM. It is highly unlikely you will encounter SRAM in general usage, so it is not something you should worry about.

The Form Factors of RAM

For the most part, RAM comes in two sizes: DIMM (Dual In-Line Memory Module), which is found in desktops and servers, and SO-DIMM (Small Outline DIMM), which is found in laptops and other small form factor computers.
dimm-sodimm
Though the two RAM form factors use the same technology and functionally work in exactly the same way, you cannot mix them. You can’t just jam a DIMM stick into a SO-DIMM slot, and vice versa (the pins and slots don’t line up!).
When you are buying RAM, the first thing to figure out is its form factor. Nothing else matters if the stick won’t fit!

What Does DDR Mean?

The RAM you use in your computer operates using Double Data Rate (DDR). DDR RAM means that two transfers happen per clock cycle. Newer types of RAM are updated versions of the same technology, hence why RAM modules carry the label of DDR, DDR2, DDR3, and so on.
While all RAM generations are exactly the same physical size and shape, they still aren’t compatible. You cannot use DDR3 RAM in a motherboard that only supports DDR2. Likewise, DDR3 doesn’t fit in a DDR4 slot. To stop any confusion, each RAM generation has a notch cut in the pins at different locations. That means you cannot accidentally mix your RAM modules up or damage your motherboard, even if you buy the wrong type.
crucial-generations

DDR2

DDR2 is the oldest kind of RAM you’re likely to come across today. It has 240 pins (200 for SO-DIMM). DDR2 has been well and truly superseded, but you can still buy it in limited quantities to upgrade older machines. Otherwise, DDR2 is obsolete.

DDR3

DDR3 was released way back in 2007. Although it was officially superseded by DDR4 in 2014, you will still find a lot of systems using the older RAM standard. Why? Because it wasn’t until 2016 (two years after DDR4 launched) that DDR4 capable systems really picked up steam. Furthermore, DDR3 RAM covers a huge range of CPU generations, stretching from Intel’s LGA1366 socket through to LGA1151, as well as AMD’s AM3/AM3+ and FM1/2/2+. (For Intel, that’s from the introduction of the Intel Core i7 line in 2008 through to 7th generation Kaby Lake!)
DDR3 RAM has the same number of pins as DDR2. However, it runs a lower voltage and has higher timings (more on RAM timings in a moment), so aren’t compatible. Also, DDR3 SO-DIMMs have 204 pins versus DDR2’s 200 pins.

DDR4

DDR4 hit the market in 2014, yet still hasn’t taken complete control of the RAM market. A prolonged period of exceptionally high RAM prices put a pause on many people upgrading. But as prices decrease, more people make the switch, especially as the latest AMD and Intel CPU generations all use DDR4 RAM exclusively. That means if you want to upgrade to a more powerful CPU, you need a new motherboard and new RAM, too.
DDR4 drops the RAM voltage even further, from 1.5V to 1.2V, while increasing the number of pins to 288.

DDR5

DDR5 is set to hit consumer markets in 2019. But given how long the proliferation of a new RAM generation usually takes, expect to hear more about it in 2020. RAM manufacturer, SK Hynix, expect DDR5 to make up 25% of the market in 2020, and 44% in 2021.
DDR5 will continue with a 288-pin design, although the RAM voltage will drop to 1.1V. DDR5 RAM performance is expected to double the fastest standard of the previous DDR4 generation. For example, SK Hynix revealed the technical details of a DDR5-6400 RAM module, the fastest possible allowed under the DDR5 standard.
But, as with any new computer hardware, expect an extremely high price at launch. Also, if you’re considering buying a new motherboarddon’t focus on DDR5. It isn’t available yet, and despite what SK Hynix says, it will take Intel and AMD a while to prepare
5 Reasons Why You Should Upgrade Your PC Motherboard 5 Reasons Why You Should Upgrade Your PC MotherboardNot sure when you should upgrade your motherboard? Here are a few guidelines to help you out.READ MORE

RAM Jargon: Speed, Latency, Timing, and More

You’ve wrapped your head around SDRAM, DIMMs, and DDR generations. But what about the other long strings of numbers in the RAM model? What do they mean? What is RAM measured in? And what about ECC and Swap? Here are the other RAM specification terms you need to know.

Clock Speed, Transfers, Bandwidth

You may have seen RAM referred to by two sets of numbers, like DDR3-1600 and PC3-12800. These both reference and allude to the generation of the RAM and its transfer speed. The number after DDR/PC and before the hyphen refers to the generation: DDR2 is PC2, DDR3 is PC3, DDR4 is PC4.
The number paired after DDR refers to the number of megatransfers per second (MT/s). For example, DDR3-1600 RAM operates at 1,600MT/s. The DDR5-6400 RAM mentioned above will operate at 6,400MT/s—much faster! The number paired after PC refers to the theoretical bandwidth in megabytes per second. For example, PC3-12800 operates at 12,800MB/s.
It is possible to overclock RAM, just like you can overclock a CPU or graphics card. Overclocking increases the RAM’s bandwidth. Manufacturers sometimes sell pre-overclocked RAM, but you can overclock it yourself. Just make sure your motherboard supports the higher RAM clock speed!
You might be wondering if you can mix RAM modules of different clock speeds. The answer is that yes, you can, but they’ll all run at the clock speed of the slowest module. If you want to use faster RAM, don’t mix it with your older, slower modules. You can, in theory, mix RAM brands, but it isn’t advisable. You run a greater chance of encountering a blue screen of death or other random crashes when you mix RAM brands or different RAM clock speeds.

Timing and Latency

You will sometimes see RAM modules with a series of numbers, like 9-10-9-27. These numbers are referred to as timings. A RAM timing is a measurement of the performance of the RAM module in nanoseconds. The lower the numbers, the quicker the RAM reacts to requests.
The first number (9, in the example) is the CAS latency. The CAS latency refers to the number of clock cycles it takes for data requested by the memory controller to become available to a data pin.
You might notice that DDR3 RAM generally has higher timing numbers than DDR2, and DDR4 generally has higher timing numbers than DDR3. Yet, DDR4 is faster than DDR3, which is faster than DDR2. Weird, right?
8gb ddr4 2133 ram crucial
We can explain this using DDR3 and DDR4 as examples.
The lowest speed DDR3 RAM runs is 533MHz, which means a clock cycle of 1/533000000, or 1.87 ns. With a CAS latency of 7 cycles, total latency is 1.87 x 7 = 13.09 ns. (“ns” stands for nanoseconds.)
Whereas the lowest speed DDR4 RAM runs at is 800MHz, which means a clock cycle of 1/800000000, or 1.25 ns. Even if it has a higher CAS of 9 cycles, total latency is 1.25 x 9 = 11.25 ns. That’s why it’s faster!
For most people, capacity trumps clock speed and latency every time. You will get much more benefit from 16GB of DDR4-1600 RAM than you get from 8GB of DDR4-2400 RAM. In most cases, timing and latency are the last points of consideration.

ECC

Error Correcting Code (ECC) RAM is a special kind of memory module that aims to detect and correct data corruption. ECC ram is used in servers where errors in mission-critical data could be disastrous. For example, personal or financial information stored in RAM while manipulating a linked database.
Consumer motherboards and processors don’t usually support ECC-compatible RAM. Unless you are building a server that specifically requires ECC RAM, you should stay away from it.

How Much RAM Do You Need?

Long past are the days where “640K ought to be enough for anybody.” In a world where smartphones regularly ship with 4GB RAM or more, and browsers like Google Chrome play fast and loose with their memory allocations, RAM frugality is a thing of the past. The average amount of installed RAM is increasing across all hardware types, too.
pitstop research average ram use
For most people, 4GB is the bare minimum amount of RAM you need for a general usage computer. Operating systems have different specifications, too. For instance, you can run Windows 10 on just 1GB RAM, but you will find your user experience sluggish. Conversely, numerous Linux distributions work extremely well with smaller amounts of RAM.
The 8 Smallest Linux Distros That Are Lightweight and Need Almost No Space The 8 Smallest Linux Distros That Are Lightweight and Need Almost No SpaceStrapped for hard disk space? Install one of these small and lightweight Linux distros to make your PC usable again.READ MORE
If you find yourself with six Word documents open at any one time, can’t bring yourself to close those 60 tabs in Google Chrome, you will probably want at least 8GB RAM. The same goes if you want to use a virtual machine.
16GB RAM should exceed the needs of most. But if you keep utilities running in the background, with a mountain of browser tabs and everything else, you’ll appreciate the extra RAM capacity. Very few people need 32GB RAM, but as they say, more is more.
These Upgrades Will Improve Your PC Performance the Most! These Upgrades Will Improve Your PC Performance the Most!Need a faster computer but aren't sure what you should upgrade on your PC? Follow our PC upgrade checker to find out.READ MORE

Understanding Everything About RAM

You now know the difference between DDR2, DDR3, and DDR4 RAM. You can tell a DIMM from a SO-DIMM, and you know how to spot RAM with faster transfer rates and higher bandwidth. At this point, you’re essentially a RAM expert, so it shouldn’t feel overwhelming next time you attempt to buy more RAM or an entirely new system.
Really, if you have the correct form factor and the corresponding RAM generation, you cannot go wrong. Timing and latency do play a role, but capacity is king. And when in doubt, more RAM is better than faster RAM.

The biggest security breaches of 2019, so far By Janet Perez, Komando.com

If you thought the number of data breaches was bad last year, 2019 is looking to be so much worse -- think Capital One. So far this year, billions of consumers' accounts have been breached either through hackers or plain carelessness.
But it's important to remember that when it comes to data breaches the number of accounts hacked doesn't always matter. One breach could affect millions but the data is fairly generic, while a smaller breach could contain highly sensitive information.
This year, major data breaches have hit medical companies, retailers, social media, and banking and financial firms. We've compiled the following list of major and dangerous breaches, plus we have tips on how to protect yourself if your information has been compromised.

Retailers hit by data breaches

Earl Enterprises
Earl Enterprises, the restaurant company that owns a number of national chains including Buca di Beppo, Planet Hollywood and Earl of Sandwich, suffered a data breach caused by malware being installed on its point-of-sale systems between May 23, 2018, and March 18, 2019.
The 10-month-long attack may have allowed hackers to steal the details of 2 million payment cards, which could include consumers' credit and debit card numbers, expiration dates and even cardholder names.
Other restaurants affected were Chicken Guy! in Florida, Mixology in Los Angeles, and Tequila Taqueria in Las Vegas. A cybersecurity company found that the 2 million stolen credit and debit numbers were sold on the dark web.
Toyota
Toyota announced in April that hackers had accessed the company's servers. It was declared that the stored sales information of 3.1 million Toyota and Lexus car owners was stolen.
Toyota did not know what information was stolen. However, company officials said customers' financial details were not stored on the hacked servers.

Familiar social media site continues data breach streak

Facebook
Facebook is the poster boy for social media data breaches. There have been a few this year, but the largest one was due to carelessness.
In April it was discovered that hundreds of millions of Facebook users' records were exposed publicly on Amazon servers by third-party app developers. Two separate Facebook app data sets were stored in their own Amazon S3 cloud server buckets, but both were configured to allow the files to be downloaded by anyone.
The bigger data set belongs to a Mexico-based media company. The massive 146 GB file contained information such as comments, likes, reactions, account names, and Facebook IDs.
The other data set is a backup from a now-defunct Facebook app called "At the Pool" and contains records of user IDs, friends, likes, interests, check-ins, groups and the unprotected plain-text Facebook passwords of 22,000 users.

Hackers zero in on banking, financial companies

Capital One
Capital One's servers were hacked, affecting over 100 million people in the U.S. Hackers took information on credit scores, credit card limits, balances, credit history, home addresses, and most alarming, Social Security and bank account numbers.
The number of customers whose Social Security and bank information was stolen stands at 220,000. Capital One said it began working with law enforcement as soon as the breach was detected.
The FBI has apprehended a person it believes is responsible for the hack, but the investigation is still ongoing.
Ascension
Data analytics firm Ascension exposed around 24 million financial and banking documents due to a misconfigured server. The database was not password protected, allowing anyone to view and access the treasure trove of information.
The leaked information included documents related to loan and mortgage records from a number of major banking institutions such as CitiFinancial, HSBC Life Insurance, Wells Fargo, Capital One and even the Department of Housing and Urban Development.
The leak also exposed names, addresses, birth dates, Social Security numbers, bank and checking account numbers, tax documents and more. The actual number of people affected remains unclear and it is not known if the information was accessed by hackers.
First American Financial
First American Financial, one of the nation's leading settlement and insurance providers, exposed 800 million recordscontaining sensitive data. But hackers weren't to blame for this breach.
A flaw in its database design made critical data visible to anyone using a web browser for more than two years. On its public-facing website, private mortgage information, tax records, and even Social Security and bank account numbers could be seen by anyone with an internet connection.
The data dated back nearly 16 years and required no username or password to view. And First American literally handed people access to the data.
The company regularly sends its users links to documents with each file labeled by number in the web address. If you ever received a document link from the company, all you would need to do to access another person's information would be to change the number in the URL.


One medical agency hacked, compromising three companies

American Medical Collection Agency (AMCA)
American Medical Collection Agency (AMCA) suffered a massive data breach that affected three of its major clients -- Quest Diagnostics, LabCorp and Clinical Pathology Laboratories (CPL).
An unauthorized user had access to AMCA's web payment system. The breach was not detected for eight months. The affected companies said lab results were not accessed.
The data of 11.9 million Quest, 2.2 million CPL and 7.7 million LabCorp patients were exposed. CPL said the names, addresses, phone numbers, dates of birth, dates of service, balance information and treatment provider information may have been stolen in the breach.
CPL added that the credit card or banking information of another 34,500 patients was compromised. The breach was limited to U.S. residents.
LabCorp said full names, dates of birth, addresses, phone numbers, dates of service, providers, balance information and in some cases, bank account and credit card information was exposed. AMCA notified 200,000 LabCorp customers whose financial data could have been accessed.
Data from Quest customers included banking information and credit card numbers, medical records and Social Security numbers. Because the breach went undetected for eight months it's unclear just how far-reaching this breach could be.
ZOLL Medical Corporation
ZOLL Medical Corporation said it learned of the breach on January 24 during a server migration. ZOLL uses a third-party to archive company emails and during the migration data from those emails were exposed.
Along with names, addresses, dates of birth and some limited medical information, the company said that in some cases consumers' Social Security numbers were also exposed. More than 277,000 people were affected by the breach.
ZOLL Medical Corporation develops and markets medical devices and software for emergency care.

Government breach re-victimized victims

FEMA
A report by the Department of Homeland Security's Office of Inspector General found that the Federal Emergency Management Agency (FEMA) shared sensitive information about 2,3 million disaster victims. The people had endured four major disasters, such as hurricanes Harvey, Irma, and Maria or major wildfires in California.
The breach affected people who used FEMA's Transitional Sheltering Assistance program. Names, addresses, partial Social Security numbers and banking information were shared with a private contractor managing the program.


Data company left database unprotected

Verifications IO
Verifications IO left more than 2 billion unencrypted records in an unprotected database. The information was broken into four separate collections.
The collections contained email addresses, last names, dates of birth, addresses, phone numbers, social media account details, credit scores, gender information and more.
Verifications IO approves or verifies email addresses for third-parties. Following the discovery of the breach, the company took down its website and domain name.
The company also removed the exposed records the same day the breach was discovered. So far there's no indication that any of the records were stolen.

Hackers build mystery databases on the dark web

Collection #1, Collection #2-5
If data is stolen from a breached database, you often can find it for sale on the numerous marketplaces that circulate on the dark web. Sometimes the data can be pinpointed to a specific breach, but every once in awhile hackers will create collections from a variety of breaches.
This brings us to the mother of all data breaches. "Collection #1" is a compilation of stolen credentials from a number of other data breaches dating back to 2008. Collection #1 has nearly three-quarters of a billion email accounts, more than 20 million passwords and about information from 2,000 leaked databases.
This 87GB collection contains 2 billion records. Not long after Collection #1 was found, four more were found -- "Collection #2," the 37GB "Collection #3," the 178GB "Collection #4," and the 42GB "Collection #5."
Collections #2-5 together are almost three times the size of Collection #1. That translates to about 25 billion records containing 2.2 billion unique usernames and passwords.
The dark web price tag for "access lifetime" to these collections is just $45.
No name database
In February, around 617 million account details stolen from 16 compromised websites ended up for sale on the dark web. The seller's asking price for the stolen data was less than $20,000 in Bitcoin.
The databases were spotted on an underground trading site called The Dream Market, and samples tested from the collection appear to be legitimate. The cache of data includes account holder names, email addresses, and passwords.
The passwords, however, are either hashed or one-way encrypted so they have to be cracked before they can be used. Another 127 million accounts were added to the original cache. These records came from eight compromised websites.

How to avoid and what to do if you're data is hacked

As you can see, databases are breached on a regular basis. Needless to say, if the information gets into the hands of scammers, it could lead to all kinds of malicious activity.
Here are some suggestion for protecting yourself if your data is stolen:
Beware of phishing scams - Scammers will try and piggyback on huge breaches like this. They will create phishing emails, pretending to be the affected company, hoping to get victims to click on malicious links that could lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
Keep an eye on your bank accounts - You should be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately.
Check your online accounts - Have I Been Pwned is an easy to use website with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
Get a credit freeze - If you think that your identity has already compromised, put a credit freeze on your accounts as soon as you can.
Have strong security software - Protecting your gadgets with strong security software is important. It's the best defense against digital threats.
Use different passwords - It is always a bad idea to use the same password for a variety of websites. If you use the same password on multiple sites, and one site is breached, it puts your accounts on other sites at a greater risk.
With hackers seemingly always one step ahead of companies, don't be surprised if you find out your data has been breached. Find out what the company is doing about it and use the above suggestions to either build a firewall against them or to contain the fallout.

Check for these browser extensions that secretly collect and sell your data

Online app stores are one of the staples of our modern web ecosystem. They exist to help users expand the functionality of their phones, computers, and even web browsers -- so naturally, we should expect some kind of oversight or moderation when it comes to the programs these stores are offering.

Major Intel security flaw puts PCs at risk - exposing passwords, conversations and more By James Gelinas, Komando.com

Security flaws are one of the most frequently recurring threats in our modern-day digital infrastructure. Unlike malware, security flaws and exploits are products of human error -- and provide a vector of attack for cybercriminals intelligent enough to hone in on them.
Because of this, software engineers are constantly on the lookout to address any holes they find with security updates. But when a flaw comes from the hardware side of things rather than software, the threat becomes exponentially more dangerous. When a vulnerability is detected in any piece of hardware, it usually means that all others from the same product line are affected as well.
And that's exactly the issue that security researchers are facing this week in light of a new flaw discovered in a range of Intel chips. This flaw, if exploited, can grant backdoor access to any affected computer -- putting personal data and sensitive information at great risk. We're breaking down the details on this new threat, as well as how researchers are advising users to stay safe online.

A major hole in a popular product

Update: Intel and Microsoft have announced that a security update is now available for the SWAPGS security flaw. It can be downloaded from Microsoft's website at no charge. For the security and integrity of your system, both companies urge users update as soon as possible. CLICK OR TAP HERE TO DOWNLOAD THE UPDATE. Make sure to select the download that fits your specific version of Windows 10.
Researchers at security firm Bitdefender have discovered a highly dangerous security flaw that's present in nearly all modern Intel chips -- the kind found in a majority of computers on the market.
The flaw deals with the method these chips use to predict user behavior, which usually results in faster performance. By exploiting the flaw, a hacker can take control of the computer's "memory kernel," which essentially gives them backdoor access to personal data like passwords and private conversations.
Bitdefender representatives claim that the flaw has not yet been exploited in the wild, but have emphasized the wide-sweeping nature of this threat. What's worse is the fact that this flaw comes on the heels of the critical Spectre and Meltdown flaws -- both of which were discovered and patched last year.
This new flaw, tentatively dubbed the "SWAPGS Attack," can actually bypass the safeguards put into place by the Spectre and Meltdown patches, which makes the situation even more dangerous.

What can be done about the "SWAPGS Attack?"

Right now, Bitdefender has only identified the threat. Currently, no fix has been engineered -- but developers are researching the threat further, and may potentially release a series of patches to address it.
It is, however, entirely possible that no patch arrives. Chip-related security flaws are extremely complex and can take time to untangle and pinpoint the exact nature of the flaw in code.
In the short term, it's up to PC users to exercise caution when exploring the web. Avoiding mysterious links and messages from unknown senders is a good start, as well as avoiding potentially suspicious websites and login forms.
In fact, Bitdefender proposes that the SWAPGS Attack would be more of a component to a larger cyberattack rather than the "main course" -- just because SWAPGS Attack only grants access to memory.
Even still, a new vector of attack is the last thing that hackers need these days. Considering the trouble they've caused in the past few years, it's high time we start exercising better online safety practices. If we give cybercriminals fewer tools to attack us with, it's one step towards greater deterrence.
We'll be updating this story with any new information surrounding the SWAPGS Attack flaw, as well as any potential fixes that may arrive down the line.

Intel releases important security patches for Core processors

Last month, Intel released its patches to protect users from the Spectre chip flaw. But the patches were so buggy that the company urged users to skip them entirely. Since Intel's first Spectre patch was a dud, the company promised to roll out another patch that will provide protection minus the prior system-breaking bugs. And it looks like that time is now.

Why hackers target small businesses (and what to do to stay safe) By Vince Pontorno, Komando.com

One of the most commonly shared myths among small businesses and their owners is that hackers have no interest in attacking them. That they are simply, "too small to be worth hacking." These assumptions couldn't be more wrong.
The reality is, a high percentage of cyberattacks target small businesses. Cybercriminals look for easily accessible, valuable data like credit card details and customer contact info, so the size of the business doesn’t matter. It’s the lack of cybersecurity that makes small businesses so attractive to hackers.
Thanks to our sponsor, Dell, we're going to take a closer look at the cyber threats/attacks that small businesses face and how they can best shield themselves from those threats.

Why are hackers targeting small businesses?

Studies over the last three years have shown that more than half of all cyberattacks were aimed at small businesses. Why? Because small business owners don’t always take cybersecurity seriously, some believe their company is too small to attract any interest from hackers. This couldn’t be further from the truth.
If you are taking payments for services or products, you have exactly what hackers want; customer credit card details and personal information, including your employee’s information.
Large companies can afford to invest millions in cybersecurity, while the majority of small businesses simply lack the resources and funds to have a dedicated IT team or advanced security protocols put into place. Hackers expect this and will take advantage of it the first chance they get.
The average cyberattack costs small business owners anywhere from $80,000 to $150,000. That may not be enough to bring down a behemoth sized businesses, but it's enough to cripple a smaller sized operation. A recent report stated that 60% of them ended up going out of business within six months after the attack.

How can small businesses defend themselves?

The best way for small businesses to protect themselves from hackers is to be proactive and vigilant. Keep informed and understand the real dangers that are threatening the online world, just waiting to pounce.
Here are some of the best ways for small businesses to stay protected from cyberattacks:
  • Be aware of internal threats that may exist within your business - It's been reported that 31.5% of attacks are initiated by company insiders and employees. For example, the suspect in the recent Capital One hack turned out to be a former Amazon Web Service employee, who accessed the bank's customer files which were stored on Amazon's cloud server. By beefing up internal protocols, increasing authorization requirements and keeping a close eye on any/every employee with access to secured data, potential leaks and hacks should be stopped before they even have a chance to start.
  • Invest in more secure forms of communication - This may come as a surprise, but faxing is actually the most secure form of communication in the business world. Furthermore, if your staff uses mobile devices for work or accessing accounts, you need restrictions on the information certain devices can access. There should also be strict rules on whether devices can be taken home as well as clear protocols for when/how IT can wipe a device clean.
  • Designate a point person to oversee all cybersecurity efforts - Even if employees are wearing multiple hats and handling a variety of responsibilities, someone trustworthy should have their focus on security. This person doesn't have to necessarily handle all the work, but they need to find the right services or professionals who can implement the proper updates and upgrades.
  • Properly train employees - Consistently provide ongoing training to employees on appropriate security practices and limit access to sensitive data to only specific employees who need it perform their duties. A majority of data breaches in both big and small businesses still occur when employees unwittingly download malicious materials disguised as emails that can pass for legitimate. Phishing scams are a prime example. So, it's worth it to educate employees on how to distinguish between real and fake downloadable content in order to avoid more harmful attacks later on.
  • Install anti-virus software/hardware and keep it updated to meet the latest threats - Identity thieves take advantage of the ignorance and the fact that some companies fail or often forget to update their security software consistently and in a timely manner. So, it's important to keep your security protocols current and updated with the latest versions. Installing and testing a proper firewall is strongly recommended as well. Also, before downloading any files, make sure they are scanned for safety to avoid any unnecessary attacks.
  • Keep critical data backed up - Once you've confirmed that your system is clear, healthy and you've implemented the proper security protocols, you must consider regularly backing up all of your data as well. This has become a significant step for small businesses due to the increase of attackers using cyber blackmail, or ransomware. Holding a company's valuable info hostage is an easy payday for hackers. However, businesses can take back control of the situation by having a backup plan at the ready. Having data saved across numerous locations, including on a cloud server, ensures businesses can access their data, even after it's been compromised. Kim recommends her trusted sponsor, IDrive for all of your backup needs. With IDrive, you can backup all your PCs, Macs and mobile devices into one account. Save 50% today, when you sign up at IDrive.com and use promo code Kim.