• Welcome to Demakis Technologies! We are waiting to help you!
Get A Quote

Working Hours

Mon- Sat: 9am to 6pm (CST)

24 Hr Support

[email protected]

Our Location

332 S Michigan Ave, Ste 9000, Chicago IL 60604
WE OPERATE WORLDWIDE!

Category Archives: Security

cloud security
Posted on Author Roxanne Demakis Categories cloud, Security

Cloud Security: How to Mitigate Threats to Your Cloud

Cloud computing has become a staple in every industry:

Be it remote or at the office, people (including you) use the cloud to communicate, share data, collaborate, complete tasks, and, basically, do their jobs.

But how secure is your cloud network?

In this article, we explore some of the most common threats. But also the strategies and techniques you can use to mitigate them.

So if you’re looking to bolster the security of your cloud-based infrastructure, you’ll find useful information in this article.

Let’s begin.

What is cloud security?

Cloud security refers to a set of measures designed to protect cloud-based infrastructure, applications, communication channels, and data.

These solutions protect company’s data in cloud environments from malware, hackers, and unauthorized user access or use.

Why is cloud security important?

Cloud computing security is critical for any company. It helps you to keep your cloud app security safe from cybercriminals, attacks, and other missuse.

Maintaining a solid cloud security assists you in reaping the benefits of cloud computing, which are now widely recognized as essential in any business. 

Here’s why cloud security is crucial for your organization:

cloud data protection

#1 Lower operational and administrative costs

These services help you to save money on ongoing administrative and operational costs.

A cloud service provider (CSP) handles your security needs, eliminating the need for in-house teams to perform manual security updates and configurations. 

You will also have more robust security because the CSP will have expert staff on hand to handle any security issues you may have.

#2 Improved overall reliability

You need a secure method of gaining immediate access to your data. 

Cloud security managed services ensure that authorized users have easy access to your data and applications. 

You’ll always have a dependable way to access your cloud applications and data, allowing you to respond quickly to any potential security issues.

#3 Centralized security approach

Cloud security centrally manages all your applications, devices, and cloud data protection. 

A centralized control point makes it easier for cloud-native security companies to perform tasks like: 

  • Implementing disaster recovery plans 
  • Streamlining network event monitoring 
  • Improving web-based filtering

4 Common Cloud Security Threats

Let’s go over 4 common threats you need to be aware of.

#1 Breach of data

According to a recent study, nearly 80% of survayed companies had experienced at least one cloud data security breach in the previous 18 months.

In fact, 43% of them reported 10 or more breaches for the same period. 

Security misconfiguration, lack of visibility over access-settings and activities, as well as identity and access management (IAM) permission errors were among the top concerns expressed by the survey’s 300 CISOs.

#2 Employee threats

These are cloud security threats posed by employees in your organization. 

More precisely, those with valid access to your cloud network security, such as employees, contractors, business associates, and even executives. 

This article states that insider threats cause 60% of data breaches.

#3 Data sharing

Cloud platforms make it extremely simple for users to share files and folders containing sensitive data. 

Many CISOs are concerned about such an open approach to file sharing because links to shared files and folders can easily be stolen or sent to the wrong recipient. 

#4 Security misconfiguration

According to research, 67% of respondents cited misconfiguration as the top concern about cloud server security. 

This is not surprising given the number of data breaches caused by incorrectly configured secure cloud storage containers.

Misconfiguration example is not changing default settings and leaving default passwords unchanged. 

cloud security managed services

How to Mitigate Cloud Security Threats?

So how can you mitigate threats to your cloud infrastructure?

Here are four strategies you can deploy right now:

#1 Multi-Factor authentication 

Multi-factor authentication (MFA) is extremely useful in protecting user accounts on the cloud. 

Traditional authentication systems rely solely on something the user knows, such as a username and password. 

By contrast, MFA adds another layer of security by requiring the user to provide additional information.

Usually, a security code is sent to the user’s mobile phone, which they must enter to log in.

#2 Data encryption

Data encryption seems obvious, however, it is surprising how few businesses actually encrypt their data. 

A simple but effective way to protect your sensitive data in the cloud is to ensure that all sensitive data is protected by data cloud encryption. 

#3 Sensitive data classification

If you want to keep your sensitive data secure, you must first understand what sensitive data you have and where it is kept. 

A data classification tool may be provided by your cloud service provider.

The tool allows you to create, configure, and publish “sensitivity labels” or use the “auto labeling” feature.

#4 File sharing restriction

Preventing users to share links to folders containing multiple files, as some of these files may contain sensitive data. 

If someone requires access to a folder containing multiple files, they must make a request to the administrator or other appropriate personnel. 

You can also make sure that all user-created links are set to expire after one week.

cloud security services

Get Help from a Trusted IT Specialist

You shouldn’t need to stress out about guarding your critical business data against these and other threats.  

That’s the job of IT professionals.

At Demakis Technologies, we have the strategic knowledge, skills, experience, and tech to protect your company’s critical data on the cloud, including cloud cybersecurity.

CONTACT US to get a peace of mind that lets you invest your time and energy into what really matters – growing your company.   

0
phishing attempts
Posted on Author Roxanne Demakis Categories Cyber Security, Security

5 Signs of Phishing Attempts

One of the most common ways hackers gain access to sensitive or confidential information is through phishing scams.

Scammers attempt to trick you into revealing personal information such as bank account information, passwords, and credit card details.

Your company is at risk if your employees do not recognize the signs of phishing attempts.

In this blog, we’ll talk about 5 signs of phishing attempts so you can learn how to spot scams and protect yourself.

Let’s start!

#1 Unfamiliar Greeting

Greetings are a common indicator of a phishing attempt.

If the signature in the email sounds more generic- Dear sir/madam, Dear customer, Dear client, and so on it could be a sign of a spear-phishing attempt.

Typically, no organization sends generic greetings to their customers/clients. Instead, they address their customers/clients by name. 

If a legitimate organization sends an email, it will include a contact number in the signature block. 

If you notice the mail and no contact information in the signature block, it could be a scam.

If a message appears strange, look for other signs that it could be a phishing email.

phishing attempts

#2 Spelling and Grammar Errors

Bad spelling and grammar are two of the most common indicators of a phishing email. 

For outbound emails, most businesses have the spell check feature enabled in their email client. 

Most web browsers also allow you to use autocorrect or highlight features. 

As a result, you would expect emails from a professional source to be exempt from grammar and spelling errors.

Many scammers are from non-English-speaking countries so even if they use a spellchecker you will probably be able to spot some grammatical errors that a native speaker wouldn’t make. 

#3 Scare Tactics

Phishing campaigns typically use intense language and scare tactics to create a sense of urgency, beginning with the subject line of the email.

This is done to trick a recipient to respond quickly and without recognizing the warning signs.

In addition to using urgent language, phishing emails frequently use scare tactics in the hope that readers will click malicious links out of panic or confusion. 

Such messaging is frequently framed around immediate updates or payments that must be made within a certain amount of time.

#4 Unfamiliar Email Addresses, Links, and Domain Names

To protect yourself from phishing attacks,look for distinctions in email addresses, links, and domain names. 

For example, it’s worth double-checking that the originating email addresses match those in previous correspondence. 

If there is a link embedded in the email, move the pointer over the link to see what shows up. 

If the domain names do not match, do not click.

#5 Suspicious Attachments

Phishing scam attempts frequently include malicious downloadable files, often compressed.zip files, that can infect your computer in addition to malicious links.

If the recipient receives an email from an unknown sender with an attached file, or if the recipient did not request or expect to receive a file from the sender of the email, you should be very careful with the opening. 

If the attached file has a file extension that is generally linked with malware downloads (.zip,.exe,.scr, etc.), recipients should flag the file to scan it before they decide to open it. 

How to Prevent Phishing Attacks?

It is critical to carefully examine all potential phishing attacks.

To truly combat phishing tactics, businesses must become more proactive, both through employee training and the use of security software, to better detect suspicious network activity and prevent potentially crippling attacks.

phishing attack

Employee Training

Knowledge is the best defense against spear-phishing campaigns. 

Hackers craft phishing scams to appear as persuading as possible, but they frequently include signs that expose the sham.

Requiring regular data security and social engineering training is an excellent preventative measure that will assist your organization in learning the signs of malicious emails.

Protect Your Information

If the website’s URL does not begin with “https,” or if there is no closed padlock icon next to the URL, do not enter sensitive information or download files from that site. 

Sites that lack security certificates may not be designed for phishing attacks, but it is always better to be safe.

Raise Cybersecurity

To raise your cybersecurity and increase your chances of avoiding phishing attempts, you should install firewalls and have a data security platform. 

Firewalls are an effective way to protect your computer from external attacks by acting as a barrier between your computer and the attacker. 

When used in tandem, desktop, and network firewalls can improve your security and reduce the likelihood of a hacker infiltrating your environment.

By automatically alerting on unusual user behavior and unwanted changes to files, a data security platform relieves some of the pressure on the IT/Security team.

If an attacker gains access to your sensitive information, data security platforms can assist you in identifying the affected account so that you can take appropriate action to prevent further harm.

Please CONTACT US at Demakis Technologies to find out more about how we can raise your cybersecurity and protect your business data and digital assets.

0
gdpr email
Posted on Author Roxanne Demakis Categories Security

GDPR: How to Send Sensitive Information by Email?

In this post, we’re going to explain how the General Data Protection Regulation (GDPR) regulates email communication and data sharing.

We’ll also explain:

  • What kind of information you can send via email (according to GDPR)
  • Why it’s dangerous to send personal data by email 
  • How to securely send emails in line with GDPR

So if you want to know how to ensure GDPR email compliance and communicate securely via email, this article will help you. 

Let’s start. 

How does the GDPR affect email?

The General Data Protection Regulation is intended to protect consumers in the EU by allowing them to keep their data secure.

Any organization that handles the personal information of EU citizens or residents is subject to the GDPR.

While you may not think of email as subject to the GDPR, your mailbox in fact contains a trove of personal data.

This data means any personal information that identifies an individual (names, images, videos, email address, information posted on social media, etc.)

So, how does the GDPR affect email? 

Let us explain. 

Internal communication 

Many data security breaches come from internal communications. 

For example, an email sent between employees could include several types of personal data. Even something as simple as that might be resulting in a breach and a violation of GDPR. 

GDPR increases your responsibility to protect information and your internal communications. This means you have to choose a business-grade communication solution that’s fully GDPR compliant.

gdpr email sensitive information

Email marketing

GDPR applies to the personal data which is used to send emails, as well. 

There are six lawful bases for you to use people’s data. These are all listed in Article 6

A good marketing email should provide value to the recipient. It should be something they want to receive anyway. 

What the GDPR does is clarify the terms of consent. It requires organizations to ask for an affirmative opt-in to be able to send emails. And you must also make it easy for people to change their mind and opt-out. 

Marketing email is violating the GDPR only if:

  • it doesn’t give the option to unsubscribe
  • it’s sent to someone who never signed up for it
  • it doesn’t advertise a service related to one the receiver uses. 

Customer communication

It’s difficult, if not impossible, to communicate with your clients without receiving their 

personal data. This data could be as simple as their name and email address. If you are collecting it, you have to protect it. 

Here are three ways GDPR affects the way you collect and protect client data:

#1 Data minimization

How much information do you collect from your customers? Is it all necessary?

GDPR calls for businesses to minimize the amount of information they collect. In other words, collecting more data than you need from a client results in violation of GDPR. 

#2 Designing to be private 

Privacy by design” is a term used in GDPR. It requires companies to develop their systems with built in data protection measures.

Are you using consumer-focused communication tools that intentionally collect data? Or a secure, GDPR compliant, business-grade communication system? 

Don’t risk your client’s data. Use systems that are private and secure.

#3 When breached, notify 

The client data you store must be protected. If a data breach occurs, according to GDPR, your company must notify customers within 72 hours of realizing a breach occurred. 

What kind of information can you send via email?

When talking about unprotected emails, you can send anything that’s not personal data. Personal data is information that can identify an individual.

Examples of personal data can include: national insurance numbers, tax identification numbers, home / business addresses, phone numbers, payment card numbers, bank account numbers, dates of birth, copies of government-issued IDs and health information.

What kind of information you can’t send via email?

You shouldn’t send personal data via email. Sending personal information via email without encryption is violating GDPR. 

Consequences for violating GDPR can be serious: Authorities can impose fines up to €20 million or 4% of global turnover

Why is it dangerous to send personal data via email?

Sending sensitive information via email is insecure. Data travels over the internet unencrypted and can be intercepted. 

When sending confidential information via email, you don’t really know how many networks or servers the message will pass through. 

Emails sitting on your device may be accessible to a third party. For example, a cyber criminal might have compromised your account in a phishing scam. 

Let’s also not forget human errors. Sending sensitive documents via email to the wrong recipient is a very common mistake. 

gdpr email sending sensitive information

How to securely send personal data via email?

When it comes to sending sensitive data via email, encryption is the most feasible option. Email encryption technology has developed rapidly. There are companies now that offer end-to-end encrypted email service.

Also, cloud-based email is now a convenient and practical option. 

How to raise email security?

If you truly want to protect your sensitive data, you’ll need a cybersecurity team to back you up. 

Look no further than Demakis Technologies.

Our cybersecurity services can protect all your data and other technology assets, and you don’t even have to lift a finger.

Please CONTACT US to reach out to one of our IT professionals who can explain our offer and answer all your questions.

0
data protection internet
Posted on Author Roxanne Demakis Categories Security

GDPR and CCPA [EXPLAINED]

Thanks to data mining and user data exploitation by Facebook and Google and other big tech companies, data protection and privacy have become burning issues for consumers.

To protect their rights and limit the misuse of big data in business, governments are creating laws to protect their citizens.

In the last five years, two major pieces of legislation have emerged as front-runners in the regulation of data usage by business and the protection of consumer data:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)

In this post, we’ll explain and explore the GDPR and CCPA to help you understand their effects on how you and other companies will gather data in the future.

Let’s begin!

What Is GDPR Compliance?

GDPR (General Data Protection Regulation) is considered the strictest privacy law in the world. It was put into effect on May 25, 2018, and although it was drafted by the European Union, GDPR affects any organization in the world that targets or collects data from people in the EU.

Fundamentally, GDPR is designed to help EU citizens have more control over their personal information.

According to GDPR, organizations are allowed to collect personal data solely under strict conditions, while also being obliged to respect data owners’ rights and protect the data from misuse. On the contrary, they are faced with severe penalties.

What Does GDPR Regulate?

Under GDPR, companies and organizations cannot collect personal data without user

consent.

According to GDPR regulations, personal data is information that can be used to identify a person. It includes the following information:

  • Name
  • Location data
  • Personal identification number
  • Photos
  • Biometric data
  • Healthcare information
  • IP address

Who Does GDPR Affect?

GDPR Compliance

GDPR affects any organization that operates within the European Union and any entity that operates outside of the EU but provides goods or services to individuals or businesses in the EU.

Therefore, all the world’s major corporations need to have a GDPR compliance strategy in place.

The law applies to all means of personal data collection, not just using the Internet.

GDPR recognizes three different roles in the process:

  • Data subject. The owner of personal information.
  • Data controller. The party that decides which data to collect and how to use it.
  • Data processor. The party that performs data processing for the controller.

How Does GDPR Affect Privacy Policy?

Your GDPR Privacy Policy needs to be transparent about:

  • Type of data that you collect
  • Purpose of data collection
  • Legal reasons for processing the data
  • How long the data will be stored
  • Whether it will be transferred internally
  • Whether it is used for automated decision-making
  • List of third parties you share the data with
  • How you will notify consumers about policy changes
  • Name and contact of the controller and the data protection officer

How Do You Meet GDPR Requirements?

Take a look at the following tips to stay on track with GDPR requirements:

  • Get consumers’ consent for data processing
  • Collect data for legitimate purposes
  • Only collect the necessary data
  • Make sure the data is accurate
  • Only store data as long as necessary
  • Protect data from unauthorized access and processing
  • Be able to demonstrate GDPR compliance
  • Use transparent methods of data processing
  • Review data protection policies
  • Respect user privacy rights
  • Appoint a data protection officer

GDPR Fines

The severity of the penalty is dictated by several factors such as gravity, nature, and duration of the infringement, character of the infringement (intentional or negligent), actions taken to minimize the damage caused, types of data involved, measures put in place to protect the data, infringement history, and more.

Less severe infringements are punished with the fine of 10 million euros or 2% of worldwide turnover from the preceding fiscal year (whichever amount is higher).

Companies that have caused more severe infringements are faced with a fine of 20 million euros or 4% of worldwide turnover from the preceding fiscal year.

What Is the CCPA?

California Consumer Privacy Act

CCPA or The California Consumer Privacy Act is California State’s privacy law that regulates the way businesses worldwide handle the personal data of California residents.

CCPA came into effect on January 1, 2020, as the first law of that kind in the United States.

What Does CCPA Regulate?

Under CCPA regulation, the following types of information are seen as personal data:

  • Direct identifiers (real name, social security number, physical address, alias)
  • Unique identifiers (IP address, account names, cookies)
  • Internet activity (search and browsing history, interaction with an app or webpage)
  • Biometric data (voice and face recordings)
  • Geolocation data (location history)
  • Sensitive information (medical and health information, sexual preferences, education, and employment data, religious beliefs, financial information, etc.)

Who Does CCPA Affect?

The California Consumer Privacy Act affects all for-profit organizations doing business in California that meet any of the following criteria:

  • Have an annual gross revenue of over $25 million.
  • Collect, buy, receive or sell personal data of 50,000 or more California consumers, devices, or households.
  • 50% or more of their annual revenue comes from selling that data

What Are the CCPA Compliance Requirements?

Here are the points you should cover to be compliant with California’s consumer privacy protection act:

  • Privacy Policy that complies with CCPA requirements, updated at least once a year
  • Be transparent about how the consumers’ personal data is used
  • Keep data inventory that tracks data processing history
  • Ask consumer for permission before data collection
  • Provide consumers with rights to access their collected data
  • Explain to consumers how they can request their data to be deleted
  • Ensure consumers know their rights under CCPA
  • If you sell personal information, create a Do Not Sell My Personal Information page
personal data privacy

How Can You Comply with GDPR and CCPA?

After reviewing all the requirements for both GDPR and CCPA, and determining your key compliance requirements, the following steps will help you stay on track:

  • Assign compliance responsibilities to a specific employee or a team
  • Regularly update your Privacy Policies
  • Implement information-related security best practices
  • Introduce procedures to respond to consumers’ requests to access personal data, opt out of its sale, or have it deleted.
  • Update vendor contracts to comply with both laws
  • Have separate procedures for the use of minors’ personal information
  • Organize privacy training for your employees

If you would like to learn more about data privacy and protection, visit Demakis Technologies and follow our blog.

0
Cybersecurity 2021
Posted on Author Roxanne Demakis Categories Cyber Security, Security

Cybersecurity in 2021

In this post, we’ll discuss cybersecurity in 2021. Specifically, we’ll address the top three threats to security you can expect this year:

  • Social engineering
  • Cloud compromise
  • Third-party software

But we’ll also show you the top cyber threat prevention strategies, including:

  • Cloud backup
  • Security frameworks
  • Building a cybersecurity team

So if you want to learn which cyber security threats and solutions you’ll come across in 2021, this article is for you. Let’s begin.

Top cybersecurity threats in 2021

Cybersecurity in 2021

The disruption following the outbreak of COVID-19 and the New Normal in business proved to be a serious threat to cybersecurity in 2020.

Let’s explore what we believe to be the top three threats to your assets this year.

Social Engineering

Social engineering emerged as one of the top computer security threats in 2020. In fact, one-third of all corporate security breaches last year included some kind of social engineering techniques. As businesses shift to a less secure work-from-home reality, these attacks will only persist in 2021.

Cybercriminals will use psychology and one or more social engineering strategies to convince people to freely give up money, information, or access to company networks. Typically, these tactics include:

  • Phishing
  • Spear-phishing
  • Baiting
  • Scareware
  • Pretexting

The main way of preventing attacks in 2021 will involve a combination of:

  • cybersecurity training for employees
  • using tools that can detect these attacks
  • upgrading security systems at remote locations

Cloud computing vulnerabilities

Cloud and Cybersecurity in year 2021 covid

As organizations go remote, even more of them will turn to cloud technology to support their remote operations. In fact, an additional 35% of companies plan to migrate their processes to the cloud in 2021. To reduce overhead, a lot of businesses had to subscribe to public clouds. This had, however, exposed the vulnerability of cloud computing.

Not enough companies had invested in cloud security. Cyber attackers used this opportunity to target cloud providers to access corporate networks and steal data. So one of this year’s challenges will be finding network security issues and solutions that raise the security of the public cloud.

Third-party software

In 2020, a lot of organizations had to adopt third-party software to accommodate remote work. For example, just the top 30 e-commerce companies in the United States connected to 1,131 third-party resources. But not all of these assets are 100% secure. If one SaaS solution is compromised, it can expose the entire ecosystem.

Cyber attackers can use these vulnerabilities as gateways to other domains and wreak havoc on businesses. In fact, a breach via third-party software in 2020 costed $4.29 million on average

Top cybersecurity solutions in 2021

Preventing cyber threats will be the goal for organizations this year. Thankfully, new solutions to cyber security threats and innovations are already emerging.

Here’s our pick of the top cybersecurity solutions you can expect to see in 2021.

Cloud backup

At the moment, cloud technology represents one of the greatest vulnerabilities for businesses. Among these, data loss presents a serious problem for companies in the remote environment. To offset the risks of data loss due to attacks, companies are turning to cloud backup.

Cloud backup services can automatically copy critical data to offsite cloud storage servers. The benefits of cloud backup include large storage capacities and affordable prices. In combination with a distributed cloud, you can raise the security of your cloud network.

This won’t prevent attacks, but the advantages of cloud backup will ensure your data remains safe across the entire business ecosystem, regardless of what happens.

Detecting attacks

Cybersecurity in year 2021 covid

Detection and not just prevention may be the biggest trend in cybersecurity in 2021. Already, systems are emerging on the market, including:

IT teams could potentially integrate Cloud SIEM and SOAR and use these tools to hunt for hackers before they can attack.

On the other hand, they could also adopt UEBA and use the tool to detect threatening behavior usually associated with cyber attacks.

Security talent acquisition

Who currently handles your cybersecurity?

As more companies move data and processes online, one of the best solutions to cybersecurity threats is talent acquisition. Specifically, cybersecurity experts can implement a security framework and ensure the safety of the entire tech architecture of your company.

From remote server maintenance to integrating Edge IT solutions to devices, having a security team on hand may be the most cost-effective investment you can make in 2021. Best of all, you can secure talent by outsourcing to a provider. In doing so, you’ll not only reduce the cost of onboarding but also minimize overhead.

How to mitigate common cyber attacks in 2021?

One thing is sure: cybersecurity should be at the top of your agenda for 2021. But if you don’t have previous experience, it can be hard to know where to start.

We can help you with that. Using our managed services will give you peace of mind, so you can do what actually matters – growing your business.

Ready to start protecting your most valuable tech assets? Contact us and let Demakis Technologies tend to your cybersecurity.

0
1 2 3