Mobile Devices: The Next Target for Cyber Criminals

By: Anders Erickson, CISA, CISSP, CRISC

In the most recent Threat Intelligence Report publish by Nokia, researchers found that software viruses or malware infecting mobile devices (e.g., cell phones and tablets) had increased 83 percent in the second half of 2016.  The report suggests that this increase represents a shift from hackers targeting traditional computers to going after mobile devices.  One of the most common methods of infecting mobile devices is through “Trojan” apps.  Like the Trojan Horse of Greek mythology, these apps look like a game or something harmless but when they are installed on a mobile device, they execute malware that allows a hacker to access or steal data from that device.  One thing users can do to protect themselves from these types of viruses is to avoid downloading apps from locations other than the Apple or Android app store.

Many nonprofits allow their employees to access organizational data through their mobile devices.  Whether that’s emails, files, or the corporate directory, the access they provide to their employees represents a significant business risk.  If not properly protected, malware infecting an employee’s mobile device can place our client’s data in jeopardy.  Eide Bailly’s Cyber Security team can assist your clients in protecting their data on mobile devices by:

  • Helping establish a secure mobile device policy;
  • Implementing mobile device management (MDM) software, which allows our clients to safeguard corporate data on their employees’ mobile devices; and
  • Educating employees on the dangers of mobile devices and how they can help protect themselves and their organization.

If you have any questions about these services or would like to better understand how we can help our clients feel more confident about their cyber security, please contact Anders Erickson, Director of Cyber Security Services, at aerickson@eidebailly.com or (208)383-4731.

What You Need to Know Before Upgrading Your Operating System

Mike ArvidsonBy: Mike Arvidson

By now, everyone should be aware that Windows XP is an unsupported, unsafe operating system for business and personal use in 2016. Perhaps lesser known is that Windows 7, XP’s rightful heir in many organizations, entered end of mainstream support last year. In fact, all support options for Windows 7 from Microsoft have expired except for extended support — offered through January 2020 — which only offers security updates, pay-per-incident system support, and access to Microsoft’s Knowledge Base resources.

With this in mind, many organizations today need to be considering their OS contingency plan. After all, 2020 is not far off.

Those businesses aiming to be proactive with their OS migration may also be interested to know that Microsoft’s free upgrade offer for Windows 10 expires on July 29, 2016.

Now, not every organization will have access to the free offer; Windows 7 and 8/8.1 Professional editions are eligible, but Enterprise versions are not. Whether or not your business is able to take advantage of the free upgrade depends on your particular Windows licensing agreement. As a general rule, if your business purchases your software licenses as you add PCs, you should have the ability to upgrade for free. If, however, your organization practices volume licensing, you will likely not be eligible. Check out Microsoft’s FAQs resource for more information on upgrade qualifications.

Regardless of if you can upgrade for free, Windows 10 is a practical and proven platform for businesses today, particularly for those organizations already operating on the Windows platform.

There are, of course, key considerations when weighing a move to a new operating system — Windows 10 or otherwise. To help, we’ve compiled our list of the priority questions to be asking internally to ensure your environment is prepared for an upgrade.

Key Considerations

  • Will your current hardware meet or exceed the new operating system requirements?

RESOURCE | Windows 10 Specifications

  • Do your line of business (LOB) applications work on the new OS? Does the vendor for each business-critical application confirm that they will support their application on that operating system?
  • Does your current endpoint protection software — antivirus, et al. — operate on the new system?
  • For Windows 10 upgrades in particular, are there any web based applications you use and do they support Microsoft Edge or Internet Explorer 11? Are there any browser plugins that need to be supported by a newer edition of IE?

READ ON for the final three questions to ask before upgrading your business’ OS and gain some helpful tips for moving forward.

Is Your Data Secure?

By: Karen Jesskaren Jess

While most nonprofits are exempt from taxes, they are not exempt from hackers targeting their data. Many nonprofit systems are easier to hack than those in the commercial sector. Hackers can take over your website and even your computers. A cyber attack can shut down your website for weeks and donor information, names of clients receiving aid, payroll records and other forms of data may be at risk. Hackers can then sell personal information to underground markets.

In February 2015, the National Center for Charitable Statistics (NCCS) was hacked. The NCCA uses its base of 990s to analyze trends in the nonprofit sector. An estimated 740,000 records including usernames, passwords, IP addresses and other account data were accessed by the hackers.

There are many steps that a nonprofit can take to protect their data and increase security. The National Council of Nonprofits published an article titled Feeling Insecure About Security? Protecting Your Nonprofit’s Data Is Not Rocket Science which details practical steps nonprofits can take to protect their most important data.

If you think your data is secure, think again. Hackers are continually looking for new ways to get at your information. It’s what they do.

Scary Data Security Stats Should Prompt Careful Planning

In 2013, 43% of businesses experienced a security threat. Hand pushing virtual cloud security button

Verizon’s 2013 Data Breach Investigation report stated that 75% of these cyber-attacks were opportunity-based, with 78% of initial intrusions being deemed as low difficulty. Combine that with their most recent finding that, on average, 1,000 compromised records will cost an organization between $52,000 and $87,000, and it is easy to see why security continues to be a major concern in 2015.

Sadly, the Online Trust Alliance (OTA) found that over 90% of data breaches last year were preventable.

Maintaining a solid IT security strategy is essential for organizations of all sizes, but especially those in highly liable sectors. For nonprofits, security becomes even more pressing to maintain the trust and continued support of your donors, board members, and the communities in which you serve.

Eide Bailly’s Technology Consulting group has put together nine actionable steps a nonprofit can take to reduce its vulnerabilities.

What are you doing to protect data in your own organization?