In the previous post we have covered the cyber security topics of suspicious files and links, password creation and 2-step verification. Let’s discuss OS and software, antivirus, backup, mobile security, physical security and so on.

Operating System and Software

1. Do not use pirate software. Do not run and install software downloaded from unsafe sources, including torrents and other peer-to-peer file sharing. It is not about morality or ethics – it is simply unsafe. First, software distribution infection with the Trojan and its “free” publication on the Internet is a well-known way of system infection, and it happens far more often than we would like. Second, security updates can rarely be installed on pirate software. “Activation” and reactivation will spend your time, and the risks of software not updating are inadmissible.
2. Enable Auto-Update in your Windows OS.
3. Make sure Windows auto-update is set up for checking all Microsoft products updates, including MS Office.
4. Update 3rd-party applications regularly and automatically.
5. Enable Auto-Update in AppStore.
6. Enable MS Office Auto-Update in Mac OS.
7. Use Homebrew for updating your 3rd-party apps.
8. Modern Linux distribution provides a possibility to set up auto-update via OS services or regularly update software manually.

Antivirus

1. For Linux or Maс OS do not use antivirus. Seriously. Security solutions are vulnerable; they are not safer than any other software. Besides, for effectiveness, antiviruses usually require higher privileges in OS. It possesses higher risk than virus or trojan infection threat at relatively safer and less popular platform. If you follow other recommendations from this guide, you can install antivirus that will not constantly monitor your OS and periodically scan your system with it.
2. For Windows use antivirus. But do not forget antiviruses are very ineffective against modern online-threats.
3. It is difficult to select an antivirus: “independent” tests are more favorable to antivirus-vendors that ultimately finance these tests. However, there are several more or less objective reviews and tests results.

Back up Data

1. At least, use a separate ciphered external hard disk. Connect it EVERY TIME you work on something important. The recommended disk storage is at least twice as big as your internal one.
2. Alternatively, choose an outside backup-provider for automated daily backup.
3. You can do backup saving the files in the cloud, as Dropbox, iCloud Drive, OneDrive, Google Drive. But do not forget to encrypt your data before uploading and backing up the cloud. The most secure way is to use a 3rd-party cloud-to-cloud backup provider that uses encryption for backup to protect your cloud data.

Use Cryptography

1. Check the web-site ciphering

Always make sure the web-site you upload your sensitive data uses HTTPS. Its address starts with “https://” and its certificate is checked by your browser, so it doesn’t make security alerts to you. Please pay attention that HTTPS is not enough for creating trust to the site: anybody can generate an active certificate for his web-server. Pay attention and check the web-site domain name correctness because it can be easily fabricated. Never, even for temporary use, accept invalid certificates.

2. Cipher data
• You may use your operational system Full Disk Encryption function for protecting data at your notebook or PC from loss or theft.
• You can also cipher external disks or separate files.
3. Encrypt sources of connections

Use reliable end-to-end encryption for corporate and private confidential data transit. End-to-end encryption guarantees nobody but you and your recipient will receive access to conversation. End-to-end encryption means email are PGP / GPG and S/MIME. You can also use mobile encryption apps.

Mobile Security

1. Mobile network is as dangerous as public Wi-Fi spots. Use the same cryptographic services for your mobile network data transmission. Do not consider your SMS or voice conversations private: use voice calls and messages that are end-to-end encrypted instead.
2. If Android, then Google. Only direct OS support by the developer can guarantee timely security updates. Any additional links decrease the security level. Sometimes, updates stop working for your device after a year or two.
3. Do not root your smartphone. Use only allowed application sources, as Google Play and AppStore.  Do not download or install “security updates” from unauthorized software sources.

Physical Security

1. Keep your staff where you can see or control it. Your computer and devices require the same physical security level as your credit cards and automobile keys. Remember: if a bad guy spends even a short time alone with your computer, the computer will become not yours, but his. Most likely, he can compromise your system without huge efforts. Blocking user’s session can help, but there are modern attacks that cannot be secured by this. So, don’t leave your device unattended, especially when turned on. Turn it off or make it sleep every time you leave it unattended even for several minutes. Enable password request every time it turns on.
2. Provide sensitive and non-sensitive operations from different computers. If you allow children to play online games on the computer that you use for online business, you are going to be hacked. If you send business emails from open hotel wifi, you are going to be hacked. Use separate computer for business and financial operations and all types of actions that require privacy or confidentiality. Use special virtual or physical device for the most critical operations.

Protect Yourself!

Thanks for paying special attention to your own cyber security. Share this instruction with your friends and colleagues to make the world a little bit more secure.

We have prepared for you a broad instruction about how you and your employees can avoid becoming a victim. It covers such topics as suspicious files and links, password creation, 2-step verification, software, antivirus, OS, backup, mobile security, physical security and so on.

When an employee leaves a company, moves to another department, or is simply fired, there is no need to pay for an unused account if you can migrate critical data to another account. But the cybersecurity world is challenging businesses and educational organizations with new threats that require maintenance of their cloud data with the help of technically advanced SaaS providers. Using data migration tools is becoming a common practice, but simple data migration is not enough to accomplish the task. To migrate G Suite data effectively, you need a sophisticated combination of a migration tool and version control.

Spinbackup is proud to become the world’s first vendor to introduce backup & recovery features for Google Team Drives. When Team Drives was officially launched in March, 2017, thousands of G Suite Enterprise, G Suite Business and G Suite for Education organizations had the opportunity to try it, however there was no option to backup that data. Well, Spinbackup comes to the rescue again, introducing Automated Daily Backup for Google Team Drives!

Today we are proud to announce that Spinbackup has released the most sophisticated protection against ransomware for Google Drive. It’s fully automated, with zero human factor, and provides 100% data protection, leaving you stress free when it comes to critical data in your organization. Ransomware of any type (Petya, WannaCry, Locky, Cerber, etc.) will no longer be a problem when you have Spinbackup on your side.

Only one week has passed after a mass phishing attack hit the Gmail users, and the world came under attack by a new global cyber threat called WannaCry ransomware. One month ahead – new victims of WannaCry occur: the Honda car plant and Australian government contractor. These attacks, as our security experts predict, might become the turning point for individuals and organizations all over the world in strengthening their cyber security.

Now we observe how businesses and non-profits are moving all of their valuable data to the cloud. Backup has already become their culture and savvy ones introduce CASB systems to protect their data from the most popular and dangerous cyber security risks. But since nobody knows what kind of new threat can occur, the only response remaining in case of a disaster is to follow a Disaster Recovery plan.

These days, with the rise of cyber security threats, business and individual users alike have to put more effort to tackle the data protection issue in the cloud. Ransomware hackers are ripping more and more fruit recently and Ransomware as a Service becoming an achievable “malware for hire” solution for a relatively low cost. What do we know about these high-tech criminals and the ways to stay safe from them? Is your cloud storage, Google Drive for example, safe from being infected?

Organizations are having difficult times trying to keep up with the security levels needed to eliminate or at least minimize modern cyber security problems. As technologies evolve, so do the skills of intruders. The main goal of advanced mechanisms to combat the growing numbers of attacks is to identify the weak points before the hackers do. From identity theft to credit card numbers being taken away, Big data and AI play an instrumental role in establishing new standards for cyber security. While the potential of big data is vast, it might lag behind as a standalone tool to deal with hackers due to the enormous volume of data to analyze. This is when machine learning becomes a missing piece of the puzzle that puts artificial intelligence in place to scale the use of big data by managing the insights coming from multiple sources with the help of the machines.

Spinbackup is a cloud-to-cloud backup and cloud cybersecurity solution provider for G Suite. We protect organizations of all sizes against data leaks and data loss disasters. We do it in the cloud by backing up SaaS data, analyzing it and alerting G Suite Administrators of potential insider threats and business risks.

Our unique market value proposition is to remove human factor for data security and use machine learning algorithms to fully automate data protection and we do it all in one very well designed dashboard.