Understand your Cookie to manage it better!

There are 3 kinds of cookies, each having different functions. One of them is session cookies. If it weren’t for session cookies, you wouldn’t be able to do any online shopping, banking, social media posting or any other activity that requires you to be logged in/identified. These session cookies are temporary cookies and they disappear once you log out of the website, thereby ending your session. It is the session cookies that enable the website to identify you and your actions and react accordingly. Without them, every click you make on the site, will be treated as a new one, unrelated to the previous action. For example, you logged into your bank account to transfer money to a friend. If you click on “Money Transfer”, without a session cookie, the bank’s website won’t recognize you from your log-in and you just won’t be able to proceed further. You will be stuck in an endless loop of log-ins.

The second kind of cookies are called persistent cookies.These cookies are stored in the hard drive of your computer. Unlike the session cookies, they are not temporary and don’t disappear until you clear them proactively. Persistent cookies are used by websites to offer you a customized browsing experience. For example, when you visit the website of a company that has a global presence, you may be given the option to choose your preferred language and country, so the site displays relevant information. Unless you clear the cookies from your computer manually, the next time you visit the site, you will automatically be taken to the version of it that you chose last time–probably English, US.

The third kind of cookies are called third-party cookies and are typically used to retarget customers as a part of online advertising campaigns. You might have noticed that sometimes after you visit online shopping sites, ads related to the items you viewed on the shopping site shows up as you browse other websites too. That is a situation where third party cookies have been deployed.

While cookies by themselves are harmless, cybercriminals can use them as a medium to attack you virtually. But you just cannot make do without cookies. So, how do you manage cookies effectively to stay safe? Download our whitepaper, The Cookie, monster is coming for you to learn more!

Everyone loves cookies–even cybercriminals

When you visit a site, probably for the first time or from a new device or browser, you will see an alert that mentions the site uses Cookies to offer you a more personalized experience and asks you if you are okay with it. Let’s admit it. A lot of us don’t even bother to read what the notification says before we click “Accept” and move on with our browsing.

Cookies are tiny information packets that store data related to your interaction and behavior on websites. It is like walking into your favorite local diner and having them serve up the “usual” instantly. Cookies, track your digital footprint on a website and allow the site to offer you a more personalized browsing experience. For example, let’s say you visited Amazon.com and looked at some cameras, perhaps you put one into your cart as well, but never checked out, or added one to your wishlist on the site. The next time the camera is on a sale, Amazon app sends you a notification about the price reduction. That happens with the help of cookies. And, that’s just one example. Cookies are not necessarily limited to shopping sites.You know how sometimes you can save your password for some sites, so you don’t have to type it or log in every time you visit the website? You are able to do that because of cookies. Any site can have cookies, though shopping and banking sites can’t function without them. These are known as session cookies and are absolutely indispensable, while some like persistent cookies make your web browsing experience more pleasant and the third party cookies, while not very pleasant, are used basically to facilitate online advertising. How do cookies become a security threat, then?

Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.

If you liked what you read, then check out our whitepaper, The cookie monster is coming for you, for a more detailed account of the threats posed by cookies and how you can manage them better.

Don’t let hurricanes blow your data away!

“Life is not about sheltering yourselves from the rain, it is about learning to dance in the storm”, goes a popular saying. But, if you are a small business, you first need to shelter your assets from the rain, before you can afford to dance in the storm without a care in the world. Hurricanes, tornadoes and thunderstorms can catch you off-guard resulting in losses worth thousands of dollars. Your inventory may be damaged, your place of business may be flooded and your critical business data lost. While most small businesses do take timely steps to ensure their inventory and place of business are protected from natural disasters, a lot of them tend to overlook the risk such natural disasters pose to their IT infrastructure and data. To many, it doesn’t seem to be that big an issue–and invariably, this is where they go wrong. Data loss due to natural calamity or any other reason can cause significant damage to a business, resulting in extreme consequences such as complete business shutdown. Safeguarding your data shouldn’t be a project you embark upon after a hurricane warning is issued.

In this post we discuss the steps you can take to mitigate the risks natural disasters pose to your data and IT infrastructure.

1. Recognize the need for data safety, security and recovery in times of disaster.
2. Bring together your key resources and create a team that’s responsible for implementing your disaster backup and recovery plan.
3. Identify the key areas that need to be addressed. In the event of a disaster, what are the processes that absolutely need to function to keep your business going and what needs to be done so they still function smoothly?
4. Prepare a solid disaster recovery-business continuity plan. You can enlist your in-house IT team or bring an MSP onboard to do this.
5. Create a list of all the software programs, applications and hardware that are critical to your business process
6. Include floor plans, physical access details, entry-exit security codes etc, pertaining to your place of business in the plan.
7. Include information about your backups in the disaster recovery and business continuity plan.
8. Conduct mock drills and audits to ensure your plan is executable and gives you the intended results.

All of this can be overwhelming, especially with a business to run and a Hurricane to watch out for! That’s why most SMBs rely on trusted managed service providers to do it for them, while they focus on their core area–managing their business and customers.

Social media at work…what could go wrong?

As a business, there is no doubt today that you need to make your presence felt on major social media platforms such as Facebook, Twitter, Instagram and LinkedIn. But social media also exposes you to cybercriminals. In this post we talk about the steps you can take to ensure your social media account doesn’t become a gateway for cybercriminals to access your data.

Make someone accountable
The first step to a successful and safe social media experience as a company is to make someone in your organization accountable for it. Designate a social media manager who is responsible for maintaining your company’s social media accounts. This person should oversee everything–from the posts and pictures in your company account to approving/disapproving ‘Friend’/’Follow’ requests.

Train your employees
Of course you should train your employees who handle your official social media accounts about the security threats and how they need to steer clear of them, but you also need to train other employees who are not on your social media team as they could be a weak link that a cybercriminal could exploit to reach your business. Seems far fetched? Not really. A lot of people trust their ‘friends’ on social media and also unwittingly share a lot of information, which can be used to hack their personal accounts and devices, which in turn, may act as a gateway to your business. Teach your employees about general social media best practices in terms of security and also educate them about the privacy settings they can use to ensure there data is shared with trusted individuals only.

Take the necessary security measures
Make sure the devices you use to access your social media accounts are protected with firewalls and anti-malware tools and all security updates and patches are up-to-date.

Password hygiene
Practice good password hygiene and encourage your teams to do the same. That means no password sharing, no sequential letters/numerals, no obvious words or numbers as your social media account password.

Frame a social media policy
You should also frame a social media policy that spells out the dos and don’ts of social media that everyone in your organization should follow. This is important from various perspectives as employee’s statements on social media may be perceived as a reflection of your business’s values, whether you like it or not. This can make your business a target of cybercriminals and lawsuits.

Putting your business out there on the social networking sites gives your brand a lot of exposure, presents paid advertising opportunities and even helps you build and manage customer relationships, but as discussed, it can be tricky to navigate in terms of security. Businesses may find it overwhelming to manage their social media security strategy all by themselves can reach out to a managed services provider. An MSP with experience in social media security can be a valuable asset in helping you build a strong social media security strategy.