Tag Archive for: MSPs

laptop with tax scam alert on fishing hook

4 Tips to Avoid Online Dangers During Tax Season

Stay Safe From Cyber Threats This Tax Season.

As tax season approaches, both individuals and businesses must prepare to file their returns. Since threat actors ramp up their efforts to exploit vulnerabilities and launch cyberattacks during this time, it’s important to make sure you are safeguarding sensitive financial information.

How do you prevent your company, your clients, or your employees from falling victim to identity theft, financial fraud, and other cyber threats over the next several weeks? In this blog, we will walk through some very simple and practical tips to navigate through cyber threats and effectively protect your data during tax season.

Note: In case you missed Ostra’s blog published around this time last year, be sure to check it out: Spot The Signs Of Tax-Time Phishing Scams.

Tip #1: Choose Powerful Passwords

The first step to safeguarding your data during tax season is updating and strengthening your passwords. This is one of the simplest yet most effective ways to enhance your security. Don’t make it easy for attackers to guess your credentials and harvest your data.

Here are some best practices when it comes to passwords:

  • Opt for a combination of letters, numbers, and special characters.
  • Steer clear of using easily guessable information such as your name or birthday.
  • Don’t use the same password in multiple places—I know, I know—easier said than done right?

To help you create passwords that meet these criteria, consider using a reputable password manager app—there are many options such as 1Password, LastPass, or RoboForm. A password manager allows you to generate and store complex passwords securely and conveniently—which means you won’t need to sacrifice security for convenience.

Tip #2: No Easy Access

Another way to enhance your overall cybersecurity posture and keep sensitive financial information safe is by enabling Multi-Factor Authentication (MFA). With MFA, users are required to provide two forms of identification before accessing an account. It typically involves a verification code sent via text, email, or through a dedicated application.

By implementing MFA, the risk of unauthorized access to financial accounts is significantly reduced. Enabling MFA provides an additional layer of security during tax season and beyond.

Tip #3: Spot the Fakers

During tax season, it is crucial to BEWARE OF PHISHING. According to Cloudflare, 90% of successful cyberattacks start with email phishing attempts. Threat actors frequently send fake emails masquerading as legitimate tax authorities or financial institutions.

To mitigate risk, always verify the sender’s email address and refrain from clicking on any links or downloading attachments from unknown sources. Be assured that legitimate institutions DO NOT request sensitive information through email. By remaining vigilant and skeptical of unexpected or suspicious communications, individuals and businesses can better protect themselves from phishing scams that could compromise their financial data.

Tip #4: Inspect Your Statements

The final tip to help you avoid tax-time cyber threats is to monitor your financial statements regularly. By carefully checking your bank and credit card statements for any unauthorized or suspicious transactions, you can keep an eye on cyber threats and take action before things get out of hand.

If you detect any inconsistencies or irregularities, promptly report them to your financial institution for investigation. Early identification of fraudulent activity is crucial in minimizing potential financial losses and mitigating the impact of cyber threats. Stay proactive and attentive to your financial statements so you can effectively protect your accounts and assets from unauthorized access.

Prevention is the best policy

As tax season approaches, prioritizing cybersecurity is essential to safeguard your financial well-being. By following these tips and remaining vigilant, you can reduce the risk of falling victim to cyber threats, ensuring a secure and stress-free tax season. Remember, staying informed and adopting proactive security measures are the keys to protecting your sensitive financial information in today’s digital age.

Do you want to implement a more proactive approach to cybersecurity? Contact Ostra to learn more about our best-in-class, fully managed cybersecurity services.

computer keyboard on fire with keys melting

Prioritize Data Privacy: Don’t Get Burned!

Prioritize Data Privacy to Protect Your Company, Employees and Clients.

 

Maybe you can relate to a metaphorical question I often ask myself: Are there any fires I need to put out today? Or, when faced with smaller sparks of chaos on the horizon: What can I do NOW to prevent a wildfire later?

In my experience, prioritizing data privacy is the best way to prevent security-related incidents that can wreak havoc in the lives of your employees and clients.

As a cybersecurity leader whose team handles urgent problems on a regular basis, I know it’s not possible for humans to invest our time and energy into every cause the world throws at us. But data privacy is a top priority for me, and I believe it should matter to everyone. Keep reading to find out why.

Data Privacy Week

There are a couple of reasons why this is the perfect time of year to focus on data privacy. First January is the start of a new year. It’s all about new habits, new beginnings, and new goals. For more info on the basics of data privacy, check out this short article by the National Cybersecurity Alliance: What Is Data Privacy? (staysafeonline.org)

More importantly, January 21-27, 2024 is Data Privacy Week, an international effort led by the National Cybersecurity Alliance. The goal is to empower individuals and businesses to respect privacy, safeguard data and enable trust.

The theme for this year’s Data Privacy Week is “Take Control of Your Data,” which is something we talk about a lot with clients and colleagues at Ostra. Visit staysafeonline.org to access plenty of free resources and practical tips to better protect yourself, your business, and your employees.

What Factors Create “Fire Hazards” Online?

The digital age has made it easier for criminals to get their hands on private company data and personal information. It’s almost unbelievable to consider this: less than 30 years ago, most criminals could only commit fraud if they could steal wallets, retrieve hard-copy documents, or access electronic information from the inside.

Whether their target was an insurance company, bank, retailer, hotel, manufacturer, pharmacy, auto dealer, school, or private residence—they had to get inside a physical location, often past lock and key, to get that data.

How times have changed. Today, our smartphones and laptops are loaded with highly personalized apps—from fitness trackers to online shopping apps and cloud-based calendars. We do our research online, barely thinking about who is seeing our browsing/buying habits or how they may be monetizing this data.

We share personal details, often in real-time, on social media: birthdays, vacation destinations, or events we are attending. We conduct online meetings, use online banking, and make online dinner reservations. The list goes on.

Unfortunately, all these online activities leave a digital footprint. In addition, many public records are now available online. A passive approach to data privacy is like putting dry kindling in the forest. Cybercriminals only need opportunity and an internet connection to light a match that can lead to ransomware, identity theft, embezzlement, intellectual property theft, and more.

Real World Scenario

Let’s walk through a potential scenario. If I have your name and phone number, I can find lots of other info about you online.

Beyond basic Google, I could also pay a small fee to use a people search directory that might turn up some good dirt on you. After discovering your old addresses and mortgage info, I might even find a public record of a petty misdemeanor from two years ago when you got a parking ticket.

Being the brilliant scammer that I am, now I’m going to use ChatGPT to write a fake but very convincing letter informing you that your $200 parking ticket (which you already paid two years ago) is delinquent and past due. My very convincing letter also states that you owe $1200 and if you don’t pay immediately, you’ll face criminal charges.

Now, you’re terrified. If I’m lucky, you’ll pay me the $1200 without thinking twice.

This fictional scenario is actually something that happens all too often. Unfortunately, scammers can facilitate even scarier scenarios by digging up information that is a lot more personal or embarrassing than a parking ticket.

Aware vs. Scare: What Can You Do?

At this point you may be thinking: If my basic information is already on the internet, is there really anything I can do? Scammers are going to scam people no matter what, right?

These questions are a great example of why fear tactics don’t help anyone. Around this time last year, I shared some thoughts about the importance of cybersecurity awareness—as opposed to the polar extremes of apathy and paranoia, which both lead to inaction. To dive deeper into this topic, read this blog: Awareness Leads to Action: Why Data Privacy Matters (ostra.net).

While it may be both unrealistic and impractical to completely erase your digital footprint, there are things you can do to stay safe online:

  • Opt out of data broker lists. Don’t make it easy for data/information brokers to collect and sell your data. They research both online and offline sources to get your personal information, which is perfectly legal—unless you opt out! This takes a little footwork but can be worth the effort. Learn more here: How To Opt Out of Data Broker Sites (identityguard.com)
  • Stay aware of what you’re opting into. Yes, you should actually take time to read the privacy policy! The National Cybersecurity Alliance has a great article on this topic: Take Control of Your Data (staysafeonline.org)
  • Increase awareness – Google yourself and be aware of what’s out there about you and your family. The more you know, the less likely you’ll be scammed. Always be careful about pictures and info you share—whether it’s via social media or an online form.
  • Stay vigilant. The Internet is a powerful and useful tool that can be used for good, but it can also be used as a weapon by scammers and threat actors. Stay cautious, and don’t let your guard down. Don’t click on links or jump to action before vetting the source. This article has additional tips on what all individuals can do to stay vigilant: Take Control of Your Data (staysafeonline.org)

Data privacy is our shield against exploitation in the digital world. By minimizing opportunities for misuse, we empower ourselves to protect our personal, professional, and financial well-being.

Curious about how Ostra can help you protect your employees’ and clients’ personal data? Contact our Trusted Cybersecurity Team to start an honest, down-to-earth conversation about data privacy.

Ostra Cybersecurity Year in Review: 2023

As we welcome a new year, we’d like to extend our sincerest gratitude to our Channel Partners, clients, shareholders, and industry colleagues for their invaluable contributions to our continued success. In our fifth year as a company, we sustained rapid growth while enhancing operational efficiencies, ensuring the safeguarding of an increasing number of small and mid-sized companies through our expanding Channel Partner network.

A Look Back at 2023

 

Expanded Offerings focused on Remediating the Real Problem

In a rapidly changing world where SMBs are overwhelmed and alert-fatigued, Ostra expanded its industry-leading cyber threat remediation services with Ostra EncompassTM and Ostra ExtendTM.  

In the realm of cybersecurity, the real challenges facing SMBs and the IT providers who serve them extend beyond technology; it is fundamentally a people and talent issue. This growing problem propelled Ostra to introduce these expanded offerings, enhancing our capability to address this issue directly in the market. 

Instead of merely receiving the alerts and advice commonly offered by most Managed Detection and Response (MDR) solutions, clients and partners alike can trust Ostra’s proactive team to handle the challenging task of remediating and resolving threats on their behalf. Going beyond typical products or services, we will continue to focus on changing the way cybersecurity is delivered in 2024 and beyond.

Managed Increased Threats

As Ostra continues to protect more channel partners and their SMB clients, the threat landscape naturally increases at an exponential rate. In 2023, Ostra’s client volume (email, endpoint, sensors, etc.) increased more than 3X over the previous year. However, instead of seeing a huge increase in alerts and events needing investigation and remediation, Ostra actually reduced the number of alerts and investigative events by 70% compared to last year.

So, how exactly was Ostra able to decrease time spent on security events and alerts amidst an unprecedented increase in threat volume? Let’s break it down… 

Increased Efficiencies 

Ostra operates fundamentally differently than typical cybersecurity vendors providing MDR or similar services—enabling us to increase efficiencies and focus on high-priority incidents. Bringing in Emad Bhatt to lead Technology Services also brought a heightened laser focus to the expansion of Ostra’s technology and security operations. 

In addition to being able to truly remediate and resolve threats in real-time, our tools and proprietary technology allow our team to:  

  • Quietly & efficiently elevate client security postures by enabling advanced security, enhanced visibility, automated event correlation, forensic analysis, and pattern recognition.  
  • Enhance internal operational efficiencies within our proprietary mesh architecture infrastructure and data river leveraging Automation, Artificial Intelligence, and Machine Learning.  
  • Process more than 30 billion events, investigate 1.3 million alerts and remediate 20k security incidents last year alone.

Top Resources from 2023

This year, themes of trust, transparency, and simplifying cyber jargon resonated most with our community. Explore our top picks for resources in 2023 that embody these key elements. 

 

You can expect more content like this from Your Trusted Cybersecurity TeamTM in 2024. Keep an eye out for additional insights on both our blog and LinkedIn. 

Why Businesses Keep Losing the War on Cyber Terror: Part 3

Awareness Isn’t Enough: A Transparency Revolution 

In Part 1 of this blog series, I asked why businesses continue to lose the war on cyber terror; and in Part 2, I identified some of the root causes of the problem. Now it’s time to stop talking and start doing something about it.

Every October during Cybersecurity Awareness Month, we see an increase in tips and tricks to help businesses better protect themselves. This is a great endeavor to raise awareness for the average consumer. How do I know it’s working?  For one, my wife (who works in education) came home beaming ear to ear, boasting that she knew it was Cybersecurity Awareness Month because her school was taking part in the campaign. Amazingly, my middle school-aged son even knew about it.

But we, as leaders in cybersecurity, must do more to affect top-level change in order to truly flip the script in this war. We must question the ways we are currently conducting business. We must begin putting the “why” ahead of what we do—and let that guide how we do things.

As outlined in Part 2, the amount of noise in the cybersecurity landscape is deafening. In an ecosystem as complex as cybersecurity, trust is paramount. But when phrases like ‘where there’s mystery, there’s margin’ permeate the culture, trust is eroded. The best way to earn trust is through transparency.

Inspired by our Founder, Michael Kennedy’s passion for transparency, Ostra has outlined the beginnings of a framework that we believe people are hungry for. We believe leaders in the cybersecurity industry should model these behaviors:

Honesty:

  • Using plain, common language that all user levels can understand
  • Using transparent sales & marketing practices
  • Using non-predatory practices (e.g., fear tactics)

Self-awareness:

  • Openly recognizing their organization/solution is not perfect or ideal for everyone
  • Committed to constantly growing, learning and improving for the good of clients

Transparency:

  • Giving and receiving constructive feedback
  • Sharing critical information with competitors and other vendors in the interest of serving and protecting clients

Accountability:

  • Educating others as a priority over sales
  • Seeking collaboration with industry partners
  • Donating time, talents and other resources to bettering the industry

Join the Revolution

Would you do business with companies who align with this transparency framework or something similar? If so, let us know and be part of a transparency revolution. Together we can turn the tide.

Why Businesses Keep Losing the War on Cyber Terror: Part 2

Change the Channel: It’s Broken 

I’m not one to bury the lead. When it comes to cybersecurity, the channel is broken because it’s primarily focused on margin.  As I said in the last blog entry, the quote “Where there’s mystery, there’s margin” is more important to many than actually solving the complex issues facing the clients served by our channel. 

Unsurprisingly, the origin story behind why the channel is broken starts decades ago with a guy named Dave Berkus.  Dave was in the business of selling large computing systems prior to the advent of the personal computer, and is the self-proclaimed inventor of the saying “where there’s mystery, there’s margin.” Do a quick search and you’ll find him on video, quoted as saying: 

 

“You’ll be able to charge more, not less, when people don’t understand…”  

 

Think about how this relates to the questions I asked in the first part of this blog series and the answers you may have come up with: 

  • How many companies are trying to sell you cybersecurity products so you can expand your offerings for your clients? (I counted 44 exhibitors at MSP Summit last week.) 
  • At a high level, what are they trying to accomplish and how?  And why, if we have all these wonderful individual products and technologies, do we keep losing this most important war?  

While the answers to these questions are certainly multi-faceted and complex, let’s break it down as simply as possible. Which organizations first started combating cyber threats? Enterprises. Thus, individual, point-based solutions were sold to enterprises that, theoretically, had the resources and funds to implement and manage multiple point-based solutions with very specific purposes.  Commercial antivirus solutions were first, followed by firewalls, VPN, MDM, ETP, EDR, MDR, XDR, and every other acronym-based solution you can think of.  

When the enterprise funnel began drying up, these solutions were pushed downstream further into the channel. When those business prospects became too small, rather than solve for scale, many solutions were modified and watered down. Today, on average, it is estimated that each small business deploys a dozen or more different security tools; a medium-sized business averages several dozen tools; and an enterprise deploys more than one hundred.   

For small or medium-sized businessesthe heart and soul of MSP clientelehaving dozens of security solutions to manage is a recipe for disaster. If they are watered-down solutions, it gives a false sense of security. If they are truly enterprise-level solutions, they immediately drain resources for both the MSP and the business itself. 

Look at the vast cyber landscape outlined below.  Given the sheer volume of logos, there’s obviously margin.  The real mystery is figuring out how anyone could think a small or medium-sized business—or an MSP—could successfully navigate this landscape on top of paying attention to the company they are already running.

  

There Is Good News

Full transparency: At Ostra Cybersecurity, with a few notable exceptions, we haven’t had much luck finding trustworthy MSPs that we can recommend to our clients. We have focused our efforts on looking for straightforward and humble MSPs who share our vision to go against the grain and think differently about the business of cybersecurity so we can start winning the war. So, when we set out to attend MSP Summit last week in Orlando, we felt like we were hunting for unicorns amidst a sea of 40,000 horses.   

After many in-depth conversations, our team was encouraged to hear several MSPs acknowledge the cybersecurity problem within the channel. We heard from numerous people that too many point-based solutions using cyber jargon only creates noise and confusion and ultimately take the focus away from the core business of MSPs. It was refreshing to meet MSPs who have not been seduced into overextending their business. As broken as the channel may be, my hope of change is restored after talking with these folks. 

In the third and final installment of this blog series, we’re going to dive deeper into the transparency theme, throwing margin and mystery to the curb. We’ll talk about how to challenge the way MSPs think about cybersecurity and how the channel conducts business. I’ll have some questions for you to consider as you evaluate whether it’s worth changing the way we all do business for the sake of winning this war.   

Spoiler alert: it’s worth it. 

Stay tuned.

Ostra Company News

PRESS RELEASE: Ostra Unveils Diversified Managed Cybersecurity Offerings to Meet Evolving SMB Client Needs

Company expands its industry-leading cyber threat remediation and resolution services with Ostra EncompassTM and Ostra ExtendTM.

[Minneapolis, Minn., Sept. 26, 2023] – Ostra Cybersecurity, a company that provides a multi-layered, holistic, and fully managed Security as a Service that continues to revolutionize the way cybersecurity is delivered to small and mid-sized businesses, announced its diversified managed cybersecurity offerings designed to fit the evolving needs of its clients and partners.

All of Ostra’s solutions are managed by a trusted team of cybersecurity experts. This is especially important since threat remediation and resolution is the number one thing that many companies are looking for. Rather than just receiving the alerts and recommendations that many Managed Detection and Response (MDR) firms typically provide, clients can rely on Ostra’s proactive team to do the hard work of remediation on their behalf. In a world where SMBs are overwhelmed and alert-fatigued, Ostra’s experts have the skills and knowledge to confront cybercriminals head-on while achieving real results and resolution.  

Ostra’s new managed cybersecurity offerings include: 

  • Ostra EncompassTM: This offering is ideal for SMBs and partners who need a solution that encompasses all of their critical cybersecurity needs. Ostra Encompass incorporates 24/7 Managed SOC & SIEM, Firewall & VPN, Endpoint Security, and Email Security—plus a newly added Security Awareness Training component.  
  • Ostra ExtendTM: This new offering incorporates Ostra’s 24/7 Managed SOC & SIEM, Collector & Sensor, and Endpoint Security components. The solution is beneficial for clients who already have some security capabilities in place but need endpoint remediation and general cybersecurity guidance.

As Ostra continues to evolve its offerings to better meet the needs of the market, the company remains focused on its mission to simplify cybersecurity and make Fortune 100-level protection more accessible to SMBs.  

“Not all of our clients require the same type of cybersecurity solution,” said Ostra Founder Michael Kennedy. “Ostra believes in transparency and trust, and these new managed cybersecurity offerings help us communicate more clearly with our partners and clients about the exact level of service they need.”  

A major part of Ostra’s mission is to educate its community, and provide helpful resources related to cybersecurity and data privacy. Adding psychological Security Awareness Training to its core capabilities adds another important layer of protection for organizations while also increasing their cybersecurity compliance and enabling them to meet standards such as NIST and CMMC. 

“While security tools do a great job of filtering out most phishing emails, hackers are changing their tactics every day to target our clients’ employees,” said Emad Bhatt, VP of IT at Ostra. “This additional frontline defense training truly arms our clients and their employees with the critical knowledge they need to be protected.” 

Ostra’s new value-added Security Awareness Training includes ongoing psychological training, phishing testing, and reporting. Designed to increase staff engagement in cybersecurity best practices, this component is now included at no additional cost to Ostra Encompass clients.  

About Ostra Cybersecurity 

As Your Trusted Cybersecurity Team, Ostra makes cybersecurity simple and accessible to businesses of all sizes. Ostra provides its partners and their clients with multi-layered, comprehensive, and fully managed Security as a Service. Ostra’s proprietary solutions combine Fortune 100-caliber tools, tech, and talent to ensure threats are not only detected and hunted, but also fully remediated.   

With a mission to simplify cybersecurity for small to mid-sized businesses, Ostra believes everyone deserves best-in-class data protection—not just big business. For more information, visit www.ostra.net 

Read the full Press Release

 

Spot the Signs of Tax-Time Phishing Scams

Tax season is officially upon us. Tuesday, April 18 is the deadline for most Americans to file their 2023 federal tax returns—and for many, the process of preparing and assembling the necessary documents is already underway. This is also an especially busy season at Ostra, as our Trusted Cybersecurity Team always sees elevated levels of phishing activity around tax time.

Both individuals and businesses should remain extra vigilant and take steps to avoid getting “hooked” by phishing scams during tax season.

Phishing and IRS Impersonators

As the digital age progresses, so do the tactics of cybercriminals. One of the most common types of cybercrime is phishing, in which scammers pose as legitimate entities to trick people into divulging sensitive information.

The Internal Revenue Service (IRS) is a popular target for phishing scams due to its role in collecting taxes from individuals and businesses. To protect yourself from tax-related phishing scams, it is essential to be aware of the tactics used by scammers during our tax season, and learn how to report them to the IRS.

Phishing emails often use fear tactics to get people to act quickly without thinking. One very important point to understand about the IRS is this:

“A real IRS agent WILL NEVER demand you make an immediate payment to a source other than the U.S. Treasury. Unscrupulous callers claiming to be federal employees can be very convincing by using fake names or phony ID numbers. If you are unsure if the caller is legitimate, hang up, look up the direct number for the agency online, and call that source to verify.”

(Source: National Cybersecurity Alliance)

For example, an email may claim that the recipient is owed a tax refund but needs to provide their personal information to claim it. Another common strategy is to claim that the recipient owes back taxes and is in danger of legal consequences if they do not pay immediately. These emails may also contain attachments or links that, when clicked, download malware onto the user’s computer.

Stay Ahead of the Game

To protect yourself from phony IRS phishing, it is important to recognize these tactics and take the following precautions:

  1. Be on the lookout of unsolicited emails. The IRS does not initiate contact with taxpayers via email, text message, or social media. If you happen to get an email claiming to be from the IRS, don’t click on any of the links or open any attachments. Instead, forward the email to the IRS (phishing@irs.gov).
  2. Be sure to check the sender’s email address. Phishing emails often use email addresses that appear to be legitimate but are slightly different from the actual address. For example, an email may come from “irs-taxrefund.com” instead of the official “irs.gov.” Always check the sender’s email address before clicking or replying to any emails.
  3. Do not provide personal information. The IRS will never ask for personal or financial information via email, text, or social media. If you receive a message asking for this type of information, it is most likely phishing.
  4. Use strong passwords. You’ve heard this one before, but it’s an important one. Always create strong, unique passwords for all your accounts and change them regularly. You can use a combination of letters, numbers, and symbols, and avoid using the same password for multiple accounts.
  5. Enable two-factor authentication. Two-factor authentication adds an extra layer of security to your accounts by requiring a second form of authentication, such as a code sent to your phone and your password.

Phishing scams by criminals posing as the IRS can be dangerous and costly. By recognizing the tactics used by scammers and taking necessary precautions, you can protect yourself from becoming a victim. Be wary of unsolicited emails, double-check sender email addresses, do not provide personal information, use strong passwords, and enable two-factor authentication. Stay vigilant and take steps to keep your personal and financial information safe.

Protect Your Business

Is your business fully protecting the financial information, health records, or other sensitive data from customers, clients or third-party entities? Working with a dedicated cybersecurity partner like Ostra offers peace of mind. Our proprietary solutions are built on multiple layers of protection to keep your data, as well as your reputation, safe and sound.

Reach out to Your Trusted Cybersecurity Team today with any concerns or questions on tax-related scams.  From phishing to malware, ransomware and other cyber threats, Ostra has you covered.

Protecting What We Value: Why Data Privacy Is Worth the Effort

For anyone who participates in today’s digital economy, sharing information across multiple devices, apps, websites and software programs has become standard business practice and part of our daily routines. Many assume it is safe to repeatedly upload documents to file-sharing sites, collect details about customers via email, utilize customer service chats, process credit card payments online, or engage with third-party services. But how many of us take the time to learn more about the data collection process—or verify how this information will be kept confidential in the future?

Data Privacy Week

Data Privacy Week is an annual campaign and global initiative that spreads awareness about data privacy and educate individuals on how to secure their personal information. As a proud Data Privacy Champion, Ostra recognizes and supports the principle that all organizations share the responsibility of being conscientious stewards of personal information.

Ostra’s history and team culture reveals our passion for data privacy; we were founded on the belief that all businesses and individuals have a fundamental right to data privacy and security, no matter the size of their organization. Our team remains engaged in educating businesses about how to manage and secure their own data and systems, as well as taking steps to protect the data of clients or third-party vendors they interact with.

Why Is Data Valuable?

The truth is that data is a valuable asset because all online activity generates a digital trail that reveals behaviors, interests, purchasing habits, and more. For example, a weight loss app can track things such as the user’s age, weight, blood pressure or activity levels. Auto insurance providers may offer a rate discount if users install an app that shows their driving habits, daily routes, and phone usage while driving. YouTube, TikTok, and other social media apps keep an eye on the videos and ads that users click on, so they can place similar content in their feeds.

SDG Group, a global management consulting firm, explained that the “highly reusable” nature of data is one of the reasons why it is such a valuable asset for businesses:

“Generated once, it can be reused multiple times for a variety of uses: information analysis by business analysts, analytical models, etc.” (Source: sdggroup.com)

Of course, data isn’t always used for nefarious purposes. Most business use data analytics to help them reach more customers, and that’s not in itself a negative thing. For example, this HubSpot article asserts that there are four main benefits of big data for large and small businesses: solving problems, increasing revenue, cutting costs, and improving customer experiences.

But unfortunately, cybercriminals can use an individual’s online details to create a digital profile with the end goal of identity theft. And at the corporate level, all it takes is one weak password to give hackers a foothold that could result in a ransomware attack on the larger organization or its customers.

Take Proactive Steps

In his 2022 Data Privacy Week blog, Ostra Founder Michael Kennedy unpacked the idea that data privacy shouldn’t be considered an all-or-nothing pursuit. Although it can be tempting to become stuck in either apathy or paranoia, both of these extremes can actually result in inaction—which doesn’t help anyone. The best way forward is simple awareness, which leads to action steps. Read the full article here.

Apathy and paranoia are two extremes that result in inaction, while awareness leads to action.

 

Three Tips for Managing Data Privacy

Below is a summary of simple tips, provided by the National Cybersecurity Alliance, to help you manage your data privacy:

1. Know the Tradeoff Between Privacy and Convenience

Anytime you download a new app, open a new online account, or join a new social media platform, you may be asked for access to your personal information before you can even use it! This data might include your geographic location, contacts, and photos.

This personal information about you is tremendously valuable to businesses – so you should think about whether the service you get in return is worth the data you must hand over, even if the service is free.

Make informed decisions about sharing your data with businesses or services:

  • Is the service, app, or game worth the amount or type of personal data they want in return?
  • Can you control your data privacy and still use the service?
  • Is the data requested even relevant for the app or service (that is, “why does a Solitaire game need to know all my contacts”)?
  • If you haven’t used an app, service, or account in several months, is it worth keeping around, knowing that it might be collecting and sharing your data?

2. Adjust Settings to Your Comfort Level

Check the privacy and security settings for every app, account or device that you use. These should be easy to find in a Settings section and should only take a few moments to change. Set them to your comfort level for personal information sharing; generally, it’s wise to lean on the side of sharing less data, not more.

You don’t have to do this for every account at once. Start small and, over time, you’ll make a habit of adjusting all of your settings to your comfort. The National Cybersecurity Alliance has in-depth, free resources like the Manage Your Privacy Settings page  to help you check the settings of social media accounts, retail stores, apps and more.

3. Protect Your Data

Data privacy and data security go hand-in-hand. Along with managing your data privacy settings, follow some simple cybersecurity tips to keep your data safe. The National Cybersecurity Alliance recommends following these “Core 4” tips:

  • Create long (at least 12 characters), unique passwords for each account and device. Use a password manager to store each password – maintaining dozens of passwords securely is now easier than ever.
  • Turn on multifactor authentication (MFA) wherever it is permitted – this keeps your data safe even if your password is compromised.
  • Turn on automatic device, software, and browser updates, or make sure you install updates as soon as they are available.
  • Learn how to identify phishing messages, which can be sent as emails, texts, or direct messages.

For more information about Data Privacy Week, visit https://staysafeonline.org/data-privacy-week/

 

Ready to learn how Ostra can help you safeguard your most valuable asset? Contact our Trusted Cybersecurity Team to start an honest, down-to-earth conversation about data privacy.

Ostra Company News

PRESS RELEASE: Ostra Cybersecurity Secures Capital to Bring Fortune 100-Caliber Protection to Small and Mid-Sized Businesses

Funding led by Rally Ventures will fuel growth and strengthen channel partner relationships.

[Minneapolis, Minn., Nov. 16, 2022] – Ostra Cybersecurity, a company that provides a multi-layered, comprehensive and fully managed solution to simplify cybersecurity for small to mid-sized businesses, announced that they have recently raised $3.5 million in Series A funding led by Rally Ventures, with participation from founding investor Jeff Cowan.

More than 75% of cyber attacks target small and mid-sized businesses (SMBs) with the average total cost of a data breach reaching nearly $3 million in 2021. It’s critically important for businesses of all sizes to keep systems and data secure from cybercriminals, but best-in-class, enterprise-grade protection has not always been accessible or affordable for most SMBs.

Ostra’s comprehensive solution provides SMBs with access to cybersecurity that rivals the type of protection the world’s largest companies rely on. Ostra combines the latest generation of cybersecurity tools, technology and talent into one fully managed service that protects against email threats, ransomware attacks, malware infiltration and more.

The funding will support Ostra’s business development and operational initiatives to strengthen and expand its channel partner relationships. “This investment helps us navigate a time of rapid growth while continuing to provide breakthrough solutions as the trusted cybersecurity team for our clients and partners,” said Paul Dobbins, Chief Growth Officer with Ostra.

“Every business should have access to best-in-class data protection,” said Ostra Cybersecurity President Joe Johnson. “Cybercriminals are increasingly going after SMBs and Ostra is passionate about ensuring they have what they need to protect their data so clients can sleep at night knowing our team is fully managing their security environment.”

“Cybersecurity challenges are overburdening SMBs. Ostra delivers big company technology to make cybersecurity accessible to businesses of all sizes,” said Michael Jennings, Venture Partner at Rally Ventures. “The Ostra executive team are entrepreneurs with decades of experience in cybersecurity and strategic operations. We look forward to joining them in their mission to simplify cybersecurity for SMBs.”

About Ostra Cybersecurity

Ostra Cybersecurity provides a proprietary solution that combines Fortune 100-caliber tools, tech, and talent to ensure threats are not only detected and hunted, but also fully remediated. Ostra was founded in 2018 by Michael Kennedy, a cybersecurity innovator who previously led a $100 million global security initiative for one of the world’s largest healthcare providers. Kennedy recognized that small and medium-sized businesses (SMBs) were increasingly being targeted by cybercriminals. He built Ostra Cybersecurity on a mission to simplify cybersecurity and better protect SMBs. To learn more about Ostra Cybersecurity, visit ostra.net.

About Rally Ventures

Rally Ventures invests exclusively in early-stage business technology companies, focusing on entrepreneurs creating major new markets or bringing transformative approaches to existing ones. Since 1997, Rally Ventures’ partners and venture capital industry veterans have invested in or run early stage enterprise business-to-business technology companies with a proven ability to deliver superior returns regardless of the overall market environment. For more information visit rallyventures.com.

 

Read the full Press Release

“Who Can You Trust” – A Hacks and Hops Session Recap

Ostra was a proud sponsor and co-presenter at this year’s Hacks & Hops Information Security Conference, held October 6, 2022 at the U.S. Bank Stadium in Minneapolis. Hosted by FRSecure, one of Ostra’s Channel Partners, Hacks and Hops is a full-day conference that brings information security professionals together to learn, network and enjoy beer. 

Who Can You Trust?  

For the opening session of Hacks and Hops, Michael Kennedy (Founder, Ostra Cybersecurity) joined Evan Francen (Founder and CEO, FRSecure/SecurityStudio) for a candid discussion about mental health and coping strategies for those who work in the stressful field of cybersecurity. Access a replay of the on-demand session below.  

 

 

Session Summary 

Information security professionals are presented with no shortage of tasks, deadlines, emails, conference options, information feeds and advice on a daily basis. Whether they are building secure infrastructures, responding to incidents, combing through threat feeds, justifying budgets, training or educating employees, the job can feel overwhelming at times. So, who can they trust and where can they go for the solid support they desperately need?

As two cybersecurity leaders known for their honesty and frankness, Michael and Evan delivered a 40-minute presentation entitled “Who Can You Trust?” They shared some of their own struggles, as well as wisdom they have learned along the way, regarding:

·      Tips for dealing with job-related anxiety, impostor syndrome, etc. 
·      Vetting the information they consume (marketing fodder, headlines, threat feeds, etc.) 
·      Recommendations they make to their customers

 

Letting go is not letting it consume you… If something happened, how do we fix it? How do we move on? … You’ve got to be in this moment, today. Just deal with what’s in front of you.

– Michael Kennedy, reflecting on ways to stay mentally healthy while managing cyber threats

 

A Call for Transparency 

Many of Kennedy’s and Francen’s comments were rooted in themes of transparency and honesty. Kennedy shared that although it can sometimes feel intimidating to admit what you don’t know—especially in an industry rife with acronyms and cyber jargon—transparency is critical to getting the support you really need to help your clients.  

Transparency is a topic that Ostra leaders have been passionate about since the company’s inception. Chief Growth Officer Paul Dobbins recently published a 3-part blog series, Why Business Keep Losing the War on Cyber Terror. In the final blog in this series, “Awareness Isn’t Enough: A Transparency Revolution,” Dobbins outlines 4 key behaviors that Ostra believes every leader in the cybersecurity industry should model in order to create the kind of transparency that benefits everyone, including clients.  

Join the Revolution

If you are an information security professional, do you think being more transparent could help you get the support you need? Or, if you are a business owner, would you do business with companies who align with this transparency framework or something similar? If so,  let us know and be part of a transparency revolution.