Are you protecting the right data?

You’re ready to purchase a BDR. You’ve done all of the research, found a company you’re confident in and are excited to finally have peace of mind. Now, you start thinking about exactly what you need to back up. Is all of your data necessary or should you salvage a little server room? Most businesses want to back up everything – you never know when you’ll need it, but sometimes that is cost prohibitive.    

Depending on what kind of BDR you’ve purchased, you will first need to delegate what data is stored, is not stored, and how often. There are three different kinds of backup in today’s tech world: straight to cloud services, software-based products, and a hybrid approach that combines on-site hardware and software with the cloud. The amount of data you can back up, how you can segment that data, how often it’s backed up, how it’s backed up (all the data every time creating enormous backups, versus incremental backups that key-in on changes) and how easy it is to access will be affected based on the solution you chose.  It’s not always necessary to back up everything daily, but there are some things you will want to consider. 

 First is credit card transactions or receipts. Your accounting software should keep an eye on this and automatically back up this data. This also includes things like invoicing, receivables, payroll and just about anything that is financially related. All financials are incredibly important, even one lost invoice could really hurt your business.   

Second, protect all intellectual property. Unless you’re rocking an amazing vault to store a famous recipe like Coca-Cola or KFC, make sure that you back up everything that brings you a competitive advantage in the marketplace. Anything with hackable data or items that could be compromised need to be backed up daily as well. 

Next, you will want to back up any client files. Not only is it invaluable to keep this information safe, but it would certainly affect your client confidence if anything was lost or stolen. In addition to client files, make sure you’re backing up your client and prospect lists (anything that you’re storing in your CRM, really). You spend a great deal of time developing your list for marketing purposes. Losing this information is one of the major reasons companies go out of business within six months of experiencing data loss.  

Finally, you must back up all project management software. Anything that your business uses to keep track of daily activities and work being done needs back up to make sure that you can maintain progress in the event of a data loss and you maintain a “paper trail” on project communication. 

When it comes to BDR, you ideally want to back up every piece of data that you have. Sometimes, though, this is impossible based on the cost involved in maintaining that hefty data chain. At the bare minimum, keep these items in mind and you should never have to deal with a business killing disaster.  

Written by: Emily Reynolds

July 8th, 2019

Posted In: Uncategorized

Should’ve seen it coming…

You’ve invested in a BDR and now sleep more soundly at night, but the hardware itself is really only part of the solution. You want to ensure your provider does preventative maintenance, periodic testing, multi-location storage, and staff training. Having these things in place will help avoid downtime if the worst happens.  

Preventative Maintenance: In addition to the hardware itself, a solid backup solution also has its own backup including generators, backup batteries, cooling systems, fire detection, suppression systems, and redundant cloud storage. You can’t necessarily head to your provider’s office to see for yourself, but you can read the fine print on your contracts as well as have meaningful conversations with potential providers. 

Periodic Testing: Consistently ensuring everything is running as it should will allow you some peace of mind as well as lay the groundwork for successful backup. This goes beyond simply testing backup software or cloud storage. A good backup provider will run regular testing and provide reports on the health of the backup, size, and any glitches that you might be facing.  This testing should also include 24/7 monitoring and alerting of any potential issues including cyberthreats or outages.  

Multi-Location Storage: Regardless of how safe a location may seem, data needs to be stored in more than one location. Think about it; if the backup server for your company is sitting in a location that sees seasonal hurricanes or is located on top of an active earthquake fault, your data is still in danger. It’s about backing up your backup.  

Team Training: Don’t leave it all to your IT company. When it comes to backup, security, and other breaches, employees truly are the weakest links. Cybercriminals are going after these individuals rather than attacking at a network level because they are easier to infiltrate. Make sure you have regular cybersecurity training in place for all employees to limit these potential breaches. Creating a strong disaster recovery plan is not all about the recovery part, prevention is equally important too.  

Written by: Emily Reynolds

July 8th, 2019

Posted In: Uncategorized

What Could Happen Without a Plan

Backup Disaster Recovery is one of those things that all businesses need to have in case of disaster. Whether it’s a natural disaster such as a tornado, a hardware failure, or even an attack from a hacker. Anyone of these could permanently disable your business if you aren’t prepared or have a proper backup plan. For those of you still backing up data manually on tapes or *cringe* not at all, here are some reasons why you need a BDR solution and should stop tuning out potential disasters.  

First of all, a data disaster is more common than you might think. Currently, 58% of SMBs are not prepared for data loss. Even worse, 60% of SMBs that lose their data will shut down within six months. Something that could have been prevented could potentially wreck your business, especially scary to think about when 29% of hard drive failures are caused by accident. It would be silly to have human error or a simple mishap put your company out of business.  

You may have security protocols in place and your employees are well versed on avoiding things like malware. Well done. However, you’re still not protected. Human error is a large culprit in data loss. It could be unintentionally deleting items or accidentally overwriting data, but these “oops” can hit hard. Human error can result in other kinds of hardware damage like liquid damage from spills or even accidental reformatting. All of these things are possible and have happened to many SMBs before you. Sometimes recovery is possible from the software platform you were using, maybe your computer has your back and caught these things. It’s still a time consuming and money wasting error to fix, even if you are lucky to recover some of what you lost.  

Viruses and malware can be a significant cause to software or hardware damage depending on what kind of bug found its way in. Usually, this can be avoided with proper employee training as well as an awesome firewall that will help filter malicious attacks. Yet another prey in the night is social engineering – the art of conning people. Hackers have been known to get into server rooms and other data-centric areas of the business. Employees may not even notice their mistake until it’s too late. I guess the “HVAC guy” turned out being a hacker in disguise. 

Sometimes software corruption can come from unknown viruses lurking around your computer. However, most of the time it is due to improper usage. Things like not shutting down the computer properly or leaving unsaved documents open. Sometimes even a power outage can trigger corruption. Once the software processes are interrupted and damaged, it’s virtually impossible to recover data stored in the software.  

Did you know that 140,000 hard drives crash every week? With that kind of number, it’s just a matter of time until it happens to you. That is not a comfortable position to be in if you know you don’t have backup. Unfortunately, hard drive corruption is usually due to mechanical issues. Things like age and dust build up can (and will) cause technology to fail. We’ve all used the old laptop we still have that’s been on its deathbed for months, freezing frequently, taking for-ever to load a webpage, and of course, acting as a heater for your lap or desk. All of these things are signs leading to a crash. You may not care if it’s an old hand-me-down laptop from the ’90s, but you will care when it’s your pricey equipment with all of your product data and client information stored on it. 

Finally, good old-fashioned acts of God. You can’t necessarily prepare for a natural disaster. Even if you hear the tornado siren, backing up your servers to tape will take longer than it will for the tornado to hit your business. Then what? That tape is left amongst the rubble, destroyed. This may seem like an exaggeration, but it has really happened to businesses. And even if only hypothetical, it makes for a great metaphor for any other crash within your business. This is also proof that on-site BDRs may not always be the final protective cover to your business. You may want to consider off-site or cloud data storage to ensure protection, so your data is safe even if your equipment is destroyed. 

Protect your business and keep it running smoothly and successfully. Backup Disaster Recovery options are available for all kinds of SMBs and their needs. Don’t wait to be taught a lesson by the “big one” (as most California residents say). Protect your important data and enjoy the peace of mind that comes along with it. You’ve worked too hard to get your business where it is. Protect your hard work. 

Written by: Emily Reynolds

July 1st, 2019

Posted In: Uncategorized

3 Ways Cybercriminals Use Social Engineering to Steal Your Info

Cybercriminals use social engineering every day to attempt to hack into people’s personal information.  Social engineering preys on the human condition to gain trust, manipulate people and get people to willingly give out personal information. In general, there are three major ways that cybercriminals use social engineering to steal your info.

Email

This is one of the most prominent ways that information is stolen. This side of social engineering has been around nearly as long as emails have, and it’s guaranteed that anyone with an email account has seen at least one of the many phishing scams that come from cybercriminals. Perhaps a Nigerian Prince would like to wire you a ton of money because his inheritance is wrapped up in the bank for some reason. All you need to do is pay a few fees to receive the money and you get to keep a portion of his millions. Totally legitimate right? Or maybe the bank needs you to confirm your account number and social security number because of an “account breach”.  Why not, right? The bank is a legitimate business, it must be real, even the email looks real. Better yet, wouldn’t you love to be a secret shopper? Receive a check for $1000, cash it, and perform a job. Innocent enough, right? Not after you wire initial fees and attempt to cash a bad check. These are just some of the ways social engineers prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links in the email will deploy malware to infect your computer files and obtain information about you. It’s amazing how prevalent these scams are.

Posing as Someone You Know

Another email scam involves cybercriminals posing as someone in your company, particularly the CEO or someone high up in the financial department. They send an email that looks like it’s from your boss asking you do something really quick or process a PO immediately. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, malware infects your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as important because it came from the “boss”.

The most obvious way to pose as someone you know is through copycat Facebook profiles. Cybercriminals use this prominent scam to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile, so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile by gaining access to personal information.

Advertisements

Finally, a newer way for cybercriminals to target people is through advertisements. Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of ads people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software, or a pop-up will come on your computer saying your computer has been infected and instruct you to click the link to clean the virus. Tricky, tricky cybercriminals. The key to spotting these three general social engineering styles is to become educated on them and keep an eye out for anything that seems off. If something seems strange or wrong, avoid it until you are certain it is safe. Try not to click on any links inside of emails unless you confirm and absolutely trust the sender. If you’re asked to click a link and update account info, type in the web address to the real site rather than click the link. If you get a friend request from someone, look over their profile and ensure its real. Check out their friends, photos, and posts to ensure they aren’t fake. Check to see if you already have that friend on your list. Finally, don’t trust any anti-virus pop-ups or ads. Stay safe out there!

Written by: Emily Reynolds

June 17th, 2019

Posted In: Uncategorized

Why are you so popular?

You’ve heard about many of the scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails sitting in your inbox. Lately, the largest influx of social engineering scams has come from social media.  As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target, and hackers are taking advantage. How? Fake accounts. Forbes estimates that there are over a half billion fake social media profiles in circulation today. There are four main ways these cyber-criminals are utilizing social engineering via social media.

Swaying Public Opinion

The most recent large-scale example of utilizing fake accounts to sway public opinion was meddling in the 2016 election. When investigating, Facebook not only found millions of fake Facebook accounts, but they also found that there were Facebook ads created to sway American voters. The ads and posts came from profiles that looked legitimate, but in all reality were conjured up simply to create influence with minimal effort. In addition to their obvious desire to affect election results, if people clicked on the ads, their computers were often infected with malware that would give away valuable personal info.

Fake Advertising

Have you seen the pages that say a celebrity talk show host is giving away XYZ prize or a big-name brand is handing out free gift bags if you share and like the page? All scams. The perpetrators hide behind names that look similar to the authentic celebrity or brand and rely on unwitting people to click, share, and like. These hackers then follow-up by selling your information to third-parties or targeting you with malware advertising to get you to keep coming back.

This technique goes all the way back to 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.

Minimally Invested Profiles

Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, and they usually have very little original content on them, as well as a sexy or provocative profile photo. These hackers go around making friend requests willy-nilly in hopes that their picture will intrigue people to add them. They’ll eventually send you malware via FB messenger or put rogue posts on your Facebook wall.

Fully Invested Profiles

The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends, seeing if you already have a friend by that name, as well as scouring the content of their posts. If this raises even one red flag, it’s likely it’s a fake profile.  People using this technique target you on Messenger with infected content, usually videos that lure you in because you “know” the sender.

These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. In addition, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.

Written by: Emily Reynolds

June 11th, 2019

Posted In: Uncategorized

Breaking Down Social Engineering

Most people are aware of terms like phishing and malware, but did you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud. In fact, it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or their workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups, and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you might be a victim of this, as well.  

External Threats 

With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people. 

Baiting 

First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaves a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. Online baiting could be an enticing ad, something to pique interest, things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, with pop-ups like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally download malware to your computer. If you understand what you are looking for, you can usually avoid these situations.  

Phishing 

This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email, or log in to check on a policy violation. Usually the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will be transmitted to the hacker. You just fell for the oldest online hack in the book.  

Spear Phishing 

Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc:s to co-workers. It looks legitimate; but as soon as you click the link, you are allowing malware to flood your computer.  

Internal Threats 

Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier.  

Tailgating 

Often, hackers will enter a building without an access pass by simply acting like an employee. This technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people so they can gain access to high-security areas. This is far easier than it sounds. Hackers might find company shirts at the local thrift store, exude confidence and gain access.  

Psychology 

Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it? 

Public Information 

Then, of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person. 

Pretexting 

Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, they can easily steal your identity with pertinent information like social security numbers or banking information. 

Prevention 

Social engineering can be prevented by educating yourself and your employees. With so many different ways to steal your important data, it’s imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help. First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that causes your business’ corrupted data. Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek are user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise. Finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but that’s okay because you’ve gotten very good at yours too and can combat these sneaky hackers.  

Written by: Emily Reynolds

June 3rd, 2019

Posted In: Uncategorized

What is the Dark Web?

What is the dark web? 

Have you heard of the ‘dark web’? You probably picture a guy in a hoodie, slumped over a keyboard peering at a screen of numbers with an evil smile upon his face. Oddly enough, it’s really not as dark and creepy as the media portrays. However, the scary part is the information you can find on the dark web. Don’t think the worse, I haven’t seen any body parts for sale on the dark web, I can assure you if any of your important data has been stolen. It’s likely for sale on the dark web. The dark web is named that because it’s part of the Internet that is not indexed by search engines. This certainly makes the anonymous illegal activity easier, but the dark web does host a few legitimate social networks. 

What’s on the dark web? 

As mentioned before, if you’ve ever had your data compromised, it is possible it’s floating around the dark web for sale. Or if you’ve heard of the latest malware attacks that have stolen millions of usernames and passwords (like the Collection #1 breach last January). There are a plethora of items to purchase. Some of the most popular are breached usernames and passwords that have been de-hashed. You can buy credit card numbers, drugs, and hacked accounts to name a few. I have personally viewed 6 stolen credit cards for the cost of $100. No guarantees they had money on them or were still valid, but I suppose it’s worth a try for a hacker. You can even hire a hacker to carry out a job for you. Most of the dark web takes some kind of crypto-currency and has boomed since currencies like Bitcoin have taken hold of the Internet. 

How do you access it? 

You can’t just type in “dark web” on Google and expect it to take you there. In fact, your network may even get flagged or the antivirus on your computer will prohibit it. The way people are accessing the dark web now it through a search engine named torproject.org. Now keep in mind, this organization created Tor in order to allow everyone privacy during their browsing experiences. Many countries are unable to access the Internet without someone eavesdropping on them or simply being unable to take part in free speech. Also, keep in mind that these dark web sites look just a normal as a regular website. Sometimes the only way you can see the difference is that dark web sites use a scrambled naming structure that creates URLs that are often impossible to remember. For example, a popular commerce site called “Dream Market” goes by the unintelligible address of “eajwlvm3z2lcca76.onion.” Its surprisingly easy to access, just remember what kind of people you’re dealing with. If they stole from other people, they’ll steal from you too.  

Staying ahead of the dark web 

Most people will never have the need or the courage to check out the dark web. However many IT industry experts peruse the dark side to look out for current and future hacking trends. It’s always good to know what is making money and what assets scammers are looking for. If by chance you stumble upon your own data, there’s little you can do about it. (Although, we’ve heard stories of people buying back their data). But at least you’ll know what’s compromised. Check out the dark web at your own risk, but whatever you do – save yourself the trouble – and don’t purchase anything. 

Written by: Emily Reynolds

May 28th, 2019

Posted In: Uncategorized

To Renew or Not Renew, That Is the Question

You’re prepared, at least mentally, to begin your migration to Windows 10 because you’ve read What Does Windows End of Life Mean to My Business? and Getting Ahead of Windows End of Life. Is your hardware ready, though? How you handle your IT (on your own, as needed support, or with a fully managed agreement) will change how you will have to deal with your transition.  The following items should help you decide how to prepare your hardware for the Windows 10 migration.  

Do It Yourself 

If you own all of your own equipment and deal with IT issues in house, then you will want to get started on migrating your devices now. The good news is that Windows 10 is highly compatible with just about every PC out there. If you run into trouble, it’s likely a vendor incompatibility issue, not Microsoft, itself, so you’ll want to contact them directly. When you have that handled, upgrading from 7 to 10 is as simple as running the ISO file from Microsoft.com, from a USB, or DVD. The bad news is that it will take significant time migrating every PC in your business. You’ll also need to deal with a backlog of Microsoft customer service support if you happen to run into any issues.  Remember that almost 70% of the world’s computers are still running Windows 7. It’s almost guaranteed that others will run into issues and need support, as well.  

MSP 

If you are with a managed service provider, you should be just fine. In fact, you likely already have a plan in place from your most recent business review. Over the course of the next few months, your IT company will ensure software compatibility with all of your line of business applications and contact any necessary vendors and schedule a time with you to come out and run the update once their sure everything will go smoothly. Now, would also be a good time to consider any hardware upgrades that you’ve been needing. All new PCs will automatically come with Windows 10, alleviating any upgrade issues now or in the next three years or so. The best part of it, you have to do nothing. No downtime for your business, no extra IT work for you, and no worries. 

If you’re on a full managed services agreement, the upgrade is more than likely covered and any hardware needs will be handled on a new monthly payment plan (HaaS agreement). If you’re on a partial agreement or break/fix model, you’ll likely be billed for the time required to complete the upgrade. Either way, your IT company will have you completely in hand. Just remember that your service provider will soon be booked solid assisting other clients with this transition. It’s important to schedule now so you’re not left waiting.  

Time to Get a Contract? 

If you’re reading this blog as someone that had planned to do this upgrade on your own but have now decided that you don’t have the time or desire to do so? It’s time to contact us. We’ll make sure that you’re taken care of through Windows 7 end of life and well beyond.  

Written by: Emily Reynolds

May 21st, 2019

Posted In: Uncategorized

Getting Ahead of Windows End of Life

With Windows 7 end of life quickly approaching, it’s time to start thinking about what needs to be done to prepare. Technically, regular Windows 7 support has been dead since 2015, however, the extended support period is over January 2020, which means no more updates or security patches. What should you be aware of for EOL? Get ready, you may have some work to do.   

Many are concerned that their PCs will stop working. That is not the case. Your Windows software will work, but its security will depreciate rather quickly, which could put your PC in danger of cyber-attacks and viruses. Back in 2014, Microsoft ended support for Windows XP. It affected 40% of computers worldwide. Now, years later, it is estimated that about 7% of computers are still using Windows XP. These computers are the ones hackers like to target because of the security holes caused by lack of regular patching.   

Currently, about 70% of businesses worldwide use Windows 7, so it’s highly likely that you need to take action before Windows 7 retires. The more systems you have on Windows 7, the sooner you need to prepare. Here‘s a quick action plan:   

  • Determine how many systems need an upgrade.  Simply take a count of all the systems running Windows 7 or, if you still have some, Windows XP. If systems are on Windows 7, and the hardware is up to par, you likely will be able to do a simple license upgrade.    
  • Assess your hardware. Windows 10 will not work on all hardware systems. You may need an upgrade. Contact your IT provider to help you determine if your hardware has the right specs. Easiest way to tell? If your hardware came out in the last three years or so, you’re probably in the clear. We recommend upgrading your hardware about every three to four years to avoid any compatibility issues.    
  • Create a timeline and budget. You don’t have to make all these changes all at once. You could plan them out up to and including January 2020, but we recommend getting started sooner rather than later. Again, your IT provider will be able to help determine your best path forward.   
  • Create contingency plans. Unfortunately, not all line of business applications will immediately jump to operation on Windows 10, particularly if you’re utilizing an older version of the software, or if your software provider has gone out of business or moved to their own end of life cycle. Sometimes this is inevitable, but you need to be able to quarantine these vulnerable systems from the rest of your network as much as possible or take the time to plan your upgrade now. A quality IT company will be able to help you make the decision, as well as set up a test environment so that you know your contingency plans are working long before you need them.  
  • Training Your Staff. While the transition from Windows 7 to Windows 10 is not the monumental shift past software updates have been, the new system does take a bit of getting used to. Plan time to work with your staff one-on-one or in a group so that you don’t end up with them wasting time tinkering or trying to figure out why their favorite button isn’t where it used to be. Your IT provider should be able to provide this user-based training for Windows 10, as well as the majority of software you utilize on a daily basis.   

Keep in mind that Windows 10 end of life takes place in January of 2025; so, while planning, ensure your devices can make the switch again in a few years, or that you’re budgeting for another upgrade. Also, document your processes during the shift. This could make life so much easier down the road. Most of all though, act. You don’t want to be stuck without security patches or an up-to-date operating system. It’s like hackers can smell your outdated system and will gladly break-in. Protect yourself and your business and begin planning sooner than later.

Written by: Emily Reynolds

May 14th, 2019

Posted In: Uncategorized

Ransomware: Why It’s Getting Publicity and What to Do About It

Even though ransomware attacks decreased in 2018, they remain a major threat in the cybersecurity landscape. So much so, that ransomware was recently featured on 60 Minutes. The story primarily covers three major instances of ransomware, two that affected municipalities, and a third that targeted a hospital. 

All three were attacked in a way that encrypted every single one of their files and also encrypted some of the files within their backups, sending the organizations back to operating on pen and paper. Two, despite FBI recommendations, ended up paying the ransom to restore their data quickly, while the third decided not to pay the ransom and went about remediation on their own.  

The hospital was hit with a $55,000 bill, while one municipality (Leeds, AL) was able to negotiate payment down to $8,000. These ransom sums may not appear astronomically high, but that’s exactly how the hackers keep going. If they requested millions in ransom, no one would pay. An amount in the solid five-figures, though, feels doable for most organizations to get their precious data restored. The third entity (Atlanta, GA) suffered millions of dollars in losses and time in efforts to recover. Some of their data could never be recovered. 

The story presented a very clear picture of the dangers surrounding ransomware; however, there were two major issues in the story. First, the entities covered were obviously major entities implying that you needed to be in the public eye to be affected. This is certainly not the case. In fact, nearly 50% of small business owners say their business was affected by a cybersecurity attack in the last year. Ransomware is not just for highly public entities.  

Perhaps more importantly, the story painted paying the ransom as the cheaper and often faster way to go. In very rare occasions, paying the ransom is the only option; but if you’re stuck in a ransomware trap, we do not recommend jumping straight into paying the ransom. Here’s why: 

  1. Sure, after you pay the sum (typically in bitcoin), the vast majority of hackers suddenly become ethical and return your files. Let’s look at the reality, though. You’re relying on someone who just took your data hostage for an exorbitant fee to return that data to working order simply because you held up your end of the unwanted bargain. Sounds a lot like using hope as a data recovery strategy to us. At any point the hacker could respond, “Thanks, but no thanks!” or “Well, we thought this would be a sufficient amount”; but we ran into snags with your recovery. We’ll actually need x number to finish the job.”  
  2. Prevention is a better strategy. If your back-up is set up correctly with an on-premises and multi-tenant off-site solution, you should be able to roll back to data that existed before the ransomware attack. Granted, you may lose some data in the process if the encryption gets into the backup like it did in the attacks covered in the 60 Minutes story. Losing some data is a lot better than putting yourselves up the creek financially by paying a major ransom. In addition to proper backup, ensure that you’re effectively training employees and stringently monitoring data coming in and out of your network.  
  3. Isolation is possible. In short, don’t store all of your valuable data in one place. If, on the off-chance, ransomware breaches your network, you don’t want to give it an open door to encrypt absolutely everything of value. Keep all critical applications on isolated networks to maintain global network safety.  

Ransomware attacks may be on the decline. However, that just invites the hackers to come up with a more creative way to scam you out of time and money. Perhaps phone ransoms are coming next. Regardless of what the hackers create, make sure you’re prepared and don’t have to rely on paying a hefty ransom to keep your business in operation. 

Written by: Emily Reynolds

May 8th, 2019

Posted In: Uncategorized

Next Page »