Friday, April 20, 2018

What is Ransomware and How Can it Affect Your Business?

 
 
This cyberattack scheme hasn't garnered nearly as much attention as the usual "break-in-and-steal-data-to-sell-on-the-Internet version," but it can be even more debilitating. Ransomware attacks have begun appearing in the last few years and its practitioners are so polished that in few cases they even have mini­call centers to handle your payments and questions.
 
So what is ransomware? Ransomware stops you from using your PC, files or programs. The business model is as old as the earliest kidnapping. They hold your data, software, or entire PC hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay or lose everything.
 
Interestingly, one of the more common "market segments" being targeted in the US has been public safety. Police department data is held hostage, and in many cases, they have given up and paid the ransom. They had little choice. They aren't the only ones. A hospital in Southern california also fell prey, as did one in Texas.
 
Ransomware can be especially insidious because backups may not offer complete protection against these criminals. Such new schemes illustrate why you need to have a professional security service that can keep you up to date on the latest criminal activities in the cyber world. Talk to an MSP about possible protections against ransomware.


Friday, April 13, 2018

Data Breaches are a Question of When, Not If

 

You hear on the news all of the time about big cyber attacks on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small firms represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of Target Corporation back in 2013
 
If  you're a small business, then you're a target for cyber criminals. Last year, 71% of small to medium size businesses were the victims of cyber attacks.
 
Today's concern is how you would respond to an attack. 31% of small to medium businesses do not have a plan of action for responding to IT security breaches, and 22% admit that they lack the expertise to make such a plan. A data breach is disastrous.
 
Your response determines whether it's a survivable disaster. You need to have a statement for customers ready, (47 states require businesses to disclose data breaches), you need to be able to quickly access backups, and you need access to professionals with experience in disaster recovery and business continuity.

Friday, April 6, 2018

Penetration Testing vs. Vulnerability Testing Your Business Network

 
 

Hearing “all of your confidential information is extremely vulnerable, we know this because...” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.

  1. “All of your confidential information is extremely vulnerable... we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”

  2. “All of your confidential information is extremely vulnerable...we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.
Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.
 
Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.
 
What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data...) A vulnerability scan tells you “what are my weaknesses?” and pen­test tells you “how bad a specific weakness is.”
 
How often should you pen-test: Different Industries will have different government mandated requirements for pen­testing. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legalminimum. You should also conduct a pen-test every time you have
  • Added new network infrastructure or applications,
  • Made significant upgrades or
  • Modifications to infrastructure or applications,
  • Established new office locations,
  • Applied a security patch
  • Modified end user policies.

Friday, March 16, 2018

Humans cause so much trouble

 
 
Have you been focusing on software packages and anti-virus tools to protect your data from hacking? That may not be enough, because it overlooks one of the biggest causes of security breaches. All of the security software and expertise in the world is useless if you or your employees don't remain vigilant about their behavior as it relates to hacking scams and data security. Human error remains the biggest cause of security breaches and data loss at almost all companies, large or small.

We just can’t remind you enough that you need to develop a culture of security among all of your employees. Changing passwords frequently, not sharing passwords, and learning to recognize and avoid opening nefarious emails are the top three lessons you need to reinforce with your employees. And don’t make it a once-in-a-while memo, make it part of your office culture, with ongoing reminders, links to articles explaining phishing scams, and routine reminders to change passwords. Contact your MSP if you’d like to learn more techniques to educate your employees about their data security responsibilities.

Friday, March 9, 2018

The most boring topic Ever

 
 
Yes, today’s blog is about office phone systems. You have one. They are dull, necessary, and no one wants to deal with them. They need to be re-configured for new employees, they’re confusing, and the telco lines probably cost you more money than you'd like.

Like everything else, office phone systems began transitioning to fully online/digital well over a decade ago. The proper term is “ Voice over Internet Protocol” or "VoIP." In a practical sense, it means that your phone lines are no longer coming in over traditional, “plain old telephone” lines, or other standard protocols from the 1960s to the 2000s. Instead, voice signals are now being carried to your phone from the telco via the internet, such as your broadband connection.
 
Why do this? There are a few simple benefits.
  1. You cut the higher landline charges, especially for international calls
  2. Old fashioned systems are becoming obsolete, and parts aren't available
  3. You don't need 2 separate cabling systems anymore. One for telco, one for internet is no longer necessary.
  4. They rely less on hardware to do the job, so reconfiguring for a new employee or a major office shift is much, much easier. It is now a software change, not a hardware issue.
  5. Your employees are no longer tied to the phone at their desk. VoIP allows integration with mobile devices.
This is just a quick summary, but it gives you a starting point for understanding why most firms are moving to VoIP systems and abandoning the old traditional PBX and key systems of an earlier era.


Friday, March 2, 2018

The Cloud: what do you get?

 
 
The cloud refers to using off site computing resources and storage to supplement or even replace the use of on-site/in-house resources. Instead of buying hardware and software to support your business, you are basically outsourcing this set of tasks.

There are 4 benefits for the small firm and today we will look at the first 2.

Elasticity - With onsite computing, if you need additional capacity you have no choice but to purchase that capacity in discrete steps, which means bearing the costs of being over-capacity for a period of time until growth catches up. Onsite computing also means you must have the capacity to handle your own peak computing and storage demands, and resources may go underutilized much of the time. The cloud allows complete elasticity in the utilization of computing resources. You buy only what you need, as you need it. You can grow or downsize as the business demands.

Pay as you go - On-site hardware involves significant capital expenditures. The cloud allows you to pay for only what you use. The cloud also allows you to benefit from economies of scale that aren't available using the in-house model. Labor, equipment and maintenance expenses are shared across a vast pool of users.

In the next few weeks, we’ll return to this subject to look at other ways the cloud brings efficiencies to your technology infrastructure that you could never achieve on your own.

Friday, February 23, 2018

What the cloud means for you–Part II

 
 
Recently, we talked about ways the cloud brings value, business protection, and economies of scale to the smaller firm that they could never achieve by themselves. Today, we look at a final benefit of the cloud.

Protection against on-site disaster - If a disaster strikes your physical business location, on-site resources can be damaged, destroyed, or become inaccessible for a period of time. Even if it isn't a major disaster, if you have a failed server your business could be down for an extended period. When everything occurs in the cloud, you are vaccinated against this type of business calamity. You can still access and use computing resources from anywhere.

In summary, left entirely on its own a small firm just does not have the resources and capital to fully support its own technology infrastructure. The cloud turns that upside down, enabling firms to enjoy the benefits of a fully supported tech foundation without levels of expenditures that are just not feasible for smaller operations.