Why your business is likely failing when it comes to IT Security.
It doesn’t take much to see that businesses and individuals, alike, are increasingly falling victim to massive data breaches. The recent Equifax breach continues to raise questions around how vulnerable business organizations are to cyberattacks. On a daily basis, new reports of cybercrime are released for public record. Breach information compromising social security and credit card numbers, insurance information, bank data, and other personal or sensitive information are peppering headlines across the Philadelphia metro and news outlets nationwide.
Any data breach could compromise either (1) your business’ reputation or public trust in you, (2) your staff’s personal identities, or (3) your business’ coffers.
We are just lately realizing that past breaches are even bigger than originally suspected!
Remember back in 2013 when Yahoo had a massive data breach? Well, the company recently disclosed that the number of affected individuals was much greater than their first report of 1 Billion. In fact, 3 BILLION people were impacted. Yahoo simply called ‘their bad’ on a ‘minor miscalculation’ that tripled the amount of affected accounts!
If breaches in the last couple of years have taught us anything, it’s that cybercrime is becoming the most monumental problem for business. All your data is at risk at all times. Even if your business is taking steps to protect yourself, any partnering businesses may not.
Consumers are becoming increasingly aware and skeptical of companies that have been breached. The latest statistics show that nearly 80% of businesses fail within 2 years of an attack. Your chances of surviving an attack are pretty dismal.
There are some very simple things you should be doing to set up a first line of defense:
Know what information you are storing and where it’s stored—many of the major breaches, including Yahoo, failed to properly curate their sensitive information before their breach. As a consequence, it took them years to understand the extent of their data breach.
Just as you wouldn’t put every single document you’ve ever handled into a safe deposit box, the same goes for protected electronic files. Make sure you have what is classified or sensitive information in protected places on your network and that you know exactly where these locations are (i.e., avoid having diffuse file stores containing bits of sensitive info. Rather, keep sensitive files in discrete areas). Know what of your sensitive information is most valuable and keep priority over these parts being secured, monitored and stored (encrypted) properly.
If you were to get into an incident where there was a breach, you should be able to know what was accessed and when. Your IT Support team should be in control of your data to the point that you should be alerted if someone had even attempted to access sensitive files.
Keep your data clean—after prioritizing the most important data, your IT Support team should understand how best to keep that data sanitized. Maybe it’s simply eliminating former employee access to sensitive files. Or perhaps it’s limiting access of those files to your team. Maybe you need to update passwords regularly for those with access to sensitive files. The list of checks goes on, but my point is to understand and be confident that your most protected files are hard to access. By keeping a clean perimeter to your data, you are more likely to understand when unwarranted breaches are occurring.
Line up your defenses—single line defenses may have worked in the 20th Centuries, but in the 21st Century, multiple lines of defenses are critical to protecting your data. Simply having a perimeter—say, a firewall—is not sufficient nowadays from keeping data safe. Firewalls often give business owners false sense of security that their data is safe, even though their IT Support is neglecting to protect and monitor their network from multiple vantage points. IT Support should be detecting and mitigating risks from outside (and inside) attacks. Having security at every point in your network—down to every single switch—will make it hard for attackers to successfully breach.
If nothing else, what should you take from all of this?
If you’re remotely concerned about your individual or business’ cybersecurity, assume the worst and take the appropriate steps to protect yourself, your team and your business.
(1) Get expert 3rd Party security advice as to how to rectify business security issues and remediate outstanding issues. Very least, use an external audit to make sure your IT Support team is doing everything they say.
(2) Inform your staff on how to protect their information (including sensitive business information) from phishing attacks. Your IT Support should be emphasizing immediate importance to identifying common attacks and preventing targets within your organization.
(3) Have a business disaster recovery plan in place in case something happens. As we’ve seen above, one crucial part of being ready for cyberattacks is knowing how to respond when one happens. More often than I’d like to admit, businesses sit on attacks far too long. Being indecisive when it matters (when you’ve had a breach) leads to larger leaks and greater public scrutiny. Having a disaster recovery plan can remediate unknown consequences of a breach because you will have exhibited complete preparedness.
October is National Cybersecurity Awareness Month. But cybersecurity does not stop in October!
While I want to make sure businesses in and around Philadelphia are secure in October, I also worry about your security in November through September as well. What I want you to start thinking about today, if you haven’t already, is: Are You Vulnerable To Attacks? Is My Data Safe? Am I Doing Everything In My Power To Keep My Business Secure?
If you’re concerned that your data might not be as secure as you want it or have concerns that your IT Support might be overlooking steps to protect your data, contact us TODAY for a free 3rd party security assessment.
As we’ve seen even in the last few weeks, cybersecurity threats are not going anywhere.
As attacks become more frequent, who in your organization should be on the lookout?
If you’re currently taking an ‘every man for himself’ approach to IT Security, you’re likely doing your business a severe disservice. The facts are that six in ten people will click on a malicious link, hand over sensitive data, or even send large cash payments when a criminal asks for something very specific in a phishing email.
Scammers are getting so good at deceiving staff and stealing from your company, that it really doesn’t matter how large or small your business is—you probably have people on staff that are misinformed, or not regularly communicated to about security issues—that will lead you to a company-wide cyberattack costing more than you’d ever imagine to clean up.
Today, I want to make sure businesses in and around Philadelphia are making sure that their IT Support teams have the right skills to prevent attacks. I also want to give you an understanding of how to mitigate damage as fast as possible if something were to happen.
After thinking a great deal this past weekend about the right skillset every IT person needs in order to successfully keep businesses safe.
I want to emphasize, it doesn’t matter whether you outsource your IT or have an internal team. Security and protecting your business should be one of the biggest priorities for your IT Support and should be top of mind when you are evaluating whether your IT Support, IT help desk, and IT strategies are sufficient in 2017 and beyond.
For the majority of businesses I’ve audited, I’m surprised how few have a security strategy in place or at all conscious of current cyberattacks and how to better prevent such attacks from happening. From my growing concerns over your business cybersecurity, I’ve come up with 7 essential skills ANY IT Support team needs to effectively protect your business.
Understand Security Tools—perhaps this one is a no brainer, but anyone looking out for your business’ security should (a) understand the cybersecurity landscape, (b) be familiar and understand how to implement available tools to protect and prevent data breaches and (c) continue on-going efforts to make sure security tools are working and detecting problems.
The tools your team should use should give you a 10,000 foot view of your entire network and infrastructure, but also give you granularity on specific incidents to identify resolutions to problems. If problems are arising from end-user errors, or hackers are exploiting specific software packages, your IT team should be able to identify the root cause your security problem. If there is sensitive data in places it shouldn’t be, the team should be able to scan and improve where sensitive data is stored to ensure it is properly protected.
Assess Security In Your Business’ Environment—understanding tools are important, but unless you have someone on your team that is able to acutely understand how your business functions—how everyone works and how every wheel turns—your security will fall flat. Your IT support team should have some business understanding for each of your departments and should be able to identify specific security issues across your entire network in order to prevent hacks and security events.
Process-Based Security— if your IT Support team isn’t following a process, they likely aren’t consistent in their approach to your security. Some guys still think that simply installing antivirus is good enough security oversight to protect your business.
Realistically, consistent monitoring, upgrades, firewalls, and security policies are all needed to ensure your business and its data are safe. Security-focused processes and management of the process are critically need nowadays, much more so than occasionally updating antivirus software.
What To Do When A Breach Happens—to avoid having a team running around pulling their hair out when a breach occurs, it’s critically important that your IT Support team knows how to react and respond to a cyberattack. They should understand how to quickly identify threats on the network, assess the breach situation and come up with a resolution plan. They should have the skills to identify what part or parts of the network were touched by the attack and be able to perform some simple forensics work on the network to come up with a plan for your business team (to address leaks of client, user or business data).
Have A Passion For Security—if your team isn’t interested in making your IT Security better, your business is likely not getting the IT Security it needs to keep safe from hackers who are passionate about stealing your money. If your team isn’t engaged and learning about the latest attacks and are proactively coming up with ways to make your IT Security even safer, they lack the passion for the job you critically need them to do.
Are Able To Relate To Your Users—soft skills are some of the hardest skills to learn. For most of us, we are either born wanting to interact with others or are more of the loaner who’d rather be shuttered behind closed doors and never talk to people.
Since attackers are getting better at social engineering, finding ways to exploit users’ behaviors to their advantage, your IT Support team needs to be engaged and constantly interacting with each and every user to ensure they are (1) using your business technology safely and effectively and (2) know how to recognize scams and attacks and feel comfortable to reach out to the IT Support team with any questions or concerns.
My Question To You: Does your IT Support team fit the bill? Have you evaluated them to see that they are consciously evaluating your business security?
Are you sure your business is being protected? Contact us today for a FREE external security assessment.
Common Questions Your Doctor Asks That Your IT Support Should Be Asking To Improve Your IT Security
With back to school doctor visits finished and flu season just starting, I’m reminded that good IT Support should be like your trusted family doctor. When you go in for a checkup at your doctor’s office, he or she asks you a variety of questions to identify if there are any problems and then determines root cause if there is a problem.
Whether you call on the doc to confirm that you’re healthy or to get his or her opinion on a health issue, you are kept updated on how to maintain or improve your healthiness. IT support should be doing some of the very same things when it comes to your Network Security. But for IT Support, you should expect many more frequent ‘checkups’ than a doctor requires.
Many of the same questions a doctor will ask you are exactly the same questions your IT Support should be thinking about.
What are the things your doctor normally asks you?
The questions can most assuredly—at least in the broadest of senses—be applied to your IT Support and network security. Just to name a few common ones:
Are you exercising? Are you eating foods that are good for you?
Exercise and diet are key components to maintaining a healthy body (or at least that’s what nurses and doctors tell me). If you eat only greasy and sugary foods, your body is probably not very happy with you. The doctor may give you some steps to improve your physical activity levels or modify your current eating behavior to prevent or course-correct chronic conditions.
IT Support should be monitoring your network for problems—unexpected traffic, aging hardware, suspicious activity and maintained security patching (for more details on patching in particular, see our recent discussion). Wouldn’t you expect your IT Support team to understand how your network looked on an average day so they could pinpoint irregular events? (Maybe security breaches, failing hardware, malware or malicious user activity?).
Like a doctor, your IT Support should routinely evaluate your network, identify areas of concern and determine a resolution to fix any network security concerns.
Are you getting sufficient sleep?
Every time I get a physical or examination, the nurse or doctor asks if how much I sleep (sadly in my case, I’m often scolded for not getting enough Z’s, but running an enterprise-level IT company is frankly something I keep top of mind day in and day out).
Doctors normally ascribe sleep deprivation to risks of stress, which may trigger all sorts of chronic conditions.
In IT, your support team should be monitoring for stress on your network to prevent outages, downtime and failures. Monitoring for network issues and identifying solutions to ameliorate those conditions or user symptoms has to be a key component of an IT Support team’s routine. Often, IT Support teams consume all of their time focusing on symptoms and devote little time strategizing your business’ security and resolving chronic problems.
Are you avoiding bad habits?
Doctors always seem to key in on bad habits—maybe smoking, drinking too much, taking too many aspirin to relieve chronic pain—it seems like there is almost always something that a doctor is looking to improve.
IT Support should be looking at bad habits, too. Your IT Support should be training users on security best practices. What information is safe to send via email? How can your users easily identify a phishing scam? What are the biggest schemes criminals are using to get into your network this week? Your IT Support should disseminate this type of information when they are working with your users.
The Biggest Problem With IT Security
More often than not, IT Security loses focus on the security issues that we critically need to address. And these very basic questions the doctor often asks us to ensure good health also apply to our computer networks. Business owners concerned about keeping their businesses secure get an IT security “check-up” to understand if they should worry about latest data breaches.
An IT checkup is very similar to a doctor’s visit and should address similar major concerns to those your doctor may have.
A doctor is there to help you understand what you need to do to keep living healthily. Essentially, he or she is taking an acutely complex system—your body—and explaining what specific parts need more attention.
You may notice symptoms and may have concerns when something doesn’t seem right—maybe you have a rash, a cough or feel a pain, but the doctor is the one to comprehensively evaluate your situation to come up with a diagnosis and a resolution plan. It might be as simple as a few cough drops or as complex as neurosurgery.
Your IT Support should be acting similar to your doctor. Your support team should specifically be asking very pointed questions when it comes to your IT Security.
While your doctor routinely checks very specific aspects of your physical health—blood pressure, body weight, height, blood tests— so too, your IT Support should be evaluating your business’ network routinely to understand and correct issues to protect your business data.
And just as your doctor has a plan of attack to address health problems, so too, should your IT Support.
Is Your Business Low Hanging Fruit For Cybercrime?
Securing your office from cyberattacks is, to a large capacity, a ‘Joneses’ affair. If you aren’t keeping up with other businesses—of your size or greater—you probably are ripening into some hanging fruit ready to fall victim to some budding cybercriminal.
Even large organizations become victims to major cybercrime simply because they leave easy gateways to hackers. I want to make sure that Philadelphia businesses have better-than-average IT Security processes and policies in place so that they don’t become low hanging targets.
What happens when a business fall victim to an attack?
The consequences of cyberattacks are grave. If you’re a local business trying to attract and retain clients in and around Philadelphia, a data breach will surely damper enthusiasm, and could ultimately leave them out of business (in fact, 85% of businesses fail within 2 years of a cyberattack).
What are some security measures your business should take to avoid being a target?
Patching— As we’ve recently seen with major cyberattacks, patching does make a big difference. When cyber criminals are looking for targets, they are looking for easy entry into your business network. Unpatched machines is one very easy way for them to gain access.
The reason unpatched networks makes for easy cyberattack targets is that software companies like Microsoft, Adobe, or Apache (for example) identify the particular vulnerability in the patch. Hackers can use that information to create code to penetrate a network. They also reverse-engineer the patches to understand how they can penetrate an unpatched environment.
Make sure your IT Support is patching your network. Good IT Support teams will not only patch your network, but test patches before going live into your business environment.
[Note: Microsoft just dumped a whole lot of updates on your plate—they just released 81 vulnerabilities that cybercriminals may be exploiting if you’re not careful!]
Network Monitoring— It took Equifax months to realize that they were breached. That’s unacceptable! Your IT Support should be disciplined with a monitoring process to regularly monitor your network and be able to identify when there is suspicious activity. Suspicious activity might be accessing folders that normally are only accessed at a particular time in the month, data movement across the network, activity moving in or out of your network.
Good IT Support should be actively reviewing your business network activity to identify problems—including any data leaks—before they become serious problems.
Firewalls— firewalls have changed a lot over the past decade. If you’re using older static firewalls and think you are safe from cyberattacks, you likely won’t be that well-protected. Newer technologies that learn current threats are much better at preventing cybercriminals from easily accessing your network.
Staff Awareness— While having software and hardware protected is one critical component to keeping your network safe, more than ever your IT Support should keep your users engaged to understand that they are part of the cyber security solution.
Good IT Support should engage your users to understand current attacks and help improve their IT hygiene by helping users understand what they should be doing to keep their and your business secure and why behavior shifts are important to keeping your business safe.
Understand whether your security meets IT standards—One your biggest aides when understanding how your IT Security compare to other competitive businesses in Philadelphia and elsewhere. When your company is meeting or exceeding security standards, you likely won’t be a big target.
Your IT Support should understand gaps that exist in security across businesses and make recommendations to keep you ahead of the pack when it comes to business security practices and processes.
How can you determine what specific security measures will be needed for you to keep criminals at bay?
As I mentioned above, gap analyses are a powerful tool to help your organization understand what specific actions your IT Support needs to focus on improving to keep you secure. One of the best ways for your business to start tackling a gap analysis is by benchmarking your IT Security with other businesses.
If your business’ security benchmarks for aspects of security—patching, firewalls, maintenance and monitoring, staff engagement, for examples—are low compared to other businesses (and it doesn’t really matter how small you are!), you probably want to figure out how to fill in gaps to increase your comparative benchmark.
Nearly half of Americans (143 million people!) are facing identity theft nightmares following a massive hacking attack on the credit bureau Equifax earlier this month. The company disclosed that the data breach involved highly sensitive personal information including Social Security and credit card numbers.
Why are people still talking about this breach (including Congress)?
This breach was especially dangerous because it gives criminals the exact information they need to drain bank accounts and steal identities. It is the third largest breach in history, but has the most serious impact on the American people.
How did the breach occur?
Equifax has been slow to fully disclose how the breach happened, but experts originally believed two possible smoking guns are most likely: phishing or malicious insider.
Phishing attacks—phishing attacks are one of the most common ways sensitive data gets leaked. Criminals are looking for very specific information from which they can take advantage of you—account numbers, Social Security numbers, credit cards, addresses, signatures—all of this information can be valuable in stealing your (or your staff or client’s) identity.
For business folks, criminals may send impersonating emails from key people on your staff (accountants or the CEO, for example) asking employees to open attachments or click on links to websites containing a malicious virus that may shut down your entire network).
Another way hackers crack into your networks is by sending sensational emails about your security—your account may have been hacked.
Be Aware: scammers are taking advantage of the Equifax breach to send fake emails claiming they are from Equifax, asking you to click on a link to a malicious site. Whatever you do, DO NOT trust email correspondence from Equifax or any other business which claims you’re a victim of an attack or hacking event.
Never click on links from these emails. At very least, copy the link into a browser to view the linking website (hackers tend to reroute links to malicious places). If the email seems fishy, contact the business by calling a published number on their website.
Malicious Insider—another very possible way Equifax could have been breached is through someone on their payroll that had access to these millions of identities. A malicious insider could send out to criminals or simply to the ethos (depending on motive) lists of sensitive information because of a grudge they hold against their employer, want to profit from the data or are blackmailed into divulging sensitive data.
Whatever the reason, if Equifax did not keep close attention on its users’ activity, they might not suspect malicious insiders even if they were the cause of their massive breach.
The actual cause of the breach?
Turns out Equifax might not have sufficiently patched their networks. Equifax reported last week that hackers were able to get through their Apache server (Apache software is what supports nearly 70% of web servers). Apparently vulnerabilities in Apache (Apache claims the patch was available to fix security vulnerabilities prior to the cyberattack) caused the security breach.
What could a breach do to Equifax?
It’s obvious already that Equifax has lost public trust for a variety of reasons.
First, how can consumers trust their personal data to a company that has been breached? Equifax has risked 143 million identities. Will the public ever trust custody of their sensitive information to them ever again?
Second, when coming up with a solution to help affected consumers, Equifax failed to properly address who was affected. By performing a simple test of their breach notification system, it was clear the company either was (1) signing unaffected people up for a year’s trial of their premium service or (2) they had no idea how to tell who was affected by the breach and were trying to cover their tracks.
It is clear to consumers that Equifax failed to protect entrusted sensitive data and then failed to appropriately notify consumers of the breach—both of which could lead to bad consequences. In fact, nearly 50% of businesses go out of business within the first year of a breach and another 30% close their doors within 2 years. If you hold sensitive data, shouldn’t you make sure you’re keeping it safe?
What should your business do to prevent breaches?
Vigilantly Monitor Your Network— your IT Support should be monitoring your network day in, day out 24/7/365. They should understand what normal activity looks like on your business network. If anything seems suspicious should look into the cause to be sure your network isn’t getting attacked or breached.
Routinely Apply Updates— applying operating system and software updates normally ensure that your business is accounting for latest security vulnerabilities. If your IT Support doesn’t regularly evaluate updates and patch your systems, you are likely vulnerable to attacks that could have been easily prevented. Here is a recent discussion of when to patch your network.
Train Your Users— while IT Support’s main goal is to keep your network humming, it also needs to make sure your users understand the current threat matrix. What are the latest attacks? How have hackers successfully gained access to other businesses? If your users don’t understand the basics of how they might let cybercriminals onto your network, will they be able to help keep it safe?
Consider a Security Audit—having your IT Support team say they are keeping you safe is good, but are they backing their claims up with empirical data? Network security assessments ensure that your business is dotting every ‘i’ and crossing every ‘t’ when it comes to latest security best practices.
Just in case you were one of the 143 million people affected by the Equifax breach, what are some simple steps you can take to ensure your identity is safe?
Check your credit reports—make sure your credit history doesn’t have any fishy activity. If someone has started using your identity as their own, these reports should give you some idea as to what they are doing. Get a free credit report from Experian or TransUnion by visiting annualcreditreport.com. For more information on identity theft, visit IdentityTheft.gov.
Carefully monitor your existing credit card and bank accounts closely—monitor your bank accounts for any suspicious activity. Check your last login date/time to make sure it makes sense. Review balances. Ensure you are alerted when cash is withdrawn or transactions are made.
Consider placing a credit freeze on your files—if you fear your information was disseminated to cybercriminals, consider freezing your credit on file. This will alert banks in the event someone tries to open new accounts in your name.
File your taxes early—to avoid becoming a victim of tax identity theft, consider beating the criminals from stealing your refund. Filing early can ensure that no one will try to submit and claim refunds in your name.
Most Importantly: Think before you react!
Instead of giving out your sensitive information, think if it makes sense that someone is asking you for it. Most spam or fraudulent emails will ask for information that you shouldn’t be handing out. Before responding to a pop up message saying your computer is infected or an email alerting you that your account has been hacked, take a deep breath and decide whether what you’re being asked for makes sense. If you think something is legitimate, consider calling the business to confirm (on a published line). Protecting your personal information is your first line of defense from becoming a victim.
Still unsure whether your data is safe? Zog is always here to help!
Right this minute, your business—specifically your staff—are being targeted.
They are likely on hundreds (if not thousands) of well-targeted malware campaigns.
These lists are NOT random—criminals do their due diligence to put together accurate lists of contacts that will be the most likely to give them access to your network. They also target positions in your business that have access to high value information, such as client contacts, social security numbers, credit card info and bank accounts.
With long lists of email addresses, hackers glean information with very precise phishing campaigns.
In addition, malicious spam emails nowadays contain single invisible pixels (gif images) that fingerprint how you or your staff receive email.
If someone were to open one of these spam emails, the invisible pixel will request and transmit your IP address to the server that hosts that pixel. From initial transmitted information, scammers and hackers will be able to know when you open the email and from what device (maybe an iPhone or in Outlook from your desktop).
Hackers will also know that your email address is valid and that their flavor of spam passes through your spam filter and that that particular user opens spam emails [NOTE: if your IT Support isn’t updating and monitoring your email spam, they likely aren’t doing enough to protect your business].
From a wide net campaign evaluating prospective phishing targets, a spammer will be able to put your users into categories. Categorization of user behaviors allows hackers to target specific user groups with focused and highly penetrating campaigns based on very specific user behaviors.
Many of the emails that hackers use to initially get a feel for your users may seem harmless enough. Many may be related to hobbies or vague questions. You likely won’t see a threatening email or one initially getting you to click on a link (that will come once they understand your or your user’s triggers).
Designing a compelling phishing email
Once they’re armed with tidbits of valuable user information—how and when your user opens email and what type of spam passes through your network undetected—hackers will start crafting compelling emails targeted at your specific user audiences.
They will identify key important players—don’t think that an initial email recon mission that identifies easy targets would be the end to a hacker’s phishing strategy.
Hackers will do research on social media—LinkedIn and Facebook—to evaluate how they can leverage their targets. They will determine how to communicate with those targets and identify strategies to get your target users to click on a link or do some action that will get them into your network to steal information, compromise your servers for their use in expanding their attacks or ransom your data.
More often than not, phishing emails will get users to click on a link that will take them to an infected website. At that point, their workstation will get infected. And, based on the sophistication of recent attacks, that attack could spread throughout your entire network.
How can your users identify phishing emails?
Sender demands confidential information—one golden rule in email communication is to not email sensitive information. If you or your staff aren’t expecting to hear from the sender to follow up in getting specific information, err on the skeptical side. If you know the person requesting the information, call them before giving anything out. If you do not know the sender, ignore the request and consider the email a phishing attempt.
Suspicious FROM address—while you may recognize the sender’s name—it may be from Judy in accounting or from your boss—look closely at the actual address sending the email. It likely won’t look quite right. For instance, instead of using an address like @yourbusiness.com, scammers will often send email from similar, yet very suspicious domains, such as @yourbusiness-x.com. If you’re not careful and don’t pay close attention to the FROM address, you could easily be duped!
It is critical that your staff always check the FROM address and only apply to email addresses that they trust, to avoid leaking confidential information.
Your immediate action needed—many scammers successfully instill fear in their targets by communicating immediate urgency. “Your account has been compromised”, “Your account has been locked”, “Immediate action required” are very common subject lines. The criminal’s intent is to fluster you and your staff into taking irrational action. Before reacting to such emails, take a minute to pause and ask whether the email looks legitimate, makes sense, and that the information you are handing over won’t compromise you, your team or your business.
Embedded links to strange websites—unless you reply directly to a phishing email with personal information or credit card info, the most likely action scammers will want you to take is clicking on an embedded link within an email. Most often that link will take you to a site that either resembles the legitimate site (both URL and page appearance), but many times something will be wrong with it.
The best rule of thumb: copy links into your browsers. Many times, embedded links can be masked. Even if the link looks legitimate, you may be rerouted to a malicious site that can infect your computer (or your entire network!).
Poor grammar and spelling—while scammers are getting better at mastering American English—specifically how we speak and write in and around Philadelphia, many scammers are successful enough that they resort to poorly composed email. A strangely worded or poorly written email is likely NOT one sent in good will. Any emails with bad grammar or spelling should be avoided.
IN ALL SERIOUSNESS. Hackers are getting much better at how they target your business and your users. Evaluating your IT Security—both policies and procedures, but also how your IT Support team interacts, informs and engages users in keeping your business secure—is critical to preventing harmful (often costly!) ransomware, data leaks and attacks on your business, clients and staff.
If you’re at all concerned with your business security, contact us TODAY for a FREE security roadmap meeting to evaluate how to keep your business safe.
None of the effects of disaster— pain, suffering or loss—is fair. And few that survive disasters do so without help and support from family, friends and community. The hurricane that struck Houston last week was hard to watch. And the headlines made certain that when disaster strikes, we’re certainly put in tough situations:
“Worst disaster in history!”
“Brace for significant disaster!”
Hurricane Harvey is a good reminder to us all that disasters do happen.
When looking at responders saving people hip-deep in dirty water, I couldn’t stop thinking that planning for disasters is one of the most important things a business should be doing. The following 3 concerns have been ringing in my ears for a week:
Today, I want to address these 3 concerns about business disaster recovery, in particular how business disaster recovery and continuity relates to your IT Support and IT recovery before, during and after disastrous events.
Can I Anticipate Disaster?
Not all disasters can be predicted easily. But, keep in mind, disasters come in all shapes and sizes.
What do I mean by this?
A disaster doesn’t necessarily have to come from Mother Nature. It could be a disgruntled employee that decides to delete or remove sensitive or critical information from your network. It may be an internet outage that prevents a medical office to access their cloud-based electronic medical record platform. Or a disaster may simply come from a power outage that ends up taking longer than expected to fix, a server that fails to boot up, a virus that infects your network and ransoms your data.
A disaster could also present, as we observed last week, as a once-in-a-lifetime storm that leaves your business literally under water, with no physical building for staff members to even attempt to complete day to day operations.
Some of these disasters may be more predictable. But no disaster is expected years or even months in advance. Sure, a drive failure could be predicted and disaster prevented. And if your IT Support was monitoring your network regularly, looking for problems, they likely should have been able to predict a problem before it became a serious computer headache.
But for the most part, disasters are relatively unexpected.
True, we anticipate storms coming in at certain times of the year. We might suspect specific employees of being up to no good. We may even prevent cybercrime by running comprehensive security network assessments or monitor our network 24/7/365, but we likely aren’t specifically thinking about a disaster to hit our business.
What worries me: No one can be 100% certain that disaster will strike. And often times, we err on thinking disasters won’t happen to us. This all leaves us the victims—under water and unprepared to move forward.
What’s concerning about disasters—43% will never open and 51% will close within 2 years! Any business owner should be thinking about disasters and plan recovery efforts in advance. That brings me to concern #2.
How can I, as a business owner, better prepare for disasters?
The most important thing any business can do to ensure health and prosperity is to create a business disaster recovery plan. This plan should detail all procedures, contacts, critical data and software your business needs to stay operational. It should identify locations to temporarily operate in the event your physical office is destroyed and should be the complete roadmap that guides your business through any sort of disaster.
Your Business Disaster Recovery (BDR) needs an owner—just as you have someone in marketing and someone in operations, someone on your team in accounting, you need a designated person to oversee and take ownership of disaster recovery. This person should be intimately familiar with procedures, should easily identify contacts to address specifics—say contact a software vendor or an internet service provider—they should have all the information at their fingertips. You may also consider having a secondary person responsible for your BDR plan if the primary owner is indisposed.
In the event of a disaster—for sake of clarity let’s say there was a severe internet outage—that BDR owner should be the one who knows what your backup plan is. If your primary provider is out of service, you likely have a plan (or should if your business heavily relies on the internet!) to utilize a backup provider. That BDR owner would start the ball rolling to initiate the backup internet service to ensure your business was minimally interrupted (if at all).
Keep a copy of the BDR off site— while digital copies for a BDR can be quite useful, in the event of power outages, you should always have a few hard copies printed (note: your BDR will likely change over time, you likely will need to update this hard copy as contacts, providers or processes change!). Keep a copy of your BDR plan at the office in a secure place, but also make sure you have at least one copy off site in the event that the office is inaccessible. In the event your office is damaged, the person (or persons) in charge of your BDR should have easy access to your plan off site.
Be as specific as possible— vague wording and ambiguity should not be allowed in a BDR. When writing your BDR, you need to be as explicit and clear as humanly possible. State specific actions to be taken by specific roles. NEVER make assumptions. The clearer you are in making your plan, the more likely you are to recover scotch-free from a disastrous event.
Let’s take the internet outage example again to clarify what I mean. If you had merely written, “contact AT&T for internet service” as the solution to a Comcast outage, you may be leaving your internet recovery to chance. Do you have specific contacts at AT&T? Should you contact a specific representative at Comcast before initiating your decision to switch over?
Are there trouble shooting steps you need to take before making that decision? Do you have phone numbers for each vendor (that are updated if a contact has changed!)? There are many little details that would help in avoiding even minor disasters. Does your BDR plan have this detail?
Is my business disaster and continuity plan enough to keep my business running?
One of the most overlooked points in BDR— how do you know you’ve got a good enough plan? How can you be sure that in the event of a disaster, your plan will cut it?
The only way to be certain is through testing! Running through your complete BDR plan annual ensures that your team understands their roles and you and your IT Support can ensure that every single last detail is in place and is accurate to get you through the disaster.
More than 75% of untested BDRs have serious flaws. Avoiding to test and update BDRs leads to the same fate as not having a BDR in the first place. Because a tested BDR ensures that your plan will actually get you through disasters, while untested BDRs often are missing small, yet critical, changes that would have made recovery successful. Have you EVER tested your BDR plan?
What should I do next?
Do you have questions about how to put together a disaster recovery plan? Are you sure your plan makes sure that ALL of your bases are covered in the even something happens? Contact us TODAY to discuss a roadmap through disaster recovery!
The list is long. Dozens of patches released to shore up vulnerabilities in common software. Windows, alone, released more than two dozen fixes in its patch release earlier this month, fixing 48 security vulnerabilities.
Adobe released dozens of updates as well.
Why are they releasing so many updates?
Ransomware is back with a vengeance.
Remember the attacks in the last few months? WannaCry? Petya? (To help catch up on the cybersecurity landscape in 2017, find our recent discussion. These chaos-invoking ransomware attacking businesses, hospitals, governments and banks worldwide, and are not showing any signs of slowing down.
Since recent attacks have made cyber criminals millions of dollars, they’re not giving up targeting businesses.
The bad news: the newest variants of these ransomware are more damaging to businesses than ever before!
Two Variants To Be On The Lookout:
The new variant of the Locky ransomware. First surfacing earlier in 2016, Locky has been one of the most penetrating infections to date.
The mechanism behind Locky: phishing. By convincing unsuspecting staff members to click on a link or open an attachment, the ransomware infects the machine and encrypts all of the files on the victim’s computer AND network, locking them down until a ransom is paid to the attackers.
Diablo6 is the latest variant of Locky, which is currently spreading across networks worldwide, with the United States as a primary target.
How might you and your team encounter Diablo6?
Expect an email containing a Word file as an attachment, which opened executes a VBS (Visual Basic Scripting) script that then attempts to download the Diablo6 virus to your file server.
And the cost of a Diablo6 infection?
Expect to shell out at minimum a 2 thousand dollars—currently Diablo6 demands $2,079 from victims to get their files back, but costs may rise if your business’ reputation gets tarnished in the process.
Without the hacker’s decryption key, unless you’ve backed up your files, you probably should say good-bye to your files. The Diablo6 encryption thus far has not been cracked.
A dangerous type of ransomware infection that encrypts your ENTIRE hard disk instead of just files, rendering your entire system useless unless a ransom is paid.
How does Mamba work?
Similar to recent WannaCry and Petya viruses, Mamba has been designed to penetrate and destroy business networks.
Just to put things in perspective, a Mamba variant had infected the San Francisco’s MUNI (Municipal Transportation Agency) last year that caused the entire transit system to shut down its operations.
New Mamba variants have been quickly popping up on networks across the globe and show no stopping.
Experts still are unclear on how Mamba ransomware finds its way into business networks, but believe that the virus infects through phishing schemes, similar to other ransom attacks. I wouldn’t wish this new Mamba virus on anyone!
To get back to my initial question: Are You Sure Your IT Support Has Kept Your Network Updated?
Do you have all of the Microsoft, Adobe and other software updates? With such a long list of updates (or exploits), your IT Support team really needs to be on their toes more so than ever.
What basic security should your IT Support be performing?
Train Your Team—Making your business aware of phishing emails and to be skeptical of unexpected requests. ALWAYS be suspicious of unsolicited documents sent through email. NEVER click on links embedded within suspicious emails and verify with known senders if you aren’t sure about a link or attachment.
Backup Regularly—it’s increasingly important to keep a tight grip on your critical files and documents. Making backups of your network a routine rather than an afterthought is essential to avoiding falling victim to a ransom attack if someone on your team were to mistakenly click on the wrong link or open the wrong attachment.
Monitor for Suspicious Activity—your IT Support needs to proactively monitor your network. Period. Keeping Antivirus updated and looking out for suspicious traffic running across your network is critical.
How do you know that your IT Support team is protecting your business data? Many businesses use a third party security assessment as means to address any Information Security concerns. Consider a well-defined process-based security assessment to create a plan of attack!