7 Things You Need to Know About Ransomware

7 Things You Need to Know About Ransomware

​Ransomware is a well-named type of cyberattack. Cybercriminals taking this approach kidnap your data. After accessing your network, they encrypt files and demand payment for the passcode. Here are the top seven things you need to know about this business threat.

#1 It Can Happen to You

Cybercriminals rely on your false confidence. Don’t think “it won’t happen to me.” Attacks on government, education, healthcare, or financial institutions get publicity. Yet organizations of all types and sizes are targeted.

#2 Ransomware Spreads Fast

Ransomware is malware, malicious software that can reach throughout a network. So, if Jane from accounting opens a ransomware file, every single computer on your business network could be infected. The virus can spread between businesses, too. Consider the debilitating WannaCry ransomware attack of 2017. Within four days of its first detection in Europe, the strain had spread to 116 countries.

#3 Ransomware Targets People

A common method to send out phishing emails in the hope of having people enter their access credentials. Targeted business communication emails work, too. The attacker gets to know your business first. Then they send an email impersonating a colleague, supplier, or customer asking you to take action or update contact details by clicking on the link or downloading a file.

#4 Ransomware is Costly

Once the ransomware is installed on your system, it locks down your files. To regain access to the files, you need the password or decryption key the attacker supplies when you pay up; that’s if they keep their end of the bargain once you pay the ransom. These are crooks you’re dealing with after all!

In Coveware’s analysis of Q3 2019, the average ransom payment increased by 13% to $41,198 as compared to $36,295 in Q2 of 2019. And that’s just the cost of the ransom. Indirect costs include the cost of downtime, lost revenue, and long-term brand damage. There’s also the expense of removing the ransomware, forensic analysis, and rebuilding systems.

The average ransomware attack in Q3 2019 resulted in 12.1 days of downtime. — Coveware

#5 Ransom Requires Cryptocurrency

Ransom payment is usually made by bitcoin or another cryptocurrency. Your business needs to buy cryptocurrency with actual cash, then transmit the ransom. They choose cryptocurrency because it’s very difficult to trace. It doesn’t help you that bitcoin is not something you can charge back like a credit card.

#6 A Recovery Plan Helps

Planning in advance can help you respond more reasonably. Document plans to disconnect infected computers from the network as soon as possible. Also, power down any machines that could be vulnerable to avoid spreading contagion.

You should also discuss in advance whether or not your business will pay a ransom. Weighing the costs and benefits without a deadline on the decision can help you react more strategically.

#7 You Can Take Action

You don’t have to sit around worrying and waiting for a ransomware attack. There are many things you can do to help prevent this type of attack:

  • Filter traffic, preventing it from coming into your network in the first place.
  • Scan inbound emails for known threats, and block certain attachment types.
  • Use antivirus and anti-spam solutions and regularly upgrade and patch vulnerable software.
  • Educate all users about social engineering.
  • Allow remote access to your network only from secure virtual private networks.
  • Back up your data to more than one location so that you can restore any impacted files from a known source.

Ransomware is a lucrative, relatively easy mode of attack for cybercriminals. They could target your business. Contact us today for help implementing the best protection practices to keep your data safe. Call us at 323-7111.

Want to know more?

Get in Touch with us

Why Your Business Needs Managed Services Security

Why Your Business Needs Managed Services Security

Locking your front door after a burglar has already ransacked your house doesn’t do much, and the same is true of cybersecurity. With the help of a managed service provider, you can stay ahead of security threats with well-tested, leading-edge technologies.

Ransomware, Trojans, crypto mining, and more make the news regularly these days. Businesses and consumers are both aware of the threats. Yet there is no single vaccine that can keep you safe. The volume of threats is growing. Cybercriminals are mixing up their tactics to outwit their targets, and the result is increasingly sophisticated cyberattacks.

Password theft and password-based breaches remain a daily occurrence in 2019. But that’s only one area of concern. Cybersecurity experts warn that, “the worst is yet to come.”

Managed services help you to stay on top of evolving threats. For a small, fixed monthly cost, you add a team of experts to your arsenal. Instead of reacting after the fact, they work to identify any vulnerabilities. Instead of reacting, they work to identify vulnerabilities and prevent attacks.

When security is internal, a single person or small, overworked team tries to stay current. Working with a managed service provider (MSP), in-house IT teams focus instead on business tasks. They can trust the MSP to know the latest, greatest technologies. The MSP’s experts do the necessary training and attend the security conferences, and your business benefits without having to spend finite resources.

Managed Services Make a Security Difference

An early order of business for your MSP is learning your system, network, and applications. These IT experts get to know your business and its workflow needs. Then, they recommend the best tools for you to use. They make suggestions that prioritize productivity, ease of use, cost, and security. You don’t have to deal directly with a vendor salesperson. You gain an objective perspective on what technology truly suits your needs.

Regrettably, your technology users remain a weak link, but you can boost your employee cyber education and awareness (and you should). A managed services provider partner adds levels of precaution. They will test and track staff cyber behavior on-site and off-premises.

An MSP partner understands your entire technology ecosystem. They determine how your business solutions operate together to keep your business protected.

The MSP’s proactive approach can save you data breach devastation. Financial damages can be large. In a 2018 Cisco study, 54% of all cyberattacks resulted in damages of more than $500,000 USD.

Those costs aren’t the only risk of a data breach, though. Your business also risks:

  • theft of international property;
  • loss of competitive advantage;
  • damage to brand reputation;
  • customer churn;
  • regulatory fines.

No matter your business size or industry, you are at risk. It’s that simple. Cisco found 40% of companies with 250-499 employees had experienced a severe security breach in 2018. Larger organizations were similarly impacted but tended to be more resilient. Meanwhile, when a small business is breached the damage is usually even greater. Their core systems are likely interconnected, which sees the attack spread easily.

Key Takeaway

The threat landscape is always shifting. You might be at risk from targeted attacks against your employees (e.g. faked business email communications), ransomware (holding your data hostage), or other advanced threats.

Managed services ensure you have the people, processes, and technology to prevent attack. Plus, if the worst happens, they have the skills to mitigate the damage and get you back up and running quickly.

Managed services provide the best security, proactively, and on an ongoing basis. Want to learn more? Give us a call today at 504-323-7111!

Want to know more?

Get in Touch with us

The Dark Web and Its Impact on Your Business

The Dark Web and Its Impact on Your Business

Business owners today know the internet is not only a force for good. Some people exploit the Web for ill intent. They congregate on the Dark Web, and small businesses need to understand the risks.

What is the Dark Web?

You and your employees spend time daily on the Web. They’re researching clients, checking out competitors, and searching for information. They are not accessing the Dark Web. The Dark Web houses dangerous, often illegal activity. This includes black-market drug sales, illegal firearm sales, and illicit pornography.

The Dark Web’s collection of websites is inaccessible using standard search engines or browsers. Users employ a Tor or I2P encryption tool to hide their identity and activity, and they spoof IP addresses.

To go into the Dark Web, you also need to be using the Tor or I2P service. Plus, you’d need to know where to find the site you are looking for. There are Dark Web directories, but they are unreliable. The people on the Dark Web don’t want their victims to find them. Ultimately, it’s not somewhere you or your employees need to be.

So, why do you need to know about it? Because Dark Web users can buy:

  • usernames and passwords
  • counterfeit money
  • stolen credit card numbers or subscription credentials
  • software to break into people’s computers
  • operational, financial, or customer data
  • intellectual property or trade secrets

The Dark Web is also where someone can hire a hacker to attack your computers.

The Dark Web business risk

The Dark Web itself isn’t illegal, and not all its traffic is criminal. It is also visited by journalists and law enforcement agencies, and it’s used in countries prohibiting open communication.

Yet the number of Dark Web listings that could harm your business is growing. A 2019 research study found that 60% of all listings could harm enterprises, and the number of those Dark Web listings has risen by 20% since 2016.

Business risks from these Dark Web listings include:

  • undermining brand reputation
  • loss of competitive advantage
  • denial-of-service attack or malware disruption
  • IP theft
  • fraudulent activity

With media attention on data breaches impacting millions, it’s easy to think a small business is not at risk. However, bad actors don’t target a business for its size – they look for ease of access.

Dark Web information is up to twenty times more likely to come from an unreported breach. Privacy specialists told a Federal Trade Commission Conference victims included medical practices, retailers, school districts, restaurant chains, and other small businesses.

Reduce your risk

If your information ends up on the Dark Web, there’s little you can do about it. The bright side, at least, is that you would know that your business security has been compromised. Be proactive instead. Keep your security protections current, and install security patches regularly.

Consider a unified threat management (UTM) device, or UTM appliance. The UTM plugs into your network to serve as a gateway and protect your business from malware, illicit access, and other security risks.

Your UTM security appliance can provide:

  • application control
  • anti-malware scanning
  • URL and content filtering
  • data loss prevention
  • email security
  • wireless and remote access management

Or let a managed services provider (MSP) take care of all aspects of protecting your business. Pay a consistent monthly fee for an MSP to handle all your technology, patching, monitoring, and assessment needs.

Stay on top of the latest cybersecurity threats with an MSP, or learn more about installing a UTM. We can help protect you from the dangers of the Dark Web. Call us today at 504-323-7111!

Want to know more?

Get in Touch with us

Failure is Not an Option: Getting Rid of Single Points of Failure

Failure is Not an Option: Getting Rid of Single Points of Failure

You might think that your business is going to be OK even if a single device goes down. After all, there are other devices your people can use. It’s not as if the entire system is going to fall like dominoes. Or is it? Get rid of single points of failure to make one vulnerability doesn’t take down your network.

A single point of failure (SPOF) can be a design, implementation, or configuration weakness. Star Wars fans will already be thinking of the Death Star’s ill-designed thermal exhaust port. That was the SPOF Luke Skywalker exploited. 

Yet, cybercriminals don’t need the Force to target IT fatal weaknesses. SPOFs for technology include:

  • Having only one server that runs an essential application. Without that server, your employees can’t use that particular business tool.
    • Solution: Plan for the worst with built-in server redundancy. Have multiples of any hardware that is business critical. Migrate to the cloud so you can continue accessing applications, software, and storage.
  • Power outages can wreak havoc on computers and devices operating your network.
    • Solution: An Uninterruptible Power Supply (UPS) device can help prevent intermittent power interruptions to your computers, switches, and modems. Cloud solutions reduce the risk of this problem too. Employees can continue to access data and software working at different locations.
  • Your physical location could also be the SPOF. What if road closures, fire, floods, or a violent storm prevent you from being able to get to the office? Without a backup, you’ll struggle for business continuity.
    • Solution: Pool computer resources in the cloud (servers, storage, applications, and voice services). This provides continued access anywhere, anytime, and often from any device.
  • Sorry to say it, but your people could also be your fatal weakness. Perhaps you have one or even two in-house IT experts who know everything about your technology. But, what do you do if they both quit? Or one is sick and the other is on vacation when something goes wrong?
    • Solution: You can’t have every person become a subject matter expert on all aspects of IT. So consider outsourced IT.
  • You can’t get online without an internet connection. Yet you’re reliant on an external provider for that access. Planned downtime for maintenance is easier to plan around. Still, unexpected issues can cause the internet to go out.
    • Solution: Have a backup solution to pick up the slack if the main connection goes down. A router that supports having a 4G modem, for instance, could be a good failover.

 

Failure is Costly

Having one device out of commission is frustrating, but not necessarily the end of the world. But, when the damage wrought by a single weakness spreads business-wide, you could face serious consequences. 

Downtime for systems failure or data breaches can be:

  • Expensive — In addition to potential overtime for IT staff remedying the situation and possible revenue losses, your company may also face fines.
  • Time consuming — your people must adapt to a new reality while IT resources are spent trying to get back to business as usual.
  • Reputation damaging — any disruption to business as usual could undermine customer trust and prompt churn.

 

IT professionals understand the danger of SPOF. Avoid weaknesses that can lead to systemwide failures or loss of business information. Partner with computer specialists who can identify and eliminate these vulnerabilities at your business. Contact us today at 504-323-7111!

Want to know more?

Get in Touch with us

How to Destroy Data Properly

How to Destroy Data Properly

When we accidentally delete something, it feels like the end of the world. If a client file or new presentation is deleted, you may have to start again. Oh no! Yet deleting files is not as permanent as you may think. When it comes to destroying data properly, you’ll want to take a more thorough approach.

Deleting items, or “trashing” them, doesn’t permanently remove them from computer memory. While the data is still stored on your device’s hard disk, it’s possible someone could restore that deleted data.

Data does reach a point at which it’s no longer useful, and you are no longer required to maintain it. Nevertheless, it may still be valuable to cybercriminals. Bad actors can use names, addresses, credit card numbers, banking accounts, or health data. You need a policy to destroy paper records, magnetic media, hard drives, and any storage media.

Your obligation to protect customer and staff information extends to properly destroying all identifying data. Installing a new operating system isn’t going to do it. Encryption doesn’t do the job if the cybercriminal can figure out the password.

Some industries require you to prove you have correctly destroyed all data. Even if you have no compliance standards to meet, carefully dispose of any computer-related device. Whenever you are recycling, discarding, or donating an old computer, disk drive, USB stick, or mobile device, make sure the data is already properly deleted or destroyed. Otherwise, criminals could get their hands on confidential business information.

Fully, Safely Destroying Your Data

So, what do we mean by “properly” destroyed? You know about shredding paper documents. You can actually do the same with some devices. You might send the computer or device to a company with a mega-shredder. When compliance matters, keep a record of the chain of custody of the data throughout the process.

Overwriting the data, often called zeroing, is another solution. No data is properly deleted until it’s written over – that’s where the information is hidden under layers of nonsensical data and cannot be retrieved through disk or file recovery utilities. Think of this as writing three new books over the top of the pages of an erased book rather than just ripping the pages out.

With magnetic devices, you can neutralize the magnetism (degaussing) to break down the data. This scrambles up the data beyond recovery. A strong degausser will turn the device into a shiny metallic paper weight. An ultraviolet erase could be necessary for some erasable programmable memory. You might also need to perform a full chip erase.

If you’re really committed to destroying data, physically destroy the device. There’s the shredding solution, or you might actually pay to have the device smelted or pulverized.

Other Components to Destroy with Data

Don’t forget proper disposal of printers, too. Run several pages of unimportant information (maybe a font test) before destroying a laser p6rinter. With an impact printer (if you still have one!), you’d want to destroy all ribbons, too.

One last element you might think about? Business monitors. You’ve probably seen a computer screen with information burned onto it. Before donating or recycling a monitor, inspect the screen surface and destroy the cathode ray tube.

Now, that’s what we call being thorough about properly destroying data. Need help with proper disposal of computer data or equipment?

We can help. Contact our experts today at 504-323-7111

Want to know more?

Get in Touch with us

Avoiding Growing Pains — Tech Tips for a Thriving Business

Avoiding Growing Pains — Tech Tips for a Thriving Business

Maybe you started your business in a basement or home office. It was just you at the beginning. Then, your service or product gained traction. The number of staff grew, and you moved into an office. It’s amazing how far you’ve come. Better still, your business continues to grow. It may be time to consider some of these tech tips to help your thriving business.

 

#1 Upgrade to Business-Grade Cloud Services

Perhaps you’ve been relying on free software from Gmail, Outlook, or Dropbox. Who can argue with free email, calendars, collaboration and file storage right? Well, it may be time to upgrade to the business versions of the software your team relies upon.

Move from Gmail to Google Apps, or Outlook to Office 365, or Dropbox to Dropbox Business. For a small monthly fee, you gain business-grade features.

The basic Google Apps offers business email, video and voice conferencing, secure team messaging, shared calendars, 30GB cloud storage and document, spreadsheet and presentation creation. Plus, you gain greater security and administration controls. Right now, a disgruntled employee could refuse to give up control of a business account.

You’d be out of luck. With Google Apps, your business would control all accounts and could simply reset the password.

Or Dropbox Business provides added storage space and user activity and sharing auditing. Unlimited file recovery and version history make recovery easier. A remote wipe feature protects files on a stolen device). 

#2 Revise your backup strategy

A consumer grade backup setup was enough when you were only dealing with one computer. Now that you have many computers, it’s worth enhancing your backup strategy.

With 3-2-1 backup, your business has a minimum of three backups. Two would be onsite (but separate from one another) and the other offsite. We recommend the cloud. Having your backups in a unified location helps efficient recovery if disaster strikes. With cloud backup, your data is encrypted for storage in the cloud. You can set parameters for how often data is backed up and confirm that it is backing up correctly. Then, if something does go wrong, you can access essential data from anywhere, anytime via the cloud.

#3 Consider Cloud-based Accounting Services

Traditional small business accounting software requires a large database on the desktop computer. As more people need access to the database, the problems start. With multiple people accessing the accounting software:

  • The network can slow when people try to access it remotely
  • Changes can’t be made while someone else is in database
  • Data can get mismatched depending on who has the “newest” version

Cloud-based accounting packages address these challenges. With online accounting software, it’s easy for your business to scale. Business owners can connect to the data from any device with an Internet connection. Plus, in the event of a disaster, productivity won’t suffer as the information is safe and secure on the cloud.

#4 Outsource your IT

Your expanding technology allows you and your staff to do more than ever before. Great. But it also takes extra resources to monitor, manage, and secure it all. By outsourcing IT, your business gains IT expertise. Meanwhile, your in-house IT team can focus its efforts on driving growth.

Outsourcing IT also provides long-term cost savings by reducing downtime, cutting infrastructure costs, and improving security to avoid costly cyber-attacks.

Keep your business growth in check with an eye out for value-adding initiatives.

Want to know more about the benefits of any of these tech tips? Give us a call at 504-323-7111.

Want to know more?

Get in Touch with us