by Felicien | Apr 4, 2018 | Education
Over Easter weekend, hackers stole 5 million credit and debit card numbers that were used at Saks Fifth Avenue, Saks Off Fifth, Lord & Taylor, and Canada-based Hudson’s Bay Company. The personal information of customers who shopped at these stores is now compromised.
Most of the stolen card data — which goes all the way back to May 17 — was obtained from these stores in the New York City metro area, and other stores in the Northeast U.S. It appears that these stores weren’t using a secure credit card payment system. Security firm Gemini Advisory reported:
“The attack is amongst the biggest and most damaging to ever hit retail companies…Credit card data was obtained for sales dating back to May 2017. The breach likely impacted more than 130 Saks and Lord & Taylor locations across the country, but the majority of stolen credit cards were obtained from New York and New Jersey locations.”
Gemini Advisory says that the hacking group JokerStash/Fin7 boasted about their success on the Dark Web and that the data is now for sale. The name of their “product” is BIGBADABOOM-2. Gemini Advisory’s co-founder and chief technology officer said that this group previously targeted major hotel and restaurant chains. They were also responsible for other data breaches like the ones that affected companies including Whole Foods, Chipotle, Omni Hotels & Resorts and Trump Hotels.
The hackers typically use phishing emails to gain confidential information. They send the emails to company employees including managers and supervisors who are key decision makers. They disguise themselves as an entity these people would recognize as legitimate. The email contains an invoice and asks them to pay it via a link provided. Once clicked, their IT system is infected.
No store is immune from this type of breach. However, you can protect your business from phishing attacks by educating your employees.
Cybersecurity training is a must for all businesses today. You can have all the right security technology in place, but if one of your employees unknowingly clicks a malicious link, or visits a counterfeit website, your business can be ruined.
Phishing is when a scammer uses fraudulent emails, texts, or copycat websites to get you to click a link so that they can steal your confidential information like Social Security numbers, account numbers, login IDs, and passwords. They use this information to rob you of your money and your identity.
The majority of account takeovers come from simple phishing attacks where you or someone in your organization gets tricked into releasing private credentials and information.
Scammers also use phishing emails to get access to your computer or network, so they can install programs like ransomware that lock you out of your important files unless you pay a ransom.
Spoofing
Phishing scammers try to lure you or your employees into a false sense of security by pretending to be a trusted source like a legitimate company, the IRS, a colleague, vendor, or even a friend or family member.
Phishers create a sense of urgency, making it seem like they require your information right away or something terrible will happen to you. They may threaten to hold back a tax refund or close your bank account. Essentially, they lie to get your information.
Here are things that you and your employees should do to protect your business.
Be cautious about opening attachments and clicking links in emails.
Files and links may contain malware that can infect and weaken your computer’s security.
Type in URLs and email addresses.
If a company or organization you know sends you a link or phone number, don’t click the link or call the number. Go to your search engine and type in the correct URL for the company’s site and find the legitimate phone number.
Call the source. Don’t respond to emails that request confidential or financial information. Phishers use strategies that prey on fear. If you think the contact in the email needs this information, refer to the phone number in your address book, not the one posted in the email, and call them to verify the request.
Use Two–Factor Authentication. For accounts that support this, two-factor authentication is an extra step to ensure the security of your information. It requires both your password and an additional piece of information to log in to your account. The second piece might be a code the company sends to your phone or a random number generated by an application or token. Two-factor authentication protects your account even if your password is compromised.
Update your applications and Operating System. Use a good security software you trust, and make sure you set it to update automatically. Also, make sure you update all your applications and your Operating System when you receive patches from the manufacturer. Don’t delay, as there are good reasons for these updates, and they will protect your information from the latest threats.
Back up your files to an external hard drive and enterprise-based cloud storage. Back up your files regularly to ensure you have a duplicate of all your files and applications if your network is compromised.
Google conducted a study between March 2016 and March 2017 in conjunction with researchers from the University of California, Berkeley. The results revealed that phishing is far riskier for users than data breaches because of the additional information phishers collect.
Use a unique email address.
Spammers send out millions of messages to name combinations hoping to find a valid email address. If you use a common name like Joe, you’ll receive more spam than with a name like Wwmj4itvi. It’s harder to remember an unusual name like this. Try using an acronym like: “We were married June 4 in the Virgin Isles (Wwmj4itvi).
Use an email filter.
If your email account provides a solution that filters out potential spam or will channel it into a bulk email folder, opt for this. If they don’t, you might want to consider another Internet Service Provider.
Use more than one email address.
Consider using a disposable email address service that forwards messages to your permanent account. If the disposable address receives a lot of spam, you can shut it off without affecting your permanent address.
Limit your exposure.
Don’t share your email address in public. This includes blog posts, chat rooms, social networking sites, or in online membership directories. Spammers use the web to obtain email addresses.
Check privacy policies and uncheck boxes.
Before submitting your email address to a website, determine if they can sell your email to others. Don’t provide your address to sites that won’t protect it.
Be wary of messages that:
Try to solicit your curiosity or trust.
Contain a link that you must “check out now”.
Contain a downloadable file like a photo, music, document or pdf.
Don’t believe messages that contain an urgent call to action:
With an immediate need to address a problem that requires you to verify information.
Urgently asks for your help.
Asks you to donate to a charitable cause.
Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.
Watch for messages that:
Respond to a question you never asked.
Create distrust.
Try to start a conflict.
Watch for flags like:
Misspellings
Typos
Always Use Secure Passwords.
Use Two-Factor Authentication if it’s available.
Never use words found in the dictionary or your family name.
Never reuse passwords across your various accounts.
Consider using a Password Manager (e.g., LastPass or 1Password).
Use complex passwords.
Create a unique password for work.
Change passwords on at least a quarterly basis.
Use passwords with 9+ characters.
Keep Your Passwords Secure.
Don’t tell anyone your passwords.
Don’t write them down or email them.
Never include a password in a non-encrypted stored document.
Don’t speak your password over the phone.
Don’t hint at the format of your password.
Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login starting with https://. If the web address begins with https:// your computer is talking to the website in a secure code that no one can access. There should be a small lock next to the address. If not, don’t type in your password.
If you believe your password may have been compromised, you should change it.
Regularly Backup Your Data Both Onsite and Remotely.
Maintain at least three copies of everything.
Store all data on at least two types of media.
Keep a copy of your data in an alternate location.
If you haven’t backed up your data and you’re attacked, it’s gone forever.
Ask Your IT support to Conduct Testing and Security Awareness Training for Your Employees.
Give a social engineering test.
Share the results with your staff.
Debrief and train your users.
Test again each year.
Report Phishing Emails and Texts to the Federal Trade Commission.
Forward phishing emails to the Federal Trade Commission at spam@uce.gov – as well as the organization that was impersonated in the phishing email. Include the full email header if it’s available.
File a report with the Federal Trade Commission at FTC.gov/complaint.
Visit Identitytheft.gov. Victims of phishing could become victims of identity theft; there are steps you can take to minimize your risk.
You can also report phishing emails to reportphishing@apwg.org. The Anti-Phishing Working Group which includes Internet Service Providers, security vendors, financial institutions and law enforcement agencies uses these reports to fight phishing.
by Felicien | Apr 3, 2018 | Education
The new Outlook 2016 has incorporated some cool features, designed to be helpful and make your work day a little smoother. It can look a bit different depending on what version of Outlook you’re using and how your admin sets it up.
What’s New in Outlook 2016?
When you open Outlook, you’ll see six areas. Across the top is that familiar ribbon we’ve all become used to seeing. Above the ribbon, you’ll find the Title Bar which has the File tab, Home tab, Send/Receive, Folder, and View. Across the main section, you’ll find four wide panes of varying widths. Across the bottom is the newest addition to Outlook, the navigation bar.
While on the home tab, you can take a closer look at the four panes or main sections. The narrowest one located on the left contains your inbox, sent, deleted and other items pertaining to your mail folders. The second column contains your messages. Here, you can get a closer look at the items in your inbox. It shows the names and dates of each email. The widest pane shows the contents of the actual email. This section is called the reading pane. If you click on a specific email, you can read it and reply or forward it. The fourth smaller pane to the right contains your calendar and do-to list.
At the bottom, you’ll see the newly added navigation bar. Hover over each item there for a closer look. This is handy because you can access frequently used features or people very quickly here. The dots, which represent “more”, open up a “navigation options” dialog box. There you can change a number of things pertaining to the way your email client is laid out. You can also choose navigation options > compact navigation. This will make the navigation bar smaller. Little icons replace the larger words that were used. The icons can run horizontally across the bottom or vertically along the side.
Reading Pane Too Small?
You may not always need your calendar to stay open. It’s easy to close. Simply click on the arrow at the top to close it. You can also close the folders section located on the far left the same way. By closing these two sections, you’ll now have a much wider email viewing pane. This can be helpful if you have a long or important email to read. If you need to take a quick look at the folders, simply click on the words “All Folders” (far left side, vertically written) and a handy pop-out appears. This pop-out will stay there until you click on “All Folders” again. The navigation pane appears vertically written as well and this configuration can give you the greatest amount of space to work on emails.
In addition, you have the option of manually dragging the borders for each section. This is a quick and easy way to increase or decrease the width of a pane so that your Outlook email works best for your situation.
The New Navigation Pane
In the 2016 version, a navigation pane was added to the bottom. It has links that go out to:
Mail
Calendar
People
Tasks
More – More is represented by small dots in most programs now.
You can hover over each one to learn more about it or access that particular feature. For instance, hover over “People” to see all those listed in your contact list. You can also hover over a specific person to get more information about this person. For each of your contacts, you’ll see small icons along the bottom so you can email, call or video chat with that person. The same is true for each item in the Navigation Pane. Simply hover over your calendar for a quick look at your day, week or month. The calendar in your Navigation Bar performs the same tasks as the actual calendar portion of your Home Page. For that reason, you may find it handy to just leave that Calendar closed and use the one in the Navigation Bar. This will give you more room for emails and other tasks you do on the Home Page.
Taking a Deeper Look at The Ribbon
The Ribbon has been around since Word 2007 and most users are fairly knowledgeable about how to use it. If it’s in the way and you’d like to temporarily remove it, click on the small triangle on the far right side of the page. This collapses the Ribbon. When you want it back, click on the same triangle and it reappears. This works for all Microsoft Office programs, including Word, Excel, and Access.
Of course, there are shortcuts for just about all the actions found on the Ribbon. Many users find it helpful to learn those shortcut keys and use them instead of navigating through the tabs/items on the Ribbon. You can also hide or view the Ribbon by clicking on the View tab. Outlook 2016 is all about making your email tasks much simpler.
Dealing with Emails
Once you get your work area set up so that it’s most efficient for you, it’s time to read and answer a few emails. At the top of each one, you have inline options to reply, reply all, forward or IM. Click on reply and you can just start typing your message. You can also right-click in this area for a list of other options like changing the font and color of your typing. Right-clicking in various areas of the page will always call up a list of other helpful options and this can often prevent you having to reopen the Ribbon to accomplish a task.
When an email has attachments, you can click on the attachment to view it there in the Outlook program. This is true for PDF docs, Word docs, and Excel. This saves you the trouble of having to open Word, Excel or Adobe and this can be a real time-saver. If you do want to open up the specific program and view the document there, simply double click on the attachment.
Show As Conversation
Another helpful feature when dealing with lots of emails from different people on the same topic is the “Show as Conversation” feature found on the View tab. By clicking on “Show as Conversation” you can group all the emails about a specific topic so that they make sense. This prevents you from having to sort through dozens of emails to find all those related to a topic. Once these emails are grouped together, it’s easy to click on one to read or respond to it.
The Clean Up Tool
Like many users, you may have a dozen emails on one specific topic and yet only five of them are actually important and contain good information. The Cleanup Tool can be used to remove those emails that only say something inconsequential like, “I agree” or “Thanks” or contain redundant information. The Cleanup Tool is found on the home page and hovering over it will show three options:
Clean up conversation
Clean up folder
Clean up folders and subfolders
Before the messages are cleaned up, you will get a warning box that asks if you’re sure. Many users find it helpful to clean up messages and folders on a regular weekly basis. This can prevent you from maxing out your Outlook storage limit. Simply run the Clean Up tool each week on folders and emails to keep redundant items from clogging up the works.
These are just a few of the many ways to make Outlook 2016 work more efficiently. By learning these tips and tricks you can save valuable time throughout your day and reduce stress.
by Felicien | Apr 3, 2018 | Education
I love my Alexa. I don’t know what I’d do without it. Last year I decided to set it up for voice shopping. That way, when I come home from work, I can start cooking dinner, get the kids going on their homework, and tell Alexa what I want to buy.
Evidently, other moms and dads are doing this too. Research shows that people are spending about $2 billion a year using voice shopping with their Echos and Alexas.
And, it’s predicted that this amount will increase rapidly over the next few years to a whopping $40 billion by 2022! According to the company that provided these statistics:
“Voice commerce represents the next major disruption in the retail industry, and just as e-commerce and mobile commerce changed the retail landscape, shopping through smart speakers promises to do the same…The speed with which consumers are adopting smart speakers will translate into a number of opportunities and even more challenges for traditional retailers and consumer products companies.”
It seems that Amazon is the preferred vendor with 85% of people choosing the products Amazon suggests. For those like me who purchase groceries online, 45% of online grocery orders are made through Amazon Fresh.
Here are some more interesting statistics:
Right now, only 13% of homes have one of these devices, but by 2022 this is supposed to grow to 55%.
Amazon Echo is the most used of any U.S. virtual assistant. Google Home is the next at 4%, followed by Microsoft’s Cortana at 2%.
Those of us who have an Amazon smart speaker spend 66% more on Amazon than other people do.
Amazon Alexa owners spend on average $1,700 a year at Amazon, while members of the Amazon Prime program spend around $1,300 a year at Amazon.
Well, what can I say? It’s so much easier to just speak into my Echo and tell Alexa to reorder what I did last week from Amazon Fresh. When I’m making dinner, I don’t have the time to sit down and type away on a keyboard. The Voice Purchasing function of Amazon’s Alexa and Echo is so convenient. I can order practically anything from Amazon without using my computer. It’s great!
It seems that the smart speaker market is still in its infancy (unlike my precious children), and it’s still not clear if the Google and Microsoft smart speakers will be able to catch up to Amazon in the future.
Speaking of children…
Because Amazon doesn’t ask me to confirm my purchases with a “yes,” I’ve found some items in my orders that I didn’t place – but that my “precious” children did! Sugary cereal, microwave popcorn, chips, cookies, etc. Boy, was I mad when I found out they did this. You can be sure these purchases will come out of their allowance!
When I complained to Amazon, they told me to increase the security on my Alexa. They said there are two ways I can secure the Echo speaker from the kids or others. I can disable the Voice Purchasing feature or simply create a four-digit PIN (a secret one of course!).
Here’s how to disable Voice Purchasing.
By disabling Voice Purchasing, you can still shop with your Alexa and add items to your cart. However, you’ll have complete your checkout from the Amazon website or app.
Sign on to amazon.com(or open the Alexa app on your iOS or Android device).
Go to Settings.
Select Voice Purchasing.
Toggle off the Purchase by voice to disable Voice Purchasing.
They also suggest the I use a confirmation code.
Doing this lets me keep Voice Purchasing enabled without allowing others to purchase things with my Amazon account. I have to speak my confirmation code aloud to complete my order. So, I make sure to do this when the kids or others aren’t around!
Sign on to amazon.com(or open the Alexa app on your iOS or Android device).
Go to Settings.
Scroll down and choose Voice Purchasing.
If it isn’t enabled choose “Purchase by Voice” to enable it.
In the text field beside Require confirmation code, enter a (secret) four-digit PIN.
Save.
Why do I love my Alexa for shopping? Because it’s so convenient! If I’m running out of paper towels or toilet paper, rather than jotting this down on a shopping list, I just ask my Echo to tell Alexa to order what I did last month. They arrive at my house in just two days! No more going to the store, putting them in a cart, jamming them into my car, taking them out of my car, etc. (you get the idea). They magically appear on my doorstep with minimal effort on my part.
And, if I happen to order something that requires a return, I don’t have to pay for shipping. Come to think of it, I should have returned the kids’ chips, cereal, etc.!
If you haven’t shopped with Alexa, you should give it a try. I know, it can be a little scary the first time. But once you see how easy it is, you’ll be “hooked” like me.
Here’s how to set up Alexa for shopping.
First, you need to set up an Amazon Prime account, provide a U.S. shipping address, billing address and a U.S.-based payment method. Set your Amazon Prime account for 1-Click shopping.
Check the settings in your Alexa to make sure Voice Purchasing is enabled. You can go to Settings -> Voice Purchasing in the Alexa app, and enable it. You can also manage your 1-Click settings here and set a 4-digit PIN to make sure the kids don’t order stuff!
Now, you can order anything that’s Amazon Prime-eligible:
Order new products: If it’s something you’ve never ordered before, Alexa will suggest an “Amazon Choice” product that meets your description. If you’re not sure about what you want to buy, you can add it to your cart and cancel it right away if you change your mind.
Reordering: Alexa will look at your past orders, so if you ordered a particular brand of paper towels, you can easily reorder them with a “reorder _____” command. Alexa will ask you to confirm the order, and if you say yes, you’re all done.
Tracking: You can always track what you’ve ordered by asking Alexa. Just say, “Alexa, where’s my stuff?” She’ll let you know when your order will arrive.
So, you can see why I love my Alexa and why I can’t do without “her.” She’s my newest best friend!
by Felicien | Apr 3, 2018 | Education
This may sound like science fiction, but it’s not. The leading electronic health record vendors are, or will soon be, using Artificial Intelligence (AI) to read our EHRs. They revealed this at the 2018 HIMSS18 conference.
EHR vendors Allscripts, athenahealth, Cerner, eClinicalWorks, and Epic all plan to add AI into the next versions of their EHR platforms – some as early as 2019. AI will be incorporated into things like population health, telemedicine, voice interactions and even clinical decisions.
At the conference, Microsoft displayed how AI runs in conjunction with the Epic EHR system using Microsoft Azure. Siemens Healthineers showed how AI works with its cloud-based imaging software. Caradigm said they’re adding AI into their population health tools.
Dr. John Glasser from Cerner/Siemens tells us how this works:
“Right now, when [a physician goes] to order a prescription or you go to document, let’s say, on a patient, the machine — because you’ve got to document this, that or the other — … asks you the same questions, like if someone has diabetes regardless of the nature of the diabetes, and what’s been done before. So … you have the AI that says ‘I’m only going to document the stuff that is really tailored to this patient and their particular issues … and I’m going to populate with stuff I already know. I’m going to go ahead and take care of a bunch of the documentation and I’m going to focus [the physician’s] documentation on key items. That’s one way we do it. Really tailor … so they don’t waste time documenting stuff that’s irrelevant or that’s not going to be useful….
The second thing we have, and this is still early, … you’re in the room examining your patient, the machine is pulling data from the EHR … it’s looking at activities, what screen you go to as the doctor, it’s listening to the encounter, so it’s listening to the discussion and it’s pulling up key phrases and this, that and the other, and it’s watching the interaction. It’s actually seeing you listening to the patient’s chest or looking in the patient’s ear. But based on the system watching the conversation and listening to the conversation and pulling out the data it actually generates the documentation automatically. It’s still early, but it looks pretty darn promising … through recognition of voice and recognition of images and movement it will actually automatically generate this. Anyway … [with usability] it’s the fact that … if you can take time out of these kinds of things and reduce clicks, then we’ll have made progress with usability.”
Beyond EHRs – If AI can help a doctor save time and better serve their patients, isn’t this a good thing?
Saving time in the healthcare setting may mean the difference between life and death. AI can help a physician diagnose a condition and treat it promptly. An early diagnosis for a patient who suffers from a heart attack or stroke can be lifesaving.
With assistance from AI perhaps doctors will be able to spend more time with their patients. With an aging population that needs more time with doctors, extra time is a precious commodity.
Physicians have a never-ending pile of paperwork that often needs immediate attention. Today, most spend two-thirds of their time handling paperwork. This is up from one-third only 10 years ago.
A report from the Annals of Internal Medicine revealed that – “During the office day, physicians spent 27.0% of their total time on direct clinical face time with patients and 49.2% of their time on EHRs and desk work. While in the examination room with patients, physicians spent 52.9% of the time on direct clinical face time and 37.0% on EHR and desk work. The 21 physicians who completed after-hours diaries reported 1 to 2 hours of after-hours work each night, devoted mostly to EHR tasks.”
AI not only helps doctors save time, it also saves lives.
The treatment and prevention of dangerous diseases depend on early detection. And, a late or wrong diagnosis can have fatal consequences. AI research is being used to not only keep people healthy but to save lives as well. In 2017, doctors from Harvard and Beth Israel Deacon partnered with Philips to improve the diagnosis of cancer. Without AI, it could take 6 months to compile the data from 10,000 ultrasound reports. With Philips AI, physicians can retrieve the information from 200,000 ultrasound reports within 5 days.
Philips Research China, one of the company’s divisions specializing in AI, developed a Natural Language Processing (NLP) algorithm that extracts structured data from clinical reports, so doctors are provided with the proper information for secondary analysis. It’s currently being piloted in several large hospitals.
IBM is helping to fight cancer with AI, and its Watson Oncology platform. It will soon be used in a community hospital in Florida to help treat cancer patients. Watson takes in reams of clinical trial data and medical journal entries, detects patterns and gives cancer care specialists a list of effective treatment options.
Experts at the University of North Carolina School of Medicine tested Watson’s effectiveness with 1,000 cancer cases and found that it came up with the same recommended therapies as professional oncologists in 99% of the cases. Where this will really be of help is in smaller and rural medical centers where specialists are lacking.
AI helps doctors and patients in other ways.
Health assistants can also save you an unnecessary trip to the doctor, and time sitting in a waiting area with others who may have contagious illnesses. When you don’t feel well, you typically go to the doctor where he or she checks your vital signs, asks questions about your symptoms, and provides a prescription if warranted.
Now, a program called Your.MD can ask you about your symptoms and suggest steps you can take to help you feel better. It will also warn you if you need to visit a doctor. Other health assistants like Ada work in conjunction with Amazon Alexa to provide a symptom assessment report, and an option to contact a real doctor.
AI is also being used to remind patients to take their medicines. AiCure is another mobile app that uses AI to ensure patient compliance with prescriptions. This will help those who can’t remember to take their medications on time or those with serious illnesses who might skip their recommended doses altogether.
Will AI replace doctors one day?
As much as we like to think they won’t, it is a possibility according to authors Richard Susskind, chairman of the advisory board of the Oxford Internet Institute, in an article in the Harvard Business Review, and his son Daniel, an economics fellow at the University of Oxford’s Balliol College.
They believe that “AI will not only support physicians but ultimately replace them. The argument that technology cannot be empathic is moot, they argue, and many aspects of professional work do not require compassion. They argue that judgment, creativity, and empathy are not necessary to the practice of medicine”.
But have no fear. For the foreseeable future, AI will augment healthcare – not replace it.
by Felicien | Apr 2, 2018 | Education
In case you haven’t heard, IT systems for the City of Atlanta were shut down by SamSam, a virulent form of ransomware.
What’s SamSam? The SamSam malware hunts for critical files and uses AES 256-bit encryption to lock them up. The hacker then asks for a Bitcoin to be sent to a Bitcoin wallet. If the victim doesn’t pay, they erase all the data.
“SamSam is a ransomware controlled by a single threat group,” explained Keith Jarvis, a researcher with Secureworks Counter Threat Unit. “It’s unlike other ransomware that’s out there.”
What makes SamSam different is in the way the attacks develop.
SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Once the hacker group succeeds, they’re inside your system.
The ransom note left by hackers said that refusing to pay the $51,000 would result in deletion of all the information. This particular group of hackers has successfully collected $850,000 since last year.
1 in 4 of those who pay a ransom never recover their data. The FBI urges victims not to pay. This is why it’s essential that you back up your data to a reliable source.
This wasn’t the first time SamSam paralyzed a government.
It’s also infected offices in Colorado, North Carolina, Alabama, and Maryland.
Governments’ operations are mission-critical, and hackers know that they will ultimately pay the ransom.
Experts say that SamSam and other ransomware attacks will increase. No one is safe.
So, what should you do? Here’s what cybersecurity experts recommend.
“Backup, backup, backup!” You can restore your files from your last backup.
However, not all backups are the same. You must regularly back up your files to an enterprise-cloud solution. If you use a disaster recovery as a service (DRaaS) solution, you should be able to do this and quickly “spin up” the image of your backup on your computer. But first, make sure your most recent backup wasn’t infected as well. By spinning up the image in a self-contained virtual machine (VM), you can inspect the backup image without exposing it to your entire network.
Backup your data to a reliable source. A ransomware attack can hold your data hostage and paralyze your business just like it did for the City of Atlanta. That’s why having a reliable enterprise-cloud backup solution is crucial. Ask your Technology Solutions Provider to help you decide which one is best for your unique needs.
Work with your IT provider and answer the following questions so they can provide the best backup solution for you:
How critical is the data you store?
This will help your IT support determine when and how it should be backed up.
For critical data that includes databases, you’ll require a backup plan that extends over a number of time periods.
For confidential information, your backup data should be physically secure and encrypted.
For less critical data, an extensive backup plan isn’t required. However, you should still back up data regularly and ensure it is easily recoverable.
Do you need to back up your backup?
If you use large servers, your IT provider should create an image of them so your data can be retrieved immediately. Remember, backups can fail, so it’s important to back up your backup.
Do you test your backups to ensure they are readily recoverable? No matter how comprehensive your backup plan is, you’ll never know if it actually works unless you test it. Avoid potential backup failures by asking your tech provider to regularly test the recoverability of your data backups.
How long can your business survive if your data is unavailable?
It’s important to consider this possibility. It could be a while before your data can be retrieved if it isn’t stored properly. For some, this means weeks without their data. However, your IT support provider can make sure you’re using a proper extensive backup solution so that you can retrieve your data within minutes.
Time is an extremely important factor. Every minute of lost productivity will cost you. Not only in terms of money, but in regard to your reputation with your customers.
You should regularly back up your information to the cloud to protect against data or financial loss if you’re hit with ransomware. Just like you need this protection in the event of a power loss, accidental deletion of data, or a disaster that destroys your servers, you need it to protect your business from ransomware attacks.
Here are some other things that cybersecurity experts recommend:
Turn off Remote Desktop Protocol (RDP). It should never be used on any public facing port, and its use should be discouraged anywhere else on a network.
Turn on two-factor authentication. Brute force credential attacks won’t work if two-factor authentication is in place.
Perform regular audits of your external network for open remote access ports. You can use the Shodan browser for this.
Have robust credentials. Weak credentials make a break-in easier and faster.
Use whitelisting. That means keep a list of the sites on the Internet where users are allowed to go and a list of what sites can have access to your network.
Never allow Windows shares on the public network.
Patch religiously. While you need to confirm that a patch will work, it’s critical to apply it promptly. The practice of delaying patches for months or forever is certain to cause problems.
Finally, train your employees to recognize threats such as phishing emails.
Security Awareness Training for your employees Is the first step towards protection.
Hackers work 24/7 to obtain access to your confidential information, and using ransomware is one of the easiest ways for them to do this. It’s easier for them to trick your employees than it is to break into a well-secured IT system.
Ransomware succeeds via phishing attacks, where employees are convinced to click a malicious link. Once they do, the virus enters their computer and locks down all the data. Good employees make mistakes. If they aren’t properly trained to recognize a cyber threat, your network and business are vulnerable.
Today’s
security solutions are no match for ransomware. This is because the criminals get into your system via your employees’ negligence. Malicious emails coupled with a lack of employee cybersecurity training
is the leading cause of successful ransomware attacks.
Ask your IT support partner to conduct regular Security Awareness Training for you and your employees.
When conducted properly, this traininitg will reduce the risk to your organization’s IT systems and limit the chance of a data breach.
It’s essential to train your employees to recognize phishing emails and know what to do if they receive one. Make sure they know how to avoid common dangers like opening attachments from unknown senders. Every employee should participate in this training – and ensure that your IT provider holds refresher courses, as threats are constantly changing.
Don’t wait until a ransomware attack locks up your data. Take steps to protect your business now.
