by Felicien | Apr 2, 2018 | Education
In case you haven’t heard, IT systems for the City of Atlanta were shut down by SamSam, a virulent form of ransomware.
What’s SamSam? The SamSam malware hunts for critical files and uses AES 256-bit encryption to lock them up. The hacker then asks for a Bitcoin to be sent to a Bitcoin wallet. If the victim doesn’t pay, they erase all the data.
“SamSam is a ransomware controlled by a single threat group,” explained Keith Jarvis, a researcher with Secureworks Counter Threat Unit. “It’s unlike other ransomware that’s out there.”
What makes SamSam different is in the way the attacks develop.
SamSam scans for open ports and uses a brute force attack until it gets in. A brute force attack means that they’ll constantly hit the port with credentials until one works. Once the hacker group succeeds, they’re inside your system.
The ransom note left by hackers said that refusing to pay the $51,000 would result in deletion of all the information. This particular group of hackers has successfully collected $850,000 since last year.
1 in 4 of those who pay a ransom never recover their data. The FBI urges victims not to pay. This is why it’s essential that you back up your data to a reliable source.
This wasn’t the first time SamSam paralyzed a government.
It’s also infected offices in Colorado, North Carolina, Alabama, and Maryland.
Governments’ operations are mission-critical, and hackers know that they will ultimately pay the ransom.
Experts say that SamSam and other ransomware attacks will increase. No one is safe.
So, what should you do? Here’s what cybersecurity experts recommend.
“Backup, backup, backup!” You can restore your files from your last backup.
However, not all backups are the same. You must regularly back up your files to an enterprise-cloud solution. If you use a disaster recovery as a service (DRaaS) solution, you should be able to do this and quickly “spin up” the image of your backup on your computer. But first, make sure your most recent backup wasn’t infected as well. By spinning up the image in a self-contained virtual machine (VM), you can inspect the backup image without exposing it to your entire network.
Backup your data to a reliable source. A ransomware attack can hold your data hostage and paralyze your business just like it did for the City of Atlanta. That’s why having a reliable enterprise-cloud backup solution is crucial. Ask your Technology Solutions Provider to help you decide which one is best for your unique needs.
Work with your IT provider and answer the following questions so they can provide the best backup solution for you:
How critical is the data you store?
This will help your IT support determine when and how it should be backed up.
For critical data that includes databases, you’ll require a backup plan that extends over a number of time periods.
For confidential information, your backup data should be physically secure and encrypted.
For less critical data, an extensive backup plan isn’t required. However, you should still back up data regularly and ensure it is easily recoverable.
Do you need to back up your backup?
If you use large servers, your IT provider should create an image of them so your data can be retrieved immediately. Remember, backups can fail, so it’s important to back up your backup.
Do you test your backups to ensure they are readily recoverable? No matter how comprehensive your backup plan is, you’ll never know if it actually works unless you test it. Avoid potential backup failures by asking your tech provider to regularly test the recoverability of your data backups.
How long can your business survive if your data is unavailable?
It’s important to consider this possibility. It could be a while before your data can be retrieved if it isn’t stored properly. For some, this means weeks without their data. However, your IT support provider can make sure you’re using a proper extensive backup solution so that you can retrieve your data within minutes.
Time is an extremely important factor. Every minute of lost productivity will cost you. Not only in terms of money, but in regard to your reputation with your customers.
You should regularly back up your information to the cloud to protect against data or financial loss if you’re hit with ransomware. Just like you need this protection in the event of a power loss, accidental deletion of data, or a disaster that destroys your servers, you need it to protect your business from ransomware attacks.
Here are some other things that cybersecurity experts recommend:
Turn off Remote Desktop Protocol (RDP). It should never be used on any public facing port, and its use should be discouraged anywhere else on a network.
Turn on two-factor authentication. Brute force credential attacks won’t work if two-factor authentication is in place.
Perform regular audits of your external network for open remote access ports. You can use the Shodan browser for this.
Have robust credentials. Weak credentials make a break-in easier and faster.
Use whitelisting. That means keep a list of the sites on the Internet where users are allowed to go and a list of what sites can have access to your network.
Never allow Windows shares on the public network.
Patch religiously. While you need to confirm that a patch will work, it’s critical to apply it promptly. The practice of delaying patches for months or forever is certain to cause problems.
Finally, train your employees to recognize threats such as phishing emails.
Security Awareness Training for your employees Is the first step towards protection.
Hackers work 24/7 to obtain access to your confidential information, and using ransomware is one of the easiest ways for them to do this. It’s easier for them to trick your employees than it is to break into a well-secured IT system.
Ransomware succeeds via phishing attacks, where employees are convinced to click a malicious link. Once they do, the virus enters their computer and locks down all the data. Good employees make mistakes. If they aren’t properly trained to recognize a cyber threat, your network and business are vulnerable.
Today’s
security solutions are no match for ransomware. This is because the criminals get into your system via your employees’ negligence. Malicious emails coupled with a lack of employee cybersecurity training
is the leading cause of successful ransomware attacks.
Ask your IT support partner to conduct regular Security Awareness Training for you and your employees.
When conducted properly, this traininitg will reduce the risk to your organization’s IT systems and limit the chance of a data breach.
It’s essential to train your employees to recognize phishing emails and know what to do if they receive one. Make sure they know how to avoid common dangers like opening attachments from unknown senders. Every employee should participate in this training – and ensure that your IT provider holds refresher courses, as threats are constantly changing.
Don’t wait until a ransomware attack locks up your data. Take steps to protect your business now.
by Felicien | Apr 2, 2018 | Education
How Would It Cost Your Business If This Happened To You?
Have you read the news? According to Reuters, Under Armour Inc., headquartered in Baltimore, Maryland, recently suffered a breach of the private information for their 150 million MyFitnessPal app users.
This is the largest breach this year according to experts. It included account usernames, email addresses, and passwords. Lucky for them, Social Security numbers, driver license numbers, and payment card data weren’t stolen like they usually are in data breaches of this kind.
Once again we learn that keeping up to date on cybersecurity, changing passwords often, and using an IT support provider to implement a layered approach to security is essential if you want your business to stay safe in today’s digital world.
Perhaps, if Under Armour had used these services, they could have prevented this breach. Now, their reputation has been ruined.
Would you trust your private data to them?
I wouldn’t.
With so many data breaches today, they should have known better and considered the privacy of their customers. How can they salvage their creditability now?
As a business technology professional, I know that data protection costs much less than what I’d face from a breach – legal liability, fines, and lost customers.
With the rising number of cyber thefts, numerous lawsuits have been filed against businesses like Under Armour. In the last few years, data breaches have become so prevalent that it’s almost commonplace to hear that a company has been breached.
Learning that all their personal information is in the hands of thieves causes a significant change in the behavior of customers. One study found that consumers who learned of a data breach at their favorite retail store significantly cut back on their purchases.
With over 1,500 data breaches in 2017, consumers responded in this way:
84 percent said they might not consider doing business with a retailer who had experienced a data breach.
57 percent of holiday shoppers felt that identity theft and data breaches would be a significant threat during the holiday season.
Four in 10 consumers said they believed businesses aren’t doing the best they can to protect them.
38 percent said they weren’t sure all companies were doing everything possible to stop data breaches.
I know that my business has the best cybersecurity and IT management that money can buy. I take full responsibility for this and all my customers’ private data.
After what I’ve learned, this is what I would tell the CEO of Under Armour, and others to do from now on:
Protecting your security isn’t only a job for your IT support provider but one for you as a CEO as well. You must understand that any interruption in your information systems can hinder your operations, negatively impact your reputation, and compromise your customers’ private data.
Many CEOs don’t fully understand this. They spend their energy developing new products and services and managing current ones. Security comes in second. Maybe they’re unaware of the risks or feel that it’s solely an IT concern. Some may not be very technical and fear to discuss what could be an intimidating topic, but this isn’t wise.
The Department of Homeland Security recommends five questions that CEOs should ask themselves to lower the risk of cyber attacks:
1) What is the current level and business impact of cyber risks to our company? What is our plan to address identified risks?
2) How is our executive leadership informed about the current level and business impact of cyber risks to our company?
3) How does our cybersecurity program apply industry standards and best practices?
4) How many and what types of cyber incidents do we detect in a normal week? What is the threshold for notifying our executive leadership?
5) How comprehensive is our cyber-incident response plan? How often is the plan tested?
We also need to train our employees on cybersecurity practices like recognizing phishing attacks and using secure passwords. The folks at OneSource handle this for us. Here are some of the topics they cover:
Lesson 1: Ignore Ransomware-Threat Popups and Don’t Fall for Phishing Attacks.
These threats look like they’re from an official entity like the IRS or FBI. If a screen pops up that says you’ll be fined if you don’t follow their instructions, beware! If you do, the criminal will encrypt all your data and prevent you and your employees from accessing it.
Watch out for messages that:
Try to solicit your curiosity or trust.
Contain a link that you must “check out now”.
Contain a downloadable file like a photo, music, document or pdf file.
Don’t believe messages that contain an urgent call to action:
With an immediate need to address a problem that requires you to verify information.
Urgently asks for your help.
Asks you to donate to a charitable cause.
Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.
Be on the lookout for messages that:
Respond to a question you never asked.
Create distrust.
Try to start a conflict.
Watch for flags like:
Misspellings
Typos
Lesson 2: Always Use Secure Passwords.
Never use words found in the dictionary or your family names.
Never reuse passwords across your various accounts.
Never write down your passwords.
Consider using a Password Manager (e.g., LastPass or 1Password)
Use password complexity (e.g., P@ssword1).
Create a unique password for work.
Change passwords at least quarterly.
Use passwords with 9+ characters.
A criminal can crack a 5-character password in 16 minutes.
It takes 5 hours to crack a 6-character password.
3 days for a 7-character one
4 months for 8 characters
26 years for 9 characters
centuries for 10+ characters
Turn on Two-Factor Authentication if it’s available.
Lesson 3: Keep Your Passwords Secure
Don’t email them.
Don’t include a password in a non-encrypted stored document.
Don’t tell anyone your password.
Don’t speak your password over the phone.
Don’t hint at the format of your password.
Don’t use “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
Don’t use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with http:// instead of https:// If the web address begins with https:// your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.
Lesson 4: Backup Your Data Onsite/Remotely and Securely
Maintain at least three copies of everything.
Store all data on at least two types of media (one offsite in a secure enterprise cloud solution).
Keep a copy of your data in an alternate location.
If you haven’t backed up your data, and you’re attacked, it’s gone forever.
Lesson 5: Secure Open Wi-Fi with a VPN.
Don’t go to sites that require your personal information like your username or password.
Use VPN whenever possible. Limit your access to using sites with: https://
Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available”.
We have our tech support professionals train our employees a few times a year because the threats keep changing. Plus, we have them conduct Vulnerability Assessments to make sure our cybersecurity “armor” stays strong and intact.
Don’t risk your data. Keep your data secure and your employees educated. I recommend that if you’re in an area they serve, that you should contact us immediately.
by Felicien | Mar 30, 2018 | Education
Do you have a device or app that you enter personal information in so you can track what you eat, what you do for exercise, how much you weigh, where you live, and when you leave your home every day to go workout? Well, if you use MyFitnessPal you may be 1 of 150 million users whose data may have been compromised.
Baltimore’s Under Armour announced Thursday evening (March 29th), that they experienced a data breach exposing usernames, email addresses, and hashed passwords of 150 million users of the popular MyFitnessPal app:
“Under Armour is working with leading data security firms to assist in its investigation, and is also coordinating with law enforcement authorities,” the company said in a statement. “The investigation indicates that the affected information included usernames, email addresses, and hashed passwords — the majority used the hashing function called bcrypt used to secure passwords.”
Under Armour will require all users to change their passwords and is “urging users to do so immediately.” They are also encouraging their users to keep an eye out for suspicious activity within their accounts.
What should you do?
If you receive an email that claims your personal MyFitnessPal information has been hacked, and that you need to click on links to change your password or open attachments to find out how to protect yourself, be very careful:
Don’t click on links,
Don’t open attachments, and
If there’s a reference to a website with more information, type the web address into your browser. Don’t click the link.
Most importantly, change your password not only in your MyFitnessPal application but anywhere else you use that password or even a variation of that password.
Don’t let your quest to live a healthier lifestyle be the opening for a hacker to ruin your life.
The Lesson You Should Learn From This
That is how hackers get by all the expensive security that banks and financial institutions have; by getting your password from a less secure source!
Read more here
by Felicien | Mar 30, 2018 | Education
Microsoft is your ultimate cheerleader – which might be a pun on their product, Microsoft Teams! But really, the app is named for the collaborative environment that caters to teamwork.
Microsoft Teams is a collaborative workspace included in subscription-based Office 365 and a hub for workgroups with teams of staff. Microsoft Teams offers a secure environment and guarantees Team members access to the information a Team needs to work together. Connectivity and communication are clean and organized and offer Teams the chance to chat, call, meet, and store shared files within channels.
Why We Know You’ll Love Microsoft Teams
Microsoft Teams is customizable for each Team and integrates with other productivity apps, including the full Office suite. Switching between Teams is easy, allowing for multiple accounts under one user should there be a need. Teams can be seen as Microsoft’s new iteration of Skype for Business – but with improvements!
Mobile calling and video conferencing are built-in offerings for Microsoft Teams, as are private and group chat capabilities. Chat messages are threaded, a popular option among collaborative platform users. Microsoft Teams also supports integration with email, and apps like SharePoint, Power BI, OneNote, and more. Users can schedule meetings and initiate notifications from within Teams. Users can search Microsoft Teams for people, files, and chat messages, and opt-in to notifications using connectors.
Cloud service connectivity is supported for a highly-customizable user experience, and users can increase productivity even further by automating tasks by adding bots to your Team. Tailor channels to your Team’s specific needs no matter what the nature of the Team is.
How different divisions use Microsoft Teams:
Sales: Customize pitches, celebrate wins, tailor leads and messaging, and share product or service updates
Marketing: Coordinate campaigns, plan events, share feedback, brainstorm tactics, and generate reports
Project Management: Project planning and communication tools, share status updates and coordinate tasks, schedule and share deliverables, and organize project details
Technical: Discuss requirements, and with the ability to integrate with tools like Jira, seamless and transparent communication is simple
Where You’ll Use Microsoft Teams
The development team at Microsoft knows that connectivity doesn’t rely on geographical location, and that modern teams can be distributed or global. Connecting via desktop computer, laptop computer, tablet, smartphone, or mobile device is easy as Microsoft Teams was designed with an interface for all options.
Who Will Use Microsoft Teams
Depending on if you choose private or public is what will decide if your Team is open to new members by invitation only, or anyone can join. Anyone can join Teams that are available to be discovered in the Suggested Teams.
Things to remember:
About Teams:
If you already have a Group in Office 365, activate Microsoft Teams on your existing Group rather than creating a new Group, to avoid duplicates. The Group will have a shared Outlook inbox and calendar, SharePoint site and document library. Redundant Groups lend to confusion over which is the official or “right” Group, and this goes against the purpose of Microsoft Teams.
Teams can have up to 2,500 members, and each Team can be led by as many as 100 owners.
Team owners can add new members to the Team, make other members Owners, and edit, rename, or delete the Team settings.
About Channels:
Channels organize Team conversations by topic. All Teams have a “General” Channel by default, to help a Team initiate communication within the Channel.
Following a Channel will give users an alert for all activity within a Channel.
Selecting the star to the right of the Channel name marks the Channel as a Favorite, and this Channel stays visible.
When a Channel needs to be removed, it’s wise to archive rather than to delete, because the content in a deleted Channel is lost.
A neat trick allows users to send an email from Outlook or Gmail or another integrated email service into the Channel, and the email will be forwarded in for all members of the Team to see within the Channel. This feature is particularly helpful with Teams that generate long email chains involving many recipients. Emailing communications like these into a Channel also helps centralize the communication and maintain continuity of the conversation, supporting the purpose of Microsoft Teams.
Team members can schedule meetings within a Channel, or members can opt to “Meet Now” in a cool feature that allows any Team members available to hold an impromptu meeting over the phone or via video.
About Tabs:
Tabs are helpful in that tabs support a multi-faceted approach to sharing and communicating. The nature of Microsoft Teams is a collaborative environment and allowing Team members to utilize Channels to share more than just basic messages facilitates open dialogue.
Conversations: conversations with members of your Team
Files: Upload, share, and view files with other members of your Team. Documents seen here are placed in your Team’s SharePoint document library.
Files can be edited right in the user interface.
Users have access to their OneDrive folders, as well, thanks to Microsoft’s fully-integrated environment.
Wiki: An interactive notes experience for Team members to take notes, tag Team members to notify them in real time, and draft or edit content in real time
Custom: Add a tab from the available integrated app gallery into a Channel
Everything in Office, like Excel, Word, OneNote, and more, as well non-Office apps like Adobe and SurveyMonkey
About Connectors and Bots:
Connectors are how Microsoft Teams pushes content into the Channel from connected applications and feeds, upon initiation by the user.
Connectors add a service for users directly into Teams, like for a Twitter feed, an RSS feed, GitHub or Trello, and many others.
Content delivered via Connector can be customized, as well.
Intelligent automation Bots are built into Microsoft Teams and are designed to be interactive with Team members. Tag the bot for activation and offer simple commands for responsiveness.
Microsoft Teams offers tremendous flexibility and an amazingly intuitive interface for users. Teams is a wonderful collaborative workspace and communication hub. Like with any new technology or platform, adoption is dependent entirely on the collective using the application or service for widespread and continued use. It’s also compliant with regulations from HIPAA to ISO standards.
The magic of Microsoft Teams is in its flexibility, its transparency, and its simplicity. Try it today using these tips, and enjoy a successful Teams launch!
by Felicien | Mar 30, 2018 | Education
Do you wish you knew more tech tricks to help you make your gadgets work smarter for you and save you time? See how to use your iPad as a second laptop screen, how to set time limits for using a Chrome browser, how to schedule an email to send at a certain time in Gmail, and more!
Technology exists to improve our lives. The fundamental purpose behind technology was man being driven to find new ways to do things to make life easier for mankind. The first form of technology recorded? What would you think – black and white television? The telegraph allowing expedited long-distance communication? Think back even further – much, much further. If the fundamental principle of technology is to make life easier for man, are the earliest examples of technology manmade weapons and fire?
Obviously, we’ve come a long way since stone weapons and fire, all the way to robotics and artificial intelligence, and then some – though we’re still waiting for the day when we all have flying cars like the Jetsons. Think about the ways you use technology every day. Do you listen to music in the car, on the bus or train, or while jogging? Do you brew coffee or tea in a Keurig? Are you reading this on a computer or mobile device? Do you use an alarm clock?!
We take tech for granted. It’s just. . . there. Think back to when the remote control became mainstream, and how that one chunky plastic box – the “clicker” – not only changed the world but revolutionized households. No longer did kids fight over whose turn it was to get up and change the channel. The first vehicle keyfob is widely considered to be introduced by the French in 1982 for the Renault Fuego just after Ford debuted the keyless entry system – by keypad – in 1980. Not only do the vast majority of passenger cars come standard with remote keyless entry devices now, but more are being equipped with push-button start capabilities – or even remote-controlled start-up, from the comfort of inside your home, office, or from a distance on a very hot or cold day.
Now that we’ve got you thinking about how you use technology each day, shift your thoughts to how you can “up your game”. You’re barely scratching the surface of what your tech can do for you.
Incredible iPad Trick
Are you in the camp that never has enough screen space? A few dozen tabs open in your web browser window, email, plus a few documents and spreadsheets for work clutter your screen space – and make your computer run slower. And if you’re on a laptop, you have even less screen real estate to start with! But what if you could use your iPad as a second screen for your laptop?
You can! Don’t believe us? Try downloading the Duet Display app and voila! Connect your iPad to your laptop using the sync/charging cable, and you’re all set.
Smartphone Scanner
Now this one is a doozy! Did you know your smartphone can work like a scanner? No, we don’t mean by taking one picture of a document. There are free apps out there, like Adobe Scan or Evernote Scannable, that allow you to turn your smartphone into a scanner to scan documents like forms, receipts, business cards, and more by using the camera on your phone.
Productivity Over Procrastination
Ah, Google. You know people too well…
And sometimes it’s downright creepy. But this handy little helper is pretty cool! There is an extension for Google’s Chrome browser, called StayFocusd, that allows you to set a time to let your mind wander and get lost in the darkest corners of the Internet – or at least surf aimlessly for a pre-set interval. The default setting is 10 minutes, but you can change this depending on your needs. Once your mental break is over, Chrome basically locks you out and disables access forcing you to resume being productive.
Scheduled Sends
You know the email message you want to type, but now isn’t the right time to send it. Email marketing platforms are great for this type of structured send, but the focus of these solutions is to send to email lists rather than from a single sender to a single recipient. There is an add-on for Gmail called Boomerang that facilitates scheduled sending for email.
Time Management
Ever wonder how you’re spending your time? Are you making the most of your day? Eternity Time Log is a time-tracking app to see how you’re spending your time, broken out by personal time, time spent devoted to professional productivity, and sees where interruptions occur – all in the name of organization.
Solar Power
The ancient Egyptian god of the sun, Ra, was believed to have created all forms of life and ruled over all parts of the created world: the sky, the earth, and the underworld. Man was believed to have been created from Ra’s sweat, and Ra represented light, growth, and warmth.
After reading this, it’s the understatement of the year to say that the sun is a good source of power…but it’s literally a great source of solar power. The SolPro Charger can soak up the sun’s rays and fully charge a smartphone with 90 minutes of exposure. Bonus: the charger can send power to your smartphone battery even as the SolPro is itself absorbing solar power.
If you had magical powers to stop time, how would you use it? Would you catch up on email correspondence? Would you read that best-seller you’ve been meaning to read for months now? Would you have a Netflix marathon? Would you catch up on a decade of sleep? Would you find the best way to organize your email inbox, filing cabinet, contact lists, or any number of other items that you’ve neglected for months?
Or would you – and here’s the genius move – use those powers to invent a device that could do all of this for you using the most advanced technology available, and make your own life easier? I think we know the answer.
Also, flying cars.