by Felicien | Feb 1, 2018 | Education
Ransomware has quickly become one of the biggest cyber threats to businesses today, especially given the recent Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries. This kind of malware presents serious data integrity and financial concerns for affected businesses. It works by tricking a user into opening an executable file (either as an email attachment or downloaded from a webpage linked in an email) which then encrypts the victim’s files and holds them for ransom.
A majority of cybersecurity services offered today include the best in vital technologies, from firewalls to anti-malware to data encryption and more. However, as important as this technology is, on its own, it simply isn’t enough to protect against threats like ransomware. The key to truly comprehensive cybersecurity is simple, yet often overlooked: the user.
Cybersecurity company Malwarebytes has found that as many as one-third of businesses like yours were hit by ransomware within the last year – the key to all these incidents? The “human factor”. Included in Malwarebytes’ Second Annual State of Ransomware Report, data showed that, of the 32% of organizations that were hit by malware, 20% had to immediately halt their operations.
It gets worse – further statistics showed that:
25% of businesses were hit with more than 20 ransomware attacks in 2016
31% of affected businesses in Australia did not know they were hit by ransomware, as compared to 9% in the US
46% of Australian victimized businesses paid the ransom, and after paying, 40% still lost their files.
Cybersecurity gimmicks — such as “set it and forget it” firewalls and antivirus software — fail to account for how important the user is. Even the most effective digital security measures can be negated by simple human error, which is why conventional solutions are simply not enough to ensure your business’ safety. Much of cybersecurity is dependent on the user, and as such it’s vital that you properly educate your employees in safe conduct. The more your workforce knows about the security measures you have in place, the more confidently they can use the technology in a secure manner.
“People [behind the ransomware attacks] are going to more of the human factor now,” said Malwarebytes Senior Systems Engineer Brett Callaughan to CNET. “A lot more attackers are becoming aware of the fact that they can make small amounts of money on a grand scale very quickly if they completely automate this. The attackers we’re seeing are extremely sophisticated — they’re not fussed about creating a file and making something look real. They’ll just go after the user and they’ll spray and pray. If you hit 100,000 email accounts and 10,000 hit the button and you’re charging $200 a piece? That’s a significant amount of income right there from doing very little.”
So what can you do? First of all, ensure your employees are comprehensively trained in cybercrime awareness and prevention so that they can help keep your business safe. Training should include:
How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
How to use business technology without exposing data and other assets to external threats by accident.
How to respond when you suspect that an attack is occurring or has occurred.
Further vital information that your staff needs to maintain a secure business.
That said, employee awareness will only do so much. Remember that ransomware is likely today’s biggest threat to cybersecurity, which means anything less than a comprehensive defense won’t be enough. You hear about it everywhere, along with a range of possible solutions, most of which are defensive – ways to keep the intruders out before they encrypt your files and send you the ransom note.
Both industry leaders and cybercrime law enforcement members agree that the best defense against ransomware, other types of malware and similar cybersecurity threats is a robust data backup contingency. Have you invested in one for your business?
When developing your ransomware defense, keep these recommendations in mind:
Make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Test your backup and cybersecurity measures thoroughly and regularly; create dummy files and then delete them to see how fast they can be restored, or schedule a day to literally unplug your critical systems to find out how long it takes to get online again.
Be sure to make the most of the available resources (both provided online and through expert IT consultants) to ensure that you’re not overlooking vulnerabilities in your IT security methodology.
The good news is that you don’t have to do all this on your own. Partner with an experienced, expert provider of security support and solutions like {company} today to ensure you’re comprehensively protected from ransomware on all fronts.
For more information about how to train your employees to protect your business against ransomware, get in touch with {company} right away at {phone} or {email}.
by Felicien | Jan 31, 2018 | Education
It’s been coming since 2010—That’s when Steve Jobs announced that Apple was going to kill XServe, its enterprise-level server hardware solution.
Ever since that time, Apple has been slowly backing away from the server market.
This slow death of Apple server ambitions has now come full circle for individuals and small businesses with the release of an Apple support memo that states, “A number of services will be deprecated, and will be hidden on new installations of an update to macOS Server coming in spring 2018.”
What does this mean?
Apple is getting rid of many of the functions that individuals, small businesses, educational institutions, and software developers currently rely on to get things done.
But they aren’t just hitting the “delete” button.
If you already have these functions set up, you’ll still be able to use them with the spring 2018 release. Apple’s just going to make it difficult for you by hiding the “deprecated services.”
Basically, Apple wants us to forget that this functionality was once available, and wean the public off the macOS Server. Eventually, as fewer and fewer users are tied to the functions of the macOS Server, they will be discontinued entirely.
What is the rationale for getting rid of macOS Server functionality?
In its support memo, Apple tells us that they are going to “focus more on the management of computers, devices, and storage on your network.”
Apple ran the numbers and realizes that the money lies in selling and serving the iPhone, iPad, and Apple computers – not in server functionality.
The functionalities that are going by the wayside with the new macOS update are as follows:
Calendar
Contacts
DHCP – Dynamic Host Configuration Protocol
DNS
Instant Messaging
NetInstall
VPN
Website Hosting
Wiki
Apple provided a list of “potential replacements” in their support memo.
But the BIG question is: How can we get secure file access without the macOS Server VPN?
These macOS Server changes impact system admins who will lose some or all of the macOS Server tools they depend on, and the businesses they serve could be negatively affected.
At one time, Apple claimed that the macOS Server was, “so easy to use, you don’t need your own IT department.”
Now you’re going to need an outsourced IT professional, like those at {company}, to help you figure out your next steps and how to allow secure file access.
To help us out, Apple has provided three options for VPN alternatives to the macOS Server VPN function:
OpenVPN
This network tunneling VPN software option is compatible with iOS, Windows, Mac, Android, and Linux. Regarding security, it allows for granular remote access and connects to either your cloud assets or your company’s internal network. One of the prominent features of this VPN option is the onboard, fine-grained access control.
SoftEther VPN
This open source VPN option works across platforms (FreeBSD, Solaris Windows, Linux, and Mac) to deliver multi-protocol VPN functionality. SoftEther gives you mobile device compatibility through L2TP/IPsec server function. Part of the attraction of this VPN option is the low latency, fast throughput, and Nat-traversal firewall resistance.
Tcpcrypt
This software is used to encrypt traffic to and from high volume servers. It protects the user against passive attacks where criminals are eavesdropping on communications. Part of the attraction of Tcpcrypt is that they claim it, “requires no configuration…has no NAT issues…has very high performance (up to 25x faster than SSL).”
So, how do you run a secure file storage server without macOS Server VPN?
Apple certainly hasn’t given us much to go on in its recent support memo. The third-party VPN and encrypted traffic software options provided by Apple are certainly useful to the IT professional and systems administrator, but not to the home-based business owner or individual user who was enjoying the macOS Server VPN capabilities.
With Apple’s announcement to phase out macOS Server functionality, it leaves us with the question of file collaboration for small to mid-size businesses.
There are several ways that an IT professional – such as the IT support team at {company} – can enable the Mac users in your business to access and edit documents, spreadsheets, presentations, and databases in-house or on the move. Here are just a few of those alternatives:
Cloud-Based File Sharing Applications – These applications have become increasingly popular. You likely already use a home version of at least one of them – like DropBox, Google Drive, or com.
Office 365 – Office 365 is compatible across platforms and was built with secure file collaboration in mind. No need to go to the office to get your data – it’s all there at the touch of a button. Businesses worldwide have moved away from VPN and now rely solely on Office 365.
Remote Access Models – These popular cloud-based applications allow access to your home or office computer through a web interface. Options include companies like GoToMyPC, RemotePC, and LogMeIn.
As Apple takes its final walk away from server offerings, we realize that it is no longer a competitor in enterprise-level computing. Sure, Apple devices will always be used, but for now, they are peripheral to the server and cloud assets that are at the core of enterprise computing. However, Apple still holds the market share – and the hearts – of creative individuals and industries that have relied on Macs for years.
The experts at {company} will show you how to store data securely, access it freely, and collaborate instantly with colleagues. Enjoy the freedom of mobility while having everything you need at your fingertips – wherever you go. Contact us at {phone} or send an email to {email} to get started.
by Felicien | Jan 31, 2018 | Education
If communication is the key to personal and career success, then we should be doing everything in our power to ensure our communication lines are well established, extremely efficient, and thoroughly secure. Migrating to Office 365 might be what your business needs to get the most out of your email server.
Why migrate to Office 365?
Office 365 provides you with some new, much-needed features like:
Microsoft Lync Online with real-time collaboration and communication.
SharePoint Online that offers world-class collaboration and an easy-to-use information sharing platform.
Microsoft Office Professional Plus with the most popular client tools on the planet such as Microsoft Word, Excel, PowerPoint, Outlook and OneNote. This ensures that you always have the latest versions of these apps at your fingertips, whether it be while working on your desktop, or on a tablet at home.
Microsoft Exchange Online and an improved experience with mainstream e-mail and messaging.
What are my migration options?
Microsoft offers three main bulk migration options for Office 365: Cutover, Staged, and Hybrid:
Cutover Migration works best for businesses with 2,000 mailboxes and under. With this option, you can’t keep mailboxes on-premises, only in the cloud.
Staged Migration works best for Exchange 2007 and 2003 but requires a directory. Staged Migration can keep mailboxes on-premises as well as in the cloud, and there’s no limit to the number of mailboxes that you can move.
Hybrid Migration works best with Exchange 2010, 2013, and 2016, and like Staged Migration, it also requires a directory. Not only can Hybrid keep mailboxes on-premises as well as in the cloud, it also provides seamless functionality across environments.
What if these options don’t quite fit my needs?
If these options don’t fit your needs, there are also three less common options. The IMAP option works best with Exchange 2000, but it won’t move calendar items or tasks. If you prefer a more hands-off approach, or if your business is simply too large for the other options, you can have Microsoft Office import items for you. This is an excellent option if you have more than 10TB of data. Or, if you prefer, you can use third-party applications like Lotus Notes, or Novell GroupWise to migrate your mail and data, but this option doesn’t allow mailboxes to be stored on-premises, only in the cloud.
How to Prepare for Migration
After you’ve selected the option that meets your migration needs, you should begin preparing for your migration to Office 365. Microsoft recommends that you use the email migration service Outlook Anywhere (also known as RPC over HTTP), to connect to your on-premises Exchange Server. This allows you and your staff to use Outlook as you normally do without the need for special connections such as hardware, smart cards, or security tokens. Once you enable Outlook Anywhere, verify that you can connect to it outside your corporate network. Then configure Outlook Anywhere on your on-premise Exchange Server. This allows you and your staff to use Outlook as you normally would, without the need for special connections such as hardware, smart cards, or security tokens. Once you have it configured or enabled, you will want to verify that you can connect to it outside your corporate network.
Next, you should set permissions on your account so that after migration you can connect it to your new Office 365 email system. Remember that the admin must be assigned “Full Access permission” or “Receive As” permission to modify the Target Address. Also, be sure to turn off the unified messaging until after the migration is complete.
To begin the migration, you will want to verify your domain address in Office 365. Use directory synchronization to create users in your new Office 365. Next, create a list of mailboxes that you want to migrate and create a migration endpoint that’s connected to the on-premises server. These Migration Endpoints capture the remote server’s information and provide the credentials for migrating your data.
Now You’re Ready to Migrate Your Mailboxes.
If you are performing a stage migration, select the users to include in the first batch of the migration. Now you can begin the migration. Once you receive notification that the sync is complete, verify that the migration worked to ensure there are no errors and that you have included the appropriate users in the Office 365 Admin Center.
After Migration
After your migration to Office 365, you should complete a few post-migration steps to ensure the new system is running smoothly and effectively:
Route emails directly to your new Office 365. It can take up to 72 hours for some email systems to recognize the change from on-premises to cloud email.
Activate your Office 365 user accounts by assigning the appropriate licenses.
Create an auto-discover record so users can quickly access their new mailboxes.
Lastly, you should retire your on-premises email servers and celebrate as the migration is now officially complete!
At this point, you should feel a sense of accomplishment (and well-deserved at that). But your work isn’t done yet. Through Office 365 Support you can easily try out all the new features and maybe even gain a level up on the old features. Office 365 walks you through signing in, creating and saving projects, sharing and collaborating with staff, and setting up your mobile apps. Then, it introduces you to a few new things that will increase your productivity at work, such as Flash Fill in Excel or morphing your slides in PowerPoint.
Finally, schedule regular training for your staff to make the most out of your new Office 365. Then you can “pat yourself on the back!”
As you can see, migrating to Office 365 isn’t easy. That’s why businesses count on the experts at CompNetSys to handle the migration for them. For more information contact us at: 1.866.205.8123 or support@compnetsys.com
by Felicien | Jan 31, 2018 | Education
Data is the foundation of any business. Building a business without protecting your data is like building a home on wet sand, leaving the tide to sweep it away. With all the ways data is being stolen today, there are a few steps you should take to build a secure foundation for it.
Use strong passwords.
If you or your employees use simple, and easy-to-guess passwords, you could be leaving your business more vulnerable than you know. Develop strong passwords that use capital and lowercase letters, as well as numbers and symbols. And, change your passwords every two months.
In December 2017, SplashData created the list using over 5 million hijacked passwords in just one year’s time. Passwords such as “123123,” “Password,” “admin,” “monkey,” and “whatever” were the most popular among the infiltrated accounts. Ensure that you and your employees don’t use common passwords. Additionally, it’s important not to write down passwords but rather encourage your staff to memorize them. Lastly, don’t use the same password across multiple programs. If someone can figure out your e-mail password, they may try to get access to other programs with it.
Put up a strong firewall.
Firewalls control the internet traffic going to and from the computers on your network. They provide an important barrier between your business and the outside world. This is especially important if you have multiple computers connected to the same network. This same firewall protects the spread of a virus from one computer to another. In the off chance that a computer wasn’t protected and got infected, this would keep it from spreading the virus throughout your network.
Install antivirus protection.
While firewalls are an excellent source of protection from viruses, they can’t do everything. This is where antivirus protection comes in. An antivirus program constantly scans your computer to prevent viruses by detecting suspicious files. If it finds a suspicious file, the antivirus will work to isolate it and keep it from spreading until deleting the file and neutralizing the threat.
Update your programs regularly.
Updates always seem to come when we are at our busiest. You no sooner begin your workday, when a notification pops up reporting that there’s a new update ready to install. While it may be tempting to put off the update until your task is done, this isn’t recommended. Whenever there’s an opportunity to update, it’s important to do so. Updating is like having a secret security group constantly working to keep your business safe. Updates provide protective patches that safeguard your data from the latest cyber attacks, such as Meltdown or Spectre. Plus, they keep your computers and systems running at optimal performance.
Secure your laptops.
Laptops offer the portability to take work home with you. This comes with an entirely new risk to your company. Laptops can easily be lost or stolen, so you must secure them. A recent study, by Dell Company, shows that a laptop is stolen every 53 seconds.
Securing a laptop can be done in a few ways.
If you must leave your laptop in your car, lock it in your trunk to better protect it from thieves.
Set your laptop to require a strong password at startup.
Use encryption software to secure your laptop. Encryption software makes the data on your computer unreadable until the right password is entered.
Secure your mobile phones.
Phones can be used to complete many of the same tasks that employees perform on their computers but without the same level of protection. It’s important to treat these like you do your laptops. Ensure all employees’ phones use encryption software, password protection, and remote wiping capabilities. For example, you can easily trace where your iPhone is by using the “Find My iPhone” app on a different device. If you can’t find your phone, you can protect your data by remotely locking and/or erasing the information on your phone.
Backup regularly.
With all the ways that your data can be compromised, it’s incredibly important to backup data regularly. This protects data that could be wiped out due to a virus or a lost or stolen laptop. Without regular backups, you run the risk of not only losing your data but having to spend valuable time and money to replace it.
Educate your employees about e-mail, IM and surfing the Web.
The 2017 Internet Security Threat Report (ISTR) reports that: “Business Email Compromise (BEC) scams, relying on spear-phishing emails, targeted over 400 businesses every day, draining $3 billion over the last three years.” This report shows the importance of training employees on e-mail and internet safety to secure your business’s data. The #1 reported security risk in 2017 was misaddressed e-mails. This can occur when an employee mistypes another employee’s name in the “To” line of an email. Criminals purposely create websites and e-mails that are similar to those for your business. They look legitimate and can easily trick an untrained employee. For example, your employee can get an e-mail that looks like it came from a person in HR asking for a copy of their contract. If the employee didn’t recognize the e-mail address as being incorrect, they could inadvertently release confidential information. Employees should be trained to remain vigilant and constantly look for e-mails that are phishing attempts or have red flags such as simple grammatical mistakes or excessive punctuation. Implement a policy to flag suspicious e-mails. And, train all your employees on the importance of not opening or clicking on any suspicious e-mails or links.
No one understands the importance of your business’s data more than you. These eight simple steps can ensure that the foundation of your business’s data is strong and secure, allowing you to focus on your success rather than threats.
by Felicien | Jan 31, 2018 | Education
It is becoming commonplace to hear of big security breaches. Consumers wonder how this keeps happening. It would seem like every company should be taking their data security very seriously. After all, a data breach typically costs millions of dollars and tarnishes the company’s reputation.
After the Target data breach of 2013, shoppers were wary about returning to the retail giant to shop. To date, the breach has cost Target over $90 million, and there’s no way to measure the damage to their reputation. Target stores, like many other brick and mortar stores, are already suffering from the consumer trend to buy everything online. Numerous surveys confirm that patrons are reluctant to shop online at smaller stores. The overall belief is that larger stores have better cybersecurity.
This theory was certainly questioned when the nation’s largest banker, JP Morgan Chase, lost the names, addresses and personal information of 76 million of its customers. Breaches like this erode the public trust and cause consumers to back away from doing business online altogether.
So how can you stop this from happening to your company? Is anyone really safe nowadays? Below, we discuss six solidly proven ways to prevent cyber security breaches from occurring at your company.
1. Limit access to your most valuable data.
In the old days, every employee had access to all the files on their computer. These days, companies are learning the hard way, to limit access to their more critical data. After all, there’s no reason for a mailroom employee to view customer financial information. When you limit who is allowed to view certain documents, you narrow the pool of employees who might accidentally click on a harmful link. As corporations move into the future, expect to see all records partitioned off so that only those who specifically need access will have it. This is one of those common-sense solutions that companies probably should have been doing all along.
2. Third-party vendors must comply.
Every company does business with a wide array of third-party vendors. It’s more important than ever to know who these people are. Companies can even open themselves up to lawsuits by allowing strangers to enter their premises. What if the guy who delivers office supplies just got out of prison? It’s something to think about. In addition, be sure to limit the types of documents these vendors can view.
Though precautions like this can be a hassle for the IT department, the alternative could be a multi-million-dollar data breach. For those companies that are allowed to view your important data, demand transparency. Make sure they are complying with privacy laws; don’t just assume. Ask for background checks for third-party vendors who must enter your company on a regular basis. CEO’s need to get tougher on security if they really want to instigate change.
3. Conduct employee security awareness training.
According to recent surveys, employees are the weakest link in the data security chain. In spite of training, employees open suspicious emails every day that have the potential to download viruses. One mistake that employers make is thinking that one training class about cybersecurity is enough. If you’re serious about safeguarding your important data, schedule regular classes each quarter or even monthly.
Believe it or not, employees have been known to leave those classes, return to their desks and open suspicious emails without even thinking twice. Marketing studies show that most people need to hear the same message at least seven times before it begins to change their behavior.
4. Update software regularly.
Professionals recommend keeping all application software and operating systems updated regularly. Install patches whenever available. Your network is vulnerable when programs aren’t patched and updated regularly. Microsoft now has a product called Baseline Security Analyzer that can regularly check to ensure all programs are patched and up to date. This is a fairly easy and cost-effective way to strengthen your network and stop attacks before they happen.
5. Develop a cyber breach response plan.
What would you do if you went to work tomorrow and learned that a data breach had occurred? Surprisingly few companies have a sound breach response plan in place. It either hasn’t occurred to them that they may need one someday soon, or they feel they can handle the response as necessary. There’s a significant fallacy in this thinking. In the past, large companies that had cybercriminals break in and steal records were slow to make this public. They were also reluctant to share the truth about how much data and what type of data was stolen.
The government’s OPM break-in was handled very poorly. It was months after the breach before FEMA made a public announcement. When they did announce that a data breach had occurred, they downplayed how serious it was, issuing incorrect information about exactly how many records had been compromised. It was several years before the true nature of the breach was exposed.
For consumers, this is unacceptable. People feel they have a right to know exactly when the breach occurred and what was lost. Though it took several years to learn this, government employees were finally told the truth: over 21 million records were stolen. Most of them contained names, addresses, social security numbers, and fingerprints.
Developing a comprehensive breach preparedness plan enables both the employees and the employer to understand the potential damages that could occur. An employer should be very transparent concerning the scope of the breach; employees want to know the truth. A good response plan can limit lost productivity and prevent negative publicity. Employees feel angry when they find out that the company they work for had a data breach six months ago and told no one told them about it.
Your response plan should begin with an evaluation of exactly what was lost and when. Find out who is responsible whenever possible. By taking swift, decisive action, you can limit damages and restore public and employee trust.
6. Difficult to decipher passwords
In the past, businesses rarely got involved with how often employees had to change their passwords. Recent cyber breaches have changed all that. When security experts come to your company to educate your employees, one thing they will stress is the need to regularly change all passwords. Most of the public has discovered the importance of making passwords difficult to decipher. Even on our home computers, we’ve learned to use upper case letters, numbers and special characters when formulating passwords. Make it as difficult as possible for thieves to break in and steal your stuff.
Reassure your customers.
Online shopping now represents over $80 billion in sales for American businesses. People seem to love to shop online. It’s so easy and convenient. The future looked bright for online sales until data breaches at stores like eBay and Amazon occurred. Recent surveys of consumers across America show that 56% have cut back on their internet purchases due to fear of their personal info being stolen. This equates to lost sales in the millions of dollars.
This has now become such a prevalent problem that companies create marketing campaigns to reassure shoppers that it’s safe to shop online again. But, it can take years to restore the public’s trust once it’s lost. If customers see that your company is doing its best to prevent cyber theft, they may feel better about buying from you.
