by Felicien | Jul 11, 2019 | Education
Tropical Storm Barry is expected to hit Louisiana and Texas in just a few days – what steps can you take right now to make sure you’re prepared?
As of yesterday, parts of coastal Louisiana have been put on hurricane watch in anticipation of what could be the first tropical storm system to make landfall in the US this year. Watches apply specifically from the mouth of the Mississippi River and west to Cameron, LA.
Tropical Storm Barry is expected to form in the Gulf of Mexico and develop into a hurricane by this Saturday, at which point it is likely to head through Louisiana and the upper Texas coast.
If you’re located in an area for which a watch has been issued, what steps can you take right now to protect your business?
Develop A Hurricane Preparedness Plan
Your hurricane plan should be carefully constructed and written down for reference and review.
Your plan should put forth policies and procedures regarding employee safety, business continuity, and contingencies that can be activated if your business’ facilities are damaged.
There are three key steps to an effective Hurricane Preparedness Plan:
Protect your property.
While so much of disaster recovery these days is focused on data continuity, it’s important to remember that your facilities are a resource as well, and they should be protected.
Make sure your windows have proper shutters or are boarded up with plywood to keep them safe from airborne debris.
Inspect your roof prior to each hurricane season to make sure it’s in good shape.
Assess whether there are any aging branches or trees that could fall and cause damage during a storm. If you’re unsure, have an arborist check it out for you.
Bring sandbags to areas that could be affected by flooding.
Secure heavier objects, including bookcases, shelves, filing cabinets, computers, etc.
Secure utilities, and raise them off the ground if necessary to avoid flood damage. Prior to the hurricane reaching your area, make sure they’re all turned off.
Relocate any fragile or valuable items to less dangerous areas, if possible.
Protect your documents.
Once all your physical assets are taken care of, don’t forget about your business documentation.
Make sure you have a backup of info on important business contacts.
Backup documents that are not easy to reproduce or acquire in the event of water damage – insurance and legal contracts, tax files, etc.
Keep as much of your documentation as possible in waterproof containers.
Maintain a checklist of survival resources.
Lastly, you’ll want to make sure you have an inventory of all the hurricane-specific resources you’ll need.
These are the types of items you won’t be using otherwise year-round, and so, when you do require them, you don’t want to realize you’ve forgotten something.
Independently powered radio/TV
Three-day supply of non-perishable food for as many employees as you have onsite (including 1 gallon of water per person per day)
Blankets, pillows, cots, and chairs
First Aid supplies
Flashlights (and additional batteries)
Toolkit
Whistles and/or signal flares
Tarps, plastic bags, and duct tape
Cleaning supplies
Smoke alarms and fire extinguishers
Electric generator
A backup supply of gas and additional jerry cans
Cash, credit cards and ID
Emergency contact info
Don’t forget to brief your employees – your hurricane plan should not be written and then left on a shelf. Every employee should be familiar with your procedures and plans to handle any future emergencies. Hold a meeting where your plan is reviewed, roles are assigned, and your staff can ask questions.
Remember – without comprehensive disaster recovery planning, you’re left vulnerable to any and all emergency situations, whether it’s a major meteorological event like a hurricane, or common — and still unpredictable — power outages. Consequences include:
Permanent data loss as onsite copies of your data are destroyed
Severe downtime as your business scrambles to replace hardware and get up and running again
Major financial damages, from the cost of lost business to the cost of replacement hardware and more.
There are still a few days until the hurricane is expected to hit – follow these steps and develop your plan now to make sure you’re prepared.
by Felicien | Jul 11, 2019 | Education
Cybercriminals may be going into a stealth mode, but that doesn’t mean that cyberattacks are slowing down — quite the opposite, in fact. According to the 2018 SiteLock Website Security Report, attacks increased by 59% and accelerated going into December. Record numbers of businesses are being infiltrated by hostile actors, with data breaches affecting hundreds of millions of users in a single attack. This all comes during a time when cybersecurity costs are accelerating as more organizations scramble to bring expensive systems and well-paid IT assets online to help protect their business from attack or assist with recovery. By the year 2021, damage to businesses is expected to exceed $6 trillion annually from cybercrime alone. It’s becoming increasingly difficult for businesses to manage the complexity required for a comprehensive cybersecurity plan alone, but these basics will give you a starting point to managing the risk to your organization.
Understanding “Current State” Security Practices
Many organizations begin crafting their cybersecurity plan by reviewing and documenting the current state of their risk-reduction efforts. This could include everything from data structures and storage locations, physical and cloud-based infrastructure models, third-party vendors and other connections. This “current state” report gives you a comprehensive view of the organization and allows you to capture potential risk centers that will need to be addressed in the future.
Balancing Security Needs with Business Requirements
It’s a fact of life that IT professionals are often in top demand, making it difficult to implement the full range of cybersecurity protections that proactive leaders feel are necessary. This balancing act may take place as ongoing negotiations between business and technology teams as the risks of not taking specific steps to tighten security are weighed against the potential benefits of new functionality. IT teams need to have a full understanding of how data and applications are utilized throughout the organization, including how remote partners or staff members are connecting into business applications and databases. Going through this process prompts conversation around the replacement value of particular platforms. Where an IT team may feel that an older platform could be deprecated without undue business impact, one particular unit may be utilizing that data in an unexpected way. In this instance, business and IT leaders will have to negotiate whether it makes sense to enhance the security or simply move to a newer alternative.
Crafting Your Plan and Training Your Staff
Understanding all of the various assets that your business has available allows you to gain a more holistic view of the business, a crucial element of any successful cybersecurity plan. Define replacement or bypass recommendations for each of your core business assets, and then fully document any changes that need to be made to reduce the risk of a breach or the effect of any malware or ransomware attacks. Having the plan in place also requires determining the training level that your staff will need. According to Cisco, the majority of malicious file extensions are made up of popular files such as Microsoft Word, Excel and PowerPoint, making ongoing training an important part of any cybersecurity strategy.
Small and mid-size businesses are the organizations least likely to have a formal cybersecurity plan in place, but these businesses are a high-risk target that is extremely attractive to hackers. Managing the complexity associated with the various platforms and data sources is often cited as a significant challenge for over-taxed IT personnel. Making regular cybersecurity reviews a priority can help your organization not only stay safe online but also identify processes challenges that need to be addressed to improve operational efficiency. Even with a rock-solid cybersecurity plan in place, that doesn’t mean your organization is completely safe. Instead, it means that you’re ready for an attack and are able to respond appropriately and in a timely manner — which can save your company hundreds of thousands of dollars in the event of a breach.
by Felicien | Jul 11, 2019 | Education
Windows 10 comes a step closer to preventing cyberattacks and privacy threats facing users. It’s a next-generation solution that helps you fight threats from hackers and criminals who target your business. This is a big plus for cybersecurity managers. The past several years have brought some of the worst and most frequent cyberattacks in history. Security professionals are constantly on the lookout for new ways to prevent network breaches and safeguard the data of clients and the enterprise. Let’s take a closer look at how Windows 10 can help.
What Are the Security Advantages of Window 10?
Microsoft introduces Windows as a service in this version of their OS. It includes a unique way of creating, implementing and maintaining Windows. Each update adds new features to protect the security and privacy of users. The idea is that protection is layered into the functionality so that it doesn’t affect performance or distract users.
Windows; Core Services Engineering and Operations is thus better able to protect data and privacy. Built-in features identify suspicious activity that can put your business in jeopardy. This helps your security team detect and block sophisticated attacks faster. Releases focus on adding new features that combat new or anticipated risks. This is all possible thanks to the software giant’s finger on the pulse of the latest ransomware and malware hitting around the globe.
Windows 10 is considered to be the most secure version yet released. Because Microsoft has addressed cyberattacks during the engineering phase, improved security itself becomes a major bulwark, protecting your system from files and executables sent by hackers.
How Does Windows 10 Protect Your Data Better?
Here are some of the ways that Windows 10 improves its protection, including the new tools that can detect threats:
Windows 10 disrupts malware and thwarts hackers by changing the playing field. Bad actors can’t attack systems in the same old ways.
Device Guard acts as a shield against malware by allowing you to block unwanted apps. This gives users a proactive way to prevent ransomware and malware attacks as well as spyware.
Windows Defender uses machine learning, the cloud and behavior analysis to respond to new threats. This is like having a smart guard dog that not only prevents intruders from entering but smells them coming a mile away.
Microsoft Edge systemically disrupts malware, phishing and hacking attacks so that fewer threats make it through the system to trick users.
Windows 10 has aggressive data protection that meets compliance requirements without slowing down users, who expect the same solid performance Windows has always offered.
Windows Information Protection contains business data so it cannot be leaked to unauthorized users via apps, docs and the web.
BitLocker helps your security team protect sensitive data from prying eyes. Military-grade encryption takes over when a device is lost, stolen or otherwise compromised.
Azure Information Protection partners with Windows Information Protection to assign permissions that govern how certain data is shared.
What Ways Does Windows 10 Protect User Identify?
Windows 10 has built-in identity and access management protocols. This advanced technology safeguards user identities. For example, Windows Hello presents an alternative to passwords. It uses many factors to achieve solid security, such as a PIN, biometrics and a companion device.
Credential Guard uses NTLM-based authentication protocols, while Windows pass the hash (PtH) method authenticates without displaying the user’s text when a password is being entered. There’s also a hardware-based component that also limits access.
What Does This Additional Protection Mean for Security Teams?
While 57% of organizations offer training and incentives to security recruits, it’s hard to keep these resources for very long. This is due mainly to the high demand for qualified candidates. With additional protection built into applications themselves, busy cybersecurity teams can concentrate on other crucial tasks to protect the company’s data and reputation.
by Felicien | Jul 10, 2019 | Education
Ransomware attacks have caused business interruption and other lingering damage to Australian small- and medium-sized business, enough damage that 22 percent have been forced to close after an attack. Ransomware attacks have paralysed business operations so much so that new research has reported that 31 percent of organisations have yet to determine how they were infected.
A Telstra survey of IT professionals from more than 300 Australian companies found 48 percent of those surveyed had experienced a cyber attack in the past 12 months. This is up from 33 percent in 2018. Of those who suffered an attack, 81 percent experienced a ransom incident, and 51 per cent of them paid it.
What Does Research on Ransomware Attacks Show for 2018?
A yearly study, Malwarebytes Labs State of Malware 2019, has confirmed that potential damage from ransomware attacks extends far beyond the original ransom. Ransomware isn’t the same wide-ranging threat as it was in 2017, however it’s still a sizable problem. Overall trends have shown a drop in volume for the year (Jan – Nov 2018), but an increase in focused, sophisticated attacks aimed at businesses.
How Does Ransomware Affect Consumers vs. Business?
Overall ransomware attacks have dropped when measured against attacks in 2017. In 2017 the study recorded 8,016,936 attacks across businesses and consumers globally. Compare that to 2018, where there were 5,948,417 detections recorded—a decline of 26 percent.
Given that businesses house so much more valuable data and critical systems, they are proving to be a more profitable ransomware target for criminals. Not only do they have the potential funds to pay a ransom, they’re also likely to have multiple pressing reasons for wanting to get back to work. Ransomware delays can be incredibly costly, especially when an affected organisation has no backup plan in place and multiple endpoints to remediate. Incident response and digital forensics all add to the cost, which is often a lot more than simply paying the ransom.
Which Industries are Targeted by Ransomware the Most?
You might be wondering which industries are popular targets for ransomware? Which verticals took the hardest hit? Malwarebytes’ data shows that consulting is the top contender, and education is second place. Here are industries listed in order of most targeted to least targeted:
Consulting
Education
Manufacturing
Retail
Government
Transportation
Telecommunications
Electronics
Healthcare
Technology
Although there were major stories throughout 2018 regarding healthcare and government ransomware attacks, other industries actually felt the brunt of the ransomware menace.
Which Ransomware Viruses Caused the Most Problems in 2018?
SamSam
SamSam caused chaos across medical networks in the US, exploiting and brute-forcing its way into systems to make over $1 million US dollars ($A1445300) for holding systems to ransom. One of its many older variants revamped to be more appealing to criminals, charging victims a more moderate price than alternative recovery methods, making significantly more money as a result. From January to March, SamSam took down everything from hospitals to city services, including departments of transportation and city-facing applications in Atlanta, Georgia. Additional major attacks took place in September, with both the ports of San Diego and Barcelona suffering outbreaks.
Although law enforcement agencies believe they know who is behind these infections, the alleged duo are still at large, and we still continue to see spikes in attacks globally. SamSam will continue to be a strong source of malware infections well into 2019.
GandCrab
GandCrab was also a major player in 2018, making use of various exploit kits shortly after its first appearance in January. Numbers steadied and remained constant for most of 2018, with a huge spike of activity in February, thanks to multiple spam campaigns in Q1. Moving to the Magnitude exploit kit for distribution, GandCrab continued to cause trouble for network admins and home users. This is partly thanks to Magnitude’s unconventional malware-loading methods. Everything from fileless techniques to binary padding (where extra data is added to files to bypass scanning) were used in the race to make it the biggest source of GandCrab.
GandCrab, the top ransomware variant of Q2 2018, is also notable for being the first ransomware to ask its victims for a cryptocurrency payment other than Bitcoin. At a time when business ransomware detections were up by 28 percent, but the overall volume remained low, it became one of the leading sources of malicious ransomware campaigns in 2018.
How Does Ransomware Compare to Other Malware?
Although ransomware has lost ground to other malware players, such as cryptominers and Trojans, it still causes quite a bit of damage, and 2018 has been a year of quiet experimentation and reassessment. The public at large are much more aware of such attacks now, and the same old tricks won’t work forever. Expect to see more innovative reworkings of older files and strengthened ties to cutting-edge exploit kits to push ransomware further still in 2019. The Australian Government tracks malware attacks on the Australian Cyber Security Centre for the public to stay updated.
by Felicien | Jul 10, 2019 | Education
Just about nothing is more frustrating when using a smartphone than connecting to a sluggish or broken Wi-Fi network. In most places, mobile data is so effective and speedy these days that we just can’t accept a Wi-Fi network performing worse than our mobile networks can.
If you’re dealing with obnoxiously slow speeds on your mobile phone, here are some tips to try.
1. Isolate the Problem
Your first step is to isolate the problem. First, toggle off Wi-Fi altogether. Does your phone respond quickly with Wi-Fi turned off? If so, you’ve determined that Wi-Fi is the problem. You can skip to step 2.
If your phone is still sluggish with Wi-Fi turned off, it’s time to check whether the problem is your connection or the device itself. Use a speed tester, like the app from speedtest.net, to see how fast or slow your cellular connection is. If you get a bad result, you’re likely in a bad coverage area. If you get a good result, though, then your phone’s sluggishness isn’t related to your internet speed. Chances are there is something wrong with the device itself, or perhaps it’s just too old and needs to be replaced.
2. Check Your Router Location
Next, check your router location. Wireless routers have range limits, too. If you’re far away from your router or if there are thick walls or furniture between you and your router, your speed will be diminished. Try operating right next to the router and see if your speeds improve.
The best location for your wireless router is the center of your home or office, away from any walls or furniture. Of course, this is rarely practical. Get creative and find an inventive way to place your router in a good location.
3. Check Router Strength
All routers have limits, and some have a stronger broadcast strength than others. If improving your router’s location doesn’t do enough, you may need to upgrade to a model with a greater range.
4. Watch Out for Noise and Competing Networks
Certain electronic devices create noise that can weaken your Wi-Fi network’s performance. Anything that emits wireless signals or even electromagnetic radiation can interfere. Cordless landline phones, walkie-talkies, and even microwaves can interfere. Position your router away from devices like these.
You also want to watch out for competing networks. The more wireless networks are competing for the same spectrum space, the worse the performance. In a high-density situation like an apartment complex, you may encounter this kind of network crowding. Your wireless router has the ability to change which portion of the wireless spectrum it uses. Review the documentation that came with your router to learn how to do this. You may want to download a Wi-Fi analyzer app to help determine the best spectrum space for you.
5. Consider Network Congestion
Another reason for slow Wi-Fi is network congestion. Your home or business internet bandwidth has its limits. So does public Wi-Fi.
On a lower speed home network, consider who else is using your connection and what they are doing with it. Gaming and streaming can eat up a lot of bandwidth. Perhaps your Wi-Fi is slow because others are using up all your bandwidth. The same principle is in play with public Wi-Fi networks.
If you’ve tried all these steps and still aren’t getting the performance you need, give us a call. We can help you solve your connection issues!