by Felicien | May 3, 2018 | Education
Recently, several big class-action lawsuits have been filed in California over whether adequate notices are being given to consumers when their personal information is sold. With the major controversy surrounding Facebook and the use of its users’ personal information during the 2016 presidential campaign, the public has become more aware and informed about this topic.
A recent Newsweek article reports that data brokers typically try to stay below the radar so as not to draw attention to what they do for a living. This may be partly responsible for the fact that over half of all Canadians and Americans say that they do not know exactly what happens when they give their name, address, phone number and email address to a website or company.
Recent lawsuits use California’s Shine the Light Law (S.B.27) to object to how these marketing companies use all our data. The lawsuits allege:
“The company failed to properly identify a method for obtaining a disclosure as to how the company shares its customer’s personal information.”
With the publicity surrounding these lawsuits, other consumers are taking notice and filing their own suits, many of them class-action suits. Before deciding whether to file or not, it’s important to know exactly what S.B.27 is and how it works.
Overview of S.B. 27
According to S.B. 27, certain companies must disclose how they share their customer’s information each time a customer asks for it. Each time a company receives a request from a customer wanting to know how the company has shared their information with marketers, they must provide the information. This only covers the previous twelve months. In addition, S.B. 27 only allows consumers to make these requests in cases where the customer was not given access to the company’s privacy policies containing opt-out notices.
In order to be compliant with S.B.27, a company must create a privacy policy that includes opt-out rights, and provide that to their customers in an acceptable manner. It’s important for the consumer to fully understand the privacy notice and how they should proceed with opting out if desired. Many consumers are claiming that they were not notified about how their personal information is being used and who it is being sold to.
Who must comply?
Not all businesses must meet the terms of S.B. 27. Those affected will have these four things in common:
20 or more employees
Business relationships with customers in California
Have in the past, shared a customer’s personal info with other companies for the purpose of marketing
The incident must have taken place within the previous calendar year
There are some businesses who are exempt from the bill’s requirements. These include:
Financial organizations subject to certain provisions of S.B. 1, the California Financial Information Privacy Act.
Those administering business-related disclosures to third parties. For instance, administrative or customer service personnel who do not use the information for their own direct marketing needs.
Rights of each individual under S.B. 27
Consumers have the right to be notified by the business using a designated contact method such as email, phone, and regular mail. In the notification, the company should outline how it shares the personal information of its customers with other businesses for the purposes of direct marketing.
Notifications can be completed in any one of several ways:
A customer service representative from the company may contact customers who request this and go over their full policy for sharing customer personal data with third-party marketers.
Customers may view the company’s privacy policy by visiting a store or branch and asking to see it.
Customers may be directed to view the privacy policy statement by visiting the company’s website. The website must clearly show a link to “Your Privacy Rights” or “Your California Privacy Rights”. The privacy notice can be posted on the company’s website or on another web page that includes all this information. The disclosure must include wording that clearly indicates that the information is being given at no cost and is updated regularly with any changes to the law.
Consumers also have the right to request the following information each year from any California company they do business with:
Customers can contact the company to find out whether they implement and comply with S.B. 27.
Customers can request information about how to opt-in or opt-out of information sharing. The company is then responsible to notify the customer free of charge and in writing about opting in or out of sharing personal information.
There are additional requirements for a business that does not provide their consumers with the opt-in and opt-out information. This information must also be provided free of charge in writing or by email.
Companies are required to go into some detail about exactly what customer information they are sharing. They must provide:
Names and addresses of all third parties that obtained personal information during the preceding year from the business for direct marketing purposes.
Exactly what information they shared, i.e., the customer’s name, address, phone number, birth date, etc.
They must ensure that the customer understands what type of business they’re private info has been sold to. For instance, in cases where an individual might not readily recognize the business name, the company must provide examples of the types of products and services the third party vendor sells.
For those who wish to contact one or more companies to ask about how their personal information is being used, the Privacy Rights Clearinghouse has drafted a letter that can be used to request this information from any company.
The Penalties for Failing to Comply
There are legal remedies provided under the law when S.B. 27 is not properly followed. If a company fails to respond to a disclosure request, the customer is entitled to recover a civil penalty of up to $500 per violation. If the court decides that the company was willful, reckless or intentional in not adhering to S.B. 27, those filing lawsuits may be able to get $3,000 per incident. In some cases, the plaintiff’s attorney fees are also included in the award. A suit should be filed within 90 days of learning that an individual’s personal information was bought or sold without the person’s knowledge.
by Felicien | May 2, 2018 | Education
Got data? Then you’ve got needs – the need to make your data make sense. Microsoft Excel has amazing built-in magic tricks, and all it takes is just a few clicks!
Information is important. Information is critical. Information is what keeps the world moving. Life can depend on having the right information – especially the life of a business. Information is the lifeline for the professional world.
If you think we’re overestimating the value of information, try not being able to access what you need when you need it. There is a reason data is such big business today. Data storage and protection of stored data have become a $30 billion industry, with several large players in the game, including Microsoft and Amazon. Growth is expected to explode in the next five years, to nearly $100 billion by 2022. Brands have embraced the flexibility of cloud data storage with its scalability and efficiency.
The growth of cloud storage is two-fold: brands are recognizing the ease of storing data off-site, and the cost efficiency of increasing storage needs over time due to their own growth. An invisible bonus is the decreased need for in-house redundancy, with data back-ups taking more space on servers and requiring staff to oversee these processes. What do we mean by “in-house redundancy”? We’re talking about how critical data is to the success of organizations, small and large. Think about your data – your information. If your data suddenly disappeared, how long would you be able to continue normal operations? Yes, you could revert to the most recent data back-up with minimal impact – hopefully – but there is also the question of how the data loss occurred. But these are considerations better left for your cybersecurity team.
Back to your data – your information. You need your data. Your data gives you great insights into your brand performance, your customer base, your revenue, and your operational details. But how do you make sense of your raw data? If your information is stored in a Customer Relationship Management (CRM) software solution, you likely already have custom reports established to give you the details you need. These CRM solutions are often expensive and require further customization to get the details you need in a way that is meaningful to you and your organization. Not very helpful, is it?
A Customer Relationship Management (CRM) software solution allows for the continual data analysis to improve customer relationships and provide the insights needed for customer retention and revenue growth.
A CRM often pulls data from multiple sources to compile reports, like a company’s website or site analytics account for traffic metrics, various marketing efforts like direct mail or email campaigns, or even inbound marketing campaigns to measure response rates, and even social media profiles. All of this may be incredibly helpful, or it may be presented in a way that doesn’t have the right information and meaning that you are looking for to gain particular insights.
Don’t overlook the basics!
Microsoft Excel is a fantastic tool for data references and building tables to find deeper meaning from your data. Microsoft Excel helps you take raw data and organize your information in a way that holds meaning for you. You want to manipulate your data so that you can get helpful insights from the information within. For example, you’d like to identify the group of customers that purchased or canceled with your business within a certain date range. You may be able to customize a report somehow from another platform, like a CRM, but if you either do not have one of these costly software solutions, or just need this information quickly and want to avoid the time it may take to set up a custom report for these details, Microsoft Excel is the perfect solution for this purpose.
Data presentation is rarely perfect for your needs – without that costly and time-consuming customized reporting solution we mentioned earlier. A couple of quick keystrokes can help you get what you need in Microsoft Excel. For example, if you need to quickly ascertain the number of customers who purchased or canceled service within a set month and year, you have multiple options in Microsoft Excel.
First, your raw data probably isn’t formatted how you need it to be. What can you do?
Text to columns feature:
In Microsoft Excel, users have the opportunity to import data in a comma separated values file, a CSV, and then use this feature to separate the information into clean column format.
If your data is somewhat clean and consistent, this is one option. Otherwise, this is going to be manual and laborious.
How are your VBA coding sills? Can you write a macro? This seems like overkill, but it’s one way to get your raw data into an organized format. If you’re going to put this kind of time into your data, you may as well consider the customized reporting features we discussed earlier.
Sort and count manually
This is the least desirable option, as it’s the most manual and will take you the longest – isn’t the goal of technology to improve our lives and increase efficiency and productivity?
So, let’s look at our realistic option:
The super handy formula bar in Microsoft Excel is your best friend here. Follow these steps to get the magic number you need using this “magic trick” in Microsoft Excel.
Step 1: Ensure the date column is formatted properly. Excel defaults to a standard presentation for dates: MM/DD/YY. If your dates vary in presentation, this is an easy step that will save you a headache in later steps!
Step 2: Sort, or don’t sort. This is the magic of Microsoft Excel!
Step 3: A wonderful tool called the COUNTIFS formula is our best friend here. Using this specific example, if we’re looking at a specified data column in B, rows B1 through B50, and the date range is the month of April 2018, we can use this formula:
=COUNTIFS(B1:B50, “>04/01/2018″,B1:B50,”<04/30/2018”)
What this formula does is tell the spreadsheet to return the total number – not the specific rows or cells, mind you – of rows that include customers that are within the date range at you are looking.
Users will either need to update the cell range for the total count (“B1:B50”) or the date range (“04/01/2018” and “04/30/2018”) to update the total count.
If users will need to reflect on this data more often than just once, we recommend users set up a separate tab or sheet within the file for each month, even if the full data is the same, to simplify the process. This will help users compare months at a quick glance.
There you have it.
Quick note: adding more rows, etc., and this count will update accordingly and automatically. Also, sorting won’t impact the formula, just the display.
Microsoft Excel has a huge number of neat little magic tricks designed to help users – and it just takes a bit of manipulation to make your data “talk” to you and tell you what you need to know.
by Felicien | May 2, 2018 | Education
You may think that your technical support and service costs will increase as your organization grows in size and scope. But this doesn’t have to be the case. Most small and mid-sized businesses no longer need to employ dedicated techs or pay for the benefits and management costs that come along with employing them. Today’s Technology Solution Providers (TSP) have the expertise and tools required to provide technical service and support on a 24/7 basis. But when looking for a TSP, search for one that will act as a partner when it comes to your technology planning. A true partner considers the benefit-to-cost ratio and TCO when choosing what you need.
Selecting the Right Technical Service, Support and Solutions Can Be a Balancing Act.
As your business relies more on technology for your daily operations, you can’t afford downtime that halts your productivity or the lost revenue that comes along with it. Because of this, you shouldn’t take shortcuts when it comes to choosing the quality and up-to-date technology solutions that you need to do your job. But just the same, you must consider your budgetary requirements when determining what to invest in. This is difficult to do on your own as technology is changing so rapidly. The answer is to find the right TSP –one who will get to know your business, help you decide what technology assets you require and determine if you will get a positive return from them.
This a fine balancing act. You must use the right solutions to handle your workload, but you must also stay within your budget. Only an experienced and knowledgeable Technology Solutions Provider can provide the strategic expertise required to find this balance. If they don’t know what you’re talking about when you recite TCO, then it’s time to find another provider. As you know, TCO refers to the total cost of ownership. A TSP who has experience in strategic planning can apply this principle when helping you select your IT assets and services.
TCO (Total Cost of Ownership)
Your IT environment is one of your most important business investments. It’s also one of the most expensive and unpredictable. This is where TCO for your technology becomes an important part of your budgetary planning. The total cost of ownership is a financial estimate that helps you determine the direct and indirect costs of a product or system.
TCO for your technology assets is calculated by dividing the cost avoidance and reduction that you realize over a specified period of time by the amount you invest over that same period of time. Total Cost of Ownership typically relates to four categories:
Downtime
Computing Costs
Data Storage
Business Administration
The Cost of Downtime
The cost of downtime is dependent on a number of areas. Monetary losses vary and are dependent on your revenue, industry, the actual duration of the outage, the number of people impacted, the time of day, and more. The cost of downtime is usually higher for businesses that rely on high-level data transactions, like banks and online retailers. And, if you experience an unplanned downtime during peak business hours, your costs will be higher. To keep it simple, calculate how much it costs your business when your employees can’t access the technology they need to do their jobs. This should include every dollar you’d lose to server downtime including hidden costs like clients leaving your business for another one, and the amount you have to pay employees when they can’t perform their duties due to downed technology.
Computing Costs
This isn’t so difficult to calculate. It’s the price you pay for things like:
Computers and servers,
Applications and Software as a Service (SaaS) subscriptions,
IT Maintenance,
Employee training on hardware, software, and IT security awareness,
Software and Hardware Upgrades,
Cyber Security solutions like antivirus and antimalware or Security as a Service (SecaaS),
Cloud Solutions,
Contracted technical support and service and more–Anything that’s related to computing.
Data Storage Costs
This would include your costs for network and storage infrastructure, server configuration and deployment, power and cooling costs for data centers, and administrative costs for data backup and recovery capabilities.
Business Administrative Costs
This would be anything that impacts your daily business functions including labor, vendor contracts, procurement processes, accounting costs, and other overhead costs related to your IT operations.
Re-Evaluate Your Current Approach to Technical Service and Support.
Small and mid-sized businesses (SMBs) are typically understaffed when it comes to technical service and support. They don’t have the money to hire in-house techs, nor can they find the talent they need. Many SMBs operate in a reactionary way rather than the preferred proactive technical service and support model because they fear that contracting to a TSP will cost too much money. This is just the opposite. If you simply calculate your TCO for your technology as we explained above, you’ll realize that you have a lot to protect. Downtime alone can cost you your business if it lasts more than a few days.
With the ever-changing technology landscape and sophisticated cyber mafias cropping up, your business is at an increased risk of downtime, breaches and data loss without the right approach to technology. Unfortunately, your CFO or CIO might tell you that the only solution is to hire more IT staff. This just isn’t the way to go for a variety of reasons:
IT talent is hard to find.
If you do find them, you have to ensure they are continually trained and certified on new platforms, security solutions, software, and hardware.
They cost more to hire and employ than outsourcing to a TSP.
You have to manage them. If you don’t have a CIO who understands everything they do, how are you going to know if they are doing what they should?
Turnover will be high because many techs use their employment at a small business as a stepping stone to a higher position.
The recruitment search and costs, along with the time you must invest to find new techs is unsustainable for small businesses.
If you don’t have the IT support you need, you’ll be dealing with increased downtime and IT failures.
Labor is the most expensive element when it comes to technical services and support. A break-fix model is labor intensive and increases your costs. This no longer is a factor when using a TSP who provides managed IT services. Your best move is to turn your IT management over to a TSP. By doing so, you can better gauge your technology needs while keeping costs down. Experienced Technology Service Professionals can help you use new tools that reduce costs by automating many labor-intensive tasks.
If you do some simple calculations, you’ll realize how much more expensive an in-house tech is than outsourcing to a TSP. An in-house network administrator can cost you upwards of $60,000 a year. Then you’ll have the added expense of employee benefits like Social Security contributions, workman’s compensation insurance, health insurance, vacation time and sick leave. In addition, there’s always the ongoing certifications you’ll have to pay for. Plus, you’ll have the costs associated with additional benefits like health insurance, social security contributions, vacation days and sick leave. Now, this one network administrator costs you more than $100,000 a year. Then there’s the required 3.5% raises that they’ll demand each year and the ever-increasing healthcare insurance costs. One network administrator can cost you more than $100k a year.
Here’s something else to add into your calculations. Recent studies have shown that close to 40% of all IT failures are caused by errors made by in-house IT staff and that they will spend up to 50% of their time detecting and remediating these errors. Once again, you’re looking at a reactive rather than proactive approach to technical service and support when you use onsite technicians. You can see how relying on them increases your TCO.
If your CFO suggests you use an outside tech service on an as-needed basis, you’re also looking at a poor TCO. The term for this is “break-fix,” and it can be an expensive proposition. Plus, it can take anywhere from 24 to 48 hours for one of these techs to visit your site. You won’t be high on their priority list because they’ll be serving their Managed Service clients first. Imagine going more than two days without your technology. This can set some businesses back for weeks, not to mention the angry customers they must deal with.
The Way to Lower Your TCO is to Outsource Your IT Management to a TSP.
The right Technology Solution Provider will put considerable effort into understanding your operational and
business needs. With this knowledge, they will develop and deliver a set of specific cost-effective services that align technology with your goals. This will increase your system reliability, your organization’s business continuity, staff productivity and, ultimately customer satisfaction.
The right TSP will align your technology with your organizational goals. They will ensure your technology provides a greater ROI (Return on Investment) and decreased TCO. They do this by streamlining costs, increasing your productivity and revenue, and avoiding expensive onsite IT fees for replacement or repairs.
When you outsource your technical service and support to a Technology Solutions Provider you’ll have:
Immediate access to a team of IT professionals who have a depth and breadth of knowledge and experience in the latest technology solutions. You could never afford this amount of expertise with in-house techs.
Around-the-clock technical support with remote monitoring of your network, so you can get your IT system up and running if there’s an issue. With remote monitoring, issues can be averted before they cause downtime.
A team of certified professionals with the knowledge that can save you time when implementing new projects.
Cyber Security experts who can mitigate security risks and compliance problems that result in penalties, liability and your credibility with customers. Plus, they have the expertise to conduct security awareness training for your employees, and they will know about the newest exploits to beware of.
TSPs offer an IT management model that saves you in labor costs and downtime. They do this with:
Remote Desktop Management and Support
Monitoring of Network/Operating System and Alerts
Updates for Anti-Virus Software
Backup and Disaster-Recovery Solutions
Application of critical Patches and Software Updates
Resource Availability of Best-In-Class IT Solutions scaled to your needs.
Audits of Computer/Network/Software
Enforcement of Network Cyber Security Policies
Mobile Data Management and Monitoring
One of the biggest advantages of outsourcing your IT services to a TSP is that they remove the unplanned costs that many small businesses deal with. Instead, they offer a fixed monthly fee for the services they provide. Plus, you and your staff can focus on your core responsibilities– You won’t be distracted by IT issues.
The technology nonprofit CompTIA surveyed 400 businesses that outsourced their IT needs to a Technology Services Provider. Of these businesses, 96% reported saving a substantial amount annually — 184 realized cost reductions of 25% or more, and 58 over 50% reduced costs.
Your TSP Can Save You Money and Increase Productivity and Security with Virtualization and Cloud Computing.
Be sure to ask your TSP for today’s “new” managed IT services–Virtualization and Cloud Computing. Other SMBs have found that new technology innovations like virtualization and the Cloud is the way to lower their TCO and save money.
With virtualization, your TSP creates virtual resources such as servers, operating systems, workstations, storage systems or networks. Virtualization is more cost-effective than using traditional methods. It also allows you to scale your services up or down as your company grows or decreases in size. Many seasonal businesses benefit from this as they don’t have to continue paying for services they don’t use.
Cloud computing provides services, such as software platforms, storage, and servers over the Internet. It provides SMBs storage and business processes that were previously only available to large enterprises. Information is available via a central web-based data center to anyone with a computing device and the proper login credentials. And, with cloud computing, you can sync your business data to your users’ connected devices in real time for enhanced productivity, collaboration and mobility.
Virtualization and cloud computing provide a lower TCO and a more cost-effective way of using technology. They also provide business continuity with increased data security, recoverability and the ability to access your IT environment from anywhere you have an Internet connection.
According to studies by VMWare (a cloud and virtualization software and services company), businesses that implement virtualization have reduced their total cost of ownership for IT operations by
up to 67%. The right Technology Service Provider can show you how to maximize your server resources, improve your overall IT performance, enhance your cyber security, do more with less, and, ultimately, save you money.
The following are some of the benefits of virtualization:
Virtualization will save you money. Virtualization lowers your technology and energy costs. You’ll need fewer servers, networking gear, racks, and hardware. Your maintenance, heating, cooling, and energy costs are all reduced. Plus, instead of purchasing new equipment, you simply add a new virtual server when you need more storage space for your data and IT solutions.
You’ll have more storage and faster application deployment. Server virtualization isolates applications, so you no longer need to worry about incompatibilities. You’ll realize improved application performance, with much faster provisioning. Virtualization also allows you to fully utilize your physical servers and set up virtual machines with the precise amount of memory and storage you require.
Your business continuity and disaster recovery will be improved. With virtualization, your data can be migrated to another server when you need to perform repairs or specific tasks. This way you don’t need to shut down servers, so downtime is no longer an issue. Your data is always available, even if a server is shut down — so business continuity is greatly enhanced. Virtualization’s single-system image also makes recovery painless.
You can easily transition to the Cloud. If you’re considering moving data to the cloud, the process is a lot less complex with virtualization. The data stored on virtualized servers is already free of hardware, so making the transition to a public or private cloud is simple.
You can do more with less. Virtualization allows you to virtualize your entire network or just specific aspects of it, so you can simplify business operations and promote efficiencies. You can do more with less because virtualization allows you to accomplish more with fewer servers.
Your cybersecurity will be improved. Virtualization can combine features with security functions to streamline your security operations. With automated provisioning and sharing across both virtual and physical security platforms, virtualization can enhance your cyber security without sacrificing performance.
As business owners and managers realize the cost-saving factors associated with cloud computing and virtualization, they are re-evaluating their IT strategy when allocating money for technical services and support. They’re now seeing that outsourcing to a TSP provides a greater return on investment and a reduced total cost of ownership.
Your Technology Solutions Provider can be a valued business partner who can offer the expertise you need to grow your business with the right IT solutions. However, no matter what approach you use for IT management, it’s important to conduct a cost-benefit review to make sure you’re getting the best ROI and lowest TCO from your technology investments.
by Felicien | May 2, 2018 | Education
The Situation
Ransomware is now one of the top security concerns for businesses and organizations of all sizes. The City of Atlanta was hit with a ransomware attack called SamSam in March, crippling some important departments like their court system, sewer infrastructure requests, and water billing department.
The attackers who deploy SamSam are known for clever, high-yield approaches. This, combined with the City’s lack of preparedness, explains why the infection was so debilitating.
Experts are telling us that SamSam will strike again. Unlike many forms of ransomware that spread via phishing attacks where individuals inadvertently invite the attack, SamSam exploits IT system vulnerabilities and cracks weak passwords. These ransomware attackers have made $1 million in less than six months.
Keeping all your systems patched, storing data in enterprise-based cloud backups, and having a ransomware preparedness plan can offer real protections against SamSam and other ransomware infections.
Unfortunately, ransomware attacks are on the rise, and as hackers use more sophisticated encryption technology, the threat is constantly evolving. According to malware security firm Barkly, a company is hit with a ransomware attack every 40 seconds. They also identified ransomware as the most prevalent form of malware, with “4.3x new ransomware variants in Q1 2017 than in Q1 2016.”
This article details how dangerous ransomware is, how it could harm your business, and what you should do to protect your data.
Part 1
What is Ransomware?
Ransomware is a type of malicious software (malware) that blocks access to a computer that infects, locks or takes control of a system and demands a ransom to unlock it. It’s also referred to as a crypto-virus, crypto-Trojan or crypto-worm. It then threatens that your data will be gone forever if you don’t pay using a form of anonymous online currency such as Bitcoin.
Most forms of ransomware are spread via spam using unsolicited phishing email or an attachment. Phishing attacks use emails disguised to look like they’re from someone you know and are more likely to trust.
Some ransomware-based applications disguise themselves as police or a government agency, claiming that your system is being locked down for security reasons and that a fine or fee is required to reactivate it. Then it typically asks you to click on a link or attachment to perform a routine task such as updating records or account details. If you do this, a worm or malware is downloaded, infects your system and locks it by encrypting your files.
Ransomware, like SamSam, can also infect your IT system using vulnerabilities in your computer’s browser. It does this when you click on a malicious code hidden in online ads or free software.
Ransomware targets small to medium-sized businesses because they are particularly vulnerable due to limited IT resources. They are also more likely to pay the ransom in the hopes that they’ll get access to their data, although the FBI warns that this isn’t necessarily so.
“Paying a ransom doesn’t guarantee an organization that it will get its data back—we’ve seen cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cybercriminals to target more organizations, but it also offers an incentive for other criminals to get involved in this type of illegal activity. And finally, by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.”
Paying the ransom only guarantees that the malicious actors receive your money, and possibly even banking information. Also, decrypting files does not mean the malware infection itself has been removed.
No one is immune.
Temporary or permanent loss of sensitive or proprietary information,
Disruption to regular operations,
Financial losses to restore systems and files, and
Potential harm to your organization’s reputation.
The lack of awareness and cybersecurity training is a leading cause of ransomware.
Part 2
Ransomware Comes in Many Forms.
Ransomware comes in many different forms, but essentially, it’s a type of malware that denies access to your computer devices unless you pay a ransom. The ransomware malware encrypts your data. Once it does this, it can travel throughout your network and encrypt other mapped and unmapped network drives. Because of this, it can bring your organization to a halt.
The ever-evolving nature of these threats makes ransomware very difficult to keep track of. (Ransomware-as-a-Service (RaaS) makes it easy for cybercriminals to set up a lucrative hacking scheme. It is provided as a vendor platform on the Dark Web. Unlawful vendors offer hackers and criminals a tool to use to lock down computer files, information or systems and hold them hostage.
Ransom32 is a type of “Ransomware-as-a-Service” that provides any cybercriminal, even those without technical knowledge, the ability to create their own form of ransomware. What makes Ransom32 so dangerous is that it uses JavaScript, and can be used on computers that run Windows, Mac OS X, and Linux.
Over 2,900 types of ransomware have been reported, and they’re growing. Here are just a few:
Bad Rabbit
Bad Rabbit has infected organizations in Russia and Eastern Europe and is spreading throughout the world. It does this via a fake Adobe Flash update on compromised websites. When the ransomware infects a machine, users are directed to a payment page demanding .05 bitcoin (about $285).
Cerber
This ransomware encrypts your files using AES encryption and demands a ransom of 1.24 bitcoins (worth $500). It communicates via a text-to-speech voice message, a recording, a web page, or a plain text document. There’s no way to decrypt files that are encrypted by Cerber unless you pay the ransom.
Cryptolocker
CryptoLocker infects computers that run Microsoft Windows. Like other forms of ransomware, you must pay the hackers to decrypt and recover your files. CryptoLocker spreads via fake emails (phishing) designed to mimic legitimate businesses.
CryptoWall
This form of ransomware has been around since 2014, but new variants are still circulating, including CryptoBit, CryptoDefense, CryptoWall 2.0, and CryptoWall 3.0. Like CryptoLocker, CryptoWall is distributed by spam or exploit kits.
CryptXXX
CryptXXX used additional capabilities including network-share encryption. This means that even if you can decrypt your files, it can still cause significant downtime by encrypting files on your network shares.
FakeBsod
FakeBsod uses a malicious piece of JavaScript code to lock your web browser. It displays a fake warning message and tells you to go to a particular webpage (that contains the ransomware). The message says to “contact Microsoft technicians” about an “Error 333 Registry Failure of the operating system – Host: Blue screen Error 0x0000000CE.” When you call the phone number, you’ll be asked to pay a fee to fix the problem.
Lockscreen
This form of ransomware isn’t new and has been in use for quite a while. It attacks Android devices. However, now there’s a new version that is more powerful and much more resilient. It used to lock your screen using a hardcoded passcode, but with the right code, you could unlock your device. Today the new version is impossible to reverse-engineer the passcode since it uses pseudorandom passcodes. Because of this, you can’t unlock your device and must pay the ransom.
Locky
If your computers are infected by Locky, it will rename all of your important files and prevent you from opening them. It does this through encryption and using the file extension–locky. Now, only the cybercriminals have the decryption key, and you must purchase it from them to retrieve your files. To do this, you have to go to the Dark Web and pay $400+ in Bitcoin.
NotPetya
This is a strain of Petya and was first seen in 2016. Today, experts believe NotPetya’s sole purpose is to destroy data instead of obtaining a ransom.
Petya
Petya is especially dangerous because it encrypts entire computer systems, and overwrites the master boot record, so you can’t reboot your operating system.
Spider
Spreads via spam emails. It’s hidden in Microsoft Word documents and installs the ransomware on a computer when it’s downloaded. The Word document (typically disguised as a debt-collection notice) executes macros that encrypt your data.
TeslaCrypta
This uses an AES algorithm to encrypt files and is specifically designed to attack Adobe software vulnerabilities. TeslaCrypta installs itself in the Microsoft temp folder.
TorrentLocker
TorrentLocker spreads via spam email campaigns and targets specific geographic regions. It also uses the AES algorithm to encrypt files. It collects email addresses from your address book to spread malware to your business contacts, friends and family members.
WannaCry
WannaCry has hit over 125,000 organizations in over 150 countries. It currently affects Windows machines through a Microsoft exploit known as EternalBlue.
WannaCrypt
This computer attack began locking down data on May 12, 2017. It affects Microsoft Windows Operating systems. WannaCrypt encrypts all the data in on your computer and holds it hostage.
ZCryptor
This form of ransomware uses a worm-like tactic to self-propagate and encrypt files and external drives so that it can attack other computers.
Part 3
How Ransomware Infects Your Computers
Ransomware attacks are increasing, and so are the ransoms to recover your data.
You’ll know when ransomware infects your computer because the hackers display a message telling you how much to pay to unlock your files. These ransoms typically run in the $300-$500 range. But, some businesses are having to pay upwards of $1,000 per computer. If you have 25 computers that are infected, that’s $25,000.
Hackers primarily use the following attack vectors to infect computers:
Phishing Emails
This is the most common scenario. A realistic-looking email is sent to you with a link or attachment that contains the ransomware. Hackers will often send a number of these links or attachments to hide the one with the malware. Once it’s clicked the malicious software loads itself and the ransomware infection spreads throughout your files, locking them until you pay the ransom.
Drive-by-Downloads
If you unknowingly visit a realistic-looking website containing ransomware, it can load itself onto your computer. If you use an old browser, out-of-date software, or third-party applications, you’ll be most vulnerable. A hacker can detect a vulnerability and exploit it. When a software vendor discovers this, they’ll release a patch to repair the issue, but by this time the criminal has already done their dirty work. Examples include unpatched versions of Adobe Flash, a bug in Java or an old web browser, or an unpatched operating system.
Free Software
A lot of us download free versions of software. Some are legitimate, but others contain ransomware. They are especially prominent in broken versions of expensive games, free games, porn content, screensavers or bogus software. By convincing the user that they should download the software, they can get past firewalls and email filters. You might not even know that you’ve done this until the ransomware activates weeks later.
Unpatched Software
According to the U.S. Computer Readiness Team (CERT) using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware. Microsoft provides a guide to help you keep your software up to date. They recommend that you use feed update functionality to stay informed about new ransomware variants and what you should do to protect your data.
Part 4
What to Do If Your Files Get Encrypted.
Tell your employees to let you know if they experience the following:
They can’t open their files, or they get error messages saying a file is corrupted or contains the wrong extension.
A window pops up with a ransomware program that they can’t close. This window may contain a message about paying a ransom to unlock files.
A message says that a countdown has started for a ransom to decrypt files and that it will increase over time.
They see files in all directories with names like “How to decrypt files.txt or decreypt_instructions.html.”
Ransomware isn’t easy to find while it’s at work encrypting your files. So, you might not know that it’s happening until the hacker sends you a message. By this time, the infection has completed its job. The best thing you can do at this point is to contain the virus from spreading throughout your network.
Unplug the infected computer from your network. You may also need to turn off all network access for all your computers until you know the virus is contained. Set your Basic Input Output System (BIOS) time back if the ransomware has started a countdown. This will hopefully give you more time to recover your critical files and try to eliminate the malware. You can access your BIOS time through the BIOS Setup Utility on the computer.
Restore your files from your last backup. This is why it’s important to regularly backup your files to a safe, offsite cloud location. Just make sure your most recent backup wasn’t infected as well. If you use a Disaster Recovery as a Service (DRaaS) solution, you should be able to do this and quickly “spin up” the DR image on your computer. By spinning up the image in a self-contained virtual machine (VM), you can inspect the DR image without exposing it to your entire network.
Alert the FBI. Don’t pay the ransom. This is a mistake because you still may not get your files back and the criminal will continue to extort you for money.
Unfortunately, recovery from ransomware can be difficult as cybercriminals fine-tune their tactics and become more sophisticated.
Part 5
How to Protect Your Data From Ransomware
The good news is that there are best practices you can adopt to protect your business. The Small Business Administration has these 14 recommendations. Your Technology Solutions Provider can help you with these.
Implement an awareness and training program. Because end users are targets, employees should be aware of the threat of ransomware and how it is delivered.
Enable strong spam filters to prevent phishing emails (an attempt to obtain sensitive information electronically) from reaching employees and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
Scan all incoming and outgoing emails to detect threats and filter executable files (used to perform computer functions) from reaching employees.
Configure firewalls to block access to known malicious IP addresses.
Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
Set anti-virus and anti-malware programs to conduct regular scans automatically.
Manage the use of privileged accounts based on the principle of least privilege: no employees should be assigned administrative access unless absolutely needed and those with a need for administrator accounts should only use them when necessary.
Configure access controls—including file, directory, and network share permissions— with least privilege in mind. If an employee only needs to read specific files, the employee should not have write access to those files, directories, or shares.
Disable macro scripts (toolbar buttons and keyboard shortcut) from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
Implement Software Restriction Policies (SRP)s or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs including the AppData/LocalAppData folder.
Consider disabling Remote Desktop Protocol (RDP) if it is not being used.
Use application whitelisting, which only allows systems to execute programs known and permitted by security policies.
Execute operating system environments or specific programs in a virtualized environment.
Categorize data based on organizational value and implement physical and logical separation of networks and data for different organization units.
In Conclusion
The increased incidence and rapid evolution of ransomware have raised concerns and stakes for both small and large businesses. Of everything we’ve discussed here, the two most important things to do to protect your business is to use a solid enterprise-grade cloud backup solution and to provide professional Cybersecurity Awareness Training for your employees. In both cases, your Technology Solutions Provider is your best friend. They’ll help you fight and prevent ransomware and cybercrime of all kinds. Don’t wait. Contact them today
by Felicien | May 1, 2018 | Education
Moving to “the cloud” is good business sense – the cloud makes financial sense as opposed to the costly real estate involved with server expansion and never-ending data needs. But how can you protect yourself and your data in something you can’t see, touch, or control?
“Change is scary.”
It’s a phrase often uttered in response to big news that means change on the grand scale; something big is looming. The reference to change being “scary” really has to do with human nature and the fear of the unknown. But are we really afraid of the unknown? Or is this more to do with apprehension over something we don’t yet fully understand?
You’ll pay a small fortune to a therapist to get the answers to all of those questions, but the bottom line really is just that change makes us nervous for all of those reasons. When the discussion turns to the cloud, this intangible and invisible “thing” that is ever-evolving and so adaptable that it’s seemingly different for everyone, our collective guard is up.
The reality is that the cloud is only invisible to us – these storage servers do physically exist somewhere, using another entity’s real estate and power supply. Hired staff maintain and protect these servers on your behalf. The cloud is scalable based on your needs, meaning you can secure more or less storage space as your business needs change. Win-win-win, right?
Yes and no.
Myth: I’m paying someone else to store my data, so the burden of security is on them.
Fact: It’s your data being stored in the cloud, so you still need to think about security. You have a duty to protect the information of customers and clients, and if there is a data breach or other cybersecurity vulnerability, there is still a liability.
Myth: Cloud providers are super high-tech and impenetrable.
Fact: Your data is stored on third-party servers and accessed via an Internet connection. Any reputable cloud solution provider employs incredibly strict security measures and keeps abreast of the latest cybersecurity news – so you don’t have to. That doesn’t mean, though, that you don’t need to worry about secure access and taking every precaution you can to prevent unauthorized access through a breach on your end.
Myth: My cloud solution knows what they’re doing, so I don’t have to.
Fact: You are paying an expert to provide you a service, but that doesn’t mean you don’t need to be aware or your team doesn’t need to be knowledgeable. More importantly, why would you not want to know how your cloud provider is protecting you – and your data. Would you be concerned if servers were stored in an unlocked and unguarded facility? What about if your data was backed up on hard drives that sat exposed to the elements or accessible to anyone? Or worse – if your data wasn’t being backed up at all? That’s like letting your staff keep passwords to their network or cloud access on a notepad on their desktop for the world to see! Don’t let human error be responsible for a breach – keep informed.
Did you know that more than half of organizations, especially those classified as “small and medium businesses (SMBs)”, that experience a data loss, whether from cybersecurity breach or not – result in a catastrophic impact and aren’t able to recover? That means if there is a data breach, the odds aren’t in your favor to recover at all.
The most important thing to remember is that a 100% cybersecurity guarantee isn’t possible, but that every business can take steps to make sure they’re protected, and so is their cloud service access. How can you make sure your data is secure?
Establish a formal process with your team.
Does each member of your team understand their responsibility as it relates to security measures? Maybe – but the only way to make sure every team member is taking every precaution is to define what measures are in place and what steps need to be taken to protect the brand, the organization, and its data.
Ensure the formal process is part of the new team member onboarding so that all staff have the information and understand what is expected – including executives.
Follow the latest security best practices.
Is your network secure? If your IT staff is in-house, make sure there is a process for continuing education. If your organization outsources your managed processes, make sure your trusted partner is employing these same best practices and communicates needs with your organization timely and clearly.
Are passwords complex? Do passwords contain a mix of uppercase and lowercase letters, plus numbers and symbols? Are passwords routinely changed? Passwords shouldn’t be reused in multiple locations, either, and should be unique to users.
Is data backed up? As many as 20% of back-ups are incomplete or corrupt, and some systems are fundamentally flawed. If your organization backs-up your own data, even a fraction of your stored data, make sure it’s stored in a secured location with these same best practices above.
Are desktop workstations, mobile access machines, and remote technology all equipped with the latest in active antivirus software?
Proactivity and consistency.
This is probably the most important part of any cybersecurity process.
Does your organization provide ongoing training to team members to make sure security measures are kept updated and consistent? Operator error is the most common cause of a data breach!
“An ounce of prevention is worth a pound of cure.” Never are these words truer than in the case of data security! Protecting your data is essentially protecting yourself from cybercriminals who seek to access your data for illicit gain. Proactive protective safeguards, consistently deployed, really will go the farthest in terms of protecting your organization’s future.
Is the cloud right for you? You may not have a choice. Recent estimates show that costs and other factors will require organizations to use the cloud in some manner within the next five years and that the next decade will see a massive migration to the cloud to leverage the technology and the many benefits that cloud services can offer.
Are you considering a move to the cloud but aren’t sure if it’s right for you? Prepare now, and when the time comes for you to make the change, it won’t seem so scary. Is the sky the limit on potential? Nah – we say there’s no limit!
by Felicien | May 1, 2018 | Education
As a parent, it can be difficult to keep up with the latest potential technology dangers facing our children. So, I was thankful to find the following information about one of today’s very popular Internet games – is your child playing Fortnite Battle Royale? Should you be worried? You might want to get up to speed on it.
More than 40 million children and adults play Fortnite Battle Royale, and it appears that many are obsessed with it. Fortnite was released last year (2017) by Epic Games. There are two different versions: Fortnite: Save the World and Fortnite: Battle Royale.
Fortnite: Battle Royale is the one that’s popular with children. It’s marketed as a free-to-play game on PS4, Xbox One, PC and iOS devices, but there are also paid versions. It’s one of the first games that let kids play together across numerous platforms. So, your child can be playing on an Xbox and compete with another person on their PC.
So, how popular is this internet game? The developer, Epic Games, rakes in over $1 million a day from Fortnite. And they are getting ready to release an Android version that they say could make $50 million by the end of the year.
What Is Fortnite Battle Royale?
It’s described as a mass online brawl. It begins with one hundred players leaping out of a plane onto an island where they are left fighting with one another, and they fight to the death. This doesn’t sound like something children should be playing does it?
The fighters run around the island looking for weapons like rifles, grenade launchers and crossbows that are hidden in buildings and amongst the landscape. They compete to find these armaments, so they can survive.
They also compete to collect items, so they can build structures to hide in or use for defense. As these resources are collected, the area they compete in is reduced, so the remaining players are forced to fight closer together. Essentially, if you kill everyone else, you win.
Fortnite Battle Royale is a multiplayer game, and in reality, kids are really competing against other kids (or adults). Players can chat with one another over text or headsets. Although Battle Royale is a violent game, humor is part of its appeal. Kids can dress their players in silly costumes and have them perform funny dance moves. They can team up with their friends’ players to fight in duo or squad modes. Up to 100 can play at a time, until one-by-one they’re eliminated and only one survives.
Is this game really for children? How does this prepare a young person to live in a civilized society? It doesn’t. Even though it doesn’t depict blood and gore, it’s simply too violent for children. This is a game for adults, disguised for kids.
Why Is It So Popular?
It’s free (unless you want to use one of the paid versions).
It’s silly and humorous, even though the intent is to kill everyone.
It uses bright, almost cartoon-like graphics and comes with loads of funny items and outfits like dinosaur costumes and space suits.
It has a cult appeal because it uses a variety of dance moves that are popular with kids.
New features, play modes and items are added to the game on a weekly basis. This keeps kids’ attention and wets their desire to try them out. They like to “show off” their new gear to other players.
It appeals to children’s desire to be socially connected with their peers because they can chat and play at the same time. Children are forming real Fortnite teams and spending time together after school playing the game together.
It’s also a huge hit with video game YouTubers. They broadcast videos of themselves playing the game. What this means is that you have adults playing the game with your children. This is another reason to question whether your child should be doing this.
What Should You Do?
Check out the game for yourself. Only you can decide if it’s appropriate for your children. If you decide it’s okay for them to play, consider limiting the time they do so. When they comply, tell them that you’ll allow them to play another game tomorrow. The reward system usually works with kids. The games can last longer than 20 minutes if they succeed in “staying alive,” so keep this in mind.
Also, keep in mind that this game can be very stressful for children. They’ll always be worried that their character is going to be killed. Sit nearby and watch as they play. When you see how stressful this really is, you may decide it’s not something they should be doing.
If they play on a game console, there are parental controls you can apply. You can turn off the chat settings for the game if you’re worried about who they’re talking to. You can also limit how much time they can play. It’s wise to do this before they get “hooked” on it.
If your kids are allowed to purchase the paid versions, talk to them about spending limits and make sure they ask you before making any in-app purchases.
Also, teach them that it’s dangerous for them to share personal information with other players they don’t know, or with strangers online.
As always, try to keep the lines of communication open with your children regarding the online games they play, and their internet habits.
