by Felicien | Aug 2, 2017 | Education
Even the smallest business isn’t immune from the threat of cybercrime. Are you doing enough to protect your business from becoming a victim?
The ransomware panic caused by WannaCry and Petya affected tens of thousands of computers throughout the world. However, these attacks were just one part of the latest wave of an ever-increasing number of sophisticated cybercrimes that companies are being forced to deal with every day.
It seems that every time you open the newspaper there are stories about major corporations such as Yahoo, Verizon or Taobao being victimized by hackers. But digital criminals aren’t only targeting large companies with deep pockets, they go after the little guys as well. In fact, small and medium-sized businesses (SMBs) make up the bulk of hacking victims. Experts estimate that these organizations suffer more than 4,000 cyberattacks every single day.
If that doesn’t scare you, taking a close look at your company’s cyber security should. The Denver Post reported that approximately 60 percent of the small and medium-sized businesses that suffer a cyberattack never recover, and are out of business within six months. This is a shocking statistic—And it’s something that I share with our clients when talking about protection from cybercrime.
Preventing Cyber Attacks Must Be a Top Priority.
I agree with the statement from Ginni Rometty, the Chairman, President and CEO of IBM Corp., “Cybercrime is the greatest threat to every company in the world.”
Unfortunately, two-thirds of SMBs don’t agree with us, and the majority of them don’t have adequate safeguards in place to prevent an attack. This means they’re tempting targets for cyber criminals.
Businesses that are victims of cyberattacks stand to lose a lot of money. Juniper Research predicts that by the end of 2019, online crime will cost companies more than 2 trillion dollars. Currently, the average small business that falls victim to hacking loses around $690,000. Mid-sized businesses wind up paying more than 1 million dollars to clean up after an attack. That’s a money that most don’t have.
Even worse than the initial cost of recovering from a cyberattack is the possibility of legal action by customers or clients who have had their information compromised. Combine that threat with the risk of being investigated and fined by governmental regulators, and the bill for a cyberattack has the ability to cripple most companies.
Besides all the direct monetary damage, a cyberattack can ruin a business’ reputation.
Growing a reputation takes years, and just one data breach can ruin the trust you’ve worked so hard to build. Thomas Ordahl, Chief Strategy Officer at Landor Associates, said a company’s reputation is the driving force behind growth, and, “It is also the asset that when compromised… is least easily fixed.”
If you believe your business’ current cybersecurity plan is inadequate, now is the time to start developing a better one before it’s too late.
Five Things You Must Start Doing Today
While a comprehensive cybersecurity plan can take a long time to implement, there are several things you can do start doing today to make your company safer from cyberattacks. Start with these five tips:
Talk to your employees. Mostdata breaches are caused by untrained employees. Make sure your team knows how to keep your company’s data safe by avoiding common dangers like opening attachments from unknown senders, improperly disposing of sensitive information, or using simple passwords.
Maintain up-to-date hardware and software. Developers release security patches whenever they become aware of vulnerabilities. Make sure all of your computers and applications are updated regularly.
Review your outside vendors. It’s very common for smallbusinesses to use third-party vendors for services like payroll or web hosting. If you do, make sure that all of your outside vendors have a comprehensive security plan in place to prevent hackers from accessing your private data.
Back up your data nightly. You should always backup your data to an offsite, secure location. The increased number of ransomware attacks make frequent backups of critical data essential. You can back up your data manually or use a managed backup service.
Use tough encryption. While state and federal law requires businesses to use encryption to protect the sensitive information of customers, they should expand their use of encryption to include information that’s not covered by compliance laws.
While no preventive measure is 100 percent effective, the more you protect your business today, the less likely you’ll wake up to a cyber nightmare tomorrow.
The IT professionals at {company} in {city} have the expertise to protect your business from cybercrime. Contact us for a complimentary review of your security needs. {phone} {email}
by Felicien | Aug 1, 2017 | Education
Data laws are in the process of changing yet again. Is your business prepared? The EU’s General Data Protection Regulation (GDPR) provides new oversight into how organizations are, and should be, handling and protecting the personal data of users. Personal data includes records with identifying personal information as well as a computer’s IP address—In essence, anything that could be used to identify an individual.
New regulations go into effect in May of 2018. Everyone is trying to do their part to stay one step ahead of the cybercriminals who want to do us harm. And, with facts and figures like the ones below, it’s no wonder that data laws change as frequently as the weather:
Cybercrimes are getting more frequent. In 2016, more than 29 million records were exposed in 858 publicized breaches across sectors including financial, government, healthcare and education.
Small businesses are being hit the hardest. The Ponemon Institute’s study, 2016 State of Cybersecurity in Small and Medium-Sized Business reveals that 55 percent of SMB respondents say their companies have experienced a cyberattack in the past 12 months.
The damage cyberattacks cause can be devastating. 50 percent report they had data breaches involving customer and employee information in the past 12 months. In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations cost an average of $955,429.
To make matters worse, according to the World Economic World Forum’s, “Global Risks Report 2016” a “significant portion” of worldwide cybercrime actually goes undetected. This means, as bad as these numbers are, the true situation is even more dire.
Will changing data laws doing more harm than good?
All of this raises an important question—Are these data laws doing more harm than good? Could new data laws actually force you to close your doors instead of help protect your business? According to one new analysis, the answer may not be as clear as one would hope.
The GDPR contains one seemingly small, but significant change that business owners in particular need to be aware of—Accountability. Under the GDPR, if personal data is stolen or otherwise compromised during a cyberattack, the affected company must report the breach within 72 hours of identification.
So, what happens if you fail to do this?
Under the GDPR, non-compliance could lead to an immediate fine of $20 million euros, or 4% of global turnover – whichever is higher. To put this into perspective, say a company as large as Apple was hit with a data breach and they didn’t disclose it for five days. That extra two-day waiting period could cost Apple billions of dollars.!
To provide some additional context, consider the case of Talk Talk, a UK telecom company that was hit by a massive data breach in 2015. At that time, the company was fined $400,000 for failing to take steps to prevent the breach from happening. Under the new law, that fine would grow to tens of millions of dollars.
Supporters of the new law argue that this is a real opportunity for businesses all over the world to promote protection for individuals’ privacy to gain a competitive edge in a crowded marketplace. They say the reward of “getting it right” is much greater than “getting it wrong” – at least in theory.
Many organizations are in full-on panic mode because of this.
Experts agree that not only will these new laws affect every part of a business, but people don’t know what to do to stay prepared. Plus, there’s a shocking lack of awareness for affected businesses—60% of people who responded to a survey thought the new regulations wouldn’t affect their organization in any way. These respondents could not be more wrong.
It’s estimated that the average business will need between 12 and 15 months to prepare, something that only 29% of businesses in the UK have started to do. When you consider that May of 2018 is less than a year away, this is a cause for alarm.
It’s imperative that your business conducts a comprehensive data audit to ensure personal information is secure at all times.
Companies like yours need to start by gaining as much visibility as possible into data security. You also need to know how it’s being used, what existing policies govern how it can be used, and what you need to do to ensure compliance before the new laws take place.
Make sure your company’s leadership is fully behind the change, and your employees are trained to recognize cyber threats. As always, data security requires an “all-hands-on- deck” approach. This has never been more important than it now.
Data laws will always change, and for a good reason—Cyber security is one of the most significant topics facing businesses today. This is why it’s so important to stay up-to-date on all the latest changes, rules and regulations. It puts you in the best possible position to stay one step ahead of the criminals who want to do you harm, and to stay compliant with regulations.
If you’re in {city} and would like to find out more information about this or any other IT topic, don’t delay—Contact {company} by sending us an email to {email} or by calling {phone}.
by Felicien | Aug 1, 2017 | Education
Did you grow up loving MS Paint?
Microsoft is replacing it on future Window operating systems, but don’t worry, it’s still being supported.
1985 was a great year. It gave us such classics as the time-defying DeLorean in Back to the Future, the chart-topping song Everybody Wants to Rule the World by Tears for Fears, and MS Paint from Microsoft.
Yes, the classic painting program, which came with every Windows operating system since Windows 1.0, was first released way back in 1985. And now it’s time for all of us to say goodbye to MS Paint. Well, at least as a standard application on any new Windows OS.
Microsoft recently made the announcement that the company was removing MS Paint from the Windows 10 Fall Creators Update and replacing it with a newer version that the company named Paint 3D. Despite the company’s assurance to Windows users that Paint 3D was a much better graphics program and would still retain many of the favorite features of MS Paint, there was a passionate outcry.
Whether it was a wave of nostalgia, or that MS Paint fans from around the world wanted Paint to remain as is, they were so upset that they flooded forums and in-boxes with protests.
And it appears their cries were heard!
Just days after making the initial announcement to replace MS Paint, Windows released a statement that acknowledged the program will still be around. The devotion of its almost 100-million users around the world paid off. As a compromise, Microsoft made it clear that MS Paint would still be supported and available — It just won’t be a part of any future Windows operating system. Instead, MS Paint is going to have a home on the Windows Store where it will continue to be offered, and for FREE!
A Look Back at the Long History of Microsoft Paint
There are very few things in the world that last for 32 years—And even fewer tech products. MS Paint is one of those incredibly rare applications that’s defied the odds and has found a permanent niche.
In the beginning, using MS Paint was pretty bleak, and a lot less colorful. When the program was first released in November 1985, it was called Windows Paint. It only supported 1-bit monochrome and came with very few drawing tools. However, even with these extreme limitations, the program drew the attention of many.
When Microsoft released Windows 3.0 five years later, things began to look brighter for the program. It received a major makeover, which started with a new name, Paintbrush. Besides a name change, this version added an easier-to-use interface, and the ability to use colors for the first time.
It wasn’t until the release of Windows 98 that MS Paint became a truly functional graphics package. For the Windows 98 version release, Microsoft provided the ability to save artwork in JPEG, GIF and PNG file-extension formats. This change let users create an image in MS Paint and use it in another program. The Windows 98 version of MS Paint also permitted users to create art with a transparent background, a perfect for the burgeoning Internet during that same period.
The release of Windows XP expanded MS Paint’s save formats to include natively saved images as JPEG, GIF, TIFF, PNG and BMP extensions. This version also let users import scans and digital photographs directly into the program, which added a ton of new options.
One of the biggest and most important updates to MS Paint was the version that was distributed with Windows 7.0. In this update, Microsoft added the ability for users to undo up to 10 of the last changes they made. This combined with better controls for cropping and magnification provided real power and functionality.
The last major updates to MS Paint were introduced in Windows 7.0. MS Paint received an overhaul that included a greater selection of brushes, and the annoying, yet playful, need to continuously “reload” your brush while using oil or watercolor to simulate the effect of running out of paint. Users were now able to undo up to the last 50 changes.
A First Look a Paint 3D
So, what about the program that’s replacing MS Paint? Is it worth using?
The answer depends on why you need or want a 3D-modeling program. If you just want to mess around and try your hand at creating some 3D artwork for fun, then yes. Paint 3D is definitely something you should check out. The interface is a lot more user-friendly than most of the other options on the market, and offers a wide range of 2D and 3D options.
However, for any of my clients who are wondering if they can replace their current 3D- modeling software with Paint 3D, I’d have to recommend holding off on making the switch. Paint 3D’s limitations don’t make it a good alternative for you.
Try Paint 3D out for yourself and see what you think. You can download the latest version of the program from the Windows Store for free. Check it out for a bit of fun, even if you don’t plan on using it for your business.
For more information about Microsoft Paint 3D or other Microsoft Products, for your business in {city}, contact {company} at: {phone} or {email}
by Felicien | Jul 31, 2017 | Education
Apple just issued a security update that you must download as soon as possible.
We’re more dependent on our mobile devices now than ever before, making mobile essential.
Viruses don’t just affect desktop or laptop computers. With millions of iPhone and Android phones used today, it makes sense that hackers would eventually target them. And the numbers prove this: An incredible 25% of all mobile devices are hit with cyberattacks, and 1,023,108,267 records were stolen from mobile devices in 2014.
So, when a company as big as Apple issues an urgent security update and tells iPhone and iPad owners to download and install it right away, you should listen. Apple’s recent iOS and MacOS update, released July 21, 2017, defends against a particularly dangerous vulnerability named Broadpwn.
Broadpwn is a serious threat, according to the National Vulnerability Database at the National Institute of Standards and Technology or NIST. It gets a 9.8 out of 10 in terms of a severity, and is scored as “critical.”
Broadpwn also attacks Android devices; Google issued its own security patch earlier in July.
The Story with Broadpwn
Early in 2017, security researchers discovered a vulnerability in specific WiFi chips that has the potential to bring a device to its knees before you realize that something is wrong. Broadpwn allows a hacker to remotely execute a malicious code that takes total control of your device via your WiFi.
Once Broadpwn is executed, the hacker has total control of everything on your device. This includes components from the operating system to the central processing unit, and everything in between.
What makes Broadpwn particularly frightening is that all a hacker has to do is get within range of your device. They don’t need physical access to run their code. This means that they could be sitting near you in an airport terminal, or could be at the table next to you in a coffee shop, and do just as much damage as they would if they had stolen your device.
The flaw is estimated to affect millions of Apple and Android devices being used by people all over the world. To Google’s credit, they already released a patch for the Android operating system early in July. Apple took additional time because it had to work on unique fixes for both the iOS mobile operating system and the macOS desktop platform.
Update Now!
Thankfully, all Apple software updates are incredibly easy to install. Once your device is connected to a WiFi network, all you have to do is complete the following steps:
Open the “Settings” app on your device.
Navigate to the option labeled “General.”
Tap once on the button labeled “Software Update.”
Wait a few seconds for your device to recognize the newly available update.
Tap the button labeled “Download and Install.”
Leave your device connected to both a charging cable and wall outlet during this time, as it may take a while to update.
Once the update has completed, navigate back to the “Settings” app and tap “About” to confirm your device is running the iOS 10.3.3 operating system.
If your Apple device is a computer like an iMac or MacBook Pro, the steps to update are even easier. All you need to do is open the “App Store” app and click on the tab labeled “Updates.” Once your computer offers you the update, click “Download and Install.” Your computer will reboot a few times during this process. When complete, you’ll be free from the threat of Broadpwn.
Apple and Security: What You Need to Know
Apple has always been known for their very secure mobile and desktop devices. While this is true, the idea that Apple devices “don’t get viruses” is a myth. This used to be so, but we’re talking about ten or more years ago.
Hackers rarely targeted Apple’s desktop operating system simply because it wasn’t lucrative to do so. Not only was Windows a naturally less secure operating system, but there were also exponentially more Windows computers in use worldwide. It didn’t make sense to spend time writing a piece of code that targeted an Apple device if the chances of success were low in the first place.
However, thanks to both the explosion in popularity of the iPhone, and the fact that more people are buying Apple computers, things have changed. Apple devices are still targeted by specific viruses much less than their Windows counterparts, but those numbers are on the rise.
Don’t assume that your device is protected just because it has the Apple logo on it.
In 2015, there were five times as many instances of Apple-specific malware on desktop and laptop computers than in the five previous years combined. Likewise, the iOS operating system recently had a 262% increase in vulnerabilities compared to just a few years earlier in 2011.
Cyber security is a pressing concern for everyone who uses the Internet in any way, regardless of who made your computer or smartphone, or what company you’ve chosen to do business with. To assume otherwise is a legitimate recipe for disaster.
If your business is in {city} and you’d like to find out more about this or any other IT-related topic, please don’t hesitate to contact {company} at {phone} or by sending us an email to {email}.
by Felicien | Jul 28, 2017 | Education
IT consultations aren’t just for the “big guys.” Startups and small businesses can benefit, as well. IT consultations can go far beyond simply providing technology information. The right consultant can help you lay out a roadmap for future upgrades, increase your employees’ productivity, avoid dangerous security pitfalls that could tank your company, provide data storage services at the right price, and more.
More business owners are turning to IT consultants to act as their Virtual CIOs. Here’s why:
Outsourcing IT Allows You to Focus on Your Core Offerings.
Relying on an IT consultant is freeing and reassuring for the small business owner. They can sit down with a consultant and ask plainly, “All right, how can we truly benefit from outsourcing our IT? What are the options for a company of our size?” Newer ventures can benefit from outsourcing anything from payroll to data virtualization to software-as-a- service. An IT consultant can manage the IT administrative details so you can focus on your core business capabilities.
Understanding IT Best Practices
With the advances in IT and ever-evolving technologies can be daunting for any business owner. Most don’t have the time, experience or knowledge to select the right solutions on their own, especially if they don’t regularly study the impact of new technology.
We see this issue in retail and hospitality companies where business leaders are very much focused on the brick-and-mortar world and aren’t sure where the industry is moving in regards online tools. They wisely choose to spend their time on their own strengths, but when it comes to making IT decisions, these companies often seek the advice of an experienced third party who understands IT best practices.
Achieving Data Security Requirements
How well do you understand data compliance regulations in your industry? What about the requirements for doing business with customers in another country? (Yes, it can be very different from what’s required in the U.S.) As a business owner or manager, you must be aware of all compliance laws and requirements. A consult with an IT expert can help you understand what’s required and what isn’t. They’ll work with you to design a strategy to ensure you meet current and upcoming compliance standards using the right IT services.
Guaranteeing Compatibility
Let’s say that you’re familiar with data and tech solutions: You know what you’re doing and you’re happy with the current tools you’re using. However, you want expand, and this means adopting new IT solutions. When entering uncharted territory, an IT consultation is an excellent idea, not just to get new ideas, but also to make sure the transition will go smoothly. How will your old files be moved into a new system? Will you need to use different software applications? Can your new services work seamlessly with your current tools? Will you have to change data management or maintenance tasks? Finding answers to these questions on your own can be time-consuming and stressful. A consultation with experts is a better way forward.
Choosing the Right Data Backup and Insurance Plans
You probably know that you need protection for sensitive customer data — However, you may not know where to begin to do this, or if the security you’re currently using is sufficient. IT consultations can tackle many security issues, and help you ensure your data is secure, and your business is protected. Your IT expert will make sure you have a unified plan that successfully backups your data on a regular basis and stores it securely offsite.
Purchasing data insurance is something to consider before you experience a data loss. It helps companies recoup some of the monetary losses that occur as a result. However, it’s necessary that you understand exactly what a data policy covers. (Hint: It doesn’t pay off any associated fines.) Your IT consultant will have the answers you need.
Scalability Solutions
Where do you see your business in five years? How about 10 years? The success of your business requires an IT roadmap that ensures your technology meets your needs years down the road. The reality is that many companies find themselves stuck with technology that doesn’t meet their growing needs. Don’t get caught in this pitfall. Instead, rely on an IT consultant to help you design a plan for the future. They will help you choose services that are easy to scale up (or down) as needed.
Are you looking for an IT Consultant in {city}? {company} has the IT experts to help your business succeed now and into the future. Contact us at {email} or {phone} to learn more.
by Felicien | Jul 28, 2017 | Education
Radio and television station KQED has been taken “back to the stone ages” because of an advanced ransomware attack launched in June of 2017. No one is sure how the ransomware got into KQED’s system.
Ransomware brought this public television and radio station to a grinding halt— All Internet-connected devices, tools and machinery were cut off in an attempt to isolate and contain the attack that infected the station’s computers. More than a month later, many remain offline. Although the station has continued its broadcasts, it’s found that functioning in a non-Internet world is extremely frustrating and difficult.
This incident highlights the need for businesses like yours to protect themselves and their IT devices from debilitating cyberattacks. We’re more vulnerable today than ever before. It’s up to you to take proactive measures to protect your business.
Ransomware: An Old Threat Reborn
Ransomware isn’t new. In fact, it’s one of the oldest types of malicious software programs, and is becoming increasingly prevalent as more people rely on IT and Internet connections for their day-to-day operations.
Ransomware essentially locks a user out of their system, or holds data hostage until a ransom is paid. Once the ransom is paid (generally through a wire transfer or cryptocurrency transaction), the data or service is unlocked, and (theoretically) the user can recover their data.
However, there are more issues of concern:
Ransomware is a type of virus, so it can self-replicate throughout computers, servers, and other devices operating on the same network.
Paying the ransom doesn’t necessarily mean your system will be unlocked. Some forms of ransomware are designed to just disrupt, while others may have been long abandoned by its creators.
Paying the ransom can be expensive. While some ransomware attacks only amount to a few hundred dollars, others can be in the range of thousands—especially those targeting large enterprises.
Paying the ransom doesn’t mean your data hasn’t been copied or otherwise breached. You still need to react as though your data has been shared, including confidential identity and financial information.
KQED’s Ransomware Attack
KQED’s ransomware spread quickly throughout their network, including their Internet of Things devices. The ransomware then encrypted data on their Microsoft computers, but was halted before it could encrypt a significant number of systems. The problem was that it had already infected the network; if the system was brought back up, it would only continue to propagate. Consequently, Internet access had to be removed for many of the systems until the issues could be properly isolated and dealt with, device by device.
To avoid further infection, all Windows computers had to be wiped and restored, and KQED had to upgrade its security measures. This attack came in the wake of—but was not related to—several global ransomware attacks, which took down computers throughout the world.
In order to decrypt the files, the ransomware requested approximately $3,637 for each file to be decrypted. The total ransom requested was in the millions, which was impossible for KQED to pay.
How Can You Defend Against Ransomware Attacks?
In the past, many security systems were limited to only identifying already known attacks. This meant new vulnerabilities and custom attacks were impossible to defend against. KQED was vulnerable to attack even though it had relatively up-to-date security—This may have been the case because its security system was running based on antiviral templates.
New security systems scan for the presence of ransomware attacks and can mitigate the majority of these threats, not only by identifying individual attacks, but also being able to identify suspicious behavior. Machine-learning algorithms and artificial intelligence have now made it possible to scan for the behavior of potentially malicious programs.
KQED was struck by a new piece of software that had not yet been identified. However, it’s unknown whether its suspicious behavior might have been flagged by a more advanced threat-detection system.
Note: In addition to having up-to-date security measures, your systems must be regularly backed up. You should be able to deploy a backed-up instance of an entire system to protect your organization from virtually any threat—including physical hazards such as fire or earthquake.
KQED had a single network composed of many different devices, which couldn’t be reset altogether. The ultimate consequences for KQED were that:
They couldn’t complete a significant amount of work for weeks.
Online broadcasts went down for more than twelve hours.
They lost a significant portion of their work and weren’t able to use their computers or the Internet for a substantial amount of time.
It took weeks to even begin to repair the damage—and these are weeks the station will need to pay for in terms of man hours and IT costs.
All of this could have been prevented through better security measures and security training for their employees.
Cybersecurity is our specialty and priority at {company}. Cyber threats are growing exponentially, and we’ll block them by eradicating all potential security weaknesses. Your systems will be protected by a next-generation firewall, antivirus, and spam-filtering system. Plus, we’ll conduct security awareness training for you and your staff on an ongoing basis, so they can recognize a threat in an email, or on a web page.
