Ransomware is a classification of viruses that allow hackers to control entry to sensitive data and then hold it hostage by preventing the owner from accessing it until they have paid the “ransom.” For good reason, this type of virus has dominated the media in recent memory with major attacks WannaCry and Cryptolocker, which targeted hospitals and other havens of critical information.
Here are the most important steps you need to take immediately to ensure your business’ data is protected from malevolent hackers.
1. Run A Security Audit
A security audit will tell you exactly where your network is vulnerable to ransomware and other attacks. Our process starts with a technician coming directly to your business where they will plug in to your network and run security scanning software that ties into a constantly updating database of known exploits. We then provide a final report that details security issues on your network.
The goal of the security audit is to determine the most pressing issues facing your network security and come up with a game plan to prioritize fixing the vulnerabilities with a lasting solution. Once you know how a hacker could break into your company data, you are better equipped to keep them at bay. To learn more about our security audit process, please contact us.
2. Upgrade Your Security Software
Updating your security software isn’t as simple as getting the latest iteration of Norton Antivirus. You must also focus your attention on updating other existing platforms that you and your staff use. Things like email servers, operating systems, and even desktop programs can provide an open door to savvy hackers looking to get inside your network.
As an outcome from every security audit, you will be provided with a detailed list of outdated software and programs that should be updated to prevent ransomware attacks at your company.
3. Be Diligent About Using Your Firewall
A shocking amount of companies think implementing a run-of-the-mill firewall is all they need to do to prevent unauthorized system access. In reality, this equates to a security guard checking IDs at the door of a night club. They can see who is coming and going, but fake IDs can easily slip in and wreak havoc.
The real difference maker is what is called Unified Threat Management (UTM). UTM systems go beyond the basic firewall and introduce an all-inclusive security solution. Network intrusion detection, content filtering, data loss prevention and other additional functions are included with even the most basic UTM system.
Network intrusion detection is one of the biggest benefits of UTM. This feature protects your network against things like password hacking, brute force attacks, buffer overflows, and remote injection — all valuable assets to a hacker’s toolbox.
To sum this up, UTM systems essentially determine what threatening traffic looks like and constantly update their own framework to prevent this evolving traffic from entering your network. This is all done in real time so your network is never left vulnerable to attacks defined by your UTM system.
Want to learn more about the dangers of an outdated firewall? Read on here.
4. Ensure You Have Backups to All of Your Files
In this day and age, it is almost unfathomable that over 50% of small businesses have a backup system that doesn’t actually work. Sadly, it’s the truth. This means that over 50% of small businesses could lose access to all of their data in mere minutes if hit with a ransomware attack.
Issues for these businesses range from backup systems that simply aren’t running to backup systems that are completely misconfigured and not covering the right data. The only true way to ensure all of your data is fully backed up is by using offsite backups that are under strict monitoring.
Unfortunately, even “fully backed up” data is no guarantee that you will be protected from a ransomware attack, but it does ensure that in the event of a hack you will still be able to access your information.
For as many technology-based solutions for preventing ransomware attacks at your company there are, it is just as important to maintain a vigilant staff that knows how to detect threats. Here are some actionable items that you can teach your team:
Always verify the source of unfamiliar emails
Never open attachments from suspicious email addresses
Never click spammy looking advertisements
Never share sensitive information with unverified sources before checking with your supervisor
If something sounds fishy, it probably is
Don’t believe everything you see — hackers are good at convincing potential victims. Don’t fall for their traps!
When in doubt, consult an IT professional
Only You Can Prevent Ransomware Attacks!
Ransomware is a constant threat and can strike at any time. It’s time to make sure your network is protected.Contact us for a security audit to defend your business’ and customers’ data.
Over the past few decades, free public Wi-Fi has grown to become a rather useful tool for those with mobile devices. Such services are now readily available in most airports, hotels, restaurants, and stores. This means that you can access your email, website or online program at any given time from essentially any public location.
You may think that because your business is located in Minnesota, you will be safer from hackers and cyber attacks. Unfortunately, because the internet knows no geographical limits, any business in any part of the country is vulnerable to online security threats
Firewalls are components of a computer network or system that prevents unauthorized system access while permitting outbound communication. A firewall does this by inspecting data going into and out of the computer system to ensure it meets predefined security standards. With time, a firewall will become obsolete and their efficiency diminishes. Continue reading →
Viruses can be annoying, but the CryptoLocker virus (and other crypto-malware infections) are down right scary. They may appear like any other type of ransomware, but don’t be fooled; infections like these will have lasting effects on your environment or workstation. Continue reading →
Microsoft has announced that they are ending support for Windows XP and Office 2003 on April 8th, 2014. Considering that both Windows XP and Microsoft Office 2003 are now over 10 years old, it is probably time you retire them as well.
Active Directory is a centralized database for all of your security principles. What is a security principle? A security principle can be anything from a user account, group, group policy, file share, to objects like printers. It is the single place to administer every user account in your organization. Active Directory is a building block for programs and operating systems to authenticate against for Single Sign On purposes.
Today’s data centers are evolving quickly in order to keep up with the demands of cloud computing, web-based applications, high-availability services and the rest of today’s computing needs. Many businesses choose to host their servers or at least part of their network infrastructure in offsite locations–often in different regions of the country or world. Continue reading →
We recently discussed just how public your online privacy actually is. If online privacy is a concern in your business, it may have been a bit of a wake-up call. While there is really no way to be completely anonymous while still using the internet in a practical way, there are a few things your company can do address certain concerns.
Chances are you visit several websites a day that have Facebook or Twitter icons on them. Or perhaps some of the sites you visit have advertising. While the operators of these sites may not be doing it intentionally, your information is being logged, tracked and analyzed by third-party websites every time one of these types of plugins are loaded. Depending on the level of security required at your company and the sensitivity of its data, you may not want external websites tracking your employees every online move.
If you use email or computers in your company (and who doesn’t?), chances are your employees are stealing from you. It may not be intentional, and it may not be in the way you are thinking. If an employee has ever emailed a work document to a personal account and did not delete it when they were done working on them, that is data theft. If an employee has ever transferred files to a thumb drive or one of their own devices without your permission, that is data theft.
As IPv6 gains in popularity, so does the popularity of its vulnerabilities. As we have discussed recently, the rollout of IPv6 is taking quite some time. Even if your company has not yet made the leap in IPv6, hackers are now using IPv6 to attack IPv4 networks, so you should be aware of security gaps found in IPv6 in order to protect your network.
With the looming end of support deadline for Windows XP just around the corner, migrations to Windows 7 in IT environments around the world are ramping up. Many organizations skipped the XP to Vista migration, which means they’ll be making the leap from XP to Win 7 as April 2014 approaches.
Virtualization is a hot topic among server administrators these days, and the use of virtual machines and cloud services continues to rise. A virtual machine essentially allows an IT administrator to set up multiple “virtual” servers on a single piece of server hardware. A popular example of a system that uses virtual machines is Amazon Web Services Elastic Cloud Computing (EC2), and many highly visible websites use Amazon EC2, including Instagram, Foursquare, Dropbox and Amazon itself.
With the advent of smartphones, tablets and other bring-your-own-devices in the corporate environment, IT administrators have been working hard to maintain network security while remaining flexible for the end users. On top of that, many of these BYO-devices, such as tablets and smartphones, are now able to create their own networks or hotspots, giving your IT department another acronym to manage: bring-your-own-network (BYON).
A new virus scam popped up last week claiming to be a part of the “Stop Online Piracy Automatic Protection System.” As you may recall, SOPA is was an ill-fated bill from earlier this year that didn’t become a law due to widespread internet protests.
If you receive a message on your computer stating that your files have been locked due to being on a SOPA Black List, that means you’ve been infected with a type of virus called ransomware that has nothing to do with SOPA the bill.
When starting a business, IT security is often overlooked or considered only after something goes wrong. Sure your business may have antivirus software and firewalls, but those are the only the basics. On top of that, security is something that needs to be monitored and continually considered.
Here are four things you should do right away to ensure your company’s IT security stays ahead of the game:
If you’ve used a major web browser for any length of time in the last 10 years, you’ve been asked to save your password. Because browsers have been asking us to do so for so long, we have a tendency to take for granted just how safe (or not) our saved passwords truly are.
If you pay any attention to tech news these days, you’ll see story upon story about hackers, leaked passwords and data theft. With the increased portability of data–laptops, smartphones, tablets and flash drives with large capacities–and the emerging popularity of cloud services that store your data on computers you don’t control, the less naive you can afford to be about your business’s sensitive data.
With the low prices and convenience of flash drives, USB drives and external hard drives, the chances are greater than ever that your company’s sensitive data could be easily lost or stolen. To combat this, you may have thought about having these types of drives encrypted. Encryption can be done two different ways, using either hardware or software.
What do you do with your old equipment when it comes time to get that new computer or replace that 4 lb. laptop? Do you put it in storage somewhere and let it collect dust for years? Perhaps you recycle it and hopefully you don’t throw it in the trash.
We’ve heard small-business owners ask time and time again, “Why would I need to be concerned about security? There’s nothing valuable on my servers, so why would anyone want to hack it?” This question comes from a lack of knowledge about why hackers do what they do and the ramifications it could have on your company’s bottom line.
Have you ever visited a website and had to enter a bunch of random, hard-to-read characters? Ever wonder why you had to enter them? Well, that’s called a CAPTCHA or “Completely Automated Public Turing test to tell Computers and Humans Apart.” It’s a type of test used in programming to verify whether or not a human is interacting with the program.
The basic idea behind a CAPTCHA is that it’s easy for a human to answer but difficult for a computer. That way, certain functions could ideally be limited to humans, while keeping computers and automated programs (bots) out.
A few weeks ago, we talked about whether or not your business should jump into the cloud. While ease-of-use and scalability are potential benefits of using cloud storage services, a recent study from Ponemon Institute shows that data security in the cloud could be a cause for concern. In fact, they indicate that a full 90% of businesses have experienced a leak of sensitive or confidential information in the past year.
Bot. You’ve heard the term before, but you’re not quite sure what one is or what it does. Basically, a bot (short for web robot) is a program created to perform automated tasks faster than any human could. Like any tool, a bot may or may not be used for malicious purposes. In fact, there are some beneficial uses for bots as well.
According to Time, spam averages 78% of all email sent. If you’ve checked out your junk email folder today, that’s not hard to believe. But why is there so much spam? How could it possibly be profitable? Have you ever heard of anyone ever buying anything as a result of spam?
After Wired.com’s Mat Honan suffered a widely-publicized hack last week, blogs have been abuzz with the the term “social engineering.” The hack wasn’t a traditional one, where hackers digitally outsmarted Honan’s technological defenses. It was perhaps a more insidious kind of hack–a con if you will–long referred to as social engineering by the tech industry.
Microsoft will be releasing 9 major updates this week that will patch major bugs and vulnerabilities in Windows, Internet Explorer, Office, Exchange, SQL Server and Windows Server. Of these 9 updates, 5 are labeled “Critical,” which is the most serious rating Microsoft uses.