Author: Casserly Consulting

Categories
Security

Your Business Should Be in the Headlines for the Right Reasons, Not for a Cyber Attack

b2ap3_thumbnail_business_ramifications_400.jpg Today’s headlines are peppered with stories of major companies and institutions falling victim to a cyberattack. As a business owner, what’s your response to these gut-wrenching stories? If you write them off as fear mongering and believe that these attacks can never happen to your SMB, well, you’re wrong. They can and it’s up to you to prevent such a disaster.

One reason why it’s so important to shore up your company’s network security is because the ramifications of a breach extend well beyond the sensationalism surrounding a news story. Take for example one of the biggest stories of hacking in recent memory; the revelation made public last December that Yahoo had more than one billion of its accounts compromised, dating all the way back to 2013. While the headlines focused on the plight of Yahoo and the negative effect this would have on the tech company’s value, what didn’t get reported is how millions of Yahoo users were negatively affected by having their sensitive information exposed to hackers.

In the same way, seeing to your company’s network security goes beyond protecting your corporate image from a negative headline. It’s also about protecting all of those who have entrusted you with their sensitive data. This includes customers and vendors that have provided your business with their financial information, as well as employees that each have a wealth of their personal information connected to your HR department.

We’ve established that there’s a lot riding on your network security and that it’s your job to make sure this is taken care of. If you don’t currently have a security plan in place protecting your company from a data breach, where do you even begin? Fortunately, you don’t need to be an IT security expert or have a computer science degree to implement adequate security measures. As is the case with the many vital responsibilities connected to your business, you can outsource the protection of your network to the professionals, such as the IT technicians at COMPANYNAME.

That said, IT security is such an important and comprehensive matter that it’s not something that you should outsource and then disregard. In fact, IT security works best when everybody in the company understands that they have an active role in its upkeep. Yes, everybody. We’re talking from the C-level executives down to the cleaning lady who connects her smartphone to Wi-Fi. If everyone in your company understands how to avoid the snares laid by hackers, then the cake that is your network security measures will be topped with the icing of best practices.

Remember, securing your network from cyberattacks isn’t something that you have to do on your own. COMPANYNAME is here to help, and we can do so by implementing proven and comprehensive network security solutions like our Unified Threat Management tool, as well as remote monitoring and maintenance in order to detect and take care of any threats that may breach your defenses. We’re also available to equip your staff with the means and know-how to better understand cybersecurity.

For assistance in all of these areas of security and more, give us a call today at PHONENUMBER.

Categories
Best Practices

Tip of the Week: How to Be Active and Proactive With Your Network Security

b2ap3_thumbnail_net_security_tips_400.jpg Security troubles have many causes, but the only way to protect your business from any of them is to implement a comprehensive enterprise-level security solution. There are two other ways that you can work to protect your business, implementing software patches, and avoiding social engineering attempts.

Applying Software Patches
It should be clear that software patches are designed to fix security problems and improve the functionality of the software, but some organizations simply don’t have time to implement them manually, or they simply don’t understand the purpose for them. Part of the problem is that sometimes the developers aren’t necessarily clear that patches are available, while other times those within your organization may not even know how to administer them. Regardless of the reason, there are usually problems on a network that will go unattended for extended periods of time.

Most hackers only want to take advantage of the issues they can detect. Thus, there could be countless threats out there designed to target countless unpatched vulnerabilities on your network that not even the hackers can know about. It makes sense for a hacker to use just one exploit to target a handful of vulnerabilities. Therefore, it’s important to make sure that all software that you use is updated and patched.

Additionally, your systems shouldn’t be running unused programs. The more software you have, the more ways hackers can take advantage of your organization’s network vulnerabilities. Moreover, you might even be wasting revenue on renewing software licenses that you don’t even need, so it’s best perform a network audit from time to time to get the worthless software off your infrastructure.

Dodging Social Engineering Attempts
Social engineering is broadly categorized as any method that takes advantage of unprepared users or those who are ignorant of solid network security practices. Examples include a phone call or email message claiming that the network has been breached by a foreign entity and that “tech support” needs to remote into the computer and resolve the issue. There are other, more subtle methods as well, such as targeted spear phishing attacks that go after specific users with personal information that convince them that the hacker is someone in authority.

These types of attacks vary in sophistication, but they can range anywhere from an employee receiving a message claiming that they’ve won a prize, to the intruder physically following your employees into the office and stealing sensitive data manually. In instances like these, a little bit of employee training can go a long way. Teach them to look for anything suspicious, and inform them that vigilance is incredibly important in the workplace.

These two security improvements barely scratch the surface of what your organization should be focusing on for network security. If you want to fully protect your business to the best of your ability, give us a call at PHONENUMBER.

Categories
Alerts

Alert: 33.7 Millions Records Released to Public Due to Leak of Massive Marketing Database

b2ap3_thumbnail_do_you_have_a_data_leak_400.jpg In recent news, millions of records containing personal information were made available to the public in a sizable data leak, providing potential scammers with plenty of information to utilize in their schemes. These records were all part of a 53 GB database that was available for purchase from Dun & Bradstreet, a business service firm.

The database contained information that could be of great use to hackers and marketers alike, as it outlined corporate data for businesses within the United States, providing professional details and contact information for members at every level of the businesses included.

Dun & Bradstreet released a statement via email in an attempt to remove the firm from any responsibility. According to the firm, there was no evidence of a breach on their systems. The email also pointed out that the leaked data was sold to “thousands” of other companies, and that the leaked data seemed to be six months old. In essence, Dun & Bradstreet’s position was “not our fault.,” and that there was little cause for worry, as the list only contained “generally publicly available business contact data.”

However, not everyone feels that the responsibility for this event can be passed off so easily, especially considering the nature of the data found on the database.

Troy Hunt manages Have I Been Pwned, a data leak alert site that allows a user to reference one of their accounts to determine if their credentials have been compromised. He offered up his own take after reviewing the database for himself. Hunt’s analysis revealed that the organizations with the most records in the database were:

  • The United States Department Of Defense: 101,013
  • The United States Postal Service: 88,153
  • AT&T Inc.: 67,382
  • Wal-Mart Stores, Inc.: 55,421
  • CVS Health Corporation: 40,739
  • The Ohio State University: 38,705
  • Citigroup Inc.: 35,292
  • Wells Fargo Bank, National Association: 34,928
  • Kaiser Foundation Hospitals: 34,805
  • International Business Machines Corporation: 33,412

If this list alarms you, you have the right idea. In his comments, Hunt brought up a few concerns that he had with the contents of the database out in public.

First of all, this list is essentially a guidebook for someone running a phishing campaign. A resourceful scammer could easily use the information contained in this list (including names, titles, and contact information) to create a very convincing and effective campaign. Furthermore, the most common records in the leaked database were those of government officials and employees. Hunt went so far as to mention which personnel records could be found in the database for the Department of Defense: while “Soldier” was the most common, the list also included “Chemical Engineer” and “Intelligence Analyst” entries.

In his response, Hunt asked a very important question: “How would the U.S. military feel about this data – complete with PII [personally identifiable information] and job title – being circulated?” With the very real threat of state-sponsored hacking and other international cyber threats in mind, Hunt brought up the value this list would have to a foreign power that isn’t fond of the U.S.

Finally, Hunt cited the chances of this data being recovered to be at a firm “zero” percent.

In short, despite the reassurances from Dun & Bradstreet, this database going public could present some very real dangers to any businesses included in it.

If you’re worried that your business may be vulnerable, there are two things you should do. First, you should see if your data has been exposed by checking Hunt’s site, Have I Been Pwned . Second, you should reach out to us at COMPANYNAME, so we can help keep you secured against threats like this and others. Give us a call at PHONENUMBER.

Categories
Technology

Productivity Suffers Without a Cohesive IT Plan

b2ap3_thumbnail_outsource_your_it_management_400.jpg There are right ways and wrong ways to do many things, and managing IT is no exception. Many businesses, especially small ones, are left susceptible to issues and vulnerabilities in their network. What’s worse, these are often networks that are supported by an IT “expert.”

Whether it’s due to budget constraints, a lack of workable time, or any other reason, companies frequently settle for substandard solutions when it comes to making changes to their IT. Oftentimes, they’ll try to bury their issues underneath a relatively updated infrastructure without doing anything to resolve the underlying problem. Either that, or they decide that they can fix the problem themselves, piecing together an unstable solution that almost works.

Observing this has only made us at COMPANYNAME more dedicated to providing a real solution for businesses that resort to these DIY implementations.

Many business, most often small ones, have a few things in common. First, they all experience similar issues with their IT, and secondly, they are usually ill-prepared to deal with the repercussions of these issues. Furthermore, these businesses will frequently neglect their need for standard operating procedures for their employees to follow.

This only opens the business up to greater issues as the employees will resort to processes that they’re personally comfortable with to complete their responsibilities. In the end, the workforce is left in the uncomfortable position of desperately needing change, with the unwillingness to make any changes.

As a result, the already tricky business of running an SMB is only made more difficult. When issues persistently prevent your technology from serving its intended purpose, your employees will be rendered incapable of meeting their responsibilities by a situation that is out of their control.

COMPANYNAME can help put control back into your hands with our variety of IT solutions. From our proactive monitoring and maintenance practices to our ability to block many distractions, we can apply a consistent solution to your entire network, unifying your IT so it will better serve your needs. Call us at PHONENUMBER for more information.

Categories
Best Practices

Tip of the Week: You May Want to Remove Your Wi-Fi Information From the WiGLE Database

b2ap3_thumbnail_ssid_name_400.jpg The next time you look at your device’s available Wi-Fi connections when in public, take a look at what some of the local connection names are. Chances are that you’ll see some names that match a nearby organization or family. Others might still be using the default SSID, like Linksys/Netgear-something-or-other. Others might get a little more creative. The latter example may have the right idea; using an obscure wireless network name is much more secure than naming your connection after what it’s associated with.

That’s not to say that those who have named their home Wi-Fi networks things like “FBI Surveillance Van 3” or “Pretty Fly for a Wi-Fi” are in the right, but you get the idea. Instead of misleading people with your SSID, you want to think of your wireless network’s name as a shield against possible hacking attacks. In fact, it’s recommended that you don’t broadcast it at all if you can help it, but this isn’t always an option–especially for organizations that offer Wi-Fi to the public as part of their consumer obligation.

One website in particular highlights the importance of naming your Wi-Fi network something inconspicuous. A service called WiGLE collects information from wireless networks and compiles it in an online database that’s searchable. WiGLE also offers software solutions that can map, query, and update these databases. Among the uses for WiGLE are: educating the public, research projects, site surveys, journalism, analyzing wireless usage, and finding usable networks while on the go.

Knowing that a tool like this exists, should make you stop and ask several questions. If your wireless network’s data is being collected, is it at risk? Is it something that you should be worried about? How do you remove your business’s wireless network from WiGLE? Well, WiGLE has posted answers to all of these questions:

“If your network is in WiGLE and you don’t like it, we’ll take it out immediately, but you should look into making your network harder to detect AND more secure; remember that you’re the one bombarding passers-by with your signal. We aren’t affiliated directly with any particular community or interest (other than our own), but we applaud the efforts of the people who wrote the stumbling software that feeds our project, the people looking to use wireless in innovative ways, and especially the community of people who just dig wireless network access and dig sharing it.”

To learn more, you can access the website here.

What are your thoughts on WiGLE? Let us know in the comments, and be sure to reach out to us for help securing your company’s wireless network.

Are you confident in the security of your wireless network? Don’t hesitate to call us at PHONENUMBER if you feel it’s time to audit one of your most targetable entry-points.

Categories
Security

These Police Officers Called for Backup… and it was Infected with Ransomware

b2ap3_thumbnail_police_ransomware_400.jpg The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.

Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Reach out to us at PHONENUMBER so we can optimize your IT to protect you against ransomware and other critical issues.

Categories
Cloud

Moving to the Cloud? Be Wary of These Hidden Costs

b2ap3_thumbnail_cloud_software_deployment_400.jpg Efficient utility software deployment has been a priority for businesses for much of the past three decades, but today’s software developers are beginning to more frequently offer their titles as a service, giving end users the ability to utilize powerful software solutions from anywhere, for what is often a reasonable monthly payment. The dissemination of useful computing resources from the cloud, whether it’s a private cloud server, or a public cloud platform through a reputable cloud provider, can be of great benefit to your business.

In a recent study, it was predicted that 59 percent of the cloud computing workload will be generated from SaaS offerings by 2018. This figure correlates with the trend of more and more businesses hosting their software in the cloud. To successfully move your company to the cloud, it first has to navigate the process of virtualization, while remaining mindful of several other variables. Here are two major factors you must consider if your business is looking to implement a cloud solution.

Integration Considerations
You cannot assume that your company’s mission-critical applications will automatically integrate with every cloud service that’s on the market. Connecting an existing service that you rely on every day with a new cloud service requires testing and special considerations to be made regarding integration requirements. By not first doing your homework about what your new cloud service requires, you’ll put your company at risk of downtime and lost resources from encountering an issue like incompatibility.

The Need for a Reliable Connection
If your business plans on relying on cloud services, you’re going to need a reliable connection. This includes making sure your in-house network has enough bandwidth to support accessing your cloud services at peak hours, as well as a consistent Internet service from your ISP. Often times, companies that make the move to the cloud will upgrade their Internet package before officially switching over, seeing as cloud services are more data-intensive than typical Internet activity. Another component to look into is the connection and uptime of your potential cloud service provider.

Both of these factors must work together flawlessly in order to provide you with a cloud service that enhances the operations of your business. To ensure that your company gets the most out of the cloud and experiences an issue-free adoption of cloud services, give COMPANYNAME a call at PHONENUMBER for professional IT assistance.

Categories
Best Practices

Tip of the Week: Activate These Solutions Now Before You Misplace Your Mobile Device Later

b2ap3_thumbnail_find_your_lost_phone_400.jpg Can’t find your mobile device? If you’ve taken precautions and enabled solutions designed to track the whereabouts of your device, then you’ve got no reason to panic. Of course, hindsight is 20/20, so you’ll want to make sure you activate a phone-finding solution now (while you’ve got your device in your sights).

For an iPhone or Apple Device
If you’re an Apple enthusiast, you can use the Find My iPhone feature to locate any device connected to your Apple account. Log into your iCloud account or download the Find My iPhone app (before you lose your device, of course), which will help you keep track of your devices should you lose them. You can even track where your device is and where it has been. You can even lock the device and send it a message telling whoever finds it how to contact you! 

For an Android Device
Android makes finding your lost device as easy as performing a Google search. If you’re signed into your Google account, and you have your device linked to it, all you have to do is type into the search bar, “Find my Phone.” As long as there’s a device connected to your Google account, you’ll be shown a small map in the search results which shows you where the device is located. You can then proceed to ring the device and find it, if it is turned on and nearby.

For Other Devices
If you lose a more obscure device, you might have a little more trouble locating it. Thanks to a great app called Prey, you can find just about any laptop or smartphone that may be missing. You can install Prey for free on up to three devices. If the thief hasn’t completely wiped your device, you’ll have a decent shot at discovering who has found it. Provided that your device has a Wi-Fi chip, a webcam, and the app installed, Prey can take a picture of whoever has found the device as well as where it is located.

Any devices that have Prey installed on them will automatically issue a report to you every so often, starting at 20 minutes. This can tell you exactly what’s happening with your device. This includes webcam snapshots, desktop captures, program installations, changed files, and so much more. Of course, if you think that maybe someone has just found your device and hasn’t stolen it, you have the option of letting them know how to contact you through various methods. Worst case scenario, you can lock it or remotely wipe it to secure any data located on it.

For more great tips and tricks on how to get the most out of your technology, subscribe to COMPANYNAME’s blog.

Categories
Technology

These 25 Advanced Driver Assistance Systems Help Make Cars Intelligent and Safer

b2ap3_thumbnail_assisted_driving_technology_400.jpg By now you’ve heard of self-driving cars insofar that you understand that there are engineers from all over the United States and abroad working with AI to develop systems that can create safer traffic conditions and cut down on emissions with efficiency. But what you may not know is that there are many drivers concerned at the development and deployment of these autonomous systems.

The Office for the Study of Automotive Transportation at the University of Michigan conducted a study that found that over one-third of all drivers are “very concerned” about riding in a self-driving car, while two-thirds of respondents are “very or moderately concerned”. It doesn’t seem as if the public is necessarily ready for this technology to be deployed; even though there are places where it has been shown to reduce traffic incidents substantially.

A car is many consumers’ “biggest” purchase, and with the car a person drives inexorably tied to their social status, people are not in a big rush to give up purchasing and driving cars without paying much mind for a car’s practical and safety information. With an autonomous vehicle, the driver’s role is now taken over by a computer, a completely terrifying prospect for some folks.

The reality is, however, that these cars are far and beyond more reliable than any human-driven car could possibly be. That’s because the human mind isn’t capable of the accuracy of these computing systems. Today what you see in lieu of full-on automated driving, are car manufacturers using some of the technologies developed for that purpose to improve the manual usage of the automobile. Marketed as advanced driver assistance systems (or ADAS), many newer cars offer some or all of the following options:

How many of these systems have you recognized on your family car?

These options have been slowly implemented as driver-assistance options. By using them incrementally rather than as part of a completely automated system it allows today’s drivers to avoid accidents while still getting the function out of their purchase.

One way that the automotive industry is currently taking advantage of ADAS technology is to have it assist drivers when needed. This is a much different approach than using it to fully automate the entire driving experience, and one that produces some confusion by drivers who are used to doing things a certain way behind the wheel.

Toyota’s “Guardian Angel” program is one example of a major car manufacturer working ADAS technology into a car to improve safety without negatively altering the driving experience. This program has the AI learn the driver’s habits as to give feedback while the car is being driven. Some ADAS options do take over the control of the car in times where motorists typically struggle with the goal to leverage the technology that’s available to improve safety and limit the amount of vehicular-related deaths (currently about 30,000 per year in the U.S.).

One caveat to successfully creating software that aids in the driving experience is that developers have to have an understanding of practical situations to interrupt a driver’s control of the vehicle. The CEO of Toyota Research Institute, Gil Pratt, went on to talk about this very subject to CIO magazine. “Your car may someday warn you several times about a particularly dangerous driving habit you have before taking control of the wheel. Autonomous driving capabilities are measured on a government scale of zero to four, with zero being no automation, and four being fully automated. The focus of most of the discussion among car makers today is how far up the scale they should go and how quickly. There’s a lot of discussion in the industry whether we go incrementally up the scale or whether we jump.”

It is important, especially with the public’s overwhelmingly negative perception of automobile automation, that these features are accurately assessing live situations. Up to 20 of the most visible car manufacturers have accepted this step-by-step approach to automobile automation as published by CIO, “The U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA) and the Insurance Institute for Highway Safety (IIHS) announced earlier this year that 20 automakers have pledged to make automatic emergency braking (AEB) standard on their cars by 2022.”

What are your thoughts? Are you willing to ride in a self-driving car? Can you trust your safety and that of your family to assisted-driving technology? Share your thoughts in the comments section below, and be sure to subscribe to our blog.

Categories
Security

20% of Customers and Revenue are a Lot to Lose From a Single Data Breach

b2ap3_thumbnail_business_data_breach_400.jpg Data breaches are common problems for businesses of all shapes and sizes. In fact, they often have huge repercussions that aren’t initially seen in the heat of the moment. How can you make sure that a data breach won’t negatively impact your business, even well after you’ve fixed the initial problem?

Cisco, for example, claims that out of all companies that experienced a major data breach in 2016, over one-third of them lost more than 20 percent of their customers, opportunities, or revenue. This clearly shows that your business has far more than just data on the line when it comes to cybersecurity. Simply put, by not taking measures to keep your organization secure, you stand to put the future of your business itself at risk.

This makes sense, especially when you consider a consumer’s natural reaction to a poor experience with a specific vendor or brand. If you were a customer at a store that experienced a major data breach (one in which your financial information was stolen), would you still want to shop there? Many organizations will reassure their customers that the vulnerability has been resolved, and some might even offer to make amends for their careless handling of customer data. Yet, sometimes even this isn’t enough to retain customers, and often times, you won’t find this out until it’s too late.

As a small business owner, can you imagine what it would feel like to lose as much as 20 percent of your current clientele? Large organizations might have enough resources and offerings to make the loss seem more manageable, but chances are that a 20-percent loss would be a huge hit for any smaller organization.

Furthermore, it’s likely that such a loss of customers, opportunities, or revenue would affect long-term growth. If your organization loses 20 percent of its customers, that’s not just lost business for you–that’s a whole bunch of customers who won’t recommend your organization to new clients. What’s worse, they may even tell others about your business, but not in the way that you want them to. Before you know it, you’ll have former customers telling their contacts all of the ugly details about their experience with your business, data breaches notwithstanding.

In other words, not only does a data breach represent a loss of revenue, but also a loss of potential resources that could be utilized to further advance your business in the future.

Thus, a relatively small issue could transform into a major problem that puts the future of your business in jeopardy. Cisco also found that the following problems were concerning for organizations that experienced a data breach:

  • Cyber threats in 2016 increased in power and sophistication.
  • Cybersecurity efforts by organizations aren’t able to investigate all of the alerts they get in a single day (56 percent is the average).
  • However, despite cyber attacks growing in complexity, hackers still utilized “classic attack methods seen in 2010.”

Cyber threats continue to evolve into bigger, more dangerous threats that are harder to counter and prepare for. Despite this fact, it’s still your responsibility to make sure that any potential data breach doesn’t spell the end for your enterprise. It’s clear that, in order to guarantee the success of your business’s future, you need to implement powerful and focused security solutions designed to prevent breaches in the first place.

COMPANYNAME can help your business implement technology solutions designed to limit breaches and manage risk more effectively. With a Unified Threat Management device and remote monitoring and management service, you will have little to fear. To learn more, reach out to us at PHONENUMBER.