How to really stink at security — the 10 DON’Ts of IT security

Maintaining a secure IT network is paramount for any business — especially in a day and age of sophisticated viruses, rogueware, spyware and the many other threats that can compromise the heart of your company.

Unfortunately, many businesses and their employees are simply too busy and tied up with their normal duties of the day that they don’t think much about what they can do to bolster the security of their business’ network. Failing to take the proper precautions can result in a disastrous event that could compromise sensitive data or cause you to lose it completely.

 

Network security — What NOT to do

You don’t have to be an IT mastermind in order to take steps that will help make your company’s network more secure from the many threats it faces. Still, whether out of ignorance or laziness, these very simple things generally don’t get done.

There are some businesses and professionals out there that are simply bad at network and internet security. The following is a top 10 list of practices you should most definitely avoid. Or, if you want to be really bad at security, by all means, proceed.

 

  1. Generic passwords or no passwords

Let’s start out with one of the most common missteps. Leaving passwords as “password” or keeping them blank completely makes it very easy for unintended eyes to access the sensitive data of a business.

  1. Lack of, or no, training

Employees aren’t going to magically know what they should, and should not, be doing to promote IT security. It’s important to rally the staff together and at least go over the basics of IT security.

  1. Failing to update important software

Virus scanners, spyware scanners — these are only effective if they are kept up-to-date. Updates allow the software to constantly fortify any weak areas that compromise its effectiveness.

  1. Reckless internet browsing

Clicking on a corrupted web ad or website can be enough to invite some truly invasive and destructive stuff into a network. Employees all over the network must surf with caution.

  1. Failing to backup information

It’s simply a matter of doing business the right way — all information must be backed up and stored at an offsite location so that, in the event of a disastrous scenario, the data has a better chance of being fully recovered.

  1. Trying to do high-level IT work yourself

Look, we realize that small business owners want to save money, but when IT solutions are not implemented correctly, it’s going to cost a lot more money in the long run if something compromises the network. It’s important to work with competent IT professionals to set up a secure business network.

  1. Relying on out-of-the-box solutions

Consumer-grade products work well enough, but businesses need more stringent security measures. The only way to achieve that is by working with IT professionals that can implement solutions that fit the specific needs of your business.

  1. Failing to test DR plans

It’s important to be prepared for the worst, which is why disaster recovery planning is essential for any business. However, a plan can quickly become obsolete, which is why it must be consistently tested to ensure it remains effective.

  1. Not having a security policy

Or, a business might have a security policy but it is rarely enforced. Businesses need to put a pen to paper on what is expected from employees to promote security and then follow up by enforcing it.

  1. Not recognizing the in-house threat

Talk to many IT professionals, and they will tell you that a business’ own staff serves as the biggest security threat. Now, we’re not trying to make you paranoid about your employees, but it is wise to have safeguards in place to monitor activities and avoid wrongdoing.

 

If you find yourself guilty of some — or most of these — it doesn’t mean you’re a bad business owner or employee. This simply means that you need to get tougher about security in order to protect your business.

DKBInnovative works with all types of small and medium-sized businesses to help them maintain secure, efficient networks. Talk to our team and see what we can offer your business.

 

Stay safe out there!

Keith

KB Signature v2

Ransomware – How to prevent being a hostage to your system

As time passes and technology evolves, viruses and rogueware continue to advance and become more sophisticated. “Scareware” and “ransomware” are two terms that are coming up more and more in offices across the United States.

These are two forms of rogueware that have actually turned into an industry worth over $100 million dollars for the con artists that are behind them. You might be familiar with these tactics — maybe you encountered them and didn’t even know they had a name.

Scareware consists of prompts that appear on your computer, claiming that it has been infected with a certain virus and that the user must call a phone number or submit money online to have it fixed. In reality, there is no virus, but the person on the other end of the phone will gladly take your money to “fix” the problem.

This tactic in and of itself is completely unethical, but nefarious internet users all over the world have upped the ante with additional forms of ransomware.

 

What is ransomware?

Scareware is a more toned down version of ransomware — it’s generally easy to get passed. In some cases, you can just ignore the bogus virus alerts and go on your merry way.

However, ransomware can include some really damaging and disruptive stuff. The following are a few cases.

  • Ransomware can lock up your screen or computer, presenting the user with another bogus prompt about how they either have a virus or it might go so far as to say their computer is in violation of some federal law.
  • Even more invasive, some ransomware can invade your computer and encrypt personal files. As the user, you will not be able to access your own files unless you send payment.
  • Oh, but these online criminals can stoop even lower. In some cases of ransomware, pornographic images or advertisements are embedded on a computer and will only be removed if a payment is submitted.

Almost needless to say, when this form of rogueware strikes a business, it can mean some really bad news. And, that’s what’s happening. Rogueware is considered a growth industry and more and more businesses are faced with it each year.


Ransomware and your business network
Introducing ransomware onto a work computer is as easy as being tricked into clicking on an infected web ad or visiting a certain website. Ransomware can take its toll on a business network in a number of ways.

  • Money spent on ransom
  • Sensitive information may become compromised
  • Network downtime
  • Data loss
  • And more

Many businesses opt to simply pay the ransom to save their companies hours, days or weeks of downtime. They also fear that the sensitive information of their company is at risk.

 

Protect your business from ransomware

Businesses can mitigate the risk of a ransomware attack by taking a variety of measures. Some of these include:

  • Practicing caution when using the internet
  • Implementing anti-virus software and a firewall
  • Having a data backup and disaster recovery plan in place
  • Contacting authorities (this is very much a crime)

 

DKBInnovative works hard to bring security to the businesses that we work with. Our team offers managed IT services that help avoid ransomware and the multitude of other threats on the internet.

Don’t let ransomware plague your business network. Contact DKBInnovative to see if your network is safe.

 

Stay safe out there!

Keith

KB Signature v2

Disaster recovery — Protection against data loss

Picture, for a moment, that your business is hit by a catastrophic incident. Maybe a fire has destroyed your office or your company’s network has been attacked full force by hackers, thus, decimating your system.

How would your business respond? Would it scramble to find the necessary help and resources to recover the lost information? Would there even be any hope that the lost information could be recovered?

The unfortunate reality is that many businesses do face events like this, and they are caught standing flat footed in terms of their data backup and disaster recovery planning. It’s easy to get a plan in place — businesses simply need to find the right partners and be proactive about it.

 

Why is disaster recovery important?

The impact of a disastrous scenario can be profound. In fact, many businesses are unable to fully recover in scenarios like this, which can eventually drive them out of business.

A disastrous IT event can take its toll in a number of ways:

  • Financial costs: These can range from hiring professionals to sift through the wreckage of your network or fines levied for not properly protecting important client information. Without continuity, businesses also lose days, weeks or even months of productivity.
  • Credibility: A major incident of data loss can be a significant blow to a company’s credibility — clients and partners may take notice.
  • Fate of the business: If the scenario is severe enough, these types of situations can prove impossible to completely bounce back from, thus, costing business owners the companies they worked so hard to build.

 

These extreme scenarios might seem incredibly rare. After all, the chances are not significantly high that your building will start on fire or your office will be directly in the path of a tornado, however, it doesn’t have to be something this major to take a toll on businesses.

Accidentally downloading corrupted files, hardware failure, human error — businesses face many different hazards that can lead to significant data loss. These are things that all businesses are susceptible to.

 

Key approaches to any disaster recovery plan

Many businesses don’t think about their disaster recovery plan until it is too late. The most frustrating part about this is that, with a little foresight and thought, any business can be ready for such scenarios.

When a company is designing a disaster recovery program it’s important to take the following approaches:

  • Preventative: Anticipate the potential threats to your network and take measures to mitigate those risks. Always avoid an incident if possible — that should be a no-brainer.
  • Detective: A DR plan should include measures that help expose disastrous events in their infancy so measures can be taken swiftly. An example of this is installing anti-virus software so you can know right away if your network is under attack.
  • Corrective: Then, of course, a DR plan should have steps in place to restore the compromised elements of your network so that your business can maintain continuity.

 

An important piece of DR planning is teaming with the right group of professionals. DKBInnovative has decades of combined experience on staff with technicians that are trained and knowledgeable in creating sound DR plans.

The DKBInnovative team invites all interested businesses to tap into this knowledge and ensure that productivity continues rolling even in the face of a disastrous scenario.

Stay safe out there!

Keith

KB Signature v2

From Me To You: Train Your Employees To Help You Fight Cyber Crime

At some point in your business growth and development you realized that you could no longer work alone and you started hiring. No matter the size of your staff now, because of technology advancements and the influx of now-necessary web-connected devices, those helpful employees could also be the next open door to cyber crime at your company.

If you look around, how many of your employees have smartphones, tablets or personal laptops from home? How many are linked in to your internet connectivity? How many opportunities will be created for criminal marauders to hack into your data because of this? This is a very real daily risk.

Reliable security software usually protects against known malware and ransomware programs, but every new dangerous hack (and there are always new dangerous hacks) relies on deceiving someone into running it. Training your staff and routinely updating that training is key to preventing an invasion through individual personal devices.

Educate Employees About Risks

By establishing this critical education you are working to protect both staff jobs and your business. Usually there is a lack of understanding of risks such as opening attachments from an unknown source. Having well defined internet usage policies is important, but teaching your employees about risks and how to avoid them is even more powerful.

  • When onboarding employees, establish a training protocol for device usage
  • Discuss what risks exist with employees on a routine basis
  • Incorporate ongoing training for employees to keep them refreshed on the topics
  • Have a professional IT company audit your business to see how well trained your employees are

It’s important to ensure you take an aggressive approach to encouraging and educating about these threats. IT threats are not a one-time training session. The risks change frequently. DKBInnovative recently performed a threat recognition audit on our own company. We sent an official-looking email from a third party to our employees asking them to reset their passwords for Microsoft. Even our own techs were fooled by the appearance of the email, and not all caught that the URL they were sent to for password reset was not, in fact, the real Microsoft website. That’s just how good these phishing scams are and how easy it would be for your company to lose data because of well-intentioned but not well-trained employees. DKBInnovative can steer you through the most effective employee training based on today’s most common threats.

Many incidents of online extortion go unreported, but earlier this year the FBI published estimated statistics on the recent costs of ransomware to American businesses. In the first three months of 2016, criminals collected more than $206 million from ransomware scams, on pace to pass $1 billion by the end of the year. Ransomware is a lucrative criminal business, so it’s worth knowing how to protect your business. Train your employees and let them help you defend against internet theft. We are happy to help you with your office internet usage policies and your employee training outlines and your overall business security planning, so give us a call at DKBInnovative.

Stay safe out there!

Keith

KB Signature v2

From Me To You: If Your Business Depends On The Internet, Know This

How costly is it these days to have your internet go down? How impatient are we all when we see “No Service” showing on our smartphones? In today’s business, our consistent connection to the world has become a necessity—and it didn’t take the bad guys long to figure out how to take advantage of that dependence.

“RAA” appears similar to any old ransomware scam. It shows up in your inbox as an email attachment. Once opened, it will scan your computer for spreadsheets, documents, and any business-related files. It locks what it finds with top-notch encryption, then you get a note in Russian demanding that you transfer $250 to RAA’s developer in exchange for the “key” to unlock your files. What makes RAA different is that it was written entirely in something called JavaScript, which is computer code normally meant to run inside the web, in browsers and web apps. Does it seem like an odd choice for a program designed to infect personal computers? RAA unfortunately succeeds because, in the interest of being tightly connected with the web, Windows computers allow JavaScript to run right on their PCs

 Windows allows this by default, because having a device tightly integrated with the web is otherwise incredibly useful and powerful. Our immediate future is already filling up with cars, business electronics, home appliances, even clothing connected via the Web. IT experts call this the Internet of Things. RAA exploits our growing reliance on web-connected technology, for example ransomware could infect a retail business’s cash registers and lock them down until a criminal is paid. Malware designed to target commercial vehicles could shut down a whole web-connected shipping fleet. A criminal could threaten to take over web-connected factory equipment and ruin millions of dollars in materials.

This is not science fiction. Every day we learn of the latest and greatest must-have device that functions through the worldwide web. It’s only a matter of time before criminals find a way to exploit all of them.

What are best practices? Have an IT company that is absolutely on top of today’s newest cyber threats. DKBInnovative is constantly learning both what to look for and how to intercept and/or neutralize threats to your company’s productivity.DKBInnovative is fierce when it comes to prevention, and that’s why we study every day about the newest threats that may soon come our way. We want to know them and know how to defeat them before they show up in our clients’ networks. But you must also always have a contingency plan in case you are infected. Have a reliable backup system in place for your business’s files and equipment configurations. If you can restore mission-critical documents or reset your equipment with a clean configuration, then the criminals have no leverage with which to extort you, and you’re back up and running that much faster.

If you are not sure you’ve done enough to protect all your hard work growing your business, call us and we will talk you through this ransomware phenomenon. We are happy to help you.

Stay safe out there!

Keith

KB Signature v2

From Me To You About Ransomware: It’s Serious

Ransomware can happen to you. In the time it takes to open an attachment, all your company data can be seized, and then you have a choice to make. Do you pay the money to get your data back and if so, has it been copied and/or compromised? How much time do you have to try to do something? How many clients could you lose when they learn you’ve been hacked, or worse yet, how much misery will this hack cause those people who entrusted you with their personal information?

I saw a recent study that showed that cyber crime, data breaches and IT failure were the top three significant risks for today’s business owners. These possibilities are what I think about all day every day in my business—it’s my job to stop all of this from happening to my clients. To that end, my colleagues at DKBInnovative and I spend a lot of time researching and testing and authenticating ways to prevent malware from taking your business down. We want to know all the up-to-the-minute methods that can protect your network from an invasion. We want to know that we have all the layers of security in place, but we also want to have you prepared on how to respond and what actions can be taken.

DKBInnovative believes in a Cisco product called Open DNS Umbrella, which is not a traditional anti-virus tool. When ransomware invades your network it is programmed to “phone home” back to the bad guys to get an encryption key to use to lock down your data. Open DNS Umbrella intercepts this cyber phone call, and the encryption process is stymied. As your IT manager we are alerted that this attack is in progress, but because it has been stalled then we can go to work to eliminate the threat altogether and the crisis is averted. This is one key component in a comprehensive security strategy we help our clients create.

So, from me to you—if you’re not sure what you currently have in place in your network security to prevent ransomware from capturing your company data and demanding money for its release, reach out and let’s talk about it. It’s easy money for the bad guys and we know it’s not going away. I’ll watch your back and you continue to grow your business, and we both get to do what we love best. I’m happy to help you.

Stay safe out there!

Keith

KB Signature v2