RANSOMWARE: Are You Protected? (as published in Dallas Medical Journal, Nov. 2016

You’ve been thinking that your private practice won’t get hacked? Or that your small, rural hospital is totally under the global cyber crimes radar? That there’s not enough monetary value in your database to interest cyber thieves? You’re just wrong. Private Health Information (PHI) is coveted for identify theft and fraudulent payor claims, plus it’s highly regulated and mission critical— a digital goldmine for the army of cybercriminal extortionists operating outside U.S. borders.

The Department of Homeland Security reported in July that there has been an average of 4,000 ransomware attacks per day since January 1, 2016. In the first half of the year, there were four Adobe Flash and Microsoft Silverlight software bugs that, if not patched, opened the door for invasion. For example, a health worker using an EHR Googles the patient’s health condition—and gets ransomware. Keeping up with patching software bugs is just one of the many facets of warding off hack attacks and this battle does not appear to be slowing down: ransomware alone will exceed $1 billion in damages this year.

In fact, the healthcare industry had the highest number of all data breaches reported, suffering 39 percent of all breaches that occurred in 2015, according to Mountain View, Calif.-based cyber security firm Symantec’s 2016 Internet Security Breach Report. In Reston, VA, more than 13,000 patient records were hacked, and the data was encrypted pending payment from this one-doctor dermatology practice. All patients had to be notified that their personal information had been breached. Similarly, the small 86-bed King’s Daughters’ Health hospital in Indiana discovered that a single email infected by the Locky ransomware virus crawled into a server and started encrypting data. KDH immediately powered down its computer systems to protect the remaining data, and faced significant downtime and careful PR navigation as a result. In both cases, healthcare businesses were the losers.

Healthcare organizations, along with small businesses and schools, make good targets for ransomware attacks because they don’t usually have the sophisticated backup systems and other resilience measures that are typical at large corporations. They often begin with an e-mail attachment opened by an unwitting employee. The e-mail launches malicious code that crawls through the victim’s computer system, encrypting and locking up data folders and the computer’s operating system. The cyber criminals demand payment in return for providing the decryption key. Attacks like these often don’t make headlines because the victims understandably don’t want to talk about it, whether they pay or they don’t pay.

“Ransomware attacks are crimes of opportunity,” points out Keith Barthold, CEO of DKBInnovative, an IT management company headquartered in Dallas, TX. “Medical practices in particular are low-hanging fruit for cyber criminals because patient files contain easily sold information such as social security numbers or Medicare particulars.  And attackers know that extortion works when the alternative to paying is often downtime, data loss, bad publicity, and steep HIPAA compliance fines.  The best way to protect the data medical business of any size is prevention.”

“Your level of exposure to potential ransomware can be identified”, says Barthold. “You need to have a professional team who understands healthcare security perform a security risk audit. Risk mitigation to ensure the privacy of your patient information can then be implemented pretty quickly. But you must also realize,” he added, “that technology can change almost hourly these days. What protects your data this week could be obsolete in two weeks. Preventing cyber crime has become a highly specialized endeavor. IT management must stay on the leading edge of security best practices and the solutions available to best keep systems protected. It’s a complicated dance between the good guys and the bad guys. You have to have true passion and absolute devotion to your healthcare clients to keep them protected.”

Contact DKBInnovative at dkbinnovative.com or by phone at (429) 828-2468 for a free list of ransomware prevention tips.

 

DKBInnovative Is One Of The 20 Most Promising IT Productivity Solutions Providers 2016 Named By CIOReview

The prestigious IT industry print magazine, CIOReview, recently listed DKBInnovative, a Dallas-based IT managed services company, in their top 20 Productivity Solutions Providers of 2016. Companies in the list have exhibited in-depth expertise in engineering best-in-class productivity tools.

 Dallas, TX (PRWeb), November 1, 2016—DKBInnovative, a Dallas-based IT managed services company, was recently named as one of the “20 Most Promising Productivity Solutions Providers 2016” in the IT industry magazine CIOReview. CIOReview sees its mission in IT as being ‘The Navigator for Enterprise Solutions.’ “I congratulate DKBInnovative for its achievement in providing secure and highly reliable managed IT solutions for business,” said Jeevan George, Managing Editor of CIOReview. They have consistently provided comprehensive IT strategies that can boost levels of productivity and thus accelerate business objectives. We look for those IT companies who are positively impacting the marketplace.” (See the complete list here.)

DKBInnovative began while its founder and CEO, Keith Barthold, was still advancing and enjoying his 10+ year career at Perot Systems/Dell Services. “IT managed services got real big, real fast,” said Barthold. “From the very beginning of our company we determined that, for us, service and solutions would mean the same thing. Because of the exploding pace of today’s technology, we started by not just thinking outside the box, but also ahead of the box.” Currently DKBInnovative has offices in Dallas and Frisco, Texas. Although their focus is regional, DKB also does work nationally and internationally on behalf of their larger clients.

DKBInnovative offers with its state-or-the-art best practices for outsourced IT managed services the expertise of a virtual Chief Information Officer, or VCIO. The VCIO will participate in the planning, budgeting and implementation for all IT assets in a client’s business—a process that will transform IT for the company users, resulting in greater security and productivity. This has worked well for over 200 medical practices and hospitals, and for dozens of energy, technology, and professional services firms. “Our clients rely on technology as a competitive advantage and business enabler,” states Keith Barthold, “and no one can afford to be interrupted or have their data compromised. You have to think ahead, plan ahead, and be ready for whatever the world throws at you. Forward-thinking IT management is both your winning game plan and your depth on the bench, your most cost effective way to mitigate these company-killing risks. DKB is in this game to win it.”

CIOReview helps organizations find the best-of-breed productivity tools. Their listing of the 20 Most Promising Productivity Solution Providers 2016 provides a look into how these solutions work in the real world and how they shape up against the competition.

See the entire press release here.

Dallas ISD Taps DKBInnovative, Local IT Management and Support Company, For Technology Trends Update

Dallas-based IT management and support company DKBInnovative was asked to present an update on technology trends and threats in a professional development seminar sponsored by the National Academy Foundation, specifically for members of the NAF Information Technology departments in the Dallas Independent School District.

Dallas, TX (PRWeb) October 18, 2016—DKBInnovative CEO Keith Barthold gave his first presentation to the combined National Academy Foundation IT departments from the Dallas Independent School District last week. DKBInnovative is a Dallas-based IT management and support company that specializes in the information technology challenges for healthcare, energy, and professional services industries. “I was thrilled to have the opportunity to present to and interact with the NAF faculty. Technology evolves daily, and we are going to need so many more of those unique students who love to keep constantly learning to stay at the forefront of IT,” said Barthold.

Founded in 1982, the NAF is a non-profit organization whose mission is to partner with existing school systems to implement small learning communities within traditional high schools. Their “academies” focus on STEM infused industry-specific curricula that includes finance, hospitality/tourism, information technology, engineering and health sciences.  “The NAF’s work-based learning strategy affects the growing gap between supply and demand in the technology workforce,” Keith Barthold pointed out. “Cyber security, system networking and the explosion of mobile technology have become integral parts of our everyday lives now. Having a program in the schools that offers non-traditional learners an opportunity to excel in their strengths is already a factor in enhancing and protecting our businesses and our communities.”

Barthold gave his recommendations to the NAF teachers based on his years of being in the trenches with clients, as technology has evolved into being the key to overall productivity. He advised teachers to include an emphasis on soft skills like communication and emotional intelligence, practicing teamwork, learning the value of documentation, and being taught how to troubleshoot, problem-solve, and find and follow the logic of any situation. “Learning how to set, progress with and achieve goals has been huge in the success of DKBInnovative,” noted Barthold. “The goal itself is not the grade. Learning the discipline of how to track progress and how to keep following through is the lesson.”

The NAF reports that some 89,000 students across 36 states have attended their academies, with 98% of their seniors graduating and 92% of graduates going to college. For more information on the NAF, go towww.naf.org, and to learn more about DKBInnovative please visit www.dkbinnovative.com.

About DKBInnovative

DKBInnovative is comprised of dedicated, passionate, and hard-working IT professionals committed to providing best-in-class IT services. Having served 60+ hospitals and hundreds of medical practices, plus dozens of energy and professional services firms, they partner with clients to navigate any and all IT needs including security, network, vendor selection and management, and comprehensive security including HIPAA compliance—with a focus on increased workforce productivity.  Contact DKBInnovative at dkbinnovative.com or by phone at (429) 828-2468 for more information.

See the press release on PRWeb at http://www.prweb.com/releases/2016/10/prweb13766922.htm

 

How to really stink at security — the 10 DON’Ts of IT security

Maintaining a secure IT network is paramount for any business — especially in a day and age of sophisticated viruses, rogueware, spyware and the many other threats that can compromise the heart of your company.

Unfortunately, many businesses and their employees are simply too busy and tied up with their normal duties of the day that they don’t think much about what they can do to bolster the security of their business’ network. Failing to take the proper precautions can result in a disastrous event that could compromise sensitive data or cause you to lose it completely.

 

Network security — What NOT to do

You don’t have to be an IT mastermind in order to take steps that will help make your company’s network more secure from the many threats it faces. Still, whether out of ignorance or laziness, these very simple things generally don’t get done.

There are some businesses and professionals out there that are simply bad at network and internet security. The following is a top 10 list of practices you should most definitely avoid. Or, if you want to be really bad at security, by all means, proceed.

 

  1. Generic passwords or no passwords

Let’s start out with one of the most common missteps. Leaving passwords as “password” or keeping them blank completely makes it very easy for unintended eyes to access the sensitive data of a business.

  1. Lack of, or no, training

Employees aren’t going to magically know what they should, and should not, be doing to promote IT security. It’s important to rally the staff together and at least go over the basics of IT security.

  1. Failing to update important software

Virus scanners, spyware scanners — these are only effective if they are kept up-to-date. Updates allow the software to constantly fortify any weak areas that compromise its effectiveness.

  1. Reckless internet browsing

Clicking on a corrupted web ad or website can be enough to invite some truly invasive and destructive stuff into a network. Employees all over the network must surf with caution.

  1. Failing to backup information

It’s simply a matter of doing business the right way — all information must be backed up and stored at an offsite location so that, in the event of a disastrous scenario, the data has a better chance of being fully recovered.

  1. Trying to do high-level IT work yourself

Look, we realize that small business owners want to save money, but when IT solutions are not implemented correctly, it’s going to cost a lot more money in the long run if something compromises the network. It’s important to work with competent IT professionals to set up a secure business network.

  1. Relying on out-of-the-box solutions

Consumer-grade products work well enough, but businesses need more stringent security measures. The only way to achieve that is by working with IT professionals that can implement solutions that fit the specific needs of your business.

  1. Failing to test DR plans

It’s important to be prepared for the worst, which is why disaster recovery planning is essential for any business. However, a plan can quickly become obsolete, which is why it must be consistently tested to ensure it remains effective.

  1. Not having a security policy

Or, a business might have a security policy but it is rarely enforced. Businesses need to put a pen to paper on what is expected from employees to promote security and then follow up by enforcing it.

  1. Not recognizing the in-house threat

Talk to many IT professionals, and they will tell you that a business’ own staff serves as the biggest security threat. Now, we’re not trying to make you paranoid about your employees, but it is wise to have safeguards in place to monitor activities and avoid wrongdoing.

 

If you find yourself guilty of some — or most of these — it doesn’t mean you’re a bad business owner or employee. This simply means that you need to get tougher about security in order to protect your business.

DKBInnovative works with all types of small and medium-sized businesses to help them maintain secure, efficient networks. Talk to our team and see what we can offer your business.

 

Stay safe out there!

Keith

KB Signature v2

Ransomware – How to prevent being a hostage to your system

As time passes and technology evolves, viruses and rogueware continue to advance and become more sophisticated. “Scareware” and “ransomware” are two terms that are coming up more and more in offices across the United States.

These are two forms of rogueware that have actually turned into an industry worth over $100 million dollars for the con artists that are behind them. You might be familiar with these tactics — maybe you encountered them and didn’t even know they had a name.

Scareware consists of prompts that appear on your computer, claiming that it has been infected with a certain virus and that the user must call a phone number or submit money online to have it fixed. In reality, there is no virus, but the person on the other end of the phone will gladly take your money to “fix” the problem.

This tactic in and of itself is completely unethical, but nefarious internet users all over the world have upped the ante with additional forms of ransomware.

 

What is ransomware?

Scareware is a more toned down version of ransomware — it’s generally easy to get passed. In some cases, you can just ignore the bogus virus alerts and go on your merry way.

However, ransomware can include some really damaging and disruptive stuff. The following are a few cases.

  • Ransomware can lock up your screen or computer, presenting the user with another bogus prompt about how they either have a virus or it might go so far as to say their computer is in violation of some federal law.
  • Even more invasive, some ransomware can invade your computer and encrypt personal files. As the user, you will not be able to access your own files unless you send payment.
  • Oh, but these online criminals can stoop even lower. In some cases of ransomware, pornographic images or advertisements are embedded on a computer and will only be removed if a payment is submitted.

Almost needless to say, when this form of rogueware strikes a business, it can mean some really bad news. And, that’s what’s happening. Rogueware is considered a growth industry and more and more businesses are faced with it each year.


Ransomware and your business network
Introducing ransomware onto a work computer is as easy as being tricked into clicking on an infected web ad or visiting a certain website. Ransomware can take its toll on a business network in a number of ways.

  • Money spent on ransom
  • Sensitive information may become compromised
  • Network downtime
  • Data loss
  • And more

Many businesses opt to simply pay the ransom to save their companies hours, days or weeks of downtime. They also fear that the sensitive information of their company is at risk.

 

Protect your business from ransomware

Businesses can mitigate the risk of a ransomware attack by taking a variety of measures. Some of these include:

  • Practicing caution when using the internet
  • Implementing anti-virus software and a firewall
  • Having a data backup and disaster recovery plan in place
  • Contacting authorities (this is very much a crime)

 

DKBInnovative works hard to bring security to the businesses that we work with. Our team offers managed IT services that help avoid ransomware and the multitude of other threats on the internet.

Don’t let ransomware plague your business network. Contact DKBInnovative to see if your network is safe.

 

Stay safe out there!

Keith

KB Signature v2

Disaster recovery — Protection against data loss

Picture, for a moment, that your business is hit by a catastrophic incident. Maybe a fire has destroyed your office or your company’s network has been attacked full force by hackers, thus, decimating your system.

How would your business respond? Would it scramble to find the necessary help and resources to recover the lost information? Would there even be any hope that the lost information could be recovered?

The unfortunate reality is that many businesses do face events like this, and they are caught standing flat footed in terms of their data backup and disaster recovery planning. It’s easy to get a plan in place — businesses simply need to find the right partners and be proactive about it.

 

Why is disaster recovery important?

The impact of a disastrous scenario can be profound. In fact, many businesses are unable to fully recover in scenarios like this, which can eventually drive them out of business.

A disastrous IT event can take its toll in a number of ways:

  • Financial costs: These can range from hiring professionals to sift through the wreckage of your network or fines levied for not properly protecting important client information. Without continuity, businesses also lose days, weeks or even months of productivity.
  • Credibility: A major incident of data loss can be a significant blow to a company’s credibility — clients and partners may take notice.
  • Fate of the business: If the scenario is severe enough, these types of situations can prove impossible to completely bounce back from, thus, costing business owners the companies they worked so hard to build.

 

These extreme scenarios might seem incredibly rare. After all, the chances are not significantly high that your building will start on fire or your office will be directly in the path of a tornado, however, it doesn’t have to be something this major to take a toll on businesses.

Accidentally downloading corrupted files, hardware failure, human error — businesses face many different hazards that can lead to significant data loss. These are things that all businesses are susceptible to.

 

Key approaches to any disaster recovery plan

Many businesses don’t think about their disaster recovery plan until it is too late. The most frustrating part about this is that, with a little foresight and thought, any business can be ready for such scenarios.

When a company is designing a disaster recovery program it’s important to take the following approaches:

  • Preventative: Anticipate the potential threats to your network and take measures to mitigate those risks. Always avoid an incident if possible — that should be a no-brainer.
  • Detective: A DR plan should include measures that help expose disastrous events in their infancy so measures can be taken swiftly. An example of this is installing anti-virus software so you can know right away if your network is under attack.
  • Corrective: Then, of course, a DR plan should have steps in place to restore the compromised elements of your network so that your business can maintain continuity.

 

An important piece of DR planning is teaming with the right group of professionals. DKBInnovative has decades of combined experience on staff with technicians that are trained and knowledgeable in creating sound DR plans.

The DKBInnovative team invites all interested businesses to tap into this knowledge and ensure that productivity continues rolling even in the face of a disastrous scenario.

Stay safe out there!

Keith

KB Signature v2

From Me To You: Train Your Employees To Help You Fight Cyber Crime

At some point in your business growth and development you realized that you could no longer work alone and you started hiring. No matter the size of your staff now, because of technology advancements and the influx of now-necessary web-connected devices, those helpful employees could also be the next open door to cyber crime at your company.

If you look around, how many of your employees have smartphones, tablets or personal laptops from home? How many are linked in to your internet connectivity? How many opportunities will be created for criminal marauders to hack into your data because of this? This is a very real daily risk.

Reliable security software usually protects against known malware and ransomware programs, but every new dangerous hack (and there are always new dangerous hacks) relies on deceiving someone into running it. Training your staff and routinely updating that training is key to preventing an invasion through individual personal devices.

Educate Employees About Risks

By establishing this critical education you are working to protect both staff jobs and your business. Usually there is a lack of understanding of risks such as opening attachments from an unknown source. Having well defined internet usage policies is important, but teaching your employees about risks and how to avoid them is even more powerful.

  • When onboarding employees, establish a training protocol for device usage
  • Discuss what risks exist with employees on a routine basis
  • Incorporate ongoing training for employees to keep them refreshed on the topics
  • Have a professional IT company audit your business to see how well trained your employees are

It’s important to ensure you take an aggressive approach to encouraging and educating about these threats. IT threats are not a one-time training session. The risks change frequently. DKBInnovative recently performed a threat recognition audit on our own company. We sent an official-looking email from a third party to our employees asking them to reset their passwords for Microsoft. Even our own techs were fooled by the appearance of the email, and not all caught that the URL they were sent to for password reset was not, in fact, the real Microsoft website. That’s just how good these phishing scams are and how easy it would be for your company to lose data because of well-intentioned but not well-trained employees. DKBInnovative can steer you through the most effective employee training based on today’s most common threats.

Many incidents of online extortion go unreported, but earlier this year the FBI published estimated statistics on the recent costs of ransomware to American businesses. In the first three months of 2016, criminals collected more than $206 million from ransomware scams, on pace to pass $1 billion by the end of the year. Ransomware is a lucrative criminal business, so it’s worth knowing how to protect your business. Train your employees and let them help you defend against internet theft. We are happy to help you with your office internet usage policies and your employee training outlines and your overall business security planning, so give us a call at DKBInnovative.

Stay safe out there!

Keith

KB Signature v2

From Me To You: If Your Business Depends On The Internet, Know This

How costly is it these days to have your internet go down? How impatient are we all when we see “No Service” showing on our smartphones? In today’s business, our consistent connection to the world has become a necessity—and it didn’t take the bad guys long to figure out how to take advantage of that dependence.

“RAA” appears similar to any old ransomware scam. It shows up in your inbox as an email attachment. Once opened, it will scan your computer for spreadsheets, documents, and any business-related files. It locks what it finds with top-notch encryption, then you get a note in Russian demanding that you transfer $250 to RAA’s developer in exchange for the “key” to unlock your files. What makes RAA different is that it was written entirely in something called JavaScript, which is computer code normally meant to run inside the web, in browsers and web apps. Does it seem like an odd choice for a program designed to infect personal computers? RAA unfortunately succeeds because, in the interest of being tightly connected with the web, Windows computers allow JavaScript to run right on their PCs

 Windows allows this by default, because having a device tightly integrated with the web is otherwise incredibly useful and powerful. Our immediate future is already filling up with cars, business electronics, home appliances, even clothing connected via the Web. IT experts call this the Internet of Things. RAA exploits our growing reliance on web-connected technology, for example ransomware could infect a retail business’s cash registers and lock them down until a criminal is paid. Malware designed to target commercial vehicles could shut down a whole web-connected shipping fleet. A criminal could threaten to take over web-connected factory equipment and ruin millions of dollars in materials.

This is not science fiction. Every day we learn of the latest and greatest must-have device that functions through the worldwide web. It’s only a matter of time before criminals find a way to exploit all of them.

What are best practices? Have an IT company that is absolutely on top of today’s newest cyber threats. DKBInnovative is constantly learning both what to look for and how to intercept and/or neutralize threats to your company’s productivity.DKBInnovative is fierce when it comes to prevention, and that’s why we study every day about the newest threats that may soon come our way. We want to know them and know how to defeat them before they show up in our clients’ networks. But you must also always have a contingency plan in case you are infected. Have a reliable backup system in place for your business’s files and equipment configurations. If you can restore mission-critical documents or reset your equipment with a clean configuration, then the criminals have no leverage with which to extort you, and you’re back up and running that much faster.

If you are not sure you’ve done enough to protect all your hard work growing your business, call us and we will talk you through this ransomware phenomenon. We are happy to help you.

Stay safe out there!

Keith

KB Signature v2

From Me To You About Ransomware: It’s Serious

Ransomware can happen to you. In the time it takes to open an attachment, all your company data can be seized, and then you have a choice to make. Do you pay the money to get your data back and if so, has it been copied and/or compromised? How much time do you have to try to do something? How many clients could you lose when they learn you’ve been hacked, or worse yet, how much misery will this hack cause those people who entrusted you with their personal information?

I saw a recent study that showed that cyber crime, data breaches and IT failure were the top three significant risks for today’s business owners. These possibilities are what I think about all day every day in my business—it’s my job to stop all of this from happening to my clients. To that end, my colleagues at DKBInnovative and I spend a lot of time researching and testing and authenticating ways to prevent malware from taking your business down. We want to know all the up-to-the-minute methods that can protect your network from an invasion. We want to know that we have all the layers of security in place, but we also want to have you prepared on how to respond and what actions can be taken.

DKBInnovative believes in a Cisco product called Open DNS Umbrella, which is not a traditional anti-virus tool. When ransomware invades your network it is programmed to “phone home” back to the bad guys to get an encryption key to use to lock down your data. Open DNS Umbrella intercepts this cyber phone call, and the encryption process is stymied. As your IT manager we are alerted that this attack is in progress, but because it has been stalled then we can go to work to eliminate the threat altogether and the crisis is averted. This is one key component in a comprehensive security strategy we help our clients create.

So, from me to you—if you’re not sure what you currently have in place in your network security to prevent ransomware from capturing your company data and demanding money for its release, reach out and let’s talk about it. It’s easy money for the bad guys and we know it’s not going away. I’ll watch your back and you continue to grow your business, and we both get to do what we love best. I’m happy to help you.

Stay safe out there!

Keith

KB Signature v2