What you should know about RANSOMWARE

What you should know about RANSOMWARE

Written by Scott Hall on . Posted in Computer Security

Ransomware has become the scourge of the Internet. It’s so common that it no longer makes the news. In fact, it’s predicted that a business will fall victim to a ransomware attack every 14 seconds in 2019. The evolving nature of the threat makes malware attacks very difficult to counter. Regardless of the type of malware, they all have the same objective to encrypt or disable access to the files on a computer, or the network it is part of, and then demand payment for their recovery. Overseas, cybercrime labs often have budgets as large as or larger than the total spend of an enterprise level organization’s annual security budget.

 

Security analysts estimate that most hacking related breaches are because of stolen or weak passwords. Other attack vectors include vulnerabilities exposed in a web application, open or insecure network ports and email-based phishing. These are all sobering data points, whether you’re a large corporation or SMB. The impact of breaches can be highly damaging – monetary payments, lost data, productivity impacts, system downtime during recovery, just to name a few.

 

Although the different kinds of malware attacks have existed for years, the success of the latest generation is due in part to improved techniques. Machine learning and other heuristics help hackers learn about network and people patterns. This is very different from prior automated or cryptologic based methods because skilled IT resources and improved security software can detect and disable, or even prevent these kinds of attacks outright before they cause damage.

 

Ransomware falls into the broad category of malware. The definition of malware is to damage or disable a computer or an entire system. In one scenario of ransomware, the attack disables access to systems by encrypting files. The attacker then demands a ransom in exchange for a key to decrypt the files and regain access. Another scenario in the Ransomware attack is to simply lock one or more systems, so they can’t be accessed. Unfortunately, there’s no single solution that can stop this type of attack, despite many claims to the contrary.

 

This leaves two options in response:

 

The first is to pay the ransom which most all security experts advise against. This could make an organization a repeat target. The second, more realistic option is to use a multi-layered approach to make it more difficult for Ransomware and other attacks to succeed. Implement a security management practice that includes regular patching of all systems, services and software, including network device firmware, like IP security cameras, printers and scanners. Proactive measures reduce the likelihood of an attack being successful but there is no guarantee. Ransomware authors continue to get smarter, and their attack software usually include routines to find and delete or encrypt backups along with primary data. This means organizations can’t rely solely on backups as a response tactic, without taking additional security precautions and measures.

 

Given how many ransomware attacks succeed, educating employees to detect phishing and related attempts to penetrate the network is a must. Strengthening your security management practice with added employee training will help minimize your exposure to malware and maximize your response management. If you’re wondering where to start, SOS can help. Reach out to us today.

Securing the Airwaves: How can the Cloud be better?

Written by Scott Hall on . Posted in Cloud Hosting

data archiving

When establishing your IT environment, either on premise or cloud hosted, all organizations should always give serious consideration to the security. But how secure is the cloud? There’s numerous pieces of hardware in a datacenter where your information is travelling through or being stored. How can it be more secure?

When considering the cloud, the main fact is that while some of the methods and tools used to secure a network and data in the cloud are different as a physical server, the basic principles are exactly the same. Also, because the cloud runs in data centers staffed by experts from numerous technology specialties, data stored there is secured by the best people available in the industry today.

Security in the cloud is achieved through the implementation of technologies, infrastructure, and policies like any other network. Those used to secure datacenters, however, are suited to agile, large-scale environments and are certified by independent third-party auditors. Compliance with these audits show that datacenters are using the best tools and equipment available at the enterprise level that SMBs can take advantage of at scale.

Datacenters can be certified to show they are compliant with HIPAA regulations for systems that handle sensitive healthcare information – this is absolutely necessary for HIPAA-compliant cloud storage. When companies handle information like birthdays, addresses, and credit card data, they are also audited for PCI compliance too.  Any datacenter which has been audited and certified according to these standards absolutely proves it has the procedures and technical acumen to provide the best security to protect even the most sensitive business information.

Firewalls are the de-facto security for any network, including cloud hosted networks. A firewall is a hardware or software system which applies screening and rules to all the traffic of a network. Data passing in or out of your Cloud environment is inspected and filtered by the firewall based on a set of configurable rules, blocking dangerous traffic, and allowing the correct data in. This is what provides the network barrier between your systems and other systems in the data center. The rules governing a firewall must be managed closely, to meet changing threats and maintain security, a process best handled by managed service experts.

Businesses of all sizes, including Enterprise and SMB level, have been using the Cloud for years, and among users of every size cloud hosting is only increasing in every industry. Private businesses and governments are moving workloads of varying levels to the cloud, even with increasingly stringent security needs. This change is driven largely by lower costs, and the increased performance, and agility advantages delivered by cloud computing. A benefit central to this confidence is the realization that service providers offer experience and expertise which are far beyond most organizations, particularly those not dedicated to IT services, network security or data management. Committed, professional management is a major part of what makes any environment secure and efficient, cloud or on premise.

An expert managed service provider like SOS Technology Group provides the most benefit to any business, allowing anyone to benefit from the scalability and low cost of the cloud while providing the leading edge security needed today for any compliance needs. Contact us for a no cost assessment today.

Total Cloud: A Virtual Dream to A Virtual Reality

Written by Scott Hall on . Posted in Cloud Hosting

wi-fi security

Small- to mid-sized business owners enjoying rapid growth face a challenge—how to scale their organizations rapidly without incurring dramatic cost increases to overhead.

One way to meet this challenge is to establish a virtual workforce with a cloud based environment.  With this kind of platform, employees, many of whom might be located across the country, or even around the world, can work from wherever they wish. This eliminates the need for you to lease more office space and constantly move into larger offices as your business grows. A virtual workforce can reduce other costs and could even increase productivity by keeping your overhead expenses low and employees happy.

A sales team and field service team probably already work largely on a remote basis. Hiring other types of employees to extend your virtual team opens up the possibility for hiring more experienced and talented individuals. What’s more, employees are rapidly choosing to work virtually if they can, leading to a direct quality of life increase for employees, and this makes retention of quality people easy.

Some managers think that, in regards to productivity, they can’t measure what they can’t see, but most teams are already collaborating virtually, when using email or instant messaging platforms; they might be in the office next door or in another city. The technology for virtual cooperative work has existed for quite some time. Still, it takes effort to make virtual connections work. It is absolutely critical to promote and foster quality virtual interaction so that no employee is an island. This is a common challenge when organizations move to a virtual workspace, but one that can be addressed with thoughtful engagement during the migration from physical to virtual.

Another key component to a virtual workspace is a consistent environment. An environment that is identical to a physical workstation is preferred, with as little deviation as possible from a traditional PC workstation. A bring-your-own-device policy, with the appropriate cloud infrastructure, is a great way to achieve parity, as each employee is able to customize their work experience to a degree, and maintain a level of comfort and familiarity with their equipment. Windows PCs, MacBooks, tablets or even smartphones – however an employee works best, a virtual workspace can be adjusted to fit their needs.

BYOD, as bring-your-own-device is also known, can reduce overhead, as system requirements are significantly lowered with a virtual desktop and some employees may even agree to purchase their own workstation hardware, if they absolutely need features that are not necessarily provided beyond a baseline minimum requirement.

Cost savings, overhead reductions, consistent uptime and increased employee happiness are just a few of the benefits of going to a virtual workstation environment. Reach out to us today for an assessment of your IT to elevate to the Total Cloud today!

 

The Real Deal on Cybersecurity Failures

Written by Scott Hall on . Posted in Computer Security

A 2018 study revealed that small to medium businesses increasingly face the same cybersecurity risks as enterprise and well-known corporations, but only 28 percent of SMBs rate their ability to mitigate threats and attacks as “highly effective.”

The quantity of breaches and attacks, including malware, phishing attempts and ransomware attacks is steadily rising — with 67 percent of SMBs experiencing a cyber-attack, and 58 percent experiencing a data breach in the last year. Despite that, nearly half of respondents (47 percent) say they have no understanding of how to defend their businesses from these attacks.

As this vulnerability increases, the risk of employees, vendors, and outside contractors causing data breaches or being inadvertently complicit in these attacks is simultaneously increasing — 60 percent of study respondents cited a negligent employee or contractor as being the root cause for a breach, compared to 37 percent pointing to an outside source. Still, 32 percent of survey participants stated that they could not determine the root cause of a breach or attack they experienced in the past 12 months.

40 percent of respondents say an attack occurred with the compromise of employees’ passwords in the past year, with the average cost of each being $383,365. Accordingly, 19 percent more IT and security professionals consider password protection and management to be increasingly critical in 2019 as compared to 2018.

Part of creating an environment that is vulnerable to outside attack is a failure to use strong passwords, two-factor authentication and unique passwords for every website, application and system. These steps are often inconvenient, but have stopped attacks from occurring, limited the intrusion that occurs, and even notifying of a breach before it can actually occur. In this vein, respondents indicated their two biggest password-related pain points are having to deal with passwords being stolen or compromised (68 percent) and employees using weak passwords (67 percent). Almost certainly, this is cause and effect at work. Often, human memory and/or insecure spreadsheets are used to store and protect passwords. Only 22 percent of respondents say their companies require employees to use a password manager. Of the 74 percent of respondents who say password managers are not required, more than half say their companies rely upon unreliable methods to protect passwords.

SMBs, by nature, do not necessarily have the funds or the expert staff to have effective security, and as a result 74 percent of respondents note this as a huge obstacle. The remaining 26 percent of respondents who believe they are ‘highly effective’ at mitigating vulnerabilities and attacks state that the reason for this belief is due to a higher investment in both personnel and funding to adequately face these threats. These companies also dedicate a higher percentage of their IT budget to cybersecurity efforts.

As time progresses and technology evolves, cyber criminals are often ahead of the curve, and companies, no matter how big or small, are only as strong as their weakest link and their ability to react to an ever-changing security landscape. Staying ahead of threats in this area pays untold dividends by fostering a healthy respect for security and the responsibility of being good stewards of consumer data.

 

No Hardware – No Problems

Written by Scott Hall on . Posted in Cloud Hosting

Beginner’s Guide To Cloud Storage

No hardware, no problems

 

Not too long ago, a virtual desktop environment was too cost prohibitive for many organizations. This offering has grown so quickly and become so cost effective that it is a right size for almost every company doing business today.

An SOS TotalCloud appliance acts like a physical desktop, except that it is centralized in a data center and streams to the appliance. The appliance can be just about any physical device with network access, along with significantly lower hardware requirements than business class PCs, for both maximum uptime and maximum service life.

When virtual desktops were first offered, some companies attempted migration without a clear understanding of the impacts to business requirements and true cost. As a result, many of those early adoptions did not succeed. Now, virtual infrastructure is much more refined, with the primary focus shifting to include not only data and security concerns, but also resource consumption, hardware uptime, and usable hardware life cycles. Speaking to that last point, the hardware on an employee’s desk becomes a non-issue: it is simply an almost disposable device, at a price point that matches, as it is basically just ‘streaming’ an active desktop. It’s not doing any real work, since that is taking place in the cloud. With the correct interface, any device, mobile or tablet becomes a consistent workstation for every user.

Applications are the lifeblood of a great many businesses. Whether it’s industry specific software or MS Office standards, software is how everything is getting done. When looking at a traditional desktop environment, all users must connect into the main network to install or update an application, shifting their schedules around the inevitable downtime that comes with either updating existing hardware, or rolling out new hardware & software for a new addition to the team. On the SOS TotalCloud, these changes are being whitelisted, and automatically installed to all users at once on off hours, with no impact to anyone. This same method is used for upgrades as well, so keeping everyone on current versions is seamless, and no longer dependent on expensive and constantly aging hardware.

Hardware expenses certainly add up over time. It’s reasonable to expect to replace roughly a third of existing systems every calendar year on a 36 month warranty-backed lifecycle. At anywhere from eight hundred to a thousand dollars per system, this cost impacts every company’s bottom line. Also included are servers, with an on average 5 year lifespan. The infrastructure required by today’s economy is very impactful, and rarely predictable.

Looking at SOS TotalCloud, these costs reduce dramatically, practically overnight. Say goodbye to the mystery of unanticipated costs. You’ll know exactly how much it costs to replace a TotalCloud appliance, or to bring on a brand new one, ready to go from Day 1, for the same price every time.

 

Fixed costs, 99.9% uptime, reduced IT expenditures without the mystery. SOS TotalCloud works.

 

Tech Headaches? We can help! Contact us now »