Category

Data Security

The Biggest Ransomware Threat is Coming

By | BDR, Data Security, Ransomware

 

We have all seen ransomware become more sophisticated, regardless of where we live or work. And the cyber assaults seem to be never ending. Just as security and protocols are developed to keep your network secure, hackers use ransomware to go after educational institutions. As colleges and high schools work quickly to develop offsite backup and recovery solutions to protect them from having to pay ransoms in order to access their data, government offices became the target. Even as technology has made us more efficient and more capable, it has also made us more vulnerable when we don’t implement the right solutions to protect our homes and businesses from these types of attacks. And the biggest threat from ransomware is yet to come: infrastructure threats.

Consider what has happened so far:

  • Hospitals and other medical facilities are being targeted. In 2016, hospitals were specifically targeted using Locky ransomware, with one LA hospital paying a $17,000 bitcoin ransom to access their files.
  • Utilities are at risk. In April 2016, the Lansing Board of Water & Light (BWL) in Michigan was the victim of a ransomware scheme that has cost the utility nearly $2 million.
  • Guests held hostage. In a unique display of cyber hacking, a luxury hotel in Austria was forced to pay an $1,800 bitcoin ransom after hackers accessed the hotel room keycards and locked the guests out of their rooms.

It’s likely that the next threat will be even more insidious, as hackers develop methods for compromising entire systems. Georgia Institute of Technology, recognizing the risk to programmable logic controllers (PLCs), developed ransomware with which they could take control of a simulated water treatment plant, gaining access to PLCs to control valves and additives, and even create false readings. While this was a simulation designed to help understand how to prevent an attack, the risk is real.

Act Now to Prepare for a Ransomware Attack

Businesses of all sizes and in all industries, government entities, schools K-16 and beyond, and individuals must all do their part to prevent ransomware. We must become far more selective about the emails we open, read, and forward, giving special attention to the links we click and the attachments we open. We must invest heavily in better security, from virus software to endpoint detection. We must all take steps to thwart hackers.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to their advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Ransomware is Not Going Away, but BDR Will Keep You in Business

By | Data Security, Email Security

ransomwareRansomware attacks continue to outpace cybersecurity efforts, threatening your organization’s most essential files. Thousands of employees, users, and clients click links and download files in emails, and no matter how cautious you urge them to be, a single toxic file is capable of bringing down your entire network. Ransomware remains a threat, but your business can still employ its best defense and avoid a worst-case scenario.

Data is key to the success of your business

Businesses today rely heavily on data, but many of these businesses continue to operate without crucial protection. According to Datto’s State of the Channel Ransomware Report 2016, ransomware attacks on small businesses are becoming more frequent; 91 percent of the managed service providers they surveyed reported clients victimized by ransomware. Furthermore, findings indicated that the most common impact of ransomware was not simply loss of data, but business-threatening downtime that crippled productivity.

How do you convey to every single employee what ransomware looks like? How do you teach every client to not fall prey to a scam? You can start with educating and training employees about good security practices, urging them to download the thinkCSC email security guide. But training is not enough to protect your data from ransomware.

Backups can save your business

So what can your business do to protect itself? Backup and Disaster Recovery (BDR) is the best – and possibly only – protection against ransomware. If budget constraints are your main concern, then realize that the cost of implementing BDR is miniscule compared to the financial impact of an attack. Datto’s Ransomware Report estimates down-time costs at $8,500 per hour, which adds up to $75 billion per year. BDR allows you to:

  • Automatically back up and store data
  • Minimize downtime quickly after an attack
  • Avoid paying ransoms if an employee inadvertently introduces ransomware into your network

BDR makes it easy to maintain several copies of your data; as well, you can backup and store your data somewhere physically separate from your network. With the assistance of a managed service provider, your business can take extra steps for protection:

  • Testing backups to ensure that data is recovered properly
  • Manage passwords and user permissions
  • Take all necessary steps to ensure that your cyber security practices are air tight

Good cyber security practices involve steps that do more than try to avoid ransomware. Recognize that no matter how many layers of security you implement, there is virtually no fail-safe measure to safeguard against ransomware attacks. Ransomware is insidious in its ability to continue evolving to better dupe unsuspecting recipients into clicking a link or downloading a file.  Rather than gamble with the security of your data in the hope that it will never happen to you, be prepared with offsite backups that house and maintain all your sensitive data. BDR is a peace-of-mind measure that could save your business. Contact thinkCSC to learn more.

IT Security, Strategy, and Infrastructure – A Look Ahead

By | Cloud Services, Data Security, Managed IT Services

the-future

For most organizations, preventing, detecting, and overcoming cyber threats will become a necessary factor in every business function. With billions of devices connecting to and sending data through the cloud, viable artificial intelligence becoming a reality, and businesses relying on APIs to deliver better customer experiences, security will take a front seat in every business decision. Here’s a look ahead:

Internet of Everything

By 2020, it’s predicted that there will be billions of devices, appliances, cars, and other objects connected to the internet, speeding data around the world at a rapid pace. This phenomenon is referred to as the Internet of Things, or IoT. No industry will be left untouched by IoT, from agriculture and healthcare to manufacturing and government. Gartner estimates that there will be 25 billion of these smart devices – smart cars, smoke detectors, thermostats, industrial robots, traffic lights, medical devices (many implanted), public transportation, and refrigerators – communicating personal data to and through the cloud. Everything we do, from stopping at the store on the way home from work, to managing our health, will be facilitated by IoT. For businesses that will be developing or selling smart devices, the most critical component of the process will be maintaining the highest possible level of security to protect the data that will be continuously transmitting back and forth. This means not only developing products with built-in security but also ensuring that the gateways that connect the devices are equally secure.

Artificial Intelligence

Artificial intelligence, or AI, is the development of machines and robots with the humanlike capability of making decisions and handling tasks typically performed by humans. While advancements in AI have been occurring for the past few decades, it’s never been more ubiquitous. Scientists predict that artificial intelligence will not only make the world safer, by providing robots that can act as first responders during crises, but that the ability of humanized computers to learn more quickly how to save us from climate change, poverty, and other global challenges will increase exponentially. AI will likely even improve the lives and longevity of humans, as implants and other medical uses of AI become more prevalent. As with IoT, AI must be developed with the idea of security in mind. We don’t need a team of robots who can be hacked and controlled by cyber criminals. At the same time, artificial intelligence may take center stage in improving cyber security.

 

API Management

According to Forrester Research, companies will spend more than $3 billion on API development by 2020. An API – application program interface – allows your customers to access specific data or interface with specific components of your website. A doctor’s office might use an API to allow patients to schedule appointments online; a social media company might use APIs to access Twitter to generate monthly reports. All of this back-channel communication is crucial to delivering the best experience to your customers, regardless of industry, but it also highlights the importance of implementing serious, multi-layer security and detection to protect your organization and your data.

An Ongoing War on Cyber Threats

For most organizations, preventing, detecting, and overcoming cyber threats will become a necessary factor in every business function, and IoT, AI, and APIs will only make security more necessary. Yet even without these technological developments, the security of every organization is continually threatened. From email security to the physical security of structures, cyber threats are a growing risk. It will continue to be an ongoing battle, in which new security protocols are developed and cyber criminals become more sophisticated in their ability to circumnavigate these safeguards. The human element – employee training, limited access, strict and enforced policies – will play an essential role in the success or failure of these efforts.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Protect Your Investment in Your Business: Invest in IT Security

By | Data Security

lock up your dataWhen you close your business for the night, you power down the equipment, turn off the lights,  and lock the doors as you leave. You don’t assume that no one will consider entering through the back door to steal merchandise or damage assets. You make sure that no one can get into the building; you may even have an alarm system and physical security in place to protect your organization.

So why, then, do organizations leave their IT networks vulnerable to attack when they are taking steps to protect valuable data?  Why do they leave their virtual back doors open to hackers? Unfortunately, many businesses do exactly that: They take some steps to protect their IT networks while ignoring other risks completely.

Here are some things to consider when it comes to IT security and protecting your business.

Don’t Just Lock Your Doors – Lock Up Your Data

Your data is the backbone of your business. Whether you’re storing client files or proprietary information about your operations, you need to keep your data safe. How? Take these 8 steps now:

  1. Develop and strengthen policies regarding who has access to your data. Use strong passwords, limit who is allowed access to certain data, and address employee departures immediately by revoking access.
  2. Require every employee to use strong passwords, and require those passwords to be changed regularly.
  3. Employ layers of security, beginning with firewalls and virus protection, but also include threat detection, malware filters, and remote wipe capability.
  4. Back up data early, often, systematically, and offsite.
  5. Develop strict mobile security policies, and engage mobile protection that works whether you are securing your device or those of your employees.
  6. Provide ongoing training to employees to help prevent the biggest risk – human error. Download our email security guide to help you get started.
  7. Use enterprise-level data sharing solutions, such as SyncedTool, rather than Dropbox.
  8. Use sender policy framework and hosted email to limit the risk of phishing and spoofing.

Backup Data Early, Often, Systematically, and Offsite

Yes, this is redundant. But redundancy is often good and data backup is that important. If you have your data backed up offsite and you do it regularly, you’ll always have access to the information you need to operate your business – even if you inadvertently do leave the back door unlocked and someone breaks in and steals everything. Or your building burns down. Or an employee clicks on a link and installs ransomware across your network.

You wouldn’t leave the cash register open or the back door unlocked at your physical location, and you always do what you can to mitigate risk, by insuring your business against loss, adding security, locking doors, and more. Doing the same for your digital assets only makes sense. Your IT security investment is insurance against loss, protecting your business and ensuring that it remains profitable.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Security Concerns Will Drive IT Security Spending Over $100 Billion by 2020

By | BDR, Business, Data Security, Email Security, Managed IT Services

IT SecurityFor many years, organizations have argued that security budgets are already stretched to the max and that there is no more room for increased security. With costly security breaches impacting governments, social media platforms, the IRS, and more small and mid-size businesses than we can count, the investment in security suddenly seems like the least expensive option.

IT Security vs. Security Breach

Whether you increase your spending on IT security or simply find a better way to spend your budget, one thing is certain: what you spend on IT security is a predictable, planned cost that doesn’t send your shareholders into a panic, doesn’t make your customers question their loyalty, and doesn’t put you out of business. A security breach, on the other hand, can result in fines, lawsuits, costly recovery, and a loss of customers.

If your organization has decided to increase IT security, how do you make sure you’re getting the most out of your investment? We recommend focusing on these areas:

Email Security

Email is still one of the most popular ways for hackers to penetrate your security, because all it takes is one email on one employee’s system compelling them to open an attachment or click on a link to create a breach that will affect your entire IT infrastructure. People will always be the weakest link in security. Sender policy framework protocols, hosted email exchange services, and ongoing employee training are all essential. Download our email security guide to help your employees think before they click.

Endpoint Security

Every device that touches your network needs to be secure, whether it’s an employee-owned cell phone, vendor equipment, or a field tech’s laptop. It is crucial to identify every remote device that might potentially connect to your network; have a way to both detect that connection, protect that connection, and eliminate the connection if needed.

Threat Detection

Enterprise threat detection uses predictive analytics on a powerful and global scale to recognize and block threats before they happen. Rather than relying on end users to determine the safety of a file or a site, it uses intelligence to stop threats by preventing malware-infected devices from connecting and by blocking phishing sites.

Backup and Data Recovery

Unless you want to be permanently locked out of your data or forced to pay a ransom to restore access, having an offsite backup and recovery service is essential. The email security, endpoint security, and threat detection efforts you implement will prevent many of the ransomware attempts from getting through, but all it takes is one employee clicking on one link in one email that sneaks through to create havoc.

Effective network security that keeps your IT environment efficient and stable is about applying layers. The initial layer is a solid backup and recovery solution, protected by an antivirus solution, and then guarded by a firewall. Enterprise threat detection, email security, and endpoint security are the shields that head off attacks on your business before they happen. It’s more than peace of mind: It’s good business sense.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Cybercriminals are Going Phishing for Your Data

By | Data Security

cybercriminals are phishing for your dataEmail may not be a popular communication form for millennials and younger generations, but it is still one of the most-often-used technologies in business. Collaborating, sending information and files, and working remotely are made possible with email. Email, however, is also what makes it possible to trick your employees into wiring $300,000 to a hacker in East Asia, revealing the credit card numbers of every customer who has ever shopped with you, or delivering the social security numbers of every employee in your organization. And just when you think you’ve outsmarted cybercriminals and have a handle on phishing issues, a single employee clicks on a link and invites ransomware to invade your network.

No business is immune – businesses of all sizes and in every industry have reported phishing attacks. Avoiding these attacks requires more than just telling employees to be careful; it requires ongoing training and regular reminders, combined with layered security designed to detect and thwart attacks.

Improve email security

Prevent as many phishing emails as possible from even landing in employees’ inboxes, by implementing a hosted email service. In addition, develop a sender policy framework that makes it less likely for spoofed email to work. Better email security is an essential first step in thwarting phishing attacks.

Implement layered security

Carefully layered detection and security protocols can make it much more difficult for cybercriminals to hack your database. Consider how and where your data is stored and accessed; running files from desktops, USB sticks, or external drives can leave you without a safety net. Enterprise file sync software, such as SyncedTool provides a secure way to access data from anywhere. Backups of your data should also be stored offsite and protected with a comprehensive backup and recovery (BDR) solution. In the event of an attack, a managed services provider can perform a mass revision restore to the point in time before the attack.

Train and retrain (and train them again)

The only way to prevent phishing attacks from succeeding is for every employee to be vigilant at all times. Establish policies that require wire transfer requests to be verified by phone and approved by at least two people. Have a no-tolerance policy for clicking on unverified links or opening unknown files. Provide ongoing training to your employees and reminders about phishing techniques.

Download the thinkCSC email security guide.

Email security must be a top concern for every business. Take the necessary steps to protect your organization. Minimizing your risk is easier when you align your business with a trusted managed IT service provider that partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet your needs. For more information, contact us today.