Category

Data Security

Small Businesses Are a Big Target

By | Data Security, Email Security

cybersecurityA tech startup in New York lost over a million dollars after they were hacked. Prior to that, the startup had recently earned a lot of money in a funding round. But as soon as the cash had hit their bank account, it was gone, ready to be sent off to bank accounts in Russia, China, and Turkey. This cyber heist was pulled off using software that observed the keystrokes of the CFO and comptroller, which allowed the hackers to obtain banking credentials and then steal the money.

While we would love to say this was a rare occurrence, the truth of the matter is, smaller businesses and startups are a favored target for cyber criminals. Why? Hackers used to target big businesses, but as bigger businesses began to recognize the importance of investing in multi-layer, comprehensive IT security, hackers have turned to smaller businesses that can’t afford (or think they can’t afford) to have the best cyber security.

If you:

  • Operate a business of any size
  • Work with privileged client information
  • Have proprietary business dealings
  • Conduct any financial transactions online
  • Use email to conduct business
  • Store files on your computer system
  • Use a mobile device to access information
  • Connect to public WiFi

– then you are at risk, and so is your business.

Take these steps NOW to protect your business:

  1. Identify where the most important information for your business is stored. Make sure you have automated, off-site backups occurring regularly to make sure you don’t lose information. Make sure whatever is stored locally is protected.
  2. Limit information access to only those who truly need it, and make sure everyone who works with you is trained and regularly reminded about the risk of phishing attacks, ransomware, and malware.
  3. Address security from multiple directions. Yes, you need firewalls and virus protection, but you also need email security, malware detection, and security for every device that is used to access your business.
  4. Take security seriously. The “it would never happen to me” mentality is costly.

It only takes a moment for a criminal to access your data, steal your clients’ personal information, or walk away with your million-dollar investment. Thwart their attempts with a serious and considered look at your business security.

Cybersecurity should be a top concern for every small business owner, and taking the necessary steps to protect your organization must be a priority. Minimizing your risk is easier when you align your business with a trusted managed IT service provider that partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet their needs. For more information, contact us today.

The Argument for Endpoint Security

By | Communication Security, Data Security, Email Security

endpoint securityAn organization is only as secure as its weakest access point, and certain endpoints – smartphones, laptops, and other portable devices that are often connected to public WiFi hotspots or are apt to be lost – are a weak spot for most organizations.

Endpoints are an easy target. Endpoint security is designed to thwart the most common risks these devices present, by detecting and blocking malware, as well as reducing vulnerabilities while ensuring a sensible balance between protection and user access.

Does Your Organization Need Endpoint Security?

Does your company use mobile devices? Do your employees have the ability to take these devices offsite and off-network? Would a data breach cost you customers, downtime, or lost business? If you answer yes to any of these questions, then endpoint security is something your organization should consider.

Endpoint Security and Phishing Scams

Email security is a challenge for every organization. Your employees, whose split-second decision to click on a link or open a file puts you at risk – are part of the solution. But can endpoint security help you prevent phishing attacks? As part of an overall strategy to implement multiple layers of security designed to block as much malware as possible, endpoint security can work at the device level by:

  • Requiring security and monitoring software that can detect rapid file encryption, even on employee-owned devices used for work
  • Making sure all operating systems used on devices are fully patched and up to date
  • Whitelisting apps
  • Implementing analytics that rapidly detect and block threats

Threats from phishing emails and malware, such as ransomware, worms, and bots, are a constant threat. Proactive measures must be taken to prevent existing and emerging threats, not just on your network and servers but at every point of access as well as through employee training and consistent reinforcement.

As cybersecurity remains a top concern for business leaders in every industry, taking the necessary steps to protect your organization becomes a high priority. Minimizing your risk is easier when you partner with a trusted managed IT service provider who partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet their needs. For more information, contact us today.

Take Steps Now to Protect Your Business against Ransomware

By | Data Security

ransomware2Ransomware is a vicious form of malware that locks users out of their systems, forcing them to pay an often exorbitant fee to regain control of their data. Some ransomware, like CryptoLocker, actually encrypts files so that they cannot be accessed without paying the ransom. Often, paying the ransom will not guarantee that you will regain access to your data. The only solution is to prevent the attacks whenever possible. Without the right security in place, it is very easy to fall victim to ransomware, and recovering from such an attack can be costly.

Common Sense Steps to Deter Ransomware

If anyone in your company has already been infected by ransomware, immediately disable system restore and run an anti-malware detection scan to remove ransomware files. To prevent ransomware from gaining access to your data and impacting your business, be sure to:

  • Back up files regularly
  • Install patches and security updates immediately when they are available
  • Scan systems regularly for malware detection and removal
  • Implement strong email security, antivirus, and firewall protection

Avoid Ransomware with Smarter Security Measures

Ransomware attacks can be avoided with carefully layered detection and security protocols that make it very difficult for hackers to break in. Organizations must also be cautious about where and how data is stored and accessed. Running files from desktops, USB sticks, or external drives can leave you without a safety net. We recommend the use of an enterprise file sync software like SyncedTool from which files can be accessed and used. Alternatively, organizations can operate using hosted desktops where the file data is stored offsite and protected with BDR.  In either case, if there is an attack, your managed services provider can perform a mass revision restore to the point in time before the ransomware encrypted the files.

Don’t Ignore the Need to Educate Staff about Ransomware

It is imperative that you train your staff to be alert when opening attachments in emails. Take extra precaution when working with email links and attachments. There are three fundamental questions you should ask yourself before opening any message:

  1. Do I know the person who sent me this message?
  2. Am confident that I know the nature of the attachment or link?
  3. Am I expecting this attachment or link, or is this an attachment or link that I regularly receive from this person?

If you can’t answer all of those questions in the affirmative, then it’s best to err on the side of caution and reach out to the person via phone or follow-up email to confirm the nature of the message.

At thinkCSC, we take your security seriously, so please take a moment to review our email guidelines with your staff. We regularly receive reports of spoofed emails that appear as internal communications and may contain attachments or links containing malicious malware or ransomware. Don’t let an innocent click of the mouse leave your organization in shambles. Be proactive and take steps to protect your company today. To learn more about having  the right layers of security in place to protect your organization from these vicious attacks, contact thinkCSC.

Prepare Your Business for Power Outages

By | Data Security

There are many disasters that can cause power outages, from traffic accidents that disrupt local power, to major storms that wipe out power in whole regions. Regardless of the cause of a power outage, the downtime alone can be very costly to your business. And if you aren’t prepared for power outages, the loss of data can be as equally debilitating.

Nationwide, power outages have been occurring at accelerated rates over the last 15 years. In part due to aging infrastructure, and in part because of increased demands on power grids, the number of power outages is six times higher today than it was 15 years ago.

Power Outage Map, 2000-2015

Power outages happen suddenly and without notice. To protect your business from the costs and disruptions associated with a power outage, you should have on-site power backup solutions. At the physical location of your organization, you may want to have generators or other backup power supplies to which you can immediately switch if the power goes out. This will ensure that you can continue operating and delivering services to your customers; however, the long-term cost of supplying your own power can be very high.

Your organization should also have off-site backup and data recovery solutions in place, to protect data. This will ensure that even if the power is out for an extended period of time, or you are forced to move to a different location, you will still have access to the essential business data you need to continue operating.

Preparing for Power Outages

  • Identify critical utilities, including electric, gas, water, and internal sewer systems that might be impacted
  • Identify systems impacted by power outages, including security, alarms, elevators, heating, and ventilation systems
  • Identify operational equipment that may be impacted, including voice and data communication systems, servers and their cooling systems, and computer networks

Safety must be the primary concern in any emergency. Once you’ve ensured the safety of all personnel, consider the power outage impact to the following areas:

Communication: Alternate communication channels should be available to ensure your ability to reach key personnel in case of emergency.

Supply Chain: Arrange for alternative vendors who can meet supply needs when primary suppliers cannot.

Personnel: Determine those personnel who are essential to the operation during times of extreme emergency and who will be active during your recovery operation.

Data and servers:  In addition to having on-site power backup solutions, every organization should move mission-critical IT infrastructure into the cloud to ensure accessibility and to aid in recovery.

Power outages can have an enormous impact on your organization’s ability to remain functional. Internal and external backup solutions are critical to business continuity. thinkCSC provides customized power solutions, reliable off-site backup, and even fully hosted solutions to meet every organization’s needs. Contact us today for more information.

5 Reasons You Need Something More Secure than Dropbox

By | Data Security

it-health-tn

Dropbox has over 300 million users, and while the company has made serious efforts to increase the level of security and make their service more corporate friendly, the fact remains that security continues to be an issue.

If your business is considering adopting Dropbox for offsite file sharing and storage, thoroughly assess these risks first:

  1. Dropbox puts your sensitive information at risk. When sharing files or a folder through Dropbox, the link generated is a public URL that anyone can use. Even if you share the link privately, that person might forward it, may have little or no security on their email, or may simply be unaware of the risk. The link generated is not encrypted or protected in any way.
  1. Dropbox offers no retention of historical data. After 30 days, deleted files, any revision history, and other oft-needed data is deleted from Dropbox. For many businesses, especially ones that must follow specific rules for financial reporting, this lack of retention can put the business at risk of being out of compliance.
  1. Dropbox lacks encryption strength. Dropbox drops the ball on security when it comes to encryption, which is one of the most essential safeguards against hacking and security breaches. Dropbox does not provide a method for users to encrypt their own data.
  1. Dropbox deduplication technology is invasive. In an effort to reduce storage costs, Dropbox employs deduplication technology that recognizes if you’re uploading something someone else already uploaded, but the technology puts your operation at risk. Deduplication saves Dropbox money and you time, but the cost is too high.
  1. Dropbox may not be there if you need them. Dropbox does not offer live support, and the company has a history of security breaches, including one in 2012 that exposed Dropbox employee accounts and gave hackers access to customer email addresses, and another in 2014 in which a Dropbox outage caused errors in syncing.

At thinkCSC, we help businesses ensure they have the highest protection against security risks inside and outside of the company. One of the easiest ways to improve your security is to switch from consumer-grade storage services to enterprise-grade solutions. That’s why we’ve partnered with Anchor to provide SyncedTool.

One of the primary benefits of SyncedTool is that if you do have a functionality issue, you can call thinkCSC. A stranger isn’t hosting your data anymore, a neighbor is. Other offsite data hosting services may be free, but in the end, you get what you pay for. SyncedTool is an investment worth considering, empowering your teams to better collaborate without sacrificing security and compliance. When choosing between Dropbox and SyncedTool, there is only one choice.

Phishing Takes Advantage of Your Weakest Security Link

By | Data Security

phishing2Phishing is one of the most insidious data security threats to an individual and a business, taking advantage of your weakest security link: people. Phishing is the attempt to obtain personal and business security information by pretending to be a legitimate email communication from a trusted source.

Here’s a recent example of just such a communication that came in to our lead network engineer, Henry:

From: Apple Global Service Exchange <gsx_reply@apple.com>
Date: March 16, 2015 at 6:15:16 PM EDT
To: Undisclosed recipients:;
Subject: Your GSX account need update.

phishing

On the surface, the email looks legitimate and might immediately cause alarm to the recipient. But were you to click on “check your account,” the link would not take you to Apple; instead, it would take you to laflores.net, a website that looks like an exact replica of the Apple sign-in page. Had Henry fallen for the email and entered his information, laflores.net would have his Apple ID, access to whatever account information he had stored there, and possibly enough information to do real harm.

This is an example of a classic phishing attempt. From fake GSX requests to warnings from your bank that your account has been compromised, thereby encouraging you to log in and change your password, every individual who is duped into responding to one of these messages is putting personal and company information at harm.

How Can Your Business Protect Itself from Phishing?

The most important step you can take to protect yourself from phishing, or any cyber-attack, is to have the best network security and enterprise threat detection available. But as you can see from the email that Henry received, phishing emails are still going to reach your employees, so the other effort business leaders must make to protect themselves is to train employees to recognize and reject these emails.

Anti-Phishing Guide

Cybercriminals are insidious and will prey on fear. While emails are most common, pop-up messages warning you that something is wrong will also be used to create enough fear to get someone to click on the links. Some cybercriminals will even phone you to perpetrate the scam.

Teach your employees to watch for these indications of email phishing:

  • The email may not address you personally or refer to your specific user name.
  • The link will look legitimate on the surface but the url will go somewhere other than the company marketed. Hover over the link (without clicking) to see the actual URL. The link may even be very similar to the actual company URL, so be cautious. Rather than click the link, open a new browser and manually type in the actual link of the website in question if you need to check your account status.
  • Many phishing emails will contain syntax or grammar errors. They may have spelling mistakes. If you look closely at the sample above, you’ll see the grammar is off and there are punctuation errors. A professional organization would not send something like this.
  • The email may have a threatening overtone, making it seem that urgent action is required to protect your account.
  • Cybercriminals may even call, pretending to represent the company in question, then ask you for personal information in order to access your account. Most legitimate companies will not make outgoing calls to solicit this information. Hang up and call back to the company’s legitimate support number to verify.

Humans are easy targets because our emotions can be manipulated. A level of skepticism is required in order to keep your personal and business security intact. When in doubt:

  • Don’t click a link
  • Don’t open a file
  • Don’t provide personal information
  • Don’t download anything from unknown sources

Feel free to use this guide with your employees. If you are concerned about your business network security, contact thinkCSC to learn more. 

IT Trends – 2015 Edition

By | Data Security, Managed IT Services | No Comments

Crystal BallLast year we predicted several IT trends that are, for the most part today, standard operating procedures for most businesses. From VoIP to secure collaboration using Enterprise File Synchronization and Sharing, the big focus last year was the shift away from legacy processes and applications, with the gradual adoption of access-anywhere, work-anywhere work tools that didn’t compromise security.

This year we predict nearly every operational focus trending in IT will have something to do with security. IT security is the trend of 2015.

In fact, the biggest trend of 2015 will be the acknowledgement that no business is secure. No business – from the one-man work-at-home freelancer to the largest international corporation – is immune from incident. If you use technology and access the internet, whether from a smartphone or through applications on a bank of servers, you are a potential target for malware, cyber-attacks, viruses, natural disasters, and other business-disrupting issues.

Managed IT

Managed IT services, while not a new trend, will take center stage for even more companies because the need to maintain state-of-the-art equipment and have access to offline backup and disaster recovery will be too great to ignore and too costly for every non-IT business to do well. Shifting from a capital expenditure model for IT to an OPEX model will also be a priority for businesses striving to remain globally competitive. Managed IT services accomplishes that.

BDR Goes Mainstream

When disaster strikes, business leaders recognize the need for remaining operational. Backup and disaster recovery services provide a cost-effective business continuity solution that reduces downtime and allows you to keep serving customers from anywhere.

Enterprise Threat Detection

Rather than waiting for hackers and malware to highlight security gaps, then developing security patches in response to protect businesses, you can make your approach to security more aggressive. Enterprise threat detection offers proactive security that uses predictive analytics to stay ahead of the next attack. This will become a necessity for businesses of all size.

The most competitive businesses are the ones preparing for possibilities and designing their infrastructure in such a way that they can remain flexible, proactive, and competitive. Managed IT and BDR are not new concepts, but they are trending in 2015 as adoption becomes ubiquitous.

Discover how thinkCSC can help your business. Learn more.

Securing Your Business Network

By | Data Security | No Comments

13900884393bkprReports of security breaches are coming in fast and furiously. What started as a trickle of breaches at a handful of retailers like Target and Home Depot has turned into an all-out assault on business networks across the globe. Security breaches can literally stop your business in its tracks. Securing your business network has never been a more important consideration for your continued business operations.

Network Security – A Necessity

Your network is the heart of your business, connecting your employees to the software, communication, and information applications you need to operate your business. A properly secured network keeps your business operational.

Proper security:

  • Keeps your business flexible as conditions change
  • Provides a secure foundation from which you can interact safely
  • Allows you to collaborate effectively with team members and customers
  • Ensures governmental and industry standards compliance
  • Allows you to control who has information access, as well as how and when information is accessed
  • Reduces costs (data loss and security breaches cost U.S. businesses almost $70 billion a year)
  • Allows you to leverage a flexible and remote workforce without risk
  • Reduces risks of downtime, data loss, and litigation

Developing a secure network is more than just having policies and procedures in place if you don’t have the hardware and software to back up your plan. A truly secure network can only be achieved by making sure every access point – every email address, every laptop, every file – is securely stored, controlled, and monitored.

thinkCSC Offers Superior Network Security

Network security is not a one-size-fits-all proposition. thinkCSC recognizes the need that business owners have to balance security with cost-effective solutions. Our experts begin by conducting a risk assessment: identifying your needs, pinpointing your most critical vulnerabilities, and helping you develop a comprehensive plan and security strategy. From firewall protection to hosted email to offsite data backup in a private, locally owned cloud, thinkCSC has the solutions you need to sleep at night. Schedule your Technical Needs Assessment today.