Blog

Blog

Your Link to a better IT experience

Data Security: A People Problem

 

 

Phishing Scams – A People Problem

There are some things that only people can fix. There are many security risks to which your data is susceptible, but there is one method that remains a wonderfully effective hacking tool. That is the phishing scam. This is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate webpage. The distinction is that the phishing email asks the user to enter personal information, including passcodes. In either case, that is how hackers easily get into your systems.

 
What’s the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. One way some firms are educating their people is by sending out their own “fake” phishing scams. Employees who click on the link inside are greeted with a notice that they’ve fallen for a phishing scam and then are offered tips how not to be fooled in the future. Think of it as the hi­-tech version of Punk’d.
 
You may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams. Your staff are all critical factors in your data security plans.

What is Ransomware and How Can it Affect Your Business?

 

 
This cyberattack scheme hasn’t garnered nearly as much attention as the usual “break-in-and-steal-data-to-sell-on-the-Internet version,” but it can be even more debilitating. Ransomware attacks have begun appearing in the last few years and its practitioners are so polished that in few cases they even have mini­call centers to handle your payments and questions.
 
So what is ransomware? Ransomware stops you from using your PC, files or programs. The business model is as old as the earliest kidnapping. They hold your data, software, or entire PC hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access. There may even be a Doomsday-style clock counting down the time you have to pay or lose everything.
 
Interestingly, one of the more common “market segments” being targeted in the US has been public safety. Police department data is held hostage, and in many cases, they have given up and paid the ransom. They had little choice. They aren’t the only ones. A hospital in Southern california also fell prey, as did one in Texas.
 
Ransomware can be especially insidious because backups may not offer complete protection against these criminals. Such new schemes illustrate why you need to have a professional security service that can keep you up to date on the latest criminal activities in the cyber world. Talk to an MSP about possible protections against ransomware.

Data Breaches are a Question of When, Not If

 

You hear on the news all of the time about big cyber attacks on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small firms represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of Target Corporation back in 2013
 
If  you’re a small business, then you’re a target for cyber criminals. Last year, 71% of small to medium size businesses were the victims of cyber attacks.
 
Today’s concern is how you would respond to an attack. 31% of small to medium businesses do not have a plan of action for responding to IT security breaches, and 22% admit that they lack the expertise to make such a plan. A data breach is disastrous.
 
Your response determines whether it’s a survivable disaster. You need to have a statement for customers ready, (47 states require businesses to disclose data breaches), you need to be able to quickly access backups, and you need access to professionals with experience in disaster recovery and business continuity.

Penetration Testing vs. Vulnerability Testing Your Business Network

 

 

Hearing “all of your confidential information is extremely vulnerable, we know this because…” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.

  1. “All of your confidential information is extremely vulnerable… we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”

  2. “All of your confidential information is extremely vulnerable…we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.
Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.
 
Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.
 
What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data…) A vulnerability scan tells you “what are my weaknesses?” and pen­test tells you “how bad a specific weakness is.”
 
How often should you pen-test: Different Industries will have different government mandated requirements for pen­testing. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legalminimum. You should also conduct a pen-test every time you have
  • Added new network infrastructure or applications,
  • Made significant upgrades or
  • Modifications to infrastructure or applications,
  • Established new office locations,
  • Applied a security patch
  • Modified end user policies.

Remote Monitoring and Management

 
Remote Monitoring and Management
 
Remote monitoring and management of numerous devices operating on your IT network is a time saving and effective way to control the devices that help run your business. 24/7 Remote monitoring helps to reduce potential catastrophes due to malware or employee error. With remote monitoring and management, your business IT infrastructure will be safer and easier to manage from anywhere.

Service Desk

 
Service Desk
 
Certified technicians, expert problem solving, and the latest tools in IT is the WowLinx way of solving business IT problems. Our certified support specialists will have your IT infrastructure back up and running in no time. We know how important technology is to any successful business. Let us take care of all your IT needs! 

WowLinx Vault

 
WowLinx Vault
 
Company data is perhaps the most vital tool to any business. Data protection is essential in our world today. All too often, we see cases where data wasn’t backed up properly or outdated technology fails to properly protect company data. The WowLinx solution is a comprehensive enterprise class data protection suite that includes remote monitoring and management, 24/7 support, and the ability to restore data in a matter of minutes, not days.

WowLinx Managed Services

 
WowLinx Managed Services
 
WhenIT fails, valuable productivity time is lost, and your business ultimatelyloses money. Traditional IT services can be costly as many charge by hourlyrate on top of service charges. WowLinx takes a different approach to managedIT services. Instead of charging by occurrence of IT issues, WowLinx charges aflat monthly rate that includes things like remote support, phone support, andon-site visits. Our approach to IT managed services saves you money, addsflexibility to your IT infrastructure and gives you the peace of mind youdeserve.

Mobile Device Management

 
Mobile Device Management
 
Mobile device management can be a daunting task for businesses who rely on the portability and practicality of mobile devices. Fortunately, there is a solution powered by MaaS360 from Fiberlink. Our approach to mobile device management allows companies to detect and restrict devices, control app installations, enforce encryption and password policies, remotely locate or lock a device, and restrict access to corporate resources when a threat is detected. This approach also makes it easy to enroll devices and configure things like email, calendars, and contacts. 

Move IT to the Cloud

 
Move IT to the Cloud
 
Thecloud has transformed almost every aspect of our digital lives, except ourworkspace. For work, we rely on clunky IT systems that are outdated, complex,and vulnerable to attacks. Why shouldn’t we work in the cloud too? Movingbusiness apps, desktops, and even your entire IT infrastructure is acost-effective way boost productivity and flexibility within your business.Stop pumping money into outdated IT systems and move your company to the cloudand into the future!
WordPress Appliance - Powered by TurnKey Linux