Category Archives: disaster recovery

The History of Computer Viruses

Since the dawn of computing, there has always been programs people developed that had the ability to self-replicate. In the beginning, this seemed like amazing modern programs that were wise beyond their years. These programs have since developed into Viruses and the Malware that we know today. Which are not so amazing… However, they are wise, which is the scary part. Let us look at the history of how modern malware came to be. Understanding the root and origins can help us understand how these programs work and how we can defend against them.

1949- YES! As Early as 1949 we see some of the first Self Replicating programs that were established.

1966- John von Neumann, known to be the “Father of Cybernetics” wrote an article on the “Theory of Self- Reproducing Automata”.  Self-Reproducing Automata sounds much more interesting than “Virus”

1971- A self-replicating program called “The Creeper” was developed and accessed the Advanced Research Projects Agency Network and copied to a remote host system. The funny part is that it would display a message that said, “I’m the creeper, catch me if you can!”. Soon after another program called, “The Reaper” was developed to go in and delete the harmful “Creeper”.

1974- An infectious program called the “Wabbit” was created, its goal was to make multiple copies of itself on a computer and clog up the system so the computer performance would be compromised.

The 80’s – This was the decade where the term “Virus” was first coined. We also began to see these programs turn more malicious. The Lehigh virus in 1987 was programmed to infect command.com files at Yale University. A virus discovered in the city of Jerusalem was developed to destroy all file in an infected computer on any Friday the 13th.

The 90’s – At the start of the 90’s Symantec launched one of the first antivirus programs called Antivirus to help fight against the infectious programs. In 1996 a macro virus named Laroux was made to infect Microsoft Excel Documents. in 1999 The Happy 99 virus spread and attached itself to emails with the message “Happy New Year”

00’s-10’s – Were the target of more elaborate viruses which included the ILOVEYOU virus capable of deleting files. The Anna Kournikova virus that spread through emails and promised pictures of the tennis player, but instead hid a malicious virus. The Koobface, which targeted social media Users.

While viruses began harmless and with the intention to further society into understanding how programming works, this information was then used for evil and shadowed the excitement of new technology with threats to personal security. Luckily the good always outweighs the bad and with many steps to prevent, counteract, and fight back against cybercrimes, the world can rest easy.

 

Contact ECMSI for any questions you may have about your network or if you think you fell victim to a virus or cyber attack.

Securing Your Network. From Yourself!

Worrying about outside hackers is one thing, but what happens when a disgruntled employee causes more damage to your business network than any malware could have? Recently, a company out of the Netherlands that provided web hosting, Verelox, had to shut down all of its services to their customers because an ex employee went into their system, deleted all customer data and wiped out most of their servers. Verelox quickly resolved their issues but many times, these situations do not have such a nice outcome.

So how can your business take proactive steps to prevent data breaches within your business? First thing is to make sure your company has set boundaries and understands what each employee can and cant have access to. Knowing your end users is extremely important because it allows you to control who is seeing your information. Backups are extremely important when controlling your network, in the case of Verelox, they had a system of backups in place that were regularly updated, so they restored their systems with the backups they had in place.

So how big of a threat is insider damage? More than you may think. According to a 2016 IBM study, internal employees are responsible for 60 percent of data breaches. From those, over 75% of breaches are done with a malicious intent and 25% were accidental. In a 2015 Biscom survey 1 in 4 people admitted to taking data from a company after they left. Many of them did not feel like it was wrong because they were items they created while they were working for that particular business. The most shocking statistic is that 95% of employees who took company data, said they would not even receive any repercussions because their employer did not have any policies to stop them.

For the 25% that caused a data breach by accident, they most likely fell victim to a phishing email or other internet malware attempt. Educating your end users could go a very long way for your business, and is one of the best proactive tools to keeping your company data secure. Many small businesses get hit the worst when a data breach occurs because they do not have the proper resources to manage their IT and keep on it all while trying to run and grow their business.

 

The Threat of Social Engineering.

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

Our Systems Are Down! A CEO’s Nightmare!

In this day and age, having some sort of computer to do your job is as necessary as air. Chances are, if you have a lot of computers in your business, you also have things like servers, routers, access points, and switches. These are all critical pieces to maintaining your business and your employee’s productivity level.

Have you ever stopped to think about what would happen if your business suffered a catastrophic event? How long would it take to get you back up and running? Do you know if your critical data is being backed-up and if it is, how often is that happening? If you are reading this and starting to feel a tightening in your chest because you aren’t sure of your answers, then it’s time to stop ducking your head in the sand.

In a survey done by IHS in 2015, the average of cost of outages totaled the $700 billion dollar mark. This number has only increased for the past year in 2017. This total includes the loss of employee productivity, revenue and the cost to the fix the issue, which surprisingly was the lowest cost of the three.

So how do you calculate downtime loss?  Our friends over at My IT Pros shared with this basic formula:

 LOST REVENUE = (GR/TH) x I x H

GR = gross yearly revenue

TH = total yearly business hours

I = percentage impact (a high percentage would mean you can’t complete any transactions, will lose clients and have a PR nightmare)

H = number of hours of outage

Finally, to calculate the expected annual cost, multiply this number by the number of expected annual hours of outage. If you do this and you are absolutely panicking, don’t worry. While all of this sounds like something out of a nightmare, the solutions are fairly simple. We would first recommend that you have incremental back-ups of your critical data that are stored both locally and in the cloud. This way, if your hardware were to fail, with the help of your IT provider, you can pull your data down from the cloud onto a backup server (part of the redundancy plan). Secondly, we recommend that you have a redundant environment. Now, this can mean a variety of things but at minimum, it would mean that you’d have a secondary server that is only for emergencies. At maximum, it would mean having clustered servers where there are more than 1 server and if something were to fail, the data just seamlessly moves to the next available hardware.

We don’t want to see any businesses have to deal with this nightmare. If you are unsure of what disaster recovery plan you have with your current IT Provider, it may be time to strike up that conversation. If you have any questions and would like to discuss how downtime could affect you and how ECMSI can help you prevent a disaster please feel free to contact us at 330.750.9412.

Don’t Let a Tech Disaster Ruin Your Reputation

Anytime there is a major cyber security breach in the news it usually spells out disaster for all those who are involved. Weather it is the customers whose data has been breached or the company involved that has to deal with all the media, it ends up turning into a nightmare.

With some of the most infamous breaches being Target, who had over 70 million consumers credit and debit card information compromised. Or the Equifax breach recently in 2017 that could have potentially hit over 143 million Americans. These major companies take a huge hit in PR and get an overall bad stigma associated with them for a long time after.

However, not just massive corporations can deal with this reputation issue after cyber security breaches and downtime. Small businesses that are down because of technical issues could suffer damages to their customer service and reputation locally.

Reputation matters!

Most of the time when you hear about disaster recovery, the focus is on getting your business up and running as fast as possible. The average small business loses as much as $8,600 per hour when its network is offline. It’s expensive to rebound slowly.

But there’s another reason to get serious about disaster recovery – your reputation. As CSO put it, “. . . a data breach is a PR and financial disaster. Companies often spot the intrusion too late, and respond inadequately . . . Customers, for one, will often vote with their feet.”

When customers feel they can’t trust a company with their financial information, other factors fall by the wayside quickly. Maybe you’re the best in your industry. Maybe you have amazing customer service. Maybe your customer base is insanely loyal the rest of the time.

But lose their trust, and you’ve lost them.

Disaster recovery and your reputation.

The very same article from CSO quoted above goes on to argue that the damage is often only temporary. After all, Target is still a viable brand. They bounced back from a massive breach, due in part to their disaster recovery plan.

When things got rough, they responded quickly.

Disaster recovery isn’t just about restoring functionality to your system. It’s also about restoring customer faith. If something happens – anything from a natural disaster to hardware failure to a security breach – you need a clear disaster recovery plan.

If you have one, you can weather the storm. Trust can be rebuilt. But only if you show your customers you know how to handle a crisis.

We are Here to Help.

Here at ECMSI, we care a great deal about disaster recovery. We understand the impact downtime has on your bottom line. We also understand the hit your reputation will take if you don’t know how to navigate a disaster. That’s why our managed services are designed to keep you proactive and ready for anything.

It’s our goal to minimize the impact to your customer base and keep your reputation untarnished, even when everything goes wrong.

If you don’t have a disaster recovery plan in place already, we highly recommend addressing that. And, of course, we’d be honored to help. Get in touch with us to find out more about how our disaster recovery strategy can protect your network stability and your reputation.

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

Our systems are down!- A CEO’s Nightmare…

In this day and age, having some sort of computer to do your job is as necessary as air. Chances are, if you have a lot of computers in your business, you also have things like servers, routers, access points, and switches. These are all critical pieces to maintaining your business and your employee’s productivity level.

Have you ever stopped to think about what would happen if your business suffered a catastrophic event? How long would it take to get you back up and running? Do you know if your critical data is being backed-up and if it is, how often is that happening? If you are reading this and starting to feel a tightening in your chest because you aren’t sure of your answers, then it’s time to stop ducking your head in the sand.

In a survey done by IHS in 2015, the average of cost of outages totaled the $700 billion dollar mark. This number has only increased for the past year in 2017. This total includes the loss of employee productivity, revenue and the cost to the fix the issue, which surprisingly was the lowest cost of the three.

So how do you calculate downtime loss?  Our friends over at My IT Pros shared with this basic formula:

 LOST REVENUE = (GR/TH) x I x H

GR = gross yearly revenue

TH = total yearly business hours

I = percentage impact (a high percentage would mean you can’t complete any transactions, will lose clients and have a PR nightmare)

H = number of hours of outage

Finally, to calculate the expected annual cost, multiply this number by the number of expected annual hours of outage. If you do this and you are absolutely panicking, don’t worry. While all of this sounds like something out of a nightmare, the solutions are fairly simple. We would first recommend that you have incremental back-ups of your critical data that are stored both locally and in the cloud. This way, if your hardware were to fail, with the help of your IT provider, you can pull your data down from the cloud onto a backup server (part of the redundancy plan). Secondly, we recommend that you have a redundant environment. Now, this can mean a variety of things but at minimum, it would mean that you’d have a secondary server that is only for emergencies. At maximum, it would mean having clustered servers where there are more than 1 server and if something were to fail, the data just seamlessly moves to the next available hardware.

We don’t want to see any businesses have to deal with this nightmare. If you are unsure of what disaster recovery plan you have with your current IT Provider, it may be time to strike up that conversation. If you have any questions and would like to discuss how downtime could affect you and how ECMSI can help you prevent a disaster please feel free to contact us at 330.750.9412.

Winter 2017: Disaster For Your Data?

fence with ice hanging off with snow covered trees in background
With winter just around the corner, everyone around you may be getting “all wrapped up” in the upcoming holiday season…

But you’ve got a business to run, customers to keep happy and mission-critical data to keep safe, even if a major blizzard, lightning strike, windstorm or epic flood is taking place right outside your door.

Here are 5 easy steps you can take this holiday season to get your office prepared for this winter’s worst, without seeming like Mr. Grinch.

Be ready for power outages. A power outage can hurt your business in more ways than you think. Besides employee downtime, it takes time to safely get everything back up and running. Then you need to make sure no critical files have been damaged or lost.

Autosave features can help minimize lost files in a sudden power outage. An uninterruptible power supply (UPS) can give your team anywhere from ten minutes to an hour to back up files and properly shut down equipment. If you need longer power durability during an outage, you might want to look into a backup generator.

Keep lines of communication open. Customer frustration due to production delays and not being able to reach key people at your company can be very costly in terms of both revenues and your company’s reputation. Here are three ways to make sure calls to your office don’t get bobbled when a storm rolls in:
1. Create a new automated greeting to let callers know about changes in hours or closings.
2. Set up an emergency override that automatically reroutes key phone lines to one or more numbers that can be reached during an outage.
3. Make sure you and your staff can access voice mail remotely – from a smartphone, by e-mail as an attached sound file or transcribed message, or as a text notification.

Manage employees working from home. Many of your employees can work from home if need be. But you’ll need to prepare in advance if it’s not the norm at your company. Have your IT specialist check with employees who could work from home during rough weather. They’ll need a virtual private network (VPN) to safely access the company network. Be sure it’s set up well in advance to avoid any glitches when that winter storm hits and you need it most.

Have a disaster recovery plan (DRP) ready to go. Unless you can afford to shut down for days at a time, or even just a few hours, it’s absolutely critical to keep a written DRP on hand. Write out step-by-step details of who does what in every type of winter disruption – from simple power outages to blizzards, flooding or building damage caused by heavy winds or lightning. A downed network can cost your company big-time every minute it’s offline. Make sure your plan includes one or more ways to get it back up and running ASAP. Consider virtualizing key parts or all of your network so your team can access it remotely. Once you’ve written out your plan, keep one copy at your office, one at home and one with your IT specialist.

Trying to recover your data after a sudden or serious outage without professional help is business suicide. One misstep can result in losing critical files forever, or weeks of downtime. Make sure you’re working with a pro who will not only help set up a recovery plan, but has experience in data recovery. The old adage about an ounce of prevention applies doubly when it comes to working with the right people who can help you prepare for – and recover from – whatever winter throws your way.