Tag Archives: data

Keep Your Business Thriving in a World of Risks

Managed security can protect your Business from cyber attacks.

In the early 2000s, cybersecurity risks began to increase in their effectiveness, but antivirus (AV) solutions kept small and medium-sized businesses (SMBs) safe. With AV updates, employee training, and software patching, most SMBs were able to avoid the worst of cyberattacks—until now. 

Incidents like the WannaCry ransomware attack, which affected organizations across the globe, served as wake-up calls for many that cyberthreats are changing, and many companies still aren’t prepared. Many SMB owners know someone who’s been forced to pay a ransom to retrieve data or even had to shut down because data and systems were too costly to restore or weren’t restored as promised. Still others have experienced cleanup costs from other malware attacks. 

Many SMB owners think they won’t be targeted due to their size or small attack surface. Yet as this chart shows, that simply isn’t the case. Cybercriminals increasingly target SMBs, as it much easier to circumnavigate their defenses than those of enterprise companies. 

The Truth About Security for Your Small to Mid-sized Business

Yes, you are a target: 43% of all cyberattacks targeted small to medium-size business (SMB) operations in 2018. Source: Verizon. Here’s why: Many cyberattackers see SMBs as an easy entry into their larger customers. SMBs were responsible for the Target and JPMorgan Chase data breaches. Even if they aren’t targeting larger partners, cybercriminals can still make money off SMBs who have valuable data (and they almost all have valuable data). 
You may not know you’ve been hit: It takes companies an average of 279 days to realize they’ve been hit by a data breach, increasing the business harm. SMB clean-up costs are high: The average cost of a data breach for organizations with fewer than 500 employees was $2.74M in 2018. 
Did you know?: Of all SMBs that are attacked, 60% do not reopen.

The Risks Your SMB Faces Grow Every Day 

Connections are growing: Businesses are using more devices, applications, and cloud services than ever before. Shadow IT is a real problem: Your employees are likely using more cloud services than you know about, creating a blind spot for your IT team and your organization’s security. 
Passwords are a weak link: Employees often reuse passwords across accounts and use easy-to-guess passwords. Human error is hard to prevent: Your employees may use public Wi-Fi to do their work, accidentally click on phishing emails, or share sensitive data on cloud services or flash drives. 
The latest threats elude AV: Weaponized documents, fileless threats, zero-day threats, and ransomware lack signatures and can slip through scheduled AV scans. You may have compliance risks: If your SMB works in a heavily regulated business, you could face regulator fines in addition to cleanup costs. 
Data sharing: Your partners may not have air-tight security, exposing your data to unauthorized access. 
Businesses today rely on their digital assets increasing security risks.

What You Can Do About Cybersecurity Risks? 

It pays to get tough on cybersecurity. Enhancing your security posture proactively can help you harden your defenses and protect yourself from threats before they hit your company networks and disable your business, systems, and data. 

When you invest in managed security, you get: 

  • A comprehensive solution for all your security needs 
  • Cloud-based solutions that are updated automatically with the latest threat data 
  • The ability to “roll back” any systems hit with ransomware to a pre-infection state 
  • Complete security coverage and simplified cost structures 
  • An end to security management headaches and worries 

Get started with managed security today. 

As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity. EMCSI offers a FREE Network Health Assessment to identify what devices are on your network and where your vulnerabilities lie.  Call Shane Nesbitt, IT Consultant, today to schedule : (330) 750-1428

www.ecmsi.com

Local Governments Cyber Security Crisis in 8 Charts

Within the past few weeks, two large American cities learned that their information systems were hacked. First, Atlanta revealed that it had been the victim of a ransomware attack that took many of the city’s services offline for nearly a week, forcing police to revert to taking written case notes, hampering the Atlanta’s court system and preventing residents from paying water bills online. Then, Baltimore’s 311 and 911 dispatch systems were taken offline for more than 17 hours, forcing dispatchers to log and process requests manually. Both attacks could have been prevented. And they are more evidence of the poor, if not appalling, state of local government cyber security in the United States.

We know this because in 2016, in partnership with the International City/County Management Association, we conducted the first-ever nationwide survey of local government cybersecurity. Among other things, the survey data showed just how poorly local governments practice cybersecurity.

Under near-constant attack, but not fully aware

Nearly half – 44 percent – of all the respondents told us they experience cyberattacks at least daily. Based on prior research, we are confident that rate is actually much higher.

The volume of attacks isn’t dropping – and in some cases it’s increasing.

But even so, many communities didn’t know how frequently they are attacked, and most didn’t count or catalog initial attacks – though more than half did track more serious incidents and breaches.

More than half weren’t able to determine who was attacking their systems.

Unprepared to respond, and with not enough support

Certainly, there are local governments that do a commendable job with cybersecurity. If previous research into government information technology systems and electronic government can be a guide, they are most likely larger, more well-funded and more well-managed governments. However, the data from our more recent survey strongly suggest that at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions.

In part this is because few local officials are aware of the need for cybersecurity. Nearly two-thirds of the respondents to the survey, who were nearly all information technology or cybersecurity officials, said that top managers understood the need. However, among other groups in local governments, awareness dropped considerably. Perhaps as a result, support for cybersecurity efforts was also not as strong as Atlanta’s and Baltimore’s experiences suggest it should be.

With most local government officials and staff unaware and unsupportive, it is not surprising that cybersecurity is so poor among American local governments. Atlanta Mayor Keisha Lance Bottoms admitted that cybersecurity was not a high priority, although “it certainly has gone to the front of the line.”

And yet, crucial barriers remain, largely to do with how much money is allocated to cybersecurity efforts.

Getting more people in the know

If local officials are going to do a better job protecting their information assets, they’ll first need to know a lot more about what’s actually happening. The numbers of survey respondents who answered “Don’t know” to our questions was surprisingly high. No top local officials, whether elected or appointed, should be unaware of basic cybersecurity information, like whether their systems have been attacked or breached, or who’s attacking their systems and why.

Knowing these answers will only become more critical as computing becomes more deeply embedded in systems running “smart” cities. If computers control traffic lights, sewage plants and electrical grids, then the consequence of attacks is more severe than just loss of information or computer services.

Source: Norris, Donald, et al. “Local Governments’ Cybersecurity Crisis in 8 Charts.” The Conversation, 3 May 2018, theconversation.com/local-governments-cybersecurity-crisis-in-8-charts-94240.

This article was originally published by The Conversation. See here

How to Identify a Phishing Email

You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.

Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.

To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.

This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:

  1.  You are asked to send money to cover expenses.
  2. The message asks for personal information.
  3. The message contains poor spelling and grammar.
  4. The email contains mismatched URL’s.
  5. The offer of the email seems too good to be true.

Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!

 

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

What Does your Business IT and Car have in Common?

THEY BOTH NEED TO BE INSURED!

When we talk about car insurance the dark thoughts and questions begin to arise. What if I get into an accident? What if I’m travelling and left on the side of the road? What if someone hits me without my control? While all of these thoughts are very pessimistic, these things do happen, sadly, more often than we would like them to. This makes driving without some sort of car insurance seem completely ludicrous. So why should your business IT be any different?

Think about your business IT as the “vehicle” that keeps your company running. What if your network “crashes”, what if your employees are working and your computers decides to leave them on the side of the road? Or what if a hacker “hits” your network with ransomware or the many other hundreds/thousands of malicious malware that is out there today?

When talking about business IT “insurance”, we mean something a little bit different. You need to make sure that the technology in your business is secure, protected and keeps your employees as productive as possible in order for your business to stay viable. Like a car, you have to have some sort of disaster protection, or else a whole bunch of time, money and productivity of your business is lost on fixing the issue when it happens. The best “insurance” for your business network is using an outsourced IT service management provider, and here’s why.

When you outsource the management of your important IT resources they help optimize your networks performance, to make it work at the peak efficiency and reliability levels that your business demands. This can allow you to stay focused on running your business and not your network. This security, networking, data protection and user support is handled at a fraction of the cost than if your business decided to take on all of that cost itself. Risk is something your business deals with every day from market competition, to the state of the economy, don’t let your IT be another risk. Businesses have limited resources, and every owner/manager has limited time and attention. Outsourcing can help your business stay focused on your core business and not get distracted by complex IT decisions.

Secure your network today with ECMSI !

330.750.9412