From a technology standpoint, there’s never been a better time to be alive. Chatting with people for free all across the world or opening your front door at home while in a business meeting, it seems that our interconnected world has unlimited possibilities. Sadly, that can go really wrong when people with less than pure motives take advantage. Viruses and other threats are on the rise, and there is one word whose very mention sends shivers down the spine of mortal cybersecurity professionals everywhere: ransomware.
Ransome is so frightening because of how quickly it is becoming a major issue across all systems worldwide and how devastating it is for businesses. Today, we will be discussing this threat and what you need to do to keep it out of your business.
What exactly is ransomware and why should you care? Like other computer threats (think viruses or trojan horses), ransomware has a colorful name that aptly describes what it does. In fact, it’s exactly what it sounds like: someone holds your data or computer access hostage until you pay a ransom. Depending on the circumstances, this can range from a relatively small sum to well over $1,000,000.
These attacks rarely occur on their own. Most often they are part of an email phishing scheme. As criminals have become more and more sophisticated, attacks like these — that only suckers used to fall for — are becoming common even among seasoned professionals.
Ransomware has grown to by one of the top cyber threats your company faces. To put this in perspective, in 2018, we saw a 300% increase in ransomware attacks from the year before. So far in 2019, we’ve seen even more attacks than all of last year.
Why the increase? Frankly, because it works. While the ransom can be quite high, most hackers consider the size of the company and value of the data. In most cases, they set the price cheaper than manually restoring the data, so many companies just pay the ransom and hope if they don’t have a proper backup. The FBI recommends not paying so as to not encourage the hackers, but they also recognize that this may actually be the only option for many organizations without the proper security protocols in place.
Ransomware has been popular in the news lately because hackers are targeting governments of all sizes, in addition to businesses. For instance, in the state of Florida alone, seven municipalities have been victims. In April, the city of Tallahassee paid $500,000 to get access to critical systems and data after an attack. They paid for the attack by diverting funds from employee payroll. The city of Riviera Beach paid over $600,000 in Bitcoin for a similar attack in May after an employee fell for a phishing scam!
National governments are also falling victim! The government of Ecuador said that have seen over 40 million attempts to hack into their system. A few have been successful, resulting in expensive ransoms.
Saying that “ransomware is here to stay,” would be a massive understatement. However, there is a bit of good news about this. While ransomware itself is a relatively new threat, it uses old standbys to enter your computer in the first place. Ransomware affects your system after hitching a ride on another threat, such as a virus or phishing attempt. Think of it this way. In the past few years, zika, a dangerous virus passed on by mosquitos has been on the rise. Because it’s transmitted by a known pest, we can use the same precautions we’ve always used against mosquitos to prevent infection. This would include repellent, avoiding standing water and wearing long clothing.
Similarly, the best way to avoid ransomware is to protect your network against many of the same threats we’ve always faced with computers. This means being proactive and keeping your system safe before the ransomware can have access to your vital data. In the event of a breach, you also need to have a viable back-up to seamlessly rollback before the attack.
How well does your current system protect you from ransomware and other cyberthreats? Contact us today to prepare you for this very real and rising threat.
Do you remember driving your first new car? You drove that old clunker of yours for years, and now you’re in a sleek and shiny brand new car! It rides and handles so smoothly you wonder why it took you so long to give in and get rid of the old one.
Windows 7 is now, believe it or not, that old clunker you’re still driving.
If you’re currently using Windows 7, you know its days are numbered. The current target date of Windows 7 End of Life is slated for January 2020. While you could technically upgrade to any newer version of Windows, upgrading to Windows 10 is going to be your best bet — as long as your systems can handle it.
While many people (and IT departments) are afraid of change, this can actually be a great opportunity to enjoy new, improved, and added features. Today we’ll be discussing some of the major benefits of upgrading to Windows 10.
One of the major reasons for not upgrading is because the current system has all the features that an individual or company needs. However, keep in mind that Windows 7 originally came out in 2009, and a lot has changed in ten years. Features that we never would have imagined before have now become a regular part of our daily lives, and even if you don’t currently use any of them, you can certainly see how they might benefit your company. Let’s take a look at some of the new features that are bundled with Windows 10:
While having a conversation with your computer may have seemed like something that could only exist in Captain Kirk’s reality, both Apple and Google have had virtual assistants available for years. Cortana works in a similar fashion as Siri or Alexa, in that you can use your voice to have her perform a large range of commands. She will keep track of the user’s habits and internet viewing choices while creating a desktop environment that is customized to their preferences, such as news articles that fit their interests.
There are apps for everything, and by creating their own app store, Microsoft now allows Windows users to have access to a wide range of free and paid applications that can be used for any imaginable purpose, both personal and business.
This is a feature that is new to Windows, but Apple users have been enjoying for years. This feature allows the user to seamlessly change gears to have programs or files specific to a task immediately available with the click of a button.
Improved Screen Capture
To share information we are expected to take screenshots of various projects. With older versions of Windows, you would literally have to take a full screenshot, meaning that the recipient would see everything that was open on your screen. Of course, the results looked unprofessional. The only way to remedy it would be to edit the picture after the fact. With Windows 10 you can capture only what you need, and get moving onto other important tasks.
Everyone knows that having better hardware can mean a speedier computer experience. But the truth is that software — and especially the operating system behind it — plays a large role in how quickly everything moves. The difference in speed can be seen in overall general performance, but it is especially notable during startup.
When we think of lagging computers, the startup sequence is the worst waste of time, since we’re just sitting there waiting to get to work. Not only does Windows 10 show a major difference in startup time compared to other versions of Windows, but in many cases, it even has a better startup time than a Mac of the same hardware specifications.
When push comes to shove, this will be the major deciding factor. Let’s get the obvious part out of the way: if you don’t upgrade your system by January and you’re using Windows 7, there will be no more support, upgrades, or patches. It will only be a matter of time before hackers can completely exploit your outdated security measures.
Even if Microsoft did continue to support Windows 7, the updated features in 10 blow the old security features out of the water. One of the major upgrades is Secure Boot which will only let you load programs that are signed off by Microsoft or the hardware manufacture. If a third-party program were loaded on for whatever reason, (from an unknown email attachment, or a found thumb drive, for example), it wouldn’t be allowed to run. In addition, there are robust ransomware and virus protection features built right into the OS. Other features, such as Microsoft Passport, Microsoft Hello, and Device Guard add further levels of protection.
While it would still be a good idea to use a separate protection system, Windows isn’t nearly as helpless as it once was. It should be noted, however, that these new features work very well on the induvial computer level only. Extra protection should still be installed on servers, printers, and other business hardware that connect to the internet.
At the end of the day, it doesn’t matter if we want to upgrade or not — the end of the Windows 7 world is upon us and we need to be prepared to run our computers without fear. All it takes is trading in your old clunker for the shiny new model, and no one complains when they drive their new car off the lot!
We’ve talked about some of the more common threats that all businesses need to be careful of, but how dangerous is the web and how much of a risk is the current landscape?
Today we’ll talk about a few of the most widespread threats that need your attention.
Windows 7 End of Life
When it first came out, Windows 7 was very popular and it still is. Now, when we say popular, that isn’t an exaggeration. According to some estimates, nearly 70% of all PCs are still running Windows 7! When support officially ends in just a few short months, that’s going to leave a lot of people open to attacks.
In case you weren’t aware, the single largest reason for upgrading is security related. So, when Microsoft stops updating security on these systems, it’s just a matter of time before your system becomes an easy target for hackers.
Marriott’s Data Breach
Don’t think hackers only target little old ladies on 15-year-old computers. It appears that Marriott Hotels, one of the largest chains in the world, is going to be fined the equivalent of $123 million for a breach that exposed the private information of over 332 million customers. Even though it can be argued that the hotel chain was the victim, they are the ones who are responsible for what happens on their servers.
What makes this even scarier is that while the company spends quite a bit on their security, they still didn’t detect the breach for nearly four years. This goes to show that the amount spent on a security system doesn’t mean anything unless it is well implemented and monitored.
This year, one of the biggest trends in ransomware is the targeting of specific industries. Why is this so scary? Well, the most dangerous enemy is someone who knows how to hit you where it hurts most. In the case of LockerGoga, this particular software is designed to cripple manufacturing firms, specifically, by causing their automation systems to go offline. This disruption is key to the firm’s efficiency. As of this writing, LockerGoga has already affected industrial manufacturing facilities in two continents, nearly shutting down production completely. And it also seems that hackers are upping the ante, demanding ransoms in the hundreds of thousands of dollars.
While not excusable, it’s still understandable why someone would want to hack business: money. But if you’re a medical or charitable organization, you should be fine, right? Not so fast! For reasons that are not always clear, this year has been especially difficult for data breaches in this sector. In Europe and Asia, tens of thousands of records have been compromised for organizations range from charities for abused children to HIV clinics. Here in the US, at least 145,000 individuals who were seeking treatment for addictions at various facilities had their information stolen from a single server in April. One would think that even hackers would have some sense of decency, but as the saying goes, “There’s no honor among thieves.”
Your Staff is your Biggest Risk
We all know that Hackers and other criminals are working hard, finding ways to break into your business. But their job gets more difficult if your employees are trained in the dangers of cybersecurity. Employees who open the wrong attachments on emails cause about 70% of all malware infections. Up to 50% of your sensitive data, along with your client’s data, can be breached through your employee’s smartphones, tablets, and laptops. And don’t get me started on poor password management.
Not Even Your Donuts Are Safe
Earlier this year, Dunkin Donuts experienced its second hack in six months. In this case, the information wasn’t that sensitive — mostly related to their DD Perks program — but it just goes to show that very little information can be considered untouchable. What is odd about this particular instance is that the information went right onto the Dark Web for the highest bidder to purchase. This may not seem like a problem until you read between the lines. This information contained usernames and passwords, which wouldn’t matter unless someone really wanted that free cup of coffee you earned. However, since many of us reuse the same username and passwords for various accounts, it could be just a matter of finding out what other services you use — or even which bank you do business with — before the thieves gain access to your most critical information.
Unfortunately, we don’t live in a safe world. It seems that at every corner someone is trying to breach computer systems to mine any tiny morsel of value. The most important lesson we can learn is to not let your guard down. As a business owner or someone who works within an organization, don’t feel that there’s something special about you or your system that would make you invulnerable or unattractive to a potential data pirate. As long as there is a single penny to be made, it seems that someone is willing and able to jump at it.
Invest in the best cybersecurity you can get. Don’t be the next company to have your data sold on the Dark Web.
We still see the same scene in horror movies: the main character runs into the house, slams the door, locks the deadbolt and sighs in relief — but somehow the killer still sneaks up and attacks them from behind!
If you own a small business you just might find yourself in a similar situation. Sometimes small business owners spend large amounts of time and resources physically protecting their operations just to let the most dangerous threats sneak in through the figurative back door.
Today we’re going to talk about the 8 biggest security threats to small business in 2019, in no particular order. While a few of them are new, some past risks are still very much in play.
Not only is this the number one threat to cybersecurity, it’s also still on it’s way up. Phishing attempts were reported by 48% of small businesses in 2017 — up from 42% just one year prior. All indications point to this trend rising as it requires the least amount of resources and knowhow to attempt.
Microsoft Document Scams
There’s nothing safer than opening up a Word document, right? Think again! For the past few years, scammers have been getting creative with coding that allows them to gain access to your computer, which is why Microsoft has been having to work overtime to create new patches. However, since many companies delay updating their software, this remains a prime option for criminals.
Currently, over 1,100 different variations of ransomware are being tracked around the world. The FBI has stated that there has been a sharp uptick in these attacks recently and they advise that the practice will continue to grow rapidly the coming years. So far this year, not just businesses, but entire cities have paid ransoms to get their data back.
As cryptocurrencies such as Bitcoin have exploded on the scene, their demand and value have gone up as well. Although you can’t physically mint a Bitcoin as you could a dollar bill, they are “created” in a process known as mining. This is a resource-intensive practice that requires computing power that thieves often lack. The solution? Hijack other computer systems to do the computing for them, taking a toll on bandwidth and slowing down networks.
Internet of Things (IoT) Attacks
Technology is rapidly increasing, not just in computing devices, but in everything that’s become a computing device. With IoT technology, you can connect your servers to your security system, HVAC system — even the microwave in your break room! While this allows everything to be connected and consolidated in one place, it also creates vulnerabilities. Most of these devices have very weak security protocols in place: who would want access to the toaster in the office next door? But as they are often connected to the main network, it creates a backdoor that can — and has repeatedly been — exploited.
Many small businesses feel safe doing business on their mobile devices only to have them be one of their weakest points. While most of us have been lectured about using unsecured Wifi ad nauseam, the most recent threat to mobile computing is our reliance on the Cloud. In the past few years, companies such as Apple, Google, and Microsoft have made cloud backups a standard part of their services. Since so much information is stored in one location, it creates a prime target for criminals to attack and gain access to your information. While that may not be a problem if you’re just backing up family photos or text messages from your sister, any important documentation or other data for your business may have also found its way onto these mega servers without you even realizing it.
What has been mentioned to this point is just a sample of the ever-evolving external cyber threats to your business. While an easy fix might be to hire someone who just graduated from a reputable university, the truth is, that may not be enough. A recent study showed that 40% of companies surveyed said that having employees with an applicable degree has shown not to be good enough to keep their systems safe. That same survey showed that less than 25% of applicants for cybersecurity positions were deemed qualified. If that’s how things look in your company, you may feel safe today, but might be in danger for what’s coming over the horizon. It is estimated that training someone to do the job well takes over six months!
In line with the last point, an estimated 69% of companies will have an understaffed cyber threat team, with a large portion of this being companies with absolutely no one in this role at all. What does this mean for a small business? Either people with no experience will have to fill this position, or there is nothing in place to protect valuable data from hackers.
The killer hiding in the back seat, sneaking in through the back door, or — even worse — he’s already in the house, are all clichés. Do you know what else is cliché? Letting your small business fall victim to cyber-attacks. While not all attacks might be avoidable, you’re much safer from attacks if you’re prepared. Updated security software and regular data back-ups are invaluable in this process. Awareness of the latest threats is also key. Just like in the movies; when a killer is loose, no one should feel safe.
Here’s an alarming statistic for Small Business owners: 65% of cyber-attacks are aimed at small to medium businesses.
If you’re a small business owner, you’re aware that your company might be vulnerable to attacks by hackers. Even if they haven’t found a way to break into your system yet, you can be sure someone is trying to find a way to steal your precious data. Hackers enjoy a challenge, to a point. If they can’t crack your system the first time, it’s more than likely that they’ll keep trying.
If they can’t get in they’ll eventually go away, but that doesn’t mean they won’t be back.
There is a good chance a hacker is watching your business right now. And a chance someone has already breached your security. According to one study, it takes an average of six months for businesses to realize that they have been, or are being, hacked. It then takes up to 55 days to confront and suppress the attack. By then it’s too late: the damage has been done.
But why do hackers target small businesses? Some of the reasons are obvious, and some may surprise you. Here is a list of 6 reasons why Small Businesses get hacked:
Not every hacker wants to be famous. Most don’t care about getting their conquests splashed all over the news. Many hackers attack small to medium businesses because those groups are less likely to report security breaches. The first reason for not reporting the breach is that the damage to their reputation can be much more expensive than the temporary loss of revenue, or the price of the ransom they’ll pay to retrieve their data. The second reason attacks go unreported is because law enforcement agencies are not cybersecurity experts.
Businesses go through cycles; some good, some bad, but hopefully at the end of the day those cycles will all lead to company growth. While planning budgets, new hires, and equipment purchases for growth, frequently the security updates and back-up (BDR) hardware needed to protect that growth will fall through the cracks. Your old security software probably won’t be good enough to take you safely into the future. Sure, it got you where you are, but don’t rely on it just because it’s been “good enough” up to now.
It’s no secret that occasionally, especially during growth phases, budgets get shifted around, and what was allocated for security last year may not be in the budget this year. An alarming 90% of small businesses admit to operating occasionally with no security system in place at all. No virus protection, no firewalls, no spam filters, and no back-up systems. The scary part is that the remaining 10% probably just didn’t want to admit it.
Here’s an alarming statistic for you: up to 95% of ALL cybersecurity breaches that hit small businesses are due to human error. You try to stay on top of cybersecurity training for your staff, but people come and go all the time and training is bound to get put on the back burner. Sometimes breaches happen because simple procedures aren’t followed correctly. Password hygiene is a basic skill everyone should know; things like how to create a password, and why you should never write down your password and leave it posted to your computer. Not opening attachments to emails is also important, since over 92% of all malware is delivered via email.
One study has shown that 53% of small businesses will pay the ransom to hackers upon contact with them. This is related to our first topic, “Under the Radar,” since the reasoning behind paying quickly should mean you’ll experience a shorter downtime. Paying the ransom is still no guarantee that you’ll get your data back. After all, these are criminals you’re dealing with. Plus, when you pay a hacker, you only encourage them to continue attacking businesses like yours.
Hackers are like sharks: they can smell blood in the water from miles away. Once the word gets out that you’ve been hacked, and that you’ve paid the ransom, you’ll have hackers lined up around the block. Like a lot of criminals, hackers are looking for the path of least resistance. Once they hear you’re an easy target you’d better prepare yourself for all kinds of cyber attacks.
It takes work to develop a comprehensive cybersecurity strategy, train your employees on what to look out for, and maintain regular data backups, but all these things and more are necessary in today’s cyber landscape. Almost every day there are news stories about companies getting hacked, corporations paying millions in ransom, and small businesses closing because of hacks. Companies like Apple, Amazon, Target, and Facebook can afford the best security available, yet they still get hacked. Make cybersecurity a priority for your business and you’ll increase your chances of staying off a hacker’s watchlist.