(661) 281-4000

Should’ve seen it coming…

By now all businesses should have a BDR or disaster plan in place. This has become more of a standard practice rather than a last-minute product purchase – as it should be. Business owners of any kind vaguely understand this need, but what about a disaster in general. Do you know what you’re preparing for? Sure, a natural disaster could happen, but your receptionist could fat finger something causing a disaster too. Kudos on being ready, now understand what you’re ready for.

It may seem a bit redundant, but before you deploy a BDR, make sure you have gone through a thorough plan. This has to do with researching the extent of your own data as well as a potential BDR provider. You want to ensure your provider uses a program that allows for preventative maintenance, monitoring, and staff training. Having these things in place will help avoid downtime if the worst happens.

With that said, preventative maintenance is so important! Consistently ensuring everything is running as it should and testing these items will allow you some peace of mind as well as simple groundwork for successful backup. This goes beyond backup software or testing cloud storage. This is ensuring your provider’s backups work.  Important items like generators, UPSs, cooling systems, fire detection, and suppression systems. You can’t necessarily head to your provider’s office to see for yourself, but you can read the fine print on your contracts as well as have meaningful conversations with potential providers.

Along with that, make sure your provider does periodic testing of all systems. Not just one or two- then the rest should be fine. Test everything from generators to security to software. That way if the worst does happen, no one can say “Ha! I told you so!” Then, of course, ask about their security. Does your plan come with 24/7 monitoring? Is the data center fully staffed during these hours? Who would mitigate the disaster plan if you aren’t readily available? This comes down to physical and cybersecurity as well. Is your data truly protected on their servers? Could anything be stolen or compromised from their end? There are tons of questions to ask and don’t be afraid to do so. A good BDR business will put you at ease and keep your data safe.

An important item that often gets overlooked while researching a BDR provider is location. Think about it, if the backup server for your company is sitting in a location that sees seasonal hurricanes or located on top of an active earthquake fault, you may want to negotiate additional server space elsewhere or cloud storage that doesn’t back up to that on-premise server. It would really be unfortunate if your backup plan is foiled by a disaster that takes place halfway across the country. Local businesses aren’t affected, but lucky you! This is not to say avoid these locations altogether. Realistically a slew of disasters could happen all over the world, so it’s more about backing up your backup. Or at least ensure your provider also has a backup plan.

Then finally, compile a team as part of your plan. That team of people will be the ones that need to deal with anything disaster-related. Make sure they are trained well and update that training to reflect new threats, products, or anything else that could help them help you. You don’t necessarily want Mary your office manager heading up this team. She did great with the backups when they were on tape, but for this kind of “A-team”, you need your go-to pros. Get your best techs and the ones well versed in data center operations. This team is just another step toward peace of mind and simple preparedness. Don’t lose your business over something that could’ve been avoided. Take the time and steps now before something happens. Mother nature is unpredictable… but so is business.

Backup Disaster Recovery is one of those things that all businesses need to have. A BDR backs up any data during the course of a disaster. Whether it’s a natural disaster such as a tornado, a hardware failure, or even an attack from a hacker. Anyone of these could permanently disable your business if you aren’t prepared or have a proper backup plan. For those of you still backing up data manually on tapes or *cringe* not at all, here are some reasons you need a BDR solution and should stop tuning out potential disasters.

 

First of all, a data disaster is more common than you might think and currently, 58% of SMB’s are not prepared for data loss. Even worse, 60% of SMB’s that lose their data will shut down within six months. Something that could have been prevented could potentially wreck your business. Scary to think about when 29% of hard drive failures are caused by accident. It would be silly to have a human error or a simple mishap put your company out of business.

 

You may have security protocols in place and your employees are well versed on avoiding things like malware. Well done. However, you’re still not protected. Human error is a large culprit in data loss. It could be unintentionally deleting items or accidentally overwriting data, but these “oops” can hit hard. Human error can result in other kinds of hardware damage like spills or even accidental reformatting. All of these things are possible and have happened to many SMB’s before you. Sometimes recovery is possible from the software platform you were using, maybe your computer has your back and caught these things. It’s still a time consuming and money wasting error to fix, even if you are so lucky to recover some of what you lost.

 

Viruses and malware can be a significant cause to software or hardware damage depending on what kind of bug found its way in. Usually, this can be avoided with proper employee training as well as an awesome firewall that will help filter malicious attacks. Yet another prey in the night is social engineering. This is the art of sort of conning people. Hackers have been known to get into server rooms and other data-centric areas of the business. Employees may not even notice their mistake until it’s too late. I guess the “HVAC guy” turned out being a hacker in disguise.

 

Sometimes software corruption can come from unknown viruses lurking around your computer. However, most of the time it is due to improper usage. Things like not shutting down the computer properly or leaving unsaved documents open. Sometimes even a power outage can trigger corruption. Once the software processes are interrupted and damaged, it’s virtually impossible to recover data stored in the software.

 

Did you know that 140,000 hard drives crash every week? With that kind of number, it’s just a matter of time until it happens to you. That is not a comfortable position to be in if you know you don’t have backup. Unfortunately, hard drive corruption is usually due to mechanical issues. Things like age and dust build up can (and will) cause technology to fail. We’ve all used the old laptop we still have, that’s been on its deathbed for months, freezing frequently, taking for-ev-er to load a webpage, and of course, acts as a heater for your lap or desk. All of these things are signs leading to a crash. You may not care if it’s an old hand-me-down laptop from the ’90s. But you will care when it’s your pricey equipment with all of your product data and client information being stored on it.

 

Finally, good old-fashioned acts of God. You can’t necessarily prepare for a natural disaster. Even if you hear the tornado siren, backing up your servers to tape will take longer than it does for the tornado to hit your business. Then what? That tape is left amongst the rubble, destroyed. This may seem like an exaggeration, but it has really happened to businesses. And even if only hypothetical, it makes for a great metaphor for any other crash within your business. This is also proof that on-site BDR’s may not always be the final protective cover to your business. You may want to consider off-site or cloud data storage to ensure protection, so your data is safe even if your equipment is destroyed.

 

Protect your business and keep it running smoothly and successfully. Backup Disaster Recovery options are available for all kinds of SMB’s and their needs. Don’t wait to be taught a lesson by the “big one” (as most California residents say). Protect your important data and enjoy the peace of mind that comes along with it. You’ve worked too hard to get your business where it is, protect your hard work.

Cybercriminals use social engineering every day to attempt to hack into people’s personal information. Chances are, you have seen all three of these attempts sometime during your lifetime. Social engineering is slightly different though because it preys on the human condition. Attempting to gain trust and manipulate people. This way it’s even easier to have someone almost willingly give out personal information. In general, there are three major ways that cybercriminals use social engineering to steal your info.


The first is via email.
This is one of the most prominent ways that information is stolen. This side of social engineering has been around nearly as long as emails have and its guaranteed that anyone with an email account has seen at least one of the many phishing scams that come from cybercriminals. Perhaps a Nigerian Prince would like to wire you a ton of money because his inheritance is wrapped up in the bank for some reason. All you need to do is pay a few fees to receive the money and you get to keep a portion of his millions. Totally legitimate right? Or maybe the bank needs you to confirm your account number and social security number because of an “account breach”. Why not right? The bank is a legitimate business, it must be real, even the email looks real. Better yet, wouldn’t you love to be a secret shopper? Receive a check for $1000, cash it, and perform a job. Innocent enough right? Not after you wire initial costs and attempt to cash a bad check. These are just some of the ways social engineers prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links that can be clicked on will deploy malware to infect your computer files and obtain information about you. It’s amazing how prevalent these scams are. But if you’re educated on them, you won’t become a victim.


Next is posing as someone you know.

This can take several different forms, however the most obvious is copycat Facebook profiles. This is another prominent scam that cybercriminals use to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile gaining access to personal information. Another way cybercriminals can gain access to your information is by posing as someone within your company. They can send an email that looks like it’s from your boss when really its fake. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, there goes malware infecting your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as real from the boss.

 

Finally, a newer way for cybercriminals to target people is through advertisements.
Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software or a pop-up will come on your computer saying your computer has been infected and to click the link to clean the virus. Tricky, tricky cybercriminals.

The key to these three general social engineering styles is to become educated on them and keep an eye out for anything that seems off. It certainly pays nowadays to be diligent during your time on the internet and pay attention to everything. If something seems strange or wrong, avoid it until you are certain it is safe. Try not to click on any links inside of emails unless you are sure, and trust the sender. If you get a friend request from someone, look over their profile and ensure its real. Check out their friends, photos, and posts to ensure they aren’t fake. Then finally don’t trust any anti-virus pop-ups or ads. Make sure that you make educated decisions while surfing the internet, stay safe out there!

Most people are aware of terms like phishing and malware, but do you know those are a part of a larger scheme called social engineering? This is not a new kind of fraud, in fact, it’s been used for many years to manipulate a wide range of people into giving up important data about themselves or the workplace. A prime example of social engineering goes back to Greek mythology with the Trojan horse. They infiltrated the city of Troy with a “peace offering” filled with soldiers, thus winning the war. With technology at the forefront of our lives, social engineering has entered a new era. Physical human interaction is not necessarily required anymore. These criminals can gain information through emails, pop-ups, and public Wi-Fi networks, to name a few. The main objective is to influence, manipulate or trick users into giving up privileged information or access within an organization. They are doing this right under your nose, and if you’re not paying attention you will be a victim of this as well.  

 

External Threats 

With technology at the forefront of most businesses, external threats are becoming the benchmark for social engineers. They can hack into core business processes by manipulating people through technological means. There are so many ways for social engineers to trick people, that it is best to ensure you are well versed in some of the ways they can hack your system. 

 

Baiting 

First of all, baiting can be done both in person and online. Physical baiting would be a hacker leaving a thumb drive somewhere at a business, then an employee picks it up and plugs it into a computer. Could be curiosity, or simply thinking a co-worker left something behind. However, as soon as the thumb drive gets plugged in, it will infect your computer with malware. The online version of this could be an enticing ad, something to pique interest. Things like “Congrats, you’ve won!” Also, there is scareware, in which users are deceived to think their system is infected with malware, saying things like “Your computer has been infected, click here to start virus protection.” By clicking on it, you unintentionally downloaded malware to your computer. If you understand what you are looking for, you can usually avoid these situations.  

 

Phishing

This is probably one of the most popular social engineering attacks. Fairly generalized, this usually comes in the form of an email. Often, they ask the user to change their email or log in to check on a policy violation. Usually, the email will look official and even take you to a site that looks almost identical to the one you may be used to. After that, any information you type in will we transmitted to the hacker. You just fell for the oldest online hack in the book.  

 

Spear Phishing 

Similar to generic phishing, spear phishing is a more targeted scam. This does take a little more time and research for hackers to pull off, but when they do it’s hard to tell the difference. They often tailor their messages based on characteristics, job positions, and contacts belonging to their victims to make their attack less conspicuous. This could be in the form of an email, acting as the IT guy with the same signature and even cc’s to co-workers. It looks legitimate but as soon as you click the link, you are allowing malware to flood your computer.   

  

Internal Threats 

Originally, social engineering took place in a physical setting. A hacker would do some preliminary research on a company structure or focus on behaviors in order to get that initial access into a building, server room or IT space. Once they have a “foot in the door” so to speak, obtaining pertinent data or planting malware becomes that much easier.  

 

Tailgating 

Often, they will enter a building without an access pass by simply acting like an employee that left it at home, this technique is known as tailgating. The only credential they need is confidence. This can also include a hacker posing as an IT person and conning people into believing that to be true so they can gain access to high-security areas. This is far easier than it sounds too. You can find company shirts at your local thrift store, exude confidence and gain access.  

 

Psychology 

Another interesting process hackers use to con their way into a business is by creating a hostile situation. According to PC World, people avoid those that appear to be mad, upset or angry. So, a hacker can have a fake heated phone call and reduce the likelihood of being stopped or questioned. Human psychology really is a tricky thing, isn’t it? 

 

Public Information 

Then of course, the more you know about someone the more likely you are going to gain the information you need from them. This involves everything from scoping out parking lots, observing the workspace and even dumpster diving. Nothing is safe anymore and your life is not always as secure as you’d like to think. Something as innocent as a bill can be used to harvest more information about a person. 

 

Pretexting 

Similar to online phishing, pretexting is a popular fraud tactic for phone calls. Often, they will disguise themselves as an authority such as a bank, tax official or even police. They will probe you with questions that could lead to giving up information that could compromise your identity. This personal information can be used to find out a whole slew of things. Not only can they get away with your money immediately, but they can also easily steal your identity with pertinent information like social security numbers or banking information. 

 

Prevention 

Social engineering can be prevented by being educated in it. With so many different ways to steal your important data its imperative that individuals and businesses go through some sort of training regarding these issues. However, on a day to day basis, getting into certain habits can help. First of all, pay attention to your surroundings. Remember that physical social engineering still exists and you don’t want to be the one that caused your business corrupted data. Next, do not open emails or attachments from suspicious sources. Moreover, if a legitimate-looking email seems slightly suspicious, go to the source and find out for sure if they sent it. Also, multi-factor authentication can curb fraud immensely. One of the most valuable pieces of information attackers seek is user credentials. Using multifactor authentication helps ensure your account’s protection in the event of system compromise. Furthermore, if an offer seems too good to be true, it probably is. Don’t click the link, you didn’t win a cruise. Then finally, keep your antivirus and/or antimalware software updated at all times. This is the best line of defense if for some reason your system has been compromised. For the most part, use your best judgment and common sense. Social engineers have gotten very good at their jobs, but that’s okay because you’ve gotten very good at yours too and can combat these sneaky hackers.

Have you ever received a Facebook friend request from your mom even though she is already a friend of yours on Facebook? So, you call her up to make sure she didn’t forget her password again and just create a new FB page. Then right after that, “she” sends you a video link saying you’re in a YouTube video. You think, “Well dang I didn’t think she even knew how to use messenger”. As the confusion mounts, you realize, momma’s FB has been cloned in an effort to hack your account. Not today hackers! 

In this day and age of social media, there are two very specific ways hackers compromise your data. Cloning is the first. This is when someone makes a social media account by using someone else’s identity. You’ve all seen them, mom is already your friend on FB but now you’re receiving another friend request from her. The new page has one photo, no posts and a handful of mutual friends that fell for the fake profile. This within itself is not hacking. It’s incredibly easy to copy a photo and create a basic FB page with basic information. The idea behind cloning is to get you to think this is your friend or loved one so they can hack your information. Social engineering can come into play, asking mutual friends for money – saying you’ve been arrested. Another way is by having the clone account send malware to friends.   

This exact situation happens more often than not, but what does it have to do with your business? Mom may not work with you, but take her lesson as a valuable warning. When Facebook account funny business, a multitude of things could occur, compromising your business, clients and other important data you may have stored. Imagine receiving a message on your company Facebook messenger from a friend saying “you’re in a YouTube video”. The link is readily available, you have the urge to click on it, it could be bad PR right? So, you click it and instantly, the malware takes over your computer. Passwords and logins are automatically stolen from you and in the hands of hackers. Not good. This could compromise payment methods or pertinent company information. This hacked info could turn into full-blown social engineering if you don’t pay attention. The worst part is that almost everyone on your friend list will get bombarded by a similar message creating a domino effect. It’s terrible to infect your loyal followers and you’ll see a lot unfollow you because of the inconvenience.   

Facebook is not the only platform to worry about, in fact, Instagram, Twitter, and Snapchat have all fallen victim to hacks. One huge reason for this is because people don’t know better when it comes to security information. Social media is so easy to use that people often forget that information can be compromised. Careless clicking is another culprit. Aren’t you curious what your favorite coffee says about your personality? Its quizzes and fun time wasters like this that allows hackers to access information. So simply clicking on these silly things opens your account to malware and in some cases ransomware. Users have reported being locked out of their accounts, accounts being deleted and some even being held for ransom until users paid the hacker. If you are using these platforms for business, you must be extra leery about what you are clicking on. It’s a terrible day when the content on your social media disappears over an avoidable breach.  

These things don’t have to happen to you as long as you are smart about your social media. Make sure whoever is running it is well trained in cybersecurity. Also, ensure your passwords are strong and not easy to hack. Then go check on mom and give her a fast and efficient cybersecurity breakdown. This subject seems obvious, but the amount of people that get hacked each year as well as the amount of stolen data continues to grow. Hackers are also constantly looking for new ways to take information. Be vigilant and up to date on current trends. Protect your business from these sly social media mongers.