Month: June 2018

Why Periodic Security Assessments Should Be Your New Normal

/ jlyday / Leave a comment

securityassessments-social

By now you know that building up your cyber security is just as important as building up your cash flow. Both are essential to your success, but while most businesses keep an eye on the financials, they tend to think cyber security is something they can set and forget. Unfortunately, cyber criminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.

Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these problems, you’re able to proactively setup adequate protection before cybercriminals strike. It’s best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that would otherwise be missed.

Regulations change – Are you affected?
Many businesses are kept to strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and time frame. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. I can ensure your business is meeting the relevant regulations, diving deep to be certain you’re safe.

Security patches and updates are vital
It’s so easy to fall behind on your security patches, after all, it seems like there’s a new update every week and each one takes precious time to apply. Cyber criminals are targeting businesses running late, and it’s basically easy pickings for them. If you’re unpatched where it counts, it’s like inviting them in. When we conduct your security assessment, we can take a look at your history and see if your business has a robust patch plan in place and make sure you’re up to date. If there’s an issue that’s placing you at risk now, impacted you in the past, or will in the future, we’ll find it.

Viruses are always evolving
Just like the human variety, computer viruses are nothing to welcome into your workplace. They’re constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cyber criminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where you’ve had the most breach attempts and where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed
As your business has grown over the years (or shorter if you’ve experienced a recent surge), your entire setup has changed. More employees, expanded remote access, additional vendors, supplementary locations…the list really is endless. With each change has come a new risk, particularly if your security has been growing around you. It might be that your password policies haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cyber criminal would.

What to do with your assessment results
Once we’ve finished the assessment you have a benchmark for progress. You’ll know exactly what you need to do, how I can help, and perhaps most importantly, which actions take priority. Moving ahead, future security investments will be smarter as you focus on the high-payoff areas. You’ll also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

Book your security assessment today. Call me at (828)290-8237.

Should You Pay for a Ransomware Attack?

/ jlyday / Leave a comment

ransomware-social

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with plenty of businesses saying ‘yes.’ Here’s what you should consider if you’re ever in this situation.

Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?
Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.

How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?
Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place
Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. Using business-class spam filters can catch many of these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, I can help! Call me at (828) 290-8237.

What’s Best for Your Computer: Shut Down or Sleep?

/ jlyday / Leave a comment

power-off-social

Most homes are trying to reduce power costs by turning off lights and appliances, but do the same rules apply to computers? After all, it requires more than flicking a switch on your way out the door. Some people believe you should shut down after every use to save wear and tear, others believe you should never shut down your computer – ever. Others simply want to make sure the pages and apps they left open are still there waiting for them. So, who’s right and what are they really doing?

Back when computers were clunky behemoths that took a long time to start, you’d go nuts at the person who shut it down when it was your turn. If you have an older computer, maybe you still do.  Modern computers actually have two options for their downtime: Shut down or sleep.

When it shuts down, the system goes through and closes any open programs (often prompting you to save first), then gradually cuts power to all components. It’s a methodical process that seems quite fast to us but is actually made of 100+ intentionally ordered steps. If there’s a sudden blackout or you hold the power button until it turns off, it means the steps aren’t followed and damage is possible. The second option is to put your computer to sleep. This can be triggered by an automated timeout or a user click. Your system uses a special type of memory called RAM to hold all your running programs exactly as you left them but use minimal power. The hard drive stops spinning, the graphics card lets the screen go black, and even the system fan slows to become almost silent. When you wake it by moving the mouse or pressing a key, it ‘wakes’ again almost instantly.

Reasons to Shut Down

A switched off computer isn’t drawing power which is a tick for the environment. But shutting down is about more than saving power. It can sometimes give improved stability over a machine that’s been running for days/weeks. This is because every time you shut down, you give your computer a chance to clear out all temporary junk files it’s been carrying in memory. It also triggers various health checks on startup that may otherwise be missed, important routines like checking for updates or scanning for viruses. It’s certainly more convenient to spend an extra minute booting up than lose everything to a cyber-attack. For older computers or those under heavy strain like gaming or video editing, shutting down also provides a necessary chance for the components to cool down.

Reasons to Sleep

Speed is the big selling point here. You can literally sit down and start working where you left off without the delays of bootup, finding your program, opening your saved files, scrolling down… it’s all right there and ready. You can even tell it how long to wait before putting itself into sleep mode, just in case you get called away and forget. Windows updates still run in the background, so that’s okay, but it’s important to note that your computer might get stuck waiting for a reboot that never comes.  Those pending updates may stack up, ineffective until it either forces a reboot or becomes unstable enough that you give in to a restart.

The best method is….

Since the whole point of having a computer is that it’s ready to work when you are, I recommend shutting down at night at least once a week when it’s definitely not in use but using sleep mode during the day. Updates will get all the rebooting they need, memory is refreshed for the new day, and you’ll get the best of both worlds – speed and stability.

I can help your computer boot faster, give me a call at (828) 290-8237.