Posts

Are You Protected? 8 Steps to Combat Cyber Threats

If it’s connected, it’s an access point that can be infiltrated.

And any digital device that is connected to your network, is at risk. Last week, CTO Paul Mako, addressed how cybersecurity threats can be detected from the network at the Denver Biz Tech Expo. Today, your business can reduce downtime from these threats by implementing protocols at all access points that are connected to your network. It’s not just computers or it’s users that may impact business security. It’s any digital device that is connected to the network. Building systems or AI devices are just the tips of the ice burg.

Remaining educated on the latest cyber threats is the first step in improving your security processes and combating these malicious attacks. By keeping all of your system hardware and software up-to-date, actively monitoring your network usage, and utilizing the internet security measures that anti-malware and anti-virus solutions provide, you can ensure that your business is ready to battle whatever cybersecurity threat that may be lurking.

Common Cyber Threats

Phishing attacks, DDoS (Distributed Denial of Service) attacks, and APT (Advanced Persistent Threats) attacks are some of the more common cyber attacks that are being used against businesses today. Training administrators and users to be cautious when reading and opening all emails, and utilizing web application firewalls are great tools to use against these attacks as they give you more control over your web traffic while recognizing malicious exploits.

 Lock It Up

Because we’re a team of network people, it’s important to note that we feel the best defense model against any kind of threat begins at the network. Despite that, there are precautions you can implement to lock down your business in the event of a hack or threat. This includes locking down your processes, securing your transactions, then securing all of the access points. Last, but definitely NOT least, train your staff.

Recently, the FBI released an article on Defending Against Payroll Phishing Scams. Below, we’ve listed out some of their strategies businesses can use to avoid them.

Defending Against Cybersecurity Scams and/or Threats Checklist:

  1. Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  2. Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
  3. Do not reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent an email.
  4. Don’t send sensitive information over the Internet before checking a website’s security.
  5. Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  6. If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use the contact information provided on a website connected to the request; instead, check previous statements for contact information.
  7. Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  8. Take advantage of any anti-phishing features offered by your email client and web browser.

 

Compromised Data: Important Backup Service Inclusions

It’s no secret – businesses are prime targets for ransomware.

All it takes is one infected user to bring a department or entire organization to a halt. In fact, 72% of ransomware victims are unable to retrieve or access their data once it has been compromised for up to 2-days. Moreover, a lot can happen in two days.

Here’s the down low on compromised data…

How Infections Happen

Phishing attacks, unpatched programs, compromised websites, poisoned online advertising and free software downloads are common ways that users of your business systems are exploited and how an infection begins.

Examples of User Infections

Ransomware is hard to detect. Because user files are encrypted with the infection, an IT Admin may not recognize that the malware is already inside the network until the damage is done. There are, however, a few ways a user can detect it. Some examples of these are:

  • A user can no longer open normal files
  • A user gets errors such as the file is corrupted or has the wrong extension
  • Window pop ups appear to ransomware programs that the user cannot close
  • IT admins see files in the company directory with names like ‘HOW TO DECRYPT FILES.TXT’ or ‘DECRYPT_INSTRUCTIONS.HTML.’

Business Repercussions

Aside from losing time and money, your business reputation is scrutinized. Which, in turn, can affect sales goals. Regarding data – once your server is infected your mission-critical files and applications become inaccessible and your customer’s data is no longer secure. This too can wreak havoc on your margins.

Compromised Data Solutions

IT admins can remove the machine from the network and reset the bios time to contain and eliminate the malware. For a company wide containment, especially when your anti-virus, firewall, and employee education programs fail, your best bet is to rely on a backup solution.

Not all businesses are built the same. Therefore a backup service should provide much more than just a simple file backup solution. However, there is a range of standard options that your IT staff should become familiar with when considering a backup service. Because backup services are a dime a dozen, we’ve come up with a list of items to be aware of during your review of backup providers.

Important Backup Service Inclusions To Consider Are:

  1. Limited versus Unlimited History

It is important to know the difference. A backup service that only retains a limited history may not be able to restore all of the critical files your business needs to clean up the infection. A proper enterprise-grade cloud backup service should maintain a complete history of your data, that way you can retrieve a recovery point that is reliable.

  1. Detection Ability

Some Cloud Backup Services include Anomaly Detection that alerts your IT admin when the number of “new” or “changed” files increase dramatically. This feature is important to have so you can quickly isolate a ransomware infection and recover data before the entire network is frozen.

  1. Backup Protection Coverage

An infection is not limited to just one device. To protect all of your data and all your devices from mobile phones to Exchange Servers, you should select a program that offers backup services from device-to-device.

  1. Compatibility

Not all cloud backup services are created equal. In fact, many of them have limitations. Some services do not allow file sharing or storage. So, before you pull the trigger on a service you selected, make sure your IT staff does a system compatibility check to avoid any “ooppss” moments after you have signed the contract.

  1. Fees

Some backup service plans include retrieval fees per GB. Most of the time, the service provider will maintain an uptime of nearly 100 percent; however, as part of their service agreement, you can receive credit for those occasions when you get less than 99.9 percent. Be sure to keep an eye on any notifications about interruptions.

  1. Accessibility

Accessibility is important. Being able to manage all of your settings quickly and easily provides flexibility. Most service providers offer a web browser interface giving you the ability to view alerts, load balancing, status checks, manage groups and tags, deploy app versions, view configuration details as well as events. Be sure to inquire about what monitoring systems are available.

To protect your company from data corruption invest in a cloud backup service that is scalable based on your businesses requirements.