Business Security Risk Is Changing In Front of Our Eyes

Close up of code on screenThere have been several stories in the news recently that highlight how hackers are changing their tactics to infiltrate and disrupt our businesses. I thought I would describe how two of the most recent incidents occurred so that we can all evaluate how well we are protected and how to enhance that protection.  These are by no means the only methods being used by hackers.  But, these 2 incidents highlight 2 areas that we should all be aware of and mitigate against.  We hear about these things every day and assume these attacks are very sophisticated.  However, they start out with some very simple lapses that we are all guilty of.

The first incident is the hacking of the Clinton Campaign Chairman, John Podesta, Colin Powell and several other high profile political people.  The story we hear in the news is that these people’s email was hacked and then published by WikiLeaks.  My intent with this post is not to speculate how that whole process occurs, I’m not sure anyone actually knows the path from point A to point B here.  What I want you to understand is how simple this was to get started. And it is not at all that sophisticated!  Investigators have determined that these people were victims of a phishing attack and it appears that they are from the same source in most cases.  That’s right, these people simply clicked on a link in an email they received to cause the email leaks you are seeing in the news almost daily.  We have all seen these types of emails.  They come from banks we don’t have anything to do with, unknown people that have a business deal or have money to share with us, even people we may know that have some incredible product or scheme to make us rich.  In the cases above the email indicated the user’s Gmail account had been compromised and provided a link to fix it.  No big high tech manipulation of email servers, firewalls, break-ins etc. Just a “Click Here Please”.  You would never do that, right?  How about your staff?  These things can be very professionally done and look very authentic.  Businesses need to have continuous training and communications with our staffs to insure they are aware of the latest cyber security risks.

The second incident is the major internet outage that occurred on Friday, October 21, 2016.  During the day and evening on the 21st, several major websites became inaccessible to users.  These sites included Twitter, Spotify, Netflix and many other sites.  Again, I don’t want to get into all the technical details of this Distributed Denial of Service attack, other than to explain that Denial of Service attacks occur when a website is bombarded with so many bogus website requests that they cannot respond to valid requests, which makes the website appear to be down. In this case the “Distributed” part means the bogus requests came from many (possibly millions) of computers or internet connected devices.  The attack on the 21st was the first time (possibly) that the attack was largely carried out by non-computer devices connected to the internet, webcams and low end routers were major culprits.  Yes, our internet connected computers, webcams, routers, refrigerators and toasters can be used to cause an outage like we saw on the 21st and even worse.  Very sophisticated? Not at all!  While the program that was created to cause our devices to become zombie warriors could be considered sophisticated, the method used to get that program on our devices is rather simple.  The simple fact is that most home owners (and some businesses) don’t do the simplest of configuration changes when setting up their internet connected devices.  One of the most basic rules when setting up internet connected devices is never to use the factory configured password.  For instance, when you go to Staples and buy your router it comes with a built is password, the same password as every other similar router sold anywhere in the world.  You know, the one that is published in the quick start guide or user manual.  Forgot yours?  No problem do a quick internet search and you will have it in less than 10 seconds.  So, the major internet outage on the 21st was enabled partially by ourselves.  These hackers simply could connect to these devices and use the default password to plant the zombie software on the device.

We have all heard about, been trained on and even make attempts at applying security to our business and personal lives.  What these two events have shown us is how critical it is becoming to step up our game in this area.  These are not difficult things that we need to do.  However, until the number 1 password is no longer “password” (#2 123456. #3 qwerty) and until we all start taking this more seriously, the bad guys are going to have a field day and October 21st 2016 will be the tip of the iceberg.

What does the Cloud do for your business?

by Ed Davis, CEO, Systems Support Group

canstockphoto13148727What is the Cloud? According to Wikipedia™,Cloud computing, also known as ‘on-demand computing’, is a kind of Internet-based computing, where shared resources, data and information are provided to computers and other devices on-demand. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources.”

Cloud computing and storage solutions provide users and enterprises with various capabilities to store and process their data in third-party data centers. It relies on sharing of resources to achieve coherence and economies of scale, similar to a utility (like the electricity grid) over a network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services.”

What does this mean for your business?

The cloud acts as an enabler by allowing businesses to be more agile in allowing access to data from anyplace, and in most cases on any device. It helps businesses lower the costs of updating hardware and software as major budgeting items.

There are some risks, but with an up-to-date security system, the risks become almost a non-issue. Here are some areas to consider when understanding how the cloud functions.

  • Security of data. Although the cloud can be risky, the major players such as Microsoft, Google and Amazon are more secure than most businesses
  • Access to data is dependent upon Internet access with the majority of Internet connections reliable at this point. But have your IT team keep an eye in this area.
  • Performance of data access is tied to the speed of the Internet connection and is almost always slower than internal access would be due to the amount of users at any given time.

Have your IT team keep you informed on how your company technology is performing, along with being secure on the Internet on a regular basis. You should take nothing for granted when it comes to protecting your business from unwanted intruders.

Go to visit our pages that addresses security issues around the cloud and your data and “Cyber-security begins with a password”.

Cyber-Security Begins With a Password

by Ed Davis, CEO, Systems Support Group


According to Wikipedia™, “a cyber-attack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.”

Stories of corporate data breaches and cyber-terrorism can be overwhelming when we’re deciding how to secure our personal and business networks.

Screen Shot 2016-01-20 at 12.17.21 PM

Before concern turns to panic, and before you begin the journey to bolster your systems, it’s important to understand one key reality: Cyber-security is not a product or group of products. It is a mindset and process that begins with the most basic piece of cyber-security defense – your password.

If your passwords are not created and managed properly, your investments in other security measures are worthless. If your passwords are compromised, your company’s proprietary information can be stolen, often without your knowledge.

There are many other layers involved in truly secure environments, but passwords remain the foundation of security in computer networks. And while we are beginning to use other types of authentication, the password will be the primary tool frontline security tool for some time to come.

Screen Shot 2016-01-20 at 12.08.40 PM

Want to ensure your IT system will be breached?

  • Write passwords on post-its, then stick them to laptops, monitors and computers
  • Create easy-to-remember passwords: ILoveYou, 12345, and “Password”.
  • Reuse the same passwords across several web sites.
  • Don’t change your passwords for years.

Want to ensure your passwords are as secure as possible?

  • Use strong passwords of at least 8 characters, no words, names, etc.  Mix text, numbers and symbols.
  • Change passwords regularly (once a month).
  • Use different passwords for different applications and websites.
  • Don’t give a password to anyone and don’t attach it to a device.

 

3 Security Factors to Look for In Your Business’s Network

three-security-factorsA business is always at risk of being destroyed, be it online or offline. According to a study by 1&1, 67 percent of people confirmed that someone they know has had information stolen from them while online. In order to prevent your business from joining this statistic, there are several features you should look for when considering your network’s security.

The safety of your network’s information is imperative to the success of your business. If you neglect your security, you could potentially lose both clients and your own data. Here are three things to look for when security is a top concern.

Discover Issues Before They Turn into Problems
Does your network administrator scan your sites for security discrepancies? Security scans are an imperative part of your online presence, and they can go a long way toward limiting malicious activity directed at your network. Any problems related to security are often not your fault, but even a slight vulnerability can let threats worm their way into your network.

Systems Support Group can help make sure your networks are as secure as can be. We can equip your business with a Unified Threat Management tool (UTM) to keep threats out of your network, as well as monitor and maintain your networks for any malicious activity. We can identify when your software requires an update, including patches and license renewals.

Back Up Your Data Before It’s Lost Forever
Even though a UTM is a comprehensive security solution designed to keep threats out, cyber criminals are always developing new threats. It’s possible that even with maximum security, something can slip through the cracks. In the worst-case scenario (like what happened to Sony), it’s important to have some sort of backup and recovery solution available, especially to prevent costly downtime and loss of data.

With a Backup and Disaster Recovery solution (BDR) from Systems Support Group, your business can know that when the worst happens, you can restore your data to before the catastrophe had struck. You’ll suffer minimal downtime in the process, and your backup will be restored as quickly and efficiently as possible.

Improve Uptime and Decrease Downtime
Redundancy has become an important part of the business world. It works by backing up your server’s data on another, identical server. Between several different servers, one will always be active. This means that a high percentage of uptime is almost guaranteed, and the chance of server going down is minimized, and, maintenance can be done without causing dreaded downtime.

Systems Support Group can equip your business with virtual, cloud-based servers, which can free your business from the costs associated with running a physical one. This cuts maintenance, electricity, and upkeep costs, while allowing your business to stay mobile and flexible.

With these three tips in mind, you’ll be able to make an educated decision about the future of your business’s network security. For more information about what Systems Support Group can do for your business, give us a call at (800) 897-7002.