Backup Data Offsite to Thwart Cyber Criminals

backup data offsite to thwart cyber criminals

Time and time again, managed service providers have stressed the importance of completing regular data backups, even for very small businesses. As even these small businesses have come to rely on their data more and more, most companies do understand why backing up their data is a very smart move on their part. Unfortunately cyber criminals are always on the lookout for additional targets and they do seem to target businesses much more than simple personal users. While performing regular backups is still a must, it’s important to discuss one additional aspect of backing up data that can make or break a company if the worst should happen and they become a target of a cyber thief.

Onsite Backups

If a company never encounters a threat from a cyber criminal, an onsite backup would still be an invaluable asset to have in the event of equipment failure or some other internal failure. All a company would have to do is restore their most recent backup, check for any issues, and once given the all clear sign, employees could continue their work.

The problem with onsite backups is that once a cyber criminal gains access to a company’s network, they likely can gain access to their onsite backup as well. In the case of a ransomware attack, a cyber criminal could hold the data of an entire company hostage, including their onsite backup. Either the company pays the ransom or they face potentially losing all their vital business data.

Offsite Backups

The above scenario is precisely why service providers not only encourage regular backups, but they also encourage companies to store a copy of their backups in an offsite location. As everyone becomes more dependent upon their business data to function, it’s a perpetual race to see whether the cyber criminals will take advantage of vulnerable institutions, or whether companies will start taking their business data seriously and take concrete steps to protect this vital asset.

If you would like to know more about establishing an offsite location for your data backups, pleaseĀ contact us.

Also, checkout our cabling services!

Early Preparation for the 2019 Hurricane

early preparation for the 2019 hurricane
Early Preparation

It is a great idea that everyone has a good plan in place for the upcoming 2019 hurricane to protect their IT systems. We understand the massive damages that hurricanes can do when it gets us unprepared.

Below are some steps you can follow in preparation for a hurricane:

  • Property check – Ensure your property is well protected from water damages as it is the main thing that affects IT  systems during a storm.
  • Regarding your building protection, ensure any openings near the IT systems are well covered to keep water at bay. These openings include doors and windows.
  • Disable the restart feature of your electronic devices. This is because, once power is back after a blackout, the presence of water can cause a short electric circuit. This, in turn, can lead to unexpected damages.
  • You can also back up your data and files in case computers fail. Offsite backup is more advisable since you’ll still retrieve them in case of damages at your data center.
  • Most importantly, have hard copies of some relevant documents that may be needed when your IT system is still offline after the hurricane.
  • Good communication plan

Check out 7 Tips for Preparing Your Business for a Hurricane

When disaster strikes, you’ll probably need a reliable way of communication for emergency purposes. That is why you are advised to use cell-phones as they are quick ii matters of emergency and you need immediate help.

Landlines and VoIP phones need aren’t much convenient during this time as they use electricity which is likely to be absent during a hurricane.

Remember to charge your cell-phones earlier before the hurricane.

To conclude, a hurricane is something that needs appropriate preparedness to avoid damages which means extra costs to repair and even replace some valuable assets. It is therefore crucial that you keep the above measures in mind and the earlier, the better.

Contact us if in need of professional information regarding hurricane preparedness.

Six Steps of a Cyber Security Assessment

six steps of a cyber security assessment

Cyber security risk assessment is an essential element of any information security program. Ā As the technology landscape continues to evolve, your company needs to take appropriate steps to make sure your data isn’t vulnerable to potential threats. Ā A great resource for conducting risk assessments is the U.S. Department of Commerce National Institute of Standards and Technology Guide for Conducting Risk Assessments, often referred to by its publication number, NIST 800-30. Ā The guide can be broken down into six steps.

Identify threat sources. Ā The very first thing your organization needs to do is identify and characterize threats. Ā Build a team to assess the various threats facing your company. Examples are divided into “Adversarial Threats” such as organized crime and hostile nation-states, and “Environmental Threats” such as earthquakes and tornadoes.

Identify threat events. Ā Ā This step requires identifying potential threat vectors, the relevance of those vectors, and correlating them with threat sources identified earlier. Ā A good example would be a hostile nation-state running a brute-force dictionary attack on default SSH port 22 on your ISP’s subnet. A course of action could be to weigh whether enforcing good password practices is more or less important than running SSH on another port.

Identify vulnerabilities. Ā It’s important to identify vulnerabilities and conditions affecting the likelihood that threats will result in loss of data, time, and revenue. Ā For example, if your organization has chosen to run SSH on a non standard port, but users choose passwords vulnerable to a dictionary attack, what data can be lost via SSH?

Determine probable impact. Ā Once an attacker is in via SSH, what can be lost? Ā If your website’s users choose poor passwords, what data can be taken and what’s the worst-case scenario?

Calculate risk weighing both likelihood and impact. Ā Will the cost of implementing a strategy to deal with the impact of an earthquake outweigh the additional operational expense during normal day-to-day operations?

Compliance with NIST 800-30 can be daunting, but it doesn’t have to be. Ā For 17 years 4 Corner IT has been a premier IT services company. With over 60 employees, let us help you with your technology needs.Ā 

Contact us today or fill out a contact form to speak to a technical adviser.

Check Out Our Cabling Services!

Building a Solid Cyber Security Foundation – 6 Essential IT Security Services

building a solid cyber security foundation 6 essential it security services

As with any well-built system, effective cyber security begins with building a solid security foundation. Without thoughtful attention to building a good foundation, a business will remain vulnerable to hacks and breaches until they finally decide to face cyber security issues head on.

Assessment

When first addressing an issue, one must first assess all the security issues, both the obvious and the potential ones. Assessing a company’s technology vulnerabilities must be performed by someone with a high level of expertise in evaluating the company overall for sub-standard IT practices.

Planning

After determining all the holes that need attention, the next step is to create an pro-active plan that will address eachĀ potential threat. The plan should include both steps that can be taken in order to avoid a security problem altogether, as well as a solid recovery plan to initiate in the event the worst should happen and a breach is discovered.

A comprehensive security plan will consist of several key components, including:

Combating Intrusion

Sometimes there is a delicate balance between applying security measures to ward off the threats of intrusion, yet still providing enough openness in a computer system to allow employees to actually complete their daily tasks. A good security team will assess what their client needs in terms of effective security, but in a balanced manner, thus preventing their security efforts from hindering daily operations.

Addressing Mobile and Remote Access

Even if all employees in a given company work on-site, it is a rare company that does not allow at least some off-site mobile and/or remote access to corporate systems by their staff members. As work life becomes more and more intertwined with personal time, if not addressed, the security risks associated with off-site access means a company will remain vulnerable to hacks and data breaches.

Securing Endpoints

In the past, ensuring that all corporate PCs had anti-virus software installed might have been enough to combat threats. With every passing year however, hackers and data thieves become more ingenious in their behavior. A good security plan will include securing endpoints through configuration and patch management, solid firewalls, application controls, data loss protection, and in some areas, data encryption.

Enforcing Multi-Factor Authentication

More and more businesses are enacting multi-factor authentication in order for their employees to access corporate systems and data. Many breaches have occurred from the use of woefully inadequate passwords such as “1234567” or “ABC”. Of course, companies should also support their multi-factor authentication measures by enforcing the use of strong passwords.

If you would like to know more about how to build a good security foundation in order to protect your corporate IT assets, pleaseĀ contact us.

Check Out Our Cabling Services!

The Newest Extortion Scams Are Using Your Own Passwords as Bait

the newest extortion scams are using your own passwords as bait
Using Your Passwords

Internet scams have become more and more sophisticated. Thus, extortion scammers have found a new piece of bait by which to hook internet users. The bait is their old passwords. These extortion schemes often claim that someone has the person’s compromising information. Then they say are happy to help get that information back if the person is willing to pay.

The person coughs up the cash, fearing that their information may be compromised. This is in order to protect information that the person claimed they should protect. The catch? The entity that they claim meant harm never had any of the person’s information in the first place. Then, people believe that scammers are burrowed deep in their computers. They believe they are getting a hold of the person’s private information. Many scammers even demand that the payments be made in Bitcoin. Otherwise they refuse to carry out “the job” of stopping hackers purportedly have the person’s personal information. (Really, they don’t have their information at all – the said person burrowing in the person’s computer doesn’t even exist).

What Can I Do To Avoid Extortion Scams?

We offer the following advice to people who have had issues with these kinds of scammers in the past. It is to help them avoid having issues with these same scammers in the future:

  • Scammers will generally want to rush the person into making hasty decisions. Thus, will pressure you to pay them immediately for their “services”. However, if you have any feelings that the person with whom you are talking is not for sure authentic, authorities encourage you not to give them any information as it encourages them to keep on scamming other people after they are successful with you.
  • Once you realize that you have been scammed, change your passwords immediately. Moreover, use different passwords for all online accounts and be sure to require Two-Factor Authorization when it’s an option.
  • Do not have any further communication with anyone who you think is a scammer.
  • Always update your antivirus software and other operating systems to give the scammers less of a chance at getting at your personal information.
  • Cover your webcam at all times when you are not using the device.

Remember, scammers only need to be successful with a fraction of the people with whom they engage in order to be successful at what they do. They will make this a lucrative process which will only continue encouraging them to scam more and more innocent, unassuming people into believing their lies.

In the end, the next scamming issue is the fact that these people claim to have your old passwords and will use that as bait to try to get you to pay them to help “protect your personal information” as they will claim. In these cases, these people don’t have any of your personal information in the first place. They are simply scammers out trying to get money off of you and they will do absolutely nothing for you in return.

For more information on the latest scams that you need to watch out for please feel free to contact us at 4 Corner IT for further assistance.