Not sure your are protected? Contact us, we can help!

Hackers held two school districts on Long Island hostage over the summer, forcing one of them to pay $88,000 in cryptocurrency in order retrieve student and staff information before the school year started.

Despite using an anti-virus software and other firewalls for cyber security, the School District’s encrypted files were accessed this summer by Ryuk ransomware, which can infiltrate an entire server with one click of a malicious email attachment. The virus encrypts data, essentially locking users out of access to their files, and hackers are blackmailing schools until payment is made, usually in bitcoin, through school insurance to unlock the system’s server.

The Mineola School District was also attacked by the same virus. But they didn’t have to pay because they had a backup that wasn’t compromised.

What are some tips to avoid having to pay the ransomware

The nefarious ransomware business model has turned out to be a lucrative industry for criminals. Over the years its ill repute has made law enforcement team up with international agencies to identify and bring down scam operators.

Most of the ransomware attacks that have taken place in the past have been linked to poor protection practices by employees and businesses. There are ways to prepare and steps you can take to avoid the nuances these hackers are causing.

Here are a few dos and don’ts when it comes to ransomware.

1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
2. Restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls or emails.
4. Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
5. Do employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
6. Do make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton Secure VPN.

Ransomware criminals often attack small and medium sized businesses. Among other cyber attacks, ransomware is one criminal activity that can be easily worked around with the above-mentioned solutions. South Jersey Techies coupled with education about these threats is an excellent protection plan for today’s cyber landscape.

October is National Cyber Security Awareness Month by Department of Homeland Security.

National Cyber Security Awareness Month encourages vigilance and protection by sharing tips and best practices in regard to how to stay safe.

Small businesses are a large target for criminals because they have limited resources dedicated to information system security.  Cyber criminals look for access to sensitive data.

Create a cyber security plan

The Federal Communications Commission offers a Cyber Planner for small businesses.  The planner guide allows specific sections to be added to your guide, including Privacy and Data Security, Scams/Fraud, Network Security, Website Security, Email, Mobile Devices, Employees, Facility Security, Operational Security, Payment Cards, Incident Response/Reporting and Policy Development/Management.

Generate a personalized Small Biz Cyber Planner Guide.

Establish Rules and Educate Employees

Create rules and guidelines for protecting information.  Educate employees on how to post online in a way that does not share intellectual property.  Clearly explain the penalties for violating security policies.

Network Protection

Deploy and update protection software, such a antivirus and antispyware software, on each computer within your network.  Create a regularly scheduled full computer scan.

Manage and assess risk

Cyber criminals often use small businesses that are less-protected to get to larger businesses.  Being a victim of a cyber-attack can have a huge impact on any business including financial issues, loss of possible business partner(s) and many more issues.

Download and install software updates

Installing software updates from vendors can protect your network for unwanted viruses and malware.  Vendors frequently release patches/updates for their software to improve performance and fine-tune software security.  (Example:  Adobe Reader, Adobe Flash and Java updates are critical for protection.)

Backup important business data and information

Create a backup plan for all data including documents, databases, files, HR records and accounting files.  A regularly scheduled backup can be a full, differential or incremental.

• Full Backup:  Backup of all data.
• Differential Backup:  Backup of all data that has changed since the last full backup.
• Incremental Backup:  Backup of all data that has changed since the last full or incremental backup.

Control physical access

Protecting physical property is a very important role in protecting intellectual data.  Create a physical security plan to prevent unauthorized access to business computers and components. 

Secure Wi-Fi

Securing your Wi-Fi network consists of a few configurations.  Configure a device administrator password for your wireless access point (WAP) or router, require a password for Wi-Fi access and do not allow the WAP or router to broadcast the Service Set Identifier (SSID), also known, as network name.

Small and Medium-Size Businesses (SMBs) will often take shortcuts to cut costs when purchasing.  To avoid disasters such as a loss of data or work, SMBs are strongly suggested to focus on the ten points below.

Hardware

Considering the rapid change of technology requirements, a pro-active approach for replacing desktops, laptops, servers, and networking hardware is to look five years into the future.

Backup Software

Although built-in backup software and Windows Server backup are adequate, purchasing a third-party backup solution will have the ability to recover from an image.

Internet Connection

Providing your SMB with a consumer-grade DSL line would not be an efficient business plan. Setting up a network that provides your business with more bandwidth than required will prevent a network bottleneck from occuring.

Firewall

Securing your business with only Windows built-in firewall is not ideal.  Configuring a Cisco, Fortinet, or Sonicwall is more secure, reliable and flexible in a SMB environment.

Cloud Storage

Cloud storage provides scalability, reliability and portability.  Cloud storage is divided into three categories:  Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).  Many companies are transferring to Cloud services for access to data outside the network.

Website

Online presence has become an important key for all businesses.  A solid solution is to have a strong website, blogging and effectively using social media.

Redundancy

Redundancy is an appropriate investment towards ensuring that your SMBs network does not go down.  Similar to backups, redundancy does not affect everyday business but should an incident arise, you’ll be glad it’s there.

Support

IT Support is a necessity, whether it’s an in-house department, third-party service provider, or support for software.

Mobile Devices

The ability to work from outside the office and accessing data from anywhere  is now an important key for businesses.  Setting up a virtual private network enables laptops, tablets and smartphones to connect and work from anywhere.

Printers

Supply your SMB with a printer that has the sustainability and features required for business use.

Takeaway: Managing personal data can be risky and expensive for organizations.

“As the amount of personal information increases multifold, individuals and their personal data will increasingly become a security target. And, yet in most scenarios the organization is still ultimately accountable for the personal data on its IT systems,” said Carsten Casper, research vice president at Gartner, Inc.

Gartner, Inc. has a five step plan to create an exit strategy:

Step 1:  

The first step to preparing a strategy for transporting personal data is to distinguish personal data from non-personal data.

Step 2:  

Once personal data is distinguished, it will need protection. Ways to protect data are:

• Encryption
• Virtual Machines
• Secure Apps
• Mobile Data Management Products
• & many more options.

Step 3:  

Next step is to use Human Resource (HR), Customer Relationship Managment (CRM) and Enterprise Resource Planning (ERP) programs that specialize in organizing and storing personal data.

Step 4:  

The most problematic task is guaranteeing that an organization will obey privacy standards for the transfer of personal data which is Gartner’s fourth step.  

Step 5:  

Create a practical method of discussing  Cloud computing including laws and jurisdictions for the physical location and logical location of stored personal data.

Takeaway:  Five simple ways to protect your information when using WiFi and Hotspots.

WiFi is exchanging data through a wireless local area network (WLAN) from electronic devices including smartphones, laptops and tablets.

Also, WiFi is available in public places such as Airports and Restaurants.  Identity Thieves, Hackers and Criminals take advantage of WiFi because it is convenient for users to access personal information.

1.  Avoid accessing your bank accounts & online stores:

When using public WiFi, it is best to avoid using your credit card or banking information.

2.  Double check the WiFi name:

Prior to connecting to a public network double check with an employee for their network name.  Identity thieves can create a false Hot-Spot, have users connect and then steal personal information.

3.  Turn-Off “Auto Connect”:

Stay in control of what networks you connect to, smartphones have a setting that automatically connects you to the closest open network.  Simply, turn this setting off to decide what networks to connect to.

4.  Never use the same Password:

An additional step you can take to keep online accounts safe is to use different passwords for each account.   Using the same password makes stealing your information easier for criminals.

5.  Check the Lock:

The extra layer of security is the locked padlock in the address bar of your browser or “https” which means that your information has been encrypted.