IT-Support-Miami-Cybersecurity-Blog

Cyber Attacks Happen: Build Resilient Systems

You can’t stop all attacks or build the perfect defense system. The higher-level objective is resilience.

Every week, billions of cyber-events batter government networks. Millions of these attacks hit at network speed, and thousands succeed, as reported by the Homeland Security Department’s US Computer Emergency Readiness Team. The US Navy alone was attacked more than 1 billion times in 2016. Although security analysts strain to counter these breaches, mostly with manual processes, it’s likely terabytes of data are stolen.

Given this dynamic landscape, you might think federal CIOs are getting more resources to defend against mounting cyberthreats. They’re not. Money and security expertise are in short supply, meaning agencies need to innovate. First and foremost, they can no longer take a piecemeal approach to information security. A holistic strategy that incorporates real-time risk management and continuous monitoring is the only way to go.

To help companies build these more-resilient systems, the National Institute of Standards and Technology, in collaboration with the Defense and Homeland Security departments and private sector intelligence communities, has come up with security controls that focus on mobile and cloud computing, application security, the insider threat, supply chain security, and advanced persistent threats.

So it comes as no surprise that more than half of the respondents to Information eek’s 2014 Federal Government IT Priorities Survey say cybersecurity/security is the top priority in their agencies. Seventy percent rate security as “extremely important,” with another 16% viewing cyber-security/security as “very important.”

Federal managers want to know “how to stop the bleeding,” says Ronald Ross, project leader of NIST’s FISMA Implementation Project and Joint Task Force Transformation Initiative. You can’t stop all attacks or build the perfect defense system. The higher-level objective is resilience. “What does it mean to have an adequate degree of resilience in a modern information system that supports critical missions?” Ross asks, in a question that’s neither rhetorical nor unique to federal agencies. State and local governments as well as private sector companies are struggling, too — anyone with valuable information and using very complex high-end technology is subject to the same types of threats.

Resiliency means “becoming healthy after something bad happens,” says Bret Hartman, VP and CTO of Cisco’s security business group. “That is a good way to think of security because it’s impossible to stay healthy all the time.” Agencies should consider the attack continuum and which technologies they need in place before an attack occurs, during an attack, and after the attack to do systems remediation. This last area is still maturing and is where the biggest challenge lies today, Hartman says.

Time for better cyber “hygiene”
To address resiliency in federal government, NIST and its partner agencies are focusing on two tracks: improving “cyber hygiene,” and designing IT system architectures that can bounce back from damage and contain attacks. A good way to view cyber-security, says Ross, is to have a way to address areas “above the water line,” such as known patching and maintenance, and those below the water line — problems you can’t see that could cause trouble and inflict serious damage without warning.

Cyber hygiene focuses on tasks that security administrators deal with daily, such as promptly updating operating systems and applications with the latest security patches or making sure all operating systems and network devices are configured properly to close down attack vectors that could be exploited. IT must also assemble and maintain a complete inventory of everything on the agency’s network and the information it has to protect.

With NIST 800-53 R4, the government is starting to address security below the water level, too. Specifically, we’re talking about contingency-planning types of controls, which allow agencies to define alternate processing capabilities, storage sites, and communications plans in case of a natural disaster, like a hurricane, or a cyber-attack. “We have contingency plans in place and run those exercises as frequently as we need to, so when the event happens, we can move smoothly into that backup scenario,” Ross says.

Data Security

What is the Wi-Fi hack and how does it affect Business IT Solutions?

On October 16, 2017, the United States Computer Emergency Readiness Team sent out an alert regarding vulnerabilities of Wi-Fi Protected Access II. This is also known as WPA2. This news will impact all businesses on perhaps every scale. However, with the right education and precautions, your Business IT Solutions will remain intact. Our IT Support Miami experts will help you stay steps ahead of your competition. Below, you can find out everything you need to know about the attack.

What is WPA2?

WPA2 is a type of technology that provides network security to Wi-Fi networks. The software, WPA2, is a shorter name for Wi-Fi Protected Access II. All hardware has had this technology since 2006 and has become the standard for fighting data encryption. In it’s creation, WPA2 became a replacement of the original WPA technology. During it’s time, the technology had the most up-to-date encryption standards. Since then, the technology has received regular updates.

On October 16, the US-CERT issued and alert that says if you have a router with WPA2 security, your devices are hackable. This means your device is in trouble if you have Wi-Fi Protected access. In addition, hackers can see your personal information and do anything they want to it.  Marty Vanhoef, a Belgian security researcher exposed the vulnerability. He will be discussing KRack attacks more in depth later this year.

What is the attack?

The vulnerability in the WPA2 Wi-Fi protocol makes your computer prone to Key Reinstallation Attacks, or KRack for short. A KRack attack disables a Wi-Fi router’s security and makes your information prone to whoever is roaming through the same network areas as you are.

You can watch a video of the process below:

If you notice in the video, a potential hacker would only need a few tools to find important login information. Furthermore, if a business owner thinks their company information is not secure, this could be potentially dangerous for vital company information. So far, there have been no major cyberattacks regarding KRack. However, you should know that if an attacker were to gain access to your router, they could manipulate the data by adding a type of ransomware or malware to the computer. In a year full of cyberattacks, it is entirely possible that a hacker would benefit from this type of attack.

Is My Business Protected?

With this information finally in the open, the most common concern is having a safe business. If your company has any vital information, you must check if it’s on any affected software. If so, you company might be prone to cyber attacks. Therefore, it is important to know the affected software so you, as a business owner, can start figuring out how to secure your business quickly.

As of October 18, the US-CERT confirmed the following affected vendors:

  • Cisco
  • Google
  • Intel Corporation
  • Samsung Mobile
  • Toshiba Memory Corporation

As of October 18, the US-CERT confirmed the following unaffected vendors:

  • Arista Networks, Inc.
  • Check Point Software Technologies
  • Internet Systems Consortium
  • Internet Systems Consortium – DHCP
  • MikroTik
  • VMware

For the full list of affected vendors, you can click here.

Even if you work with unaffected vendors, you should still update your devices. This way, you can ensure that your company may be as secure as possible. As a result, any important business information that you have will remain secure. If anyone in your company keeps information on affected software, you need make sure your data is safe. By doing this, your company will be safe and you won’t have to shut down. 

How Can I Keep My Business IT Solutions Safe?

In the past, our data backup and recovery team has always advocated for the importance of securing your passwords, installing the proper firewalls or anti-viruses and, of course, conducting regular data backups. Updating your devices to the latest software is the best way to prevent KRack attacks. However, if you are a South Florida Business who wants more security for your business, you can trust Nerds Support’s Business IT Solutions to help business owners in Miami, Doral and Ft. Lauderdale to fight against hackers to keep their information safe. Our IT Support Miami service providers work round the clock to you can take comfort in knowing that your business information will be safe from cyberattacks and other disasters. All your information will be safe from malware with Nerds Support’s secure servers. MSPmentor, The Channel Company and, most recently, The South Florida Business Journal have recognized our Business IT Solutions.  Most of all, Nerds Support has helped many small to medium-sized businesses through difficult times and during a time where cyberattacks have been consistent, our Data Recovery Miami team is ready to keep your business safe too. To schedule a consultation, please call 305-551-2009 or fill out a contact form here.

Cybersecurity

Cyber Security Awareness Month: Five Takeaways from the Biggest Cyberattacks of 2017

In 2017, it is both fitting and ironic that October would mark the beginning of Cyber Security awareness month. This year has transformed into a year defined by fervent protest, natural disaster and cyberattacks. It seemed as though on a constant basis, households and business owners all alike would wake up to another cyberattack . Some of the most high profile cyberattacks could be listed below:

  • WannaCry
    • Wannacry is a strain of ransomware that was spread around the world, targeting hundreds of thousands of companies, most notably British Hospitals.
  • Equifax
    • Hackers had targeted over 140 million Americans in a security breach. The hackers were able to access credit card numbers, social security numbers, addresses and other personal information.
  • CCleaner
    • The PC cleaning tool discovered that hackers were able to infiltrate the program and transmit user data for criminal use.
  • Whole Foods
    • In some locations, cyber attackers stole credit card information.
  • Hurricane Scams
    • Fake charities were taking advantage of those who wanted to give to hurricane victims. Meanwhile, on affected territories, fake companies, or people posing as federal agents, were scamming hurricane victims.
  • Las Vegas Scams
    • Homeland security has issued an alert telling people to avoid giving money to unverified charities. There are also orders to not open any suspicious emails relating to the shooting.

Considering all that has been happening in the world lately, it’s really easy to forget about protecting your business data. But Ransomware as a service (RaaS) has transformed into a full business model. Meaning, it is more important than ever to have a disaster protection and data backup plan.

Looking forward to the rest of the year and beyond, here are some precautions that will make your business more secure for the next malware attack.

Secure Your Passwords

Our Miami IT Support experts are password security’s biggest advocates. As they may have mentioned time and time again, keeping your passwords in a safe location is a great way to prevent ransomware attacks. Be sure to keep your passwords on a secure file in your cloud and restrict access to anyone who wouldn’t need to know all of the passwords on the file.

Backup Your Data

Most experts agree that keeping a backup of your data is the best way to fighting against ransomware attacks. Backing up your data means that in the event of an emergency, the last saved copy of your data will always be handy, so you don’t lose vital company information. Experts say that it is important to back up your company’s data to an external device so that if your company becomes the victim of a ransomware attack, your data can simply be accessed from another device. Your data would be backed up on to one of our secure servers, if you were a client of Nerds Support, . That way if you have become a victim of a cyberattack, our Miami IT Support experts can take off the malware while you can resume your work on a different computer. Our 24/7 IT support experts backup client data every day. Our business IT support experts also check your files on a day-to-day basis to make sure any encryptions and malware doesn’t go into our secure servers. This ensures that your data backup and disaster recovery plan is implemented to its full potential.

Educate Your Employees

Teaching your employees on how to spot phishing emails is a great way to avoid ransomware attacks. As our Miami IT Support providers have said before, most ransomware attacks happen through email. When your employees know the difference between a company email and a malware email, you company is all the more secure. Below are some things that a business owner can tell employees not to do:

  • Do not open emails from addresses that you don’t recognize
  • Do not open emails with attachments that are labeled “.PDF.zip” or “.PDF.rar”
  • Do not give company (or personal) information to any unprotected websites

Current employees and supervisors should also beware of rouge employees. Rouge employees are employees that break company rules in serious ways. These offenses can range from hacking other employee accounts to taking hundreds of thousands of dollars from the company. Tell-tale signs of a rouge employee include:

  • Claims that the rouge employee can hack other co-workers
  • The rouge employee knowing information that they shouldn’t know
  • Suspicious online activity detected

A company should train all of its employees to know the signs of a possible cyberattack. A cyberattack can come from a rouge employee or a suspicious email. Therefore, if an employee that believes their company is receiving suspicious emails or a victim of suspicious activity, should report it immediately. Reporting it would mean the difference between keeping your company safe or becoming a part of a statistic.

Install the Proper Antivirus

While most antivirus software cannot fight against a malware they do not know about, antivirus software is still a great thing to have when fighting cyberattacks. Many experts say that another great tactic is to whitelist software. Whitelisting Software simply means that instead of banning different types of software, you list types of software that you want on your servers and your servers allow only the software that you approve of.

Hire a Team That is Will Prevent Cyberattacks

Nerds Support’s Data Backup and Disaster Recovery Plans are some of the best in Miami. Our IT Support providers agree that having a business protection plan is one of the best things a business owner can do for their company. With recognition by MSPmentor and other high profile companies, we don’t settle for anything less than the best technology to combat hackers, malware and any type of disaster that a business can encounter. When you hire our Miami IT Support experts, you get more than just an IT team. You get a dedicated group of individuals who become part of your company and who want to keep your company safe as much as you want to.

To find out more about Nerds Support’s Data Backup and Disaster Recovery solutions, call us today at 305-551-2009 or fill out a contact form here.

Wanna Cry Protection

With IT Services in Miami, You Don’t Have to Worry About Ransomware

Since its sudden increase in 2015, Ransomware has become more than a cruel petty crime…it has become a full blown illegal business model. The profits crypts have taken from this crime have turned Ransomware into a billion dollar business and if your company has not experienced any sort of attack yet, then our Managed IT Support team recommends that you take the time to read this article and follow the necessary precautions to prevent a Ransomware, or other cyber security, attack. Since its sudden increase in 2015, Ransomware has become more than a cruel petty crime…it has become a full blown illegal business model.

Ransomware-Prevention-NerdsSupport-ITservices-Miami

How Do I know if I have Ransomware:

Warning signs of ransomware is not an easy thing to detect, but that does not mean they are impossible to detect. Our IT support team has found some of the following to be common signs of a Ransomware attack:

• Slowdown
• Pop-Ups
• Running out of hard drive space
• Unusually high network activity
• New browser homepage, new toolbars and/or unwanted websites accessed without your input
• Unusual messages or programs that start automatically
• Your friends tell you that they are getting strange messages from you
• New, unfamiliar icons on desktop + battery life drains quickly

However, some malware is so advanced, that most companies don’t even know they are in danger of a ransomware attack until the attack has already been carried out. If your computer has experienced any of these symptoms, our IT consulting experts advise that you do not touch the laptop and that you call your IT support team for help. With a great engineer team, like the one at Nerds Support, Inc. you can assure that your cyber security plan will be the most secure one in Miami.

How Does Ransomware Spread?

Another way that ransomware can spread is through spam emails. Once a computer becomes infected with a type of ransomware, like wannacry, the virus goes through your computer to see the people you have interacted with, typically through email, and they begin sending the virus to your contacts, in the form of spam email. With Nerd Support’s expert Managed IT team, you can assure yourself that your inbox will be monitored and you will be made aware of any suspicious emails. In all cases, it is important that you delete every suspicious email that you get. To protect your email, you should try to delete any strange emails that appear to look like spam. You should also try to stay off of strange or inappropriate websites, to further decrease the risk of a virus. However, the simplest way to assure your internet security is to call a great IT consulting firm to monitor your servers, or move you into the cloud.

How You Can Prevent a Ransomware Attack?

The easiest way to prevent a ransomware attack is to have a great security protection plan in place. A great IT company, like Nerds Support, would already know the perfect plan to protect your company, no matter what size, and their 24/7 IT Support would mean that a cyber attacker would never take your business by surprise. Finally, the best way to prevent a cyberattack, whether it is ransomware or a Trojan horse, is to have the right software on your computer.

Nerds Support engineers pride themselves on having the most important certifications and years of experience to provide companies with the IT support that they deserve. Our company knows the importance of having a secure company and works non-stop to make sure that your company is safe from all types of malware, including some of the most dangerous viruses. If you’re looking for a Miami IT support company that can make your company the most secure company, then you need to consider Nerds Support, Inc. You can leave us message on our website or you can call 305-551-2009.

Use social media for more than marketing

Use social media for more than marketing

Social media has become an important part of any business’s marketing strategy. By having an active presence on the main networks, you will likely see increased sales and or brand recognition. So, while social media is an invaluable marketing tool, there are also other departments which could benefit from it.

Below are four non-marketing oriented uses of social media that businesses could benefit from.

Hiring
LinkedIn is a social network dedicated to helping professionals and organizations connect, find jobs and new talent. Most social savvy companies will have a presence on this network and may even hire exclusively from here.

If you are looking for new employees, it wouldn’t hurt to have a LinkedIn profile. To find the best talent, you need to forge and maintain connections (usually starting with people you know), and be somewhat active in groups and on message boards.

It’s also important to not forget the other major networks when it comes to hiring. Tweeting a job opening on Twitter, or posting ads on Facebook could also help you find your next employee. Facebook can be particularly useful because you can pay to target ads (in this case, job openings) at specific demographics.

Internal communications
Communication is an important part of the business, and most people choose to communicate using email. You have probably seen emails with jokes, invitations to after work events,  sent to the whole company and also received many replies that go with it. This can get very annoying, and also confusing.

Why not utilize social media for non-essential (aka. not related to work) communication. Set up a Facebook group where your employees can share content, invitations to lunch or after work gatherings, interesting stories, etc. That way you can limit email to more important, business-related aspects.

Using social media for internal communication is also beneficial for companies with younger workers. Most already see Facebook, Twitter, etc. as their main form of communication. Some even feel more comfortable communicating over this medium as opposed to speaking out in meetings. Having a group portal or Facebook page could give less-empowered employees a way to voice their ideas, and maybe even improve on them with feedback from others.

Learning
A common complaint of many business owners is that they have a tough time staying on top of ever-changing trends and what interests their customers. Using social media to connect with your customers can be a great way to learn not only hot trends but also about new ideas.

Customer service
When it comes to social media, users will often complain publicly on their wall or through their tweets. This is bad for you, as the reach of this complaint can go a long way and make you look bad. Some companies have decided to confront this head on by having specific customer service accounts. If a customer complains, has an issue, or even compliments you, be active and respond using that account.

If done properly, over time, you will see more and more people reaching out to your customer service account through social media. This also gives you another way to please clients or turn around negative customer experiences.

Social media and the various platforms are not only great for marketing but can be incredibly useful for other business functions. Do you have any other ways you use social media? Let us know. Or, if you would like to learn more about how it can help your company, then contact us today.