Posts

A data breach could cost your business everything if you don't have the correct remote cyber security measures in place.

The Cost of a Security Breach: Is it Always Business As Usual?

What is the Cost of a Cyber Breach?

A hacker stealing your information during a cyber breach is a bad situation. However, a hacker stealing your business’s information might be worse.

Running a successful business always implies a degree of risk. However, in today’s day and age, companies are finding themselves encountering a form of risk that often goes unnoticed: cyber attacks.

If a cyber criminal launches a cyber attack on your business the damage could be irreparable.

Think about it. A cyber attack leads to a huge loss of profit and productivity but thousands of dollars in fees. Not to mention the loss of business that follows.

The average cost from damage or theft of IT assets and infrastructure increased from $879,582 in 2016 to $1,027,053 in 2017.  The average cost due to disruption to normal operations increased from $955,429 to $1,207,965.

Even worse than this, according to Inc. 60% of all small business fail within 6 months due to cyber attacks.

41 percent of companies have over 1,000 sensitive files open to everyone, according to research by the Varonis Data Labs.

How Do Cyber Attacks Work?

Cyber attackers look for unsecured folders the moment they gain access to a network. Why? Because folders open to global access groups.  Global access groups include everyone, domain users and authenticated users. This gives them easy access to business plans, customer and employee data, credit card information and much more.

Overexposed data presents a huge risk to businesses of all sizes regardless of the industry or location. For small and medium size businesses, however, it could mean millions of dollars in losses, reimbursements, and legal fees that end up bankrupting the business.

Small businesses are often targets of cyber crime, yet invest less than $500 in cyber security.

What Are The Most Common Types of Attacks?

 

In the Ponemon study, 48 percent of small and medium sized businesses (SMB’s) report social engineering/phishing were the most common kind of attack.

54 percent of respondents in the study claimed data breaches occurred due to negligent employees or contractor.

Cyber Attacks in Remote Work

Phishing attacks:

Phishing is considered the top cause of data breaches. Hackers send apparently legitimate emails with dangerous links or attached documents. When a target clicks on the link or opens the attachment, a hacker gains access to their device. The link will contain malware or ransomware that corrupts and freezes important data.

Employees might work on personal devices which might not have the same protections as a company owned computer. As a result, the personal device might be more vulnerable to malware and other viruses. Make sure you use a company issued device whenever possible. Not just for the sake of the company, but for the sake of the remote employee as well. No one benefits when a device is breached.

Insecure Passwords:

53 percent of people rely on memory to keep track of their passwords. Therefore, they choose passwords that are easy to remember.  That makes it easy for a hacker to decipher an employees password by simply going through social media. It allows hackers to even access various accounts if the employee is using the same password.

Wi-Fi Security in a Remote environment: 

In an office environment, IT departments can protect employees and control network security. In a remote environment, however, employees probably don’t have the same protections. Hackers exploit networks with WEP security protections rather than WPA2, for example.  WEP settings are the standard Wi-Fi protection for average users.Even inexperienced hackers can download tools that allow them to break through this type of network.

Remote workers don’t realize how insecure they are until something happens. All remote employees need to consider what type of network they have at home before accessing company data. Using a VPN (virtual private network) also helps in protecting against certain types of attacks on remote workers.

During the lock-down period in 2020, there were record spikes in cyber attacks on remote workers. Hackers leverage remote workers’ devices to gain access to systems that would otherwise be more secure.

The Damage You Don’t See

Even assuming an SMB survives a cyber attack financially, the reputational damage would be just as catastrophic.

Security is everything in a business, both internally and to prospective clients. If a cybercriminal hacks your business, exposing your data, no one will want to take the risk of doing business with your company. The perception that your business is unreliable or even a liability can destroy your credibility and tank your business completely.

In the worst of scenarios, you may not even notice you’ve been breached for weeks or months, at which point recovery will be next to impossible.

One of the reasons so many businesses fail is because they have an inadequate strategy for managing cyber attacks.  SMB’s may have fire walls, anti-virus software, malware protection, and encryption but they don’t plan for the event of an actual breach.

While businesses focus on keeping attackers out, the actual data itself remains accessible and vulnerable to attack.

Businesses are losing more records in a data breach. Companies represented in the Ponemon study lost an average of more than 9,350 individual records as a result of a data breach in 2017, an increase from an average of 5,079 in the 2016.

A business needs a fully redundant system to access their applications and data and regular offline backups stored in multiple onsite and offsite locations.

Nerd Support’s experienced team can guarantee a secure business and keep your data safe. A breach doesn’t have to mean failure.

With a business continuity plan that is tailored to your needs your needs, you can get peace of mind knowing your information is safe.

Contact us today for a FREE IT Test! Or call us at 305-551-2009.

Nerds Support Contact Us Leaderboard

A team working on a an IT solution project

Three Easy Ways to Improve your Security

Cloud-based storage and computing lets you get out of the IT business and focus on doing running your business. It’s also, as we’re about to see, far more secure than traditional servers and storage.

Even now, more companies are depending on the benefits of cloud tech for remote work.

Furthermore, there are many big name companies that have found success by migrating to the cloud.

If you’re a smart business owner, you’ll see the writing on the wall. Cloud technology is essential for businesses’ success.

So without further ado, here are three ways to take advantage of cloud security:

1. Move your files to the cloud

Cloud file sharing and storage saves you from disaster. Say bye to lost attachments, file size limits and unsecure collaboration. More importantly, it puts the security of your files in the heavily-protected server room of an IT partner or technology provider – so you have a far safer back-up of all your files as well. It’s the easiest of all the cloud security steps and it dramatically improves your security overnight.

Security

Business owners use the cloud because the data stored on it is safe. Why is it safe? Because data stored on the cloud is distributed through redundant servers and never stored in just one place. Meaning, hardware failure of any kind becomes a non-issue.

If there is damage to your hardware due to a flood, storm or any other reason, your information remains secure.If a company like Cisco is vulnerable to a power outage chances are you are too.

Cloud servers also have automatic backups and multi-factored authentication to prevent data loss or theft.

This is especially helpful if your company has valuable or sensitive data. Security features on the cloud help protect against social engineering techniques like email scams. However,  there are also safe practices when emailing that can help mitigate threats.

Cost Savings

Annual operation costs drop significantly when using the cloud. Rather than pay for Internal IT software, everything is stored online or in a private server. Separate storage becomes unnecessary and so does much of your hardware and software costs.

Easy Sharing

If you’ve ever used Google Docs or Dropbox, you’re probably familiar with file sharing. File sharing is function of the cloud. A cloud environment facilitates remote work, communication and increased productivity as a result.

CIA uses the cloud for their most sensitive data and workloads

2. Move your applications to the cloud

Save over $30,000 a year by switching to the cloud per application

You probably already use cloud apps too. Facebook, Gmail, Slack or Office365 are all examples of cloud tech. However, you can also put your most important on-site apps, the ones stored on your computer, on the cloud. Application virtualization transforms any non-cloud app into a cloud-based app, easy, so your users  can access it from any device. 

Examples include :

1 . Quickbooks

2. Descartes

3. Thomas Reuter

For example, Nerds Support is a Quickbooks hosting provider. Which means businesses looking to adopt Quickbooks application services through us. Cloud based applications like Quickbooks are the best options for businesses that need to work remotely. Quickbooks hosting for remote work is a popular option among medium and small business for its accessibility.

Those times that you leave your laptop at home and have to rush back to pick it up before your 10 am meeting are gone. You can access that Excel and Powerpoint presentation in an instant.

Automation & Backups 

Creating data backups is among the biggest issues businesses face. Between dealing with complex client data, customer service, and business operations, it’s hard to remember to back up files and valuable information. This makes you vulnerable to data loss. With cloud storage, data backups are automated and routinely performed to prevent data loss or correct data mistakes that may arise. 

Data backups are good for medium and small businesses for many reasons. They also prevent ransomware attacks like the ones that plagued New Orleans in 2019.

3. Move your desktops to the cloud

Managing many PCs is a lot of work and can lead to many unsecure devices. Simply because businesses don’t have good data management practices. Your users can work on any device, any browser, anytime. And if they leave their laptop in an Uber, the airport, or at home, no problem.

Contact us today to start migrating your apps to the cloud. 

Outsourcing your tech responsibilities creates opportunities to scale and grow your business. But also consider what kind of cloud provider you’re trusting with your operation? You also need to establish a cloud migration plan. 

Nerds Support has over 17 years of experience, working with small and medium sized businesses in IT Cloud Solutions.

Nerds Support Contact Us Leaderboard

Outdated technology causes issues for future situations

Outdated System Creating Issues For Those Filing For Unemployment

Outdated Systems

As the temporary shutdown forces millions of people out of a job, millions of Floridians struggle to file for unemployment due to the Florida Reemployment Assistance Program’s outdated website.

These website crashes leave many Floridians confused and desperate to find work. The system used by the Florida Economic Opportunity is called CONNECT. The CONNECT system runs on a software that dates back to 2013. Some of the system framework used to build the application seems to date back to the time of Governor Rick Scott.

Connect Keeps Crashing

The CONNECT system doesn’t seem to have been designed with an end date in mind. In other words, there was no plan put in place to replace or update it.

This results in slow and unstable connection to the site when users open the program from a P.C. using Windows 7 or newer.

The Cloud is Constantly Connected

To avoid the hassles of running complex software and storing and processing large chucks of data, businesses and government agencies outsource these processes to cloud service providers like Amazon Web Services or Nerds Support. That way, applications and programs are scalable and operate more efficiently.

The CONNECT system was developed before the time of cloud computing was as popular as well known. Governor Ron Desantis himself has acknowledged a flaw with the website.

“The website would be down more than half the time, it would take seven second just to connect through,” he said. ” It may have been okay in 1996, not in 2020.”

Old Browsers Beat Beyond Belief

Considering Windows 7 itself has recently reached the end of life period, you can image how problematic it is for people trying to use the current system.

This is why so many people in Florida struggle to file for unemployment.

This, however, is not an isolated incident.

Labor Department Lagging Log ins

New York’s State Department of Labor also experienced a flood of traffic to their website as people try to apply for unemployment as well.

The governor of New York got various tech companies to work on the infrastructure of the website. Furthermore, it increased server capacity and assigned 700 staff members to an unemployment insurance hotline.

Filing Formula Fixes Freeze

The State Department of Labor also asks to reduce the surge of traffic by scheduling when citizens file. For example, people with last names A- F apply on Monday, last names G-N apply on Tuesday, and last names O-Z apply Wednesday.

In Florida IT experts admit the existing website hasn’t been developed beyond earlier browsers. In order to navigate through the existing site, users would have to use an older, or outdated browser that functions better with the site.

Wednesday, April 8, Florida did provide a second website that was easier to use on smartphones and tablets. This helped ease the influx of traffic but many of the findings from the Office of Florida Auditors have not been addressed.

Word To the Wise From the Web

This should be cautionary tale for businesses with outdated IT or unaudited systems. This period of remote working should be an opportunity to review your IT network and infrastructure and ensure everything from security to data and filing systems are updated.

Even outsourcing some of these tasks to a cloud provider can dramatically increase the productivity and efficiency of your business.

If you’d like more information on cloud, cyber security, remote work or managed services visit our blog or contact us at 305-551-2009.

 

Scammer calls citizen who just collected their stimulus check

How to Stay Protected Against Stimulus Check Scams

Stimulus Check Scams

President Donald Trump signed a Coronavirus Aid plan that would guarantee millions of Americans stimulus checks from the government.

Although many may see this as a positive, there are scammers looking to profit off this plan. Remember there is no sign-up required to receive the stimulus check. The process is automatic for all qualifying Americans.

How Will I Be Contacted?

The IRS always contacts taxpayers through traditional mail. Therefore, if you receive a phone call, email or text message from an “IRS official” stating you need to apply or register, it’s likely a scam.

The treasury department makes it clear on their website: “If you receive calls, emails, or other communications claiming to be from the Treasury Department and offering COVID-19 related grants or stimulus payments in exchange for personal financial information, or an advance fee, or charge of any kind, including the purchase of gift cards, please do not respond.”

How Much Will I Receive?

Americans will receive up to $1200 per person in the coming weeks and parents will receive an additional $500 for each child under 17 years of age.

Furthermore, the IRS clarifies that the agency will post any additional information when it’s available at www.irs.gov/coronavirus.

How Will I Get The Stimulus Check?

Those who file their tax returns electronically and provide the IRS with their bank information will likely get their payments earlier via direct deposit. Some 88% of individual returns were filed electronically in 2018.

Individuals who file their tax returns electronically get their payments earlier through direct deposit.

What if I Don’t Have Direct Deposit?

Those who did not provide the IRS direct deposit information on their 2019 or 2018 tax return will get that opportunity in a new government online portal. This way, citizens won’t have to wait for the check in the mail.

Paper checks are expected to take longer to arrive.

However, details about this online portal have not been released. Until the IRS releases an official web address and further guidance, don’t give out your personal banking information online.

What Types of Scams?

Scammers are taking full advantage of Americans’ financial vulnerability right now.

Details regarding the portal have not been made public, however. So, until the IRS releases more information on the website provided above, don’t give out any personal information.

Scammers target financially vulnerable people the most. The greater the desperation the easier it is to extort and manipulate them.

There have also been reports of fake checks going around. However, if one is informed they have a better chance of not falling victim to these scams.

How Do I Know I’m Being Scammed?

Any and all checks delivered by mail now are scams or fraudulent. It will take the government at least a few weeks to mail out considering the bill was only passed Friday, March 27.

Additionally, any check you receive in the mail that requires online verification or contacting a given number is also fake. Be skeptical of checks for odd amounts of money, specifically checks with a cent amount.

The government stimulus will be for an even amount of money regardless of the amount received.

What Kinds of Scams should I Expect?

Any emails with suspicious links, text messages or even voice messages you receive regarding payment is probably a social engineering scam. If you receive an email that fits the description above, don’t open anything. Simply file a complaint with the FBI or Federal Trade Commission.

This applies to businesses as well. If you are working remotely and find yourself reading an email regarding the stimulus check, contact your IT department immediately. It is always better to be safe than sorry.    

According to CNBC report, coronavirus phishing scams are rising.

The Federal Trade Commission and Federal Deposit Insurance Corp. issued warnings for Americans to be keep aware of cybercriminals who attempt to steal form users with COVID-19 related content.

Scammers work best when they hide behind legitimacy. Therefore, they use headlines, current events, trends and personal information to trick victims into giving up valued information.

Stoking fear and uncertainty is a tried and true method of manipulating a victim. Capitalizing on ignorance is the best method.

Those who don’t keep up with the news or are unclear about the specifics of the stimulus plan passed by President Trump’s administration are likelier to make a mistake than those who aren’t.

What Do These Attacks Look Like?

Scammers launch phishing attacks, through email and text to take advantage of those who have received checks. Often, these messages appear authentic, usually with a call-to-action such as “download our guide to using check” or “Get your money now, click here.”

If you are currently working remotely, contact your fellow employees, team members or IT department to verify any and all emails received. Have a strong cyber security plan in place.  There is strength in numbers and communicating doubts is the best way to deal with uncertainty.

Make sure you have a VoIP system in place to coordinate and communicate with your team, employers, or IT department at all times. This could be Skype, Zoom or any other online communication system.

Hackers are using this time of social distancing and isolation to their advantage, hoping that victims won’t verify the phishing emails they send out.

Having a reliable network of trusted experts or peers is good way to protect yourself from falling into one of these scams.

Employee working remotely at home on his laptop securely connected to the cloud.

Top Practices for Businesses Working Remotely

Working remotely, as we have seen in recent times, has become increasingly necessary to maintain a productive and profitable business. It is also an invaluable asset for any business continuity plan. If an unforeseen natural disaster or power outage takes place, organizations need to be prepared to continue operations.

A good example was in spring 2020 when the Securities and Exchange Commission became the first federal agency to encourage remote work for employees.

Although remote work is ideal for some, it can be an adjustment for others. And if you run a business or work for a businesses with sensitive data, how do you ensure your information is safe outside of the office?

Working remotely does not provide the same level of security that an office would. Furthermore, the environment in which you find yourself working might have present challenges to data security.

Here are some rules and policies we suggest when working remotely. Even when working on a cloud  environment, you must practice caution and communicate regularly to maximize the remote experience.

Communications

Periodic Check-ins

Working remotely requires daily and frequent calls with one another. A manager especially must take actions to establish calls with remote workers. Whether they are in the form of on-on-one calls or team call, if they are collaborating on a project.

There is no such thing as over-communication

Periodically notify your superiors of any information you might consider important. If there’s a doubt about the relevance of some information, share that also. In the case of remote work, nothing is too insignificant.

Clarify to your team all expectations moving forward

Communicate priorities and establish metrics for success. Remote work is more efficient when expectations and policies are clear and understood.

It’s also important to let employees know the best way to reach you and at what time. Nothing must be left to the imagination to successfully deploy a remote operation.

If you are off to lunch, notify for how long. When you return, notify your team. It’s crucial that all employees understand what the goals and directives are to avoid repeating efforts.

Track your progress

Keep track of your progress by documenting it and sharing it with relevant personnel. A work long with specific time slots for each task is particularly helpful in this case. It could be done in an excel sheet or a notebook. The medium is less important than the method. So long as it helps keep things organized.

Cloud computing keeps your remote business operations secured & accessible

Security

Stay away from public networks, encrypt your web connection, or use a personal hotpot

A public Wi-fi connection like the ones found in coffee houses and some restaurants create a risk for remote workers. In a public network, a threat actor or hacker can easily make their way into your device without a firewall in place. Moreover, anyone on a public network could easily monitor your traffic as well.

For these reasons it’s crucial that you keep your devices protected and secure.

Personal Hot-Spots

Using a hot spot eliminates the problem of a hacker jumping on the network you’re using. Although your web traffic remains unencrypted, your data stays safe. This will count against your cell phone data but it is worth the extra costs.

Most cell phone carriers there’s a minor fee for using hot spots but the alternative could cost you much more. And with the advent of 4G and 5G networks, hot spots are just as fast as home network connections.

VPN’s

A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.

VPN’s are another solution if you find yourself working in a public network. A VPN, or Virtual Private Network, enables you to create a secure connection with another network through the internet. These networks are often used to shield browsing activity from anyone snooping around on a public Wi-Fi network.

A VPN connects your device to a server that then connects it directly to the internet. But you must make sure the VPN you utilize is secure because hackers have been known to target unpatched VPN to access the user’s information. They usually do this via phishing scams that users interact with through a fake email.

This leads to the next point:

Encrypt your email and devices

If you have the proper safeguards in place, like email encryption and multifactor authentication then your data will remain secure no matter where you work from.

There are many software companies that provide encryption for email. Retruster, is one such example but there are others. This gives you added protection and peace of mind when working remotely.

Malicious actors often leverage current, events, personal information , or natural disasters to manipulate targets through phishing emails. An example of this was in spring 2020, when there were instances of hackers using the COVID-19 outbreak to send malicious emails to users.

Multi-Factor Authentication for Secure Devices

Multifactor authentication is a security system that requires multiple methods of authentication from independent credentials to verify user identity. In other words, it is a system that requires verification from a cellphone and a computer, for example, to then access data on your devices.

Having these measures in place creates a secure environment that facilitates remote work. None of these measures work in isolation. If communication is not up to par with data security or vice-versa, your operation will be compromised.

In Conclusion

What is most important is ensuring all members of your team are meeting your requirements, communicating effectively with one another and avoiding unnecessary risks like joining insecure networks or leaving devices unattended or unencrypted.

 

Nerds Support Contact Us Leaderboard