Posts

Hurricane destroying a business with no backup data, files, and continuity plan.

How to Prepare your Business for a Hurricane

ACCUweather, which provides global forecasting services,  predicted 12-14 storms in 2019. Of those, only about two to three strengthen enough to become a major storm (category 3-5). In 2020, hurricane season is projected to be “extremely active”. A research team at Colorado State University predicts 24 named storms, 12 total hurricanes and 5 major hurricanes.

It’s important that business owners understand what they can do to protect themselves and their workplace.

Preparing Your Business For A Hurricane

Storms can devastate homes, families and entire communities. For small businesses, recovering from hurricanes and tropical storms can take years. Sometimes, they don’t recover at all. The Golden Corral franchise restaurant in New Orleans suffered considerable damage after Hurricane Katrina.

Natural disasters can negatively affect businesses in a variety of ways. There are other kinds of disasters called operational disasters, which occur when a business loses an important manager or director, the conditions within the business become far too unfavorable to maintain productivity. Large and small businesses deal with the effects of disasters differently, mainly because larger businesses have more resources at their disposal for restoring their operations.

Create A Business Continuity Plan

The first thing to do before anything else is to create a business continuity plan as soon as possible, preferably long before hurricane season starts. A continuity plan can greatly improve your chances of a timely recovery after a hurricane, storm or any other natural disaster. Plans include detailed instruction for restoring operations after a natural disaster. Protect the components that are most responsible for sustaining operations first. It is important to make an appraisal of key elements within your business to really determine how you proceed.

51% of small businesses surveyed said that damage from a hurricane would be “extremely damaging” to their operation, according to survey by Womply. This is due to the damage that a hurricane deals to business assets during a storm. Networks, technology, equipment and data are among the litany of assets that are at risk during a hurricane. The Federal Emergency Management Agency (FEMA) has a Continuity Resource tool kit which gives businesses insight into how to adapt to rapidly changing conditions and make quick recoveries from operational disruptions.

Back-Up Your Data As Soon as You Can

Where are your assets located? A software company, for example, may have servers that operate within a warehouse away from the office. In that case you would have to ensure there are protections put in place to secure them. Back-up your data as soon as possible. Make sure your data is secured off-site.

For example, Nerds Support data center is located in downtown Miami in a secure building that can withstand a category 5 hurricane. If a catastrophic hurricane, more powerful than a CAT 5 were to hit, the servers would be moved to another secure location away from danger with the uttermost care. With today’s technology this is easier than ever. Cloud based services function as a way to secure data and ensure functionality for businesses so that they can work remotely or recuperate necessary digital tools to continue their operation.

Establish A Plan of Communications

Hurricanes can severely impact communication with staff. That’s why it’s necessary to plan accordingly should a storm cut off your lines of communications. 

  • Build a reliable communication tree between you and personnel. Even you’re working remotely, power outages can create a chaotic environment for your business processes. Communication is essential to keep a business running during or after a storm. Also communicating after the storm will give you insight into what employees are dealing with. That will help you manage your business more effectively overall and resolve these issues appropriately. 
  • Prepare for interrupted computer lines, cell phones, emails and landlines. Give employees resources where they can learn about closures and updates regarding the storm. Share as much as possible so that no one member of your team knows more or less than another.

No Office No Limitations: Working From Home is No Hassle At All

You can work from a different location regardless of the weather conditions or circumstances. Your workforce will also need to adapt and work with you to expedite recovery, but that will necessitate effective leadership on your part as a business owner. Many companies now have a mobile workforce that often have to move from the office to the field or work remotely from another location.

You need a system of communication that allows you to access the bulk of your workforce if not everyone simultaneously. It is important that you keep track of everyone’s location in real time and establish a plan of action. Look into who within your workforce travels most frequently and where they travel to. Establishing clear communication from within your team is essential to preserving organization and even moral. Confusion and miscommunication can lead to exacerbate tension and anxiety and create a perception that the storm is more severe that it is.

Download our FREE e-book for more information on how to prepare for a storm and how to weather any natural disaster this hurricane season.  Or contact us today at 305-551-2009, there’s still time to get prepared.

Nerds Support Contact Us Leaderboard

Coronavirus Malware Phishing Scams Thumbnail

How Cyber Attackers Use The Coronavirus to Steal Your Data

Coronavirus Email Scams

The recent coronavirus outbreak has motivated cybercriminals to send virus related malware attacks across the world.

Phishing emails claiming to possess information on protecting against the virus have appeared, spreading misinformation and malicious software. These emails encourage victims to open attached documents containing malware that can freeze or completely steal valuable data.

Scammers use fear and uncertainty to manipulate victims into infecting their computer with malware. However, incorporating tragic events, potential pandemics or natural disasters into their attacks is nothing new.

Beware of Phishing After Any Big Event

Attackers customize phishing emails to current or upcoming events like tax season, hurricane season, and holidays. Regardless of the occasion, the goal is the same: to access valuable information. The attacks prey on people’s desperation for answers and suggest that they have can give them to you.

Furthermore, there have been cases of scams emerging in places like Michigan and New York. Officials in these states are warning residents to be vigilant of emails asking for donations or personal payment card information.

Coronavirus scam emails were popping up in early February which prompted Michigan’s Department of Health and Human Services to warn citizens on their dangers.

The Federal Trade Commission even sent out a memorandum advising people on how to spot email scams and stay safe online.

Additionally, the FTC says cyber criminals could be setting up fraudulent websites that sell fake products using illegitimate emails, social media posts and texts to trick people into sending them money or personal information.

An example of a phishing email scam offering fake information about COVID-19.

Common attributes of a fake email are spelling and/or grammar errors.
If you receive a suspicious link, hover your cursor over it to view the destination url.

Protecting Against Coronavirus Phishing Scams

Here are some tips recommended by the FTC to keep safe against scammers:

1) Be suspicious of emails claiming to be from the Center for Disease Control and Prevention (CDC) or anyone purporting to be an “expert” with information on the virus.

2) Avoid emails that allude to any “investment opportunities.” Social scams will promote products claiming they can cure, detect, treat or prevent the disease are fake.

3) If you’re going to donate, do the proper research into the organization and payment method. Don’t be pressured to donate and especially if it’s through an email link.

4) Ignore offers for vaccinations. Ads that say they have the cure or treatment for coronavirus are probably scams. Any medical breakthrough will be announced on mainstream media networks.

5) For up-to-date information on the virus visit the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO)

Don’t Be Misled

These scams will continue to spread and they won’t go away any time in the near future. In fact, scammers will certainly take greater advantage of the misinformation and fear from media coverage.

Moreover, cyber scammers in China were reported sending malicious emails containing malware. It’s difficult to protect yourself from these types of attacks but

Threat actors also targeted users in Japan with a campaign that spread malicious documents with supposed information on the virus.

Unsurprisingly, these social engineers even sent emails impersonating the CDC to lure unsuspecting users into malware traps.

The Coronavirus is a real threat but it’s important to keep a level head and not expose yourself to even greater harm online.

Ultimately, even Facebook has begun planning to ward off misinformation on the virus. Other social media platforms have voiced concern about the spread of false claims on their platforms as well.

The virus has attracted the attention of a global audience but that doesn’t mean you have to fall victim to those looking to profit off of that attention.

Coronavirus Malware Phishing Scams Leaderboard

Summit Hosting Outage Ransomware Downtime Thumbnail

What Businesses Can Learn From the Summit Hosting Outage

The Outage in Summit Hosting

On Saturday, January 18 cloud provider Summit Hosting was hit by a ransomware attack.

Details regarding the breach are still unknown. What is known is that support has reached out to its users claiming they are working on resolving the issue.
A Reddit user claiming to be a client posted a letter he said he received from Summit Hosting after attempting to contact them.

The letter states that their cloud environment was hit by a ransomware attack and security systems detected the attack immediately, shutting down all 400 client servers as a result.

Cloud providers often market themselves as a safer, more secure, and more efficient alternative to on premise, or internal IT. The truth is, Cloud providers and Managed Service Providers (MSP’s) are susceptible to all the same risks other businesses face.

The issue arises when businesses looking to adopt a cloud-based infrastructure fail to understand what makes a cloud vendor trust-worthy or what to avoid when looking for a cloud vendor.

Here are four things to keep in mind about choosing a cloud provider.

Low Costs Cost More

Many vendors will offer you cloud hosting services for the deceptively low price of $100 a month or $58 a month to host a specific application. Potential clients then see the low price and immediately assume they’re getting a good deal. However, there are instances where the less expensive option can be the more dangerous one.

For example, would you feel safe going over a bridge that costs $400 or $40,000?

Lower priced cloud services imply the provider doesn’t have the resources to deal with bigger issues when they arise. When the price is cheap it typically means they’re cutting costs elsewhere, usually to the detriment of the user.

This could mean a sacrifice in cyber security tools, capable systems engineers or software.

Make Sure Your Provider Permits Storage Onto Your Servers as Well

Adopting the cloud is not, and should never be, an all or nothing affair. In other words, a cloud vendor should never prevent you from storing certain data on premise. If they do, then they should at least provide the capability to access and save important data onto your internal servers as well.

This safeguards your business against a complete halt of productivity and even temporary shutdown should your cloud provider experience an outage or a cyberattack. What good are cloud-backups if you can’t access them?

When discussing your service contract, or service level agreement (SLA), with a vendor you can choose to keep certain mission critical data on your own servers. Furthermore, no business is the same. Not even businesses within the same industry are the same. Therefore, it makes sense that one business would require different kinds of services on the cloud than another.

Look for a Team with a Fast Response Time (No Longer than 12 Minutes)

When a cloud provider experiences an outage for whatever reason, your provider should always be able to respond quickly and efficiently.

To illustrate my point, It’s important to highlight the differences between a public cloud and a private cloud. If something goes wrong with a private cloud, you’ll typically have someone to call. With a public cloud it’s only always included.

Public cloud vendors like Azure, offer one-on-one support only if you purchase their support plan separately. With Amazon Web Services, you must submit a support request through their website and wait for a response.

The most important thing, however, is that you’re given a point of contact. This can be an engineer or even the CEO of the cloud provider.

But just because you have a private cloud vendor to call, doesn’t mean they’ll be timely in their response. After the outage in Summit occurred, support was unable to efficiently respond to its 400 clients in a timely fashion.

As a result, the 400 clients were left confused, worried, angered and distressed for hours and in some cases days. So, make sure your cloud vendor has a response time of 12 minutes or less in case of an emergency like the one in Summit Hosting occurs.

In cases of such an emergency, Nerds Support has staff ready to respond and provides periodic updates every four hours via email and social media. Consistent communication like this ensures a smooth recovery in emergency situations and helps businesses maintain order.

Always ask your cloud provider for a business continuity plan. They should be able to provide you with a detailed plan outlining how they operate in the case of an outage, breach or natural disaster. If they don’t have one set up, move one to another provider.

Be Aware of Cyber Attacks

It should be the duty of every cloud provider to provide educational training to users about the various kinds of cyberattacks that businesses are susceptible to. However, providers often overlook training and focus on other areas of their services.

Ask your vendor what they’re cloud cyber security policy is. They should have a system in place that verifies and secures all devices before use. The reason for this being, employees bring their own devices to work and it can create a security issue if the machines are not secure.

Review your cloud vendor’s cybersecurity tools and protocols to make sure they provide the security benefits you need.

Although more and more users are becoming aware of some of these attacks, they are quickly adapting and changing to overcome user awareness. When it comes to cyber-attacks, your education is never finished. Human error is still the number one cause of cyber breaches and phishing is still the most effective cyber attack.

Research found Ransomware extortion payments are now $84,000 on average. This isn’t meant to scare you, simply to make you aware of the importance of staying educated. All it takes is one user in a company of thousands of people to compromise a system.

Often times, a company experiencing a ransomware attack fails to recover their files and pays the ransom out of desperation. Unfortunately, this doesn’t always guarantee all encrypted or stolen data will be restored or that the cybercriminal won’t attempt to extort them again.

Any cyber security expert will tell you, the best solutions are preventative. The most effective way to successfully survive a cyber-attack is to avoid it. By staying up-to-date on cybersecurity you’ll decrease your chances of falling victim to an attack by a hacker.

Summit Hosting Outage Ransomware Downtime Leaderboard

Top 5 Cloud Computing Misconceptions Thumbnail

9 Most Common Misconceptions About The Cloud

Cloud computing has grown more popular as businesses, end users and customers decide to store their data or share their files. In fact, the worldwide public cloud will have grown from $182.4B in 2018 to $331.2B in 2022 according to Gartner.

Even with this rapid growth, organizations are still learning about the cloud or don’t properly understand its function. As a result, business leaders have developed misconceptions about how to leverage the cloud in their industry.

However, the cloud can be an extremely effective tool and knowledge on its uses, services and functions can save you time, energy and money. With that, here is a list of a few common misconceptions about the cloud.

The Cloud is Unsafe/Risky

A cloud infrastructure not only protects business from cyberattacks and theft, it secures your data against outages, natural disasters and any other unforeseen damage to your physical business. The cloud serves as a massive back-up system using the internet to store critical data. A private cloud, however, offers computing services on a private internal network.

Cloud service providers invest greatly on cybersecurity as a means of guaranteeing the best possible service. In reality, the majority of cyber security breaches on the cloud were caused by user error.

On the cloud, all data is encrypted and backed up as well so users are protected from data theft.

All Cloud Providers Are The Same

There are many different types of cloud providers. It’s important to research which company fits your business needs best. Furthermore, there are different types of cloud services. There is a public cloud, a private cloud and a hybrid cloud which combines elements of the other two. Determining which cloud service suits your goals best is just as important as the service provided.

When You Choose a Cloud Provider, You Indefinitely Commit

As mentioned above, there are many different types of providers, offering a range of services. And some cloud services are better with some providers than with others. There might be certain features of your existing business you don’t wish to migrate with one provider. Cloud services are not an all or nothing affair.

As a result, many organizations are opting to adopt a multi-cloud solution. Multi-cloud solutions offer flexibility in pricing, services and compatibility. Additionally, a multi-cloud strategy reduces the risk of certain cyber attacks and can further prevent data loss.

Cloud Migration means transferring everything to the cloud

When moving to the cloud you can keep certain things in-house as well. What you keep internally and what you transfer over to the cloud all depends on your goals, costs, budgetary constraints and performance. Optimization doesn’t necessarily mean complete cloud migration. For some businesses optimization could be moving certain features and data to the cloud and keeping others on premises.

Cloud computing keeps your remote business operations secured & accessible

It Costs Less Than What I Pay Now

Cutting costs is often touted as one of the biggest benefits of adopting a cloud infrastructure. It’s more complicated than that. The fact of the matter is, businesses focus too much on savings without researching how to implement new cloud technologies once they’ve migrated.

Moreover, businesses fail to calculate costs during busier periods of the year. Reality is more complicated than a selling point and costs could vary.

Cloud Computing Means Giving Up My IT Team

Many business leaders believe that upon adopting cloud services, their existing IT team will become redundant. However, this is not necessarily the case. Nerds Support, for instance, is a Managed Service provider that offers Co-management services. Co-management means our partners keep their existing IT department and we provide additional support when they need it.

This option works best for smaller companies experiencing growth and increased workload. Or alternatively, companies that wish to focus on larger IT projects and need assistance taking care of less essential tasks.

You Can’t Rely On The Cloud

What happens if you experience downtime and lose connection to the cloud? If your office loses power in an electrical storm or through a power outage, the cloud backups allows you to access mission critical data from any device.

Think about it. If a server goes down in your office using an in house network, the entire business stops. Data saved on the cloud takes a matter of minutes to access so you can pick up where you left off.
Automated back-up systems are an inherent part of any good cloud provider.

Migrating Is Too Complicated

How long it takes to move to the cloud depends on the complexity of the network and environment. Assuming it’s a company that requires few services, it takes about ten to 14 days. Cloud providers often migrate businesses that work with third party vendors or have massive networks because of the nature of their business. These can take about six months to complete.

On the other hand,  before moving to the cloud, there are ways you can prepare that could ease the transition towards a cloud infrastructure.

Maintaining compliance will be too difficult

Meeting compliance standards is a big issue for many businesses. Nevertheless, the right cloud provider will guarantee you achieve compliance on the cloud. Cloud compliance helps keep both the cloud provider and the client accountable and there is nothing built into the cloud itself that prevents it.

In fact, cloud vendors have made compliance a main focus since banks, CPA’s and financial advisers began migrating to the cloud. If you’re in a highly regulated industry, there are cloud providers that specialize in specific regulations like SOX, FINRA and SEC compliance to name a few.

The take away here is to do your research. The cloud is an important tool. And like most tools, they are useful only to those who are willing to understand how to use them.

Top 5 Cloud Computing Misconceptions Leaderboard

 

 

DoorDash Gets Data Dashed After Breach

DoorDash Data Breach

The food delivery company DoorDash was compromised on May 4th 2019. The company said the data breach exposed the data of 4.9 million users, delivery workers and merchants. Fortunately, users who made accounts after April 5, 2018 were not affected by the breach. However, the breach exposed names, phone numbers, order histories, email addresses, and password information.  DoorDash said the breach happened through a third-party service. If it can happen to them it can happen to anybody and too often, it does.

DoorDash said in light of the hack, it took additional security steps to secure user data. It added security layers around the data and brought in outside consultants and experts to further identify and repel potential threats.

The company also said hackers obtained the last four digits of users’ credit card information. The customers’ full card numbers were not obtained, nor were the card verification values (CVV). The hackers also managed to steal the driver’s license numbers of about 100,000 delivery workers.

Hashing

DoorDash uses a method of encrypting data called Hashing. Hashing is taking a way of representing data in the form of a series of symbols. Moreover, it allows you to take an input, say a password, of any length and turn it into a string of characters that turn out to be the same length.

There are algorithms, like SHA1 and SHA256, that do this for you and generate unique hashes. They will take a name like Thomas Johnson and turn it into something that resembles “aeb4048c96b086739900f4f4144cd1f5”. The good thing about these hashing algorithms is that there’s no way of reversing the process. If someone had access to the hash, they couldn’t reverse engineer the name. At least in theory.

Brute Force-Attacks

There is are some methods of getting the non-hashed password or information hackers often exploit, sometimes quite successfully. One of these methods is called a brute force attack or a dictionary attack. The hackers take a long list of passwords and run it through the appropriate algorithm. Then the hacker looks at the hash they wish to recover and look for it in the list of hashes. Like looking for a number in the phone book when all you have is a name. If they find a hash in the list that matches the one they have, they simply look at the plain text version on their list.

If you couldn’t tell, this is a very intensive process. However, experienced hackers will use huge word lists and run them through their systems. These systems can analyze passwords in a matter of seconds.

Hash Collision

Hash collisions happen when two sets of data correspond to the same hash. This is very rare but useful. The hacker would be able to use a series of characters to access your account since it generates the same hash as your password.

Doordash assured its users and the cyber community that the hashing routine used salt to increase its complexity. No, not actual salt. “Salt” in cryptography simply means adding random data to the input (the password going into the algorithm)  so the hash is unique. This decreases the chances of a brute force attack or a hash collision.

Adding Salt to a Hash

Hashing isn’t full proof. It’s very deterministic, meaning a certain input will always give you the same output. Thomas Johnson as an input will always produce the same hash. So, if two people coincidentally use the same input for a password, they will both generate the same hash.

Adding salt to a hash means you take a random variable of a specific length and add it to the input. So, even if the input itself isn’t unique, the variable makes the hash unique. Metaphorically adding salt gives the hash a more distinctive flavor.

Despite the fact DoorDash took these extra precautions to encrypt their users passwords, experts suggest that any user affected by the breach should change their passwords to something as complex and secure as possible.

It’s Common

Unfortunately,  data breaches like the one in DoorDash occur fairly often. The more sensitive the information the more lucrative the hack will seem to a cybercriminal. That’s why the healthcare, accounting and financial services industry are often targets of cyber-attacks. 71 percent of breaches in 2019 were financially motivated, meaning hackers are looking to get information they can use to enrich themselves. Then, company that regularly deals with clients’ financial information would be a prime target. Doordash has credit card information to facilitate purchases but accountants and financial advisers have much more specific information.

That’s why managed IT for Finance and accounting is so important. Companies take their IT infrastructure for granted, often times, because they see it as an extra expense not a necessity. However, security is an expectation not a luxury. Providing managed IT for accounting and fiance is mostly about planning with compliance and security in mind.

That’s why agencies regulate these types of companies . Many compliance laws force industries like fiance and accounting to maintain high levels of security. That way, financial information isn’t compromised. Yes a thief is blamed for a robbery, but if the bank has poor security and didn’t install security cameras to cut costs, the bank is just as much to blame. This metaphor might simplify things a bit too much, but sadly that is the case for many industries. They don’t invest in newer cyber security because they’re too small to get attacked. Other times companies will think the security measures they take are good enough.

Small Sized Businesses are More at Risk

If a business owner reads this article and thinks to themselves, “I’m not Doordash, I run a small accounting firm,” they’re sadly mistaken. As a matter of fact, 43 percent of data breaches in 2019 targeted small businesses. People only take notice of the breaches occurring in large companies like Doordash and Capital One because those make interesting news articles and blogs. More often, it’s the smaller companies that suffer the greatest losses. 60 percent of small companies go out of business within six months to a year of a cyberattack. This is a number taken from the U.S. National Cyber Security Alliance.

Most of these breaches occur because a low level employee does something wrong. They open an email that contains malware, they don’t secure their passwords, they expose valuable information on social media, they are victims of an elaborate phishing scam. Nerds Support works as a financial cloud provider giving extensive training, security protocols, policies and procedures within the company.

Now, notice how they published a blog regarding the incident. They didn’t have to do this. DoorDash could’ve gone to the press but they knew it was important to retain a sense of confidence in the company. The company needed to tell as many people as possible that everything was taken care of. That’s obviously because perception builds trust and trust is the currency that builds companies.

A Data-Breach in Trust

If a breach occurs it’s highly likely that confidence in the companies ability to secure sensitive data will decrease. Restaurants have gone out of business because a customer found insects or filth in their foods. Companies fail more often from a decline in trust than anything else.

Nerd Support provides FINRA approved cloud storage to financial firms because keeping with industry compliance creates a safer digital environment for both the company and its clients. If someone is looking for a firm and sees it’s following all regulatory and security standards, then it’s a subconscious relief that builds confidence in the firm.
That being said, IT solutions for finance differ from the solutions other companies need, but all industries are regulated to some degree.

What can you do to Avoid a Breach?

Create a business continuity plan. This will mitigate the impact of a breach and ensure your business survives and recovers. DoorDash has one, which is why it immediately took steps to bounce back from the attack. The company added new security measures to their systems, hired outside consultants, and took to social media to update everyone on the status of the company. There is no doubt the company discussed all of this at some point in it’s history.

This was a swift and comprehensive move on DoorDash’s part because they knew the longer it takes to act after a disaster the bigger the losses.

Delete all emails, links online posts that you suspect might lead to a virus or data-breach. These are how many cybercriminals steal information.

Update and secure all software. This is often overlooked but it can be one of the best defenses against malware and viruses.

Encrypt sensitive data. Like DoorDash, encrypting sensitive data will make access to it difficult at worst and nearly impossible at best. Encrypting data is just converting data into another form.  Like hashing a password by turning it into a series of numbers and letters. Nerds Support encrypt its partner’s data and store it in a highly secure data center. We focus more on software encryption but you can also encrypt hardware.

DoorDash is just an example of what can befall any company in today’s world. Companies experience hacks, data  leaks, and personal data’s constantly stolen. The threat is more visible to the public now as larger companies fall victim to attacks. Cyber-crime is the world’s highest paying business, estimated in the trillions of dollars.

Business owners need to take action. If they don’t do anything, they’re just waiting to be next