Posts

10 Tips to Hurricane Proof your Business

With the summer comes rain, humidity and the unfortunate occasional hurricane in South Florida. As a business owner you want to be prepared for whatever nature throws your way.

That means having a few things completed to ensure you survive the season with minimal to no issues.

If done right you can develop an effective plan with a ready business hurricane toolkit.

Here’s a list that will help guide you towards creating a hurricane contingency plan:

1) Organize and write down a plan

First of all, do you have a business continuity plan? This might seem obvious to some, but planning in advance will dramatically increase your chances of recovering quickly after a hurricane.

Any business recovery plan should at the very least include a step-by-step procedure on what to do.

You can format this plan however you choose so long as it functions as a business continuity-hurricane plan.

If you’re a business that cannot afford to be down longer than a few days, have a contingency plan that will hasten the process.

2) Perform an off-site data backup and storage

You now have to make sure any documentation and data that is essential for running your business is safe and secure.

Back-up your data or convert any physical documents into digital. A natural disaster like a hurricane is a huge threat to infrastructure and can make accessing an office building next to impossible if there’s flooding or power outages.

Make sure those back up files are protected and encrypted so that they remain safely in the care of your company.

25% of Businesses don't open again after a disaster

3) Automate your back-ups

This should be considered an always rule. Whether at risk of being struck by a hurricane or not, it’s of the utmost importance you’re backing up all your data consistently.

If you rely on human beings to keep track of all backups at all times they’re likelier to forget or make mistakes. Do not take any risk with something so simple.

Nerds Support performs automatic back-ups for all its partners daily.

4) Communicate with your team

Make sure you establish a credible and reliable line of communication with employees and key members of your company.

Everyone needs to understand their role in the event of a storm and must be ready to undertake the tasks required of them at a moment’s notice.

Have a designated phone number that everyone on your team can contact if there’s an outage or emergency before, during and after the storm.

5) If necessary, get professional assistance

Trying to recover data after a hurricane without the technical know how can be onerous and exhausting at best.

At worst, it can severely hurt your business, resulting in lost data and weeks of downtime. This is something you’d want to avoid as much as possible.

Consider hiring an Managed IT services provider, like Nerds Support, who have experience working with business continuity plans, can help you recover your data, manage all IT hardware and software.

6) Establish redundant systems

Establish redundant servers for all important data. This means providing alternate ways of accessing your data should primary methods of access be unavailable.

Also having these redundant systems can expedite recovery from days to hours or even minutes.

Percentage of businesses that open after a disaster are low

7) Image (Copy) your servers

Having multiple copies and access points for your data offsite is good, but keep in mind that data has to be restored for it to be useful.

Imaging your servers is essentially creating exact replicas of the servers, which can then be transferred or copied somewhere else.

By imaging your servers you don’t have to worry about losing system preferences or specific configurations.

8) Protect hardware and infrastructure as much as possible

If you have any cables, outlets or sensitive hardware, make sure you keep it stored in an elevated area in case of flooding.

Any additional hardware you wish to protect, cover it in sturdy plastic or tarpaulin material should there be any leakage.

This will establish facility hurricane preparedness, something that is often overlooked but can make a huge difference.
These small maintenance procedures can go a very long way and save you time better spent on other business related matters.

9) Be on the lookout for scams

Keeping number 8 in mind, you need to keep track of security on your network as well as hardware.

Natural disasters like hurricanes and floods are a threat but it’s likelier to experience some sort of cyber-attack in this period.

Cyber-attacks like malware, phishing scams, and other forms of human engineering occurs more frequently when businesses are most vulnerable (i.e. after a natural disaster). Keep all of your data secure and all of your software security up-to-date.

10) Test, Test, TEST!

Test your disaster recovery plan as often as possible especially if you’re a small business.
An emergency plan for small businesses has to be exact and precise in order to recover properly and avoid losing profit.
If you’re going to set up a plan then testing it to make sure there are as few flaws and inconsistencies as possible will ensure its successful implementation. Testing ensures everyone involved is prepared and updated on the procedures.
The more you test the easier it becomes to find the best ways of implementing the plan.

Download Nerds Support’s free e-book today to learn more about securing your tech and be fully prepared this hurricane season!

The Top 8 Necessities of a Business Continuity Plan

As the old saying goes, “Life isn’t about shielding yourself from the rain, it’s about discovering to thrive in the hurricane.” However, if you’re a small business, you initially need to preserve your data from the rainfall before you can pay for to dance in the hurricane with no concern. Natural disasters and cyber-attacks can hit you unexpectedly, costing your business thousands in revenue.

Your equipment might be destroyed, your workplace may be flooded as well as your essential service information breached. While some companies can take swift action to guarantee their stock and business are safeguarded from catastrophes, many of them have a tendency to forget the risk these tragedies present to their IT facilities as well as information.

Here are the Top 8 necessities your organization should include in developing a business continuity plan.

Is Your Business Prepared for Extended Downtime?

To countless business owners, it does not seem to pose a problem– and inevitably, this is where things fall apart. Information loss as a result of a disaster or any other factor can cause considerable harm to a business, leading to extreme effects such as total service downtime. Protecting your information shouldn’t be a strategy you wait to develop until after it’s been devastated. Here are the steps you can take to alleviate the risks calamities could present to your information as well as IT framework.

  1. Acknowledge the demand for information safety, protection as well as healing in times of calamity.
  2. Combine your key resources as well as produce a group that is accountable for executing your catastrophe back-up as well as recuperation strategy.
  3. Recognize the key locations that need to be attended to. In case of a disaster, what are the procedures that absolutely need to function to maintain your service going and what is required to be done so they still operate efficiently?
  4. Prepare a strong catastrophe recovery-business continuity plan. You can employ your in-house IT group or bring a managed it services provider onboard to do this.
  5. Create a checklist of all the software programs, applications and also equipment that are vital to your service process.
  6. Take account of floor plans, physical access information, entry-exit protection codes or anything pertaining to your business in the plan.
  7. Include material about your backups in the calamity recuperation and company strategy.
  8. Conduct simulated drills as well as audits to guarantee your strategy is executable and also provides you the intended outcomes.

All of this can feel like an immense undertaking, specifically with an organization to manage and a disaster to be on the look-out for! That’s why most SMB’s count on trusted managed service providers to do it for them, while they focus on their core area– running their service and partners.

Don’t Let a Disaster Blow your Data Away!

An unanticipated emergency situation can wipe out your service, however a proper information continuity strategy can aid in its endurance! So what should an excellent service connection strategy cover?

A checklist of your most important connections

Among the most important components in your organization connection plan is a list of all your essential contacts who must be informed of the catastrophe. This can include all your C-level execs, HR supervisors, IT Supervisor, client encountering supervisors, and so on.

An extensive checklist of your IT stock

Your organization continuity strategy must consist of a list of all the software programs, apps as well as equipment that you make use of in the day-to-day operations of your service. This listing ought to identify each of those as important or non-critical as well as point out information relating to each of them such as:

  • The name of the application/program.
  • Version/model number (for software/hardware).
  • Vendor name as well as connection details for each of them.
  • Warranty/support schedule details.
  • Contact information for client support for these applications.
  • Frequency of use.

Relevant Backup Data

Data backups are crucial to your disaster rehabilitation and so your service connection planning ought to feature information regarding data backups. It should state exactly how usually information is supported, in what styles as well as where. It should likewise mention what document back-ups are readily available– preferably, you need to be protecting ALL data as soon as possible! Especially if your business is transitioning its operations to remote work, you need to be prepared for anything.

What’s your Alternate Plan?

See to it your service connection program notes a backup procedures strategy that will certainly enter play in the event of a catastrophe. Examples consist of substitute operations such as options to function remotely or even to allow employees to bring their very own gadgets to work (BYOD) pending the time regular company premises or devices are ready.

Layout and site

Your service connection plan must also consist of a layout of your workplaces with the exit as well as entrance points plainly marked up, so they could be utilized in case of any sort of emergency. It must likewise mention the site of data centers, phones, essential IT devices and similar hardware.

Process classification

See to it your company continuity strategy specifies the standard operating procedures (SOP’s) to be complied with in the event of an unexpected emergency.

It’s Time to Start Planning!

Are you thinking business continuity planning is convoluted? Do not quit! A bunch of little & average sized companies don’t produce a company connection strategy thinking it is way too much of a problem. But this can easily show to be disastrous to your company eventually. A skilled MSP can aid you comprehend company connection preparing and also even aid you create a service connection plan that is best suited for your business!

Nerds Support Contact Us Leaderboard

How to Improve Your Business’ Cyber Defense

Today, countless entrepreneurs set up an anti-virus software for their cyber protection and stop there. Nevertheless, there are actually numerous means to breach a system without triggering anti-virus applications. And especially in today’s evolving remote work world, you’ll need more than just a simple firewall to stop your data from being breached.

Cyber-criminals are actually producing various malware quicker than antivirus solutions may identify all of them (around 100,000 updated infection forms are introduced every day), and expert hackers will frequently assess their developments versus all readily accessible systems prior to launching them onto the internet.

The Scary Truth

Regardless of whether you possessed an ideal anti-virus solution that might sense as well as prevent all risks, there are actually countless cyber threats that can get around anti-virus software completely. For instance, if a cyber-criminal is able to manipulate a staff member to click on an infected email or link, or perhaps “brute force estimate” a low-strength password, all the anti-virus applications on earth couldn’t save you.

There are actually a number of weaknesses a hacker may prey on: the physical level, the individual level, the network level, and also the device level. You need to have a security strategy that will definitely enable you to swiftly detect as well as address violations at each level.
The physical level pertains to the PC’s as well as other devices that you store in your workplace. This is actually the simplest level to secure, yet is actually frequently abused. For example, employees lose devices with sensitive information such as smartphones or USB’s, which fall into the wrong hands.

For the physical level, you should:

  1. Retain all PC’s and also equipment under the oversight of a worker or even stored away in all opportunities.
  2. Solely permit approved team members to utilize your equipment.
  3. Never connect in any kind of unidentified USB gadgets.
  4. Demolish outdated computer hardware prior to tossing it away.

The Biggest Threat to Your Business

The truth is, 95% of protection occurrences include human mistakes. Ashley Schwartau of The Security Awareness Company states the most significant blunders a firm can make are “presuming their workers recognize internal safety strategies” as well as “presuming their staff members care sufficiently to comply with plan”.

Right here are some means cyber-criminals make use of human shortcomings:

  1. Attempting to brute-force deciphering passwords.
  2. Fooling workers to open up suspicious e-mails or go to endangered sites.
  3. Deceiving workers to reveal delicate info.

For the human level, you should:

  1. Implement obligatory password modifications every 30 to 60 days, or after a worker is lost.
  2. Train your staff members on ideal techniques every 6 months.
  3. Supply rewards for safety mindful actions.
  4. Disperse delicate details on a requirement to understand basis.
  5. Need 2 or even more people to approve any kind of transfer of funds.

A Strong Network Makes Your Security Work

The network level describes software application strikes supplied online. This is without a doubt one of the most typical avenue for strikes, impacting 61% of services last year. There are all sorts of malware: some will certainly spy on you, some will certainly siphon off funds, and some will certainly lock away your data.

Nevertheless, they are all transferred similarly, either with spam e-mails or suspicious websites, or with “Drive by” downloads.

To defend your business versus malware:

  1. Do not utilize service gadgets on an unsafe network.
  2. Do not permit international tools to access your Wi-fi network.
  3. Utilize firewall programs to safeguard your network.
  4. Make certain your Wi-fi network is secured.
  5. Utilize antivirus applications as well as maintain updates. Although it is not the perfect security solution, it will certainly secure you from one of the most typical infections as well as aid you to observe abnormalities.
  6. Utilize applications that identify dubious program actions.

Don’t Leave Your Data to its Own Devices

The mobile level pertains to the digital tools your team utilizes on a day-to-day basis. Cyber security awareness for mobile devices usually trails other technology, which explains the reason there are 11.6 million compromised devices in any instance.

There are many traditional methods for compromising mobile devices:

  • Customary viruses & ransomware
  • Suspicious applications
  • Extortions to your business internet system

To protect your equipment you should:

  1. Utilize strong passcodes.
  2. Utilize encryption.
  3. Utilize distinguished cyber defense software.
  4. Allow remote data clearing possibilities.

What You Can Do

Just as every source of protection would certainly have been pointless without an HQ to relocate security strength to where it’s required most, Cyber IT defense-in-depth strategy requires to have an individual who can check each level for dubious data movement and also react as necessary. With a managed IT services provider, those concerns are gone as you have a whole team of IT engineers you can count on 24/7 for your cyber defense while you can focus on running your business.

Nerds Support Contact Us Leaderboard

Workplace remote work.

Workplace: What You Should Know

Software-as-a-service companies are more and more common these days. With many industries seeing the benefits of SaaS, there is growing interest in these types of services. However, finding the right service is the key. Of all hosted services, Workplace_ is among the best.

Workplace promotes remote team collaboration and improves employee productivity for your company. A cleaner, user-friendly interface allows you and your co-workers to find, access and share files, websites and apps easier than ever before.

What’s more, Workplace’s key upgrades assure its users better security and regulatory compliance, as well as make the platform a tool for remote workers and organizations who care about keeping their data safe.

So, what are the main changes that will transform your Workplace_? 

Makeover of the Workplace Web App in Windows and Mac

On Windows, you are able to resize the app as big as you wish, even entering full-screen mode in your computer. You could also minimize it as small as you want so it doesn’t take the entire screen if you’re working with multiple applications or browser windows.

On Mac, Workplace works perfectly with the OS version, Mojave. Upgrades were installed, fixing an issue that previously affected users: the inability to see some virtual graphics products. Developers working on improving this app went above and beyond not only fixing what users weren’t able to see or the app wasn’t able to display, but also enabling Workplace to function on multiple monitors.

Pin Any File or Folder to Your Launch Page

Workplace has a feature that allows users to “star” websites, applications, folders and files that you can open directly from the Launch page with just a simple click.

Workplace’s Feature: Websites

You are able to see all the websites you visit and work with on a daily basis in a section dedicated specially for that! You can “star” (or pin) a website to your Launch page and see the Websites section there, or you can visit the sidebar menu on the left to see all of your featured and frequently visited sites.

Also, you can save websites with or without including login credentials and set up your username and password without depending on a company manager to do so. And let’s not forget about the feature that allows you to share bookmarks and websites with your colleagues, increasing collaboration and team productivity levels.

Find All Your Hosted Apps in One Place

Talking about simplifying workflows and increasing productivity, Workplace gives Citrix (“hosted”) applications their very own section. Click on “Hosted Apps” on the app sidebar and you will find all your hosted applications, or “star” the apps you use the most appear in your Launch page for quick and easy access.

Streamline device management, business continuity, & consistency of your remote operations with our Workplace cloud solution.

See If You Have Compliance Issues

All apps in the Workplace desktop platform have a feature that perfectly aligns with the company’s mission of keeping our customers’ data safe and improving security compliance. “Compliance Status”, the latest feature on Workplace, is implemented on both Windows and Mac machines. It checks your devices to see how your compliance level compares to the industry’s best practices.

What’s more, if you have compliance issues, recommendations will be made to fix the problem and get you to 100% compliance.

Run your Firm from the Cloud

Workplace provides a comprehensive solution that combines cybersecurity and compliance needs. The all-in-one, cloud based platform delivers and intuitive experience that reduces risk of data leakage.

You can protect your firm’s most important data by ensuring that all applications run only from this unified cloud environment. There is also improved continuity and disaster recovery features so your operation stays fully functional through any event.

Multi-Factor Authentication Keeps Your Firm Secure

Workplace also reduces the risk associated with logins and passwords. Employees access customized applications with one-click access. It also comes with multi-factor authentication that conforms to NIST (National Institute of Standards and Technology) guidelines.

Furthermore,  Multi-Factor Authentication enforces authentication methods required by regulation.  These methods are supported by both iOS and Android as well so employees can use them, regardless of device.

 

For more information on the cloud, cybersecurity and more, visit our website.

 

Nerds Support Contact Us Leaderboard

Emotet malware strikes in a cyber attack

UHS Cyber Attack and the Rise of Ransomware

The major hospital and health care network Universal Health System was hit by potentially the largest cyberattack in U.S. history so far.

The computer infrastructure of Universal Health Systems (UHS) showed signs of failure on Sunday morning throughout the United Kingdom, Puerto Rico and the United States. The attack took down UHS’ network cross the United States. As the situation worsened patients have been moved to different rooms and facilities. Appointments and test results were also delayed as a consequence of the attack.

The attack encouraged one the UHS hospitals to move towards an all paper filing system, according to some individuals familiar with the situation. UHS operates more than 400 hospitals and facilities with over 90,000 employees.

The fortune 500 company said that there was no evidence that patient or employee had been misused, stolen or copied. Bleeping Computers, the online publication that first reported on the attack, spoke to employees who determined the ransomware attack had the tell-tale signs of the Ryuk virus.

What is Ryuk Ransomware?

Justin Heard, Director of Security, Intelligence and Analytics at Nuspire, noted that up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare.

Ryuk is a type of ransomware that uses encryptions to cut off access to systems, files, and devices until the victim pays ransom. The ransomware is placed in a system by other types of malware.

The most common is TrickBot, however Ryuk can also gain access through Remote Desktop Service.

The Ryuk ransomware takes payments through Bitcoin and instructs victims to deposit the money in a particular Bitcoin wallet. The demand is usually between $100,000-$500,000 in Bitcoin depending on the conversion price of the cryptocurrency.

Once installed, the Ryuk malware spreads through the network infecting as many servers as it can.

The Ryuk Attack

An employee told Bleeping Computer that, during the cyberattack, files were being renamed to include the .ryk extension. This extension is used by the Ryuk ransomware, reports BleepingComputer. “Another UHS employee told us that one of the impacted computers’ screens changed to display a ransom note reading “Shadow of the Universe,” a similar phrase to that appearing at the bottom of Ryuk ransom notes. Based on information shared with BleepingComputer by Advanced Intel’s Vitali Kremez, the attack on UHS’ system likely started via a phishing attack,” BleepingComputer says.

An employee of UHS told Bleeping Computer that files were being renamed to include the .ryk extension as the cyber-attack took place. Based on information provided to Bleeping Computers the attack on UHS’ system began as a phishing attack.

Many health care workers posted notes about the situation at various Universal Health facilities in a Reddit thread. One in Florida noted that it was “a hot mess in the ER today.” Ambulances with heart patients were being diverted because the facility’s catheterization lab was down, the person posted.

Another nurse in a facility in North Dakota said computers slowed down and then didn’t turn on Sunday morning.

Ransomware & Medical Facilities

Hospitals are high valued targets for cyber attackers because they hold incredibly valuable personal information that can be sold on the dark web or used as leverage for a ransom payment.
A ransomware bug called WannaCry was used in 2017 to target Microsoft Window’s operating system at the time. It spread through an exploit named EternalBlue and reached the U.K.’s National Health System.

The WannaCry ransomware impacted 80 medical facilities although there were no reported deaths as a result.

Hospitals are the perfect target for threat actors because they rely on critical and immediate care to assist patients in need. That means solutions and treatment are time sensitive and dependent on drug history and other medical information to proceed. Without this information patients can suffer or die. This makes hospitals likelier to pay a ransom instead of risking lives by delaying.

Ransomware and other Businesses

Hospitals are not the only industries suffering from malware. We’ve covered cases of schools, businesses and entire cities being impacted by ransomware attacks.

In October, 2019 the technology company Pitney Bowes, was attacked by malicious ransomware. Its shipping and mailing services were compromised and disrupted client access to their services.
Ransomware is a growing problem as over 140 attacks were reported in 2019 targeting state and local governments as well as health care providers like UHS.

As we’ve shown, hospitals and the health services industry are prime targets but are not the only targets. For this reason many businesses are adopting Managed IT services to help deal with this rise in cybercrime.

Emotet Malware

In July 2020 there was a rise in Emotet malspam campaigns. Emotet is a banking malware that infects systems to try and steal sensitive financial information.

The Emotet Malware was first identified in 2014. It was originally just a banking malware. However, later versions were designed to include spamming and malware delivery services. This made it more dangerous and easier to spread.

These campaigns infected victims with Trickbot and Qbot malware. If you’ve been paying attention, you’ll recognize TrickBot malware from earlier.

Emotet is a Trojan that spreads mainly through spam emails. These malicious emails might take on the disguise of legitimate emails. As a result they often persuade users to click on a link or button.
That’s how most likely how the UHS attack took place. As we’ve seen with Emotet, these ransomware attacks only get more sophisticated and more popular as their success rate increases.
Ransomware has become the most popular form of attack growing 350 percent since 2018. What’s more, ransomware from phishing emails like Emotet have increased by 109 percent since 2017.

What should be Done?

There are researchers that are calling for a ban on paying ransomware. However, that recommendation is controversial and not mainstream. They argue that refusing to pay ransomware reduces any incentive a hacker might have and will reduce the rise of malware hacks.

This solution doesn’t address the fact that hackers who gain access to company data can still use it.  Cyber attackers can sell it on the black market, or continue to freeze should the ransom remain unpaid.

The only real solution so far is to educate and train employees as much as possible to avoid malicious or fraudulent email scams.  IT services companies often play a role in educating their clients on these matters but it falls on the business to teach personnel of the risks.  IT consulting can benefit many smaller and medium sized companies who aren’t equipped with the appropriate tools needed to combat these threats.

Even the most dedicated cyber security team with the most sophisticated digital tools will mean nothing if an employee opens the wrong email, clicking on an infected link. Companies that don’t dedicate the time to training their employees turn them into liabilities and the more vulnerable your employees, the more vulnerable the company.