Posts

Hurricane destroying a business with no backup data, files, and continuity plan.

How to Prepare your Business for a Hurricane

/in /by

ACCUweather, which provides global forecasting services,  predicted 12-14 storms in 2019. Of those, only about two to three strengthen enough to become a major storm (category 3-5). In 2020, hurricane season is projected to be “extremely active”. A research team at Colorado State University predicts 24 named storms, 12 total hurricanes and 5 major hurricanes.

It’s important that business owners understand what they can do to protect themselves and their workplace.

Preparing Your Business For A Hurricane

Storms can devastate homes, families and entire communities. For small businesses, recovering from hurricanes and tropical storms can take years. Sometimes, they don’t recover at all. The Golden Corral franchise restaurant in New Orleans suffered considerable damage after Hurricane Katrina.

Natural disasters can negatively affect businesses in a variety of ways. There are other kinds of disasters called operational disasters, which occur when a business loses an important manager or director, the conditions within the business become far too unfavorable to maintain productivity. Large and small businesses deal with the effects of disasters differently, mainly because larger businesses have more resources at their disposal for restoring their operations.

Create A Business Continuity Plan

The first thing to do before anything else is to create a business continuity plan as soon as possible, preferably long before hurricane season starts. A continuity plan can greatly improve your chances of a timely recovery after a hurricane, storm or any other natural disaster. Plans include detailed instruction for restoring operations after a natural disaster. Protect the components that are most responsible for sustaining operations first. It is important to make an appraisal of key elements within your business to really determine how you proceed.

51% of small businesses surveyed said that damage from a hurricane would be “extremely damaging” to their operation, according to survey by Womply. This is due to the damage that a hurricane deals to business assets during a storm. Networks, technology, equipment and data are among the litany of assets that are at risk during a hurricane. The Federal Emergency Management Agency (FEMA) has a Continuity Resource tool kit which gives businesses insight into how to adapt to rapidly changing conditions and make quick recoveries from operational disruptions.

Back-Up Your Data As Soon as You Can

Where are your assets located? A software company, for example, may have servers that operate within a warehouse away from the office. In that case you would have to ensure there are protections put in place to secure them. Back-up your data as soon as possible. Make sure your data is secured off-site.

For example, Nerds Support data center is located in downtown Miami in a secure building that can withstand a category 5 hurricane. If a catastrophic hurricane, more powerful than a CAT 5 were to hit, the servers would be moved to another secure location away from danger with the uttermost care. With today’s technology this is easier than ever. Cloud based services function as a way to secure data and ensure functionality for businesses so that they can work remotely or recuperate necessary digital tools to continue their operation.

Establish A Plan of Communications

Hurricanes can severely impact communication with staff. That’s why it’s necessary to plan accordingly should a storm cut off your lines of communications. 

  • Build a reliable communication tree between you and personnel. Even you’re working remotely, power outages can create a chaotic environment for your business processes. Communication is essential to keep a business running during or after a storm. Also communicating after the storm will give you insight into what employees are dealing with. That will help you manage your business more effectively overall and resolve these issues appropriately. 
  • Prepare for interrupted computer lines, cell phones, emails and landlines. Give employees resources where they can learn about closures and updates regarding the storm. Share as much as possible so that no one member of your team knows more or less than another.

No Office No Limitations: Working From Home is No Hassle At All

You can work from a different location regardless of the weather conditions or circumstances. Your workforce will also need to adapt and work with you to expedite recovery, but that will necessitate effective leadership on your part as a business owner. Many companies now have a mobile workforce that often have to move from the office to the field or work remotely from another location.

You need a system of communication that allows you to access the bulk of your workforce if not everyone simultaneously. It is important that you keep track of everyone’s location in real time and establish a plan of action. Look into who within your workforce travels most frequently and where they travel to. Establishing clear communication from within your team is essential to preserving organization and even moral. Confusion and miscommunication can lead to exacerbate tension and anxiety and create a perception that the storm is more severe that it is.

Download our FREE e-book for more information on how to prepare for a storm and how to weather any natural disaster this hurricane season.  Or contact us today at 305-551-2009, there’s still time to get prepared.

Nerds Support Contact Us Leaderboard

Be careful with social engineering scams that install malware

Reduce Malware Infections in 7 Steps

/in /by

7 IT Solutions To Reduce the Risk Of Malware Infections

Friday, June 26 2020 The University of California at San Francisco School of Medicine paid over $1 million to regain access to data after hackers encrypted it with malware.

Situations like this happen all the time. Unfortunately, businesses and institutions across the world have failed to properly prepare for cyberattacks. In many cases it’s a matter of outdated infrastructure and insufficient funding. In other cases, it’s neglect or improper training.

Because of the fact that if your system is infected, you likely won’t be getting your files back unless you pay the ransom, you likely don’t want this to infect your work systems. One of the ways to limit the possibility of this is to educate your employees on how to minimize the chances their systems will be infected. Here are seven practical IT solutions to reduce the risk of malware infections.

1) Watch out For Vulnerabilities

Cyber attackers are using all kinds of technology to exploit networks and systems. One piece of malicious tech they use are exploit kits. Exploit kit, also exploit packs, are programs used to deliver malware to a vulnerable network.

What do I mean by vulnerable? A vulnerability in software is a mistake, or error, in the code. The hacker manipulates the user into visiting a malicious website and if any errors exist in the code of the system, the exploit can be implemented.

Furthermore, exploit kits function in the background making it difficult to determine when you’re experiencing an attack.

Update your operating system, browsers, and plugins. If there’s an update to your computer waiting on queue, don’t let it linger.  Additionally, updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered.

You can protect yourself from these types of attacks by avoiding links and remembering to update your software. Many of us have the nasty habit of putting off systems updates. The little icon in the corner that reminds us of a new update is often seen as a bother. However, consider the alternative.

These systems updates fix any security vulnerabilities the developers and programmers uncover. There is actually a type of vulnerability called a Zero-Day vulnerability and it happens when hackers exploit undiscovered or unintended vulnerabilities. The malware is actually called zero-day exploits.

This applies to mobile phones as well. Software updates on your phone are meant to strengthen the software and patch any flaws the programmers missed when releasing the software. Software is constantly improving because code is constantly improving.

This explanation in many ways oversimplifies the process but it works for our purposes.

2) Remove Software and Files From your Systems You aren’t using

We’ve all heard of spring cleaning. We look through all the things we have and toss out what we don’t use. If we let things accumulate they create clutter and can create big problems. Well, the same thing applies to software on your devices.

You have to periodically look through all the software on your devices and determine which ones are outdated and which ones are worth keeping. For example, Microsoft no longer releases software updates for Windows 7 and Windows XP. Furthermore, using these applications without support or patch updates puts you in a position to get hacked.

How old are the applications you use? When did you last update them?

Do your homework and find out or someone else will.

3) Be aware of Social Engineering

Cybercriminals spread malware into your systems through social engineering tactics like phishing. There are older, less commons ways too that are worth going over. In some cases, a hacker will place an unlabeled USB in a public place or an office. The idea is that an unsuspecting victim will pick it up, consider it harmless and claim it as their own. This is also a form of social engineering because it still manipulates users into executing a certain action.

There are anti phishing tools you can use like Retruster that protect against fraudulent emails, phishing and ransomware. There are also many plug ins available for free that help users identify malicious links by creating a “safe to click” marker on them.

4) Inspect your Inbox Like Your business depended on it: Because it does.

Understand that the biggest vulnerability your business has walks on two feet. It doesn’t matter how many tools, tips and software updates you have if you fall for a social engineering scam. And it doesn’t just happen to small companies either.

Facebook and Google put together were victim to a payment scam of over $100 million. Between 2013 and 2015 a Lithuanian hacker managed to send each company fake invoices while pretending to be an Asian manufacturer they were in business with.

This is an example of Vishing, a.k.a. voice phishing. Leading to the next point:

5) Always Verify credentials with Cold Callers

Vishing is a bit more difficult to pull off on companies. However, when done correctly it can generate a huge amount of profit for the scammer like I mentioned with Facebook and Google.

Depending on the company you might get a call from someone pretending to be Microsoft. In other cases it’ll be a vendor or a bank checking in. It’s difficult to say in what form these scams will come because the scammers tailor them specifically for a business.

In the case of Facebook and Google, for example, the scammers had to know they two companies were working with that specific vendor.

For your company it will be different according to your specific circumstances. If it isn’t believable then the victim won’t fall for it.

6) Make sure You have a Secure Connection

Whether you’re working in the office or remotely, you need to ensure your connection is secure. If you’re working from home, perhaps you’ll need a VPN to protect your Wi-Fi connection. Additionally, when you’re browsing on the web make sure the website is secure.

7) Use strong passwords with Multi-layer authentication

A large percentage of people reuse the same passwords for the personal and professional logins. It’s time to change that habit. Companies like Google and Apple created password generators that create strong, complex passwords. However, don’t leave it up to google.

If your business doesn’t use multi-layer authentication for access to important documents, files or websites, you’re living in the past. Nerds Support uses multi factor password authentication to ensure whoever is logging in can only do so if they are the right person.

Our systems require a mobile phone confirmation, email confirmation and password confirmation in order to provide access to our systems. That way, if a device gets stolen or a hacker gains access to a password, neither will be enough to access files alone.

Conclusion

Malware attacks are growing. Now that businesses are moving towards remote work, protecting against these types of attacks are more important than ever. Cyber security is not just about the technologies that protect your important data. It’s also about what you are doing to protect your business. It is the first and the last line of defense.

Nerds Support Contact Us Leaderboard

A data breach could cost your business everything if you don't have the correct remote cyber security measures in place.

The Cost of a Security Breach: Is it Always Business As Usual?

/in /by

What is the Cost of a Cyber Breach?

A hacker stealing your information during a cyber breach is a bad situation. However, a hacker stealing your business’s information might be worse.

Running a successful business always implies a degree of risk. However, in today’s day and age, companies are finding themselves encountering a form of risk that often goes unnoticed: cyber attacks.

If a cyber criminal launches a cyber attack on your business the damage could be irreparable.

Think about it. A cyber attack leads to a huge loss of profit and productivity but thousands of dollars in fees. Not to mention the loss of business that follows.

The average cost from damage or theft of IT assets and infrastructure increased from $879,582 in 2016 to $1,027,053 in 2017.  The average cost due to disruption to normal operations increased from $955,429 to $1,207,965.

Even worse than this, according to Inc. 60% of all small business fail within 6 months due to cyber attacks.

41 percent of companies have over 1,000 sensitive files open to everyone, according to research by the Varonis Data Labs.

How Do Cyber Attacks Work?

Cyber attackers look for unsecured folders the moment they gain access to a network. Why? Because folders open to global access groups.  Global access groups include everyone, domain users and authenticated users. This gives them easy access to business plans, customer and employee data, credit card information and much more.

Overexposed data presents a huge risk to businesses of all sizes regardless of the industry or location. For small and medium size businesses, however, it could mean millions of dollars in losses, reimbursements, and legal fees that end up bankrupting the business.

Small businesses are often targets of cyber crime, yet invest less than $500 in cyber security.

What Are The Most Common Types of Attacks?

 

In the Ponemon study, 48 percent of small and medium sized businesses (SMB’s) report social engineering/phishing were the most common kind of attack.

54 percent of respondents in the study claimed data breaches occurred due to negligent employees or contractor.

Cyber Attacks in Remote Work

Phishing attacks:

Phishing is considered the top cause of data breaches. Hackers send apparently legitimate emails with dangerous links or attached documents. When a target clicks on the link or opens the attachment, a hacker gains access to their device. The link will contain malware or ransomware that corrupts and freezes important data.

Employees might work on personal devices which might not have the same protections as a company owned computer. As a result, the personal device might be more vulnerable to malware and other viruses. Make sure you use a company issued device whenever possible. Not just for the sake of the company, but for the sake of the remote employee as well. No one benefits when a device is breached.

Insecure Passwords:

53 percent of people rely on memory to keep track of their passwords. Therefore, they choose passwords that are easy to remember.  That makes it easy for a hacker to decipher an employees password by simply going through social media. It allows hackers to even access various accounts if the employee is using the same password.

Wi-Fi Security in a Remote environment: 

In an office environment, IT departments can protect employees and control network security. In a remote environment, however, employees probably don’t have the same protections. Hackers exploit networks with WEP security protections rather than WPA2, for example.  WEP settings are the standard Wi-Fi protection for average users.Even inexperienced hackers can download tools that allow them to break through this type of network.

Remote workers don’t realize how insecure they are until something happens. All remote employees need to consider what type of network they have at home before accessing company data. Using a VPN (virtual private network) also helps in protecting against certain types of attacks on remote workers.

During the lock-down period in 2020, there were record spikes in cyber attacks on remote workers. Hackers leverage remote workers’ devices to gain access to systems that would otherwise be more secure.

The Damage You Don’t See

Even assuming an SMB survives a cyber attack financially, the reputational damage would be just as catastrophic.

Security is everything in a business, both internally and to prospective clients. If a cybercriminal hacks your business, exposing your data, no one will want to take the risk of doing business with your company. The perception that your business is unreliable or even a liability can destroy your credibility and tank your business completely.

In the worst of scenarios, you may not even notice you’ve been breached for weeks or months, at which point recovery will be next to impossible.

One of the reasons so many businesses fail is because they have an inadequate strategy for managing cyber attacks.  SMB’s may have fire walls, anti-virus software, malware protection, and encryption but they don’t plan for the event of an actual breach.

While businesses focus on keeping attackers out, the actual data itself remains accessible and vulnerable to attack.

Businesses are losing more records in a data breach. Companies represented in the Ponemon study lost an average of more than 9,350 individual records as a result of a data breach in 2017, an increase from an average of 5,079 in the 2016.

A business needs a fully redundant system to access their applications and data and regular offline backups stored in multiple onsite and offsite locations.

Nerd Support’s experienced team can guarantee a secure business and keep your data safe. A breach doesn’t have to mean failure.

With a business continuity plan that is tailored to your needs your needs, you can get peace of mind knowing your information is safe.

Contact us today for a FREE IT Test! Or call us at 305-551-2009.

Nerds Support Contact Us Leaderboard

A team working on a an IT solution project

Three Easy Ways to Improve your Security

/in /by

Cloud-based storage and computing lets you get out of the IT business and focus on doing running your business. It’s also, as we’re about to see, far more secure than traditional servers and storage.

Even now, more companies are depending on the benefits of cloud tech for remote work.

Furthermore, there are many big name companies that have found success by migrating to the cloud.

If you’re a smart business owner, you’ll see the writing on the wall. Cloud technology is essential for businesses’ success.

So without further ado, here are three ways to take advantage of cloud security:

1. Move your files to the cloud

Cloud file sharing and storage saves you from disaster. Say bye to lost attachments, file size limits and unsecure collaboration. More importantly, it puts the security of your files in the heavily-protected server room of an IT partner or technology provider – so you have a far safer back-up of all your files as well. It’s the easiest of all the cloud security steps and it dramatically improves your security overnight.

Security

Business owners use the cloud because the data stored on it is safe. Why is it safe? Because data stored on the cloud is distributed through redundant servers and never stored in just one place. Meaning, hardware failure of any kind becomes a non-issue.

If there is damage to your hardware due to a flood, storm or any other reason, your information remains secure.If a company like Cisco is vulnerable to a power outage chances are you are too.

Cloud servers also have automatic backups and multi-factored authentication to prevent data loss or theft.

This is especially helpful if your company has valuable or sensitive data. Security features on the cloud help protect against social engineering techniques like email scams. However,  there are also safe practices when emailing that can help mitigate threats.

Cost Savings

Annual operation costs drop significantly when using the cloud. Rather than pay for Internal IT software, everything is stored online or in a private server. Separate storage becomes unnecessary and so does much of your hardware and software costs.

Easy Sharing

If you’ve ever used Google Docs or Dropbox, you’re probably familiar with file sharing. File sharing is function of the cloud. A cloud environment facilitates remote work, communication and increased productivity as a result.

CIA uses the cloud for their most sensitive data and workloads

2. Move your applications to the cloud

Save over $30,000 a year by switching to the cloud per application

You probably already use cloud apps too. Facebook, Gmail, Slack or Office365 are all examples of cloud tech. However, you can also put your most important on-site apps, the ones stored on your computer, on the cloud. Application virtualization transforms any non-cloud app into a cloud-based app, easy, so your users  can access it from any device. 

Examples include :

1 . Quickbooks

2. Descartes

3. Thomas Reuter

For example, Nerds Support is a Quickbooks hosting provider. Which means businesses looking to adopt Quickbooks application services through us. Cloud based applications like Quickbooks are the best options for businesses that need to work remotely. Quickbooks hosting for remote work is a popular option among medium and small business for its accessibility.

Those times that you leave your laptop at home and have to rush back to pick it up before your 10 am meeting are gone. You can access that Excel and Powerpoint presentation in an instant.

Automation & Backups 

Creating data backups is among the biggest issues businesses face. Between dealing with complex client data, customer service, and business operations, it’s hard to remember to back up files and valuable information. This makes you vulnerable to data loss. With cloud storage, data backups are automated and routinely performed to prevent data loss or correct data mistakes that may arise. 

Data backups are good for medium and small businesses for many reasons. They also prevent ransomware attacks like the ones that plagued New Orleans in 2019.

3. Move your desktops to the cloud

Managing many PCs is a lot of work and can lead to many unsecure devices. Simply because businesses don’t have good data management practices. Your users can work on any device, any browser, anytime. And if they leave their laptop in an Uber, the airport, or at home, no problem.

Contact us today to start migrating your apps to the cloud. 

Outsourcing your tech responsibilities creates opportunities to scale and grow your business. But also consider what kind of cloud provider you’re trusting with your operation? You also need to establish a cloud migration plan. 

Nerds Support has over 17 years of experience, working with small and medium sized businesses in IT Cloud Solutions.

Nerds Support Contact Us Leaderboard

Outdated technology causes issues for future situations

Outdated System Creating Issues For Those Filing For Unemployment

/in /by

Outdated Systems

As the temporary shutdown forces millions of people out of a job, millions of Floridians struggle to file for unemployment due to the Florida Reemployment Assistance Program’s outdated website.

These website crashes leave many Floridians confused and desperate to find work. The system used by the Florida Economic Opportunity is called CONNECT. The CONNECT system runs on a software that dates back to 2013. Some of the system framework used to build the application seems to date back to the time of Governor Rick Scott.

Connect Keeps Crashing

The CONNECT system doesn’t seem to have been designed with an end date in mind. In other words, there was no plan put in place to replace or update it.

This results in slow and unstable connection to the site when users open the program from a P.C. using Windows 7 or newer.

The Cloud is Constantly Connected

To avoid the hassles of running complex software and storing and processing large chucks of data, businesses and government agencies outsource these processes to cloud service providers like Amazon Web Services or Nerds Support. That way, applications and programs are scalable and operate more efficiently.

The CONNECT system was developed before the time of cloud computing was as popular as well known. Governor Ron Desantis himself has acknowledged a flaw with the website.

“The website would be down more than half the time, it would take seven second just to connect through,” he said. ” It may have been okay in 1996, not in 2020.”

Old Browsers Beat Beyond Belief

Considering Windows 7 itself has recently reached the end of life period, you can image how problematic it is for people trying to use the current system.

This is why so many people in Florida struggle to file for unemployment.

This, however, is not an isolated incident.

Labor Department Lagging Log ins

New York’s State Department of Labor also experienced a flood of traffic to their website as people try to apply for unemployment as well.

The governor of New York got various tech companies to work on the infrastructure of the website. Furthermore, it increased server capacity and assigned 700 staff members to an unemployment insurance hotline.

Filing Formula Fixes Freeze

The State Department of Labor also asks to reduce the surge of traffic by scheduling when citizens file. For example, people with last names A- F apply on Monday, last names G-N apply on Tuesday, and last names O-Z apply Wednesday.

In Florida IT experts admit the existing website hasn’t been developed beyond earlier browsers. In order to navigate through the existing site, users would have to use an older, or outdated browser that functions better with the site.

Wednesday, April 8, Florida did provide a second website that was easier to use on smartphones and tablets. This helped ease the influx of traffic but many of the findings from the Office of Florida Auditors have not been addressed.

Word To the Wise From the Web

This should be cautionary tale for businesses with outdated IT or unaudited systems. This period of remote working should be an opportunity to review your IT network and infrastructure and ensure everything from security to data and filing systems are updated.

Even outsourcing some of these tasks to a cloud provider can dramatically increase the productivity and efficiency of your business.

If you’d like more information on cloud, cyber security, remote work or managed services visit our blog or contact us at 305-551-2009.