Uncategorized

Ransomware Attack: Is your business at risk?

By Bill MacLennan, CEO of Your Computer Hero

I get a lot of questions from business owners about ransomware attacks, as I should, the statistics about the cost of ransomware attacks on businesses is nothing short of terrifying.  Here are some statistics you should be aware of regarding ransomware attacks:

 

  • A new organization will fall victim to ransomware attack every 14 seconds in 2019, and every 11 seconds by 2021 (Source: Cyber Security Ventures)
  • Ransomware attacks have increased by 97% in the last 2 years. (Source: Phishme)
  • 34% of business hit took a week or more to regain access to their data. (Source: Kaspersky)
  • In 2019, ransomware from phishing emails increased by 109% over 2017 (Source: Phishme)
  • Ransomware generates over $25 million for hackers each year. (Source: Business Insider)

 

Definition: Ransomeware; noun: ransomware; noun: ransom-ware

a type of malicious software designed to block access to a computer system until a sum of money is paid.  Usually, a program is deployed on the system that encrypts the data, the hacker then demands a ransom to unlock the encryption so the owner of the data can have it back.

 

In this article I want to give you a behind the scenes look into how we guard our clients’ networks against such attacks and discuss four ways that companies can be vulnerable.

There are 4 best primary ways that companies can safeguard themselves against a successful ransomware attack:

  1. Educate employees about phishing scams. Most ransomware attacks are initiated through email. Employees can be duped into clicking on a link that deploys the encryption software. Clicking the link gives permission to load the encryption software which looks for the Windows vulnerabilities once on the system.  Just last month, Monore College in New York had their computer systems and website shut down by a ransomware attack.  Hackers demanded 2 million dollars for the encryption code to release the ransomware.  The malicious software entered the system by an employee who clicked on an email link.
  2. Upgrade-for Microsoft 7 users. Microsoft will discontinue free support of Windows 7 this January. After this time, you may pay for support for three years, the price is per computer and increases each year.  I recommend updating to Windows 10. The support is critical because it updates the vulnerabilities to the latest hacker schemes, like the most recent ransomware attacks known as the “wannacry” or “NotPetya.”
  3. Be VERY VIGILANT about updating and implementing patches. Scheduled maintenance is not an option for your business network and it is a critical service that we offer our business clients. It is absolutely paramount that updates and patches get implemented on a timely basis. If you are not totally certain that these updates are happening as they should, it may be time to talk to us about doing that maintenance for you.  If a ransomware attack circumvents your firewall, it looks for Windows system vulnerabilities on the computers in the network, the patches and updates address these vulnerabilities.
  4. You must have adequate backups. If a ransomware attack happens, the first place we will look for recovery is your data backups. The best backups include an off site/cloud based copy that has redundancy, so multiple copies and multiple days worth.   In light of these increasing attacks, and others like them, I have come to believe that the best defense against a costly cyber attack is the Datto device.  This is a hardware piece that creates an exact, real time image of a server or data store computer so the system can be booted back up right away after it is hit.  The Datto device also has ransomware blocker that dramatically decreases the chance of a successful attack.

Definition: Phishing

noun: phish-ing /’fiSHing/: the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers (or in this case click on a link that executes malicious software)

 

According to a poll from Insureon and Manta, only 16% of small business owners think they are susceptible to a cyberattack.  Yet, 61% of attacks occur at smaller businesses.  Don’t wait until you are under attack to get your cyber security plan in place!  If you have more questions than answers regarding the security of your network, call our shop today to talk to one of our expert technicians!  We would love to answer your questions about your current system and discuss how we can help you avoid being a victim of the increasing number and severity of ransomware attacks.

 

 

 

Electronics Recycling Event this Month! July 22-27, 2019

Concerned about recycling and data security?

If you have a computer or two (or ten) collecting dust in a your garage or office closet somewhere, you are not alone.  Many PC users and business owners hang on to old computers, monitors and printers because it is just a PAIN to figure out how to responsibly dispose of them and protect sensitive data in the process.  That is why we have ironed out a secure disposal partnership with a reputable local recycler.  And for those who need at that iron clad proof of responsible data disposal on file, we have a Certificate of Overwrite. 

Dismantled and Crushed

I don’t want to overdo the “save the planet” pep talk, but there are many great reasons to recycle your computer.  Electronic devices contain toxic substances including lead, mercury, cadmium, beryllium, polyvinyl chloride and chromium. These and other components are valuable raw materials that can be melted down or isolated and reused.  When e-waste is tossed into landfills, these chemicals can leach into the soil, polluting ground water.

It is typical for us to collect about 4,500 pounds of e-waste during our weeklong recycling events.  99% of that goes to our recycling partner: B & E Recycling in Elk River.  They are a trustworthy local company, the prices are very reasonable and they have provided us with this written security guarantee:

 

B & E Recycling Data Security Guarantee

B & E Recycling is exclusively a recycler.  B & E Recycling does not refurbish, resell, give away, utilize or let our employees take home ANY electronics that come through our doors.   At B & E Recycling, we understand the sensitive nature of data that may be stored on computer hard drives and take every precaution to assure that those hard drives are dismantled and destroyed as promised right here on our premises.  Therefore, you can be assured that your data is secure when you trust us to recycle your electronic waste.

 

Refurbished and Reused

A very small percent of the computers and laptops that are dropped off during our recycling events are refurbish-able.  In this case, protecting your private data, even if you have erased it, requires that the hard drive be wiped to government standards (National Institute of Standards and Technology Standard 800-88 r1).

Wiping to government standards means we take a special program that is designed to overwrite every piece of that data three times over.  Once overwritten by this method, the data is not retrievable by anyone no matter what program they use or how much time they have to work at it.   It is gone and it’s not coming back!

 

Certificate of Overwrite

For those that need the an iron clad guarantee on file that they have handled the disposal of electronics containing sensitive data, we offer a Certificate of Overwrite as proof that your hard drive has been overwritten to government standards according to National Institute of Standards and Technology Standard 800-88 r1.  Some business have policies that require this type of proof, others prefer the peace of mind that goes with having hard evidence that they responsibly disposed of sensitive data.  We charge a nominal fee of $45 per hard drive for this service and offer volume discounts.  A certificate containing your specific hard drive information will be emailed to you with a statement referring to the government standard.

If you have questions about our recycling event on July 22-27, 2019 or have concerns about data security related to disposing of your e-waste.  Give our shop a call. at 763-229-4467.

 

 

5 Ways Your Employees Will Invite Hackers into Your Network

Whether they’re criminals or heroes, hackers in the movies are always portrayed as a glamorous group. When it comes down to the wire, these are the individuals who crack into the ominous mega corporation or hostile foreign government database, hitting the right key just in the nick of time. They either save the day or bring down regimes, empty the digital vault of the Federal Reserve or disable all the power plants in the country. It’s always a genius up against an impenetrable fortress of digital security, but no matter what, they always come out on top.

 

In real life, it’s rarely that difficult. Sure, if you look at the news, you might believe hackers are close to their Hollywood counterparts, stealing data from the NSA and nabbing millions of customer records from Equifax. But the majority of hacks aren’t against the big dogs; they’re against small to mid-sized businesses. And usually, this doesn’t involve actually hacking into anything. A lot of the time – approximately 60% according to the Harvard Business Review – an unwitting employee accidentally leaves the digital front door open.

The biggest threats to your company aren’t teams of roaming hackers; they’re your employees. Here’s why.

  1. They’ll slip up because they don’t know any better. 

With the proliferation of technology has come an exponential rise in digital threats of such variety and complexity that it’d be impossible for the average person to keep track of it all. Each of your employees’ lives are a labyrinth of passwords, interconnected online accounts and precious data. If their vigilance slacks at any point, it not only leaves them vulnerable, but it leaves your company vulnerable as well. For this reason, most cyber-attacks come down to a lack of cyber security education.

  1. They’ll let you get hacked on purpose.

It’s a sad fact that a huge portion of digital attacks are the result of company insiders exposing data to malicious groups. Whether it’s info vital for your competitive advantage, passwords they can sell to hacker networks to make a quick buck or sensitive data they can make public simply to spite your organization, it’s difficult to protect against a double agent.

  1. They’ll trust the wrong person.

For many hacks, little code is needed whatsoever. Instead, hackers are notorious for posing as a trusted member of your own team. And if you believe that you’d be able to spot an impostor from a mile away, you may want to think again. Not only is it easier than ever to crack individual users’ e-mail passwords and login credentials, personal info is now littered throughout social media. A simple visit to Facebook can give a hacker all they need to know to “social hack” their way into the heart of your business.

  1. They’ll miss red flags while surfing the web.

Clickbait is more than a nuisance plaguing your social media feeds. It can be a powerful tool for hackers trolling for easy prey. If an employee doesn’t understand what exactly makes a site or link look dubious, they may open themselves – and your company – to browser exploits or other types of attacks.

  1. They’re terrible at passwords.

According to Entreprenuer.com, “3 out of 4 consumers use duplicate passwords, many of which have not been changed in five years or more.” Even more of those passwords are simply weak, inviting easy access for unsavory elements. Many people brush off the importance of strong passwords, but the risks posed by the password “123456” or “password” cannot be overstated.

When it comes to defending your precious assets against digital threats, it can seem impossible to protect yourself at every turn. But there is one way you can make a concrete change that will tighten up your security more than you realize: educating your people. Through a comprehensive security training program, including specific examples of methods hackers use – particularly phishing – you can drastically minimize the risk of an employee accidentally opening up a malicious e-mail or posting sensitive info. When you make a concerted effort to make the entire organization vigilant against cyber-attacks, you’re much less likely to be targeted.

 

July: Tech Gadget of the Month

Tech Gadgets that Improve Productivity, Security or Efficiency in the workplace.

 N150 Wireless Travel Router

For the business traveler, staying connected while on the road is very important, but not all hotels and resorts provide free Wi-Fi in each guest room. The  N150 Wireless Travel Router (TEW-714TRU) allows you to turn your hotel’s free wired connection into a wireless one, or share a wireless connection without a limit on the number of devices.

Features Include:

  • Share a single Internet connection with multiple users
  • Router, WISP, and Repeater, modes
  • USB File Share port
  • USB Quick Charge port
  • Interchangeable Power plugs: USA, Euro, and UK
  • One touch network connection with the WPS button
  • Energy savings GREENnet technology

Retails for 14.99 + S&H at www.trendnet.com

 

I know you aren’t THAT in love with your old computer…so why is it still collecting dust in the corner?

If you have a computer or two (or ten) collecting dust in an office closet somewhere, you are not alone.  Many business owners hang on to old computers, monitors and printers because it is just a PAIN to figure out how to responsibly dispose of them and protect sensitive business data in the process.  That is why we have ironed out a secure disposal partnership with a local recycler. Twice a year we offer week long recycling events to our business clients and  all the legwork is done for you.

 

Dismantled and Crushed

I don’t want to overdo the “save the planet” pep talk, but there are many great reasons to recycle your computer.  Electronic devices contain toxic substances including lead, mercury, cadmium, beryllium, polyvinyl chloride and chromium. These and other components are valuable raw materials that can be melted down or isolated and reused.  When e-waste is tossed into landfills, these chemicals can leach into the soil, polluting ground water.

It is typical for us to collect about 4,500 pounds of e-waste during our weeklong recycling events.  99% of that goes to our recycling partner: B & E Recycling in Elk River.  They are a trustworthy local company, the prices are very reasonable and they have provided us with this written security guarantee:

 

B & E Recycling Data Security Guarantee

B & E Recycling is exclusively a recycler.  B & E Recycling does not refurbish, resell, give away, utilize or let our employees take home ANY electronics that come through our doors.   At B & E Recycling, we understand the sensitive nature of data that may be stored on computer hard drives and take every precaution to assure that those hard drives are dismantled and destroyed as promised right here on our premises.  Therefore, you can be assured that your data is secure when you trust us to recycle your electronic waste.

 

Refurbished and Reused

A very small percent of the computers and laptops that are dropped off during our recycling events are refurbish-able.  In this case, protecting your private data, even if you have erased it, requires that the hard drive be wiped to government standards (National Institute of Standards and Technology Standard 800-88 r1).

Wiping to government standards means we take a special program that is designed to overwrite every piece of that data three times over.  Once overwritten by this method, the data is not retrievable by anyone no matter what program they use or how much time they have to work at it.   It is gone and it’s not coming back!

 

Certificate of Overwrite

For those that need the an iron clad guarantee on file that they have handled the disposal of electronics containing sensitive data, we offer a Certificate of Overwrite as proof that your hard drive has been overwritten to government standards according to National Institute of Standards and Technology Standard 800-88 r1.  Some business have policies that require this type of proof, others prefer the peace of mind that goes with having hard evidence that they responsibly disposed of sensitive data.  We charge a nominal fee of $45 per hard drive for this service and offer volume discounts.  A certificate containing your specific hard drive information will be emailed to you with a statement referring to the government standard.

 

If you have questions about our recycling event on July 22-27, 2019 or have concerns about data security related to disposing of your e-waste.  Give our shop a call. at 763-229-4467.

 

Nerdy Talk: How to Communicate with Your IT Guy to Save Money and Get it Fixed Fast…And How He Should Respond.

by Bill MacLennan, CEO of Your Computer Hero 

I am going to give the answer right here in the first sentence: As calm as possible, explain the facts of the problem in the simplest, most non-technical terms Sound simple?

The reality is, amid a frustrating and costly technology failure, good communication is usually the first thing to exit the building.  This is normal and expected!  Any IT professional worth their weight will be able to skillfully navigate through communication under pressure-this is the “art” of our business, the rest is mostly science.  In the remainder of this article I am going to share the five communication principles that I expect our Tech Heroes to employ under pressure to help them stay laser focused on finding and fixing technology problems fast.  I have developed them through 15 years and over 16,000 conversations about technology problems.

Principle #1:  Get over it!  Blustery talk on the part of a frustrated technology user comes with the territory, stay calm.  IT problems stop workflow and cost money. This can be extremely frustrating and can raise the ire of even the calmest CEO.  The IT professional must weather the storm of this frustration and stay focused on gathering facts and solving the problems.  Becoming offended or emotionally involved in the problem does not make for good IT problem solving.  Stay Calm! From the moment the conversation begins, listen intently for facts, and get to work!

 

Principle #2: Respect! Respect the client’s IT knowledge.  Company CEO’s have all levels of IT knowledge.  Some have vast IT knowledge but hire a consultant so they can remain focused on other things, while others do not want to tackle even the simplest IT problem.  Either way, the client’s attitudes about the problem and depth of interest in the solutions must become part of the communication and solution.

 

Principle #3: No Nerdy Talk! Keep all talk in layman’s terms.  Everyone understands plain English.  No technical terms, it confuses people and reeks of pride-violating principle #2.

 

Principle #4: Stay Out of the Rabbit Holes! Understand the difference between theories and facts.  Often, a frustrated potential client will call after investing their own time and energy in an attempt to fix their technology problem.  The client will usually share a couple of theories about what is causing the problem  or how to fix it.  These theories are often plausible, they’re always informative, but they also contain some of the biggest time wasting “rabbit holes” to efficient problem solving.  Questioning should be directed at facts: “What error message are you seeing?”, “What exactly do you see when you turn on your computer?,” etc.

 

Principle #5: Stay relevant!  When a CEO says, “I don’t want to know anything,” there is still relevant insight to be gained from the technology failure that will help them run their business. “I don’t want to know anything,” means they don’t want to know how to fix the technology problem.  They certainly want to know if there is something they can do to avoid this problem in the future such as having different software, different hardware, or different training for employees.

 

The communication gap between IT professionals and non-IT professionals is so cliché, it has become the fodder for many good jokes in our culture.  Our goal at Your Computer Hero is to take the art of communication seriously and hone our ability to gather relevant facts that lead to efficient fixes for our clients.

 

 

 

  

June: Shiny New Gadget of the Month

Tech Gadgets that Improve Productivity, Security or Efficiency in the workplace

One of the most annoying things about running a business is keeping track of all those receipts!  Here’s where Doxie Go SE, the portable scanner, comes in.

Scan your paper documents, receipts or photos, and send them to your computer or cloud service in a split second. Doxie Go SE is compact, lightweight and doesn’t take up more space than a rolled up magazine, so you can bring it with you anywhere. Its rechargeable battery will last you for up to 400 scans per charge.

Don’t have a computer with you? Not a problem for Doxie Go SE. No drivers are required – just insert your document and scan. Doxie Go SE will save the scans on its expandable SD card or send them straight to your e-mail or favorite cloud app.  Doxi Go SE retails for about $150.00 on Amazon.

 

Don’t Be a Sitting Duck! 7 Security Measures Every Small Business Should Have in Place Now!

Small businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses to steal credit cards and client information, and swindle money directly out of bank accounts. Some are even being funded by their own government to attack small, virtually defenseless businesses.

 

Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot?

 

Think again. 82,000 NEW malware threats are being  released every single day and HALF of the cyber-attacks occurring are aimed  at small businesses; you just don’t hear about it because it’s kept quiet for  fear of attracting bad PR, lawsuits and data-breach fines.

 

In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilize cloud computing and mobile devices, and store more information online.  You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity.

 

Because of all of this, it’s critical that you have these 7 security measures in place:

 

1.Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. It’s extremely common for an employee to infect an entire network by opening and clicking a phishing e-mail (that’s an e-mail cleverly designed to look like a legitimate e-mail from a web site or vendor you trust). If they don’t know how to spot infected e-mails or online scams, they could compromise your entire network.

 

2. Create An Acceptable Use Policy (AUP) – And Enforce It! An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others. Having this type of policy is particularly important if your employees are using their own personal devices to access company e-mail and data.  If that employee is checking unregulated, personal e-mail on their own laptop that infects that laptop, it can be a gateway for a hacker to enter YOUR network. If that employee leaves, are you allowed to erase company data from their phone?  If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised? Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can or cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.

3. Require STRONG passwords and passcodes to lock mobile devices. Passwords should be at least 8 characters, randomized and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.

 

4. Keep Your Network Up-To-Date. New vulnerabilities are frequently found in common software programs you are using, such as Microsoft Office; therefore it’s critical you patch and update your systems frequently. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.

 

5. Have An Excellent Backup. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!

 

6. Don’t allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This can largely be prevented with a good firewall and employee training and monitoring.

 

7. Don’t Scrimp On A Good Firewall. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network. This too should be done by your IT person or company as part of their regular, routine maintenance.

 

If you have questions or concerns about implementing any of these critical security measures, call our shop to schedule a security assessment. We help our client sleep at night knowing that they have done all they can to prevent security breaches.

 

 

VoIP Phone Systems: Cost, Dependability, Sound Quality and Features.

by Bill MacLennan, CEO of Your Computer Hero

Last month’s most interesting project was the installation of a VoIP phone system for one of our clients.  The business owner was frustrated with the lack of features on his aging traditional phones but reluctant to move to VoIP because he believed the sound quality would not be as good.  After we did a thorough evaluation of his existing infrastructure, he decided to go ahead with the install.  The process highlighted some interesting perceptions business owners may have about VoIP, so I thought it would be a good topic for this month’s newsletter. 

In this article I want to define what VoIP is, explore the cost, dependability and sound quality when compared to traditional phone lines as well discuss why many companies are now switching VoIP phone systems.

What is VoIP?

VoIP stands for Voice Over Internet Protocol. The VoIP Phone is essentially a specialized computer that connects through the same lines as your internet.  It is an alternative to traditional telephone network that runs over a copper wire infrastructure that has been in place in America since Alexander Graham Bell started building the network in about 1900.

Cost, Dependability and Sound Quality

Initial cost of a VoIP phone system will include the phones and installation-prices vary widely depending on the phone features and the size of the network but when compared to traditional phone systems often can save money, especially if existing phones are in need of an upgrade.

Dependability and sound quality are tied to the bandwidth, firewall configuration and wired data connectivity.  When we install these systems, as with any upgrade that will put demand on the existing infrastructure, we do an initial site survey to make sure your network will support the data traffic from the phones and give you the results you are looking for.   If upgrades are needed to the infrastructure, that is part of the initial planning.

There are 3 primary reasons why people switch to VoIP phone systems: Features & Function, Business Continuity and Disaster Recovery.

Features and Function-VoIP phone systems offer a much wider range of features that traditional phones do not.  Some features include:

  • Find me/follow me routing
  • Voice Mail to Email Transcription
  • Hold Music of your choosing
  • Bandwidth utilization and inbound/outbound call detail reports
  • Coaching Tools
  • Conferencing
  • Auto-attendant
  • Call Screening
  • Do Not Disturb

Business ContinuityFind me/follow me routing allows calls to be forwarded to your office.  Additionally, since your phone is essentially a computer, it can be treated like a laptop.  Your office phone can be used anywhere you are by taking it with you and plugging it into an Ethernet jack.

Disaster Recoverywith VoIP phone systems, the only equipment that is at the office are the headsets, if those are destroyed, phone services can be accessed via the cloud so there is no need to worry about disaster recovery. If something should happen to your office, employees can continue working from anywhere, numbers can be rerouted to cell phone or another headset and voicemails will still be in the cloud or on email.

Is VoIP right for your business?

If you are thinking about replacing aging phones, are frustrated with your current phone system or believe your business would benefit from the many features of a VoIP system, give our shop a call at 763-229-4467.  We would be happy to answer your questions.

 

 

Tech Tip: Answering Security Questions

Answers to security questions must be memorable to you, but they don’t have to be true.

Today online banking, creating new email accounts, health insurance applications and the like often require security questions.  The trouble is, your mother’s maiden name is not a secret. For most, a simple search on Facebook reveals the answer to this security question. Since your credit score may be at stake if someone hacks your bank account, it is worth considering carefully how you may answer these questions.  Think of a memorable alternative to the true answer. For example: If your mother had 5 siblings with maiden name Olson, your answer could be “Oliesixpack.” Since your favorite pet is probably also featured on Facebook-think of a similar unique and memorable alternative for this.