503-359-1275
503-359-1275
 
Author Archives:

Wally Moore

Natural Disaster Survival Guide For Businesses Part 1

A Quick Reference for Business Leaders

Natural Disaster Survival Guide For Business, Part 1, is our first post, in this series designed to prepare your business to survive any number of disasters that could shut your business down. These posts are not intended to be a complete preparation guide on disaster preparedness. Rather they are meant to stimulate your thinking, as a business leader.

Disasters come in different ways. We’ve chosen six to chat about, over the next few weeks, leaving the most common one for last.

DISASTER SURVIVAL GUIDE

1. Building fire or flooding
2. Hurricane or coastal storm
3. Flood
4. Tornado or extreme storm
5. Earthquake, landslide or avalanche
6. Human error aka “hurricane humanity”

INTRODUCTION

Every business has to prepare for the worst. Those that don’t may never fully recover from a disaster. But not all disasters are created equal. Moreover, not all businesses are at risk for every kind of disaster. That’s why our partner, Datto, put together this quick Disaster Survival Guide to help you ensure that your business can keep operating even if it’s struck by one of the natural disasters described. Of course, this post is no substitute for rigorous business continuity (BC) planning with a BC consultant. But it will get you started in the right direction—and help ensure that you have the basics of a good disaster recovery in place even before you invest in a more formal BC plan. Note: This post addresses continuity of business operations only. It does not address the physical safety of employees during a disaster—which should always be the first priority. For matters of employee safety, please consult appropriate guidance from building codes, fire safety engineers, etc.

Disaster #1 BUILDING FIRE OR FLOODING

Description: Fires or floods within an office or building can range from small incidents of short duration to the complete destruction of the facility.

Potential impact: Even a relatively small fire/flooding incident can have a very disruptive impact on a business. For example, a small fire in an office on an upper floor can result in the complete flooding of computers and telephone systems in the offices below as the building’s sprinkler systems kick in and firefighters seek to extinguish the blaze. Similarly, even a relatively limited amount of water leaking from a broken pipe or valve can put some or all of a business’s technology infrastructure out of commission. A large fire, of course, can force a business to have to relocate all of its operations temporarily or permanently.

Risk factors: There are approximately 100,000 commercial building fires in the U.S. per year, according to the National Fire Protection Association. Those at highest risk include manufacturing facilities, as well as offices located above or in proximity to restaurants because cooking is a primary cause of non-residential structure fires, just as it is in homes.

Warning times: Water damage from failed plumbing, sprinkler systems, etc. can short-circuit electronic equipment with zero warning. However, building alarm systems typically give employees a few minutes to shut down critical systems and evacuate the premises.

Natural Disaster Survival Guide Technology continuity: As noted above, the severity and length of business disruptions caused by fires and flooding can vary considerably. To be prepared for extended or permanent facility damage, businesses should: Maintain continuous off-site backup of data, applications, and server images. Have arrangements in place for re-routing incoming calls to an alternative site and/or to employees’ mobile phones. Prepare an emergency posting for the company website that can be activated immediately and progressively as the consequences of the event unfold.

Prepare an emergency posting for the company website that can be activated immediately and progressively as the consequences of the event unfold.

People continuity: Because building fires and flooding only affect individual structures (or, at worst, just a few adjoining ones as well), businesses impacted have a lot of options for keeping people productive.

Business Continuity plans should include: Arrangements in advance with a nearby shared/furnished office space provider, hotel, college, or other facility for an immediate/temporary operations command center. Next-day workspace provisioning in another company facility, emergency failover “cold site,” or at home personal desktops/laptops with appropriate call forwarding. Internal communications for keeping employees updated on resource availability, recovery status, etc. Any necessary third-party contracting for shipping/receiving, mail processing, duplicating, etc. Prepare an emergency posting for the company website that can be activated immediately and progressively as the consequences of the event unfold.

Businesses may also seek policy provisions that address work done from home or other locations while the facility is under repair (and/or a new location is secured) as well as business losses that may occur despite best–effort BC planning and execution.

Process continuity: Again, because building fires and flooding are highly localized, they typically only disrupt processes that touch a single company location. Business continuity plans therefore need to provide for alternative locations and means to perform actions such as:
• Answering phones
• Processing orders
• Issuing invoices
• Signing checks
• Filing reports required by regulatory mandates

Insurance considerations: A properly insured business should have a policy that covers the expenses above, in addition to the physical damage directly caused by the fire or flood. Businesses may also seek policy provisions that address work done from home or other locations while the facility is under repair (and/or a new location is secured) as well as business losses that may occur despite best-effort BC planning and execution.

Thank you for joining on this series on Natural Disaster Survival Guide for Businesses Part 1.

If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work
503.359.1275

 

Why a File Sync & Sharing Solution is Critical for Your Business Part 2

Why a File Sync & Sharing Solution is Critical for Your Business is our second, of two posts, on this new technology that will revolutionize your productivity especially if you spend time away from the office on a consistent basis. All employees have the ability to collaborate securely on company documents, no matter where in the world they are working. It’s easy peasy, with a little help from checklists.

This week we chat about checklists

“Data security” is the word for the day in this decade. The cyber world is on heightened alert to the threats of data being compromised. We believe the only way you can really know how safe your data is, is to have some kind of checklist you can follow to lock down your company data. After you have accomplished everything on the checklist, you can breathe a little easier. So let’s get right to it!

Content Privacy and Security Checklist

Encryption In-session, In-transit, On-device

To protect your organization’s data, select a file sharing solution that delivers 256-bit AES encryption for every point in your content’s lifecycle – when it’s being accessed in-session, while in-transit and while at rest, regardless of where it’s being stored or on what device. Also be sure that unique and rotating encryption keys are used for each file.

Policy-based Control of Content, Users & Devices

An enterprise-grade file sharing solution should deliver detailed – yet easy to use – policy controls where you specify settings for content, users and devices at the granularity you prefer.

Download / Copy Prevent; Auto PDF

To protect document tampering, your file sharing service should have user defined download and copy prevention controls and the ability to auto-create view-only PDFs when desired.

Built-in Remote Wipe Capabilities

Ideal for environments where remote workers or consultants are given access to content. Built-in remote wipe capabilities that will delete content from selected devices when desired can safeguard content from getting into the wrong hands. This is also ideal to minimize risk in the event of device theft or loss.

Two-factor Authentication

For secure document access, assure that two-factor authentication protection is in place. It’s important for you to know who is accessing information and where they’re coming from.

Share Content with Links

Eliminate the need to email files, and improve security with link sharing. Look for a solution with an array of customization options for public sharing including password protection, view or download permission, as well as auto-expire after a time-period or access count.

Inactivity Session Timers

Protect content from unwanted viewing with inactivity session timers for both mobile devices and computers.

IP Address White Listing

Lock down endpoint access for different components of your cloud service like the browser, mobile app or desktop software. Access shouldn’t be granted from anywhere, so look for a solution that restricts access to the cloud from certain IP addresses. This allows admins to accommodate a multitude of company locations while maintaining security.

Introduction to Team Collaboration

With the continued increase of Bring Your Own Device and remote and mobile workforces, users need to work and collaborate efficiently, and IT must securely manage the flood of user devices and content. When your organization deploys new services, integration with existing systems is critical. And more endpoints mean more contributed content from laptops, phones and tablets. Put to use the checklist below to look for the capabilities that will empower your team to collaborate more efficiently and more securely.

Team Collaboration Checklist
Yep! This is important enough for another check list.

Systems Integration

It’s important that a solution integrate with your existing systems and deployments like Active Directory for user and group management and authentication; SAML 2.0 for single sign-on; Salesforce and Outlook for simple document upload and attachment; and Office 365 and Google Docs for web editing and collaboration.

Real-time, Multi-Platform Sync

The beauty of the cloud is that your entire team can stay in sync. Arguably one of the most crucial components of a powerful file sharing solution is reliable and functional sync. Look for a solution that supports both Mac and Windows, as well as mobile devices and file servers. Always having access to the right content, whether online or off, improves team productivity and drives the business forward.

No File Size Limit

A file sharing solution should not make you change how you work. Large presentations and graphic files need to be sent and synchronized seamlessly. Look for a solution with no file size limitations for syncing and backup.

Continuous Real-time Backup

Businesses must be prepared for computer crashes, loss or theft, and scheduled or manual backups alone are not sufficient. Look for a solution that provides backup of critical files and folders in the cloud for redundancy and restoration in the event of file loss or data corruption. Backup should operate continuously in the background, typically discovering modified files within seconds, and then initiating backup.

Cloud-enable Your File Server

Company employees, virtual teams and authorized parties can securely access the files they need, when and where they need them, and changes are automatically synced across the appropriated user devices and company file servers without intervention. As a result, everyone – including mobile workers and remote offices – has access to the most current versions of files, which are securely protected, retained and archived with greater efficiency and recoverability.

Fully Mobile and Secure File Sharing – Introducing Autotask Workplace

Autotask Workplace is a complete, secure file sharing and collaboration solution that enables your team members to safely access, manage, organize and share files from any device, anywhere. It enables productivity by allowing individuals or teams to work on any documents or digital content – from their device – in real time, without fear of security breaches. Autotask Workplace also gives employees built-in security controls that can be set up based on how they need to share information with team members.

Mobile Productivity
Content Privacy and Security
Collaboration Features

FSS for Business Buyer’s Checklist

Any secure, built for business File Synchronization and Sharing solution should include the following characteristics. When evaluating file sync and sharing solution providers, utilize this checklist to ensure the solution you select can do the job.

Mobile Productivity

Support for Multiple Devices
Cross-Device Collaboration and Editing
Smart Sync Capabilities
On and Offline Access
Version Control
Secure Sharing without Forced Registration
Scan to PDF for Instant Field Image and Document Capture
Automated Document QR Coding

Content Privacy and Security

Encryption In-session, In-transit, On-device
Policy-based Control of Content, Users & Devices
Download / Copy Prevent; Auto PDF
Built-in Remote Wipe Capabilities
Two-factor Authentication o Share Content with Links
Inactivity Session Timers
IP Address White Listing

Team Collaboration

Systems Integration
Real-time, Multi-Platform Sync
No File Size Limit
Continuous Real-time Backup
Cloud-enable Your File Server

Thank you for joining us in this short series on Why a File Sync & Sharing Solution is Critical for Your Business.

If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work
503.359.1275

www.dtsinfotech.com

 
 

DTS LiveSyncIT from DTS InfoTech: A Secure File Sync & Share Solution for Your Business, PART 2

DTS LiveSyncIT from DTS InfoTech: A Secure File Sync & Share (FSS) Solution for Your Business is our second and last post, about this amazing new technology that will revolutionize the ability of your business to collaborate on documents written by all of your employees.

This week we dive a little deeper into the benefits of this amazing technology. Let’s begin with the list of benefits, which is actually quite long:

ENTERPRISE-GRADE SECURITY

Out of the Box Industry Compliance
SOC 2 Type 2 Report
HIPAA-compliant/We will a sign BAA
Geo-redundant
Regional Data Centers in US, CA, EU, ANZ

COMPETITIVE ADVANTAGES

Highly Secure
Policy and role based access control by user content and device
Built-in data loss protection
Mobile device data management
Encryption on device, in transit and session
Two Factor Authentication, device ID approval

Industry-Leading Reliability

Greater than 99.98% uptime, annually
Redundant regional data centers
Simple yet Powerful Administration
Cloud and hybrid deployment
Multi-level user management
Extensive policy controls
Extensive and detailed reporting
Active Directory / SAML 2.0 integration

Continuous Real-time Backup

Folder and file continuous backup
Six-month file versioning and recovery of deleted files
Optimized Delta Backup for large files
Recover from ransomware, crypto locker attacks

Across Any Industry

Construction
Healthcare
Marketing/Advertising
Government, Education, Non Profit
Legal
Finance

Construction

Folder and file continuous backup
Six-month file versioning and recovery of deleted files
Optimized Delta Backup for large files
Recover from ransomware, crypto locker attacks

Legal – Litigation, Personal Injury
Need:

Preparation – Easy and secure access to files and folders during a case
Collaborate with co-counsel, witnesses
Simple, reliable, mobile access from court, home and on the road

Old Solution(s)

Delays as files had to be uploaded manually or when connected
Unreliable, slow access via VPN, FTP; Minimal security with USB, Email

Now DTS LiveSyncIT

Securely create, modify and share sensitive case information
Document commenting and notification; photo/video capture
Easily moved to archiving solution

Financial Services

Secure Critical Data
SOC 2 Type 2 audited geo-redundant, regional datacenters
SSO (Single Sign-On), Active Directory and two-factor authentication

Virtual Data Room

Granular permission controls and full audit trails
Set permissions to prevent undesired access, sharing and viewing
Give access to folders and documents for viewing or downloading

Time is Money

Streamline sales processes by storing all critical content in a centralized location, for all departments to access at a moment’s notice
Give your customers a new way to engage with your business, with customer and investor portals

Mobile and Remote Access Solution
Need:

Mobile & remote employees need quick, easy access to folders, files
Folders and files typically on local drives, servers, NAS
Highly available, secure access across devices

Now DTS LiveSyncIT

Purpose built for remote and mobile access to files & folders; MDM services
Range of device and mobile security policies; on device/in transit encryption
Data encrypted on device, in transit; 2FA; SOC 2 Type 2 report
Highly reliable; Redundant data centers; 99.98 uptime

DTS LiveSyncIT works with Windows, Mac iOS, Android and BlackBerry

So now what?

1. Identify & replace complex, less reliable solutions (VPN, FTP)
2. Replace user “Band-Aids” like free, consumer grade FSS tools
3. Stop sharing sensitive data via email!
4. Identify and solve unique business needs
5. Assess storage utilization, set policies around FSS
6. Give your business a chance against Crypto locker & Ransomware!

Next Step Options

1. Let us know you are interested
2. Share your current status and needs with us
3. See a demonstration of how DTS LiveSyncIT can help
4. Sign up & securely share information & protect your business!

Thank you for joining us in this short series on DTS LiveSyncIT from DTS InfoTech: A Secure File Sync & Share (FSS) Solution for Your Business.

If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
DTSInfoTech . . . computer networks that work
503.359.1275

 

DTS LiveSyncIT from DTS InfoTech: Secure File Sync & Share

DTS LiveSyncIT from DTS InfoTech: A Secure File Sync & Share (FSS) Solution for Your Business, Part 1.

This is our first post, of two posts, about this amazing new technology that will revolutionize the ability of your business to collaborate on documents written by all of your employees.

This week we’ll introduce FSS and answer some questions. In the next post, we’ll dive a little deeper into the benefits of this amazing technology.

The contents of these two posts:

  • What is File Sync and Share (FSS)
  • Why you need to look at a secure FSS solution
  • Benefits of enterprise grade FSS, from DTS InfoTech
  • Next steps

What is File Sync and Share (FSS?)

  • Folders and files from a local drive, network device, or server that are synced with the cloud
  • Files accessed from mobile and remote access devices with an internet connection
  • Files shared internally & externally w/granular security & collaboration rules
  • File edits are synched bi-directionally to selected or all access points
  • Acts as a backup solution for data loss prevention

Are you wondering why this is important to your business? If so, here are some basic questions you must be able to answer about your business:

  • Are your internal users deciding what file sync and share (FSS) solution your business uses?
  • Do you know what are they using?
  • Are your confidential files vulnerable to a security breach as a result?
  • Who manages your devices & secures your networks?
  • Who manages & secures access to your files and folders?
  • Do you have an IT policy on storage and file sharing?
  • Who is protecting your business from your employees “just trying to get their job done” and external threats?

If you answered, “I don’t know” to any of these questions, you have some work to do . . . ASAP.

You must protect your business from your users & external threats, and you must have an enterprise grade FSS solution for your business. Why? Because business owners say, security is their #1 Priority. Source: Autotask Metrics that Matter survey

More importantly, in an increasingly mobile, global business world…“20% of the global workforce telecommute.”
Source: ESNA Technologies

File sync and share is a free-for-all in terms of complexity.

In other words, it comes at you from all directions; that is the free-for-all. It is very difficult to keep track of your data across all of these technologies:

  • Multiple copies of files
  • Consumer grade FSS
  • Email
  • Personal mobile devices

45% of businesses use “consumer cloud” sites…to share sensitive business information. This is bad.
Source: GlobalSCAPE

30% of employees have used unapproved cloud storage services for work-related files. This too is bad.
Source: GlobalSCAPE

63% of businesses use remote storage devices, like USB drives, to transfer confidential work files. Yep! This last one is bad too.
Source: Tech Pro Research

Just one breach could be devastating. What would you do if a hacker gained control of these types of data? Would your business survive the loss of data from this type of attack?

  • Patient/consumer data
  • Payroll/HR
  • Strategic planning

FSS IS LOADED WITH FEATURE-RICH SOLUTIONS INCLUDING . . .

  • Productivity
  • Local and online editing
  • Versioning and recovery
  • Quick recovery from ransomware and crypto locker type attacks!
  • Automatic QR coding and scan to PDF
  • Salesforce, Office, Google Docs integrations

Collaboration

  • Multi-user editing and smart file locking
  • Team and third-party secure sharing
  • Document commenting and notification
  • Selective sync and granular permissions
  • Collaboration

Mobility

  • Smart mobile sync and online/offline mode
  • Built-in creation, editing and markup
  • Photo and video capture
  • Integrated on-device security
  • Collaborate from anywhere, on any device

Thank you for joining us in this short series on DTS LiveSyncIT from DTS InfoTech: A Secure File Sync & Share (FSS) Solution for Your Business.

If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work
503.359.1275

 

 

The Business Guide to Ransomware, Part 4

The Business Guide to Ransomware, Part 4, is our final installment in this series of defensive information you need to know, that will absolutely save your company if you are one of the unfortunate ones forced into finding backup copies of your database after you’ve been successfully attacked. This truly is critical information for all companies who depend upon access to the data that runs all businesses.

Protect against Ransomware

Cyber criminals armed with ransomware are a formidable adversary. While small to-mid-sized businesses aren’t specifically targeted in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin and, in some cases, rely on outdated technology due to budgetary constraints. This is the perfect storm for ransomware vulnerability. Thankfully, there are tried and true ways to protect your business against ransomware attacks. Security software is essential, however, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup.

Education

First and foremost, education is essential to protect your business against ransomware. It is critical that your staff understands what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something, etc.). Conduct bi-annual formal training to inform staff about the risk of ransomware and other cyber threats. When new employees join the team, make sure you send them an email to bring them up to date about cyber best practices. It is important to ensure that the message is communicated clearly to everyone in the organization, not passed around on a word of mouth basis. Lastly, keep staff updated as new ransomware enters the market or changes over time.

Security

Antivirus software should be considered essential for any business to protect against ransomware and other risks. Ensure your security software is up to date, as well, in order to protect against newly identified threats. Keep all business applications patched and updated in order to minimize vulnerabilities. Because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: backup. Some antivirus software products offer ransomware-specific functionality. If ransomware is detected, the software has the ability to block it and alert users. However, because ransomware is constantly evolving, even the best security software can be breached. This is why a secondary layer of defense is critical for businesses to ensure recovery in case malware strikes: data backup.

Backup

Modern total data protection solutions, like Datto, take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware can not be triggered again. Additionally, some data protection products today allow users to run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” This technology can be useful for recovering from a ransomware attack as well, because it allows you to continue operations while your primary systems are being restored and with little to no downtime. Datto’s version of this business-saving technology is called Instant Virtualization, which virtualizes systems either locally or remotely in a secure cloud within seconds. This solution ensures businesses stay up-and-running when disaster strikes.

Conclusion

Cyber extortionists using ransomware are a definite threat to today’s businesses from the local pizza shop to the Fortune 500. However, a little bit of education and the right solutions go a long way. Make sure your employees understand what to watch out for and you can avoid a lot of headaches. Never underestimate the dedication or expertise of today’s hackers. They are constantly adapting and improving their weapon of choice. That’s why you need top-notch security software and backup. Keep your business safe and give your nerves a break. To sum it all up, knowledge spreading and security software can help you avoid cyber attacks. Patch management is essential. Be certain that your software is up-to date and secure. In the end, it is backup that will help you pick up the pieces when all else fails. Consider using a modern backup product that offers features that can permanently eliminate downtime.

Thank you for joining us in this series on the Business Guide To Ransomware.

If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech  . . . computer networks that work     

503.359.1275

 

The Business Guide to Ransomware, Part 3

The Business Guide to Ransomware, Part 3, is our third post in this series of defensive information you need to know, that will absolutely save your company if you are one of the unfortunate ones forced into finding backup copies of your database after you’ve been successfully attacked. This truly is critical information for all companies who depend upon access to the data that runs all businesses.

COMMON TYPES OF RANSOMWARE

As we’ve noted in previous posts, ransomware is constantly evolving and new variants are appearing all the time. So, it would be difficult, if not impossible, to compile a list of every type of ransomware proliferating today. While the following is not a complete list of today’s ransomware, it gives a sense of the major players and the variety in existence.

CryptoLocker

Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, the CryptoLocker approach has been widely copied, although the variants in operation today are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware. CryptoLocker is distributed via exploit kits and spam. When the malware is run, it installs itself in the Windows User Profiles folder and encrypts files across local hard drives and mapped network drives. It only encrypts files with specific extensions, including Microsoft Office, OpenDocument, images and AutoCAD files. Once the dirty work is done, a message informing the user that files have been encrypted is displayed on said user’s screen demanding a Bitcoin payment.

CryptoWall

CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have appeared with a variety of names, including: Cryptorbit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0, among others. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits. The initial version of CryptoWall used an RSA public encryption key but later versions (including the latest CryptoWall 3.0) use a private advanced encryption standard (AES) key, which is further masked using a public AES key. When the malware attachment is opened, the CryptoWall binary copies itself into the Microsoft temp folder and begins to encode files. CryptoWall encrypts a wider variety of file types than CryptoLocker but, when encryption is complete, also displays a ransom message on a user’s screen demanding payment.

CTB-Locker

The criminals behind CTB-Locker take a different approach to virus distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate. When CTB-Locker runs, it copies itself to the Microsoft temp directory. Unlike most forms of ransomware today, CTB-Locker uses Elliptic Curve Cryptography (ECC) to encrypt files. CTB-Locker impacts more file types than CryptoLocker. Once files are encrypted, CTB-Locker displays a ransom message demanding payment in, you guessed it, Bitcoins.

Locky

Locky is a relatively new type of ransomware, but its approach is familiar. The malware is spread using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. Bitcoin ransom is demanded when encryption is complete. Are you sensing a pattern here? The spam campaigns spreading Locky are operating on a massive scale. One company reported blocking five million emails associated with Locky campaigns over the course of two days.

TeslaCrypt

TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It is typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities.

You may also be interested in: Talk Nerdy to Me and TeslaCrypt, which installs itself in the Microsoft temp folder. When the time comes for victims to pay up, TeslaCrypt gives a few choices for payment: Bitcoin, PaySafeCard and Ukash are accepted here. And who doesn’t love options?

TorrentLocker

TorrentLocker is typically distributed through spam email campaigns and is geographically targeted, with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/ network—this is unique to TorrentLocker. TorrentLocker uses a technique called process hollowing, in which a Windows system process is launched in a suspended state, malicious code is installed, and the process is resumed. It uses explorer.exe for process hollowing. This malware also deletes Microsoft Volume Shadow Copies to prevent restores using Windows file recovery tools. Like the others outlined above, Bitcoin is the preferred currency for ransom payment.

KeRanger

According to ArsTechnica, KeRanger ransomware was recently discovered on a popular BitTorrent client. KeRanger is not widely distributed at this point, but it is worth noting because it is known as the first fully functioning ransomware designed to lock Mac OS X applications.

 So what’s next?

In our next post, Part 4, we’ll continue with this series on with the Business Guide To Ransomware by sharing how to protect your business from a Ransomware attack.

In the meantime, if you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,
Wally Moore
dts|infotech  . . . computer networks that work      

www.dtsinfotech.com

503.359.1275

 

The Business Guide to Ransomware, Part 2

The Business Guide to Ransomware, Part 2, is our second post in this series of defensive information you need to know, that will absolutely save your company if you are one of the unfortunate ones forced into finding backup copies of your database after you’ve been successfully attacked. This truly is critical information for all companies who depend upon access to the data that runs all businesses.

How Ransomware is spread

Spam is the most common method for distributing ransomware. It is generally spread using some form of social social engineering; victims are tricked into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, email might appear to come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click.

Another common method for spreading ransomware is a software package known as an exploit kit. These packages are designed to identify vulnerabilities and exploit them to install ransomware. In this type of attack, hackers install code on a legitimate website that redirects computer users to a malicious site. Unlike the spam method, sometimes this approach requires no additional actions from the victim. This is referred to as a “drive-by download” attack. The most common exploit kit in use today is known as Angler. A May 2015 study conducted by security software vendor Sophos showed that thousands of new web pages running Angler are created every day. The Angler exploit kit uses HTML and JavaScript to identify the victim’s browser and installed plugins, which allows the hacker to select an attack that is the most likely to be successful. Using a variety of obfuscation techniques, Angler is constantly evolving to evade detection by security software products. Angler is just one exploit kit; there are a variety of others in use today as well. Spam botnets and exploit kits are relatively easy to use, but require some level of technical proficiency. However, there are also options available for the aspiring hackers with minimal computer skills. According to McAfee, there are ransomware as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct these types of attacks.

In our next post, Part 3, we’ll continue with this series on with the Business Guide To Ransomware by introducing you to the common types of Ransomware.

In the meantime, if you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you would like to chat about this, or anything call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work
www.dtsinfotech.com
503.359.1275

 

The Business Guide to Ransomware, Part 1

The Business Guide to Ransomware, Part 1, is our first post in this series of defensive information you need to know, that will absolutely save your company if you are one of the unfortunate ones forced into finding backup copies of your database after you’ve been successfully attacked. This truly is critical information for all companies who depend upon access to the data that runs all businesses.

More and more, ransomware has emerged as a major threat to individuals and businesses alike. Ransomware, a type of malware that encrypts data on infected systems, has become a lucrative option for cyber extortionists. When the malware is run, it locks victim’s files and allows criminals to demand payment to release them. Unless you’ve been living under a rock, you are probably well aware that ransomware is a hot topic in the news these days. Organizations of all types and sizes have been impacted, but small businesses can be particularly vulnerable to attacks; and ransomware is on the rise. In a recent study conducted by security software vendor McAfee Labs, researchers identified more than 4 million samples of ransomware in Q2 of 2015, including 1.2 million new samples. That compares with fewer than 1.5 million total samples in Q3 of 2013 (400,000 new). Ransomware is distributed in a variety of ways and is difficult to protect against because, just like the flu virus, it is constantly evolving. There are ways to protect your business against ransomware attacks. In these posts, you will learn how the malware is spread, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand won’t work, because today’s ransom seekers play dirty. Make sure your organization is prepared.

RANSOMWARE TODAY

There are a few dominant types, or families, of ransomware in existence. Each type has its own variants. It is expected that new families will continue to surface as time goes on. Historically, Microsoft Office, Adobe PDF and image files have been targeted, but McAfee predicts that additional types of files will become targets as ransomware continues to evolve. Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms. To decrypt files, cyber extortionists typically request payment in the form of Bitcoins or online payment voucher services, such as Ukash or Paysafecard. The standard rate is about $500, though we’ve seen much higher. Cyber criminals behind ransomware campaigns typically focus their attacks in wealthy countries and cities where people and businesses can afford to pay the ransom. In recent months, we’ve seen repeated attacks on specific verticals, most notably healthcare.

In our next post, Part 2, we’ll continue on with this series, The Business Guide To Ransomware, by explaining how Ransomware is spread.

In the meantime

If you would like more information on how to protect your business using state of the art Data Backup and Disaster Recovery tools and services, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off of our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

If you need help and would like to chat about this, or anything call us at 503.359.1275. The call is free.

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work

503.359.1275

 

 

The Business Guide To Power Outages Part 2

In Part 1 of this topic (Read about it here) we discussed the different technologies available to your business to protect you against power outages. In this post, we discuss a simple and relatively inexpensive device to protect your power. In addition, we discuss a top end solution to provide power to your business, a generator.

UPS AND SURGE PROTECTION

An uninterruptible power supply (UPS) is a device that ensures computer systems can stay on temporarily in the moments following a power outage, so they can be shut down gracefully to avoid losing data in RAM. They also provide surge protection, to ensure that electrical current irregularities do not damage computer components.

There are a wide variety of UPS devices available today, and a number of things to consider when selecting one. When evaluating a UPS, start with the needs of the protected systems, such as:

• Number of devices supported
• Types of devices (e.g., desktops, servers, networking equipment, other electronics, etc.)
• Power requirements for each device

You’ll also want to consider specific UPS functionality. For example, many devices offer features such as:

• Automatic graceful shutdown of protected devices
• Customizable shutdown commands
• Power save mode
• Battery life notification

Pricing for UPS devices varies widely, and is largely dictated by the factors outlined above. Choosing the right device requires a careful consideration of your needs so you don’t overspend. These devices can represent a significant investment. That being said, be careful not to underestimate your needs.

GENERATORS

Not every business requires dedicated generator power. For example, most businesses can tolerate the downtime associated with a short-term power outage. Also, many office buildings have standby generators that companies can rely on. However, if your business has specific requirements that necessitate a generator, such as a restaurant that relies on refrigerators for perishable goods, there are a number of things to consider.

First, you’ll have to calculate the minimum wattage for your generator. To do this, you need to take an inventory of the equipment you need to power, add up the wattage, and multiply by 1.5 to account for the extra power necessary for equipment startup. There is also a wide variety of generator wattage charts available to help you determine the right generator for your business.

Depending on your power needs, there are two types of generators to consider—portable and standby.

Portable generators are typically lower in cost and wattage than standby generators. They typically run on gasoline and must be manually started and plugged into an electrical sub-panel following an outage. Standby generators on the other hand are much more expensive, run on natural gas or propane, and are directly wired into a switch in your electrical system. They are designed to automatically turn on when power is cut.

HOW TO AVOID DATA LOSS FROM A POWER OUTAGE

Avoiding data loss from a power outage is straightforward—you need a secure, second copy of your critical business data in a separate location that you can easily access in case your primary systems are damaged due to power loss or other data disasters. For businesses, backing up data is a fundamental part of responsible entrepreneurship. But, backup can mean many different things. The approach that you choose to protect your data will have a dramatic impact on the speed and success of your recovery.

When it comes to backup, it’s important to understand two concepts: recovery time objective (RTO) and recovery point objective (RPO). RTO is the amount of time that it takes to get a system restored following a failure or disaster event. RPO is the point in time to which data can be restored following the event.

When it comes to power outages, a solution that offers low RPO is essential. Here’s why: Let’s say you perform a backup at 6pm every night. If a primary server was damaged in a power outage and failed at 5pm the following afternoon, your RPO would be 23 hours. Any data within that timeframe would be lost.

Modern backup solutions, like Datto, take incremental backups of business data continuously throughout the day—some as often as every five minutes—to deliver very low RPO. They also allow users to run production workloads from the backup server or in the cloud while restoring primary operations for low RTO.

If you are choosing a backup solution today, this type of functionality should be a serious consideration. Traditional backup methods cannot deliver the low RTO and RPO of today’s backup software and services. The ability to run applications from a cloud backup is particularly useful to prevent downtime during a long-term power outage. Data protection solutions, like Datto’s, allow businesses to access applications they need to conduct normal business when on premises systems are without power.

CONCLUSION

Power outages don’t discriminate. They hit businesses of all shapes and sizes, in any region or industry. Black outs result in billions of dollars in losses per year. SMBs in particular are vulnerable to downtime and financial loss from a power outage and should take the appropriate steps to mitigate the impact of this type of event as highlighted above.

The steps you take to prevent downtime from power outages will largely be dictated by the specifics of your business. At a minimum, you should protect your electronic equipment against power surges and ensure they can shut down properly in the event of an outage. Cloud apps can help some businesses, allowing employees to work from home (as long as they have power). Backing up data should also be considered essential, in case the above measures fail. You may need to invest in a generator. If you do, be certain that you size it properly for your power requirements.

With proper planning, you can greatly minimize the impact a power outage will have on your operations. Determine the amount of power outage downtime your business can tolerate, and build your strategy around that.

DTS InfoTech Can Help

If you would like more information on Data Backup and Disaster Recovery, download your Free Business Advisory Guide Here.

Don’t worry about some sales guy calling you from our office because you downloaded information off our website. No one from our office will call you; I promise. We don’t like sales calls any more than you do! We understand if you’re not ready to do that, and if that’s the case, then just read these posts when they come out. We post on a regular schedule.

Need someone to talk with?
If you would like to chat about protecting your data, or anything else, call us at 503.359.1275

Dedicated to your success,

Wally Moore
dts|infotech . . . computer networks that work
503.359.1275

 
Page 1 of 10123...Last »

Get Help Now