Are you curious to see who in your company is most likely to download a virus on your network? Well now you can find out and the best part is, its free. With KnowBe4 you can administer a range of free tools that will allow you to see which of your users is most likely fall for phishing emails.
The sad truth is that some people will click on anything that comes across their email inbox. This is how most network infections start. Till more recently, there hasn’t been a lot anyone could do to prevent this. KnowBe4 allows you to find those trouble users and train them so that this major hole in your network can be filled.
From a compliance standpoint, KnowBe4 offers actionable data that will allow you to show your HIPAA or PCI compliance officer that you are taking actions toward due diligence.
As an IT company, we do our best to prevent major disasters with layered security involving anti-virus, managed firewalls, Office 365 spam filtering, security permissions and most important, great backups. Even with all of these security measures in place, there isn’t a foolproof method to ensuring that a few phishing emails won’t slip by unnoticed. We rely on backups to get our clients up an running quickly but even under the best of conditions, it is still better for the virus to have never been clicked on to begin with.
For a small investment in time, you can’t afford to not use these great free tools from KnowBe4. Take a few minutes to watch our new video on how to get started with KnowBe4 and harder you users against malicious emails.
You’ve likely heard more than enough times that you need to backup your data. This is what every software vendor and IT partner will preach to you from day one. They’re right, of course, but there could still be potential problems. How do you really know that you have backups? You may have a backup appliance, and you may be under the impression that you have all of your data in the cloud, but do you really? How can you know for sure?
Making the assumption that your data is backed up just because you have an attached storage, or because you are paying for a hosted backup solution, has gotten many businesses into trouble. The truth is that backups fail, and they fail frequently. Backups are a service that requires attention and maintenance, and if you neglect it, it will fail you. This is a risk that you cannot afford to take.
As an IT company, we work with many new customers who come to us because they have lost data, even though they were under the impression that their data was backed up. As a result of this, we offer free data verification audits that will show you exactly where your data is and what to do if it is not backed up. If you can say that you don’t know where your data is, we encourage you to contact us today to schedule a free data backup verification audit.
Lately, there has been a lot of talk about ransomware: a type of computer virus that encrypts your files and holds them for ransom. Worse yet, there is no guarantee that your data will be released if you pay the ransom fee. In light of the most recent ransomware attack called “WannaCry” that infected a substantial number of businesses in Europe, it is important that you are taking measures to ensure that your business is safe.
If you are not familiar with the statistics, ransomware was a billion dollar industry in 2016, and every cyber criminal knows it. There is exceptional financial motivation for these scams to be produced indefinitely, and they become increasingly sophisticated every day. As a business owner, ransomware is a constant threat that cannot be ignored.
Playing defense in the ransomware game is a layered approach, with several security methods to prevent ransomware from getting to your network. The first line of defense includes anti-virus, a good firewall, and effective spam filtering. The next important step in any security plan is user training. Ransomware is generally not a problem until someone within your network clicks on the wrong email or web link. The final layer of defense are things like an insurance policy or data backups.
Preferably, investing in each one of these layers is best practice. However, if you have to choose one component over another, backups are the most important investment that you can make. With a good backup system, you may lose some time and a nominal amount of data after an attack, but you will be able to restore your data without the ransomware affecting your business.
In addition to having the data backups in place, it is also essential to ensure that your backups are up-to-date and running properly. Backups have a tendency to face errors that can disrupt a backup schedule. With proper backup monitoring, you may find that your backups were not operating as expected, thus leaving your data vulnerable.
Talk to your IT professional to ensure that you have both preventative security measures and contingencies in place to protect your data in the event of a ransomware attack.
In the spirit of St. Patricks Day, it is a good time to ask yourself how lucky you are. Since we are an IT consultant, we are going to focus on what that means when we look at an IT network. As an IT company, we get to see how a lot of businesses operate and manage their IT and it ranges from systems that completely rely on luck to operate from one day to the next to businesses that have more layers of redundancy than employees in the company.
It is truly amazing how lucky you can be when operating a business with a network that is patched together. Eventually, however, luck runs out and this can be costly. What we have put together is an easy way for you to self-asses how lucky you are. Using a scale of one to ten, run through the follow list of questions and use this metric to give yourself an accurate risk assessment.
The categories below are based on a company that has 10 to 50 employees and is hosting a network internally. Each category will give you 10 points for a total of 50 if you are doing your due diligence to protect your network and your company.
There are two types of backups. Local and off-site or hosted. A good way to look at an effective backup system is through a layered approach. Ideally, you should have a server that is backed up to a local storage. The local storage should then be backed up off site. This way you accomplish speed and redundancy. Give yourself three points if you have a local backup system, an additional three points if you have offsite backups and four points if you are using a backup monitoring system to ensure that your data is actually backed up.
A network is not like a fine wine. It doesn’t get better with age. The older your hardware, the more likely you are to have to respond to downtime and data loss. We recommend that our clients replace their computers on or before the five-year mark and replace servers at three years. Other network hardware such as switches, battery backups, firewalls, routers and WIFI access points should be replaced at the same time you replace the server. To the best of your ability, try and assess the age of your network hardware. If 10% of your network falls within this specification, give yourself 1 point. If 70% then 7 points and so on.
You can never be too secure so it is difficult to score a 10 on this scale. Just doing your due diligence will get you a long way and that is what we are going to focus on here. Give yourself two points if you have each of the following.
Anti-virus on each workstation and server.
If you scored over a 6 on your network age
If you have passwords on each workstation that expire every 90 days
If you are PCI compliant
Software Patch Level
Do you know the current patch level for all of your supported software? This could be the operating system on your server, the firmware on your firewall or the version of anti-virus you are running. Your hardware is only as smart as the software that is running on it. If you are running software that is out of date or is not supported you are at risk. Give yourself two points for each of the following.
Is your firewall running the latest firmware?
Is your server OS under support?
Is your anti-virus running the latest version?
Are your computers running the latest version OS?
Are you using a line of business application that is up to date?
Vendor support for applications plays a critical role in keeping networks running smoothly. If you are using a line a business application for the majority of your day to day operations but haven’t purchased a vendor support package with this product, you are exposing yourself to potential downtime. Partnering with an IT support company will not necessarily fix this issue due to the fact that no support partner will know that important application like the company that created it. In addition to purchasing vendor support for your most important application, you should also work with an IT partner that can provide preventative support for your network to ensure that you are as protected as possible. If you have purchased an application support package then give yourself five points. Also, if you are working with an IT support partner for all of you daily IT needs, give yourself five points.
If you tally up your point and find that you have between 40 and 50, Congratulations! You are doing your due diligence to ensure that your network is running smoothly and you are protected against downtime and data loss. If you are between 25 and 40 you should consider working with a consultant to make a road map for improving your network. If you scored less than 25 you are relying on luck to keep your network operational. In this case, you should reach out to an IT consultant and consider making serious improvements to your network infrastructure and support.
While everyone is in the spirit of giving this holiday season, there is something to say about giving for the wrong reason. A new strand of ransomware is a good example of this. It’s called Popcorn Time. This new strand of ransomware will allow you two options if your computer is infected. You can choose to pay the ransom or you can choose to forward the ransomeware email on to other people in your contacts. If your efforts successfully infect two other computers, you will receive a decryption code for your computer.
Up to this point, this method had been unheard of and it pushes the boundary of social engineering scams to a new level. This method is likely to make the infection rate significantly higher as the ransomeware is coming from a trusted and legitimate source. Another nasty feature of Popcorn Time is that if you enter a false decryption code four times, it will start deleting files.
It can’t be stressed enough that unless you are expecting an email, you should not open any attachments unless you have confirmed the legitimacy of the email through another source of communication. Like with any other ransomeware, if your computer is infected, your best hope is to rely on your data backup system.
As an IT New Years resolutions it may be a worthy pursuit to be sure that your backups are running smoothly and if you haven’t made the investment into a backup solution yet, there has never been a better time. These social engineering scams are real and are becoming more and more clever by the day. Protect your investments and your company by putting up measures to insure against attacks like these. For more information, contact eTop for a free consultation.
Does your company have a data backup strategy? Cloud backups are a vary important part of any network. Without them, you are at risk of losing your data should a disaster strike. That being said, many questions remain. How should I set up my backup system? How many copies of my data do I need? Why is redundancy important? How do I know that my data is really being backed up? In order to make sure that all of these questions are answered, you need a strategy.
The first line of defense starts with a server. Backing up your workstations to a server will collect all of your data to one point. From there it is important to backup your data to a Network Attacked Storage device or NAS. This is a hard drive that is attached to your server that makes a copy of your data in case your server dies. A NAS device is also helpful for restoring files to the server quickly. With a NAS, you do not have to rely on your internet connection to restore files when data accidentally gets deleted.
When considering a cloud data backup solution, or any cloud solutions, it is important to think about the amount of internet bandwidth you have. Uploading and downloading data to and from the cloud can take a lot of time if your internet connection is slow. In the event of an emergency, it can cause challenges to get data downloaded from the cloud in a timely manner.
Once you have your data on a server that is connected to a NAS and you have a good internet connection, you will want to back your data up to the cloud. There are many cloud data backup solutions to choose from. For this instance we are using a service called Gillware to back up files to the cloud. Using this simple method and having three full copies of your data will insure that your data is safe not matter what emergency may arise.
If you spend your working days behind a computer, it is worth it to know what is going on behind the scenes when you save a file that you have been working on. There are usually a list of drives that you can use to save your files to. Knowing the difference between saving your files to your computer and saving it to your server can save you a great deal of trouble. This may seem silly if you already understand the difference, however, if you don’t know, it could lead to significant data loss.
If you are not saving your files to your server, then you are at risk of losing all of your documents should your computer die. Among many other things, the server acts as your first point of backup for your computer. This means that if your computer dies, you don’t have to worry. You can simply replace your computer and continue working since all of your documents are saved to the server.
The server in turn should follow the same principle. Once the data has been created on your computer and saved to the server, the server is then backed up to a local storage device. The local storage device should then be backed up to the cloud. Following these simple guide lines and making sure that you have at least three full copies of your data will insure that your company and your data are safe, no matter the disaster.
How do you know when your data is secure? In business today, almost everyone knows that backups are an absolute necessity, but there are no clear standards that helps you know your data is safe. It seems like there are new appliances and cloud services being created every day that are going to solve all of your problems, but when doing a cost-benefit-analysis, it is hard to know if you are making a good investment.
In the world of data backup, you have desktop backups, server backups, local network attached storage (NAS) devices, cloud backups and backup and data recovery (BDR) solutions. Under each of these categories you have an abundance of products and services that will help provide redundancy. As a rule of thumb, you should have a complete copy of your data in three or more locations.
In a typical network, you will have data being created on desktop computers which are not considered a point of backup. The data is stored on a server which is considered the first point of backup. The server is then backed up to a local appliance like a NAS device. This will give you two independent and complete copies of your data at your physical location. The third backup is usually in the cloud which will give you two or more physical locations where your data is stored. Depending on the specific company needs, you may also have a collocation server and cloud backups for that as well.
Know where your data is being stored!
This is an important aspect of data backup that often goes overlooked. This is typically a problem for end users as they may not understand the difference between saving their data to the server rather than their computers. This problem can be overcome with end user training and the implementation of company policies. Your data is only as safe as your employees’ ability to save it in a secure location. If they save all of their documents to their local computer, all of that information is at risk of being lost should that single computer die.
Why is a NAS important?
You may be tempted to ask. “If I have cloud backups, why do I need a local copy of the data on the server?” The answer is bandwidth. The connection between your server and your NAS device is a lot faster than the connection between your network and your cloud data storage facility. Most backups are set to run every couple of hours and uploading that much data over your internet connection during working hours would make your internet connection almost unusable. Data can easily be backed up to a NAS at several points during the day and from there, the data can be backed up to the cloud after business hours.
A NAS works in the reverse order as well. If by chance you lose a drive on your server and you need to download a large amount of data, it is a lot faster to restore data from a local backup than it is to download it form the cloud. This will decrease downtime should an emergency occur.
Why is the cloud important?
It is equally tempting to ask. “If I have a NAS device, do I really need to back up to the cloud?” The answer is yes. Primarily for reasons of natural disaster. In the event of a fire, flood, earth quake, tornado etc. you stand a good chance of losing all of your data, should your building be destroyed. If this were to happen, it may take some time, but at least you could set your company up in a remote location and your staff would be able to function.
Do I need a BDR solutions?
The answer to this question really comes down to a cost benefit analysis. How much money have you lost over the course of three years due to network downtime? Compare that with the cost of a BDR (Backup and Disaster Recover) device and you will have your answer. In most cases a BDR appliance is a duplicate server that sits at idle waiting for your primary server to stop functioning. If you have had a server outage that has taken up most of a days worth of your employees time then you know that the cost starts to add up quickly. With a BDR appliance, no one would know that your primary server had gone down except for your IT professional.
Monitoring your backups
As if having backups for your backups isn’t enough, you also need to know that your data is being backup up appropriately. There is nothing worse than finding out that after having made the investment to back up your data correctly, your backups haven’t run in the last six months. Backup systems can be finicky and sometimes they run into errors that stop the automated processes. If you don’t know that this has happened you will go about your days thinking that everything is fine. Talk to your IT partner about the status of your data and make sure that they have a system in place to monitor your backups.
By following these simple guidelines and investing the three points of redundancy for your data backup, you can feel confident that you are adequately protected. You will protect yourself from everything from simply deleting files accidentally or having a hardware failure to ransomware and other malicious programs and natural disasters should they ever arise. Consult with your IT professional to make sure that your data is secure and that you have at least three point of redundancy for all of your data.
Why More SMBs are Turning to the Cloud to Reduce TCO More small and mid-size businesses (SMBs) seem to be taking the initiative to learn more about the benefits of the cloud. Determining why SMBs have this sudden keen interest in the cloud isn’t all that tricky.
Why SMBs Must Proactively Address the Threat of Mobile Hacks More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than