If you become aware that a cyber-attack has been taken against your company, it is imperative action be taken immediately to mitigate the risk of loss to data, money, and other company assets. Time is of the essence. Take the following actions immediately:
- If applicable (funds were transferred/compromised), contact your bank. In the case of a wire fraud, you can initiate a “SWIFT recall” on the wire transfer. Contact all banks that may have received your funds. Ask to speak to their fraud department.
- Notify your internal IT department or Managed Services Provider (MSP). Provide as much detail as possible. If a computer is involved in the incident, we will provide direction whether action is required to turn off or disconnect the device from the network.
- Report the incident to the Internet Crime Complaint Center (IC3) at http://www.ic3.gov.
- Report the incident to additional Federal Government agencies as described in “Cyber Incident Reporting – A Unified Message for Reporting to the Federal Government” for specific reporting requirements: https://www.dhs.gov/sites/default/files/publications/Cyber%20Incident%20Reporting%20United%20Message.pdf
- Notify local law enforcement of the incident
- Notify your cyber liability insurance provider. They can assist you with arranging public relations advisors to support proper customer notifications and legal counsel.
Expect notifications to take time as each involved party gathers the information they need. If possible, assign multiple people to initiate notifications in parallel.
Consider using a conferencing service like Microsoft Teams or Zoom that can be used by all parties throughout the notification process. Many conferencing services allow for “rooms” to be created to allow groups to break away for specific discussions and then rejoin the main group. This may also provide you the ability to record the conversations (notify participants) for later review. Practice this process before an actual incident so you are comfortable with the technology.
Keep and record the following information for possible investigation:
- Canceled checks, Wire receipts, Credit card receipts, Money order receipts
- Facsimiles, Certified or other mail receipts, envelopes (if you received items via FedEx, UPS or U.S. Mail), Pamphlets or brochures
- Emails, text messages, chatroom or newsgroup text, social media messages, web pages (screen shots), phone records
- Computer log files, if available, with date, time, and time zone
Ransomware attacks are constant and indiscriminate. Whether you run an SMB or a multinational corporation, your network is being actively targeted.
A survey conducted in 2021 by cyber security firm Sophos found that nearly 37% of all businesses worldwide had been affected by a ransomware attack in the last year. The average ransom paid to successful attackers was $170,000, and, on average, businesses were only able to recover 65% of their data. Among the attacked organizations were
- Accenture
- City of Tulsa
- Fujifilm
- Kia Motors
- NBA
- NRA
- University of Colorado.
As a managed service provider, Simpleworks prioritizes its clients’ cyber security. That’s why we’ve partnered with Datto, a leading backup solution, which allows us to provide our customers with the best business continuity and disaster recovery (BCDR) available today.
Not All Backups are Created Equal
With 11 patents and over a million clients, Datto is one of the most trusted BCDR solutions. Simpleworks’ partnership with Datto means our customers get all the following benefits.
- REDUNDANCY | Key to Datto’s backup technology is its redundancy. They provide both hardware and cloud-based solutions so a catastrophic loss of property won’t put your data at risk. Snapshots are taken hourly and backed up both onsite and at two locations in the cloud.
- BLOCK-LEVEL BACKUPS | Datto takes a snapshot of your computer at the block level, which means your devices can be returned to the exact same state they were in when the shot was taken—apps, permissions, documents, all of it.
- DATA SECURITY | Datto has an entire department of 60 people devoted to network security. Active monitoring, regular bounty programs, and back testing ensure their cloud is an impenetrable storehouse for your data.
- RAPID RECOVERY | 24/7/365 customer support means no matter when an attack occurs, Simpleworks and Datto will have your data restored ASAP. Recovery is usually possible within a few hours but can even be as fast as a few minutes.
Can Your Business Survive Data Loss?
As a managed service provider, we are all too familiar with the damage ransomware attacks can have on Colorado Springs businesses that fail to take cyber security seriously. Don’t put your data—and your customer’s data—at risk. Contact us right away to learn more about the business continuity and disaster recovery services we provide—powered by Datto!
Admit it—you have at least one password that is “passw0rd.” Or your address. Or your birthday. Or your daughter’s birthday. We’ve all done it. And in the early days of the Internet, you might’ve gotten away with it. If not, you likely didn’t have sensitive data online for a hacker to exploit. But the world has changed. Hackers now have the power to ruin lives, destroy businesses, even ransom large corporations and governments. Password security remains the primary attack vector for these threats.
Here is what you can do to protect yourself and your business.
Create a Strong Password
So if you can’t use “passw0rd” or “123456,” what can you use? Strong passwords have several principles in common.
- Length – Ideally, your password should be 8-12 letters long. The longer the better, but 12 is plenty long enough if the password has the next two traits.
- Complexity – Mixing capital letters, numbers, and symbols and/or using a string of small random words will make your password sufficiently complex.
- Easy to remember, but not easy to guess – Try to come up with a system that you can remember for creating different passwords for different purposes that you can remember but that a hacker (who may have some personal data about you) would not be able to guess. Information like addresses, birthdays, and social security number sequences should certainly be avoided.
You also want to be careful about how you answer security questions. If you are prompted to give your mother’s maiden name, for example, don’t use it. A hacker could easily find that information. Perhaps make up a name or use a completely unrelated word like “flowers” that would be nearly impossible for a hacker to figure out.
Use a Password Manager
An all-star password still must be remembered to be effective. Writing down sensitive information comes with its own set of risks, especially in an office. So many people use password managers like LastPass to create and store all their passwords. There are several benefits of doing this:
- Complex password generation – LastPass and others can create complicated passwords that you won’t have to know or remember.
Memory decluttering – The only password you’ll have to keep in your brain’s long-term memory is the one to open LastPass. As long as you can remember that, you can get into everything else with the click of a button.- Cloud storage – No more sticky notes on monitors. Everything is stored in the cloud on an encrypted network.
Activate Multifactor Authentication Everywhere
Multifactor authentication adds a second or third layer of security to your password. Having to enter a code received by email or text message means that a hacker would need more than just your password to break in – they also need access to something you have, like your phone or email account. Authenticator apps like Google Authenticator or Duo Mobile are free and relatively easy to set up.
Implement a Password Management Strategy
Any network is only as secure as its weakest link. This means that if you run a business, a password policy should be in place to ensure best practices are followed. Several steps should be taken to ensure compliance:
- Craft a password policy – The policy should be widely distributed and instruct employees that they should not write passwords down or share them with anyone. Controls should also help them to avoid creating weak or generic passwords.
- Use a password manager – Password managers can be set up with individualized accounts and to protect passwords needed by multiple people.
- Multifactor authentication – MFA needs to be a requirement for every device with access to the company’s network.
Learn More about How to Manage Passwords
Check out our video blog for more information about password management, multifactor authentication, and a variety of other IT support questions and trends. New episodes are released weekly on YouTube and major podcasting platforms.
MFA (Multifactor Authentication)—Because Strong Passwords Are Not Enough
The scourge of recent high-level hacking has many businesses worried. Much of your most valuable data is now stored online. Hackers and their automated bots are roaming the Internet constantly searching for vulnerabilities to be exploited. These threats are real, constant, and have effected large companies and important infrastructure.
The good news is that it only takes a minimum level of security to eliminate most of the threats. Not using “Password123456” for sensitive accounts is a start, but more is needed. Multifactor authentication or “MFA” is a simple but highly effective layer of cyber security that is no longer optional.
“But My Information Isn’t Valuable”
Small business owners, in particular, often do not think that they have any information a hacker would be interested in. But this is based on a false assumption. Almost all attacks to small businesses—regardless of the industry—come from automated bots that scan the entire Internet searching for weak security. These bots can either carry out attacks completely on their own, or they can report vulnerabilities back to a hacker, who can then specifically target poorly secured data.
Something else to remember is that while your data may not be important to anyone else, it is invaluable to you and your business. Hackers know this, which is why they use ransomware attacks to lock you out of your network unless you pay an exorbitant fee.
What is Multifactor Authentication?
Multifactor authentication (MFA) or two-factor authentication (2FA) provides an additional level of security that can eliminate most automated threats. The majority of hacks come from automated bots that continually spam attacks anywhere they find a vulnerability.
With MFA, users are asked to verify their login attempt after putting in a username and password. This verification is typically a code you obtain through one of the following ways:
- Text message
- Phone call
- Authenticator app (like Google Authenticator or Duo)
- Authenticator device
Whichever method is used, you must either put in the correct code within a short period of time or verify your attempt to access your account some other way. This prevents malicious hackers from gaining access to your accounts without your knowledge. Bots that detect a network with MFA enabled will almost always avoid it altogether.
Setting Up Multifactor Authentication
Contact Simpleworks today if you would like to know more about cyber security generally, how to set up MFA on your network, or just to find out more about our managed IT services. The sooner you secure your network, the sooner you will eliminate a very real threat to your business.
Ready to turn the page on 2020? No matter what business you are in, you faced unprecedented challenges during the last year. The businesses that survived—and even thrived—had to adapt. Remote collaboration, sales, and customer service are here to stay. But is that enough? What else can you do to grow your business in 2021 amidst the continuing complications of COVID, uncertain economic pressures, and high levels of unemployment?
Embrace Remote Technology
Everyone is now acquainted with Zoom, Skype, Teams, or some other remote streaming platform. But just having access to an app may not be enough—at least not to distinguish you from your competition. For many businesses, the inability to interact face-to-face with clients, prospects, and teammates disrupts normal best practices. Here’s what you can do to embrace the new normal:
- Upgrade audio capabilities so you can communicate clearly
- Consider what background will best represent you and your business
- Turn on your video or webcam for every professional interaction
- Ensure your home or office has adequate Internet connectivity
- Train every employee on the fundamentals of Zoom, Teams, and other popular platforms
Think Outside the Office
Successful businesses in 2021 may find that reducing or eliminating office space is now a cost-efficient option. While changes to your operation will present challenges, the new remote office environment can also offer new opportunities. Here are some of the benefits:
- An expanded talent pool for new hires who may not need to live in your area
- Greater flexibility for employees to complete projects and collaborate from anywhere
- Face-to-face sales and customer service
- Expanded training and outreach opportunities including webinars and online conferences
Protect Your Digital Spaces
COVID wasn’t the only plague infecting our world in 2020. The largest information breach in history took place as well, compromising many government agencies and corporations. Your online data and privacy are too important—especially in the new digital office environment—to leave vulnerable to attack. Every virtual office needs to address the following:
- Password protocols and multifactor authentication
- Firewalls, antivirus, and antimalware
- Using virtual private networks (VPNs) when sharing information online
- Phishing scam avoidance
- Security updates and maintenance
- Data backup and recovery
Simpleworks—Your IT Partner for the New Digital Workspace
Simpleworks IT in Colorado Springs is a leading managed IT services provider. We offer an array of services and packages for small- to medium-sized businesses who want the benefits of an in-house IT team without the overhead. The transition to digital office space has been challenging for many businesses, but you aren’t alone. Get in touch with Simpleworks today and learn more about how we can help your business thrive in 2021.
In a year that brought suffering to every community in the world, perhaps no group has been hit harder by COVID-19 than assisted-living facilities and nursing homes. Not only are residents disproportionately affected by the virus, but they have also found themselves cut off from their families and friends.
However, thanks to Zoom, Skype, and other video conferencing software, elderly residents in assisted living facilities and nursing homes can stay connected to their loved ones. This requires, though, that their facility have the necessary infrastructure and support needed to keep them connected. At Simpleworks, we are deeply concerned about the quality of life of the seniors in our community and want to reach out to administrators of assisted living facilities to offer our help and support.
Connectivity—A Requirement in the Post-COVID World
Nearly every assisted living facility and nursing home has Wi-Fi connectivity. But just having Wi-Fi available is likely not sufficient. Residents are spending much more time streaming video to keep in contact. More streaming requires more bandwidth. If your facility is not keeping up with the demands of its residents, there are several possible issues:
- Insufficient bandwidth from the Internet provider
- Inadequate router
- Poor area coverage
- Outdated technology
Many times, facilities assume that if they have slow Wi-Fi, they must need more bandwidth from their provider. But this is often not the case. The most common issue in a multi-user environment is the router device itself and its deployment.
Simplify Connectivity for Seniors
Simpleworks specializes in setting up Wi-Fi networks that ensure every user has the bandwidth he or she needs to have the best quality of life possible. Our certified technicians can assess the Wi-Fi connectivity issues at your facility, install appropriate devices where needed, and train or assist staff. We also offer managed IT services if your facility would benefit from additional IT support.
To do our part to help a vulnerable population in our community, Simpleworks would like to offer a free network evaluation to all assisted living facilities and nursing homes in the Colorado Springs area. All of us need to stay connected – we can help.
Contact us today about scheduling your free network evaluation.
Stay safe!
Many organizations such as Google and Cisco have made the decision to have their employees work from home to keep them safe from spreading the novel Coronavirus known as SARS-CoV-2. Other businesses did not make this decision on their own but rather were “volun-told” to work from home because their entire country was quarantined. Either way, whether it is voluntary or mandatory, there are a few things you can do before you send your employees to work from home which will help your business operate successfully. We believe every business needs to consider their Coronavirus quarantine preparation plan and whether their IT has the suitable systems and safeguards in place. Here are 10 Questions IT Departments Need to Ask Before Responding to COVID-19:
1. Do all of the individuals in your organization have remote access to your core software and files?
If your employees are working from home, it is important that they can still access your primary line of business applications. There are often several options to achieve this.
Most modern software vendors have versions of their applications that are accessible through a web browser. You will want to see if your primary business applications have this option. In addition to using internet-based versions of applications, you may be able to set up a terminal server allowing you access to your important software without the need for a VPN.
SharePoint is another wonderful tool that is part of most Microsoft Office 365 subscriptions. This service places important documents inside your Office 365 portal so you can view, edit, and collaborate on them from anywhere in the world with an Internet connection.
Take a hard look at what your users need access to and ask yourself if they are going to be able to access them from a remote location.
2. Are you prepared to have staff meetings via conference call or video chat?
One way to reduce unnecessary contact even now is to have all of your staff meetings via conference call or video chat. Many organizations use Slack or Microsoft Teams for their inter-office communication with great success.
Teams is an excellent unified communication and collaboration platform that combines persistent workplace chat, video meetings, file storage, and application integration. It is also a part of some Microsoft Office 365 subscriptions and is integrated natively with Sharepoint. If you are hosting Video conferences with clients Zoom is also a fantastic option. The Zoom tutorial series is available on YouTube which makes it easy to learn how to use.
Whichever service you chose you will, of course, want to pick up web cameras for everyone so you can take full advantage of its features. Amazon has several low-cost web cameras that will do the job just fine. With the $17.49 (at the time of this writing) Logitech c270 web cameras, you can outfit an office of 20 for only $350.00. Start getting used to it now so it will be second nature when you are working from home.
3. Can your employees make and take customer calls at home?
Just because you are at home doesn’t mean the calls will stop coming in. You need to make sure your staff is fully equipped to make and receive calls from their homes. There are several ways to accomplish this and the first thing you should do is talk to your phone vendor about how they can make this functionality available to you. If you do not have a phone vendor you trust, there are many options you can consider.
Microsoft Teams does allow for phone calls if you add the necessary SIP service to your plan. You can also look at solutions like Option 9 from Data102. Option 9 includes a softphone that can be used from your computer or cell phone via the Snap Mobile phone app. You may want to pick up a few USB headsets should you choose to go this route, or stick with the web cameras as your microphone and plug in a pair of headphones into your computer. There are several inexpensive options from Logitech for around $20 and more expensive options, like the Jabra pro 930, for around $100.
4. Do all of your network devices have remote access and out-of-band management setup?
If you are at home and all of your servers and network equipment are at the office, how will you maintain it remotely if something goes wrong?
Make sure your IT staff has securely enabled the necessary access to maintain your infrastructure from a remote location. This means verifying that protocols and features such as SSH, RDP, WMI, Wake-on-LAN, and vPro are enabled and properly secured. Verifying that your out of band management for your servers is set up and that you are using the enterprise versions of IDRAC, ILO, and other IPMI implementations and not the less useful free versions that come with the device is important. UPS’s have network cards that can be ordered and installed to assist with monitoring and remote troubleshooting. Switches, routers, firewalls, and many other network devices include the SNMPv3 protocol that should be enabled and configured securely so you can monitor their performance and detect any problems early.
If you are not already using a remote desktop software application such as Connectwise Control, a Remote Monitoring and Remediation tool such as Connectwise Automate, or a network monitoring tool such Auvik, you may want to consider deploying them. Tools like these can be costly and take a lot of time to set up but return dividends over the long run. All of these vendors offer assistance during your deployment for a fee, which can make this go much quicker and smoother. There are also IT service providers that can do all of this for you if this is over your head.
5. Do you have a way to reboot your ISP equipment remotely?
Some devices may not have out-of-band management available and will require a hard reboot if they become unresponsive. The modem provided by your ISP is one such device. Do you have a plan if that device locks up and is preventing you from accessing your office remotely?
Remote power strips like the ones provided by WattBox have built-in scripting to automatically reboot a device if it is no longer accessible from the internet. This feature works from the inside out so you do not need additional out-of-band management for it to work. It also allows you to meter the power usage of plugged-in devices remotely, as well as perform hard resets without scripting (so long as the internet is available). It’s worth considering adding devices like these wherever you have devices you need to power cycle remotely from time to time.
6. Should some of your staff be issued laptops so they can work from home?
Do you have employees that need hardware? Does Bob or Marge in accounting even own a home computer? Are you concerned about their ability to perform their work on their personal machine due to the age of the machine, lack of corporate control, and questionable digital hygiene?
Maybe a few key individuals should be issued company laptops. Dell has several reasonable business-quality options available for around $700.00. These come with real warranties, which include 3 year on-site and next-day parts and repair clauses, as well as professional operating systems (not Windows Home Edition) and a build free of the bloatware that comes from junkers at Best Buy.
After the quarantine is over, you can buy them a dock and make the laptop their new desk machine. Maybe you can hand down their old one to another individual in the office if the machine is not too old, or put it on the shelf so you have a cold spare available.
7. Are there any parts of your infrastructure that are at risk of causing you an outage?
Now is the time to go ahead and plug in that other NIC on the server to the switch, or add those extra drives to the raid array for hot spares. Take inventory of the loose ends in your network and try to get them resolved.
Do you have any really old machines that you are afraid will fall over at any minute? Why not get new, affordable, business-grade replacements? How old are those UPS batteries? Maybe it’s time to get them tested or just outright replaced. Murphy’s law dictates that “if anything can go wrong it will go wrong” and probably at the worst possible time. Can you think of a worse time for the one-and-only power supply your server has to fail? Try to alleviate any of these ticking time-bombs if you can.
8. Have you reviewed your disaster recovery plan?
Do you have a disaster recovery plan? If so, good for you! But when is the last time you read it? Go ahead and dust that thing off and give it a read. Is it still relevant? Could it use an update or two? Does it take working remotely into account? Why not go over it with the team, since many of your employees may have been hired long after you wrote it? You want everyone fresh on how to handle a disaster.
9. How are you going to maintain the security of your network during this event?
What are the added security risks you are about to introduce to your business?
Allowing your employees to use their personal computers to access company information is risky business, but there are a few things you can do to mitigate those risks. Reduce the need for a VPN as much as possible by pushing the use of web apps (See #1). Get multi-factor authentication enabled where you can. Make sure your employees are using a legitimate copy of a 3rd party anti-virus such as Webroot, or at the minimum have Windows Defender enabled.
Also, make sure your authorized points of contact are up-to-date and that you have alternate points of contact assigned. You do not want the one-and-only person authorized to open ports on the firewall out sick without a backup.
This might be a good time to run that network vulnerability scan from Rapidfire Tools or Nessus you’ve been putting off, too.
10. Have you tested your plan?
Start testing your plan now. Send a few employees home for a day as soon as you can, and actively work with them to overcome the unexpected challenges this creates. It’s far easier to work with one or two employees at a time to get things working than it is to have your one and only IT guy try to get the whole company working remotely all on the same day.
We have helped hundreds of businesses over the years with their Information Technology and we hope our experience will help you keep your business running throughout this world impacting event. If you feel you need hands-on assistance managing your IT please keep us in mind, we are happy to help you proactively manage your IT environment and prepare you for success 719-476-0443.
Is your business one of the 20% NOT using Microsoft Office 365?
Are you using one of the cheaper or free alternatives like Google’s G-Suite set of apps because it “promises” a similar range of functionality? What might be “good enough” when your business is a 1-3 person startup, quickly becomes limiting as your business grows and your team needs to collaborate and share files with clients, vendors and partners.
Office 365 has cutting-edge collaboration features like Teams and real-time co-authoring. Your staff can use O365 on up to five devices, making them more productive and able to connect from anywhere at any time.
So whether your staff is 1 or 10+, here are the key features of Office 365 that will excite your workforce to be more productive.
REASON #1: Great For Small Business Owners
Microsoft provides business owners with a stable, consistent pricing structure for their suite of business tools. They’re able to provide their employees with the latest updated software without worrying about additional upgrade charges or excessive licensing fees.
The easy per-user pricing structure allows businesses to scale up or down whenever they have changes in their staffing levels. And say goodbye to investing in expensive servers thanks to Office 365’s cloud storage option.
REASON #2: Easy Collaboration From Anywhere
All users have access to a common platform when collaborating on projects. By enabling cloud synchronization, documents can be created on one device and shared with other contributors to allow for easy collaboration in a secure cloud environment.
Microsoft’s introduction of Teams in 2016 brought collaboration to a new level. Teams is a conversation thread for groups of people, similar to Slack, but where Slack lacks in an integrated experience, Teams provides easy access your business apps, such as PowerPoint, Word and Excel. With Teams, live collaboration seamlessly occurs with teammates across the room or in the next hemisphere.
REASON #3: Ideal For A Mobile Workforce
Office 365 can be used on- or offline. This is important because if the internet goes down and your team is using G-Suite, you are down. With Office 365, your team can stay productive by just using the apps offline and syncing when an internet connection becomes available.
The Office 365 license permits use of up to five devices per user. This allows your employees to use it on their mobile device, laptop or tablet. For businesses that have a workforce that is mobile or remote-based, the options of being able to work from anywhere at any time provides increased productivity.
REASON #4: More Extensive Features Than G-Suite
Office 365 and G-Suite can appear superficially similar at first glance. Let’s do a deeper dive into important differences between the two productivity suites.
1. More Plan Flexibility
G-Suite makes only three different plan options available: basic, business, or enterprise. You’re out of luck if none of them meet your current business needs. There’s no way to massage any of the plans into a more suitable format.
In contrast, Microsoft currently offers three plans for small businesses and four plans for enterprises. They also offer separate plans for educational institutions, government agencies in the U.S. and various non-profit organizations. If none of them meet your company needs, Microsoft allows you to pick and choose features to create your own custom plan.
2. Better Cloud Storage
All Office 365 business users gain access to 1TB of cloud storage. Compare that to basic business accounts with G-Suite which only receive 30GB of storage and must upgrade to a higher tier for additional storage space.
3. Meets Compliance Regulations for HIPAA, PCI and FERPA
Office 365 cloud storage can be used to back up user and workstation data. All data uploaded to Microsoft cloud servers is protected by encryption and meets HIPAA, PCI, and FERPA regulations. Additionally, Microsoft offers two-factor authentication to prevent Office 365 and Outlook email accounts from being accessed if a password is compromised and an unfamiliar device attempts to log into an account.
4. Better Positioned for Growth
G-Suite tools may work when with a startup workforce. But, as you grow, you need tools capable of handling that expansion. Office applications are used by 80% of business users, making it easy to collaborate with business partners and vendors without compatibility issues.
Let Simpleworks Aid Your Transition
Simpleworks has migrated thousands of users to Office 365. We create a simple and seamless experience for your business, so you have nothing to worry about. We can sync your Office 365 applications within 1-2 days depending on the size of your email database.
Trust your migration to an experienced and certified Microsoft partner. Contact Simpleworks if you are considering a move to Microsoft Office 365. Reach out to us online or by phone at 719-476-0444.
