If you become aware that a cyber-attack has been taken against your company, it is imperative action be taken immediately to mitigate the risk of loss to data, money, and other company assets. Time is of the essence. Take the following actions immediately:
- If applicable (funds were transferred/compromised), contact your bank. In the case of a wire fraud, you can initiate a “SWIFT recall” on the wire transfer. Contact all banks that may have received your funds. Ask to speak to their fraud department.
- Notify your internal IT department or Managed Services Provider (MSP). Provide as much detail as possible. If a computer is involved in the incident, we will provide direction whether action is required to turn off or disconnect the device from the network.
- Report the incident to the Internet Crime Complaint Center (IC3) at http://www.ic3.gov.
- Report the incident to additional Federal Government agencies as described in “Cyber Incident Reporting – A Unified Message for Reporting to the Federal Government” for specific reporting requirements: https://www.dhs.gov/sites/default/files/publications/Cyber%20Incident%20Reporting%20United%20Message.pdf
- Notify local law enforcement of the incident
- Notify your cyber liability insurance provider. They can assist you with arranging public relations advisors to support proper customer notifications and legal counsel.
Expect notifications to take time as each involved party gathers the information they need. If possible, assign multiple people to initiate notifications in parallel.
Consider using a conferencing service like Microsoft Teams or Zoom that can be used by all parties throughout the notification process. Many conferencing services allow for “rooms” to be created to allow groups to break away for specific discussions and then rejoin the main group. This may also provide you the ability to record the conversations (notify participants) for later review. Practice this process before an actual incident so you are comfortable with the technology.
Keep and record the following information for possible investigation:
- Canceled checks, Wire receipts, Credit card receipts, Money order receipts
- Facsimiles, Certified or other mail receipts, envelopes (if you received items via FedEx, UPS or U.S. Mail), Pamphlets or brochures
- Emails, text messages, chatroom or newsgroup text, social media messages, web pages (screen shots), phone records
- Computer log files, if available, with date, time, and time zone
Ransomware attacks are constant and indiscriminate. Whether you run an SMB or a multinational corporation, your network is being actively targeted.
A survey conducted in 2021 by cyber security firm Sophos found that nearly 37% of all businesses worldwide had been affected by a ransomware attack in the last year. The average ransom paid to successful attackers was $170,000, and, on average, businesses were only able to recover 65% of their data. Among the attacked organizations were
- Accenture
- City of Tulsa
- Fujifilm
- Kia Motors
- NBA
- NRA
- University of Colorado.
As a managed service provider, Simpleworks prioritizes its clients’ cyber security. That’s why we’ve partnered with Datto, a leading backup solution, which allows us to provide our customers with the best business continuity and disaster recovery (BCDR) available today.
Not All Backups are Created Equal
With 11 patents and over a million clients, Datto is one of the most trusted BCDR solutions. Simpleworks’ partnership with Datto means our customers get all the following benefits.
- REDUNDANCY | Key to Datto’s backup technology is its redundancy. They provide both hardware and cloud-based solutions so a catastrophic loss of property won’t put your data at risk. Snapshots are taken hourly and backed up both onsite and at two locations in the cloud.
- BLOCK-LEVEL BACKUPS | Datto takes a snapshot of your computer at the block level, which means your devices can be returned to the exact same state they were in when the shot was taken—apps, permissions, documents, all of it.
- DATA SECURITY | Datto has an entire department of 60 people devoted to network security. Active monitoring, regular bounty programs, and back testing ensure their cloud is an impenetrable storehouse for your data.
- RAPID RECOVERY | 24/7/365 customer support means no matter when an attack occurs, Simpleworks and Datto will have your data restored ASAP. Recovery is usually possible within a few hours but can even be as fast as a few minutes.
Can Your Business Survive Data Loss?
As a managed service provider, we are all too familiar with the damage ransomware attacks can have on Colorado Springs businesses that fail to take cyber security seriously. Don’t put your data—and your customer’s data—at risk. Contact us right away to learn more about the business continuity and disaster recovery services we provide—powered by Datto!
Admit it—you have at least one password that is “passw0rd.” Or your address. Or your birthday. Or your daughter’s birthday. We’ve all done it. And in the early days of the Internet, you might’ve gotten away with it. If not, you likely didn’t have sensitive data online for a hacker to exploit. But the world has changed. Hackers now have the power to ruin lives, destroy businesses, even ransom large corporations and governments. Password security remains the primary attack vector for these threats.
Here is what you can do to protect yourself and your business.
Create a Strong Password
So if you can’t use “passw0rd” or “123456,” what can you use? Strong passwords have several principles in common.
- Length – Ideally, your password should be 8-12 letters long. The longer the better, but 12 is plenty long enough if the password has the next two traits.
- Complexity – Mixing capital letters, numbers, and symbols and/or using a string of small random words will make your password sufficiently complex.
- Easy to remember, but not easy to guess – Try to come up with a system that you can remember for creating different passwords for different purposes that you can remember but that a hacker (who may have some personal data about you) would not be able to guess. Information like addresses, birthdays, and social security number sequences should certainly be avoided.
You also want to be careful about how you answer security questions. If you are prompted to give your mother’s maiden name, for example, don’t use it. A hacker could easily find that information. Perhaps make up a name or use a completely unrelated word like “flowers” that would be nearly impossible for a hacker to figure out.
Use a Password Manager
An all-star password still must be remembered to be effective. Writing down sensitive information comes with its own set of risks, especially in an office. So many people use password managers like LastPass to create and store all their passwords. There are several benefits of doing this:
- Complex password generation – LastPass and others can create complicated passwords that you won’t have to know or remember.
Memory decluttering – The only password you’ll have to keep in your brain’s long-term memory is the one to open LastPass. As long as you can remember that, you can get into everything else with the click of a button.- Cloud storage – No more sticky notes on monitors. Everything is stored in the cloud on an encrypted network.
Activate Multifactor Authentication Everywhere
Multifactor authentication adds a second or third layer of security to your password. Having to enter a code received by email or text message means that a hacker would need more than just your password to break in – they also need access to something you have, like your phone or email account. Authenticator apps like Google Authenticator or Duo Mobile are free and relatively easy to set up.
Implement a Password Management Strategy
Any network is only as secure as its weakest link. This means that if you run a business, a password policy should be in place to ensure best practices are followed. Several steps should be taken to ensure compliance:
- Craft a password policy – The policy should be widely distributed and instruct employees that they should not write passwords down or share them with anyone. Controls should also help them to avoid creating weak or generic passwords.
- Use a password manager – Password managers can be set up with individualized accounts and to protect passwords needed by multiple people.
- Multifactor authentication – MFA needs to be a requirement for every device with access to the company’s network.
Learn More about How to Manage Passwords
Check out our video blog for more information about password management, multifactor authentication, and a variety of other IT support questions and trends. New episodes are released weekly on YouTube and major podcasting platforms.
MFA (Multifactor Authentication)—Because Strong Passwords Are Not Enough
The scourge of recent high-level hacking has many businesses worried. Much of your most valuable data is now stored online. Hackers and their automated bots are roaming the Internet constantly searching for vulnerabilities to be exploited. These threats are real, constant, and have effected large companies and important infrastructure.
The good news is that it only takes a minimum level of security to eliminate most of the threats. Not using “Password123456” for sensitive accounts is a start, but more is needed. Multifactor authentication or “MFA” is a simple but highly effective layer of cyber security that is no longer optional.
“But My Information Isn’t Valuable”
Small business owners, in particular, often do not think that they have any information a hacker would be interested in. But this is based on a false assumption. Almost all attacks to small businesses—regardless of the industry—come from automated bots that scan the entire Internet searching for weak security. These bots can either carry out attacks completely on their own, or they can report vulnerabilities back to a hacker, who can then specifically target poorly secured data.
Something else to remember is that while your data may not be important to anyone else, it is invaluable to you and your business. Hackers know this, which is why they use ransomware attacks to lock you out of your network unless you pay an exorbitant fee.
What is Multifactor Authentication?
Multifactor authentication (MFA) or two-factor authentication (2FA) provides an additional level of security that can eliminate most automated threats. The majority of hacks come from automated bots that continually spam attacks anywhere they find a vulnerability.
With MFA, users are asked to verify their login attempt after putting in a username and password. This verification is typically a code you obtain through one of the following ways:
- Text message
- Phone call
- Authenticator app (like Google Authenticator or Duo)
- Authenticator device
Whichever method is used, you must either put in the correct code within a short period of time or verify your attempt to access your account some other way. This prevents malicious hackers from gaining access to your accounts without your knowledge. Bots that detect a network with MFA enabled will almost always avoid it altogether.
Setting Up Multifactor Authentication
Contact Simpleworks today if you would like to know more about cyber security generally, how to set up MFA on your network, or just to find out more about our managed IT services. The sooner you secure your network, the sooner you will eliminate a very real threat to your business.
What Makes a Great IT Company?
For most people, their first car was not great. It overheated in the summer, had tattered upholstery, leaked water from the windows. And even though you put up with it out of necessity, you realized with time that so much of the value of a car comes from its reliability and comfort.
Your current IT provider may be like that first car. It might get you where you need to be most of the time, but you have this nagging suspicion that it will leave you with your thumb up on the side of the highway any day now. And just like a car, it can be difficult for a uniformed person to know exactly what is going on “under the hood” of their business’ IT.
Signs Your IT Provider is a Lemon
Besides the obvious—untrained technicians, rude customer services reps, ultra-low pricing—it can be hard to identify a problematic IT relationship. Here is the smoke that could indicate that you are about to be stranded:
- False promises
- Lack of transparency
- Poor communication
- Overly complicated jargon in responses meant to confuse you
- Not meeting with you regularly
- Unexplained or unexpected downtime and interruptions
- A deal that’s too good to be true
- Not encouraging better security
A great IT company will never make you feel inferior, confused, frustrated, or angry. That’s because there is a lot more that goes into IT support than just knowing how to troubleshoot technical issues.
A Reliable Mode of IT Support
Well-built, dependable IT providers need to be smart about IT. But proficiency is not enough. They also need to be smart about business. The difference between a rusty Pontiac and a well-equipped Toyota is not its ability to get from point A to point B—it is the ability to perform safely and comfortably every single time. The same can only happen when an IT provider is proactive.
So how can you identify a proactive IT provider? Ask yourself these questions:
- Do they deliver on their promises?
- Does my IT provider have a clear process?
- Are their staff coordinated and communicative?
- Do I trust them to self-report their activities in a timely manner?
- Do they meet with us regularly to help my business prepare for the future?
- Is the leadership accountable when issues arise?
- Are they budget conscious?
- Do they encourage us to improve our security protocols?
If your IT provider cannot verify the work they have done for you immediately, if they do not seem to have a repeatable process for handling tickets, if they are always reacting to problems instead of preventing IT problems, then you and your employees may be on the verge of hitch-hiking. Your business is too important to be driven by a smoking engine with wobbly tires!
COVID-19 has permanently altered the business landscape. Companies unwilling to adapt to the new reality have suffered or closed while those who embraced the challenge have grown—or even thrived. From doctor’s offices to barbershops, delis to high-rise offices—the companies left standing a year later likely harnessed the power of modern IT solutions to communicate, develop new sales strategies, and deliver products and services efficiently.
Some of these changes will solidify into permanent features of the modern business landscape in the coming decades.
Get Comfortable in the Cloud
There were some growing pains and funny moments those first few months on Zoom or Microsoft Teams as people learned to navigate these platforms, many for the first time. We’ve all probably experimented with backgrounds, kept the camera off to hide our bedhead during that early morning meeting, or finished an eloquent sales pitch only to realize we were muted.
The fact is, though, as awkward as the transition was at times, videoconferencing, team chats like Slack and Teams, and cloud storage and document sharing solutions like Microsoft Sharepoint are likely here to stay. They allow a greater degree of flexibility and productivity for many businesses. In addition, office space can be reduced as more employees work remotely at least some of the time. The likelihood of lingering health risks and future pandemics will probably also require businesses to remain adaptable.
The businesses that fully utilize these tools and innovate their business around them will gain an edge over slow-to-adapt competitors.
The Diminishing Returns of Traditional Marketing
During the last year, sales and marketing teams had to adapt. Traditional face-to-face interactions, meet and greets, afternoon tee times with clients, and other forms of outreach became impossible. While Zoom and Teams can get the job done in some cases, marketers of the future need to innovate solutions now that allow them to connect with the right clients on the right platforms with the right solutions.
Where once personal relationships and face-to-face interaction were vital to attracting and retaining customers, the virtual landscape of the coming decades will demand better services, competitive pricing, and verifiable results. Marketers who fail to stay ahead of the trend may very well lose their most valuable client to a competitor offering more than just a familiar face.
A Smaller World
The Internet has been shrinking the world, and specifically marketplaces, for years. But COVID accelerated the speed of that trend. The talent pool has expanded from the local city to the world. Employees who used to be required to live near the office can, in some cases, branch out further or stay connected while traveling. Solutions like VoIP even allow remote workers to answer work calls from their own phones.
In addition, the speed of information coupled with the ease of communication and growth of big data are creating opportunities in every industry in the world. IT solutions unlock the potential for any business—large or small—to expand their reach into the global marketplace. Those that do will be rewarded with creative solutions to traditional problems and new revenue streams that only a year or two ago may have been inaccessible.
Does Your Business Have the “IT Factor”?
Many businesses are still adapting to these new realities. While there is a degree of urgency necessary, you are not alone if you are in that position. Simpleworks IT offers managed IT solutions for small-to-medium businesses making the transition into a digital marketplace. Contact us today to learn more about our services and the benefits of using a managed service provider.
Ekahau — The Solution to Your Wi-Fi Connectivity Issues
Highspeed Wi-Fi access is not a luxury for 21st century facilities—it is a requirement. But access alone is not enough. Every user, whether on a phone, laptop, tablet, or smart device, expects a minimum amount of speed and uptime. In an office, a lack of connectivity can cost money. Connectivity issues in a school can cause curriculum interruptions, loss of productivity, and needless frustration. In a health care facility, lives could even be at risk.
If your facility has Wi-Fi connectivity problems, Simpleworks IT has the solution: Ekahau.
What is Ekahau?
Ekahau is a hardware and software tool that scans a building to determine the optimal wireless access point (WAP) locations and signal strength. This powerful tool generates Wi-Fi heatmaps that help certified Ekahau technicians find dead spots in an existing network. Ekahau is also able to upload a building’s blueprints to assist in the onsite selection of WAPs for a new building or network. The system can even adjust for building materials and other variables.
Put simply, Ekahau improves your facility’s Wi-FI connectivity.
Who Benefits from Ekahau?
Most facilities experiencing Wi-Fi connectivity problems turn to an in-house IT department or managed service provider. The trouble is that many times these professionals are not trained to set up Wi-Fi networks. Without Ekahau and a properly trained and certified technician, network troubles will likely pop up. Often an IT technician will simply boost the signal of a problematic WAP, which actually makes the problem worse. Then, if another WAP is installed, the problem may become even worse still. Proper signal balance, WAP location, and room placement are vital for networks handling more than a few devices.
Put simply, Ekahau can help most businesses experiencing wireless access issues.
The Ekahau Team You Need
Simpleworks IT has a certified team that specializes in Wi-Fi heatmapping, troubleshooting, and installation. If your network is experiencing the issues that so many other facilities are, contact us today! We will send an experienced specialist to your location, create a Wi-Fi heatmap and customized network plan, and make the changes needed to resolve your Wi-Fi connectivity issues. It’s not worth losing another minute of productivity or pulling out another hair.
Put simply, if you want to improve your facility’s Wi-Fi, Simpleworks has the solution.
