Posts

Best Practices

Cyber Protection: Time for New Best Practices

Best PracticesAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  The average cost of ransomware downtime jumped from $46,800 to $141,000, and increase of more than 200%.

To add to your concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

Traditional cyber security solutions are no match for many cyber attackers. We need a new approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our CPR model:

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Time for Action

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.


 

Business Continuity

Risk and Reward – Protecting the Value of Your Business

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

Data Protection

The Protection We Are Missing

Data ProtectionBack in 2006, the big problem with email was SPAM.  Unwanted messages pushing “healthy pills” and cell phone deals inundated our mailboxes and clogged our Internet connections.  At times, over 90% of all email traffic reaching our local servers was unwanted junk. We fought back and, for a long time, won the battle. With tools like Postini (purchased by Google and part of Gmail since 2008), we were able to block spam and email viruses “in the cloud” before they reached our email servers and services. And while spammers became more sophisticated, our technologies were able to keep up.

Over the past year or so, however, we have clearly lost ground. It feels like we are back to square one.

Spam and malware attacks via email are on the rise. This time around, the consequences can be disastrous. Blocking unwanted emails about supplements is still needed, but cryptolocker, ransomware, and destructive malware can destroy your data and your business.

What happened?

We see a convergence of several factors leading to the increase in successful malware attacks.

The IT Industry Became Complacent

Antivirus and email security vendors wrongly assumed that their existing models of protection were capable of keeping up with new types of threats.  For nearly a decade, this assumption held true. Cyber-criminals study and understand how to exploit weaknesses in our existing protections; they build malware that goes undetected by our traditional methods of discovery. Our industry was slow to recognize that systemic changes were needed to stay on top, and ahead, of the game.

We Face New Threats

To stay ahead of anti-virus protections, malware has grown up. A new class of malware, known as Advanced Persistent Threats, exists. On average, APTs sit on systems and networks for more than 4 months before activating. During this time, they periodically test the system security and protections. They learn how to act to avoid detection. While our legacy protections are watching the doors and windows, the threat is hiding under the bed.

Humans Deliver the Goods

Cyber-criminals have learned that human nature is easier to exploit than technology. They now send us messages and present web pages that look and feel valid. We are willing but unknowing accomplices when click links and install malware on our systems from fake emails and web sites. The human instincts to help and trust readily betray us when we are not careful.

We Assume our Vendors do the Work

Both Microsoft and Google tell our customers that their email and other information in the cloud gets backed up. What they do say is that these backups are to maintain service reliability and not to protect us from damage or loss due to application or human error. We hear “data backup” and we assume our protection is greater than the reality. This assumption holds true when we are told about built-in protections against cyber-threats.

We focus on Cost not Value

Cloud computing drives down cost perception faster than it drives down cost. Major cloud players wage periodic price wars. Cloud services like Office 365 and G Suite continually add new capabilities without increasing prices. We do not expect, and do not want, to pay for extras. You are as likely to fall victim to ransomware from a corrupt or hacked web site than by clicking on an email attachment. While nearly all of our customers protect email, fewer than 5% protect web traffic. Web protection is added cost that does not appear to have value until after the cyber attack.

Good News: We Have Solutions

While we have created a bit of a mess, we do have options. Innovative vendors have built new solutions that affordable confront and address the new wave of threats. Using the power of cloud, some vendors have radically improved their solutions while others have taken a step back and built new, strategic solutions. To protect your business, you need to protect your email service and your web browsing.

  • Web protection should scan and analyze all web traffic, intended (page you click) and unintended (the auto-start video stream, cookie update, etc.) for all web traffic from any device you use.
  • Email protection should pre-screen (open and validate) links and attachments in a sandbox (safe environment) before allowing messages to reach your inbox.

The solutions are affordable, are easy to manage, and can be up and running in no time. A dollar of cost can protect against thousands of dollars loss.


For more information, or a free assessment and set of recommendations for your business, contact us today.


 

MS Office 365

The Best Unknown Add-on for Office 365

MS Office 365Microsoft Office 365, from the entry level Exchange Online plans through the Business and Enterprise plans, includes a robust infrastructure for spam/virus protection. As we have blogged about on numerous occasions, cyber attacks continue to get more sophisticated and are using social engineering to trick and trap more people than ever.

Advanced Threat Protection

Advanced Threat Protection (ATP), a little know add-on for Exchange Online and Office 365, offers additional protection against cyber attacks. Using a secure “sandbox”, ATP tests and validates links within email messages and tests attachments for malware and other threats before the message makes it to your inbox. With minimal latency, ATP can block messages or strip them of the offending item(s).

With the increasing threats of ransomware and identity theft, ATP is well worth the nominal per user fee.


If you want to add ATP to your ecosystem, please contact us.


 

Fast Fact

Fast Fact Friday: Ransomware Cloud Attacks

Fast FactAccording to the Datto’s 2016 Global Ransomware Report, a survey of 1,100 IT service providers …

70% report Dropbox being the target of the ransomware attack

44% of attacks targeted Professional Services

38% of attacks targeted Healthcare


Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.


News from Cumulus Global

SMBs Benefit from Tech and Policy Mashup

Westborough, MA – Faced with increasing regulations and a changing technology landscape, small and midsize businesses (SMBs) struggle to ensure compliance and maintain data privacy. With the sophistication of rasonmware attacks and advanced persistent threats, employee awareness and behavior is more important than ever. Cloud technology makes it easier to share, even when sharing is not appropriate.

To help SMBs tackle these challenges, Cumulus Global (www.cumulusglobal.com) and Privacy Ref (www.privacyref.com) announced a unique partnership designed to help SMBs assess their needs and risks, plan and implement sound privacy practices, and respond to threats and potential breaches.

“Smaller businesses face the same regulations and requirements of large corporations,” noted Bob Siegel, Founder and President of Privacy Ref. “SMBs generally do not have the internal resources and expertise to create and manage a privacy program. This partnership gives SMBs a place to turn for guidance, expertise, and results.”

In addition to privacy assessments and policy updates, the Privacy Education Programs provides SMBs with the awareness education and training needed to ensure employees understand the risks and their role in preventing attacks and breaches.

“Our role is to ensure businesses can avoid and prevent malware attacks and data breaches,” noted Allen Falcon, CEO and Pragmatic Evangelist at Cumulus Global. “We ensure that the protecting technology, policies and procedures, and people are working together for the greatest level of protection.”

Through the partnership, SMBs also gain access to a range of data protection and recovery services and tools. These tools help prevent attacks and breaches and facilitate response and recovery if needed.

Study Confirms: Education Faces Highest Risk of Ransomware

As reported in EducationDIVE and Information Week, a recent study of 20,000 organizations by security firm BitSight found educational institutions suffered ransomware attacks at rates 2 to 10 times higher than other sectors of our economy. 10% of educational institutions have been attacked, compared with 6% of government entities, 3.5% of healthcare organizations, and 1.5% of financial institutions.

Ransomware by Sector (Source: BitSight)

Ransomware by Sector (Source: BitSight)

With the rate of ransomware attacks continuing to rise, schools and districts need to enhance their protections. Beyond traditional endpoint protection, user education and communication, web filtering, protection for advanced persistent threats (APTs), and tools/processes for recovery need to be in place.


Our Business Guide to Ransomware eBook provides valuable information covering the types of threats, protections, and recovery systems you should consider.


 

 

Rethinking Risks and Responses

Malware, Ransomware, Natural Disasters and More Keep Hitting SMBs Hard

Never have we had a greater ability to work together to get things done than we do right now. As our cloud and hybrid environments expand, the ease-of-use encourages us to share ideas and information and to collaborate in new and exciting ways.

Never have we been under attack from so many directions. Changing weather patterns and aging infrastructure leave businesses without power for days instead of hours. Fading employee loyalty means more chances for information to walk out the door. The same features that let us easily share information also let us accidentally share information we shouldn’t. Malware and viruses have evolved from a nuisance to potentially existential threats with the increase in ransomware and advanced persistent threats.

Our Businesses, Employees, and Customers Need and Expect Protection

With the risks and impacts on the rise, we as small and midsize business owners and technologists should rethink how we both prepare and respond. Since the dawn of business computing, large enterprises have built expensive solutions to ensure that their businesses keep running “no matter what”.  Now that we are in the cloud, and solutions are incredibly affordable, we need to adopt the same approach.

Business continuity is no longer just being able to keep your business running after a disaster.

Business continuity means that you are able to prevent business disruptions and distractions, regardless of the cause. Business continuity means …

  • You actively work to minimize the chance of a ransomware attack, and that you can respond and recover quickly should it happen.
  • You have systems and procedures in place to prevent data loss and privacy breaches, and that you can detect and mitigate issues quickly and effectively.
  • You and your team are no longer tethered to the hardware, Internet access, and electricity in your offices.

For SMBs, now is the time to consider the tangible and intangible costs of business interruptions of all types and to see the value in solutions to prevent and recovery. Understand the value proposition of that goes beyond dollars and cents to include the customer relationship impact and the toll that business disruption has on your team.

Food for Thought: