Just how scary can a ransomware attack be?
“Our hospital is down.”
A ransomware attack targeting more than a dozen hospitals in England has crippled their ability to treat patients. 16 hospitals have had to cancel surgeries, divert patients, and even lost access to their phone system because of the cyber attack on Friday, May 12, 2017.
In the ransomware attack, hackers gained access to internal systems, locked the files, and demanded payment in Bitcoin. The hacker threatened to delete files and increase the fee as time passed.
The hospitals shut down all IT systems to protect them. But, clearly, it’s already too late.
Emboldened by successful attacks, the hackers are setting their sights on larger targets, while increasing the number of small and midsized businesses they go after.
Employees continue to be the weakest link in your company’s IT security.
Along with ensuring you have the proper security tools in place, it is vital employees attend cyber security training. It is also a best practice to update employees about cyber security risks through updated information in company newsletters or regular training courses.
You can get started with this training by downloading TNT’s whitepaper “Top Tips for Internet Security at work” to distribute to your employ
The Network Team president Jeff Gaura has extensive training in cyber security, and you can hire him to come onsite to perform cyber security training. Call 980-263-2850 to learn more about those services.
Preventing the Success of Ransomware Attacks
From an IT level, a solid business continuity plan is one of the best ways to prevent a ransomware attack from succeeding.
Anti-virus software and simple backups are not enough to save your files and keep your business running. You need a solution that can verify backups, deliver instant cloud virtualization, has the ability to see into your files and know when the virus took hold, and perform a restore that takes minutes, not hours or days. Business continuity will give you access to your captive data.
Stay ahead of the hackers trying to get into your network. Download “The Business Guide to Ransomware.”
“Let’s hack and disable your cell phone. Start whistling in three, two, one, GO!”
Researchers at the University of Michigan and University of South Carolina claim to have discovered that music could be used to disable or, to a certain extent, even control some IoT devices. The researchers say they were able, through sound waves, to add steps to a Fitbit tracker and interfere with a cell phone app’s ability to control and access Internet of Things devices.
What does this mean? As IP enabled devices become more and more common, we are culturally on a course that the most likely device that we will use to control and interface with them is our cell phones. These IoT devices use chip based devices that are built upon the architecture of micromechanical systems (MEMs). Since these devices lack standards or shared design criteria, there is no governing body to say, “this is good or this is bad,” when a new product comes out.
Common examples where exploits are known and published include the interfaces between fitbits, drones and toy cars with your cell phone.
There are IoT devices in your workplace, today, whether you approved them or not. For example, I am wearing a Garmin watch that supports Bluetooth and wireless, and it is connect to our office public Wi-Fi. Since I know the logon information for the corporate Wi-Fi, I COULD put my watch on the private network, and, more likely than not, no one would know that it was a watch. After all, it has logged on with a valid username and password, and it is logging on from a known location-the office. What if my watch got hacked and became a proxy for, say, a server that was sending out inappropriate content?
Who is at fault? The network admin for not having enough security? Me, for not notifying the network admin that I have an IP enabled watch? Garmin, for making a watch that is hackable?
The IoT world is changing who we use technology. The lack of standards or the inability to track device proliferation shall make the news with ever growing frequency.
It is best to respond to this threat before it is a problem. Mobile Device Management can help. Learn more about TNT's Mobile Device options here.
Businesses are on the hook for customer information and data security, and we are not talking about credit cards.
In a recent court hearing, the Federal Trade Commission cited a company lacked “even basic precautions to protect the sensitive consumer information maintained on its computer system." It appears that actual harm from a data breach doesn’t necessarily need to be proven if the potential for harm exists. The ruling sends a clear and sobering signal to business owners: You must make significant, demonstrable efforts to protect yourself from data breaches or face the consequences.
In the ruling, the FTC stated, "Among other things, it (the company) failed to use an intrusion detection system or file integrity monitoring; neglected to monitor traffic coming across its firewalls; provided essentially no data security training to its employees; and never deleted any of the consumer data it had collected.”
The days of keeping all emails from a customer, including ones for order and purchase approvals, now represents a liability, not an asset or a CYA tool.
Too often, small businesses state, “Nobody is interested in the data we have. We’re not Sony or a government agency.” That thinking can now put you out of business.
Many IT leaders and business owners often think that there is a single product or service that they can subscribe to and this problem goes away. None exists. You need a managed security system that includes multiple products and offerings to address the gamut of requirements.
Lastly, there is no substitute for cyber security training for users. IT staff are not the ones who initiate the breaches-it is nearly always employees or innocent staff who don’t realize what they are doing.
The Network Team recently hosted a workshop on cyber security. As part of the workshop, we distributed handouts to help you help your employees strengthen the data security of your network. Fill out the form below to download the handout.
In ancient times, they city of Jericho was a modern Manhattan. It was the center of trade and commerce and known throughout all the Middle East as a crown jewel of civilization. Jericho’s leaders built a large wall to protect it from invaders. The wall was so big, that nearly none of the city’s occupants took the time to stay trained in the use of combat weapons like the villages who lived outside the city walls.
God’s people marched around Jericho seven times and the wall fell. Despite the size of their force being much smaller than the number of people living inside the wall, the city fell to the Israelites.
This was preventable, if Jericho’s leadership was like Webroot.
Most of our customers start with some over the counter firewall product that came with a $20 gift card to their favorite department store. They feel by using this firewall, they are as safe as the residents of Jericho. They do nothing to holistically protect the assets inside the company feeling that their firewall is doing all the hard work for them.
By using Webroot, you are doing the same thing as providing a wall not only around your city, but also around each of your assets. The best part, is that you don’t have to worry about bricks, concrete and training for your users as Webroot is a cloud-based product, meaning all the heavy lifting is done by smart guys (and gals) in a faraway place. The software that gets installed is minimalistic and does not require updating, meaning no matter who is attacking, the way automatically protects from the current attack.
In the past, TNT recommended products from Trend Micro, Barracuda and others for endpoint security. These products all had unique configurations with a need for maintenance, or they did not work. With Webroot, it is a set it and forget it technology, meaning once we set it up, there is very little for either of us to do. It is much like getting electricity installed in a new home.
You ought to try it out. It’s free for 30 days and costs only a couple of dollars a month per user after that.
Reach out today to learn more.