Protect Your Business from a Data Breach With These 5 Tips

If you think the risk of a data breach or cyberattack is low, think again. According to the 2019 Data Breach Investigations Report by Verizon, every industry is at risk: last year, attacks were present from manufacturing to retail and from healthcare to administration, and everything in between. The worst part is, not all attacks are from external sources – some are internal, and of course sometimes viruses get through accidentally due to employee mistakes.

No matter your industry, you have a lot to lose: your data, customer base, industry secrets, and proprietary information are all targets for attacks. We’ve put together five easy tips you can implement right away to help protect your business.

 

Implement an Employee Policy for Safe Use

 

Many businesses do not have any type of policy in place that sets boundaries for what employees can and cannot do on the internet and in e-mail accounts. Each company should create a formal policy which all employees (current and future) need to sign which details information like e-mail best practices, rules for internet browsing, accessing social media sites, and completing personal tasks (like banking) on company time.

 

Remote Monitoring and Management Agents

 

Having Remote Monitoring and Management (RMM)  on every computer and server allows your business to be in a proactive rather than reactive position with security. RMM can automatically advise your IT team that there is an imminent disk failure, low disk space, overutilization, and more to ensure it is fixed before you face an IT emergency that prevents your staff from getting work done. Depending on your anti-virus software, RMM can also alert your off-site tech experts when malware is present. Which leads us to…

 

Install Proper Anti-Virus and Anti-Malware Software

 

When you have a team of IT experts monitoring your network, a proper business class anti-virus solution will have the ability to alert a central web portal when a virus or malware is present. Because we are monitoring that portal, we’ll be able to tell when a machine has any kind of problem before you or your employees notice. We can then push commands to that computer to clean it of the virus, and update the anti-virus software if needed. In the case that a virus can’t be cleared through a command sent via the portal, we’ll be able to notify you and your employee, connect manually, and remove it that way.

 

Have a Proper off-site or Cloud Back-up of all Data

 

At the absolute minimum, your business should have a cloud backup that can safely copy your data for you at regular, frequent intervals. This way, you have access to a backup in case of a ransomware attack, hardware failure, computer damage, or theft.

 

Install a Backup & Disaster Recovery Device

 

Hands down, the best thing you can do to make sure your business is protected in the event of any kind of attack or damage, is to install a Backup & Disaster Recovery (BDR) device with a cloud backup component. If you have onsite servers, this is especially important. In fact, in our opinion here at Info-Tech, it’s crucial. Read our blog on BDR devices for more info, or contact us today to ask about protecting your business.

Cyber Crime Stats from BroadbandSearch

Check out these 19 stats on cyber crime to protect yourself in 2020.

Windows 7 Dies Today: Here’s What You Need to Know

“Microsoft released Windows 7 in October 2009. Now, more than a decade later, it’s being retired. Your Windows 7 PCs will keep working, but Microsoft is no longer issuing security patches as of January 14, 2020.

Windows 7 will keep working normally, just like Windows XP does. If you have a PC running Windows 7 or Windows XP, you can use it on January 15, 2020, just as you could on January 13, 2020. Microsoft won’t stop you from using your PC. You may see some nags informing you that “Your Windows 7 PC is out of support,” but that’s it.

We recommend you avoid using Windows 7. If you do keep using this operating system, it’s now especially important that you have security software (like an antivirus) installed and take steps to secure your PC.”

Click on the link below for more information.

 

Why A Back-Up Disk Alone Isn’t Good Enough to Secure Your Business

If you’re like most business owners, you likely have a back-up disk to restore your server data in the event of an emergency. But did you know a back-up disk isn’t enough to keep you fully protected and minimize downtime? This type of backup is referred to as a ‘data-based’ backup and is simply not good enough anymore. Whether you experience a total loss or repairable damage to your server, having an ‘image-based’ backup device that saves data to the cloud every hour is your best opportunity for getting your team back to work quickly. Here’s why.

Even With A Back-Up Disk, A Total Loss Could Have You Down for 10 Days or more!

If your server is housed in house, you probably have your back-up disk stored in a different location to protect against incidents like theft or water damage. Theoretically, this keeps your data safe in the event of a total loss of the server. However, even if your back-up disk survives the incident that took out your server, it could take as many as 10 business days to get a new server – then we’ve got to re-install everything and THEN restore the data; and without a server, the back-up disk isn’t any help!

We know you can’t be down for that long, but unfortunately that’s how long it takes to:

  1. Receive your new server
  2. Reconfigure the server
  3. Restore/reinstall all the software
  4. Restore the data
  5. Reconnect all of your business’s computers

Even if your server isn’t a total loss, if it isn’t working properly for one reason or another a technician will need to visit your workplace to address those issues before installing the back-up disk. Depending on the problem, this could take a couple days to complete.

Downtime is Expensive

Even if we can fix your server quickly, copying data from the backup disk to your server can take hours. During this time, no one on your team can do anything. That’s time that you are paying your employees while no work is being completed.

According to IBM, the average infrastructure failure costs businesses $100,000 an hour! Talk about a real pull-your-hair-out nightmare

Protect Your Business With An Image-based Backup and Disaster Recovery (BDR) System

At Info-Tech Montreal, we always recommend that our clients move away from a data-based disk backup solution to an image-based BDR solution.

This BDR device creates images of your server – not just the raw data! – and stores it in on the device itself AND in the cloud. If your server goes down for any reason, we can simply ‘startup’ your server with the image we have of it. It is also able to copy images of the server each hour, as opposed to the back-up disk which usually only backs up each evening, sometimes only each week.

This means if, for example, an employee accidentally downloads a virus that affects everything, we can restore everyone’s files up to the most recent hour.

If you have questions about your disaster recovery plan, need to know how much it would cost you to be down, or if you’re simply interested in learning more about our services to help minimize your downtime, contact us today! We’re always happy to chat and find a solution that works best for you.

How to Use One Drive’s “Personal Vault” to Secure Your Files

“Microsoft’s OneDrive cloud storage service now includes a “Personal Vault” for your sensitive files. These files are encrypted and protected with additional two-factor verification, even when they’re synced to your Windows 10 PC.

OneDrive’s Personal Vault became available worldwide on September 30, 2019. It works on Windows 10, Android, iPhone, iPad, and the web.”

Click on the link below to learn more.

 

customized solutions for your business

How to Tighten all your iPhone’s Privacy Settings

It is always a good idea to review your privacy settings on any device. Most often with apps, when you download them, they always need access to something before being able to work. You would almost always grant the access to use the app properly, but there are ways to control your data and how it is shared. Here is a detailed article on how to review and change your privacy settings specific to iPhone. Click on the link below.

Desjardins Files Leaked

Windows Server 2008 – End of Life

Good Morning,

Please note that Windows Server 2008 is nearing its End Of Service Life! Customers still running Windows Server 2008 after end of support will face a number of challenges: increased threat of cybercrime, loss of support for popular applications, rising costs and limited options for Cloud computing.

What does End of Life mean?

Almost all Microsoft products have a support lifecycle during which Microsoft provides new features, bug fixes, security fixes, and so on. The end of this lifecycle is known as the product’s End of Life. When Windows Server 20018 reaches its End of Life before the end of this year, Microsoft will no longer provide:

1. Technical support for issues
2. Bug fixes for issues that are discovered
3. Security fixes for vulnerabilities that are discovered

Advisory: Windows Server 2008 will reach End of Service Life (EoSL) officially ends on January 14th 2020. However we recommend transition to Windows Server 2016 or Windows Server 2019 to ensure ongoing support and avoid disruption to your business prior to thisdate. 

We strongly encourage that you upgrade as soon as possibleto avoid any down time. Please contact us to assist with your transition.  Our support team will be glad to help out!

Bad Rabbit – New Ransomware Virus

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.
The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.
Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.

Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.

Bad Rabbit Starts With Social Engineering

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer’s memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such asrootguest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user’s computer and then replaces the MBR (Master Boot Record).

Ouch, that basically bricks the workstation. 

Courtesy of KnowB4

Contact us today to review your passwords and to ensure your systems are secure.

Equifax Hack

Equifax, the credit reporting giant, announced Thursday that they were hacked sometime between mid-May and July of this year. The breach exposed the information of an ‘unknown’ number of people living in Canada and the UK. They have yet to reveal how many Canadians had their personal information hacked over the Spring and Summer.
Hackers were able to get names, SIN’s, birth dates, addresses, credit card information and some driver license numbers. That is enough information to fill out a mortgage application or get a credit card for example.
Equifax said it will send direct mail notices to consumers that were impacted. They have also established a website where people can check if their personal information was stolen.
If you find your information has been compromised, there are a few things you can do to protect yourself from identity theft;

  • Monitor your Equifax score
  • Watch your credit inquiry (anytime a potential lender checks your credit i.e. credit card company)
  • Freeze your credit reports (this restricts access to your credit report)
  • If your SIN was stolen, file a police report
  • Check your credit card statements
  • Alerts banks and strengthen your passwords

Although they haven’t released the number of Canadians affected, they did state that nearly 143 million people were affected in the US.

Here is a fresh-from-the-press Current Events template to safeguard against inevitable Equifax-themed phishing campaigns by the bad guys: (courtesy of KnowBe4)