Getting Hacked Isn’t Something That Only Happens to ‘Someone Else’

With the ongoing pandemic affecting almost all businesses, we’ve been talking a lot about cyber security and the importance of ensuring your data is protected to help prevent you from being hacked. Cyber attacks typically increase during chaotic times, so it’s important to ensure your security systems are up-to-date.

It’s also common to think it won’t happen to you and your business. That attacks like that happen to large companies in the states or overseas, or to those dealing with sensitive information. But in early March, the City of Châteauguay, Quebec was the victim of a cyber attack.

Hackers often target municipalities or other organizations by sending phishing emails and using them to gain access to their systems, holding it hostage until they receive a financial payout.

Given that this pandemic is ongoing and there is likely to be more attempted attacks, we thought it was a good time to remind everyone of our top security tips to keep your business from getting hacked, especially with employees working from home.

Ensure All Employees Understand Company Policy

If you read our February blog, you’ll have seen our recommendation to implement an Employee Policy for Safe Use. If you’ve recently made changes to or if it’s been a while since you’ve unveiled yours, now is a good time to have all employees re-read the policy and ensure they are aware of what is expected of them. Your policy should include things like mandatory strong passwords and not opening files sent from emails you don’t recognize.

Ensure All Staff Are Working on Devices With Proper Anti-Malware and Anti-Virus Software

While staff are in your office and working on company computers, it’s easy to ensure data is being accessed and shared across secure devices, but it’s more difficult to manage if employees are working from personal computers at home, making them more susceptible to being hacked. Make it mandatory for all staff to have up-to-date virus and malware protection on their home office equipment.

Ensure Proper Back-up and Recovery Systems Are in Place

You absolutely must have a cloud back-up solution that saves data for you at frequent, regular intervals; this is a minimum for protecting your business. Ideally, you should have a Back-up and Disaster Recovery Device (BDR) with a cloud component. This is the best way to ensure your business is protected in the event of an attack or damage.

Some places are slowly beginning the process of reopening, but it will be a while before it’s ‘business as usual’ again. Take these steps to protect your business from cyber attacks and hopefully we can all get back there sooner rather than later. If you have any questions, give us a call at (514) 634-4636 x 101. We’re always happy to help.

Protect Your Business from a Data Breach With These 5 Tips

If you think the risk of a data breach or cyberattack is low, think again. According to the 2019 Data Breach Investigations Report by Verizon, every industry is at risk: last year, attacks were present from manufacturing to retail and from healthcare to administration, and everything in between. The worst part is, not all attacks are from external sources – some are internal, and of course sometimes viruses get through accidentally due to employee mistakes.

No matter your industry, you have a lot to lose: your data, customer base, industry secrets, and proprietary information are all targets for attacks. We’ve put together five easy tips you can implement right away to help protect your business.

 

Implement an Employee Policy for Safe Use

 

Many businesses do not have any type of policy in place that sets boundaries for what employees can and cannot do on the internet and in e-mail accounts. Each company should create a formal policy which all employees (current and future) need to sign which details information like e-mail best practices, rules for internet browsing, accessing social media sites, and completing personal tasks (like banking) on company time.

 

Remote Monitoring and Management Agents

 

Having Remote Monitoring and Management (RMM)  on every computer and server allows your business to be in a proactive rather than reactive position with security. RMM can automatically advise your IT team that there is an imminent disk failure, low disk space, overutilization, and more to ensure it is fixed before you face an IT emergency that prevents your staff from getting work done. Depending on your anti-virus software, RMM can also alert your off-site tech experts when malware is present. Which leads us to…

 

Install Proper Anti-Virus and Anti-Malware Software

 

When you have a team of IT experts monitoring your network, a proper business class anti-virus solution will have the ability to alert a central web portal when a virus or malware is present. Because we are monitoring that portal, we’ll be able to tell when a machine has any kind of problem before you or your employees notice. We can then push commands to that computer to clean it of the virus, and update the anti-virus software if needed. In the case that a virus can’t be cleared through a command sent via the portal, we’ll be able to notify you and your employee, connect manually, and remove it that way.

 

Have a Proper off-site or Cloud Back-up of all Data

 

At the absolute minimum, your business should have a cloud backup that can safely copy your data for you at regular, frequent intervals. This way, you have access to a backup in case of a ransomware attack, hardware failure, computer damage, or theft.

 

Install a Backup & Disaster Recovery Device

 

Hands down, the best thing you can do to make sure your business is protected in the event of any kind of attack or damage, is to install a Backup & Disaster Recovery (BDR) device with a cloud backup component. If you have onsite servers, this is especially important. In fact, in our opinion here at Info-Tech, it’s crucial. Read our blog on BDR devices for more info, or contact us today to ask about protecting your business.

Cyber Crime Stats from BroadbandSearch

Check out these 19 stats on cyber crime to protect yourself in 2020.

Windows 7 Dies Today: Here’s What You Need to Know

“Microsoft released Windows 7 in October 2009. Now, more than a decade later, it’s being retired. Your Windows 7 PCs will keep working, but Microsoft is no longer issuing security patches as of January 14, 2020.

Windows 7 will keep working normally, just like Windows XP does. If you have a PC running Windows 7 or Windows XP, you can use it on January 15, 2020, just as you could on January 13, 2020. Microsoft won’t stop you from using your PC. You may see some nags informing you that “Your Windows 7 PC is out of support,” but that’s it.

We recommend you avoid using Windows 7. If you do keep using this operating system, it’s now especially important that you have security software (like an antivirus) installed and take steps to secure your PC.”

Click on the link below for more information.

 

Why A Back-Up Disk Alone Isn’t Good Enough to Secure Your Business

If you’re like most business owners, you likely have a back-up disk to restore your server data in the event of an emergency. But did you know a back-up disk isn’t enough to keep you fully protected and minimize downtime? This type of backup is referred to as a ‘data-based’ backup and is simply not good enough anymore. Whether you experience a total loss or repairable damage to your server, having an ‘image-based’ backup device that saves data to the cloud every hour is your best opportunity for getting your team back to work quickly. Here’s why.

Even With A Back-Up Disk, A Total Loss Could Have You Down for 10 Days or more!

If your server is housed in house, you probably have your back-up disk stored in a different location to protect against incidents like theft or water damage. Theoretically, this keeps your data safe in the event of a total loss of the server. However, even if your back-up disk survives the incident that took out your server, it could take as many as 10 business days to get a new server – then we’ve got to re-install everything and THEN restore the data; and without a server, the back-up disk isn’t any help!

We know you can’t be down for that long, but unfortunately that’s how long it takes to:

  1. Receive your new server
  2. Reconfigure the server
  3. Restore/reinstall all the software
  4. Restore the data
  5. Reconnect all of your business’s computers

Even if your server isn’t a total loss, if it isn’t working properly for one reason or another a technician will need to visit your workplace to address those issues before installing the back-up disk. Depending on the problem, this could take a couple days to complete.

Downtime is Expensive

Even if we can fix your server quickly, copying data from the backup disk to your server can take hours. During this time, no one on your team can do anything. That’s time that you are paying your employees while no work is being completed.

According to IBM, the average infrastructure failure costs businesses $100,000 an hour! Talk about a real pull-your-hair-out nightmare

Protect Your Business With An Image-based Backup and Disaster Recovery (BDR) System

At Info-Tech Montreal, we always recommend that our clients move away from a data-based disk backup solution to an image-based BDR solution.

This BDR device creates images of your server – not just the raw data! – and stores it in on the device itself AND in the cloud. If your server goes down for any reason, we can simply ‘startup’ your server with the image we have of it. It is also able to copy images of the server each hour, as opposed to the back-up disk which usually only backs up each evening, sometimes only each week.

This means if, for example, an employee accidentally downloads a virus that affects everything, we can restore everyone’s files up to the most recent hour.

If you have questions about your disaster recovery plan, need to know how much it would cost you to be down, or if you’re simply interested in learning more about our services to help minimize your downtime, contact us today! We’re always happy to chat and find a solution that works best for you.

How to Use One Drive’s “Personal Vault” to Secure Your Files

“Microsoft’s OneDrive cloud storage service now includes a “Personal Vault” for your sensitive files. These files are encrypted and protected with additional two-factor verification, even when they’re synced to your Windows 10 PC.

OneDrive’s Personal Vault became available worldwide on September 30, 2019. It works on Windows 10, Android, iPhone, iPad, and the web.”

Click on the link below to learn more.

 

customized solutions for your business

How to Tighten all your iPhone’s Privacy Settings

It is always a good idea to review your privacy settings on any device. Most often with apps, when you download them, they always need access to something before being able to work. You would almost always grant the access to use the app properly, but there are ways to control your data and how it is shared. Here is a detailed article on how to review and change your privacy settings specific to iPhone. Click on the link below.

Desjardins Files Leaked

Windows Server 2008 – End of Life

Good Morning,

Please note that Windows Server 2008 is nearing its End Of Service Life! Customers still running Windows Server 2008 after end of support will face a number of challenges: increased threat of cybercrime, loss of support for popular applications, rising costs and limited options for Cloud computing.

What does End of Life mean?

Almost all Microsoft products have a support lifecycle during which Microsoft provides new features, bug fixes, security fixes, and so on. The end of this lifecycle is known as the product’s End of Life. When Windows Server 20018 reaches its End of Life before the end of this year, Microsoft will no longer provide:

1. Technical support for issues
2. Bug fixes for issues that are discovered
3. Security fixes for vulnerabilities that are discovered

Advisory: Windows Server 2008 will reach End of Service Life (EoSL) officially ends on January 14th 2020. However we recommend transition to Windows Server 2016 or Windows Server 2019 to ensure ongoing support and avoid disruption to your business prior to thisdate. 

We strongly encourage that you upgrade as soon as possibleto avoid any down time. Please contact us to assist with your transition.  Our support team will be glad to help out!

Bad Rabbit – New Ransomware Virus

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit, a new strain of ransomware with similarities to NotPetya.
The outbreak started Tuesday and froze computer systems in several European countries, and began spreading to the U.S., the latest in a series of attacks.
Department of Homeland Security’s Computer Emergency Readiness Team issued an alert saying it had received “multiple reports” of infections.

Russia’s Interfax news agency reported on Twitter that the outbreak shut down some of its servers, forcing Interfax to rely on its Facebook account to deliver news.

Bad Rabbit Starts With Social Engineering

The outbreak appears to have started via files on hacked Russian media websites, using the popular social engineering trick of pretending to be an Adobe Flash installer. The ransomware demands a payment of 0.05 bitcoin, or about $275, from its victim, though it isn’t clear whether paying the ransom unlocks a computer’s files. You have just 40 hours to pay.

Bad Rabbit shares some of the same code as the Petya virus that caused major disruptions to global corporations in June this year, said Liam O’Murchu, a researcher with the antivirus vendor Symantec Corp.
Based on analysis by ESET, Emsisoft, and Fox-IT, Bad Rabbit uses Mimikatz to extract credentials from the local computer’s memory, and along with a list of hard-coded credentials, it tries to access servers and workstations on the same network via SMB and WebDAV.

The hardcoded creds are hidden inside the code and include predictable usernames such asrootguest and administrator, and passwords straight out of a worst passwords list. (Note To Self: all user passwords need to be strong, step all employees through a strong password training module ASAP.)

As for Bad Rabbit, the ransomware is a so-called disk coder, similar to Petya and NotPetya. Bad Rabbit first encrypts files on the user’s computer and then replaces the MBR (Master Boot Record).

Ouch, that basically bricks the workstation. 

Courtesy of KnowB4

Contact us today to review your passwords and to ensure your systems are secure.

Call Now Button