People generally think that they are taking care of their stuff. We box it, shelf it, use it, save the owner’s manual, and put it in a place so we know where it is at, if we need it.
The networks that we run our businesses on are no different than our weed eaters or gas cans. We spend money on them up front and leave them alone, until we really need them to perform their intended function, and they don’t work as expected.
Until recently, that thinking was effective and “matter of factual” for the small business. Nearly every office has a closet that contains networking equipment, janitorial supplies and paper plates. And no one has “take care of the closet and its contents,” on their job description. It is the ultimate second thought location in the office.
That thinking must die for a business to remain competitive in today’s landscape of always-on technology and the ever-growing threat of cyberattacks. Those who think, “this will never happen to me,” are coming into the spotlight with their tails between their legs asking for help at ever-increasing rates.
Type into a search engine, “I have ransomware,” and it auto-completes it with the words, “now what?” There are over 10,800,000 search results as well.
In general, these events were preventable if you ran some reports and tests on your network on a regular basis.
4 recommendations to reduce network issues
- Test your network speed. You know what you are getting from your ISP, and if your numbers don’t match what you are paying for, there is a reason. Too often, people run the tests and see a disparity and don't pursue it, claiming that it is a result of issues beyond their control. Search the web and see if your provider is reporting an issue. Log into your router and see what device is using the bandwidth and ask yourself, “is that normal?” More than once, we have had an office slow down because someone decided to install a huge update or download a lot of information during business hours, not thinking that it would impact everyone else.
- Review your server logs. The servers are something you can completely control, but you have to know what they are telling you when they aren’t behaving as expected. The logs are the best place to start. Here is a link from MSFT as to how to view and report from log files.
- Run the rapidfire tool and see what you have that is out of date, and that includes users! The number of people who still have working usernames and passwords for former employees from more than a few years ago is growing as fast as technology. There is this overwhelming fear that if they delete their account, they will be missing something. In the non-IT world, this is called hoarding. In the IT world, it leaves open back doors for remote access and rampant hacking using an account that no one even knew was still on the network
- Keep your hardware up to date. All manufacturers are required to provide critical updates that compromise security. Link to the updates page of each manufacturer’s device that you own and visit it weekly, to see if anything new is out. Sign up for updates, if they give you that option. Don’t be that guy who lets the bad guy in, because you didn’t realize he had found a new way to break down the building and you never reacted. It is embarrassing to learn that a patch to prevent an event was out there, for free, months before the hack happened, and you didn’t utilize it because you were too busy.
As Hurricane Florence moves through the Carolinas, it’s a good reminder to businesses everywhere of the need to be prepared in case of possible disasters that could hit your workplace.
There are several basic things every business can and should to help with disaster recovery and in order to ensure you are ready and able to support your customers.
- Since the Charlotte area is expecting flooding from the storm, businesses with any computer equipment located in basements or ground floors should move that equipment off the floor, if possible.
- Check recent backups on all production machines, and ensure recent backups were sent successfully to the cloud (or other DR site) for each production machine.
- Post timely updates to the company website (or whatever tool your business uses to inform employees) as the extent and impact of the storm unfolds. Make sure to include updates for employees on resource availability, recovery status, etc.
- Post timely updates to your external website and social media channels alerting customers and partners about storm preparations— along with frequent post-storm updates that allows visitor to track the progress of any necessary recovery. This should include clearly stated policy regarding order turnaround times, invoice processing, scheduled service visits, and other activities likely to be affected by the storm.
Learn more about how you can ensure your business is prepared for any disaster by downloading the eBook “Natural Disaster Survival Guide for Businesses: A Quick Reference for Business Leaders” here.
If you hear the term ‘hacker’ and this is what you picture:
Your definition is as outdated as many business’s cybersecurity.
Hacking has evolved far beyond the teen in his basement image from movies and popular culture. It’s no longer one guy furiously typing with multiple monitors flashing numbers and letters. It’s just not that hard for hackers to get into networks these days. In fact, according to the Harvard Business Review, 60% of the time, an unwitting employee leads the hackers right in.
That’s why it’s important for all employees at your business, from the CEO, to the head of IT, to a temp brought in for seasonal work, to understand how hacking has evolved. Small and midsized businesses are more at risk today than ever before.
Here are three characteristics of a modern hacker you need to know:
Modern Hackers are sophisticated
As we mentioned, the term hacker no longer applies only to the single criminal working from a basement. Hacking has become an organized, sophisticated operation that’s adopted many of the same corporate strategies your workplace employs.
These strategies allow even a novice hacker to cause significant damage both to your finances and your reputation. One of most devastating tools they are employing is ransomware as a service. Basically, higher level hackers sell licenses for software. Novice hackers can then purchase these kits and send them to victims. Once they’ve tricked the victim into clicking, the software freezes the computer or server until the company pays a ransom (like the Mecklenburg County Ransomware attack).
Ransomware as a service also offers a helpdesk. It works just like any helpdesk you and your employees are familiar with – where the novice hackers can call, IM or email if there are issues getting the ransomware to work.
Because of these tools, hackers are able to exponentially multiply the reach and number of attacks. According to Fortune, attackers were able to attempt to penetrate one network more than 100,000 times over seven months.
There are also a variety of tools readily available on the Internet, even from retailers like Amazon, that hackers can use to trace and record keystrokes on your computer, or hack and impersonate a wireless network.
Modern Hackers are focused on people more than the computer system
While the hacker’s ultimate goal is to gain access to your server/network/customer or employee data, their focus is much more on the people at your business than you might think. The past few years have seen the rise of Social Engineering tactics, especially in Phishing and Spear attacks.
As the amount of information about us explodes online, so does a prosperous mine from which cyber criminals can easily learn about you. They can then in turn use this information to craft emails, website ads, and even social media profiles that will lure you in with surprising ease. Take a look at this video to see just how easily it’s done.
Modern Hackers are targeting small and mid-sized businesses at an alarming rate
Many small and midsized businesses feel they are ‘safe’ because they think they don’t have as much data, or data that could be as valuable as larger enterprises like Target or Bank of America. To debunk that myth, we need only refer you to the fact that the hackers behind the Target breach of 2013 that affected 41 million customers gained access through a much smaller 3rd-party vendor.
- 58% of malware attack victims are categorized as small businesses. Verizon 2018 DBIR
- In 2017, cyber attacks cost small and medium-sized businesses an average of $2,235,000. - Ponemon 2017 State of Cybersecurity in SMBs
To stay ahead of the modern hacker, you need to make sure you have a network that is not just modern, but future-proof. But what does that mean? And how can small and midsize businesses afford it?
The Network Team is hosting an informational event at TopGolf Charlotte to help answer those questions and more. Seating is limited, click here to reserve your spot today.