My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

Top 2017 Breaches That Could Affect Any Business!

Organizations with unused, exposed websites and unencrypted storage drivers have been a huge target for hackers in recent years, now in 2017 this trend of stealing valuable information is still running rampant on the dark web. Many of these breaches occurred within the healthcare industry, which had a huge network with very rich patient data. The mistakes made by these organizations can help the many businesses who have not yet been affected take a proactive step to ensure that they will not fall victim to these cyber crimes.

Let us take a look at some of the numbers…

 

14 Million Customers: Verizon Data Breach

After a user mistake which caused the database to go public online, close to 14 million customers of the company were exposed.

4.8 million patients: Molina Healthcare

Discovered that their patient portal had a huge security flaw which could allow any Molina patient to access other patients medical claims by just changing a single number in the URL.

1.1 Million enrolled in Indiana Medicaid & CHIP 

Indiana’s Health Coverage Program released that patient data was left wide open through a live hyperlink to an IHCP report. Their IT service provider discovered the link on May 10th and reported that link contained patient data including name, Medicaid ID number, address of doctors treating patients, patient numbers, procedure costs, and the amount Medicaid paid to doctors or providers.

1 Million Personal Data Files: Washington State University

Washington State University discovered a hard drive containing personal data of about 1 million people was stolen from a locked safe that it was contained in. The hard drive contained Social Security numbers, names and some personal health data.

500,000 Patients: Michigan based 

 

Airway Oxygen

The medical supplier was hit with ransomware that shut employees out of the system where personal health information was stored.

 

Each of these breaches showcase how many people could be at risk of their personal information being completely exposed just because of one or two simple mistakes. In the case if Indiana Medicaid, if it wasn’t for their IT services provider, they may have not found the issue in a reasonable time and had major issues down the line with their business information. The main lesson for business owners to take away is that you MUST stay proactive and make sure you have backups and precautions set in place for your network to continue running smoothly, and securely.

 

ECMSI – Service in 19 min or less!!!

330.750.9412

 

 

 

What Does your Business IT and Car have in Common?

THEY BOTH NEED TO BE INSURED!

When we talk about car insurance the dark thoughts and questions begin to arise. What if I get into an accident? What if I’m travelling and left on the side of the road? What if someone hits me without my control? While all of these thoughts are very pessimistic, these things do happen, sadly, more often than we would like them to. This makes driving without some sort of car insurance seem completely ludicrous. So why should your business IT be any different?

Think about your business IT as the “vehicle” that keeps your company running. What if your network “crashes”, what if your employees are working and your computers decides to leave them on the side of the road? Or what if a hacker “hits” your network with ransomware or the many other hundreds/thousands of malicious malware that is out there today?

When talking about business IT “insurance”, we mean something a little bit different. You need to make sure that the technology in your business is secure, protected and keeps your employees as productive as possible in order for your business to stay viable. Like a car, you have to have some sort of disaster protection, or else a whole bunch of time, money and productivity of your business is lost on fixing the issue when it happens. The best “insurance” for your business network is using an outsourced IT service management provider, and here’s why.

When you outsource the management of your important IT resources they help optimize your networks performance, to make it work at the peak efficiency and reliability levels that your business demands. This can allow you to stay focused on running your business and not your network. This security, networking, data protection and user support is handled at a fraction of the cost than if your business decided to take on all of that cost itself. Risk is something your business deals with every day from market competition, to the state of the economy, don’t let your IT be another risk. Businesses have limited resources, and every owner/manager has limited time and attention. Outsourcing can help your business stay focused on your core business and not get distracted by complex IT decisions.

Secure your network today with ECMSI !

330.750.9412

 

 

Forgot Your Password? The Future May Help.

Probably one of the most annoying things about technology today is trying to remember all your passwords, from your desktop login, social media sites, down to your online financials, a combination of words and numbers can really start to all blend together. If you’re like most of us, you probably have the same password for everything. This practice is EXTREMELY unsafe, and not recommended by any IT technicians or service providers. So, is there any end in sight to the madness? Well, current trends in biometrics may just make passwords obsolete.

Today, many cell phone users are logging onto their phones and entering all their apps with their fingerprints. Apple’s “Apple Pay” on iPhones are becoming ever more popular and allows for users to pay with their cards at retail locations using their fingerprints to authenticate the purchase. The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone and can be used as a second factor in authenticating any number of online services. Microsoft’s Hello is allowing Windows 10 users to login through facial recognition and a patent for the company indicates they are trying to develop ways to pair a touchscreen with gestures made on the screen to authenticate. Some ideas out there are even hinting at using brainwaves for authentication to unlock computers!

What will this mean for the future of passwords? Maybe soon all you will have to do is think about unlocking your Facebook page and like magic, it would work. While that may seem farfetched, who knows what the future can hold? Much of this research to eliminate passwords is being supported. In the U.K. the National Cyber Security Center is looking for proposals that will do away with passwords and is offering $32,160 in research funds per proposal.

However, while things are still in the works we will have to still stick to the “old-school” way of keeping our information safe, with your first pets name and your birth date numbers (did we get some of you??…). Until then, we recommend creating strong passwords (using capital letters, numbers and symbols) and using different passwords for each account you have.

 

Call ECMSI today for a free consult!

330.750.9412

 

How Serious is Ransomware?

The answer is…. VERY SERIOUS!

Ransomware encrypts your files so you cant open them, and the only way to get them back is to pay a ransom. Ransomware can lock up files on a network, which means one infection can bring down an entire company. This malicious software has recently been on the rise and no business, big or small is safe. Over 50 percent of business’s have been victimized by ransomware and according to a survey by Ponem Institute and Carbonite 48 percent of those businesses paid a ransom in order to recover their data. The same survey also revealed some shocking information. It stated that the average company had about four ransomware threats, these companies that had their information encrypted paid an average $2,500 per incident and spent nearly 42 hours handling the issue.

Imagine if that were to happen to a business you owned. Not only is all of your valuable information stolen and held for ransom, your productivity is completely down, and while you can pay for your information back, many of these cybercriminals do not just stop at holding your information. Many times all of your confidential business information is being infiltrated. Over 55 percent of businesses that had a ransomware attack believe the ransomware pulled out data from their devices.

 

So how can you protect yourself and prevent this from ever happening to you or your business? Some may say a good Anti-Virus, and while Anti-Virus is a good prevention metric put in place. The best method is making sure you have all of your systems and data backed up properly and keep those backups updated regularly. The percentage of people that did not end up paying the ransom said that having a full and accurate backup was the reason. With an IT consultant like ECMSI our team would go into your backup before the point that you had the infection and make sure your systems download a clean backup. Take the proper steps to insure your business is protected and ready for anything!

 

 

Contact ECMSI Today! 330-750-9412

 

 

Our systems are down!- A CEO’s Nightmare…

In this day and age, having some sort of computer to do your job is as necessary as air. Chances are, if you have a lot of computers in your business, you also have things like servers, routers, access points, and switches. These are all critical pieces to maintaining your business and your employee’s productivity level.

Have you ever stopped to think about what would happen if your business suffered a catastrophic event? How long would it take to get you back up and running? Do you know if your critical data is being backed-up and if it is, how often is that happening? If you are reading this and starting to feel a tightening in your chest because you aren’t sure of your answers, then it’s time to stop ducking your head in the sand.

In a survey done by IHS in 2015, the average of cost of outages totaled the $700 billion dollar mark. This number has only increased for the past year in 2017. This total includes the loss of employee productivity, revenue and the cost to the fix the issue, which surprisingly was the lowest cost of the three.

So how do you calculate downtime loss?  Our friends over at My IT Pros shared with this basic formula:

 LOST REVENUE = (GR/TH) x I x H

GR = gross yearly revenue

TH = total yearly business hours

I = percentage impact (a high percentage would mean you can’t complete any transactions, will lose clients and have a PR nightmare)

H = number of hours of outage

Finally, to calculate the expected annual cost, multiply this number by the number of expected annual hours of outage. If you do this and you are absolutely panicking, don’t worry. While all of this sounds like something out of a nightmare, the solutions are fairly simple. We would first recommend that you have incremental back-ups of your critical data that are stored both locally and in the cloud. This way, if your hardware were to fail, with the help of your IT provider, you can pull your data down from the cloud onto a backup server (part of the redundancy plan). Secondly, we recommend that you have a redundant environment. Now, this can mean a variety of things but at minimum, it would mean that you’d have a secondary server that is only for emergencies. At maximum, it would mean having clustered servers where there are more than 1 server and if something were to fail, the data just seamlessly moves to the next available hardware.

We don’t want to see any businesses have to deal with this nightmare. If you are unsure of what disaster recovery plan you have with your current IT Provider, it may be time to strike up that conversation. If you have any questions and would like to discuss how downtime could affect you and how ECMSI can help you prevent a disaster please feel free to contact us at 330.750.9412.

WannaCry Infection

You may have seen the news this weekend. Criminal hackers have released a new strain of ransomware that spreads itself automatically across all workstations in a network, causing a global epidemic. If you or a co-worker are not paying attention and accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else’s computer too.

Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: “When in doubt, throw it out!”


The Initial Infection Vector Is A Well-crafted Phishing Email.
 
The initial spread of WannaCry is coming through phishing, in which fake invoices, job offers and other lures are being sent out to random email addresses. Within the emails is a password protected .zip file, so the email uses social engineering to persuade the victim to unlock the attachment with a password, and once clicked that initiates the WannaCry infection.
 
We take proactive measures to ensure all devices that we monitor are up-to-date on their security patches and Antivirus subscriptions. Having an IT company who understands and values a proactive approach to monitoring is key in keeping you focused on your business and not IT.

The benefits of Skype for Business

As soon as we were able to access email via our phones, the idea of a work day ending at 5pm pretty much went out the window. Add to that our laptops and a decent internet connection, office workers across the globe can now do their job virtually anywhere. But what happens when you need to collaborate on a project, have a face to face meeting or just need a quick answer?

Waiting on a reply to an email can be soul crushing if you are on a time crunch and the time involved with traveling back and forth to a client site or satellite office for a face to face meeting is less time you have to do actual work. So what’s the answer? I imagine these were the types of scenarios Microsoft were throwing out during the pitch meeting where they came up with Skype for Business.

This multi functioning tool isn’t just an IM service. Within its code, this application allows you to make phone and video calls, hold large conference calls, share data quickly, present desktops for easy presentation, coordinate schedules and so much more.  Plus, it works across platforms! Desktop, Laptop, Tablet or Mobile Device, Skype for Business can be installed and used, just as if you were sitting at your desk.

So if you have been thinking that you need a tool to help bring your team together again, Skype for Business maybe just the thing you’ve been looking for!

Winter 2017: Disaster For Your Data?

fence with ice hanging off with snow covered trees in background
With winter just around the corner, everyone around you may be getting “all wrapped up” in the upcoming holiday season…

But you’ve got a business to run, customers to keep happy and mission-critical data to keep safe, even if a major blizzard, lightning strike, windstorm or epic flood is taking place right outside your door.

Here are 5 easy steps you can take this holiday season to get your office prepared for this winter’s worst, without seeming like Mr. Grinch.

Be ready for power outages. A power outage can hurt your business in more ways than you think. Besides employee downtime, it takes time to safely get everything back up and running. Then you need to make sure no critical files have been damaged or lost.

Autosave features can help minimize lost files in a sudden power outage. An uninterruptible power supply (UPS) can give your team anywhere from ten minutes to an hour to back up files and properly shut down equipment. If you need longer power durability during an outage, you might want to look into a backup generator.

Keep lines of communication open. Customer frustration due to production delays and not being able to reach key people at your company can be very costly in terms of both revenues and your company’s reputation. Here are three ways to make sure calls to your office don’t get bobbled when a storm rolls in:
1. Create a new automated greeting to let callers know about changes in hours or closings.
2. Set up an emergency override that automatically reroutes key phone lines to one or more numbers that can be reached during an outage.
3. Make sure you and your staff can access voice mail remotely – from a smartphone, by e-mail as an attached sound file or transcribed message, or as a text notification.

Manage employees working from home. Many of your employees can work from home if need be. But you’ll need to prepare in advance if it’s not the norm at your company. Have your IT specialist check with employees who could work from home during rough weather. They’ll need a virtual private network (VPN) to safely access the company network. Be sure it’s set up well in advance to avoid any glitches when that winter storm hits and you need it most.

Have a disaster recovery plan (DRP) ready to go. Unless you can afford to shut down for days at a time, or even just a few hours, it’s absolutely critical to keep a written DRP on hand. Write out step-by-step details of who does what in every type of winter disruption – from simple power outages to blizzards, flooding or building damage caused by heavy winds or lightning. A downed network can cost your company big-time every minute it’s offline. Make sure your plan includes one or more ways to get it back up and running ASAP. Consider virtualizing key parts or all of your network so your team can access it remotely. Once you’ve written out your plan, keep one copy at your office, one at home and one with your IT specialist.

Trying to recover your data after a sudden or serious outage without professional help is business suicide. One misstep can result in losing critical files forever, or weeks of downtime. Make sure you’re working with a pro who will not only help set up a recovery plan, but has experience in data recovery. The old adage about an ounce of prevention applies doubly when it comes to working with the right people who can help you prepare for – and recover from – whatever winter throws your way.