Ransomware: What Is It?

Hackers are smart, ransomware is no joke and if an attack hits your network, you need to know about it immediately. Ransomware threats are constantly growing and considered one of the most dangerous web-based attacks. While the landscape is constantly evolving, it’s important to say educated in order to keep your business safe. Let’s start with the basics:

What is a ransomware?

Ransomware is a malicious software created to block access to computer files or an entire system until a sum of money is paid. Ransomware is typically delivered via email which includes links to corrupt websites or downloads and infected attachments (such as, PDFs). While these emails may seem innocent in nature, one wrong click can lead to a malicious download of hostile software that can lock up your entire network.

Why should you protect your business from ransomware?

  • Losing Critical Business Data
  • Devastating Financial Loss
  • Complete Loss of Business Productivity
  • Compromising Your Business Reputation

How do you stay safe from ransomware?

When it comes to how to help protect against ransomware, here’s a few tips you should always keep in mind?

  • Look out for misspellings: email addresses, file names, subject line, etc.
  • Beware of the overly-urgent email
  • Before you click: hover!
  • Keep your personal details private
  • Always have a backup of your critical data

Avoiding the Threat from Ransomware Attacks

In order to stay one step head of ransomware attacks, you need to prepare. It’s most important to always back up your critical business data. Antivirus software is a great start to layering your defense but a multi-layered approach is the absolute safest bet.

Additionally, it’s important to educate your staff on the threat of ransomware and phishing emails to keep your network safe. Train your staff to be careful, but also block websites you know are malicious.

ECMSI: Advanced Security + Disaster Recovery

So before you have to pursue ransomware removal, take care of your backup solutions. At ECMSI, we can provide you with business continuity that prevents you from ever losing your livelihood to ransomware attacks, system failures, or even natural disasters. Check out our backup solutions and prevent your company from being held hostage by circumstances outside your control.

www.ecmsi.com

Benefits of Proactively Monitoring Your Network

There’s nothing worse than getting the call that your network is down. Business owners often find that their IT lacks the visibility to notice performance issues before they become bigger problems. It’s simple to understand that when you have a network outage, the clock starts ticking and the longer it takes to resolve, the more it costs in productivity, staff time and customer satisfaction.

Keeping tabs on all of your network technology means that you can spot issues before they get worse. Having a proactive maintenance of a network will not only improve your productivity but also increase the reliability of your systems and could save you money in support costs.

Below, we’ve listed some of the top benefits in proactively monitoring your network:

Stay Ahead of Outages

There’s many reasons a network outage could occur; configuration issues, environmental factors and even human error. By implementing a proactive network monitoring approach, you’re giving yourself the visibility needed to stay one step ahead of potential issues and can prevent your business from experiencing these outages in the first place.

Identify Security Threats

You can’t assume your information is safe. It’s important to have at least one level of security but more proactive to access more. A network monitoring tool can provide that first level and give you a big picture of your typical performance. By monitoring your security, you’re giving yourself the opportunity to notice unfamiliar changes and find you best proactive approach to minimize your risk.

Save Money

Time = Money  and when your network is down, this is especially true. By monitoring your network, you’re able to make problem solving faster and easier and get back to the important day-to-day tasks that keep your business in the position for optimal growth.

Improve Reliability

If you had the chance to identify and correct small issues before they became bigger problems to provide the best customer satisfaction, wouldn’t you? By proactively maintaining your network, you’re able to bridge the gap between standard customer service and exceptional customer service by no longer worrying about downtime or errors in communication.

 

ECMSI offers top-of-the-line proactive monitoring and a layered security suite to keep your business running at the highest level of efficiency. Find out more today by giving us a call and scheduling your Free Network Health Assessment! (330) 750-1428

 

The Do’s and Don’ts of Cutting Communication Costs

Every business owner wants to cut costs. But before you go on a communication costs cutting spree, consider this. There are good ways to save . . . and some not-so-good ways.

As Forbes recently observed, “when the finance or accounting department drive savings, often times they do so without seeing the big picture of how cost cutting might impact employee and customer satisfaction as well as loyalty.”

Cost Cuts That Aren’t Worth It

If you do a quick Google search for ways to trim SMB communication costs, you’ll find plenty of articles. But that’s part of the problem. An alarming number of them suggest cost-cutting strategies that are just plain stupid.

Here are some of our favorite bad ideas.

All hail Skype.

Skype is free. Why not ditch your phone system and just use Skype?

We’re not slamming Skype. It’s a great communications platform, and it does have some legitimate business applications. But it’s hardly an all-in-one communications solution.

Even Microsoft, the software giant behind Skype, doesn’t tout it as a replacement for business phone systems.

Stop making calls of any kind.

Like Skype, email is more or less free and just about everyone has it. Why not use that for the majority of your communications?

There are a couple of major flaws with this suggestion. First, customers will still expect to be able to call you. Second, text-based communication isn’t nearly as powerful (or convenient) as making a call.

While great for quick, straightforward communication, email will never replace voice conversations.

Go all or nothing on mobile.

We’ve seen both ends of the spectrum here.

Some advocate bumping employee cell phone plans to the max and pushing people to be available at all hours. Others say ditch company mobile plans and do away with company-provided devices.

Both are hard hits to employee morale, and neither does enough to lower communication costs to be worth the effort. Once again, minimal savings with a whole bunch of new headaches.

Tips That Will Actually Lower Your Communication Costs

There are far more effective ways to lower communication costs.

That said, there’s no magic bullet. Each of these will take a little work on your part. But unlike the bad advice above, these tips will actually make a difference in your bottom line.

Be strategically selective.

“Businesses lose an average of $11,000 per employee every year due to ineffective communications and collaboration.” That’s the teaser headline from a recent report published by Mitel.

Here’s the takeaway in a nutshell. When it comes to business communication, more isn’t necessarily better. Instead of rolling out every available option, take the time to be strategic.

Eliminate solutions that don’t fit and make sure everyone has adequate training in the solutions that do work. You’ll cut communication costs and improve overall operational efficiency.

Take advantage of video conferencing.

Video conferencing isn’t a fad. On the contrary, it’s a powerful communications tool with several impressive benefits. We’ll highlight just two of them.

Video conferencing makes dynamic collaboration possible, even if team members are on the other side of the world. You still get all the benefits of rich communication – tone of voice, facial expression, the ability to share visuals – without having to wait for a literal face-to-face meeting.

And it saves money. Video calls are cheaper than plane tickets and delays.

Don’t shy away from social media.

Social media isn’t the best communication tool for one-on-one customer communication. But if you’d like to communicate to your entire customer base, social media is a quick, easy and extremely inexpensive option.

Plus, if you already have a social media presence it’s basically free.

Not only that, but most of your customers are already invested in social media. You’re meeting them on their turf. They’ll appreciate that.

Audit everything.

Our final tip is the most important one. Nothing will uncover as many opportunities to lower communication costs as a full audit of your communication expenses.

Of course, few business leaders have the time or industry experience to effectively analyze their own phone bill. You’ll likely need some help with this one. That’s where ECMSI comes into play.

We’ve helped clients save thousands per month, and we’re confident we can help you lower your communication costs, as well.

If you’re serious about lowering communication costs, let us help. Give us a call today to get your free phone bill analysis. We promise we’ll make it worth your while.

Don’t Let A Tech Disaster Ruin Your Business Reputation

Anytime there is a major cyber security breach in the news it usually spells out disaster for all those who are involved. Weather it is the customers whose data has been breached or the company involved that has to deal with all the media, it ends up turning into a nightmare.

However, not just massive corporations can deal with this reputation issue after cyber security breaches and downtime. Small businesses that are down because of technical issues could suffer damages to their customer service and reputation locally.

Reputation matters!

Most of the time when you hear about disaster recovery, the focus is on getting your business up and running as fast as possible. The average small business loses as much as 8,600 per hour when its network is offline. It’s expensive to rebound slowly.

When customers feel they can’t trust a company with their financial information, other factors fall by the wayside quickly. Maybe you’re the best in your industry. Maybe you have amazing customer service. Maybe your customer base is insanely loyal the rest of the time.

But lose their trust, and you’ve lost them.

Disaster recovery and your reputation.

Disaster recovery isn’t just about restoring functionality to your system. It’s also about restoring customer faith. If something happens – anything from a natural disaster to hardware failure to a security breach – you need a clear disaster recovery plan.

If you have one, you can weather the storm. Trust can be rebuilt. But only if you show your customers you know how to handle a crisis.

We are Here to Help.

Here at ECMSI, we care a great deal about disaster recovery. We understand the impact downtime has on your bottom line. We also understand the hit your reputation will take if you don’t know how to navigate a disaster. That’s why our managed services are designed to keep you proactive and ready for anything.

It’s our goal to minimize the impact to your customer base and keep your reputation untarnished, even when everything goes wrong.

If you don’t have a disaster recovery plan in place already, we highly recommend addressing that. And, of course, we’d be honored to help. Get in touch with us to find out more about how our disaster recovery strategy can protect your network stability and your reputation.

Email: Is it your business’s weakest link?

Email is one of the most important forms of communication in the business world today. This digital post office gives an organization the chance to communicate not only internally but also to their clients, partners and customers. An organization can use email from marketing, to customer service and everything else in between. Many organizations go to great lengths to protect their email data knowing that there is a lot of company information being exchanged through this medium daily. This makes email the most vulnerable and targeted forms of communication in the cyber world. According to a study done by F-secure, of all hacking attempts, 34% of them are accomplished with phishing and malicious email attachments.

What does this mean for email in the future? Here are what security trends we can expect:

  1. Email based attacks continuing to rise.
  2. The attacks will focus on each company’s network of vendors and customers.
  3. Email authentication will become standard.

Levels of interaction using email is very high, and this always comes with a degree of trust, thus someone targeting a major corporation will attempt to mimic their various clients and vendors. We are already seeing emails that attempt to look like they are from “Microsoft” or “eBay” with fake branding that could make you question and click through. Therefore, we will see an increase in mandatory authentications when accepting an email to be delivered.

Since email is so highly targeted some of the best ways to prevent having your company’s information compromised is training employees to see the malicious activity in their inbox. Most problems can be avoided when your team has the ability to protect themselves and be suspicious as to what they are clicking on. To prevent these emails from ever coming in, companies need to establish a highly secure spam filtering and email encryption service. If spam is consistently infiltrating to your employee’s inbox this could cut productivity and end up costing your business.

Small to medium sized business who have not devoted the time to securing their email will be huge targets and could run into some major issues soon. These firms need to ensure they have proper spam filtering in place that will filter out all suspicious emails with strange domains. Those businesses that may be dealing with important financial or health information will need to ensure their emails are encrypted and cannot be compromised that could potentially even lead to legal issues.

ECMSI is here to answer any questions or concerns you may have about your organizations email network. Call today and schedule your FREE Network Health Assessment: (330) 750-1428

Why Would You Need an MSP?

Are you constantly fielding tech questions and trying to get employees up and running again after their machines just suddenly blue screened? Have you been considering going to “the cloud” but in truth, aren’t sure what that means?

If this sounds like you, then know that you aren’t alone.  The great news is that you knew when you started your business you couldn’t do it on pen and paper alone. The bad news is that you started your business for something OTHER than IT work, but that seems to be all you are doing, especially since your business started to grow.

Some people have their nephew or cousin on the side that can come in to install a new PC that you bought at a local big box store and at least get that up and running but who are you calling when that PC has an issue? Your nephew only knows so much and now he has caused an even bigger issue (but we know that his heart was in the right place!).

This is when you needed to take a deep breath and talk to a professional. Technology needs to be valued just as much as the electricity that is needed to run it. This is where a valued and trusted IT partnership can come into play. This is where Managed Service Providers shine.

A good MSP will not come into your office, sell you something and then not support it or your company. Trust us, there are plenty of companies out there that do just that and we want you to stay far away from them. A trusted MSP will take the time to learn your environment and your business, see where you are and where you need to go to become standardized, stable and secure because they have taken the time to invest in products that will do all those things and do them well.

Another thing to consider when talking to MSP’s is their monitoring. How will they be proactively monitoring your environment and do they have a dedicated person on staff that handles the monitoring and resolves issues immediately? What does their response time look like? Do they have 24/7 support? Do they offer business reviews so you know where your money is going?

You need someone to take the issues off your plate, provide monitoring so you know your environment is stable and provides constant support for your growth. You need an MSP. A trust Managed Service Provider will work with you to provide a secure environment at a consistent monthly rate, while providing technicians your employees can call when they experience issues. Now you have more time in your day to work on and grow your business. You may sleep better at night too, but we can’t guarantee that.

If you have any questions about how an MSP can help your business please feel free to contact us at 330.750.1428 or visit our website here!

Understanding Cyber Security Threats

The rise of new technologies has changed the way organizations operate, compete, and evolve. When deployed strategically, each of these emerging technologies can offer organizations a leg up in a fast-paced marketplace, greater insight into their operations, and more control over their business. However, the changing nature of our digital environment is also providing cybercriminals and bad actors with a larger attack surface—and more dangerous tools—than ever. The evolution of workplace technology has also increased the sophistication of cyberattacks.

Given this reality, it’s critical that managed services providers (MSPs) and their customers understand what cybersecurity issues and challenges they’re up against. As companies increasingly rely on connected technology, the stakes of data breaches are clearly growing.

What are the most important security issues facing companies today?

As companies become more reliant on their digital environment, their vulnerabilities to cyberthreats increase in turn. While this certainly doesn’t mean that organizations should forego critical IT investments to reduce their potential attack surface, it does mean that stakeholders need to stay aware of the specific cybersecurity issues that are most pressing to their companies.

Similarly, greater investment in the cloud means that an increasing number of companies are storing and processing proprietary data offsite. The expansion of cloud computing has enabled numerous benefits, including greater organizational flexibility and cost savings. However, relying on the cloud—whether public, private, or hybrid—requires careful cybersecurity protocol. While third-party providers may be responsible for the security of the cloud itself, customers are generally responsible for the security of the information they store and use in it.

What are the threats in cybersecurity?

With new platforms and capabilities opening companies up to new vulnerabilities, it’s critical that MSPs understand what tactics cybercriminals might use to take advantage of unprepared and unprotected organizations.

Across the board, cybersecurity threats that organizations have been familiar with in the past have become even more dangerous. Phishing—the process through which cybercriminals attempt to lure employees to click on links or download files to extract sensitive information—has evolved and matured. And while new technology like blockchain is specifically designed to be secure, users still have private keys that they use to conduct transactions at their specific blockchain node. Successful phishing operations could put these keys in the hands of bad actors and jeopardize the reliability of the network and the applications that rely on it.

Once cybercriminals have access to an organization’s network, the threats they pose are immeasurable. Bad actors may set up a cryptojacking operation in which they harness the resources of computers across a company to mine cryptocurrency, leading to significantly decreased performance. They may steal proprietary information—trade secrets that have the potential to jeopardize a company’s performance—and extort executives for ransom in return for not releasing it. They may even launch integrity attacks, effectively overwriting information in critical databases and allowing cybercriminals to commit fraudulent acts.

The full range of cybersecurity threats that companies face goes on, but the common link among them is that greater network connectivity across companies heightens the potential damage of cyberthreats. This means attacks that may have crippled one area of an organization in the past now have the potential to devastate the whole organization.

What are the challenges of cybersecurity?

The cybersecurity challenges that organizations face range from the internal to the external. On the one hand, companies need to safeguard proprietary information, protect employees, and earn the trust of those they do business with. This requires a shift in organizational culture that puts cybersecurity front and center and educates employees. On the other hand, organizations increasingly need to comply with government regulations as consumers become more concerned about their personal information. This poses new cybersecurity challenges for companies who will have to go to greater lengths to stay compliant with new regulations.

Internally, organizations need to recognize the importance of cybersecurity. Stakeholders need to be prepared to invest in the type of technology and expertise needed to secure their IT infrastructure and maintain that security around the clock. While cybersecurity may have previously taken a back seat to other business areas, companies now need to take a proactive role in monitoring their network and considering potential attack vectors.

Additionally, organizations need to confront the challenge of educating their employees in the reality of cybersecurity. From phishing attacks to ransomware, today’s workers need to be trained to spot nefarious activity, avoid engaging with it, and alert appropriate stakeholders as soon as possible. By educating employees on what threats the organization faces and what form they may come in, it’s more likely that massive breaches can be avoided and damage can be minimized.

How can MSPs support organizational cybersecurity?

Given the full range of threats your customers face today, it’s up to you as an MSP to secure their IT infrastructure and help protect their business. MSPs should consider how they can best deter cybercriminals, detect illicit activity, and defend customers’ networks.

The key here is having multiple layers of defense:

  • Patch management—Patching helps you ensure that all operating systems and third-party software is kept up to date with the latest security patches.
  • Endpoint detection and response (EDR)—EDR helps you identify potential threats at endpoint level and then respond effectively through automation.
  • Email protection—Since email is still the main vector cybercriminals use to get a foothold in an organization through phishing, being able to filter out potentially dangerous messages and attachments, can help reduce your attack surface.
  • Web protection—The use of malicious websites to get people to inadvertently download malware into their network is prevalent. Being able to stop staff from going onto known malicious sites by blocking access to them is and important layer of defense.

Interested in learning more about the benefits of partnering with ECMSI? Give us a call at (330) 750-1428 or visit www.ecmsi.com.

Unnoticed Hacks: Is Your Private Data Being Leaked?

It’s easy to notice that there are a plethora of threats to our personal data in today’s modern world. When we sign up for a new service, we’re risking our personal data falling into the wrong hands. But the worst part is that typically, there is no indication that our data has leaked.

Today, there are three potential leak sources that you should make sure you’re cautious of:

Mobile Apps

This is a problem that is more prevalent on Android, owing to the fact that anyone can develop, download, and install an Android app. Apple has iOS locked down quite tight but that doesn’t stop the occasional bad app from making it through the net. There are several different attack vectors that a mobile app can use to acquire your personal data.

Most of us live a significant portion of our lives on our smartphones, making them absolute treasure troves as far as our personal data is concerned. In some cases, apps will ask directly for the information that they want, although they aren’t always completely honest about what they intend to do with it.

As well as stealing personal and financial data, the same apps that used to leak user data are now beginning to steal user photos and use them to commit identity fraud. Most of us have enough data stored in our smartphones for someone to be able to identify us with relative ease.

Adware

A lot of app developers have chosen to fund their or support their apps through the use of advertising. After all, there are now a number of advertising networks that offer code app developers can freely add to their apps. This code will handle everything for the developer, leaving them with nothing to do but collect the revenue that they earn through it. In principle, it’s a great system – app developers get to earn enough money to maintain their apps, while advertisers get to display their ads to large numbers of people.

However, there are also a number of illegitimate ad networks operating. These often have the appearance of being legitimate advertising networks and the majority of them will even pay out what appears to be a fair sum to the developers.

The businesses that pay to be on the network, under the impression that their ads are going to be displayed to mobile users, pay the advertising networks according to the number of views or interactions an advert gets, but it is difficult to verify that ads are being displayed properly. There are ad verification services that can help advertisers to verify their ads are displayed properly. Unfortunately, cybercriminals are using very sophisticated methods to hide more ads on the page and make it look like they are being displayed legitimately.

These malicious adverts have been known to infect legitimate apps, unbeknownst to their developers. This is done by inserting malicious ads into the supply chain of a legitimate ad network. This attack is difficult to pull off but devastatingly effective.

Malicious actions performed by the app include showing ads outside of the visible area, constantly opening a browser using a legitimate link within the app in order to engage in targeted spear-phishing of the user, and stealth downloading malware.

Free Proxies and VPNs

A nefarious proxy is more of a threat than a VPN because with a VPN there is some degree of encryption, limiting what VPN providers can find out about their users. They can still monitor your activity, but with a compromised proxy, they will be able to read all your unencrypted data.

Data is a very valuable resource, so it is only natural that it would attract organized crime. However, few people realize just how prevalent it is and how at risk they might be. Always be careful what apps you install on your phone, especially if they aren’t from an official app store.

Recovery Time Objective and Why It’s Key to Business Continuity

If you have never seen or heard the term ‘RTO’ in the context of your business continuity plans or tests, then this will give you a solid next step to ensure that you’re in a good position. Unfortunately, nearly 80% of all SMBs are in the same boat, which has been and continues to be massively exploited by criminal organizations using ransomware to make money. Lots of it.

To paraphrase an old tech adage “if you can’t recover quickly, then it’s not a backup.”

What is RTO?

Recovery Time Objective, or RTO, is the time it will take to restore business operations in any event of downtime caused by hardware failures, ransomware infections, software errors, human errors, and natural disasters

Unfortunately, for many businesses, the problems that arise when RTO is not a key component of the plan isn’t realized until it’s too late. Many organizations have found this out over the last few years because of the ever-growing threat of ransomware attacks.

Many businesses with preventive measures and backups in place end up in a bad situation because their plan didn’t factor in the recovery time for restoring production databases or mission-critical applications.

What is business continuity and what role does RTO play?

Business continuity is the ability for a business to remain in operation despite risks and events of downtime and disasters. By the numbers, 80% of businesses experience some type of unplanned downtime.  Of this total, some experience catastrophic outages that knocks them offline for 3-5 days – and apportion of these never recover and ultimately out of business as a result of the outage.

Simply put, RTO is Business Continuity.  A proper business continuity plan includes:

  1. Identification of potential downtime risks
  2. Evaluating the business impact of those risks
  3. Identifying ways to prevent those risks
  4. Identifying ways to recover from downtime
  5. Regular testing of those methods against specific risks
  6. Regular re-evaluation of risks & methods

Evaluating Your Risks

Evaluating risks can start pretty general and become more specific as you get closer to making buying decisions. Once all systems are listed and evaluated, you can begin posing options for various disaster recovery options and RTO objectives. This will ensure that you have a plan that you need rather than a mix of “too much” or even worse, “too little”.

The benefit of this pre-planning far outweighs any time you saved by skipping it and “hoping” it’ll be enough. Every year, thousands of businesses discover that their “hope” was indeed a poor plan when something takes their business out of operations and they scramble to get back online.

Unfortunately, when it comes to recovery, there are no second chances. Call ECMSI today and get the backup and disaster recovery plan your business deserves! (330) 750-1428

www.ecmsi.com

 

Is Your Business Leaving Endpoints Exposed?

We all know the drill when it comes to data protection: make sure that you can failover servers and business-critical applications in the case of an outage, right? Well, in reality that’s only a fraction of the real picture.

Most businesses these days are either leaving data completely unprotected, or not sufficiently protected. Instead, this is what the data protection plan looks like for a typical SMB:

  • Servers, critical business applications: Disaster Recovery functionality is in place
  • Branch offices, remote workers, endpoints: EXPOSED
  • Cloud Applications: EXPOSED

While we’ve taken into account servers and mission critical apps, there’s in fact a large portion of business data that isn’t sufficiently protected. There are many reasons for this; Bring Your Own Device (BYOD) is one trend that presents challenges with endpoint backup and recovery. Cloud apps add yet another hurdle as they will generally have retention policies in place — say 30 days — but after that the data is gone. Forever. So how do we work around this in order to completely protect our business data?

As employees started creating, editing, and storing business data on laptops, tablets, and smartphones, it suddenly became a data protection concern that needed to be addressed. What would happen if one of those devices was lost, stolen, or otherwise compromised by hackers? What would happen if one of those employees became disgruntled and left the company – taking along with them, valuable business data?

Aside from the IT nightmare it presents, most businesses see endpoint data protection as an expensive add-on of which those budget dollars should be spent elsewhere.

So, what is the solution for endpoint data protection? First, consider the types of endpoints you have to protect within your business. For example:

  • Laptops
  • Tablets and smartphones

You need a solution that can protect across varying device types and operating systems. Next, centralize all this data in the cloud with a provider that gives you cloud flexibility. Remote backup and recovery from the cloud is especially important with endpoints, as they’re in distributed environments and can’t always be physically accessed by IT. Whether you have your own data center and need to utilize a private cloud or prefer to use a public or vendor cloud, it’s important to have cloud choice. When it comes time for a recovery, you’ll be glad you did. Transparent deployment that stays out of an end-user’s way will make make it much easier when rolling our your endpoint backup solution.

Once you have your solution in place, you’ll want to set up frequent backups — multiple times per day — in order to capture newly changed or created files. Backup all devices on any OS, protect it in the cloud, access it anytime, from anywhere. For IT, this solution will not only alleviate the historical problems and concerns with endpoint backup and recovery, but it will make their jobs easier in the long run.

For a more detailed look at endpoint protection tips and strategies, give ECMSI a call today!: (330) 750-1428

www.ecmsi.com