Tag Archives: warren

Don’t Push Your Network’s Luck

Look around your office. Isn’t it great to see your team hard at work on their computers? Yet if we take a closer look, let’s see what’s really happening…

Joe, your new sales rep, is poring over last weekend’s game stats…

Amy in marketing is looking for a new job, surfing your competitors’ websites, chatting with their HR people…

Wes, over in customer support, just bogged down your entire network by downloading a video file of Metallica in concert…

Bob in accounting is browsing stock-investing sites, in search of a hot tip…

Okay, so maybe it’s not that bad at your company. But this type of behavior will happen to some degree if you don’t proactively prevent it. The real problem is, unfiltered content often links to malware and other threats. Ignore it and you risk productivity losses, legal liabilities, extortion, blackmail and fraud. And not only that, the resulting data loss and corruption can cost your company big-time. Cyberthreats stemming from unfiltered content aren’t something you can count on your lucky leprechaun or four-leaf clover to protect you from.

In today’s mobile environment, content filtering has becoming a greater challenge than ever before. Your company may already be doing some filtering at the network level. However, when was the last time you checked the number of mobile devices linked to your network? As your workforce goes mobile, your network is exposed to a rapidly expanding “attack surface.” With BYOD (bring your own device) now the norm, the old rules of content filtering just don’t cut it anymore.

Are You Making Any Of These Mistakes?

Old content-filtering models presume your network has a safe “firewall.” But now, with BYOD, you need a different way to protect your data. And that’s where endpoint security comes into play. Endpoint filtering keeps devices on your network safe from infection, no matter where they hook into the Internet.

But make ANY of the following mistakes with endpoint security and your network could be a sitting duck:

  1. Missing even ONE endpoint. This applies to tablets and smartphones as well as home-based machines that VPN into your network.

 

  1. Skimping on security policies, protocols and training. Believing that tech tools alone will keep your network secure is a recipe for breaches. In fact, no technology can keep a network safe if users cut corners.

 

  1. Leaving endpoint filtering out of your overall security plan. Ad hoc security invites disaster. An improperly designed system exposes holes that hackers love to find.

So, What Exactly Should You Filter?

Forrester Research states that companies whose users access the cloud should:

Detect and intercept unusual or fraudulent activities related to data in the cloud.

  • Detect, neutralize and eliminate malware in cloud platforms.
  • Detect and monitor unsanctioned cloud applications and platforms usage.
  • Protect against leaks of confidential information.
  • Encrypt structured and unstructured data in cloud platforms.
  • Investigate suspicious users and incidents.

Between BYOD and ever more complex cyberthreats, you simply can’t afford to run around putting out fires. You absolutely MUST proactively defend your network in depth with endpoint content filtering. We offer content filtering that is customizable to your business while still offering the highest level of protection. We can also help segment your wireless network, so those who do BYOD won’t ever touch the network that your critical business data is on. With a complete proactive managed service provider like ECMSI, you can sleep better at night and stop relying on “luck” to keep your network stable and secure.

Work Smart with an IT Consultant

Technology should allow you to work smarter, not harder. However, if you’ve never heard of a server, think beating your computer is a good repair practice, or believe the Cloud is some mysterious thing in the sky, chances are your technology is putting you to work instead of the other way around. But there is hope that won’t break your bank and leads to increased productivity: an IT consultant.

Your Local IT Consultant

It’s no secret that expensive products and services, while often beneficial when properly used, flood the market and can affect a small business’ bottom line. As a result, most business owners’ scam meters are on high alert. It doesn’t have to be this way with your technology.

With so many IT solutions available, the market is rich with engineers capable of making your company a productive machine. While not all of them have your best interest in mind, think of a good IT consultant as a friend concerned with your well-being. The best always consider your individual needs; however, since it’s still about business, their goal is to not only make you happy, but save you money, time, and generate more revenue by optimizing your technology.

IT’s not a Hard Choice if It’s a Smart Business Decision

IT consultants have a unique solution for having your back 24/7: Managed Services. As Managed Service Providers (MSPs), industry professionals’ primary goals are to optimize your company’s infrastructure, protect your business’ private information and digital assets, and work to automate your technology workflow.

What does this mean for you in a nutshell?

  • Fewer computer/server breakdowns and repairs, which translate to time saved.
  • Less chance for security breaches and loss of private and proprietary data, a challenge too large to overcome for some businesses.
  • Less time wasted on menial tasks by allowing automated technology to work for you.

These add up to less time spent trying to make your technology work and more time doing your real job. This translates to money saved and the potential for increased revenue.

Put Your Faith in an MSP You Can Trust

The most productive companies use technology to make things easier, not to add more work when their systems fail. The only businesses that should work hard to ensure your IT runs smoothly are ones that specialize in the industry. Don’t amount technology work to basic janitorial duties, let your trusted friends at ECMSI help. We believe IT and your business is a relationship, one that we nurture together.

Our Systems Are Down! A CEO’s Nightmare!

In this day and age, having some sort of computer to do your job is as necessary as air. Chances are, if you have a lot of computers in your business, you also have things like servers, routers, access points, and switches. These are all critical pieces to maintaining your business and your employee’s productivity level.

Have you ever stopped to think about what would happen if your business suffered a catastrophic event? How long would it take to get you back up and running? Do you know if your critical data is being backed-up and if it is, how often is that happening? If you are reading this and starting to feel a tightening in your chest because you aren’t sure of your answers, then it’s time to stop ducking your head in the sand.

In a survey done by IHS in 2015, the average of cost of outages totaled the $700 billion dollar mark. This number has only increased for the past year in 2017. This total includes the loss of employee productivity, revenue and the cost to the fix the issue, which surprisingly was the lowest cost of the three.

So how do you calculate downtime loss?  Our friends over at My IT Pros shared with this basic formula:

 LOST REVENUE = (GR/TH) x I x H

GR = gross yearly revenue

TH = total yearly business hours

I = percentage impact (a high percentage would mean you can’t complete any transactions, will lose clients and have a PR nightmare)

H = number of hours of outage

Finally, to calculate the expected annual cost, multiply this number by the number of expected annual hours of outage. If you do this and you are absolutely panicking, don’t worry. While all of this sounds like something out of a nightmare, the solutions are fairly simple. We would first recommend that you have incremental back-ups of your critical data that are stored both locally and in the cloud. This way, if your hardware were to fail, with the help of your IT provider, you can pull your data down from the cloud onto a backup server (part of the redundancy plan). Secondly, we recommend that you have a redundant environment. Now, this can mean a variety of things but at minimum, it would mean that you’d have a secondary server that is only for emergencies. At maximum, it would mean having clustered servers where there are more than 1 server and if something were to fail, the data just seamlessly moves to the next available hardware.

We don’t want to see any businesses have to deal with this nightmare. If you are unsure of what disaster recovery plan you have with your current IT Provider, it may be time to strike up that conversation. If you have any questions and would like to discuss how downtime could affect you and how ECMSI can help you prevent a disaster please feel free to contact us at 330.750.9412.

Local Governments Cyber Security Crisis in 8 Charts

Within the past few weeks, two large American cities learned that their information systems were hacked. First, Atlanta revealed that it had been the victim of a ransomware attack that took many of the city’s services offline for nearly a week, forcing police to revert to taking written case notes, hampering the Atlanta’s court system and preventing residents from paying water bills online. Then, Baltimore’s 311 and 911 dispatch systems were taken offline for more than 17 hours, forcing dispatchers to log and process requests manually. Both attacks could have been prevented. And they are more evidence of the poor, if not appalling, state of local government cyber security in the United States.

We know this because in 2016, in partnership with the International City/County Management Association, we conducted the first-ever nationwide survey of local government cybersecurity. Among other things, the survey data showed just how poorly local governments practice cybersecurity.

Under near-constant attack, but not fully aware

Nearly half – 44 percent – of all the respondents told us they experience cyberattacks at least daily. Based on prior research, we are confident that rate is actually much higher.

The volume of attacks isn’t dropping – and in some cases it’s increasing.

But even so, many communities didn’t know how frequently they are attacked, and most didn’t count or catalog initial attacks – though more than half did track more serious incidents and breaches.

More than half weren’t able to determine who was attacking their systems.

Unprepared to respond, and with not enough support

Certainly, there are local governments that do a commendable job with cybersecurity. If previous research into government information technology systems and electronic government can be a guide, they are most likely larger, more well-funded and more well-managed governments. However, the data from our more recent survey strongly suggest that at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions.

In part this is because few local officials are aware of the need for cybersecurity. Nearly two-thirds of the respondents to the survey, who were nearly all information technology or cybersecurity officials, said that top managers understood the need. However, among other groups in local governments, awareness dropped considerably. Perhaps as a result, support for cybersecurity efforts was also not as strong as Atlanta’s and Baltimore’s experiences suggest it should be.

With most local government officials and staff unaware and unsupportive, it is not surprising that cybersecurity is so poor among American local governments. Atlanta Mayor Keisha Lance Bottoms admitted that cybersecurity was not a high priority, although “it certainly has gone to the front of the line.”

And yet, crucial barriers remain, largely to do with how much money is allocated to cybersecurity efforts.

Getting more people in the know

If local officials are going to do a better job protecting their information assets, they’ll first need to know a lot more about what’s actually happening. The numbers of survey respondents who answered “Don’t know” to our questions was surprisingly high. No top local officials, whether elected or appointed, should be unaware of basic cybersecurity information, like whether their systems have been attacked or breached, or who’s attacking their systems and why.

Knowing these answers will only become more critical as computing becomes more deeply embedded in systems running “smart” cities. If computers control traffic lights, sewage plants and electrical grids, then the consequence of attacks is more severe than just loss of information or computer services.

Source: Norris, Donald, et al. “Local Governments’ Cybersecurity Crisis in 8 Charts.” The Conversation, 3 May 2018, theconversation.com/local-governments-cybersecurity-crisis-in-8-charts-94240.

This article was originally published by The Conversation. See here

How to Avoid Becoming the Next Hacking Victim

Cyber attacks are so common now that hardly a week passes without news of another major network security breach involving a high-profile company. Well-known brands like Target, Sony and Yahoo have all fallen victim to security breaches in the last few years.

But hackers don’t just limit themselves the market’s major players – they will, and do, attack companies of all sizes, exploiting their weak defenses to infiltrate and steal valuable corporate data. In fact, smaller businesses are seen as much easier targets, because they usually lack the robust defenses that large enterprises routinely use.

So why should you worry about being next? The costs of a network security breach can be enormous, sometimes even crippling. One study from the National Cyber Security Alliance reports that around 20 percent of small businesses fall victim to a cyber attack each year, and of these, just 40 percent are still around six months later.

Can your business foot the bill from a major cyber security breach? Not likely.

Keep the bandits out

At ECMSI, our overriding goal is to help your company thrive, but you won’t stand a chance of doing that if your servers are leaking corporate and customer data all over the place. That’s why we make your network security such a big priority. We want to see our customers to succeed — and enjoy longer-lasting relationships with them.

As one of the leading Managed Services Providers, we’ll strive to protect your network against everything attackers can throw at it.

Our big secret is that unlike other MSPs, we take time to get to know our clients and help them understand how to take full advantage of their technology.

When we uncover your unique risks and concerns, we prepare a plan to help you defend against the wide variety of cyber threats that could slow down and damage your business — and your reputation — including ransomware, insider attacks and other viruses.

And we go further to proactively avoid these threats by teaching you best practices to minimize the risk of becoming a victim in the first place. We’ll also help get you up and running with the latest antivirus software, firewalls and threat detection software to ensure your network security is as tight as it’s possible to be.

Your depend on your business technology to be successful, that much you know already. But it can also become your Achilles’ heel if your network defenses aren’t up to scratch. Contact ECMSI today and we’ll show you how to avoid becoming headline news for the wrong reasons.

Fight Back! How to Scam an Email Scammer

Wouldn’t it be nice if the Nigerian Prince that just so happened to email you would actually deliver on his promise of depositing that “$2,000,000 USD” into your bank account? Hopefully you know that this is just a scam to steal your financial information, however, many people around the world have fallen into the traps of these phishing emails.

“The idea is to waste their time and make it impossible for scammers to turn out a profit, it also delivers satisfying karma and allows you to scam a scam.”

These scams are so well known that they do not fool many people anymore, but it can be quite annoying when we receive these emails. If you’re one of those people that enjoy a good prank and like to humor an obvious scam, then look no further. A new service from NetSafe called Re:Scam can help you waste the time of email scammers to prevent them from moving forward to another victim. So just how does this service waste the time of “Nigerian Princes” and “UN Bureaucrats”? In the funniest way possible.

Re:Scam is a AI-powered chatbot designed to draw out the conversation and exchange as long as possible. All you do is forward an email from a scammer to me@rescam.org, the chatbot then uses a proxy email address to communicate with the crook. The idea is to waste their time and make it impossible for scammers to turn out a profit, it also delivers satisfying karma and allows you to scam a scam. Some of the funniest interactions go something like this:

Scammer: “Do you wish to be a member of the great Illuminati family? Do you want to be payment $5,000,000 weekly? Let us now if you are interested in success.”

Chatbot: “Dear Illuminati, What a wonderful surprise. I’d love to join your secret club. Do you do a bingo night?”

Scammer: There is not bingo night. Please complete attached form with bank details for your receive full payment of 5 million.

Chatbot: Terrific! But to avoid detection I’m going to send my bank account details through one number at a time.  Ready? 4.

Scammer: “This is not necessary”

Chatbot: “7”

The full video from Netsafe can be found here

The video mentions that email scamming is a billion dollar industry, and it is time to fight back with a sort of eye for eye treatment. If these scammers are going to try to waste our time we might as well waste theirs. If everyone began using this service we can help prevent them from moving forward and soon enough stop these emails by making these scams completely useless to attempt.

 

What is VoIP and Why Use It?

Voice over Internet Protocol, also knows as VoIP is a methodology and group of technologies for the delivery of voice communications and multimedia sessions over the internet. So what does all that fancy high tech lingo mean? Basically it is a technology that lets you make phone calls using the internet instead of a regular phone line. If you have a reasonable quality Internet connection you can get phone service delivered through your Internet connection instead of from your local phone company.

Some people use VoIP in addition to their traditional phone service, since VoIP service providers usually offer lower rates than traditional phone companies, but sometimes doesn’t offer 911 service, phone directory listings, 411 service, or other common phone services. While many VoIP providers offer these services, consistent industry-wide means of offering these are still developing.

So Why use VoIP? Here are some of the major advantages:

More than Two People:

With VoIP you can set up a conference with a whole team communicating in real time. This can be very useful in businesses where everyone is spread out and need to work together to solve issues.

Cheaper to Use:

VoIP has drastically reduced the cost of communication by sharing networks between data and voice. One single connection to the internet has the ability to transmit more than one telephone call.

Abundant, More Advanced Features:

You can make calls from anywhere in the world to any destination with your VoIP account, Features also include caller ID, contact lists, voicemail, extra-virtual members and more. using VoIP experience makes it easy to multitask and enhancing communication experience for you personally and for your business.

Convenience at work:

The portable nature of the VoIP technology is causing it to gain popularity as the trend is towards portable commodities. Portable hardware is becoming more and more common, as are portable services, and VoIP fits in well.

Much more Productive:

VoIP makes it much easier for an organization to communicate, VoIP is able to combine different data types and make routing and signaling more flexible and robust. This can enhance your staffs productivity and in turn provide better service to your clients, allowing you to stand out among the competition.

To find more about VoIP and how in can be implemented in your business, Call ECMSI today at 330-750-9412 or email us at info@ecmsi.com.

Supply Chain Cyber Attack Infects 2.3 Million Users

Hacking comes in many forms, recently the trend in cyber crime has hackers going directly for the supply chain within an organization. The supply chain is a system of activities involved in handling, distributing, manufacturing and processing goods in order to move resources from a vendor into the hands of a final consumer. In reference to cyber-security, a supply chain attack involves tampering with the companies network in order to install malware that brings harm further down the supply chain.

One of the most popular supply chain attacks was data breach that occurred to the retail giant Target in 2013, Over 40 million customers credit card and debit cards were compromised after malware infiltrated one of Target’s third party suppliers and gained access to Targets main data network.

Recently, a computer cleaning software was compromised and left any user who downloaded the software between August 15th and September 12th with malware on their computer. CCleaner is an application that scans your PC for malware and junk files and cleans it up to work at maximum performance. It is an extremely popular software that has over 2 billion downloads, and ironically has caused the problem it tries to prevent. CCleaner was compromised when some unknown hackers infiltrated the download servers to the application and replaced the original version of the software with the malicious one and distributed it to millions of users for a month. The company that own the software is now recommending users to update their software to the latest version to protect their computer from being compromised.

These event have happened all to often, and can affect such a large group of users. These events are particularly a cause for concern to business owners. If your business computers are not being monitored and one of your employees accidentally downloads malicious software unknowingly, all of your important business data is now compromised. Not only is your data at risk, now your business if loosing precious hours trying to fix the problem and recovering from the cyber attack instead of focusing on your core business activities. These event could plummet employee productivity and could end up costing the business money that it simply cannot afford to lose. Be sure to always monitor end user activity and maintain backups of your important data.

 

 

Equifax Breach! Get the Facts

On September 7th the consumer credit reporting giant, Equifax, announced a cyber security incident that could have potentially impacted over 143 million U.S. consumers. The company discovered the unauthorized access on July 29th of this year and believes it may have been occurring from mid- May through July 2017. The information accessed includes names, Social Security numbers, birth dates, addresses and driver’s license numbers as well as credit card numbers for over 209,000 U.S. consumers.

Now before the panic ensues, the company acted immediately to stop the intrusion and utilized the help of an independent cyber security firm to conduct an in depth forensic review to determine the impact of the breach. While Equifax reported unauthorized access to limited personal information for some U.K and Canadian residents, the company found no evidence that personal information of consumers in other countries have been impacted. There was also NO evidence of unauthorized access to core consumers or commercial credit reporting databases.

If this issue concerns you, or you think you may have been one of those consumers effected, Equifax has launched a website dedicated to informing users if their information could have been impacted. Which can be found here.  On this site Equifax offers an opportunity to find out if your information was potentially hacked into as well as a chance to enroll in their TrustedID Premier, that the company is offering to every US Consumer for free for a year. This service includes 3-Bureau credit monitoring of Equifax, Experian and Transunion credit reports, copies of Equifax credit reports, the ability to lock and unlock Equifax credit reports, identity theft insurance and Internet scanning for social security numbers.

This incident is not the first of its kind and will sadly not be the last. It is important for consumers to protect themselves as much as they can when handling their personal information online. This breach is also a lesson to all businesses, no matter how big or small that their IT security is one of the most important aspects to their business and core activities. A situation like this can leave a bad stigma on your businesses reputation for the future. The CEO of Equifax stated, “Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”

How to Identify a Phishing Email

You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.

Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.

To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.

This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:

  1.  You are asked to send money to cover expenses.
  2. The message asks for personal information.
  3. The message contains poor spelling and grammar.
  4. The email contains mismatched URL’s.
  5. The offer of the email seems too good to be true.

Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!