Information Security, SMBs Are Vulnerable to Malware Attack

Network Security. Cyber Security. Information Security.  These are terms that are buzzing around small businesses, mid to large business, IT professionals and their teams.  Questions like “how large it the threat?  Is my business really a target?  What reasonable steps should I take? are often difficult to raise and even more difficult to answer.

Optimum Networking partners with Webroot to help ensure our clients’ endpoint protection.  As a trusted Managed Service Provider, our clients rely on our Support Desk, Onsight Engineers, Professional Services Team and Information Technology Business Strategy specialists.

Webroot—the Colorado based and international leader in anti-virus and anti-malware software—has released a white paper titled “SMBs are Vulnerable to Malware Attacks—10 reasons clients need a layered security strategy to stay safe”.

Here is a summary of their report:

  1. It’s not a matter of if you will hacked, but when—This is about awareness. The threats are so pervasive and non-discriminatory, that no company is safe. From solo entrepreneurs to SMB to enterprise companies, the bad guys cast a wide net.  You need to prevent as much as you can, and mitigate the damage when possible.
  2. The landscape evolves constantly—The bad guys present a moving target. If they remained the same, we would have beaten them by now.  No matter how good your internal IT professional or consultant is, they can’t stay up to date on all the latest threats. You need an expert team like Optimum Networking and updated tools from a quality vender like Webroot.
  3. End users may not know security best practices—the number one vulnerability to any system is always the human factor. You can have the best security system installed in your house, but if you leave the front door open or don’t activate the alarm, or worse yet, invite the criminal in and give him access to your valuables, all your security investment will go to waist. You may think you and your employees are savvy enough not to do this, but don’t be too sure.  Talk to Optimum about employee training and testing programs.
  4. Lack of effective security policy—barring all your employees “seeing the light” and adopting low risk, sound cybersecurity practice, you need to have policies in place (if for no other reason than to Cover Your Assets). If you in-house or contracted business attorney does not specialize in this, let us know and we can point you in the right direction.
  5. Exposure to multi-vector attacks—Think of all they ways you and your employees interact with the cyber world: email, attachments, links, web browsing, hosted applications, hosted servers, backups, mobile phones and more. These are all vulnerability points and requi
    re a comprehensive information security plan.
  6. Complex security platforms create administrative challenges—the more complex the threat, the more difficult (and costly) the response can be. By leveraging systems already in place from teams like Optimum Networking and services like Webroot, you can save your organization critical time and money.
  7. Out-of-date systems create vulnerabilities—Update Update Update. In the past you updated to get the latest or greatest features of your software or just for compatibility issues. Now updates are critical to maintaining data security patches.  When your IT professional tells you it is time to update, listen.
  8. Poor data backup practices—Backup Backup Backup. This is written three times for a reason.  Backup, then replicate the backup offsite, then monitor and test your backups on a regular basis. This will not prevent an attack, but it will mitigate the damage tremendously.
  9. No network visibility—tools to monitor your network can be cumbersome and costly. Optimum Networking can provide this visibility so our engineers can keep an eye on your systems, and provide ongoing reports for your peace of mind.
  10. Compliance issues—which can cause more harm to your business: the cyber criminals or the well-meaning bureaucrats that will impose fines, sanctions or worse on your company for non-compliance? Pick your poison, or work with Optimum to discover what boxes you need to check off to avoid trouble and implement just the right amount of information security.  And be careful, your biggest clients will be imposing compliancy requirements soon if they haven’t already.

If you can honestly say you have each of these items covered, sleep well tonight.  If not, please reach out to Optimum Networking so we can do an information security audit and help get you and your company on the right track.

 

Do You Have The Right Safety Net For Ransomware?

As a Denver IT services company, we consistently get calls asking for more information about the latest ransomware attack. Some of these calls are from business owners who are seeking relief from an attack that has already occurred.

A Ransomware Attack Can Decimate Your Business

A recent ransomware attack was “Wanna Cry” which infected over 230,000 computers worldwide in 24 hours. There are multiple layers of protection that firms can implement to ward off this type of attack (and others). The sad truth is many small businesses aren’t prepared, and they get attacked by these ransomware viruses. When a ransomware attack happens, it can lock all your files and your entire business can be held hostage.

So what can you do if you are hit by ransomware? The truth is, if you are hit by Wanna Cry or another ransomware attack, your options are going to be limited.

Do You Pay The Ransom?

Paying the ransom demanded is often expensive AND there is absolutely NO guarantee that your data will be recoverable. After all, you are making a deal with a criminal. Even if you do recover the data, it may not be usable.

Ransomware and System Damage

Data recovery is just the tip of the iceberg. These kinds of malicious attacks can create system damage as well. There are literally thousands of processes that must operate perfectly for your applications to run properly. Most Denver IT Services companies will advise you to completely wipe all your systems, including your servers. This means deleting everything, even the operating system, down to the “bare metal.” Ouch.

The Real Safety Net Against Ransomware Is Data & System Backups

If your data is backed up and is accessible, you are only partially safe. The data can be reloaded onto your network, but, if you haven’t backed up your applications and your operating system image(s), someone must rebuild your servers from the ground up. The cost to do that will vary widely depending upon your environment, but rebuilding servers can easily cost thousands of dollars. And that doesn’t include the cost of your business being down during the process.

Are Your Data and Systems Protected?

If wiping down to the bare metal scares you, then you probably haven’t protected both data and systems. In the event of a ransomware attack, your backup systems and processes can save your business. Or not. If they aren’t in place or they are running incorrectly, it can cause your business to fail miserably. (Don’t wait till you are held hostage to learn if your backups are being handled properly. Call a Denver IT Services company sooner rather than later.)

The Advantages of Image-Based Backup

Image-based or “bare metal” backup replicates everything– files, operating systems, applications, and configurations. With this solution, your entire computing environment can be restored in hours versus days. The cost of restoring from an image-based backup is a fraction of the cost of rebuilding servers from the ground up and re-imaging your workstations

The Right Backup Solution

With the right Denver IT Services company, backups can be automated, managed, and affordable for SMB’s. With the correct solution in place, which includes data and system backup, you can be assured that your critical information and applications are safe.

Are you unsure of your business’ ability to survive a ransomware attack? Optimum Networking can assess your environment and make recommendations aligned with your specific business operations. Contact us to discuss your data security.