“Ransomeware” Is Out There, Are You Safe And Protected? …

If you have been reading the news lately you no doubt have seen that Ransomware seems to be rearing it’s ugly head again … the great news is that the devastating effects of this are entirely preventable!

© iQoncept - Fotolia

© iQoncept – Fotolia

“Ransomware is a type of malware which restricts access to the computer system it infects and demands a ransom paid to the creators of the malware in order for the restriction to be removed” – (from Wikipedia)

We are all potential targets of this kind of behaviour the second we turn our computers on but the good news is that there are a number of simple steps we can take to mitigate any potential damage that may come from an infection of this type.

Firewall Protection

If you are primarily a home user then a simple hardware firewall from the major consumer brands like Cisco-Linksys or D-Link would be the absolute first line of defence for any setup that accesses the internet.

If you are primarily a business or corporation where a single internet pipe is serving up an Internet connection for several people, then you will want to consider a hardware firewall solution that is a bit more robust. Many companies provide solutions at this level such as SonicWallCisco or Juniper and many others.

At their most basic level these devices prevent un-fettered access to your network or PC from anyone on the outside unless you first initiate the connection.

At the corporate level many of these devices also carry with them a complete suit of security services and processes to provide virus and malware scanning right at the hardware level.

See our other article entitled “How Do I Pick The Best Security Firewall and Associated Security Devices For My Business?” for a deeper dive into this subject.

Anti-Virus Software

On the desktops and, possibly, servers in your environment you absolutely “must” make sure that proper Anti-Virus protection is available and running on each device in your environment. Both real time “on the fly” scans must be active as well as regular full scans of each machine.

This is meant to try and prevent an infection from getting too far if it does make it on your machine …

Onsite and Offsite Backups

Ultimately it comes down to this … someone is holding your data hostage and will not release it to you unless you pay them for it.

Consider this! : What if you were more than willing to just turn the machine off and blow it up/scrub it clean and reload everything from scratch … this pretty much takes the teeth out of any threat or blackmail that they could potentially throw at your doesn’t it?

If you are completely aware of where all your data is, and confirm that you could turn your machine off and get the data elsewhere then you are sitting quite pretty.

See our other article entitled “It’s Late On Friday, Do You Know Where Your Data Is?” for more on this.

Remedial Action

Once you know you have an infection and it’s not possible to remove it I would highly suggest the following steps :

#1 : Disconnect the machine from the Internet and shut it off.

#2 : As mentioned above, check all your backups and confirm you have access to all your data elsewhere!

#3 : Once you confirm you have access to your data elsewhere then I would proceed to scrub your machine clean and reload from scratch.

Now in the situation where you find yourself stricken with this virus and no backups are available then you have a choice to make and make quickly!

Even if the program says it will cost you $300.00, for example, you may think “Well, it’s only $300.00 so maybe I should just pay it an avoid the hassle” … in this case you have no reason to trust that it will end there! The virus may just likely freeze the machine again and ask for $$$ again.

In any event, the safest approach to this would be to consult a professional before attempting any remedial action and your choices at that time will need to be reviewed.

If you are currently sailing in safe waters and all is well then “NOW” is the perfect time to consider crafting a plan to deal with just such a situation!

I’d welcome you leaving a comment below and if you are interested in having a plan like this crafted for “your” business please reach out using the different methods on my CONTACT PAGE and I’ll be happy to discuss with you!

It’s Late On Friday, Do You Know Where Your Data Is?

Stop right now and ask yourself this question … if your machine were to go up in smoke right this second would you know where all your data is?

© Brian Jackson - Fotolia

© Brian Jackson – Fotolia

Let’s begin by asking this question another way …

If you were to close the lid on your laptop or turn off your PC right now, do you have another way of getting access to all the data and files that are important to you?

You can begin by asking yourself the following types of questions!

E-Mail : Is your email just downloaded to your computer only? Or is it cloud based account?

Photos : Are all your photos sitting on just your computer only ? Are they also backed up somewhere?

Music : Is all your digital music sitting in iTunes or some other media player?

Documents and Files : Do all these files just live on your computer ? Are they also sitting in a cloud based file sharing service of some sort?

In the end I see it as a real balance between security and convenience

I work in a model where I have backups of everything but I also operate in a model where all of the files and email I work with are also sitting in the cloud … so … I have the “security” of having backups everything plus the “convenience” of having everything in the cloud so I can get at it from either my laptop or any of my mobile devices.

Other people may not need that kind of fluid access at all times and may choose to simply have a single machine and a system of backups for safeguarding their items.

You can systematically move through all the different major areas listed above (E-Mail, Photos, Music, Documents and Files) and go through this simple exercise. Turn the computer off and write out on a piece of paper “exactly” how you would go about getting access to all these items with your computer not being available!

If you can’t, with 100% certainty, answer the question of what you would do to get access to your files and data in this situation then it’s time to make a change and add some “peace of mind” to your life!

Please leave a comment below or, if you have questions or concerns about this with your own technology environment then feel free to reach out using any of the methods on my contact page and I’d be happy to interact with you!

How Do I Pick The Best Security Firewall and Associated Security Devices For My Business?

If you were to get a group of consultants and technicians into a room and ask them which Router/Firewall or associated security devices to use in your business you would likely get as many answers as there are people in the room.

© z_amir - Fotolia

© z_amir – Fotolia

That would also not necessarily be a bad thing as I’m sure each person could likely make a great case for going with whatever platform they were suggesting. As well each different hardware vendor would have a slightly different spin on things I’m sure and variety is always a good thing.

To look forward and protect your investment, however, I think there are some important questions you need to ask of your consultant when considering any solution for a function as important as protecting your network …

#1 : Is the hardware vendor well established and been in a business for a considerable period of time?

There are the “big gun” vendors out there like Cisco, SonicWall and Barracuda to name a few. There are also other leading edge and more “start up” vendors who have narrowed in on a particular niche that they specialize in and they make excellent products as well!

If you are purchasing a solution for your company however you must always balance the “known” vs. the “unknown”. When it’s a company who may have just started out there’s always inherent risk in going with a startup vs. a company that’s been around for quite some time.

There’s also the question of product maturity. A company that’s been around for quite some time will have also invested the time and resources into constantly developing their product and adding features, functionality and stability.

#2 : Does the hardware vendor have a family of products the interact and work with each other to provide a total technology solution for your business?

You may not be looking for this right away, but you may find some value in your firewall/router vendor also being to, perhaps, supply a dedicated e-mail security device down the road … or perhaps secure wireless access points … or perhaps secure remote access hardware … or other products, but you see where I am going with this …

A vendor that makes a whole “family” of products has spent the time to make sure they all play nicely together which can often save you time down the road if you were to expand the suite of products you want to use from that vendor because you have a need to fill.

#3 : Does the hardware vendor have an established technical support structure that can be tapped into by either the customer themselves -or- the consultant providing the solution?

This is where the bigger, more established, vendors start to pull away from the pack. Often times they will have a multitude of ways to get in touch when support is needed. Whether that be an online chat for a quick question, or a toll free number … or a ticketing system of plain old email, with the good vendors they will make it very easy to reach out to them when help is needed.

The good vendors will also have regular 8 hr / 5 day a week support for basic needs or if you business needs it they will provide full 24 hr / 7 day a week support.

#4 : Is the hardware platform proprietary and/or is the platform widely enough used that if the consultant supplying the solution were to no longer be available that you would not be alone?

This is another area where the bigger vendors shine. The bigger the vendor, often the more widespread the usage of their product is and thus the greater chance that other consultants or service providers would be available to jump in and provide support in a pinch. Or in an extreme emergency you the customer would be able to quickly get support while trying to find someone to help you longer term.

SUMMARY :

I have purposely avoided making a specific product recommendation because I don’t want this site to be plugging one particular vendor. I may have my own personal preferences but I certainly won’t criticize other solutions that meet the criteria mentioned above.

The bottom line is that you as the business owner should educate yourselves and ask these types of questions so you know that you are covered in the short, medium and long term with any solution you pick.

There are lots of great solutions out there from a number of different hardware vendors and the more you educate yourself the safer you’ll feel placing your trust in a solution and knowing you’ll be well protected and taken care of.

Are you currently considering a project like this and have questions or concerns about it you’d like to discuss?? Please leave a comment below …

Are You Protected When An Employee Leaves?

“An employee of yours leaves the company, have you taken steps to protect the company property this employee had access to?”

© nito - Fotolia

© nito – Fotolia

It would be ideal if life always lobbed us softballs wouldn’t it? A long-time and beloved employee announces they are moving on to their next adventure in life, you thank them for their years of service, have a nice sendoff party and you tie a pretty bow on everything and life is good!

On the other end of spectrum you have the more difficult situation where perhaps a long term, or even short term employee, makes a surprise decision to leave or perhaps has been fired or perhaps “needs” to be fired and you need to ensure that the resources this person had access to have been protected and are safe.

Whether the employee relationship ends well or ends badly it’s always best to err on the side of caution, eliminate all doubt and secure the assets of the company …

Here’s the main areas of security you’ll want to be mindful of and check off your list when dealing with this situation :

#1 : E-Mail

Out Of Office Reply : You’ll need to immediately put an Out Of Office Reply on the account letting people know that this person is no longer with the company and that all emails are being forward to ???? and state the name of the person the emails are going to.

Re-direction of New E-Mail : You’ll need to designate a person internally that will receive all “new” emails being sent to the employee and forward all emails inbound to the persons account to this person

Once these first 2 steps are done this will give you the time you need to go through their archive and pluck the emails out that are critical to business continuity and forward them to the appropriate people …

Once you have harvested the emails you then it’s recommended to keep the emails for the departing employee forwarded for a period of perhaps 2 weeks and then delete the account entirely. This will give appropriate time for the outside world to know there has been a change.

Of course this policy can always be changed depending on the importance of the position and can be adjusted accordingly …

#2 : Network Access

Remote Network Access : If this person had remote access to the network then whatever method they used for outside authentication (Secure Virtual Private Network “VPN” device, Firewall login … etc …etc) will, at the very least, need to be suspended while you work through the termination process

Local Network Access : Whatever login credentials they had on the network will, at the very least, need to be suspended while you work through the termination process

#3 : Private Files

People operating in a network environment like this will often have a private file directory on the office server(s) where only they and the IT administrator have access to. Securing these files and being aware of where they are is critical.

#4 : Company Computing Resources (Desktops and Laptops)

These devices will need to be retrieved and analyzed by your IT Staff to ensure that any files kept locally on the device have been retrieved before the resource is scrubbed and reloaded and perhaps given to another staff member …

#5 : Company Smart Phones/Tablets

Depending on the circumstances of the departure many phones will have a remote wipe/delete capability that can be employed if need be but use caution when employing this method as the destructive nature of it is self evident and you’ll lose anything on the phone or tablet in the process.

There are certain circumstances where employees can go on a “slash and burn” deletion campaign if they know they are being let go and that can be incredibly destructive if you are not prepared. See our other Post entitled “Is Your Data Safe And Could You Recover From A Disaster?” for tips on properly backing things up for easy retrieval should it be needed in this kind of situation …

If you step through these items as an organization each time someone leaves, whether it’s a Good exit or a Bad exit you are well on your way towards adding a little more “Peace Of Mind” to your life …

Is Your Data Safe And Could You Recover?

“You’re dreading getting the phone call from the office … the call that says the server is down and not restarting … if that call “does” come do you relax because you know you’re covered and you have a plan or do serious questions get raised in your head because you’re not quite sure?”

© z_amir - Fotolia

© z_amir – Fotolia

If you can’t walk away from the question above with a big thumbs up then you need to be asking this question of your IT Team now. You’re not accusing them of “not” taking care of things, you are merely being a wise business owner by asking them the following questions :

  • What if the server went down today and was physically not able to start up? What then?
  • How are we storing our backups and have those backups been tested for availability?
  • How much data are we actually saving and how far back could we restore if needed?
  • If we had a total loss situation at the head office is our data being stored securely offsite and is it easily retrievable?
  • Do we have the ability to quickly get our server back up and running in a timely fashion?

It’s all about you, the business owner, being able to have the “peace of mind” that this critical function in your organization is taken care of so you can mentally check this off your list.

With major items like this it’s “always” better to have this conversation from a position of strength, when there isn’t a disaster and you’re allowed to look at things objectively, as opposed to being in the middle of a disaster and it quickly becomes a recovery mission and everyone is running around in a panic.

There are few incredibly significant steps you can take as an organization to have complete and total “peace of mind” in this area …

Step #1 : Have your IT Service Provider answer the following questions in a report:

  • How often are backups taken?
  • How much backup data is being stored at any one given time?
  • Where is onsite backup data stored?
  • Is the success/failure of backups being monitored on a daily basis?

Step #2 : Have your IT Service Provider test the viability of restoring random pieces of data from a backup at least once a month as part of a regular monthly service and maintenance routine and report on the success/failure of that to you automatically.

Step #3 : Have your IT Service Provider provide explanations of what plan they would execute in the event that one of the following scenarios were to happen

  • Normal File Loss : Someone loses a basic document or spreadsheet or database.
  • Server Crippled : Server goes down but is repairable and business interruption occurs.
  • Server Fatal : Server goes down and stays down and is not repairable and business interruption occurs.
  • Site Fatal : There is a total loss of the site business office itself, server and networking equipment included and the office needed to be temporarily/permanently relocated.

It’s all about you as a business owner being able to free your mind and have “peace of mind” knowing that, beyond the shadow of a doubt, your business data is safe, secure and easily retrievable in case of emergency … simple as that!