Resources: IT Security

If your business is at the point where you’re thinking about hiring a fulltime IT tech, congratulations! Having enough consistent needs to fill this role means you’ve worked hard and made good decisions that drove business growth. Our best advice? Don’t stop now!

Moving forward with hiring requires a lot of analysis to avoid major consequences down the line, though. One of the biggest decisions whether you’ll hire someone directly or use a third-party MSP (Managed Service Provider). In this article, we’ll get into the specifics of both scenarios.

Why Do You Need an IT Tech at All?

In the past, business people and tech people were two different breeds. Over the years, the gap has gradually shrunk to the point that many people are tech-savvy enough to get by for the little things. As your business has grown, though, you likely have needed to delegate many of your previous duties, like IT — even if you feel perfectly capable of handling them yourself. After all, when do you think was the last time Jeff Bezos packaged a shipment? Your IT needs have also likely grown much more complex.

If you don’t choose to delegate now, you fall into a major pitfall of leaving IT duties unassigned. In our current landscape, leaving an IT post open could be a death wish. Cyber attacks of all types are on the rise, and the amount of damage each one could impose is ballooning. For example, in 2016, the average ransomware attacker demanded $522. In 2020, that average sits around $84,000! Sadly, many of these attacks take place as a result of not having someone the wheel.

In addition, there’s the issue of efficiency and cost-effectiveness. Being lax over time can make your systems out of date, making it harder for everyone to get their work done at a reasonable rate. In addition, only replacing equipment when it’s broken and not when it functionally obsolete can create situations where portions of or your entire workforce will be unable to do any work at all for a time.

An In-House Solution

So, let’s say you’re on board with having one or more people make up your IT team, and you make the decision to hire them directly. One certain benefit is that you can look through a collection of qualified candidates and pick just the right person(s) that you want! But then the other shoe drops.

Just like any other employee, before you hire someone for your IT needs, you have to consider the costs. For instance, the average price of an IT professional is $60,000 per year. Alright, so you budget out $60,000 — then you’re all set, right? Far from it!

Where is this person going to work? Maybe you already have space for them, but these professionals require more expensive hardware and monitor setups. Additionally, you need to factor in the network diagnostic software plus any industry-specific software. Since they’ll generally be on call, they’ll need a phone with a good plan so you can always reach them and possibly a company car (or at least some form of vehicle reimbursement) if you have multiple locations. Don’t forget that expense account!

Besides the specific expenses mentioned above, remember that this person is still an employee, so you have all the other general costs your other employees have associated with them. This can include health/life insurance, vacation time, sick time, 401K plus any bonuses or overtime pay they may rack up.

And what do you do if they leave? The implicit and explicit costs can be truly staggering when you take the time to add it all up.

A Safer Option

In the past, the above option was the only choice most employers had available to them. Based on the high costs (both known and unknown) associated with hiring an IT professional, it’s no surprise that companies have flocked to an alternative option: MSPs.

With an MSP, you have all the benefits of a fulltime employee without the downsides.

They will be consistently available, knowledgable in your network, and focused entirely on IT rather than other day job expectations. Need assistance when it’s time for regular upgrades or maintenance? Want someone to redesign your entire IT setup? Looking for someone to completely take over your IT operations, including telephone, so you can focus 100% on your core business? These are the sorts of services you can get out of an MSP.

Even better, the price you sign in the contract is the price you know you have to pay month after month, unlike the many unknown costs of an employee. There are no HR issues to worry about and the work is on the shoulders of a company, not an individual.

If your company is at the point where you know you need dedicated IT personnel but are unsure about which direction you’d like to go, contact us ASAP. We would be more than happy to go over your needs and discuss the best options.

As this COVID-19 crisis drags on, we’ve noticed a few new habits amongst our clients. Some have taken this opportunity to get their business in order and prepare for a resurgence. Some are just gritting their teeth and holding on. Nearly all of them have increased their time on social media. In addition to typical surfing, we’re seeing dramatic increases in people filling out those pesky Facebook quizzes about their first loves, childhood homes, mother’s maiden names, and other little-known facts.

These quizzes seem innocent enough at first; however, they are a hacker’s dream. In fact, most of these quizzes are planted by hackers in hopes that people fill them out, innocently reveal their security question answers, and create an easy target to breach. Here are a few tips to keep safe.

1. Just say no. We know we sound like a Debbie-Downer here, but it’s safest to just avoid Facebook quizzes altogether. Let’s paint the picture. Recently, there was a push to post your graduation photo and year “in support of 2020 graduates.” This sounds like a cute idea, but there’s a dark side. Hackers now have three pieces of information that are common security questions: where you went to high school, what year you graduated, and your high school mascot (they can easily look this up based on the information provided). Your support of graduates just opened you up to hacking. Sure, this doesn’t give up your username and password, but hackers might already have this information based on some previous phishing attempt or breach of a major database (think Target, medical records, or social media profile leaks). Now, they have the secondary layer of protection to your personal data. Alternatively, they use this information to create fake Facebook profiles that appear believable. Then, they send a bunch of friend requests to your existing friends and use it to harvest their personal data when they accept.
   
2. Pretend everything you post is public. Regardless of your privacy settings, pretend that Facebook is a wall in the grungiest bathroom on your last road trip. Is this information that you would like posted on that wall? When you excitedly shared about your daughter’s first car, you revealed her security question information. You nostalgically told a story about your childhood neighborhood, there was another security question. It doesn’t matter if your profile is private or not. Hackers will find away.
   
3. Give Fake Security Question information. If you just cannot refrain from taking these Facebook quizzes or posting, give fake information for your security challenge questions. For example, if the security question asks where you met your significant other, put something completely incorrect. Make sure it’s something that you will remember, but it shouldn’t be something that hackers could find published online.

Social media opens up privacy concerns that we’ve never had to consider before. We recognize that there is no turning back and becoming a recluse isn’t an option. Through this crisis and beyond, take every precaution you can to protect yourself, protect your business, and protect your identity.

As professionals in the IT business, we all have firsthand knowledge that the web can be a dangerous place for anyone, especially if you run a business. The more we analyze security breaches, the more we ask the most crucial question: why? Why do people go through all that trouble to make life more difficult and dangerous for the rest of us?

Well, you can imagine that it differs from hacker to hacker. Just a  few common factors likely end up being the reasons why they do what they do and why they started in the first place. In today’s blog, we’ll take a deep-dive into the villains of our story, and explore some reasons why they do what they do.

1.) Identity Theft

Though you may not realize it, you are more important than you think—well, more valuable, anyway. You might think of you or your company’s value in terms of what is in your bank account, or the assets you may hold. However, you probably carry more potential value that you don’t tap into, such as not opening additional accounts and not maxing out your credit cards.

Consumer Affairs estimates that the average loss for an individual involved in credit card fraud last year was about $2000. That number might seem a bit low to some, but remember that most people only have a few thousand dollars maximum available on their credit card at any given time. Imagine if your company’s credit card was compromised. How much could you be on the line for? Or what if someone opened accounts or took out loans using your stamp of approval? For many of us, the losses could be staggering.

2.) Ransomware

The last few years have taught all of us to fear that word. From small to large businesses, from individuals to local and national governments, no one is safe from these threats. As far as a reason for this type of attack, the answer is simple: hackers identify and attack victims that can give them a good return on their time invested.

When hackers hold an organization for ransom, the victim often ends up paying because they can’t afford to operate too long without productivity. While some sources report that overall ransomware attacks are down, lately, they have become more sophisticated and demand more money to release the “hostage” data or systems.

3.) Mooching Off Your Equipment

Hackers generally have less money and fewer resources than the people they steal from. Sometimes the reason for the attack isn’t just for cash, but rather for access to available operating systems. This type of hacker is looking to take advantage of large servers with massive computing power for activities such as mining Bitcoin. Sadly, they probably don’t plan on giving you a cut. They’ll use your processing power late in the night and stick you with the extra electrical charges. Another reason why you should always check your bills!

4.) Because They Can

You could consider this to be the scariest category of a hacker since there’s nothing that can be done to stop them. They can best be summed up in a quote from Alfred in The Dark Knight when he said; “Some men aren’t looking for anything logical like money… some men just want to watch the world burn.”

Since a person like this doesn’t have anything other than personal accomplishments as a goal, they can be harder to catch and harder to convince to change their dastardly ways. For example, in one month in 2000, a young man by the name of Michael Calce (who used the handle “Mafiaboy”) took down the systems of CNN, Yahoo, Dell, and Amazon. All are substantial companies with state-of-the-art security systems. What was his grand reason for doing this? To prove that he could. While this is not the most common category of the hacking community, they can still be some of the most difficult hoodlums to deal with.

5.) To Sell Your Information

This is one of the more significant issues today. We live in an era where the greatest currency is information. Once hackers get their hands on information such as credit card numbers, passwords or even patient records, selling personal data on the Dark Web is very straightforward. To make it lucrative, they need to deal in volume. According to some reports, credit card numbers typically sell for around $10 a piece. For the same amount of time and energy it would take to steal your private information, they can accumulate hundreds or thousands of pieces of information by accessing your customers’ records.

The scary part is, once your stolen data is out there for the highest bidder to snatch up, you can be on the hook for damages. Currently, there are dozens of high-profile lawsuits in progress for businesses whose systems were hacked and now private and sensitive data from their clients are exposed for all the world to see… for the right price.

Regardless of the reason hackers do their dirty work, it’s up to us to protect the data we have access to. We just need to update our security systems and stay one step ahead of the criminals. If you don’t feel that your current security measures are up to snuff, give us a call today! We’d be more than happy to assess your current set-up, and show you how you can implement a plan to make sure you won’t be defenseless against those unsavory characters on the web.

We hope you understand that this article is being written with tears in our eyes. After months of being part of the loud choir warning about the End of Life of Windows 7, some estimates state that up to 32% of all computers worldwide are still using this operating system!

Currently, the most common cyberattacks against small and medium businesses are phishing, malware, denial of service attacks, man-in-the-middle attacks, and ransomware. A man-in-the-middle attack is named that way because a hacker wedges a barrier between two parties who are conducting a business transaction. The hacker then becomes the liaison for data swapping, so it is easy to steal sensitive data. An SQL breach involves installing malicious code into a SQL server and then siphoning out the data. And we’ve all heard the latest horror stories on how ransomware is holding businesses, corporations, and even whole cities hostage.

Although the funeral seats of Windows 7 are still warm, the first major attacks and vulnerabilities are already starting to raise their ugly heads. As the OS becomes more and more obsolete and more information is passed from hacker to hacker on the Dark Web, the overall safety of your data becomes less and less.

Count the Costs

Data breaches do a lot more than just cause chaos in your office. Once your system has been compromised, you need to find a way to get your information back, either because you need it to function or because it may contain sensitive information. The 2018 IBM Cost of a Data Breach report calculated that on average, a data breach can cost your company $148 — per record. Many companies have hundreds, thousands or even millions of records!

Besides the costs of just having the records themselves stolen, think of the liability that those stolen records can expose you to. Think about lawsuits if your customers’ personal or financial records become available to the public. If you’re a medical office or happen to have medical files on patients, a hack can put you in hot water with HIPPA violations, which can put you on the line for up to $25,000 for each breached file. Clearly just on a financial level, making sure your company is protected is worth its weight in gold.

The Problem and Solution

So, what exactly are hackers looking for? In a perfect world, they can trick you by either downloading a virus or hooking you with a phishing scheme. However, computer users have become more knowledgeable over the years, so those scenarios have become only minor tools for hackers.

As the expression goes, “Every lock has a key.” Sometimes there are ways to get into your system that were put there by design and sometimes the programmers made a mistake and created a backdoor in the OS without realizing it. Either way, it’s usually only a matter of time before one or more hackers find their way into your system. Once one finds their way in, they rarely keep this information to themselves and often sell it or just give it away.

In a normal situation like this, once Microsoft is aware of the vulnerability, they will create a patch to remedy the problem. A patch is downloaded code that will update the part of Windows where the problem is located. It is always recommended that you download and install patches as soon as they become available.

The End of Life Problem

When Microsoft or any other company says that its software is at its End of Life, it usually doesn’t mean that it will stop working. Rather, it just means that the company will no longer support it. In the case of Microsoft, that means that they will no longer provide security patches or any other updates in addition to not offering support from their techs. Really, it’s just a matter of time before the system becomes obsolete and holes are found in its armor.

Speaking of which, 2 security researchers at Guardicore Labs recently announced that the Barbarians are not only at the gates, they have already entered. According to them, a medium-sized medical tech company was hacked when pirates found a way into their system via WAV files. As we said, it’s just a matter of time before this grows to more and more ways to undermine the system of Windows 7 users.

The Obvious Solution

We’re not going to beat a dead horse on the topic, so we’ll just say that the best way to avoid these problems is by upgrading to Windows 10. But not so fast! Simply upgrading your OS is not going to keep you safe forever. Just because you will then have access to the safety protections that Windows 7 now lacks doesn’t mean it’s a one-and-done situation. You need to make sure that your systems are always up to date. Did you just get a pop-up for a new update? Stop what you’re doing and make sure that every machine on your system is updated. Having just one person put it off can put your whole network in danger.

We understand that there is a big difference between taking care of a single personal computer at home and a whole network of computers and servers at your business. Updates, especially on servers, can often be a time consuming and daunting task. That’s why we’re here to help. If you feel that you need a helping hand in making sure your system is up to date and stays that way, please contact us to see how we can assist.

Life can be ironic, can’t it? We’re not just talking about the “Rain on your wedding day” kind of irony, either. It seems that Microsoft and anyone who works in the tech field — ourselves included — have been harping about how Windows 7 users need to upgrade before its End of Life happened on January 14th. And what else happened on that day?

Well, Windows 7 did meet its End of Life, but the NSA also came out with a warning that Windows 10 — and all other platforms that Windows 7 users were supposed to move to — had a massive security threat. So, how important is this, and more importantly, how does this affect you and your business?

Conflicting Stories

Microsoft has been pretty tight-lipped about this whole situation and has already rolled out a patch, although they’ve only labeled this as an important update, not critical like they have for similar issues in the past. Industry experts feel this can be a way of trying to play down a major issue, making it seem like this is nothing more than a minor hiccup. This might have worked had the NSA not said anything.

The NSA has been notorious at finding exploits in Windows, as well as other operating systems, so they can conduct surveillance without asking permission from software developers. In fact, the famous Wannacry virus was believed to have spread so quickly because hackers found an exploit that the NSA was using at the time. The reason we bring this up is that if the NSA is making this public and not merely keeping it to themselves like before, it must mean that this is a major issue that risks the security of more than just a handful of people. We’ll probably never know the real truth behind the matter, though we can guarantee that there is plenty of information that is not being shared with the general public.

The Windows 7 Connection

Both Microsoft and the NSA made their announcements on January 14th, so it stands to reason that this must have been a known issue for a while. Which begs the question, why didn’t anyone say something sooner? More likely than not, it was probably because Microsoft had been pushing the Windows 10 upgrade for so long that if those who hadn’t upgraded from Windows 7 heard about the gaping flaw, it might have given them an excuse to hold back.

From what it looks like, the issue stemmed from a program that interfaces with digital signatures and determines whether or not a program is legitimate and licensed. Somehow there was a vulnerability in the sequence that opened a door so huge, even the NSA considered it too much of a breach of privacy for individuals and businesses. As far as we know, this was not an issue on machines running Windows 7.

So, I Might As Well Stay With Windows 7, Right?

Not so fast, buddy. Yeah, we’ll be the first to admit that this whole situation doesn’t smell right and was most likely the result of Microsoft trying to save face, but don’t make this is an excuse to stay with Windows 7 if you haven’t already upgraded. Security concerns are a fact of life and having one doesn’t make Windows 10 any better or worse than other versions. Think about your favorite version of Windows and it probably had dozens of issues that needed to be resolved over the years. Yes Microsoft indeed caused this problem themselves and it wasn’t just a way in that hackers devised, but again, that’s to be expected from time to time. Both Microsoft and the NSA said that neither was aware of anyone having been pirated as a result of this vulnerability.

When it comes down to it, here is the hard fact of the matter: although this flaw in Windows 10 wasn’t great, it was fixed quickly, and any other issues or vulnerabilities will be continued to be fixed for the foreseeable future. Windows 7, on the other hand, is dead and is never coming back.

Think of it this way: would you still run Windows 95 on your computer? Chances are your answer would be an emphatic no. And why not? Most likely due to a lack of functionality and security issues. Well, if not Windows 95, why not Windows 98, NT, ME or XP? Probably for the same reasons as for Windows 95.

Although Windows 7 still works and was just recently updated, it’s no different than any other previous version of Windows. Those who still use older versions can be and are hacked regularly. Why? Because they aren’t supported, so hacking them gets easier every day.

Looking Ahead

We understand that if your business still hasn’t updated from Windows 7, there is most likely a good reason besides just being lazy. There are always several considerations to making changes, such as hardware upgrades, data migration, and even software compatibility. For a company that isn’t equipped for all of this, upgrading may be an overwhelming prospect.

If you find yourself in that situation, please contact us to see how we can help your business move forward and stay there. Whether you need a one-time service or perhaps full MSP coverage, our team of professionals is here to help.