Posts

Listen to the news? Read the internet? You know cyber crime is a very big business. Hackers and criminals are out there doing all sorts of nefarious things. Most generally, you hear that malware is some kind of virus that attacks your software programs, infects your hardware, and bungles up your network. But there are many different types of malware, just as there are many types of criminals–each with their own MO and bad intentions. In this e-guide, we will run through some of the major categories of malware, and then suggest 7 different ways you can work to protect your business from malware.

Malware defined – Malware is a generic term that covers all manner of software that is designed to attack your devices, applications, programs, and networks. It is software that has bad intentions. Malicious + Software= Malware. Hackers and criminals create malware for an array of reasons. Some may create it just to attack massive amounts of machines just to show that they can disrupt the cybersphere. Other malware may be created for political reasons. The major reason criminals create malware? To make money without earning it. Yes, stealing. Either by directly pulling money out of accounts, or improperly acquiring data that ultimately provides access to funds. Example: Stealing your SSN and setting up a credit card to use that info, or convincing you to provide the password to your checking account. Others will snatch your organization’s data and hold it for ransom. As usual, it is all about money.

FUN FACT: Before the internet, passing around malware to infect a PC meant a criminal had to find a way to infect a floppy disc and trick users into inserting it into their computer. One of the first was created by a high schooler in the early 80’s. It was relatively benign and just created a pop-up with a Seuss-like poem

“The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes it’s Cloner!
It will stick to you like glue
It will modify RAM too
Send in the Cloner!”

Unfortunately, most viruses now have far more nasty intentions, and the internet has made it much easier for criminals to break in. No waiting for you to insert a disc drive to steal your data, disrupt your internal business operation, or take down your website. One bad click and you’re in trouble.

Malware is a general term and there are several types.

VIRUS – Like the pathogen we associate with human disease, a virus is a “piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.” Source: https://languages.oup.com/google-dictionary-en/.

A characteristic of a virus is that it requires the user to take some action for it to infect your hardware, software, network, etc. For example, inserting an infected thumb drive or clicking on a link found in an email.

ADWARE -Adware is less a type of malware than a symptom created by the infection. Adware invades and then drives the user crazy with endless pop-up advertisements.

WORMS – Similar to viruses, worms replicate and attempt to cause damage but they don’t require a user action. Worms find vulnerabilities or holes in code that allows them access.

TROJAN HORSE – Yes, named after the Greek myth, Trojans trick you into accepting something you want, but inside it has bad intentions. A trojan refers to the method the cybercriminal uses to get you to download a virus or other infected program, rather than the nature of the specific virus.

KEYLOGGERS – This is malware that can track your keystrokes. This particular malware’s goal is to track your keystrokes and identify passwords or credit card information, and then log into your accounts.

RANSOMWARE – If there was any malware that gets more media attention, we aren’t aware of it. And it deserves everyone’s attention. Unlike some other forms of malware, once this has invaded, there is very little you can do to eliminate the virus. Ransomware sneaks in, snatches your data and holds it for ransom. Unless you choose to pay the ransom fee, usually in some cryptocurrency, you are out of luck. In the specific case of ransomware, prevention is the key. Having clean backups of your data which are kept continuously up to date is about the only way to sidestep a ransomware attack on your data.

Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is likely nothing to do to retrieve your data until you have given in to the demands of the criminals.

As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special attention. Some of the routine tools to protect data may still be vulnerable to ransomware. This e-guide will talk about seven specific ways that an MSP is best positioned to help protect you from a ransomware attack.

Before talking about how an MSP can help. Let’s define ransomware. Ransomware is an especially nasty software whose MO is as old as crime: Kidnapping ( in this case, datanapping) Ransomware does this by infiltrating your computer systems and encrypting all of your files, making them unreadable to you. Then like any kidnapper, they post a ransom and hold your data hostage until they get paid. They encrypt your files, rendering them inaccessible to you. The attackers then demand a ransom payment. Ransomware attacks are typically carried out through phishing emails, compromised websites, or exploiting vulnerabilities in software. ( please check out some of our other e-guides on training your employees to avoid phishing emails, and avoiding other easy tricks that criminals use to infiltrate your IT systems.)

What happens once they have encrypted your data? You are probably stuck either paying the ransom or losing the data. In the case of ransomware, sometimes routine backups may be infiltrated. This is why an MSP can be of such value in securing your data against this particular form of cyber crime.

The impact of this crime is pretty obvious. Your data–and your customer’s data–is inaccessible. You have almost no choice but to pay the ransom. The loss of data can disrupt daily business activity and damage customer trust. A successful ransomware attack can lead to brand damage, regulatory penalties for data breaches, and potential legal consequences. The overall consequences can be devastating, making it especially important for you to take proactive measures to prevent such attacks.

The basic preventative measures. Are they enough?

In general, there are some basic textbook best practices you can follow

  • Educate employees about cybersecurity best practices, including identifying phishing emails and suspicious links.
  • Regularly back up data and ensure offline or offsite storage to prevent data loss in case of an attack.
  • Keep software and systems up to date with the latest security patches.
  • Implement robust endpoint protection solutions, including firewalls, antivirus software, and intrusion detection systems.
  • Segment networks to limit the spread of ransomware and restrict access to critical systems.
  • Develop and test a disaster recovery plan to ensure an effective response to an attack.

However, straightforward as these appear, these aren’t as simple to implement as they sound and you may not have the time and labor to devote to designing, implementing, and maintaining these procedures. As an MSB, your focus is necessarily focused on operations, revenues, and sales. A Managed Service Provider has the resources and the expertise to handle your virus protection and ransomware avoidance planning so you focus on revenues.

Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is likely nothing to do to retrieve your data until you have given in to the demands of the criminals.

As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special attention. Some of the routine tools to protect data may still be vulnerable to ransomware. This e-guide will talk about seven specific ways that an MSP is best positioned to help protect you from a ransomware attack.

Before talking about how an MSP can help. Let’s define ransomware. Ransomware is an especially nasty software whose MO is as old as crime: Kidnapping ( in this case, datanapping) Ransomware does this by infiltrating your computer systems and encrypting all of your files, making them unreadable to you. Then like any kidnapper, they post a ransom and hold your data hostage until they get paid. They encrypt your files, rendering them inaccessible to you. The attackers then demand a ransom payment. Ransomware attacks are typically carried out through phishing emails, compromised websites, or exploiting vulnerabilities in software. ( please check out some of our other e-guides on training your employees to avoid phishing emails, and avoiding other easy tricks that criminals use to infiltrate your IT systems.)

What happens once they have encrypted your data? You are probably stuck either paying the ransom or losing the data. In the case of ransomware, sometimes routine backups may be infiltrated. This is why an MSP can be of such value in securing your data against this particular form of cyber crime.

The impact of this crime is pretty obvious. Your data–and your customer’s data–is inaccessible. You have almost no choice but to pay the ransom. The loss of data can disrupt daily business activity and damage customer trust. A successful ransomware attack can lead to brand damage, regulatory penalties for data breaches, and potential legal consequences. The overall consequences can be devastating, making it especially important for you to take proactive measures to prevent such attacks.

The basic preventative measures. Are they enough?

In general, there are some basic textbook best practices you can follow

  • Educate employees about cybersecurity best practices, including identifying phishing emails and suspicious links.
  • Regularly back up data and ensure offline or offsite storage to prevent data loss in case of an attack.
  • Keep software and systems up to date with the latest security patches.
  • Implement robust endpoint protection solutions, including firewalls, antivirus software, and intrusion detection systems.
  • Segment networks to limit the spread of ransomware and restrict access to critical systems.
  • Develop and test a disaster recovery plan to ensure an effective response to an attack.

However, straightforward as these appear, these aren’t as simple to implement as they sound and you may not have the time and labor to devote to designing, implementing, and maintaining these procedures. As an MSB, your focus is necessarily focused on operations, revenues, and sales. A Managed Service Provider has the resources and the expertise to handle your virus protection and ransomware avoidance planning so you focus on revenues.

If you haven’t already considered migrating your data storage to the cloud, you are probably in the minority of businesses. While it may seem intuitive that somehow your data is safer if it is stored “ at home,” on location at the site of your business, that probably is not correct. Given the ability of skilled cloud service providers to provide redundancy and a level of security unattainable by a small business, storing all your crucial business data on site using in-house support is probably akin to keeping your money under the mattress instead of a bank.

In this blog, we’ll explain what cloud data storage means, and some reasons why it may be a good business decision. In addition, we’ll quickly note some reasons some people get nervous about the security of cloud storage.

What is cloud data storage?

In an earlier time, a business would store all of its data on-site. Individual employees might keep all of their Word and Excel documents filed on their PC. The business might store all of its customer data, financial and accounting information, clients lists, etc., on individual “secure” PCs and then back up to a server located in the equipment room. In this scenario, there are several concerns-

  1. Individual PCs may fail, losing all the data stored there.
  2. Backups generally only happen periodically, thus anything created between backups when something goes wrong is…lost
  3. Backups can fail
  4. Backups require labor from an IT individual
  5. Backups on a server in the equipment room 100 feet from the rest of the office isn’t a secure storage site in case there is an-on location disaster. Fire, flood, etc.
  6. All of that data is vulnerable to cyber attacks and in-house IT professionals probably don’t have the resources necessary to provide the most up-to-date tools to defend against cyber crime
  7. All of that back up infrastructure is expensive.
  8. All of the labor necessary to support it is expensive.

The cloud functions as your off-site storage location where you get some particular benefits.
Cloud providers can generally provide the latest, most secure storage available. They also don’t store it on one machine in one location. Top cloud providers offer redundancy not only on one storage site; your data will be mirrored in a geographically diverse location. A complete natural disaster affecting one server farm will be irrelevant to the safety of your data. Other copies may be across the continent.

So let’s get to specifics.

  1. The Cloud offers economies of scale – If you want to store and protect your own data, you need to purchase all of the hardware and software, all of the servers and backup servers, the uninterruptible power supply in case of a power outage, and hire 24/7 support. In the cloud model, you share all of those expensive fixed costs with hundreds and thousands of other users.
  2. Focus on your business – As a smaller business, you may not have the technical expertise to manage a staff of IT specialists. More importantly, do you have the time to focus your energies on managing IT? You have the job of running your business and bringing in revenues.
  3. Scalability – Does your business peak in summer and winter? To handle your storage needs you need to ramp up hardware bandwidth, labor etc, to meet peak demands. The rest of the year, that equipment may lie fallow. This creates high fixed costs that businesses, especially smaller ones, may not have the ready capital to build out. Cloud providers generally permit you to ramp usage up and down as needed. They have the available resources.

Cyberattacks on individuals and businesses for nasty purposes is nothing new. Stealing data, disrupting business, national activities, and just causing general mayhem has been going on for as long as there has been a digital world to attack. Ransomware, however, seems to stand out as a particularly unique and especially troublesome form of crime. For one thing, once an attack has happened, there is ilkely nothing to do to retrieve your data until you have given in to the demands of the criminals.

As a small- to medium- sized business owner, you should never just rely on off-the shelf virus protection programs as the sole tool to protect your organization against cyber crime. In all cases you should rely on an IT professional to look at every aspect of your IT infrastructure to ensure that everything possible is being done to protect your data. Beyond that, ransomware attacks are a particularly troublesome form of crime that requires special attention. Some of the routine tools to protect data may still be vulnerable to ransomware. This e-guide will talk about seven specific ways that an MSP is best positioned to help protect you from a ransomware attack.

Before talking about how an MSP can help. Let’s define ransomware. Ransomware is an especially nasty software whose MO is as old as crime: Kidnapping ( in this case, datanapping) Ransomware does this by infiltrating your computer systems and encrypting all of your files, making them unreadable to you. Then like any kidnapper, they post a ransom and hold your data hostage until they get paid. They encrypt your files, rendering them inaccessible to you. The attackers then demand a ransom payment. Ransomware attacks are typically carried out through phishing emails, compromised websites, or exploiting vulnerabilities in software. ( please check out some of our other e-guides on training your employees to avoid phishing emails, and avoiding other easy tricks that criminals use to infiltrate your IT systems.)

What happens once they have encrypted your data? You are probably stuck either paying the ransom or losing the data. In the case of ransomware, sometimes routine backups may be infiltrated. This is why an MSP can be of such value in securing your data against this particular form of cyber crime.

The impact of this crime is pretty obvious. Your data–and your customer’s data–is inaccessible. You have almost no choice but to pay the ransom. The loss of data can disrupt daily business activity and damage customer trust. A successful ransomware attack can lead to brand damage, regulatory penalties for data breaches, and potential legal consequences. The overall consequences can be devastating, making it especially important for you to take proactive measures to prevent such attacks.

The basic preventative measures. Are they enough?

In general, there are some basic textbook best practices you can follow

  • Educate employees about cybersecurity best practices, including identifying phishing emails and suspicious links.
  • Regularly back up data and ensure offline or offsite storage to prevent data loss in case of an attack.
  • Keep software and systems up to date with the latest security patches.
  • Implement robust endpoint protection solutions, including firewalls, antivirus software, and intrusion detection systems.
  • Segment networks to limit the spread of ransomware and restrict access to critical systems.
  • Develop and test a disaster recovery plan to ensure an effective response to an attack.

However, straightforward as these appear, these aren’t as simple to implement as they sound and you may not have the time and labor to devote to designing, implementing, and maintaining these procedures. As an MSB, your focus is necessarily focused on operations, revenues, and sales. A Managed Service Provider has the resources and the expertise to handle your virus protection and ransomware avoidance planning so you focus on revenues.