Why Small Businesses Are The Most Vulnerable from Ransomware Attacks

Ransomware: Why Small Businesses are the Most Vulnerable

Posted on February 4, 2020 in Data Breach, IT Security, IT Security Assessment

Ransomware: Why Small Businesses are the Most Vulnerable

In recent years, a rash of high-profile ransomware attacks have left many businesses with the impression that only big organizations need to protect themselves from cybercriminals. The truth is exactly the opposite. In reality, small businesses are more often the victims of ransomware attacks—and no business is too small to become a target. Is your business protected?

Why are Small Businesses Targeted by Ransomware Attacks?

The term malware—malicious software—refers to any kind of software that was created with the intent to do harm. Some focus on stealing personal information to try and gain access to financial accounts. Others are designed to simply cause havoc in the systems they infect.

Ransomware is a specific category of malware with a different kind of objective. Instead of stealing account information or data, ransomware locks or encrypts files so that the owner can’t access them. The ransomware also gives instructions on how to pay a ransom in exchange for a password to decrypt or regain access to the files. Ransomware is evolving, of course, and now, some versions do more than just encrypt data. Some new strains of ransomware allow hackers to upload your data to their own server, as well as encrypt it in its original place

More recently, the city of Baltimore fell victim to a ransomware strain known as RobbinHood2. On May 7, 2019, city government computers were infected and taken offline by an unknown hacker group that demanded a Bitcoin ransom worth over $75,000. The city was unable to restore its systems until May 20, affecting email, payment systems, and even the city’s real estate market. Baltimore was previously hit in 2018, when hackers infected the city’s 911 system and forced a temporary system shutdown.

Attacks like these contribute to the belief that small businesses are safe from cyberattacks, but this couldn’t be further from the truth. In 2018, 71% of ransomware attacks targeted small businesses, with those in the healthcare sector hit the hardest. And ransomware attacks are on the rise, with an 11% increase from 2017 to 2018.

Few Small Businesses are Equipped to Deal with Ransomware

Small businesses are the most common targets of ransomware attacks. And unfortunately, they also tend to be hit the hardest by them—if not in the size of the ransom demand, certainly in terms of the organization’s ability to deal with the attack and its consequences.

One reason for this is simply that small business owners tend to believe that the size of their business makes them unlikely to be a target. Therefore, they don’t put as much effort into security as a larger business might. They’re also unlikely to have a plan in place to deal with the aftermath of a cyberattack. If they get hit, they struggle to deal with the fallout.

The second reason why small businesses are more vulnerable is that they don’t invest in cybersecurity. They don’t have the budget to employ an IT team, or buy expensive equipment. And many forgo security altogether, instead of searching for more affordable solutions.

How can You Protect Your Small Business?

As a small business owner, there’s a lot you can do to protect your business from ransomware and other malware attacks, even on a small budget.

Be Smart and Safe Online

According to Verizon’s 2019 Data Breach Investigations Report4, email is the most common method way for malware to access a system. And, over 80% of malicious emails use phishing activity to steal sensitive information or get the user to download malware to their computer.

While some security practices involve a financial outlay, one of the most effective methods of improving your security is free. Teach your employees how to stay safe online, and you can greatly reduce the risk that your computer system might become compromised. For instance:

  • Use multi-factor authentication when logging in to email and other accounts. This means using two or more methods of verifying identity, such as a password plus a code sent to your mobile phone at the time of login.
  • Don’t click on links or download attachments until you’ve verified their safety. If you know the sender, call them to check. If you don’t know the sender, scan the email for signs of phishing.
  • Phishing emails use a variety of tricks to get people to click links or download attachments. These include suspicious activity warnings, requests for information or verification, offers of prizes or discounts, or payment requests.
  • Phishing emails often claim to be from large brand-name companies such as Facebook, PayPal, or Netflix. But a close read of the email shows signs like poor spelling or grammar, or a generic greeting such as “Dear Customer”, that indicate it’s not what it seems.
  • Phishing emails often use sender addresses that are similar to legitimate business email addresses, but aren’t exactly the same. For instance, “paypal12.com” instead of “paypal.com”. Check the sender address by hovering the cursor over it in the email, to verify the sender’s domain.
  • Be particularly cautious with unsolicited email, or email from an unknown sender, especially if there are requests for sensitive information.

When in doubt, always check with the sender of the email, even if it’s from a co-worker. A new kind of phishing, dubbed spear-phishing, targets employees with the specific intent of gaining information that can be used to access sensitive company systems or data. These emails tend to be more sophisticated than the average phishing attempt, so it’s important to read with a critical eye.

Outsource Your IT Needs

If, like many small business owners, you haven’t given much thought to security before, now may be a good time to start! You may not have the budget for an IT team, but there are other options.

For small businesses, a simple and affordable solution is to outsource security to a third-party provider. By outsourcing security services, you benefit from advanced protection without a big financial outlay.

Backup Your Data

Even the most sophisticated security can’t guarantee your safety 100%. But if your data is regularly backed up, you can survive any cyberattack. One option is to use an online backup service that saves all your data in an offsite location. If your business is attacked, you can use the backups to restore your files, without having to resort to paying a ransom.

Your Small Business May Be Vulnerable, But You Can Protect It

Ransomware is a potentially significant threat, especially for small business owners. However, there’s a lot you can do to reduce your level of risk. By educating your employees and outsourcing security services, you can help ensure that your business doesn’t become a target.

[Top]

Net-Neutrality

What is Net Neutrality?

Posted on November 27, 2018 in Uncategorized

Net neutrality — you’ve heard about in the news. But what is it, really? And why do so many people care? In May, the U.S. Senate voted in favor of overturning the FCC’s decision to abolish net neutrality. But this is still a hot-button issue, and people just can’t stop talking about it. Here’s everything you wanted to know about net neutrality.

What Does It Mean?

OK, let’s take a look at what net neutrality actually means. In simple terms, net neutrality is the principle that internet service providers (ISPs) should give you full access to the internet. This means they shouldn’t block particular websites or change how you view the internet in any way.

Whether you access the internet from a desktop, laptop, smartphone or tablet, your ISP can control the way you access the World Wide Web. They can prioritize certain websites or limit how much data you use, for example. Your ISP can also prevent you from accessing particular websites based on your IP address.

Proponents of net neutrality point out that nobody “owns” the internet, and ISPs shouldn’t control your access to it. Net neutrality is a lot more complicated than this, though. It’s recently made the news, but people have been arguing about it for years.

Why Do People Support Net Neutrality?

People support net neutrality for a whole host of reasons. Most of them believe that that the internet should be a fair place, where users can access anything they want whenever they want. In short, they don’t think big companies should control the internet. They want the freedom to visit websites at the fastest browsing speeds.

“A free and open internet protects freedom of speech. A free and open internet promotes innovation,” says The Open Internet. “Without an open internet, big corporations would have tight control over how we access information.”

Seventy-two percent of people who understand net neutrality support it, according to one study.

Why are Some People Against Net Neutrality?

Critics of net neutrality argue that the internet should be free from federal and state regulation and that ISPs should control how people access the internet. They point to the 1996 Telecommunications Act to support their argument.

Moreover, some people think that ISPs controlling bandwidth and prioritizing certain websites is a good thing. They say there’s isn’t enough bandwidth to go around, so limiting access to particular sites and favoring other ones is a legitimate practice.

Proponents of net neutrality disagree with this notion completely.

“If there’s enough bandwidth that carriers can offer the most traffic-intensive services
without limit, then why are there caps in the first place? Answer: There is no reason,
bandwidth caps are arbitrary!” says Devin Coldewey, writing for Tech Crunch.

Eighty-three percent of people support keeping the FCC’s net neutrality rules, according to
one poll.

Right now, there are two camps of people: Those who favor net neutrality, and those who
disagree with it. It will be interesting to see what happens next.

[Top]

Windows-7-retiring-in-2020

Windows 7 will be retiring in January 2020

Posted on November 7, 2018 in Uncategorized

Windows 7 End-of-Life

Every Microsoft Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. An unsupported version of Windows will no longer receive software updates from Windows Update. These updates include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows—such as new drivers for your hardware.

Microsoft will discontinue support for one of its most reliable versions of Windows ever – Windows 7 on January 14, 2020. This includes all versions – Home, Professional and Enterprise.

What does this mean for you and your business?

Sometime during the 2019 calendar year you will need to develop a technology plan to retire these Windows 7 machines and replace them with an up-to-date / still supported operating system–more than likely Windows 10. If you continue to use an unsupported operating system you will no longer receive critical patches and fixes thereby putting your security compliance at risk.

How do I know what versions of Windows I have currently?

The most obvious sign of a Windows 7 machine is the large blue orb that serves as the start button. If you see this Windows logo in a circle you will know right away that it is Windows 7.

Another easy way to determine your Windows version is to type the command WINVER in any Windows search field and it will present to you your Windows version and build number.

What can we do?

  • Develop a plan (both a technology one and a financial one) to replace the machines.
  • Evaluate the hardware associated with the Windows 7 machines to see if there are any compatibility issues with your new operating system.
  • Evaluate any software for the same reason as above. Is there a reason (mission critical software systems) why you are still on Windows 7?
  • Consult with Kenneally Technology to work with you on evaluating your network system and software to transition you to the next level of Windows.

-Don’t wait – only 13 months left!-

 

[Top]

what-blockchain-means-for-fintech

What Blockchain Means for FinTech

Posted on October 16, 2018 in Uncategorized

Blockchain technology is essentially a new way of storing data through decentralized ledgers. Instead of relying on a third party record holder, every party to a blockchain has an instantly updated copy of the ledger. Data integrity is maintained because it’s virtually impossible to alter the data on all existing ledgers. While the implications of that are far and wide reaching, the most apparent and immediate use cases have come to FinTech.

FinTech, or financial technology, is a relatively new industry that applies advances in technology to further access to the financial industry. Innovations like mobile banking and investment apps are some of the more visible uses of FinTech.

The most notable disruption has been from cryptocurrencies like bitcoin and ethereum, in part due to their meteoric rise in value and subsequent market volatility. Such a new phenomenon has thrilled investors, financial pundits and even caught the attention of those not actively involved in the finance industry.

Whether you’re short or long on cryptocurrencies, the truth is that they are a pretty small part of the potential that blockchain has to foundationally change and create new systems in FinTech. Here are four other ways that blockchain will change the way we do business.

Tokenization of Assets

Tokenizing assets refers to replacing trusted intermediaries and paper certificates with digital proof of ownership. This can be ownership of anything, but is being used more and more to bring liquidity to otherwise illiquid assets like real estate and art.

Once an asset is tokenized, it can be divided and sold in smaller pieces allowing partial ownership of regulated securities. This also provides an entirely new way to offer investment into startup companies or any organization looking to go public and raise funds.

Digitizing access to an investment market also expands the potential pool of investors from those with the required resources to nearly anyone around the world with access to the Internet. Tokenizing assets creates scalability previously unheard of in traditional financial markets.

Verification of Accounts and Identity

As much as FinTech is speeding up the digital transformation of the finance world, some aspects still require the use of traditional paper and certificates. For example, it’s easy to transfer money online, but before withdrawal can occur, verification of ID is usually required — and that almost always means something analog like uploading a picture of a driver’s license or passport.

Because a well designed blockchain is immutable in its data, it creates a more secure environment to automate trust. Though the basis for ID may originate from an analog source, once entered into a blockchain, the provenance is instantly trackable which in effect guarantees identity with confidence and speed.

Easy Access for Regulators

Establishing compliance with federal requirements is a complex task that usually requires a dedicated staff to ensure all the necessary documents are in place. Whether it’s documenting new hires or community investment, there’s a lot of room for error in the huge swaths of paperwork.

With blockchain technology, it’s possible to write a program that automatically captures and inputs necessary data into the distributed ledger. Federal regulators can access that data and ensure compliance through the highly secure and unalterable blockchain. Not only does this make compliance easier, it greatly reduces the costs associated.

Smart Contracts

Smart contracts aren’t actually contracts — and they’re not even smart. They’re simply pieces of code written to automatically perform transactions once the terms of the agreement have been met. For example, if two parties were performing a transaction, a smart contract would transfer digital ownership to the new party once it determines that payment has been made in full.

Traditionally this has been a resource and cost intensive process. Assuring that all aspects of the agreement have been met once required lawyers and tied up cash flow. Smart contracts automate the process, reduce cash-flow cycles dramatically and eliminate the need for escrow services and contract verification. This brings down costs and frees up cash for growth — not contract disputes and arbitration.

[Top]

IdentityTheft

Tips and Frequently Asked Questions About Identity Theft

Posted on August 14, 2018 in Uncategorized

Many people don’t understand how common identity theft is — much less what puts them at risk, or how they’d know that their personal information has been compromised. Read on to learn the answers to some frequently asked questions about identity theft: what it is, its signs, how to prevent it, and how to respond.

What Is Identity Theft?

Identity theft is the use of someone else’s personal information for personal gain. That personal information can take any number of forms, from your social security number or taxpayer ID, to your medical information, to your bank or credit card information.

With this data, criminals can engage in a wide range of activities. They can take out lines of credit, drain your bank accounts, charge your cards, claim your tax return, and even sign up for insurance in your name.

How Common Is It?

Unfortunately, identity theft is extremely common. The U.S. Bureau of Justice Statistics estimates that in 2014, 17.6 million Americans over the age of 16 were victims of identity theft.

Keep in mind that the actual numbers are likely much higher. Anyone can be a victim of identity theft, not just teenagers and adults, and some parents have even said their children have been victims. What’s more, many companies have seen an increase in actual and attempted data breaches in recent years.

The vast majority (about 86%) of identity theft targets bank accounts or credit cards. However, all types are on the rise.

What Are the Signs of Identity Theft?

dentity theft can be very hard to detect. Some people may not know their identity’s been stolen until they file for their taxes, or apply for a loan.

Signs your identity may have been compromised may include:

  • Unusual information on your credit report
  • Unexpected withdrawals from your accounts, or charges on your credit or debit card
  • The IRS responding to your tax returns by saying you’ve already filed
  • Receiving an explanation of benefits from an insurance company you aren’t signed up with
  • A company telling you their data was breached, or your account has been hacked

How Can I Protect Myself?

Unfortunately, there’s no completely foolproof protection against identity theft, especially when doing business online. But here are some tips to make identity theft far less likely:

  • Shred your documents. A surprising number of everyday documents and mail contain personal information, and shouldn’t just be thrown away.
  • Use cash whenever possible. Every time you use your credit card, you’re at risk of skimming and other scams.
  • Track your credit score, and watch your accounts. While automatic fraud detection is improving, it’s not perfect. By monitoring your bank and credit score, you’ll be the first to notice when something’s wrong.

How Should I Respond to Identity Theft?

First, begin by changing passwords, freezing your credit, and placing a fraud alert. This will block further access to your identity.

Next, report the fraud. The FTC takes reports of social security fraud, while the IRS handles tax fraud. You should also notify any companies involved: they’ll be able to help you, and if their systems are breached they need to know.

Finally, begin cleaning up the results of the theft. You may have to dispute some items on your medical history, for instance, or charges on your credit card. Unfortunately, it may take time to uncover everything and respond to it.

Identity theft can do serious damage to your financial and emotional well-being. But by taking sensible steps to protect yourself and your data, you’ll minimize the chances of it occurring, and respond swiftly if it does.

[Top]
next posts >>