Petya Ransomware Affecting Critical Systems Globally: Here’s What to Do

A major global cyber attack is under way. This new rapidly spreading cyber extortion campaign is capitalizing on the assumption that businesses have failed to secure their networks from increasingly aggressive hackers. For more information we have included a link below to a blog which gives some detailed information on this new threat.

https://www.wordfence.com/blog/2017/06/petya-ransomware/?utm_source=list&utm_medium=email&utm_campaign=062717-2

Copy and paste the link in your browser's address bar.

Because even the best efforts to prevent infection are occasionally thwarted, it is imperative that one have backups of data. Best business practice is to have a local backup as well as a cloud backup. If a local area network gets infected the chances are the local backup will also be affected. Having a cloud backup can save the day!

Another best business practice is to have a secondary domain controller in the cloud. Having this will save many hours and even days of downtime if your server needs to be restored.

Both the cloud backup and the backup domain controller are inexpensive precautions. PowerOne can help answer any questions on either or both options and even get you set up today.


The Pros and Cons of Moving Your Email Services to the Cloud

Email is an essential communication tool for most businesses. While email services have traditionally been provided on-premises, an increasing number of companies are moving their email services to the cloud. Almost 60 percent of businesses worldwide now use either Microsoft Office 365 or Google G Suite, according to the Bitglass 2016 Cloud Adoption Report. Office 365 is deployed in 34.8 percent of organizations, while G Suite is used by 24.5 percent.

A key motivator for making the move, especially for small and midsize businesses, is reducing costs. However, if you are considering moving your business's email services to Office 365, G Suite, or another service provider, you should weigh all the pros and cons.

The Advantages

Between 2015 and 2016, Office 365 and G Suite usage rose 11 percent, according to the Bitglass 2016 Cloud Adoption Report. This increase is largely due to the advantages that online email services offer, including:

  • A secure email environment: Storing data in the cloud is a relatively secure practice, according to experts. Plus, cloud computing has matured to the point where there are now standards (e.g., ISO/IEC 27018) that service providers can follow to prove they are properly handling data in a secure manner.
  • Reduced capital expenditures and human resource costs: When companies use online email services, they do not need to purchase servers or software licenses. Plus, they do not have to pay staff to manage and maintain the email environment.
  • High reliability and availability: Most cloud-based email service providers have redundant systems to ensure their email services are highly reliable and available. For instance, both Office 365 and G Suite guarantee 99.9 percent uptime.
  • Built-in backups and archiving: Businesses that use online email services do not have to worry about backing up and archiving emails. The service providers automatically take care of these tasks. Plus, the backup files are stored off-site, which is an important aspect of any disaster recovery plan.
  • Effortless scalability: With cloud-based email services, companies only have to pay for the email services they currently need. If their business grows, they simply need to contact their service provider to scale up their email services.

The Disadvantages

While using cloud-based email services has many advantages, it is not without some drawbacks, such as:

  • Data not managed and maintained by employees: When businesses host their own email services, they get to select the employees responsible for managing and maintaining the email environment. With online email services, the provider takes on these responsibilities and businesses have no control over who is working with their data.
  • No Internet, no email service: With cloud-based email services, no Internet service means employees cannot send or receive emails internally or externally. In contrast, with an on-premises email server, users can still send and receive emails internally (i.e., within the company's local area network) when the Internet goes down. External emails still cannot be sent or received, though.
  • Some loss of control: When businesses use online email services, they lose control over some aspects of their email environment. For instance, they have no control over where their data is being stored and when software upgrades are applied.
  • Fees add up: Over time, the subscription fees for online email services add up. On top of the basic fee, service providers often charge additional fees to perform administrative tasks, such as adding or removing mailboxes.

You Should Weigh the Pros and Cons

Whether moving your email services to the cloud makes sense for your business will depend on many factors, including the number of employees, types of emails sent and received (e.g., whether they often contain sensitive data), and your IT environment. PowerOne can help you weigh the pros and cons based on your business's needs.


5 IT Security Mistakes That Businesses Often Make

Computing technologies are constantly changing and extremely complex. Securing IT systems in this environment is challenging, especially for small and midsize businesses. They often do not have the time or resources to keep up with technological changes, the latest security threats, and the best ways to mitigate those threats. As a result, they often slip up when it comes to IT security.

Here are five IT security mistakes that small and midsize businesses often make and how to avoid them:

1. Not Using Anti-Malware Software

With 600 million malicious programs in existence, not having anti-malware software installed on all the computers in a business is extremely risky. Anti-malware software is designed to stop malicious code from running on computers, providing an important line of defense against cyberattacks. While it won't stop zero-day malware attacks (i.e., attacks involving brand new malicious programs), it will stop previously identified malware. Hackers like to use existing malware because it saves them time. Plus, they already know it's effective on unprotected machines.

All anti-malware applications are not created equal, though. You should use one that detects different types of malware, including ransomware, spyware, and viruses. You also need to make sure that the anti-malware software is being updated regularly. Computers with missing anti-malware software updates are vulnerable to cyberattacks.

2. Having Bad Password Habits

Employees often have bad password habits, such as using weak passwords like "12345678", "qwertyuiop", and "starwars". Cybercriminals can easily hack weak passwords using brute-force password-cracking tools. Employees also commonly use the same password (or variations of it) for several accounts. Hackers know that people reuse passwords, so once they obtain a password for one account, they will try it for other accounts.

In addition to using weak passwords for employee and service accounts, businesses often use the default passwords that network devices (e.g., routers, appliances) ship with. This is a dangerous practice, as hackers are familiar with these default passwords.

Educating everyone on how to create unique, strong passwords is one way to combat the password problem. However, due to the sheer number of passwords people need to remember, they might resort to their old habits or even start writing down passwords. For this reason, you might consider using a password manager designed for businesses. Another measure you can take is using two-step verification for accounts when possible.

3. Leaving Software and Firmware Unpatched

Security vulnerabilities are often discovered in software and firmware. In response, vendors typically release updates that fix the flaws. If the patches are not installed, cybercriminals can exploit the vulnerabilities to gain access to the software and firmware. Using that access, hackers can install malware or perform other malicious acts.

To avoid this situation, it is important to install all the security patches that have been released for the software and firmware used by your business. This might seem like a tall order, but the consequences of not doing so are too serious to ignore.

Besides installing patches, you need to make sure that all your applications are still supported by their vendors. Like any product, software programs have lifecycles. When an application reaches the end of its lifecycle, the vendor will no longer issue any type of updates for it, including patches that fix newly discovered security vulnerabilities. Many cybercriminals keep track of when vendors stop supporting popular applications. Once the support has ended, they launch new cyberattacks that target those applications.

4. Neglecting to Secure Mobile Devices

Using mobile devices for work has advantages, regardless of whether those devices are company-provided or personal. Employees can access business emails, data, and applications at any time from almost anywhere. The flexibility and convenience often improve employee productivity.

However, mobile devices that are not properly secured can put businesses at risk. In 2016, the number of malware attacks against mobile devices rose sharply, and security researchersexpect the number to continue to rise in 2017. Even worse, these devices are increasingly being used as entry points into businesses' networks. Security experts predict that one in five employees will cause network breaches in 2017. Unknowingly, these employees will either upload malware from their mobile devices to their companies' networks or expose network credentials when they log in from malicious Wi-Fi hotspots.

To prevent these types of problems, you need to make sure that your business has a comprehensive plan to secure your mobile devices. What it should cover depends on whether your employees use company-provided mobile devices, their own personal devices, or both.

5. Ignoring the Human Element in IT Security

Hackers take advantage of the fact that many companies ignore the human element in IT security. By tricking employees into divulging sensitive data, clicking dangerous links, and opening malicious attachments, cybercriminals can get past security systems and perform malicious acts. Untrained employees and phishing attacks are the top two causes of data leaks in companies, according to a 2016 report on IT security risks.

Your employees, however, do not have to be a weak spot. They can provide a formidable line of defense against cybercrime if you educate them about common security threats and teach them some basic skills, such as how to spot spear phishing emails.

Unfortunately, no amount of training will help combat insider attacks, which account for 7 percent of data leaks in companies. An effective way to address insider threats is to follow the principle of least privilege — that is, limiting employees' access to the minimal level that will allow them to perform their job duties. Using access control tools is also effective.

The Next Step

Knowing about the common security mistakes made by small and midsize businesses is the first step in avoiding them. The next step is to start taking measures to prevent them. You might have some of them in place already, such as having anti-malware software installed. We can help you with the rest so that your IT systems stay secure.