The Technology Blog

Cyber Security – 4 Common Small Business Network Security Mistakes

By | Business Network Security | No Comments

4 Cyber Security Mistakes Commonly Made by Smalls Businesses

Bad habits can be hard to break, and that’s especially true when it comes to small businesses and cyber security. After all, it’s easy to think “that will never happen to me,” and let things slide that end up creating real security concerns.

Here are a few common business cyber security errors you should try to avoid:

1. The Post-It notes full of passwords.

Take a walk around the office. Most likely, you’ll find at least a few desks with Post-It notes full of passwords stuck to the bottom of a computer monitor. Yes, it’s convenient, but it also provides easy access to sensitive information to people who shouldn’t have it—like disgruntled employees or a thief during a break-in.

The Fix: Explain to your employees why this is a bad idea, and give them some ideas on how manage passwords safely.

Post-it notes full of passwords are one of the four most common cyber security mistakes made by small businesses

2. Out-dated operating systems.

Technology is an important part of every small business, but it’s often not a priority. That’s how things like updating operating systems slip through the cracks or get ignored until they become a serious cyber security threat. For example, do you still have systems running on Windows XP or Windows Server 2003? If you do, that creates a serious security vulnerability.

The Fix: If you’re running outdated operating systems, it’s time to transition to something more secure. As a managed IT service provider, Pros 4 Technology can help you execute a migration like this, and you can also have us take care of updates and patches going forward so you can make sure it gets done. We can identify outdated software and systems, as well as many other potential security threats during a no-cost audit of your business network.

3. Security software that never gets updated.

Do you think your business is secure because you invested in a firewall or installed antivirus software on your machines? That’s a great start, but if you didn’t take the next step and pay for subscriptions or updates to go with it, you aren’t nearly as secure as you think.

The Fix: Find out if you have the subscriptions and updates you need to keep your firewall and antivirus software as secure as possible. If you don’t, you need to get those in place as soon as possible. Consider signing on for managed IT services that include overseeing these types of updates going forward.

4. Old employees still have access.

Lax password policies and passwords that don’t expire create another security concern for SMBs. If you don’t set passwords to expire regularly, there’s a good chance a number of former employees still have access to your system. That doesn’t necessarily mean any of them will do something malicious, but why take the risk?

The Fix: Set up a solid password policy, and have passwords expire every 90 days. Yes, employees might think it’s a hassle at first, but the improved security will be worth it. While you’re at it, teach your employees the best practices for choosing a strong password that’s easy to remember but hard to guess.

Password Pitfalls

Using strong passwords is one of the easiest things you can do to help keep your data secure. While choosing an obvious phrase makes it easy to remember, it also makes it easier to guess. And there’s nothing easy about regaining control over compromised data.

Here are a few key tips on what to avoid when choosing a password:

  • Avoid a sequence such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or “1qaz2wsx,” which comprises the first two ‘columns’ of numbers and letters on a keyboard.
  • Don’t use a favorite sport or sports team as your password.
  • Don’t use your birthday or especially just your birth year. You should also avoid passwords that are just numbers.
  • Avoid using first names as passwords. Names of friends and family are particularly vulnerable.
  • Stay away from swear words and phrases, hobbies, famous athletes, car brands, and film names, which are all widely used passwords as well.
  • Avoid password reuse. If a hacker gains access to one of your accounts and all (or most) of them use the same password, you’re in trouble.

What if the worst does happen, and you experience a network security breach? With an automated, scheduled system backup you can ensure that you never lose your data. We can help you identify the source of the breach and prevent it from happening again.

Don’t leave your business wide open to hackers and other security breaches. Pros 4 Technology can help. Contact us today to schedule your No-Cost Network Audit and begin protecting your business!

Source: Intronis Industry and Tech Blog, April 22, 2015. Reprinted with permission.

CryptoLocker Virus: Small Business Network Security Threat

By | Business Network Security | No Comments

Small businesses are being targeted with CryptoLocker as often as big companies.

It’s Monday morning: you pour your coffee and sit down at your computer. A message pops up on your screen: your files have been encrypted and you can’t access them, unless you pay a ransom in untraceable bitcoin to a faceless criminal over the internet. Your computer has been infected with the CryptoLocker virus.

Shock. Panic. Confusion. Your business comes to a screeching halt.

CryptoLocker is “ransomware,” a kind of malware virus used for cyber-crime. This particular virus has become a huge threat for small businesses, where network security is typically far more lax than larger corporations, and data backups may not be available. Ransomware viruses work by encrypting files on the compromised computer. They start slowly… locking up files that you may not use all the time. Maybe you try to open one and get a message that says the file is corrupt, but you shrug it off. Eventually, the ransomware encrypts all the files on your computer, making them inaccessible.

When the dirty work is complete, a message pops up on your screen that says “Your important files were encrypted with CryptoLocker virus. The only way to get your files back is to buy our decryption software.” If you pay the ransom, you are given a decryption key. If you don’t, you may lose your files forever. If you try to remove the malware, there is no way to retrieve them. If the infected computer has network access, ransomware can infect your entire server, and the ransom amount typically goes up with the number of files that are encrypted.

CryptoLocker warning message Pros 4 Technology Plymouth Wisconsin

Many people we talk to have no idea that this type of computer virus is out there, or that it could happen to them. Cybersecurity and network security deficiencies that can expose your data to cyberattack by CryptoLocker and other viruses are some of the most important things we uncover with our No-Cost Network Audit for new clients. Current Pros 4 Technology clients with Managed IT Services rely on constant network monitoring to identify issues and threats early, before they can devastate their business.

Common network security vulnerabilities we identify include:

  • Firewall problems: sometimes there is no firewall. More often, a firewall has been installed properly, but it has actually been turned off by a frustrated user in an attempt to make some piece of software work.
  • Anti-virus issues: Most businesses have an anti-virus program installed, but you wouldn’t believe how often we discover that no updates have been installed. The bad guys are always coming up with new ways to break into your computers, and the anti-virus software developers are constantly updating their programs to find the new cyberattack threats. If you don’t install the updates, there is no way to find and remove those new viruses.
  • Risky employee practices: We want to trust our employees, but the fact remains that human error is the single biggest cause of computer virus infection. Sometimes it is as innocent as employees being gullible enough to open a suspicious email attachment, or click a link in a spam email. Visiting inappropriate websites can be a source of exposure as well.

Would you believe that our team fields calls about ransomware 2-3 times per week?

Imagine if ALL your business data was locked up. All your emails. All your invoices. All your client files. Would you pay the ransom? Would you have a choice?

Pros 4 Technology clients DO have a choice. We make sure that every client’s anti-virus protection, firewall, and network security is fully updated and functioning to prevent exposure to cyber-attack from malware and viruses, including CryptoLocker and other ransomware. Our Managed IT Services include constant monitoring of client networks that allows us to identify and address problems and threats early, before they can devastate a company.

Despite these precautions, sometimes ransomware still finds its way on to workstations. Employees can expose their work computers by opening an email with a malicious attachment or even by visiting certain websites. The mechanisms for infection are constantly changing. It’s critical to design employee network accessibility to minimize the potential for infection of your entire network by a single workstation.

The good news – Pros 4 Technology clients don’t have to pay the ransom.

  • We are constantly looking for suspicious activity through remote monitoring of our clients’ networs. If something isn’t right, we’re notified, day or night. If one of your employees is leaving you open to cyber-attack, we can find that, too.
  • We minimize the risk to your business from any malware attack by making sure that network settings are appropriate, so one infected computer can’t bring down your entire server.
  • We make sure all of our clients are protected with updated anti-virus protection and security software.

But suppose the worst does happen, and one of our clients is greeted with an ominous ransomware message some Monday morning… what then? Our automated, scheduled system backups ensure that our clients never lose their data. By having a clean, verified backup of your files standing by, we can have you up and running in hours, without paying the bad guys.

Don’t leave your business open to this kind of extortion. Pros 4 Technology can help. Contact us today to schedule your No-Cost Network Audit and begin protecting your business!