Blog

If you had to make a list of the most pressing threats that Internet users face today, ransomware would undoubtedly be right at the top. Now, thanks to a massive zero-day attack by a particularly tricky group of hackers, Microsoft Office 365 users in particular need to be incredibly careful moving forward.

What is Ransomware?

At its core, ransomware operates a lot like a traditional computer virus with a particularly sinister twist. When a rogue piece of software is downloaded and executed on a user’s computer, it snaps into action and actually encrypts the contents of that drive almost immediately. Encryption essentially “scrambles” information, making it impossible to get at a particular block of data without the appropriate encryption key.

Because only hackers have the encryption key, this essentially locks a user out of their own data. Their only choice is to pay a predetermined “ransom” to get access to the keys and to get their information back, but even this is not a guarantee.

Why Office 365 Users Should Care

Previously, ransomware only targeted files stored locally on a computer’s hard drive – meaning that anything that was stored in Microsoft Office 365 or another cloud-based service would be unaffected. According to a new report published by Avanan, however, this is no longer the case. Even though Office 365 has a number of sophisticated security tools built-in designed to prevent exactly this type of thing from happening, new variants of the “Cerber Ransomware” strain are now going after Office 365 email users in particular.

This means that if you were previously counting on Office 365 to alert you to any vulnerabilities and to prevent this type of thing from occurring, you’re out of luck. It is now more important than ever to follow Internet safety best practices and, if you’re a business owner, to educate your own employees of the same.

By far, one of the best ways to avoid becoming a target of ransomware is to avoid downloading files from senders that you are not already familiar with. If you get a random email out of the blue that has a file attached, do NOT download it and execute it on your computer. Also be on the lookout for clear signs of phishing and other types of SPAM email that could have these files hidden inside.

Regular backups to a secure, off-site location are also important as if you DO fall victim to a ransomware attack, these could be your only way to get things back up and running again when you come out safely on the other side. Even if your entire hard drive is encrypted, you can still wipe the entire operating system and start from scratch. You can then restore your system using the most recently available backup copies, circumnavigating the ransomware’s encryption and picking right back up where you left off.

This will only work, however, if the backups are stored in a secondary location NOT connected to the host computer. If they are only stored in a separate location on the same hard drive, they too will be compromised during the attack.

At InfiNet Solutions, we’re incredibly proud that you’ve chosen us as your go to source for all of the technology tips, tricks, news and other information that you need to run the type of business you’ve always wanted. If you’re looking for more information about this or any of the other important industry topics that we’ve covered, please feel free to send us an email at [email protected] or to give us a phone call at (402) 895--5777 today to speak to someone in more detail.

The manufacturing sector of our economy at large presents many challenges for business owners who plan on keeping data regarding proprietary information on goods and production methods safe and secure. Consumer goods in particular are big business, but can also present a major liability in terms of data center and networking security, compliance issues, and data theft. Theft of trade secrets and intellectual property costs manufacturing companies untold millions per year in the aftermath of a cyberattack or other type of data theft.  And although the newly-penned Defend Trade Secrets Act (DTSA) provides some relief in the form of federal civil action in the event of substantial trade data absconding by hackers and data thieves, the best action for SMEs and large corporations under the aegis of complete data protection surety is to have managed IT services in place.

A Clear and Present Danger

According to a Verizon Data Breach Investigation Report in 2014, “Companies in manufacturing are most likely to face security threats such as cyber espionage, denial of service and Web applications attacks.” Their 2016 report shows how emergent and critical the data breach threats to companies in the financial and manufacturing sector are. “Cyber espionage” privilege misuse is on the rise, according to Chintan Gohil speaking within Verizon’s 2016 report, referencing over 2,000 notable data breaches where Web applications in particular, are opening companies up to clear and present dangers via both infiltrators and “exfiltrators” who abuse permissions to gain access to sensitive data like manufacturing trade secrets which can cost companies millions.

Hard Statistics

A 2015 global study surveyed 9,700 executives worldwide in the business and technology sectors. When examined on a by-industry basis, the study reveals that around 75% of the industrial manufacturing entities said they detected notable security incidents in the preceding 12-month period. Roughly 20% reported they had detected 50 or more such incidents, while 18% said they had noted between 10 and 49 security threats. One rather shocking statistic on this point shows that 36% of the business leaders surveyed identified employees as the number one potential data security threat.

Reliable Protection

Based on the clear evidence that manufacturing companies are facing the greatest threat to their IT networks yet in 2016, in the form of cyber espionage, or spying, which has underscored the need for significant investiture in shoring up holes in cyber defense and security. Other threats are, as mentioned, employee data breaches, which are the result of poorly managed or mismanaged mobile devices and data centers. Mobile device management (MDM) goes a long way in keeping employee cell phones, iPads, smartphones, and other mobile devices encrypted and protected from proprietary data theft. Getting reliable protection for your mobile devices and network entire is simply a matter of finding an IT services firm who acts as an outsourced team player. Often less expensive than hiring and training an IT department in-house, having an information technology MSP in your corner day and night, 24/7/365 acts as the first and last line of defense between you and trade secrets theft that could mean millions in litigation and recovery time cost.

Trust the IT Professionals

It’s worth the investment in solid IT security management via professionals who are up to speed on all the latest technology and techniques to keep their clients’ data centers and network safe. InfiNet Solutions is the leader in providing managed IT services in Omaha. Have questions? Call (402) 895--5777 or send us an email at [email protected].

A Match Made in Heaven

Thanks to the power of the cloud, true intelligent business disaster recovery is now easier than ever. However, this doesn’t mean that you don’t still have a lot of work ahead of you. The cloud is a tool, much like a hammer. It is very possible to use a hammer in the wrong way if you’re not careful. Only by keeping a few key things in mind will you create a cloud-based environment that supports you today and protects you in the event of a disaster tomorrow.

1. It’s All About the Long Term

Cutting corners today in terms of intelligent business disaster recovery is one of the best ways to create problems for yourself tomorrow. The cloud is only a means to an end – it is not the end itself. Companies looking into secure backup and disaster recovery solutions need to implement the cloud as part of their long term plan, not allow the cloud to BE the plan.

2. Maximize Your Existing Resources

Taking advantage of hybrid-cloud technologies is one of the best ways to not only create a true intelligent business disaster recovery solution, but to also increase the return on investment of your existing resources at the same time. Your on-premise environment doesn’t have to be replaced by the cloud just yet – instead, it can be supported.

3. In With the New

One of the great things about the cloud in general is that it is agile. By taking the time to develop a secure, multi-tenant cloud architecture, organizations not only unlock the benefits of intelligent business disaster recovery but also can create redundant or “failover” processes in house in an effort to cut costs.

4. The Cloud is Only as Good as Its Architecture

When implementing the cloud as a part of your business disaster recovery process, it is necessary to understand exactly how your enterprise applications are designed. Just replicating a virtual environment from one machine to another may not be enough to guarantee continuity in the face of a disaster. You need to understand exactly what requirements there are for each individual application to have the best chance at success moving forward.

5. Not Everything is Worth Protecting

When developing your cloud friendly business disaster recovery solution, you need to understand that not all data is created equally. If you must rely on a limited disaster recovery plan, you need to assess which applications and data are mission-critical and often used and which ones are not.

6. Disaster Recovery and Business Continuity are Not the Same Thing

The key to an intelligent business disaster recovery plan involves an understanding that disaster recovery and business continuity are two different things. Disaster recovery answers the question “how am I going to get everything back online again in the event of a disaster?” Business continuity answers the question “how do I make it appear like nothing ever happened in the first place and resume productivity” in the same situation. The cloud should service both masters simultaneously.

7. Backup + Replication = Success

Your business disaster recovery plan should always be created via a combination of on-site backup and off-site archiving to maintain durability at all times. For certain mission-critical applications, real-time replication may be necessary. For others, simple off-site backups will do. The cloud can help you accomplish both of these things at the exact same time.

Users all over the world are in agreement: InfiNet Solutions is their most trusted source for all of the technology tips, tricks and breaking news they need to get the most out of their devices and systems. To find out more information about this or any of our other topics, please contact us today at (402) 895--5777 or by sending us an email at [email protected].

Many modern day businesses that seek to leverage modern technology to their advantage have a very important decision in front of them when it comes to the cloud. They can either choose to invest heavily in the public cloud due to its cost savings and ease-of-use, or invest in the private cloud for a little more emphasis on things like security and control.

One factor that is making this choice easier than ever before is the emergence of a THIRD cloud-based platform that blends the benefits of both into one convenient package – the hybrid cloud. Embracing a hybrid IT infrastructure with open arms has the potential to revolutionize the way your business uses technology in more ways than one, bringing with it a host of different benefits that can’t be ignored.

What is the Hybrid Cloud/Hybrid IT?

As the name suggests, the hybrid cloud is essentially a combination of an internal, private cloud with an external, public one in an effort to support a particular business outcome. Taking a “one size fits all” solution to a cloud-based infrastructure has the potential to do more harm than good, particularly when it comes to cost. You may need the superior control, oversight and security that only a private cloud can bring for 30% of your data – but what about the other 70%? Do you really want to invest heavily in building your own private cloud to protect terabytes of worthless emails that are only going to be deleted soon anyway?

For situations like these, a hybrid IT infrastructure is a huge benefit in nearly all of the important ways. IT organizations can offer customers the speed, the access to capacity and the price of an external cloud, all while still maintaining the security and scalability of an internal one.

The primary goal of the hybrid IT infrastructure is a simple one. Internal clouds are used to house critical IT services, meaning the data and applications that your organization cannot survive without. Everything from client records to legacy applications and other resources are still available anywhere thanks to the freedom of the cloud, but they’re stored internally to keep everything within arm’s reach at all times. Non-critical IT services and data, on the other hand, are stored in the external cloud in an effort to increase agility.

The Benefits of Hybrid Solutions

The major benefit that hybrid solutions bring to the table that you wouldn’t get by picking only a public or private cloud is one of customization. As a business continues to grow and evolve, its IT and general infrastructure-related needs tend to change frequently. Locking yourself into a private cloud now may prove to be a needless expense as you pivot into another vertical in six months or a year and no longer need something quite so advanced. Likewise, going “all in” on a public cloud could cause you to run into issues as your clientele changes, particularly if you need to start thinking about things like compliance that the public cloud isn’t really built for.

Hybrid solutions become the best possible way to not only secure your data, but to also “future proof” your entire infrastructure to survive any dynamic technological shift you may go through. Your business selects the cloud service that fits your specific requirements TODAY and can easily ramp up or ramp down as necessary when those needs change tomorrow and beyond.

InfiNet Solutions is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at (402) 895--5777 or send us an email at [email protected] for more information.

Ransomware has gotten much more intelligent in the last year, and it now represents one of the most damaging and widespread cybersecurity threats that businesses face on a daily basis. According to SophosLabs, ransomware is now so sophisticated it can target specific countries and locations and use appropriate vernacular languages, logos, local information and payment methodologies — making the ransomware delivery email or other mechanism a believable, effective method of social engineering.

Once the social engineering is successful — usually as soon as the end user trusts their email or attachment enough to open it — the infection takes place, and the ransomware Trojan begins encrypting files behind the scenes in preparation for its typically exorbitant ransom demand.

When It Comes to Ransomware, the Numbers Don’t Lie

Just in the last year, 24 million ransomware attacks have taken place in the U.S. alone, but thousands go unreported — so the numbers are likely much higher. Approximately 390,000 malicious programs are registered daily by the AV-TEST Institute.

More than 500 known malware evasion behaviors are in existence, and around 97 percent of malware is unique — making signature-based security measures virtually useless.

Hackers Are Leveraging JavaScript and Its Extensive User Base

Lately, ransomware hackers have begun using JavaScript injections to propagate malware across the web. Since JavaScript is a language that most websites are intimately familiar with as part of their programming interface, it makes a particularly vicious attack mechanism against weakened defenses. As it is nearly impossible to enjoy any functionality while browsing the internet without JavaScript these days, most websites and browsers are sitting ducks as potential ransomware targets — and hackers, of course, exploit this weakness as often as possible.

Sticking to Browsing Legitimate, “Safe” Websites Is No Longer Enough to Protect You Against Ransomware

Don’t make the mistake of thinking that sticking to well-known, authentic websites will protect you against ransomware; the hackers have already evolved beyond that. Basically, a JavaScript-enabled ransomware attack will target a high-traffic, popular business’ website and redirect users to malicious sites without the victim’s knowledge. Once the user unknowingly visits the hacker’s site, the infection process begins.

The Latest JavaScript Ransomware Strain Is Known as “RAA,” and It Is Multi-Faceted and Ruthless

In these latest ransomware infections, JavaScript (a well-known and common programming language that’s behind the scenes in most website environments) isn’t the vehicle for download of the ransomware — it IS the ransomware, and it is ruthless in more ways than one.

RAA ransomware delivery begins with an email attachment that impersonates a legitimate Word.doc file called “invoice.txt.” Once a victim opens the attachment, the Trojan launches a series of scrambling and locking of user documents and files, all the while downloading and saving additional malicious files onto the computer.

Unfortunately, the worst part about RAA isn’t its efficiency in encrypting files and data. RAA saves the best for last, and waits until the unsuspecting victim starts logging into bank and credit card accounts to access money to pay the ransom in return for the files. It is at this point when the password-stealing Trojan comes to life, recording sensitive financial data and passwords, while the user is preoccupied with securing the ransom funds.

What Can a Business Do to Defend Against Ransomware?

To protect your business against the constantly developing threat of ransomware, you need to be proactive. Follow these four best practices to help mitigate the damage of a ransomware attack:

1. Testing: Work with a trusted IT security professional to implement an incident response plan, and test it regularly to be sure that it stays relevant and effective.
2. Training: Be sure employees are fully aware of the gravity of a ransomware threat. Train them in effective ways to avoid becoming a social engineering victim, as well as in best practices for password security and BYOD/BYON (bring your own device/network).
3. Technology: Utilize multiple backup methods, including one in the cloud, one on site, and one offsite for ultimate protection.
4. Timeliness: Have your IT managed services professional regularly and frequently update and patch software to decrease vulnerabilities.

In the face of the growing threat of ransomware to local Charlotte area businesses, Sterling Technology Solutions has extensively studied ransomware’s recent advancements and developed unique, effective solutions to help protect your valuable business assets.

InfiNet Solutions is your local Charlotte, NC cybersecurity and managed IT services expert. We specialize in protecting area North Carolina businesses from the ever-evolving threat of ransomware and other cyberattacks. If you’d like to discuss your business’s protection against the latest cybersecurity threats, contact us at (402) 895--5777 or send us an email at [email protected] for more information.

Windows 10 recently announced the addition of its Enterprise offering to its Cloud Service Provider (CSP) program. The move is good news for small and mid-sized businesses, which will now have access to Enterprise level services for the affordable sum of $7 per user per month.

Enhanced Security Features are Instrumental for Businesses of All Sizes

Microsoft announced its decision at the Worldwide Partner Conference, and highlighted the fact that small business customers, who have in the past been relegated to the Windows Pro version, have not typically had the ability to access the Enterprise edition of Windows. Historically, the primary difference between Enterprise, Pro, and Home versions has been the level of security. And lately, security has nothing to do with business size, as all businesses of all sizes are now subject to equal vulnerability from cyber attacks. Apparently, Microsoft has taken note of the non-discriminatory nature of cyber threats, and decided that small and mid-sized businesses need access to the same high-level security features as their Enterprise counterparts.

Switching From Windows Pro to Windows Enterprise Could Take as Little As Two Minutes

While Windows Enterprise has traditionally been available under a licensing model for larger corporations, that framework simply isn’t practical for small and mid-sized businesses. With the addition of the Windows 10 Enterprise-as-a-Service to Cloud Service Provider model, businesses of any size will have immediate access to the security that they need with the assistance of their managed IT services Microsoft Partner. According to Microsoft senior partner Nic Fillingham, since no reboot or additional downloads are necessary, a partner can move a client from Windows Pro to the Enterprise edition in approximately two minutes.

Windows 7, 8, and 8.1 Switch to Enterprise Is a Bit More Involved, But Worth It

If a customer is moving from Windows 7 or other previous versions, the process will be a bit more involved, but still relatively painless considering the security benefits the business will see in return. Even the smallest of organizations—down to single person operations—will get access to the latest version of Windows through their CSP or managed service provider.

Enhanced Security Features Combined With the Anniversary Update and IT Managed Services Means Powerful Protection

Windows 10 Enterprise edition brings a number of security features to the table, especially if the business user is coming from Windows 7 or other prior editions. With the confirmed Windows 10 Anniversary Update set for August 2, even more features will be added—including the long-awaited Windows Information Protection (WIP), formerly known as the Enterprise Data Protection (EDP) service. Users can expect enhanced security, identity protection, threat resistance, and information protection with the update.

WIP seems particularly useful given its app-aware functionality, which aims to encrypt content to prevent sensitive data from being inadvertently leaked. Consider these stats for perspective:

• Recent data indicates that 87% of senior managers admit to uploading work files to a personal email or cloud platform
• 58% have accidentally sent sensitive information to the wrong person
• The average cost of a data breach across all industries is $240

Probably the most valuable part of the new Windows Enterprise model is that it is integrated into its Microsoft Cloud Service Partner program, which means that as a business’ security and productivity needs evolve, it will have the valuable assistance of an experienced Microsoft Partner to guide them along the way.

InfiNet Solutions is your local Microsoft small business technology expert, specializing in Windows 10 Enterprise Edition, IT security, and Microsoft Cloud Services. Contact us at (402) 895--5777 or send us an email at [email protected] for more information.