Information Technology News & Information

Ransomware is Dangerous, Even Police Departments are Not Immune

Protecting police departments, and any other computer systems from ransomware require that the agencies practice good computer hygiene. Across the United States, police departments have been the victims of scammers using ransomware. Ransomware is a type of malware that results from a successful phishing scheme or as part of a download from a site that is infected. Infected computers and computer systems are locked, for it to be unlocked, the victim must pay a “ransom” to the group or person who infected your computer and computer system. For police departments that paid the ransom, the ransom demand was well under $5,000, usually somewhere in the neighborhood of $300 to $500 dollars. Failure to pay can result in destruction of files, including those containing evidence, witness statements, crime scene photos and more Why Are Police Departments Preferred Targets? In 2016, police departments in at least seven states were victims of ransomware. Many are small offices running antiquated computer systems with infrequent, if any, system backups. Since the amounts ransomware criminals ask for is usually just a few hundred dollars, ransoms are often the easiest and cheapest solution to a ransomware virus. Yet, computer security experts warn, paying ransoms is not a good option as it only encourages criminals to make additional attacks. Ransom is usually asked for in Bitcoins, a popular online currency. The cyber gangs even include helpful directions on how to purchase and send the ransom (in bitcoins) It is usual for the cyber gang to honor their promise of returning control to victimized police departments. Their customer service rivals that of upscale retailers and other high-end businesses. In fact, some of the gangs offer a free demonstration proving they can unlock your computer system – they open one file for you at no charge! According to federal agencies, the attacks come from Eastern European cyber gangs. Finding and identifying these gangs is a major problem as the viruses are now nearly 100% automated. However, these same agencies know they cannot prevent ransomware attacks, catch the criminals using ransomware, nor get the data back. Some viruses are so complicated that even the FBI suggests paying the ransom. Though, the FBI states all they do is give options to police departments that are: Restore data using a current backup Contact a firm specializing in cyber crimes Pay the ransom Personal Identifying Information Compromised When Police are Victims of Ransomware Besides disrupting police departments, some of the data is highly personal. This includes reports of rape, domestic abuse and even open cases concerning sexual assault of children Fortunately, protecting police departments from is easy. How the Police Can Avoid Ransomware Protecting police departments, and any other computer systems from ransomware require that the agencies practice good computer hygiene. Good computer hygiene includes: Keep anti-virus software active and updated. Doing this allows your system to proactively protect your department from ransomware. Programs and operating systems often have updates. Install them as soon as you learn they are available. Frequently, attackers exploit security holes for which patches are already available, installing them when received makes your department less vulnerable to malware. Backups are best done daily, and one copy should be stored offline. This allows you to rebuild your data and restore your programs without paying a ransom. Educate employees that any email from an unknown sender is “suspicious” and should be trashed without opening. Police departments should consider using a managed service provider for security issues. {company} is an experienced provider of IT security managed services. We are in {city} and can be reached at {phone} or {email}.

Information Technology News & Information

What Your Business Should Know About the Ransomware Threat

Ransomware presents a growing threat to business across industries and understanding how the risk could affect your firm is key to avoiding potentially devastating damage. Having emerged as a serious threat only in the past few years, ransomware and its associated risks remain generally less well-known than other malware, leaving many businesses vulnerable to ransomware attacks. Simply put, Ransomware is a kind of malware that attempts to extort money from the infected user by locking the user out of individual files or his entire computer until payment is made. The threat that ransomware poses to businesses across industries is potentially staggering, and understanding the risks involved is key to preventing significant damage from a ransomware infection. Insurance giant Beazley recently released a report detailing the effects of ransomware attacks across a variety of industries. Based on their findings, the threat of ransomware has grown rapidly in the past year, with four times the number of attacks in 2016 as compared with 2015; this trend is expected to continue into 2017 with attacks doubling again over the course of the year. A recent Symantec study uncovered that, beyond generally increasing in number, ransomware attacks are increasingly targeting corporations and business rather than individual consumers. How might this increase in ransomware attacks affect your business? As Beazley notes, attacks tend to be concentrated during particular times of the year when companies are more vulnerable, such as during critical shopping periods, at the conclusion of fiscal quarters and at the time of IT system freezes. Preparing your business’ IT security to focus on protection during such critical periods can help limit your exposure to a crippling ransomware attack. Understanding your industry’s particular risk can also help you intelligently prepare for a ransomware infection. As Symantec notes, the services industry is the most targeted business sector, accounting for 38 percent of all ransomware attacks on companies; the manufacturing, public administration and finance, insurance and real estate sectors were also heavily targeted, making up 37 percent of attacks altogether. Businesses across sectors can protect themselves from ransomware by keeping their security software and operating system up to date; software updates are frequently released that contain patches aimed at fixing newly-recognized security vulnerabilities that ransomware can exploit. Remaining vigilant with incoming emails is also key as email continues to be one of the most used infection methods. Delete suspicious emails without opening them, particularly if they contain attachments or links or ask you to enable macros to view the email’s content. Ultimately, however, backing up any critical data necessary for the operation of your business is the single best way to guard against the ransomware threat. Ransomware attackers rely on your business’ need to recover important files that are held hostage by their malware, and having a backup copy of these files allows you to focus on removing the source of the infection without worrying about the loss of critical data. Concerned that your current IT security leaves your company’s sensitive files exposed to a ransomware attack? The security experts at {city}’s {company} can help you understand the threats that your business

Information Technology News & Information

Wisdom Wednesday: Twelve Shortcuts Saving Maximum Time Using Microsoft Outlook

The latest version of Microsoft Outlook is designed to be a personal information manager, not just email. Learn the shortcut tricks and a user can become a power communicator very quickly.   While many wish there might be another choice, it is unlikely that Microsoft Outlook as a user interface is going to go away anytime soon in the workplace. In this regard, those who see the long perspective focus far more on how to use Microsoft Outlook effectively versus trying to replace it. And that’s where power users are really pushing the boundaries of the tool for maximum performance and the least amount of time communicating. Here are 12 shortcuts that really stretch Outlook for what it can do for a user: Keyboard Shortcuts – Yes, there are menu commands. However, it’s those who know the keyboard shortcuts who really get things done amazingly fast. Shortcuts go direct to the function needed, and it doesn’t take long to get used to them. Beginners often just print out a cheat sheet. Quick Steps – In addition to the keyboard shortcuts, Outlook has a number of Quick Steps. Started with the 2010 version, this is the macro version of shortcuts. They are customizable, so you can make personal multi-step tasks that happen with one code versus three or four menus. The Clipboard Email Creator – A neat feature, one puts the text in the clipboard and then with Ctrl-V Outlook will automatically convert it into a message, calendar post, or contact entry. Email Shortcuts – Outlook comes with a number of built-in sorting features for fast locating of a given email message. Learning them allows a user to control the mass of messages that come in daily. Limiting Notices – A default notice in Outlook will notice every new email, but these can be limited to just high priority parties, cutting down time and focusing attention better. It’s a simple rule creation in Outlook. Flagging – Ever had an important email that you needed to find later but couldn’t? Red flagging makes it easy to find a pin in a haystack of messages. Template Powering – Saved email templates for commonly sent emails cuts down a great deal of time, and it protects messaging when protocols have to be followed. Folders – Simple but effecting, active sorting of emails into labeled folders makes them extremely easy to find, segmenting out other emails not needed at the time. Quick Message Saving – Many people use cut and paste or printing to an Adobe PDF file to save a message. Instead, one can just drag it to the desktop which changes the email to a .MSG format file, easy to open in Outlook. Utilize All the Features – Outlook isn’t just email, it’s also a task-minder, calendar and journal. Don’t ignore them. Use Priority Tagging – Outlook has a number of priority fields and color coding for tagging. Using these make it easy to sort and filter items for what’s critical versus fluff. Natural Language – The software includes a feature where natural language can be typed in to the date field. For example, type in “Christmas” or “four days from today” and Outlook will recognize it on the calendar and implement the item.

Information Technology News & Information

Weekly Tech Tip: Make backup copies of important business data and information

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.

Information Technology News & Information

Wisdom Wednesday: Out Of Office In Microsoft Outlook

How Do I Set My Out Of Office In Microsoft Outlook To Only Send From One Date To Another? In Outlook, click on File, Info then select Automatic Replies (Out of Office). Click on Send Automatic Replies and check the Only send during this time range check box. Specify a start and end time for the reply to activate and deactivate using the Start time and End time fields.

Information Technology News & Information

Speed Savvy: How To Salvage A Slow Computer

Speeding up your computer is essential for succeeding in today’s fast-paced world. It can be as simple as closing other browsers or as complex as finding and eliminating malware. In the modern business world, time is money, which means that a slow computer can actually cost you! Systems slowdowns may stem from a variety of causes. To narrow these down and speed your computer up, try: Browser Basics One of the most common, and most easily remedied, sources of slow network service is only leaving too many browsers open for long periods. Even if you are not actively using the browsers, they eat up processing power, slowing your device with every additional program you use. Thus whenever you are finished with the website or don’t plan to return to it for more than 10 minutes, close it. To ensure that you do not leave browsers open for extended periods of time, turn your computer off every night before you go to bed. Sifting Through Startups In addition to browsers that you intentionally open and fail to close, your computer may also suffer from software that opens automatically when you turn it on. Email accounts, music services, and other programs often open on their own, and the longer you leave them up, the more they will impair your system. To minimize this problem, close any automatic programs as soon as you log in or once you’ve finished using them. You can also reset your computer’s startup log to not open so many programs, though you should consult an IT professional before doing so. Memory Management The less hard drive space your computer has, the slower it will be. You can free up extra space by: Deleting videos and photo albums once you’ve uploaded them to social media Move files from your computer to the cloud Use a disk cleanup program to remove whole categories of files Eliminate cookies and other temporary files Find and remove duplicate and redundant files Empty your trash regularly, so the files you delete are actually gone In addition to deleting files, you can also install a larger hard drive or extra RAM to instantly increase space. Viable Visuals Animations, window transparency, drop shadows, and other visual effects may be stylish and convenient, but they eat up extra processing power and slow your computer. Luckily, most systems allow you to disable these altogether or on a case-by-case basis, letting you balance style with speed. Virus Vigilance If none of the previous measures work, you may be dealing with a virus or other malicious program. Such a problem is far more severe than a mere computer slowdown. Malware presents a direct threat to you and your business contacts, stealing information and encrypting important files. If you think you have downloaded a virus, contact an IT expert to identify and remove it. Consumer-grade antivirus software often isn’t enough to solve the problem, but a qualified professional can find and eliminate the most pernicious modern programs. {company} promotes speed and security throughout {city}. For more information or to schedule service, contact us at {email} or {phone} today!

Information Technology News & Information

Salvaging Security: MJ Freeway Struggles To Recover From Data Breach

Understanding the MJ Freeway attack is the key to avoiding future attacks, protecting privacy, and safeguarding public health Cyberattacks are always dangerous, and when they affect the medical industry, they severely compromise public health and confidentiality. The recent attack on MJ Freeway demonstrates just how sensitive medical data is, reinforcing the need for effective data storage and security: Attack Analysis MJ Freeway is a Colorado-based tracking software company that caters to medical marijuana dispensaries across the United States. On 8 January 2016, the company suffered a severe hack, losing records from more than a thousand of their clients in 23 different states. Such an attack would severely disrupt any business but has been particularly damaging for cannabis dispensaries, as state regulations require them to provide clear records of all sales and inventory changes. Though some affected clients were able to continue business using traditional tracking methods, many had to shut down, depriving their customers of treatment. In addition to short-term market disruption, the attack also may have compromised the privacy of millions of medical marijuana patients. Because of the negative perceptions associated with cannabis, many medical marijuana users do not reveal their treatments in public. If the attackers stole patient information, they could publicize it at any time. MJ Freeway insists that its client data is encrypted, but many clients are unconvinced, pointing out that the attackers could have stolen the encryption codes. If this is true, the attackers could continue to do damage for months or years in the future. Future Fixes Whatever ultimately results from the MJ Freeway attack, it serves as a wake-up call for all businesses that handle sensitive information. To minimize your firm’s risk and keep clients’ data safe, remember to: Rely On Redundancy– It’s essential to backup vital information in a separate system that is isolated from your primary storage, but can be easily accessed when it is needed. This will allow you to quickly restore service after an attack, minimizing the length and cost of disruption. Decrypt Diligently– The information needed to decrypt sensitive data should always be kept separate from the encrypted data itself. This way, even if an attacker is able to steal your data, you can be confident that they will not be able to read any of it. Modernize Methodically– Hackers are constantly developing new, more efficient ways to attack you. Old security measures thus quickly become obsolete, requiring you to install new software. Whenever an update is available for your operating system, make it, especially if it relates directly to security. Streamline Security– Cybersecurity methods are most useful if you develop a single, consistent policy for all your employees. Set clear rules for the activities employees can perform on company devices or over the office WiFi, and vigorously enforce them. This prevents individual carelessness from compromising your security. Don’t leave your {city} company vulnerable to cyberattacks. Contact {company} today at {phone} or {email} for effective, affordable security solutions.

Information Technology News & Information

Not A Day For Phishing

Looking Out For New Gmail Scams Gmail and other email services are all vulnerable to increasing phishing scams. Learn what to look out for and how to safeguard your personal account and business.   As current events have shown, even the upper echelons of American governance have been vulnerable to phishing scams. The Democratic National Committee’s official email accounts were recently the target of an effective phishing campaign, leaving us all to question the ways in which we’re vulnerable to cyber attacks. A new extremely active phishing technique, aimed at Gmail and other email services, is being implemented to nab log-in credentials that are designed to fool even the most educated digital users. The scam works by hackers sending out emails via hacked accounts to those users’ contact lists. Many of the emails include an image that looks like it could be an attachment, though when the image is clicked on, instead of a preview of the file, a new tab opens with a mock prompt from Gmail to sign into the email account again. Even the URL mimics an actual Gmail page: accounts.google.com. The sign in appears to be perfectly legitimate, though once a user signs on, they compromise their email account and with it other sensitive personal information. Hackers are then able to spread the scam immediately to others in your contact list with the access to your email. To protect yourself from such attacks you have to change what you’ve always known in regards to cross checking phony-seeming links and emails. As this phishing scam mimics the URL of an actual, reputable website, you can’t always double check by just looking at the link. If you see the following text before the https beginning of the URL: data: text/HTML, this signifies a scam link. As a rule of thumb whenever you log-in to an email service website, or any site asking for credentials, be sure to check the browser location bar and corroborate both the protocol and the hostname for legitimacy. For a Gmail account, it should read like this: https://accounts.google.com/ServiceLogin?… Verify that there isn’t additional text between the hostname “accounts.google.com” aside from “https://” and the lock symbol on the location bar, which should appear as green if you’re safe, as Google relies on this function to signify a secure site. Also, consider enabling two-step or two-factor authentication on your email service. This makes it harder for hackers to sign-in to your account even if they have your password. If you’re unsure of whether your email account may have been the subject of a phishing scam in the past, it’s a good idea to change your password anyway. A function on Gmail allows you to see log-in activity to find out if any other users have been logging into your account without your knowledge. This can be accessed through Gmail’s support page, view the Details icon at the bottom of your inbox. If you uncover any log-ins from places where you haven’t been or any active sessions from undetermined sources you can actively remove those sessions. Raising your awareness of this issue and staying vigilant on good digital practices can help to ensure the safety and security of your email accounts and personal data.

Information Technology News & Information

Instagram — How We Give Away Rights through Online TOS

What happens when the TOS for Instagram is rewritten in plain English? For teens, it is an eye opener, but what about for adults? Is your company at risk because of terminology in TOS statements? Read on to discover what we give away when we agree to a TOS for social media. In an article that ran in the Washington Post, Amy Wang explains what happened when a lawyer rewrote Instagram’s terms of use so that teens could understand their privacy rights. Wang exposes a truth when she asks the question, how much to teens know about the legal implications of agreeing to TOS statements. She points out that it is the language and the length of those documents which makes them unreadable and we wondered if that was not the point of those long and complicated terms of use statements. How many adults actually read the terms of use before happily agreeing to whatever they ask of us? The reality is not many people. Yet, in a world where we are highly concerned about internet virus and spyware we give online sites like Facebook, Pinterest, and Instagram almost free reign to use our personal information, photographs, and post, even when we think those posts are private, for their own purposes. What that means is that many social media sites can reprint our private messages and make them available to the public. Yes, that is what you agreed to when you clicked that little box that said: “I have read and agree to the terms of use.” Designed to be Difficult Privacy terms are important, and we should read them. They are in fact, a contract of sorts and they outline what we should expect from a service and what we give permission to said service. If you had a client contract that needed your signature on it, you’d likely have it reviewed by legal counsel. What is sad is that it would take a lawyer to explain to most adults what we agree to in a TOS statement. That is very much the point of these legal documents. The companies that write them bank on the fact that we internet users want their service more than we want our rights. They are not wrong. Most of us sign away our rights quickly and without even scanning the TOS. We have no idea what we have given away. The Teens and Instagram’s TOS What Wang discloses in her article is that teens were shocked at the permission that they gave to Instagram. Teens, like many adults, think that the word private means just that. A private message on social media is not private, and the platform has the right to republish those private messages with your name attached to them. Egads! The revelation of understanding that what we just said about Mary could become the next viral post with our name attached not only freaks out teens, it freaks out adults. Nothing on social media is truly private. Does that knowledge change our behavior? For many teens, knowing is half of the battle. What do the Terms of Use do for Businesses? In a world where online brings danger from the virus, malware, and ransomware it seems odd that we would so freely give away the gate key to our data. One of the means by which to protect our data is to employ security measures that protect our private information. Yet when it comes to online TOS, we gladly hand over permission to use our information. That inconsistency is dangerous. At {company} we work with {city} businesses just like yours to discover weaknesses in IT security. We are a managed IT company and our services help businesses build better security while gaining access to robust tools and software. If your business is concerned about TOS disclosures and internet dangers, then {email} or call us. {phone} We have solutions to your Internet needs and concerns.

Information Technology News & Information

Is Your Dental Practice Protected Against a Data Breach?

To keep your dental practice secure from a data breach, you have to be proactive. Train your staff regarding password changes, and limit access to the internet. Keeping the information of your patients secured is essential when you run a dental practice. The amount of information you have can be used to steal the identity of your patients if your data is breached, leaving your patients vulnerable to attack. If you have data breach in your practice, you have some obligations that you must fulfill. If you have more than 500 patients in your practice who had data stolen, your responsibilities grow even larger. When You Have More than 500 Patients and a Data Breach You have to have a solid understanding of the Health Insurance Portability and Accountability Act (HIPPA) breach notification rule no matter how your client data is stolen. Whether a hacker was able to get into your system remotely, you were the victim of a ransomware attack, or an individual took a laptop and has access to all of your patients, all of these are a data breach. You must follow the data breach notification rule, or you can be subject to fines and penalties for not notifying your patients appropriately. The steps you need to take when there has been a data breach includes: Thoroughly investigating what happened, and identifying any protected information that may have been stolen. Categorize patients by state, age and whether they are living or deceased. Each category has different requirements for notification. You must notify each patient appropriately regarding the data breach. You are responsible for setting up a call center for patients to ask if they have any questions regarding the breach. You must offer to provide an identity monitoring service to your patients. HIPPA requires you to provide a press release for the local media. You need to file a report to Health and Human Services about the breach within 60 days. It is tedious to deal with a security breach, and you’ll need to continue to run your practice at the same time. You can be better prepared against a security breach if you take the time to work with IT and learn how to better secure sensitive patient information. To keep your dental practice records better protected against a security breach, you should: Limit access to the internet on computers that store critical patient data. Create strong passwords, and change out system passwords every 90 days. Never store the credit card data of any of your patients in the system. Practice that a data breach has occurred. Take the steps necessary to identify who would be responsible for each part of dealing with the breach. Understand that dealing with a violation can be very costly, even for a successful practice. Consider getting the coverage you need to protect your assets in the event of a security breach. The health industry is very susceptible to data breaches because of the sensitive nature of the information collected. Roughly one-third of patients who receive medical care will be involved in a data violation of some kind. This is why it’s important to leave as much sensitive information as possible out of a medical record and to limit the amount of time computers within your office are connected to the internet. Your system should be screened periodically to check for any suspicious behavior, and passwords changed at least every 90 days to keep your data secure.