Mannassi IT Solutions

Blog

What's happening.

Posts tagged cybersecurity
The Good, The Bad, and The Ugly: 2017 in Review

As 2017 now fades into the history books, we’re reflecting on the best and worst advances (or rollbacks) in technology.

THE GOOD - Software Defined Wide Area Networking (SD-WAN)
2017 brought the explosion of SD-WAN, an amazing technology that provides high availability, failover, optimized traffic and in some cases a replacement for expensive MPLS.  SD-WAN is an affordable tech option for small and medium sized companies providing benefits once only available on an enterprise class budget.

THE BAD - Ransomware and Cyber Hacking
The worldwide pervasiveness of hacking has continued to dominate the headlines. No one is safe, whether you are a person checking your email and getting ‘spear phished’ or the Pentagon or UK National Health Service disabled by state sponsored cyber terrorism. In 2017 there didn’t seem to be anywhere safe from cyber criminals. An ounce of prevention is worth a pound of care, so in 2018 we’re doubling down on our vigorous backup and security regimens. While you can never be 100% safe, you can put a plan in place to mitigate disaster.

THE GOOD – Cloud Disaster Recovery & Business Continuity
2017 was the year the cloud really took off! Many companies have invested in comprehensive backup programs, but have not addressed what to do when disaster strikes. The ability to spin up servers and production networks in minutes as opposed to days or weeks, is now a reality with cloud solutions, making disaster recovery a minor headache instead of a full blow migraine.

THE BAD – Disrespecting The Technology
Computer networks are an integral component of every business, and you need to make sure you’ve got the tech that can do the job properly. In 2017 we still found companies buying technology that is just not suitable for business needs. From trying to get by with residential routers, or computers bought off the shelf at Best Buy. You’ve got to have the right tech to keep your company running. In 2018 don’t risk your business because you thought you were saving money. Remember the old adage: you get what you pay for.

THE GOOD – Internet of Things (IoT)
If you loved sci-fi as a kid you’ve probably been stoked by the advances in the IoT over the last several years. From vehicles with connected technology that allows manufactures and drivers to know when they need to be serviced or provide directions to the nearby gas station when the tank is running low to paying your mortgage by voice on your digital home assistant. This year was the tip of the iceberg when it comes to what the IoT can bring to businesses. In 2018 watch these connected goodies for even more exciting innovations. 

THE UGLY – Dismantling Net Neutrality
The big fight for the web in 2017 was certainly a low point. The current administration’s FCC has begun the process of removing the laws protecting Net Neutrality, paving the way for ISP’s to preference their own content and throttle competitors. With Net Neutrality rules in place you the consumer can load every website, app, video, .gif, etc., equally, regardless of where the content is hosted, or what its message is. Accessing Netflix is the same as sending a tweet. Without Net Neutrality there’s nothing to stop ISP’s from demanding premium prices for “premium” services like video streaming, or social media, or blocking content they disagree with entirely. The open internet is vital to small businesses, and freedom of speech so this threat is very unsettling. Here’s to hoping in 2018 congress can get behind a bipartisan effort to save the open internet.

What were the trends you were most fascinated by in 2017? Tweet us with your top hits and misses, and what you’re most anticipating in 2018.

No Smoke Without Fire

As of January 1st, California became the latest state to legalize recreational marijuana. With legalization spreading across the country, there have been a slew of new companies applying for licenses and permits to sell and grow marijuana. If you’ve got a plan to launch a new business in the fast-growing marijuana sector don’t forget to fortify your security. For too many new businesses security becomes a second thought until it’s too late.

Pot is, after all, a very valuable commodity. That combined with the fact that marijuana is still federally illegal, meaning financial institutions are not allowed to do business with these new dispensaries, and stores frequently have large stores of cash on hand. A comprehensive security strategy for both your data, and your physical location is a must to keep your investment safe.

It’s more than just your cash deposit and product that needs protection too. The client and patient data of your customers also needs to be protected. You’ll need a security plan that encompasses your digital environment as well as your actual physical business.

We’re experts at building affordable security systems that meet any business’s needs. Give us a call or shoot us an email if you’ve got any questions about how you can better protect your budding business.

As always, find us on Twitter and Facebook for the latest tech updates.

 

Do You Have A Krack in Your Wifi?

The latest dent in network security is the recent announcement that hackers have figured out a way to breach Wi-Fi connections on almost every single Wi-Fi enabled device. The Krack attack is a major blow to mobile security, but the good news is that iOS and Windows are not vulnerable because of the way Apple and Microsoft implement the security handshake. If you’re an unlucky Android or Linux user however, you are vulnerable.  What it all boils down to is that millions of devices are affected, including embedded devices (otherwise known as the Internet of Things). To protect yourself you need to research all of your wi-fi devices and confirm if they are on the attack list. If they are make sure to download the most recent patch, or immediately take them out of service.

Of course, you can probably tell this can be a labor-intensive process. If it’s too much to handle you can always drop us a line for assistance or advice.

As always, follow us on Twitter or Facebook for the latest tech updates from around the globe.

We Hear You Knocking, But You Can't Come In!

A vital element of network security for any company is to have a business or enterprise class firewall protecting their network. The primary firewall role, of course, is to protect computer assets and data from attack by hackers. What many people don’t realize is that hacking is going on twenty-four-seven! , Many breaches could be prevented, if only you were aware that a person or persons unknown has spend the last two weeks  attempting to break in. Just like in a heist movie, any lock can be picked given enough time, so your firewall needs to be constantly monitoring for intruders.

You need a firewall that is either setup with an intrusion prevention system (IPS) that sends out notifications when it detects significant activity on the the firewall, or the firewall is managed and monitored 24x7x365 by a security operations center, which is known as a managed firewall or security as a service (SaaS). Building a wall alone isn’t enough, hackers can be working to disassemble it brick by brick while you’re asleep!

Mannassi IT Solutions can deploy a range of firewalls from Cisco, Fortinet and SonicWall with IPS, plus we offer security as a service as part of our managed services portfolio.  Contact us to learn more about what options might be right for you.

Follow us on Twitter or Facebook to keep in the loop on the latest security updates.

This is what a phishing message looks like.
Phishing 1.jpg
Phishing 2.jpg

Think you can spot a phony message a mile away? Test yourself! Which one of these messages is real and which one is a fake?

Feeling confident in your choice? Here’s the secret: both of the above images are scam messages designed to phish your email account. That’s right. Both of these very legitimate looking emails are actually the work of a hacker.

And if that didn’t scare you, this might: both of these emails made it through the built-in email security in Office 365. Even Microsoft couldn’t spot these bad-boys! The best defense is a strong offense, so we always recommend a cloud based email security service like the award winning Proofpoint to make sure these types of messages don’t even grace your inbox with their presence.

In the meantime though, how can you spot these type of sophisticated attack emails? Here’s three tips for not getting hooked by phishing scams.

1: Triple check that email address.

More often than not a phishing email address will look very close to the real thing, but still have something slightly off. For example, instead of a name@school.edu address a scam email will come from name@schooledu.com. Many scammers will also use a domain off by only a letter or two. Instead of getting an email from name@mannassi.com you’d get one from name@manassi.com. Noticing that tiny shift can save you a major security headache!

2: Urgent action (not) required.

Emails requiring urgent action on threat of your account being shut down are also suspect. Watch out for phrasing requiring you to click an embedded link to prevent your account from being closed (or the IRS from beginning an audit).

3: Brush up on your grammar skills!

Emails containing grammatical errors or otherwise broken English are also almost certainly scams. Ever-changing tense, or addressing you in a non-traditional way, in the email is a good sign that something phishy is afoot.

Of course, the best way to prevent errant clicks in scam emails is to bar them from your inbox in the first place. That’s why for the month of October we’re offering FREE Office 365 migration with the added security bonus of a month of free Proofpoint email cloud security. Because do you really have time to triple check every email that comes your way?

Follow us on Twitter and Facebook for more cybersecurity updates!

 

Swimming with the fishes!
Cybersecurity Month Times Square COMPLETE.jpg

Phishing attacks have been ubiquitous cybersecurity threats almost since the invention of email, but in 2017 hackers have really stepped up their game.

We’ve had several clients very nearly fall victim to these suped up schemes. With spoof messages that are designed to look identical to the real thing, it can be harder and harder to spot the troublemakers lurking in your mass of unread emails.

The latest attacks seem to follow the same formula: after your email is compromised it is used to send your accounting department requests for wire transfers. These scam emails look exactly like the real deal, leaving companies playing guess and check with their security and money!

The advanced nature of phishing attacks in 2017 is why we always recommend more than just your email host’s basic security options. These advanced level attacks aren’t being caught by default email security, even in Office 365, so you need an extra layer of advanced security. We’d rather be safe than sorry by using advanced cloud email security applications like the award winning Proofpoint. These can spot those tricky spoof emails and prevent them from ever daring to enter your inbox!

October is cybersecurity awareness month, so we’re offering a special email security package! Customers who sign a new 12-month contract with Mannassi IT Solutions before October 31st will get free Office 365 migration and one month of free cloud email security with Proofpoint. The best defense is a strong offense, so reach out to us today.

Want more of the latest in cybersecurity? Follow our Facebook or Twitter @MannassiIT.

3 Little Known Security Secrets that Can Make A BIG Difference

If you’ve been following us long you know that we’re always harping on about security here at Mannassi IT Solutions. We firmly believe that a solid offense is the best defense, especially when it comes to protecting your data and by extension your business. The big threats most everyone is aware of; malware, ransomware, phishing scams etc. But what are the most overlooked security threats? Here’s three security vulnerabilities that are oft forgotten.

1: Where’s that WiFi coming from?
Ever sent a personal email over the coffee shop WiFi? It’s not secure! One of the top ways hackers can break into your laptop or cell phone is by using a public wifi connection. Not to mention, if you’re required to be HIPAA compliant, sending an email that contains ePHI over an unsecured WiFi connection is a big no no.

2: Calling all charging ports!
You’ve probably been stranded in an airport at some point in your life, with your cell battery running low and so many work emails to answer. Many airports have provided a simple solution, USB charging ports. But these ports are often home to those with nefarious purposes! A USB is a simple way to break into your device, so plugging in to a public USB connection is kind of like wearing a sign that says “KICK ME”.

3: Ma, don’t write down your password!
One of the top ways someone can get into your computer is when you’ve written down your password & stuck it to your monitor. We’ve even seen laptops with passwords stuck to the outside! Why don’t you give the neighborhood thief the keys to your car while you’re at it? Your password is your first line of defense, and should be strong as well as secret. If you really can’t manage to remember all you passwords consider using something like Keypass, which allows you to securely store the keys to everywhere your tech takes you.

There you have it! Are you guilty of any of these security faux pas? Tweet us @MannassiIT & tell us your security stories.

Respect the Tech!

I have been working with technology since 1984, and just when I think that I have seen everything another situation pops up that surprises and amazes me with the way people are so casual about their tech.  Since technology is so vital to our daily lives, you would think people would treat their computers and phones with at least a modicum of respect and attention. However, this is not usually the case.

Recently I went to see a new client and they showed me a desktop computer that had a ‘drive not found’ error. Such a serious drive error message isn’t great to begin with, but it was compounded when I asked about the backup and only got a blank stare, followed by the revelation that he has not done a backup in over 5 years. DOH! The hard drive is dead, and we have no way to restore his data.

That’s not the only tech slip up out there. Every day I hear stories about people at Starbucks sending confidential email via the free wifi. Come on people! Would you shout your social security number, address and date of birth across a crowded room? Hopefully not, so don’t do it via email either!

When investing in tech, don’t just go for the cheapest.  The saying “you get what you pay for” holds as true for tech as it does for anything else. Buying the no name brand computer, or a residential grade firewall for a business, will certainly come back and bite you in the @$$ and cost you an arm and a leg.

Networks are vulnerable to breach every minute of every day, unless you are constantly vigilant and take proactive steps to protect your systems and your data you are going to feel the pain of data loss and outages. It only takes a little extra effort to save yourself a lot of trouble.

Mannassi IT Solutions can help you find the right solutions for your business at the right price. Give us a call to chat about your options.

Follow us on twitter @MannassiIT or Facebook for all the latest on keeping your tech in great shape.

Cyber Security – A Self Inflicted Pain

The recent news of another pandemic ransomware cyber-attack and all the businesses and individuals affected, brings into sharp focus how sometimes doing the bare minimum is the same as doing nothing at all. People can take their technology for granted, assuming they are safe because they thought their operating system has been updated, without ever checking to make sure this is the case. The same goes for antivirus, how many people take the time to check to see if their anti-virus/anti-malware is current? When was the last time you double checked yours?  Most people’s answer will be “I don’t know”.  Relatively simple steps can save a lot of headache down the line, and save you from long downtimes when you can’t access your systems.

We have found that many companies run their IT security and data protection based on the “fingers crossed” concept.  They skimp on the expense of putting in proper firewalls and instead go for the cheapest option on the shelf. Then they end up wondering why their company is paralyzed by ransomware! Network security should be multi-layered, with protection for inbound email, URL filtering to stop users going to malicious web sites, business class firewalls with intrusion prevention software, end point protection for all workstations and mobile devices and most importantly a proactive approach to monitoring all of these technologies. And finally, even with all this protection, there is always a chance something will get through, so having comprehensive data protection in the form of backups that are separate from the core network, and thus out of the reach of ransomware encryption. And yes, backups need to be checked regularly, including doing test restores.

So, come on people! Stop procrastinating and going for the cheap and basic options. You need to own your cyber security and make it a way of life.

If you don’t know where to start or need help, call us! We’re happy to talk security any day.

Want more cybersecurity straight from the headlines? Follow us on twitter: @MannassiIT

Plugging potential leaks before they spring!

Many companies automatically setup a new employee’s personal smartphone with corporate email, but when the person leaves it seems that there is frequently not as much due diligence to make sure that any corporate email or data is wiped from the device. The same goes for file share and sync programs such as DropBox; confidential data can easily ‘leak’ from a company if procedures are not put in place early to make sure all corporate data is wiped from personal systems immediately upon an employee leaving the company. 

Technology such as Mobile Device Management software can bring you that level of control: it not only remotely wipes data, but is an essential tool for tracking and managing company issued mobile and portable systems.  But this software only works if you remember to use it! This is why there should be clearly documented standard operating procedures for all exiting employees.  A company like Mannassi IT Solutions can work with your HR department to design and implement onboarding and offboarding procedures for staff, making it easier for you to keep track of who has the keys to what!

Don’t get held for ransom!

The news is currently saturated with talk of the WannaCry/WannaCrypt ransomware virus that infected systems across the globe.  So, what is ransomware?

Ransomware is a type of malicious software that blocks access to the data on your computer until a fee is paid to the attacker (hence the “ransom”). The most advanced versions of the software can lock up your entire computer until a bitcoin ransom is paid. With little warning, and almost no way around the attack, victims sometimes pay large sums of money to regain access to their data.

For healthcare and associated organizations, it is especially dangerous because a successful ransomware infection of a system that has access to, or stores electronic protected health information (ePHI) is also a major breach of HIPAA compliance.  The following excerpt from the Health and Human Services website (emphasis mine) can shed some light:

Q: Is it a HIPAA breach if ransomware infects a covered entity’s or business associate’s computer system?
A: Whether or not the presence of ransomware would be a breach under the HIPAA Rules is a fact-specific determination.  A breach under the HIPAA Rules is defined as, “…the acquisition, access, use, or disclosure of PHI in a manner not permitted under the [HIPAA Privacy Rule] which compromises the security or privacy of the PHI.”  See 45 C.F.R. 164.402.6
When electronic protected health information (ePHI) is encrypted as the result of a ransomware attack, a breach has occurred because the ePHI encrypted by the ransomware was acquired (i.e., unauthorized individuals have taken possession or control of the information), and thus is a “disclosure” not permitted under the HIPAA Privacy Rule.
Unless the covered entity or business associate can demonstrate that there is a “…low probability that the PHI has been compromised,” based on the factors set forth in the Breach Notification Rule, a breach of PHI is presumed to have occurred.  The entity must then comply with the applicable breach notification provisions, including notification to affected individuals without unreasonable delay, to the Secretary of HHS, and to the media (for breaches affecting over 500 individuals) in accordance with HIPAA breach notification requirements. See 45 C.F.R. 164.400-414.

After a 22-year-old wunderkind managed to thwart last week’s global attack by registering an embedded domain, he warned that the software only needed to be modified before it would be ready to be relaunched. Ransomware attacks are likely only going to increase, therefore proactive steps to protect your network are essential. Make sure you know what security your IT system requires to keep you from being held hostage! We can assess your network and strengthen its defenses against these types of attacks. Even if you escaped unscathed this time, don’t risk getting caught up in the next ransom!