Boost IT

Managed IT Services, Cybersecurity, & Cloud

cyberattacks

Why Hackers Target Small Businesses

by

When it comes to computer security, your business data must be secure. As a small business, you can’t afford cyberattacks. Yet so much can happen. Employees can mistakenly open email spam or click on a malicious link while researching on the internet. Then there can be distributed denial of service (DDoS) attacks, like what happened with Dyn, where malware from phishing emails first infected a computer or network, then spread to other internet-connected devices and used those devices to send a barrage of messages that overwhelmed victims’ computer systems.

According to a 2012 Sophos Security Threat Report, 30,000 websites get hacked every day, and as a small business you are increasingly likely to be targeted in cyberattacks.

The Problem with Dyn

Perhaps you remember what happened with Dyn when there was a massive internet outage in October 2016? You should be wary about how a similar cyberattack or possibly a more direct hack could affect your business in the future.

In case you don’t remember, Dyn is a company that manages crucial portions of the internet’s infrastructure and was attacked. As a result, major websites were inaccessible throughout the day. The problem seemed to stem when hackers infected hundreds of thousands of internet-connected devices like cameras, baby monitors, and home routers with software that was then used to overwhelm the infrastructure until it collapsed. Here is the story as reported by The New York Times. Also, read about Dyn’s own analysis of the attack.

One of the biggest questions that came out of the Dyn attack relates to responsibility. If your system is breached, whose problem is it?

The Shifting Focus on Small Business

You might think you are under the radar of hackers because you are a small business, but this couldn’t be further from the truth. Hackers are increasingly shifting their focus from large enterprises and targeting small businesses. One of the reasons is the likelihood of small business maintaining financial data or other sensitive data in their network. Hackers have also realized that access from small businesses can connect them into other small businesses and larger enterprises. Since many small businesses don’t invest in adequate cyber defense against attacks, it can be easier to compromise their system.

Placing the Blame

Now that you’ve recognized that cyberattacks could realistically happen to you as a small business, let’s get back to the question: whose problem is it?

The Hackers – The source of the problem is the hackers themselves. After all, they unleashed a cyberattack with malicious intent. But while it may be easy to place the blame on them, it is not so easy to enforce any actions for correction on them.

Product Supplies – Then there are the companies that have sloppy security standards when developing products such as the cameras and other internet-connected devices. They open themselves and others up for an attack. After the Dyn attack, these companies were scrambling to update their products as consumers were asking how they could be so irresponsible. So, the manufacturers of these products definitely have a responsibility but there will always be risks. It is just not reasonable to expect that every IoT manufacturer will always be able to patch or update their devices.

Lawmakers and Regulators – Some people also point to lawmakers and regulators who have not put secure laws in place to increase accountability regarding the internet of things. While this can certainly help establish requirements for security standards for IoT manufacturers, it will take time, there will be limitations so as not to hinder innovation, and the hackers will still exist with the potential to get one step ahead of the standards.

Consumers – Finally, we can’t neglect the consumer, such as the businesses themselves. Security researchers have long warned that the increasing number of internet-connected devices would present an enormous security issue. It was therefore only a matter of time before these devices were used in a cyberattack like Dyn, and they will be used again.

Once a breach occurs, it all boils down to your problem in dealing with a potential breach. What can you do to protect yourself and how would you respond in the moments when you are under an attack?

No matter what type of contracts you have in place with your employees, vendors and clients, be prepared. Do your due diligence in purchasing products known for their security enhancements, and be proactive in your security.

Boost IT can help. By outsourcing your IT to us, we proactively reduce your vulnerabilities. We will continuously upgrade your software and equipment with the latest security technology to combat cyberattacks. We’ll continuously monitor your systems to prevent and quickly address attacks before they become issues. Contact us at 404-865-1289 to learn more, or complete our contact form.

Where’s My Data? The Future of Cybersecurity

by

More businesses realize cybersecurity is a necessity. Cybercrimes are on the rise and small businesses are increasingly being targeted. Cybercriminals are becoming savvier and their attacks are becoming increasingly complex. The need to stay on the forefront of information technology and IT skills development increases. Just as important is the need to be prepared and ready to respond to a threat and minimize the damaging effects.

In our last blog Cyberattacks: Why Hackers Target Small Businesses, we talked about the realistic possibility of a cyberattack. While the initial phases of diverting an attack in cybersecurity involve intrusion detection and secure software development, there will always be a risk that will get through even the best detection and development technology.

It’s no longer a question of if you will have a cyberattack but when and how you will counter it. Therefore, it’s critical that cybersecurity include risk identification and mitigation, and cloud security. These areas involve identifying risks, creating a plan of reaction and mitigation, and protecting data. It may sound complicated, but Boost IT has a managed security service that is a simple fix.

Risk Identification and Mitigation

A scary form of attack is cryptolocker, a particularly nasty type of ransomware where your computer and network are hijacked, the data is encrypted, and the cybercrimal demands a fee to unlock it. For more in-depth information, refer to the article The Ransomware Nightmare and Its Real Cost.

It costs companies large amounts of money and can take up a lot of time to unlock hijacked computers after a ransomware attack. Once you get the key, there is no guarantee you’ll get access to your data back. In some cases, your data is wiped clean.

Cryptolocker is one of the biggest risks businesses identify when it comes to data protection. By recognizing the need to plan and developing a risk mitigation plan, businesses can evaluate ways to react by developing a plan of action that helps to reduce the threat.

When developing a plan, the question often asked is, “Where is the data?”

Access to data by only those authorized is vital for the continued operation of the business. Therefore, cybersecurity professionals look at all ways to counterattack and protect the data from a breach so you know exactly how to respond to a threat and thus minimize the damaging effects.

Cloud Security

Knowing how your data is stored, who has access to it and how it is protected is extremely valuable knowledge in the face of cyber risk. Therefore, the future of cybersecurity involves more than preparation and planning against an attack. It involves taking precautions to safeguard your data so it will not be compromised and/or can be recovered in a minimal amount of time so you and your employees can get back to business.

As part of a cybersecurity measure, businesses are increasingly migrating to the cloud for data storage. This helps them to access their data at anytime, anywhere. It eliminates the question of where their data is. But it also causes businesses to rely more on the cloud providers to safeguard their data. However, as the cloud infrastructure develops, it becomes a more lucrative target for cybercriminals. Boost IT has ransomware-resistant cloud products.

As attacks become more possible on cloud systems, the knowledge in cloud security is continuously growing. Keeping up with the complexity and continuous training on cybersecurity is necessary. That is why many businesses are outsourcing cybersecurity to Boost IT. We stay on top of the innovative ways to combat cyberattacks and protect your data. To learn more, contact us at 404-865-1289.

What Will Happen to Your Data if Disaster Strikes

by

Your data is your company’s most valuable asset. It could be at risk if a disaster strikes. The potential event will cause a disruption. How big of a disruption can depend on how big of a disaster and how well you’ve prepared.

According to the National Archives and Records Administration, approximately 60 percent of companies that lose data after a disaster shut down within six months. An estimated 93 percent of companies that lost their data center for 10 days or more filed bankruptcy within one year of the setback. To minimize your risk, protecting your data from all types of disasters is critical.

Types of Disasters

Natural Disaster

Floods, hurricanes, tornadoes, fires, and blizzards can damage and destroy both personal and intellectual property within seconds. If your business location experiences a natural disaster, you want your data protected and safely stored until your business can operate.

A natural disaster could cause a long, physical recovery time. It could take months for your business to come back. Having a data recovery plan can help the business provide necessary information for insurance and regulatory purposes while allowing you to operate in a temporary location.

Criminal Disaster

Cyberattacks are becoming more common for small to medium businesses. Someone physically or virtually attacks your systems to obtain sensitive data or corrupt files. Your entire database could be wiped clean – gone. It’s important to have data backed up in a separate location, secure from cybercriminals. But having a backup is only part of the problem.

If your data gets lost from a cyberattack, you could be looking at sensitive data being stolen and legal woes. All those years of building trust with your clients could be forgotten. Plus, the repercussions of a criminal attack could go on for years. You need different planning to protect your data from a criminal disaster compared to other disasters.

System Failure

When a component in your hardware fails, you could have a part that needs to be repaired or replaced. This is a common disaster type that usually leads to downtime for one or more employees. Besides the downtime for determining the problem and fixing it, there is the downtime for redoing any work that was lost after a system failure. If a server that connects to multiple workstations fails, your problems with downtime can multiply fast.

Mistakes/Accidents

Human error causes more disasters than most companies want to admit. A mistake might consist of deleting a file, or using someone else’s work as a template and then saving over it. It can be a nightmare trying to recreate what is lost. When your data is backed up, your IT professional can obtain the original file from the backup source.

A big problem with data recovery is that no one is fully prepared for a disaster. The potential event will cause a disruption. Small scale data loss such as a power outage will have downtime that is a nuisance but can realistically be recreated. A large amount of data that is lost with a major disaster can be devastating.

Having a solid disaster recovery plan in place before a disaster strikes and automatically testing it daily is the best protection for your data. Boost IT can help you protect your data from all types of disasters. We will assist with assessing your systems and regulatory requirements, putting together a disaster recovery plan, and running the appropriate tests. To find out more, contact us at 404-865-1289.