Blog

Prevention and planning: keys to avoiding and surviving a computer exploit

Understanding computer exploits like malware and viruses and how to prevent them, are basic business survival skills these days regardless of your organization’s size.   Just like other technologies, security compromises are getting more innovative.  It pays to be aware of how to prevent infection and if compromised, lessen the risk of damage.

A computer exploit can involve any number of malicious codes that can be designed to capture personal information (name, address, passwords, even financial information), destroy data, or hold your data for ransom!  Exploits such as viruses and malware may use a variety of delivery methods, and cause different types of damage.  The malware designers take advantage of the same technology and processes that we use every day, stealthily working out ways to lure unsuspecting users into executing the code.

Here are two current trends using computer exploits:

Phishing/extortion scams

The purpose of typical phishing or extortion scams is to get the recipient to provide personal information, or introduce malware into his or her their system by clicking an attachment or link, which executes malicious code.  Whether a mistyped webpage that strikes fear imploring you to call a number, or a message that arrives in your inbox under the illusion that it has been sent by a legitimate institution, the methods are endlessly creative to compel you to take action.   Many of web and spam filters are aware of these core threats, and actively block content containing elements of suspected viruses or malware, but it is important to understand that NO filtering can be 100 percent effective given the pace that these threats morph and change.  The end user has to be vigilant in his or her scrutiny during day-to-day work and processes.

Prevention for phishing

If you receive an email that is a suspected phishing scam or unsolicited email with suspicious attachments, DO NOT CLICK ON ANY LINK, OPEN ANY ATTACHMENTS (usually sent as compressed, .zip files), supply personal information, click a link or attempt to contact the sender in any way. If you are compromised, shutdown your system and contact your IT service provider to quarantine possible damage.

Ransomware

Ransomware is the one of the more severe exploits of late that, once it gets inside a host computer, it can render most of your data unusable. If installed, the process connects to illicit servers; uploads sensitive info like your public IP address, location, and system information; and generates a random encryption key. That key begins encrypting individual files, both on your computer and on any mapped, shared or external drives, shared networks or cloud-based storage. Once encrypted copies of those files are created, originals are deleted from the hard drive, preventing users from accessing them.

The scariest aspect of the latest ransomware, called CryptoWall, is that it’s spreading via spoofed email arriving as an apparent pdf attachment (but it really isn’t).  Worse yet is “malvertising,” via compromised banner ads on legitimate websites like Yahoo, AOL and MSN. The infection is transmitted via Flash, so if a user simply visits an affected website with Flash enabled his or her browsers, the user’s PC can be infected without even clicking on anything malicious. This means most anti-virus programs are unable to prevent CryptoWall, leaving the computer and user vulnerable.

There are two telltale signs of infection by ransomware: 1) If you attempt to open a file and the data is jumbled or not displaying properly, and 2) If you attempt to open a file and get something like “DECRYPT_INSTRUCTION” instead. This will provide instruction for paying a ransom (usually $300 to $1,000) and obtaining a decryption key, which sometimes works to retrieve data and sometimes doesn’t. Even when it does, it’s a time-consuming task.

Prevention for ransomware

Have a trusted IT professional assess and baseline the security of your systems.  Limiting admin rights for user PCs, applying DNS filters, implementing strict browser settings and employing constantly updated behavioral anti-spyware can help. But these are complicated measures with which most managers, directors or staff doesn’t have the time or ability to keep up. Only proactive security steps and nonstop vigilance will properly address the morphing nature of these technological threats.

Validate ANY link in ANY unfamiliar email before clicking on it. Malicious links arrive in spam emails —  many disguised as FedEx, UPS, or USPS shipping updates — every day. Make sure you hover over all links and look for legitimate IP addresses, not long strings of random characters, before clicking. If you weren’t expecting anything, don’t open the attachment.  All it takes is one click by one employee in his or her personal email account while at work to compromise the data of your entire organization.

Avoiding the threat of viruses like CryptoWall is possible with diligent and continuously updated security measures.  Even with the best security efforts, there still will be potential for errors with browsing and email use, which makes a strong backup solution critical to the ability to recover your business data.

Disaster recovery planning

Exploits can be minimized but aren’t always possible to stop.  Planning for a backstop and thriving after a virus attack is a must. Organizations should be creating comprehensive image-based off-site backups at a minimum once a day. There are subscription services that can do this effectively and economically, and the small investment is more than worth the lost time and productivity of reconstructing your organizations data and environment.

Exploits don’t have to have the last say where your data is concerned.  While prevention is most desirable, a bit of planning and ongoing attention will allow for a predictable recovery path if the worst does happen.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Be savvy with in-kind software donations

Technology expenses stack up quickly, so it’s a good idea to keep up on where you can maximize your budget and value.  One easy way that that many nonprofits use is in-kind donated software offerings from major software suppliers.

Here are some options for donated or discounted software that we recommend to clients. You may be aware of some or all of these, but it’s a good idea to keep up with new offerings.  This isn’t a comprehensive list, but many of most widely used.

In addition, some words of caution:  like any really good deal, there may be unintended consequences.  When registering for any program, be sure and read the fine print, and check in with colleagues who have used the product or service before you sign up and get too far down the road.  In addition, the migration to a new product can be complex. Before you switch, be sure to do your homework, and ask the question:  Do I need a new product or do I need to better use the one I have?

Resources available to nonprofits

TechSoup:  This organization is a 501C3 that serves other nonprofits.  Not only does it provide software resources, but it also provides training and insights on its website to help educate nonprofit organizations on technology.  Its mission is to connect nonprofits, charities and libraries with technology resources and to help the members of those organizations make educated decisions about those choices.

Many well-known software providers (you HAVE heard of Microsoft?) donate software to TechSoup for licensing to qualified organizations.  TechSoup is a preferred clearinghouse because it is a nonprofit and isn’t in the business of selling software.

Google:  Just like all the cool products aren’t available at your local retailer, not all great software resources are available at one location.  Google has a robust nonprofit program, including its Google Apps for Nonprofits.

Your organization’s program or outreach manager might be interested in Google Ad Grants, another in-kind product available from Google that can help promote your nonprofit’s website and track donations. It’s another way to use technology to further your organization’s reach.

Office365:  This suite is similar to Google Apps and since last year has been free to nonprofit organizations.  It is an online suite and does not include a local, desktop, version of the Microsoft Office software.

Salesforce.com:  The arm of Salesforce that supports nonprofits is Salesforce Foundation.  The key to many connectivity efforts where technology assists is integration.  Salesforce is very good at integration and its program has helped organizations, such as the Polaris Project and the American Red Cross.

Take advantage of educational resources

While taking advantage these programs, don’t pass by user forums and online communities. They can provide information about technology-based resources or companies offering in-kind donations of software or services.  Just because something is free or very low cost doesn’t mean it’s the right solution for your organization.  Education is a powerful ally when making technology decisions.

 

Chip Heberden is the owner and president of Netlink, Inc. For over 20 years, he has supported local community businesses through IT managed services.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

5 Reasons to Implement a Managed IT Services Solution

Information Technology services are essential to the success of every organization, large or small. With increasingly competitive business environments, CEOs and small business owners are under great pressure to maintain a highly qualified staff and to make sure their technology is obtaining a better ROI than their competitors’.

These goals are not easily achieved, particularly for young or small businesses with less financial resources and time available. Having your own successful information technology department can eat up too much of the company’s budget and time resources, and eventually cause a loss of its competitive edge. These disadvantages of maintaining an in-house IT department are why companies of all sizes have turned to using managed service providers to either assist their existing IT department or become their virtual IT department, handling all of the technology involved in keeping their businesses running at optimal levels.

The benefits of using a managed IT services solution are numerous, but the top 5 benefits of managed services for business include:

  1. Benefit from the expertise of a specialist, without having to spend time and financial resources training your staff to become experts
  2. Decrease your technology risks with Managed IT Services. Your company doesn’t have to worry about losing and trying to replace trained staff members, or about repairing, implementing or replacing complex technology solutions with Managed IT Services
  3. Enjoy access to the most up-to-date, sophisticated technology solutions without having to invest in expensive equipment.
  4. Experience ultimate control over your business technology without having to manage an information technology department. This gives you the time you need to focus on what you do best: your business functions.
  5. Reduce stress and improve efficiency of your staff. When you make good use of Managed IT Services resources, your staff isn’t tied up with IT concerns and they have more time to focus on tasks that are productive for the business.

Click here to learn how we can help you benefit from managed IT services.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

When Passion & Business Combine

When Passion & Business Combine

By Chip Heberden, president, Netlink Inc.

I’m into passion. I started my business because I saw that many businesses and organizations needed help sorting through the intricacies of technology, and I knew I could help.

I’ve also always been drawn to the passion that I see in community organizations.

Big Brothers Big Sisters was my first close up look at an organization that works to improve the community. I was a Big for nine years. I met my Little when he was 10, and stayed with him through the time he was 18. When he married, I was best man at his wedding.

Fifteen years ago, when I started Netlink Inc., I wanted to continue to support nonprofit organizations like Big Brothers. I have learned that many organizations have to make tough decisions about budgets and sometimes IT infrastructure isn’t at the top of the list.
By Chip Heberden, president, Netlink Inc.

Today more than ever, technology can extend budgets through efficiencies, but unmanaged technology can torpedo a budget quickly.

Sticking with Big Brothers as an example, they needed to modernize their infrastructure and minimize big future expenditures, so we helped to transition to a cloud e-mail environment, upgraded its local servers and also consolidated some products into a more efficient structure. All of this increased the nonprofit’s flexibility, while ensuring the dependability of their system and security of its data.

We work with managers and executives to help them identify their needs and constraints, and then execute according to the plan. For example, it may be a project as big as implementing an entire environment with servers and many workstations, or as simple as upgrading a single workstation. During the entire process, we advocate the IT industry’s best practices.

Over the years, we have served a number of NFP organizations, both large and small, including Actors Theatre of Indiana, Big Brothers Big Sisters and North United Methodist Church.

The clients who find us experience challenges in their setups that include:

• Poorly/underperforming hardware or networks
• Bottlenecks with process or information flow
• Dissatisfaction with current service providers, solutions or fees
• Confusion over best practices

We work with small businesses and organizations that range in size from a few users, to upwards of 150 users. While our roles are many, we are generally thought of as an IT partner/advisor that works to improve infrastructure, refine information flow, help with cloud services’ adoption and improve back-office processes.

We will work with a nonprofit organization to identify its needs for improvement and forge a path that balances performance needs and budget constraints. Our long-term goal is a mutually beneficial partnership with the client.

Chip Heberden is the owner and president of Netlink, Inc. For over 20 years, he has supported local community businesses through IT managed services.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 2 of 2 12