Technology Advisor Blog

13 Ransomware Statistics All Businesses Must Know

Posted by Ann Westerheim on 1/23/19 8:45 AM

13 Ransomeware StatisticsBig businesses make the headlines but small businesses are NOT immune to Cyber Attacks!  

Industry leader Datto surveyed over 2400 IT professionals who deal with ransomware and other cyber threats every day, and the results are something every SMB needs to be aware of.

From 2016 to 2018 there has been a 79% increase in ransomware attacks.  35% of IT pros reported multiple attacks for the same SMB in the same day.  Only 1 in 4 attacks are reported, so the news is not making it to the general population.  The cloud and Apple products are NOT immune.  The average cost of the downtime associated with an attack is $46,800.  

One of our missions at Ekaru is to help SMBs create a technology roadmap and we recommend that you download the Ransomware Report to get started. We highly recommend sharing these statistics with your team to raise awareness in your organization.  Ongoing training is one of the key components to help keep your business safe.  Also, please ask about new technologies you can put in place to help safeguard your business.  Antivirus and firewalls are no longer enough to protect against advanced threats, and if you haven't completed a security risk assessment in the past year, now is the time!

Keep your data safe!

Tags: cybersecurity, ransomware

Don't Click on that eMail Security Warning Message!

Posted by Ann Westerheim on 1/21/19 1:53 PM

We do a lot of cybersecurity training at Ekaru and one of things we tell people is to "THINK BEFORE YOU CLICK".  But what do we need to look out for?

Fake email Security WarningHere's an example of an email received today. It sounds pretty important.  The message is saying that there is a security alert for your account, and there's a sense of urgency around clicking on the link to make sure you're protected.  Sounds like something to act fast on, right?  Actually, its just a fake message designed to get you to click on the link which could be a link to "phish" your email credentials, or to trick you into installing malware.  In either case, danger lurks ahead.

One of questions we get a lot, is "how do I know the message is a fake?".  First, assume if you have any doubt whatsoever, this is probably a good "gut" reaction that you shouldn't proceed.

In this case, the email was sent to an "alias", not an actual mailbox, so that was a big giveaway, but perhaps subtle for many users.  An alias is an address that may be used to go to a particular role in your company or to a group of users (like sales, info, techsupport, etc...)  That was the first warning that it's not even an actual mailbox.

The second warning is that if you were to hover over the link, you'll see the link goes somewhere unexpected.  This is also somewhat subtle because many users don't know that what you print in the email, and the actual link can be completely different.   Also, great care must be taken to not actually slip with your mouse and click through.

The third warning is that if you look at the "properties" of the email, the "path" of the email can be revealed in the technical header of the email.  This is also something that would be simple for an advanced user, but most users aren't aware that the "from" address can be easily faked.

With all your security protection in place, all it takes is ONE user clicking on ONE wrong link to do a LOT of damage to your business.

Given that your team probably isn't composed of a team of tech experts, what should you tell your team?

  1. Bring examples of fake messages to your staff meetings and SHOW your team what a spoofed (fake) email looks like.  Years ago they were fully of typos and obviously fake.  Today's messages can look VERY real.
  2. Educate users to trust their gut.  If you have ANY doubt about the email, listen to your instincts.  CALL your tech support to find out if there is a problem with your account.  Call a number you already have, NOT any number included in the email (same goes for any fake credit card alerts, etc.)
  3. Speak up!  Did you click on the link?  You will need to be disconnected from the network and have your system cleaned.  Keep in mind that many advanced threats are designed to run on timers so you may not notice anything right away and keep working.  Create a culture where people feel free to speak up.  Trying to hide something could do a LOT more harm.

Many messages are designed to get loyal and diligent employees to make a mistake.  The bad actors are working all the time to develop new threats.  With the availability of cryptocurrency, cyber crime is now bigger than all organized crime.  

Talk to your employees about security on a regular basis.  THINK BEFORE YOU CLICK!

Tags: email security, cybersecurity

A hacker has your password.  Now what?

Posted by Ann Westerheim on 1/17/19 11:25 AM

Hacker_PasswordThis week an astonishing 773,000,000 records were released in a monster breach.  Security researcher Troy Hunt first reported the data set which includes 772,904,991 unique email addresses and over 21 million unique passwords, all recently posted to a hacking forum.

Hunt reports that the data was posted on line for anyone to take and not even up for sale in the dark corners of the web.  In fact, not only is this the largest breach to become public, it’s second only to Yahoo’s breaches which affected 1 billion and 3 billion users, respectively. Fortunately, the stolen Yahoo data hasn’t surfaced, yet, but there's a good chance that if your information isn't out there yet, it will be soon.  

What can you do?

After your data appears in a hacker forum or somewhere on the Dark Web, there's no way to take it back.  For many, this is a wake up call to take better care of password safety.

  1.  Use STRONG passwords.  In this particular case, it doesn't matter how strong your password is, if its out there its out there, but using strong passwords is a general safety tip to help prevent many other types of cyber attacks.  
  2. Use UNIQUE passwords.  NEVER use the same password (or simple variation) for multiple sites or applications.  Your banking passwords should not be the same as your gym membership password.
  3. Change your passwords frequently.  When you hear about a major breach, this is a good reminder to change your passwords as it could be a long time before your credentials wind up for sale.  Think of it like changing batteries in your smoke detectors.  Use some calendar (daylight saving time?) to trigger the change.  Anything other than using the same password for years.
  4. Use a password manager.  Think about it.  If you need to use STRONG passwords, and UNIQUE passwords, that you change regularly, there is no way to remember these.  If just one employee in your organization cuts corners, this could put you and your organization at risk.
  5. Get Dark Web Monitoring to protect your business.  When breaches make the headlines, everyone takes notice, but this activity happens frequently, and your data can be for sale on the Dark Web long before anyone publicly announces a breach.  Think of Dark Web Monitoring as an early warning system.
  6. Use Two Factor Authentication wherever possible.  If your password is compromised, no one can get access to your stuff without the second authentication.    Many users see this as an inconvenience, but it's a critically important safety measure to safeguard your information.
  7. Educate your employees on cybersecurity.  One weak link and your business may be at risk.  Too many users still think "it won't happen to me", and too many SMBs think they're under the radar because they're too small.  

For more information on the latest breach, check out a comprehensive summary in  Wired Magazine.  

At Ekaru, we're on a mission to provide enterprise-call service to small businesses.  Please give us a call if you have any questions, or to assess your current security situation.  We're here to help!

 

 

 

Tags: password, cybersecurity, Dark Web

Want to achieve your goals in 2019?  Get organized and take action!

Posted by Nancy Amato on 1/3/19 10:50 AM

This Year I WillIt's a new year and a great time to get organized so you can achieve your goals for the year.  January is a great time for business planning, and how you effectively use your time will have a big impact on your ability to achieve your goals.
  • Before leaving work each day create a To-Do list of your priorities for the next working day.  Don’t forget to do this on Fridays.  It will help you become more organized.
  • As you begin your To-Do list never spend more than 30 minutes being confused. Stop ask for help or - you are wasting time.  These are the boundaries you need to set for yourself.
  • One benefit of time management is that if you follow your daily list, it will reduce your stress level.
  • Set up deadlines on your projects. Put a time limit on your tasks.
  • Follow your prioritized list by completing the most critical and demanding tasks first thing in the morning if possible.
  • Schedule a break if needed every 90 minutes for a quick glass of water or a cup of coffee. This will help you maintain high productivity throughout the day.
  • Exercise and regulating your sleep patterns also helps with time management. Any form of relaxation is important.   Exercise is also considered a great stress reliever.  Going to bed the same time every night and waking up the same time every day helps with your overall wellbeing.  Many presenters have brought this up during the Hubspot Inbound conference.
  • Never procrastinate. You know the famous saying ‘Why put off tomorrow what you can do today? Procrastination wastes your time and your company’s time. I recently saw 'Mary Poppins Returns', and Emily Blunt said "Today or Never" - a great motto to live by!
  • This one is tricky: Learn how to multitask!  When working in a fast paced environment it’s the only way to survive some days.  This is not easy and may take lots of practice!
  • Start each day by being on time at work. Everyone has traffic to deal with and family morning rituals, but always give yourself extra time to get to work. If you start your day late everyday then you should stay later to make up your time so why start off late everyday…It’s a waste of your time!

 

If you need a little help with time management try a popular app called Toggl.  This app helps you improve what you are doing during the day.  Toggl will help you see where your time is spent and it will help improve your daily routines.

Tags: SMB, Time Management

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.