Blog

integration and implementation of technology-focused business solutions

February 2019

Everyone is vulnerable to security breaches

February 19th, 2019

We recently had a client who became the victim of a ransomware attack, specifically a Dharma variant called the .adobe variant. It attacked their file server and encrypted a portion of the files, which meant the company was unable to operate until it was resolved.

The hackers demanded $5,000 in ransom for the encryption key to unlock the data. That was a significant increase from one of our prior experiences with ransomware with a ransom request of $250. Thankfully, because our clients had the right plan in place for backup and recovery, we were able to resolve the situation quickly without paying the ransom. If you have the right backup systems in place, you can simply roll it back to before the ransomware infected the server.

The attack took place on a Sunday afternoon rather than mid-day of a workday, so their overall data loss was minimal. They did lose some productivity as we worked to get their systems fully functional again, but the downtime was pretty minimal overall because they were prepared for something like this to happen.

It wasn’t a sophisticated attack, but these attacks don’t have to be sophisticated to cause a lot of damage for businesses. Basically, hackers can buy an exploit kit with the code they need to launch the attack and then customize it a bit, or put their stamp on it, based on how they name the files.

When it comes to security breaches and cyber attacks, everyone is vulnerable. And I mean everyone. Yes, there are some things you can do to lessen the chances or lessen the impact, but no one is immune to cyber attacks regardless of what protocols they have in place. Many people don’t realize just how vulnerable they are.

At a recent conference we attended, one of the speakers asked anyone who had been impacted by a security breach or cyber attack to raise their hand. There were some people who didn’t raise their hands, and the speaker said that they’ve either been a victim and didn’t know it or would be before too long.

The sheer volume of attack attempts happening make it a numbers game so that it’s just a matter of time. The volume also makes it nearly impossible to stop. We can slow it down, but we can’t really stop it completely.

There are a couple of ways that small businesses are especially vulnerable, though the same issues can impact larger businesses as well. First, the use of single passwords to protect information. In lots of companies, there’s just one password standing between the hacker and the data they want to steal. Things like two-factor authentication can help, as can other methods for encryption keys and secure access.

The second vulnerability for a lot of businesses is the frequency of remote work. Anytime someone’s accessing your system from outside your system, there’s a risk there. Each time an employee logs in remotely, it’s creating another door into your system that hackers can try to break down. Most people view those actions as simple everyday activities they do in order to work, but it’s a risk to your company. I’m not saying don’t allow remote work, but rather be aware of the vulnerabilities it creates and have a plan to reduce that risk.

About 70% of all security issues come through email, so education can be key for your employees to understand the risks and to avoid clicking on any links without checking the sender and the link URL first. Online ads and websites are another potential point of access. When you go to a website, your computer starts downloading files associated with that website to your cache so you can view the site. If a virus sneaks through and your antivirus software doesn’t pick it up, that virus goes to work quickly.

Every company should have a plan in place to reduce their risk of cyber attacks and security breaches plus a recovery plan should one occur. The risk is simply too great to not have a plan in place before an issue arises.

Comments: None

Lessons learned from the Oklahoma Digital Government Summit

February 5th, 2019

We recently attended the Oklahoma Digital Government Summit, which we also sponsored. It was a great networking and learning event with IT professionals from state and local governments, education, and other organizations across the state. We enjoyed the opportunity to connect with some of our clients outside of the office and partners we work with regularly, as well as meet new people.

Not surprisingly, security was a hot topic at the event. It’s something we face every single day as IT professionals. Another great presentation was a keynote speaker talking about improving communications, which is also an important topic of discussion in the IT world.

Cyber security

The number of cyber security attacks continue to increase every year, and I don’t see that trend changing anytime soon. It’s all about the money for the people who orchestrate these attacks, and honestly no company is safe from cyber attacks. If you have customer data of any kind in your system, you’re a target.

Many of the presentations talked about how to prevent cyber attacks and the importance of having a process in place if an attack occurs. What steps will you take to secure your systems? If something happens, how will you notify your customers that their data has been compromised?

Because it was a government conference, there was lots of conversation about citizen expectations around data privacy and protection. In state and local governments, there’s not a significant return on investment for the systems themselves as there can be in the private sector. But there is a public return on investment and the morale factor to think about with citizens and their expectations.

Communications in IT

One of the keynote presentations centered around improving communications in IT. It wasn’t about talking to each other more, but rather about how to be more clear and concise in making your point, which can apply to sales, customer communication, or even interpersonal communication. One of the tips he mentioned was to know the key points you need to make in a meeting and ensure you have a plan for how you’ll get those points across in a concise way.

The conference didn’t include many sessions specifically about application development or software solutions, though we were certainly happy to talk about those topics with anyone interested. But mostly, there was lots of conversation about cyber security and data protection, which is important for government agencies and businesses of all sizes to be thinking about.

Overall, it was a great conference and a wonderful opportunity to network with state and local governments.

Comments: None

CONTACT

501 E. 15th St., Suite 200B
Edmond, OK 73013
(405)285-2500
info@lsgsolutions.com