Just Because you have a backup – Part 1

When faced with a ransomware attack the current wisdom is if your computer gets infected and it encrypts your files you have three basic options:

  1. Pay the ransom
  2. Restore from a backup
  3. Cut your losses and nuke the computer

Of those three choices, backup is obviously your best option. Assuming everything goes well, you’ll get your data back and you can get back to work knowing you dodged a bullet.

But remember, just because you have backup in place doesn’t mean you’re protected from ransomware. Recently, members of the Spiceworks IT community shared their experiences with ransomware in a brief survey. While most reported backing up their data, only 42% could fully recover everything that had been compromised or encrypted.

Relying solely on a backup as ransomware protection is like using your emergency brake for everyday driving: it may get the job done but it’s going to be messy.

The truth is, restoring from backup isn’t always going to go smoothly. There’s also no guarantee it’s going to be comprehensive. It’s a much-preferred option to paying the ransom, but to make sure it’s a viable option there are several things you need to prepare for and consider. Otherwise, if or when ransomware does hit, you may unfortunately find out you don’t have that choice after all.

LammTech hopes you enjoyed this email blog and will follow along with additional segments in the weeks to come.  The next installment will be “Using Backup to Recover from Ransomware: 4 Things You Have to Consider”

Want to know more? LammTech is always available to discuss your data backup and data protection needs.  Call us at 660.827.9944 to discuss your needs and if you are protected.

Posted in Newsletter Articles | Comments Off on Just Because you have a backup – Part 1

Updating Your Business’s Data Security Policies

As a business owner in the digital age, keeping your customers’ data safe should be one of your top priorities. As hackers get more sophisticated and begin targeting small and medium sized businesses with weaker security standards, an attack or leak is practically inevitable. To keep up, data privacy and security should be factored into the decision making in every department of your business. It’s important to take inventory of your current security systems, and make improvements where necessary. As we all spend more time and put more information online, there needs to be more efforts made to protect that data. Though this is just the start, take these principles into consideration for your business’s data security regulations.

Understand your data

To start, evaluate what data you have stored, where you store it, who it is shared with, and if you have any security measures currently in place. Creating, maintaining data inventories and data flows will help you stay updated on the changing data security landscape.

Don’t collect data you don’t need

Remember – no one can steal what you don’t have. When was the last time you reconsidered what data you collect from your customers? If you ask for email addresses and passwords when customers make accounts on your page, is that necessary? Don’t ask for information that isn’t directly related to your business. This could also help you gain more subscribers or customers, if your current system asks for information that people don’t feel comfortable sharing.

Hold on to information only if your retention policy requires

If you collect personal information, don’t keep it for longer than your approved retention policy. If you hold on to it for longer, you are putting your organization or customers at risk. Look for other areas where you are storing old personal data that you don’t need anymore, and dispose of it in accordance with your retention policy.

Control access to your data

Not every employee needs access to your most sensitive accounts and information. Consider using multiple user accounts so information is only given on a “need to know” basis. Adjust your protocols to ensure that only authorized employees with a business need have access to people’s personal information.

Require strict passwords

All employees should be required to use unique, complex passwords, and to use different passwords for every account. This is also helped by using multiple user accounts instead of one master login for administrative databases.

Store sensitive information securely

Use strong cryptography to secure confidential material during storage and transmission, through every step of its journey. If you store passwords for customers or employees, they should not be stored as clear, readable text that is easy for hackers to access. Your business needs procedures to store passwords securely and correctly. This can also be remedied by adopting two-factor authentication, which can help protect against password breaches. Make sure you are using the latest industry-standards for databases and other encryption. Trust that the experts have found the best solution, especially for securing data.

Secure remote access

Increasingly, employees are doing their work outside the office. Whether you work with freelancers or employees that sometimes work remotely, you need to take extra steps to secure access. Make sure every computer you send remote access to is secure and has the proper security in place. This includes employees and other businesses you may be working with. Make sure you install antivirus programs on all employee computers and that software is kept up to date.

Updating your practices for preserving data privacy can seem overwhelming, but it’s a necessity for business in the digital age. If you’re looking for support as you improve your own security measures, contact us for more security awareness assistance.

Posted in Newsletter Articles | Comments Off on Updating Your Business’s Data Security Policies

Internet Safety this Holiday Season – Tips for Parents

As the weather gets colder, that means more time stuck inside, and more screen time for the kids. Today’s parents face a difficult challenge as they keep their kids safe while they’re online, and teach them how to behave appropriately on the internet. Follow these tips to help your kids surf safely.

Internet Safety Tips:

Set Limits

Make sure your child knows the rules when it comes to the internet – how much time they can spend on it, what sites are allowed, and what they should and should not share. Consider signing a contract within your family that regulates internet use. The Family Online Safety Institute offers a sample on its website, and you can customize it as you see fit.

Supervise

Make sure you supervise children under age 10 while they are using the internet. Make sure the computer, tablet, or phone can only be used in a common area where it’s easy to check in on them. Pay attention to everything they’re doing online. As they get older, you don’t need to be staring at the screen with them constantly, but always check in.

Be Open to Communication

On the internet, it can be easy even for seasoned users to accidentally end up on the wrong site. Make sure your kids know they should tell you as soon as they find something that makes them uncomfortable. They should know it is not their fault, and that you won’t be angry with them if they end up on those sites. When they feel comfortable talking to you about what they might find, or what might be happening to them online, they’ll turn to you when they need help.

Add Parental Controls

Programs like Net Nanny give a pretty substantial parental control across Android, iOS, Mac and Windows devices. Set up filters, block inappropriate websites, and set timers that keep your kids safe. You can even view usage reports to see where your kids are visiting. As your kids get older, it’s important to tell them why you’re blocking certain sites.

Warn Children of Predators

Make sure your children understand that not everyone tells the truth online. Just because someone says they’re a child the same age as them, doesn’t mean that’s the case. It is essential that they tell you about any new people that they have met or have contacted them online. Hopefully you’ve set the standard and opened communication in a way that lets your child know you’re there to protect them online.

Internet Etiquette Tips:

Setting Up Accounts

Allow your child to set up their own email or other online account, and coach them through aspects like creating a strong password, and keeping their identity safe. Instead of adding their own picture, help them find a favorite cartoon or avatar to use. Their username can be fun, but should not reveal their identity, such as their school, age or full name.

What Not to Share

Your child likely will not understand the consequences of sharing their personal information online. But they should know:

  • Never to give their name, phone number, email address, password, postal address, school, or picture without your permission
  • Not to open e-mail or messages from people they don’t know
  • Not to respond to hurtful or disturbing messages
  • Not to get together with anyone they “meet” online

Keeping Behavior Appropriate

Remind your kids that whatever they post online, doesn’t necessarily ever go away. Make sure they know that comments or messages should be appropriate, and they should double-check what they’re sending. Anything can be screen-shot and sent to someone else. As kids get older and start using social media sites, they need to know the importance of being kind to others online

Set A Good Example

If you spend all your time on your phone or computer, your kids will want to do the same. Teach them proper etiquette by leaving your phone elsewhere when you sit down to eat dinner, or putting it down 30 minutes before bed. These devices are addicting, and you can help them (and yourself) by limiting time and focusing on the loved ones around you.

Posted in Newsletter Articles | Comments Off on Internet Safety this Holiday Season – Tips for Parents

Beware of Black Friday and Cyber Monday!

Beware: Black Friday is coming. What was once a one-day in-store shopping spree has become a week (or even month!) shopping marathon. The introduction of Cyber Monday and the rise of online shopping has led deal-seekers to make online purchases as they prepare for the holiday season.

In 2016, Thanksgiving, Black Friday and Cyber Monday online sales came in at $12.8 billion, a 15.2% bump from the same period in 2015.Cyber Monday made $3.45 billion in sales in 2016, making it the biggest day ever in U.S. e-commerce history. Almost 40% of sales on what was a brick-and-mortar shopping weekend occurred on a mobile device.

This year, 69% of Americans plan to shop over Thanksgiving weekend, and 84% of this year’s holiday shoppers will be shopping online, according to data from PricewaterhouseCoopers’ 2017 Holiday Outlook.

In all, Americans are expected to spend about $680 billion this holiday season, marking a 3.6 percent to 4 percent increase from last year’s $655.8 billion, according to estimates released by the National Retail Federation. Those figures are in line with last year’s 3.6 percent growth in holiday spending.

Before the sales days hit, businesses need to make sure their websites are ready, for the traffic of shoppers and the possibility of cyber-attack.

Holiday sales can bring a big surge of traffic to a website, so owners should ensure their sites can handle it. There are numerous sites that will simulate a traffic test for any URL, such as this one. You should consider contacting the web hosting provider and inquiring about the traffic limitations and cost of an upgraded server. Or, if you use Content Delivery Network (CDN), contact the provider to ensure they’ve planned for the increased traffic.

Unfortunately, getting a site ready for shopper traffic isn’t the only thing to prepare for. While this rise in shoppers is a boon for retailers and the economy, it comes with a certain risk. Cyber hackers know to follow the money, and as in years past, experts expect an increase in cyber-attacks this week. Some are predicting as many as 50 million global fraud attempts will occur in the next week as scammers look to capitalize on a busy shopping period to slip past fraud filters. Hackers have realized that by targeting busy shopping periods, it’s easier to hide their activity from e-commerce filters.

Due to consumer’s new shopping patterns, which continue up until Christmas itself, it’s difficult for retailers to notice the attacks have happened. A report from Verizon found it took a majority of businesses they studied two weeks or more to recognize that a crime occurred. In contrast, the holiday shopping period lasts for only eight weeks. More and more customers’ data may be at risk if it takes too long to identify that an attack has occurred.

Before the sales begin, monitor for malicious and unintentional changes affecting your network, with a solid Data Center Infrastructure Management (DCIM) solution that would flag outdated versions of software and firmware currently running on your assets that may pose security vulnerabilities.  This will address threats and provide time for risk mitigation before the big crunch on Cyber Monday.

If you’re planning on being a shopper yourself during the holiday season, take a few precautions to keep your data safe. Just like hackers start working overtime over the holidays, so will scammers looking to target consumers individually.

  • Only deal with retail companies you trust. Understand how they operate. More importantly, keep in mind that every entity can be spoofed in email or online.
  • Look for some sort of “Safe Shopping” badge on the site that shows they’re looking out for your safety
  • Remember to use a unique password for every online account. If you reuse passwords and the password file of the company with the least secure infrastructure is compromised, then your user ID and password combination are the keys to all your other accounts, especially for those that lack two-factor authentication.
  • Make sure the website is using HTTPS in the URL. This ensures that the data transferred between the web browser and the website is encrypted.

With the right precautions, you can walk away from Black Friday with great deals – and your data still protected.

Posted in News Alerts, Newsletter Articles, Robert's Blog | Comments Off on Beware of Black Friday and Cyber Monday!

What Section 179 Means for Your Business

Many small business owners are generally familiar with some of the small business tax deductions that can help you save money at tax time, but did you know that in 2016 Congress approved an expansion of a popular tax deduction for small business equipment purchases? This tax deduction is called the Section 179 deduction, and it was recently expanded to the $500,000 level and made permanent, according to the Protecting Americans from Tax Hikes Act of 2015 (PATH Act). This tax break for small businesses is intended to make it more affordable for small companies to buy business equipment, such as office furniture, vehicles, computers, machinery and other tangible capital investments, by allowing businesses to deduct up to $500,000 per year in qualifying business equipment purchases from their taxable income.

Section 179 has been around for several years, but the levels and availability of this tax deduction had been fluctuating. When it was first introduced, Section 179 deductions had an annual limit of just $10,000. Congress kept raising the limit year after year, but then in January 2015, the limit dropped from $500,000 to $25,000. When Congress passed the PATH Act of 2015 in December 2015, they returned the deduction limit to $500,000 and made it permanent – helping to resolve any uncertainty about the rules for this type of small business tax deduction.

Businesses were already allowed to deduct the value of eligible business equipment purchases, but under standard rules, they had to deduct only a portion of the value of the equipment each year. For example, if a business purchases $5,000 of new computers, they might have to deduct $1,000 per year for 5 years. Section 179 allows your business to deduct the full value of certain business equipment purchases in the same tax year that the purchases are made, instead of having to depreciate – or deduct the amount in portions – on a year-by-year basis over the useful life of the equipment. This can be a big advantage to your business, because it can enable you to reduce your taxes by a larger amount this year, instead of having to wait several years to get the full tax benefits of buying business equipment.

WHAT YOU NEED TO KNOW:

  • Section 179 has a $500,000 limit on the total amount of business property expenses that can be deducted per year.
  • Section 179 can only be used for new or used property that is purchased by your business – not for leased or rented property or property that is received as a gift or inheritance.
  • Section 179 deductions can only be used for property that is primarily used for business. You must use the property for business more than half of the time, and the amount of your deduction is reduced by the percentage of your personal use.
  • This deduction is highly focused on small and medium-size businesses, because the only companies that qualify for Section 179 are ones that spend less than $2 million per year on qualifying business equipment purchases.
  • Starting in 2016, Section 179’s $500,000 annual deduction limit and $2 million business investment limit will be indexed for inflation – so the amount of deductions will continue to adjust slightly each year along with overall prices in the economy.

QUALIFYING TYPES OF PROPERTY:

Section 179 deductions can be used for tangible personal property purchased for your business that the IRS has determined will last more than one year. Types of property include:

  • Computers
  • Software
  • Office furniture
  • Business equipment
  • Machinery
  • Business vehicles (weighing more than 6,000 pounds)

Section 179 cannot be used to deduct the purchases of other types of property, such as land, permanent structures attached to land, inventory, air conditioning and heating units and property used outside the United States.

For more information on Section 179 deductions and how they might help your business, check out this IRS website: http://www.section179.org

You can also sign up for this free Section 179 webinar hosted by the National Federation of Independent Business (NFIB).

DISCLAIMER: This article does not constitute professional tax advice; it is only intended to be informational and build awareness about possible tax deductions that business owners might qualify for. Individual tax circumstances may vary. Please talk with your accountant or other professional tax adviser before claiming any deduction

Posted in Newsletter Articles | Comments Off on What Section 179 Means for Your Business

CyberSecurity Awareness Month: Online Shopping

Here are a few things to consider when shopping online.

Make sure your computer and other devices are secure

When an update is available on your phone, tablet or other device, make sure to install it —software updates typically include any security flaws or potential problems.

Also, make sure your device is free of malware before making any online purchases.

Mobile security

Make sure your device is always running on the latest software. Apple frequently makes updates available, which often fix any potential security issues that could put you at risk. ensure that the latest patches or updates are applied.

Beware of fake email scams

Shopping online typically involves email confirmations related to any purchases you make, and scammers use several different email scams to trick consumers into handing over their personal information. Plus, record online shopping means a lot of packages are being shipped, and fake package tracking emails are a very easy way for scammers to steal consumers’ information.

Here’s how to spot a fake package tracking email.

If you receive an email that turns out to be a scam and you click on any links provided in the email, typically a virus or malware is immediately loaded on to your computer or other device. And then… nothing happens. You forget all about it while the virus lurks in the background — capturing your every keystroke to get access to things like your username and password for access to personal account such as banks or credit companies.

How thieves disguise scam emails as legit notifications

Thieves have found ways to make email scams look like they’re coming from legitimate groups and companies, including charities, retailers, credit card companies, banks, shipping companies (UPS, FedEx) and more.

So, if you receive an email you weren’t expecting — or even a “confirmation” email you were expecting — do not click on any of the links provided in the email. The safest way to find out if the information is legitimate is to open a separate browser, or even use a different device, and sign in to the company’s official website directly.

You can also call the company directly to confirm any information that was sent to you via email.

Never shop online using public Wi-Fi

Scammers can easily steal your information when you’re using an unsecured network. If you use a public computer, make sure to always completely log out of every website and the computer itself. When it comes to using free Wi-Fi networks, never sign in to any of your accounts that contain sensitive personal information, such as your bank account or any account that contains your bank, debit or credit card information.

Posted in Newsletter Articles | Comments Off on CyberSecurity Awareness Month: Online Shopping

CyberSecurity Awareness Month – Malware, Botnets and Ransomware

It’s important to keep in mind that the nearly one billion malware infections were detected by one company over a six-month period. The total number of global malware infections for the year is likely to be at least an order of magnitude larger. Malware is an enormous problem.

The one thing that can be counted on for 2018 is that the problem is going to get worse. New ransomware variants, more sophisticated phishing techniques, and more dangerous exploit kit delivery systems will almost certainly appear as will new threat vectors that are not covered in the Malwarebytes report. The days of protecting your system with an anti-virus program are long over. The good news is that almost every consumer and corporation can do more than they’re already doing to increase their level of internet security.

Visit our website to see how we can help your business stay ahead of the next attack.

Posted in News Alerts, Newsletter Articles | Comments Off on CyberSecurity Awareness Month – Malware, Botnets and Ransomware

October Newsletter – Security Threats, Disaster prep and CyberSecurity Awareness Month

Posted in Newsletter Articles | Comments Off on October Newsletter – Security Threats, Disaster prep and CyberSecurity Awareness Month

CyberSecurity Awareness Month – Back It UP!

Protect Your Assets

Once you have identified your “crown jewels” and critical assets, build your cyber protections around these first as you create a trajectory forward to protect your entire businesses. Ultimately, your goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grow or adds new technologies or functions.

Protections will include:

  • implementing cyber protections on core assets
  • implementing basic cyber hygiene practices across the business

Now that you know the assets of your organization, it is important to implement protections. While the what you need to do will be based on your assets, protections may include:

  • Locking down logins: Using stronger authentication to protect access to accounts and ensure only those with permission can access them. This can also include enforcing strong passwords.
  • Backing up data: putting in place a system–either in the cloud or via separate hard drive storage–that make electronic copies of the key information on a regular basis.
  • Maintaining security of devices over time: This includes knowing that software patches and updates are done in a timely fashion.
  • Limiting access to the data or the system only to those who require it.
  • Backing up their work: Whether you set your employees’ computers to back up automatically or ask that they do it themselves, employees should be instructed on their role in protecting their work.

A good backup is the last resort to protecting data.  It allows you to recover with minimal data loss and get your business productive again.

Posted in Newsletter Articles | Comments Off on CyberSecurity Awareness Month – Back It UP!

CyberSecurity Awareness Month – Spam and Phishing

What is Spam?
Spam is defined as an unsolicited commercial bulk e-mail.
  • Promotional emails which you have subscribed to explicitly or inadvertently (those little checkboxes at the end of web forms)
  • Forwarded emails received from your friends (Some Junk mail can be stopped by simply unsubscribing)
  • If you have recently created an account with a company or website and you are now receiving email from them, read the message you are sent and look for an unsubscribe section (Caution- see Phishing below).
  • This will help keep us from blocking legitimate, commercial sites that actually follow anti-spamming policies.

What is Phishing?
Phishing attacks are used to steal personal identity data and financial account credentials of consumers.

  • Social-engineering schemes use spoofed emails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers.
  • Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond.
Posted in Newsletter Articles | Comments Off on CyberSecurity Awareness Month – Spam and Phishing