Sales: 678.967.3854
Support: 866.252.6363

There are a few things that cause you to have that ‘sinking feeling’ in life. We will be talking about one of them today - being hacked and what to do if it happens to you.

Switching on the TV or looking at social media news, constantly reminds us of the heightened level of cyber-attacks.  In 2017-2018, 76 percent of businesses were victims of a phishing attack1. And, over 92% of malware infections were delivered via email2.

Small to midsize businesses are simply not immune to cyber-attacks. We find ourselves in a situation of not if, but when, our company is hacked. In this article, we will explore what being hacked can look like and how to fix it.

Tell-Tale Signs You’ve Been Hacked

There are many ways that computer hacking happens. They include ransomware, which encrypts files then asks for payment to decrypt them to ‘bots’ which take over a computer and turns it into a slave to do the bot’s bidding.

If you become infected by any of the malware out there you often experience tell-tale signs:

  1. An on-screen message pops up - this is usually associated with a ransomware infection. It will let you know you’re infected and will insist on a payment in exchange for a decryption code.
  2. A pop-up ad - this is not a threat like a ransomware on-screen note. Instead, you will get random ad type messages pop-up whenever you open a browser.
  3. Your computer feels hot and/ runs slowly - malware often requires a lot of computer resources to run. This makes your computer run slowly and often overheat.
  4. Freezing and crashing a lot - assuming your computer is not extremely old, and that you keep it patched with updates, it should not randomly crash, and applications should not freeze constantly. If they do, chances are you have a malware infection.

Even if you don’t have any tell-tale signs you could still be infected. Malware variants are continuously changing and often are specifically designed to work in a stealth-like manner. This works well for the cybercriminal as it means the malware is less likely to be found and eradicated.

Ways to Deal with a Hack

If you are hacked, you need to contain the infection and remediate the incident. Hacks can be caused by many different routes. But once the hack has occurred there are several things you can do to contain the problem:

Disconnect and isolate: Many infections begin in one location and then move across a network to cause widespread infection. Ransomware, for example, can infect across a network and out into Cloud repositories, encrypting files as it goes.

Make sure your machine is disconnected from the rest of your network. This means unplugging the network cable and switching off your Wi-Fi connection. Take care to do this manually as some malware will trick you into thinking the computer is disconnected when it isn’t.

Decontaminate: Removing a malware infection can be tricky. Full decontamination is a process. One thorough way to eradicate an infection is to first remove the infected hard drive. Next, connect it as a non-bootable drive to another uninfected computer. Then, run an up to date anti-virus/anti-malware package from the host PC, to scan and quarantine any malware files on the drive. Now, remove any important files and documents from the hard drive before finally wiping the drive using a secure disk erase utility. You will then have to reinstall the operating system.

Change passwords: Malware infections can be used to log keyboard strokes, collecting passwords as they are used. Change any account passwords that may have been accessed via the infected computer.

Alert others: Make sure colleagues and your IT department know about the breach so they can check for any further breaches. Your company may also have to make a breach notification to relevant authorities as is required by some data protection regulations.

Reduce the risk of it happening again: Using a professionally managed cybersecurity service company reduces the chances of your organization being hacked in the first place. Even if you do end up being hacked, a managed services company can help to professionally and efficiently contain an infection or a breach. For example, if the hack involved ransomware infection, files and documents would likely be encrypted and lost.  An outsourced managed services company would be able to swiftly deal with the infection, remove it, and possibly recover any deleted files (some ransomware will make copies of files, encrypt the copy, and delete the original).

In addition, if you do choose to outsource cybersecurity, the managed service company will put a secure backup system in place before an infection happens. In which case, you will be able to fully recover files to replace those encrypted.

Managed Cybersecurity Services Have Your Back

In terms of health, “prevention is better than cure”, someone once said. The same is true of our cybersecurity health. Preventing a cybersecurity incident means you don’t have to deal with the aftermath. Remediation of a data breach and a hacked network, takes time; IBM finding that the average time to spot a breach being 197 days3 and then to contain it, a further 69 days. In that time, you have lost money, reputation, and suffered other intangible damages.

With cybercrime at an all-time high, we have to use proven methods to help us fight back. Managed Cybersecurity Services gives us the tools to reduce the likelihood we will suffer a cyber-attack, but it goes further. Having a completely hardened, 100% secure system is never possible; cybercriminals continuously change their tactics. Having an experienced team like those offered by DynaSis managed cybersecurity services on call, means you are covered, no matter what level of cyber-incident has happened. DynaSis will always have your back. DynaSis: The Right Choice for Your IT Support

Sources:

  1. https://www.symantec.com/security-center/threat-report
  2. https://www.tripwire.com/state-of-security/security-data-protection/three-quarters-organizations-experienced-phishing-attacks-2017-report-uncovers/
  3. https://www.ibm.com/downloads/cas/861MNWN2

Netflix, UPS, Facebook, your bank, and your power company are all companies that you receive emails from regularly. These are the companies that cyber attackers will use to send their phishing emails from to capture your personal information or to install malware on your device. These brands are sophisticated and believable. People click on these emails without thinking twice. Our job at DynaSis, a managed IT service company in Atlanta, is to educate our users on signs to look for that indicate the email is a phishing scam.

There are some proactive things you can look for to protect yourself from these attacks, and by working with DynaSis for IT support, we have the systems and tools available to help keep these emails out of your inbox.

Steps to Take After a Phishing Scam

So, what do you do if you find yourself as part of a successful phishing email scam? Here are a few self-recovery steps to take to after clicking on a phishing email.

  1. Disconnect Your Device: Disconnecting your device from the internet can help prevent the severity of the phishing attack. If you are connected using a wired connection, you can unplug the internet cable from your computer. If you are on wi-fi, go to your device wi-fi settings and disconnect. Disconnecting from the internet will help reduce the risk of a cyber attacker remotely accessing your device, prevent the malware from spreading to other devices on your network, and protect your information from being sent from your device.
  1. Change Your Passwords: More than likely you clicked on an email link and it took you to a website that mimicked your bank account, or another service, and had you enter your user name and password. After noticing that it was a phishing scam, you need to go to the real sites for these services and change your password. Be sure to create strong, complicated passwords using a variety of characters and numbers. The more confusing the password, the less likely it is for a hacker to break it.
  1. Notify the Company: Notify the company/organization that the phishing email came from. They will want to investigate the matter and make sure that others were not affected by the scam.
  1. Scan Your Device for Viruses: To be safe, you should scan your device for viruses following a phishing email attack. Make sure all of your anti-virus software is up to date and run a full scan of your system.
  1. Be Cautious of Identify Theft: If you believe that your information may have been exposed, be careful and on the lookout for any signs of identity theft.
  1. Protect Yourself from Future Phishing Scams: Educate yourself on what to look for in future phishing attacks. DynaSis provides IT support to small and medium sized businesses and can help train your staff to not fall for any phishing emails.

The best way to avoid a phishing attack is to be aware of what to look for. Learn more about How to Prevent Scams, Phishing and Mis-Sent Emails. DynaSis, a managed IT services company in Atlanta, has the products and tools to help keep you and your staff educated on cyber threats and how to be prepared. Fill out our form today or call 770.629.9615 to learn more about how DynaSis can help keep your company safe.

DynaSis: The Right Choice for Your IT Support

When you open your email inbox in the morning you no doubt experience a tidal wave of emails. You are not alone. Radicati1  looked at the world of emails and found that by the end of 2019 there will be 2.9 billion email users in the world. They also found that email use is only getting stronger every year. By the end of 2019, there will be 246 billion emails sent and received every day.

Email is an amazing way to communicate. Even with the advent of messaging tools and mobile messaging apps, email is still a major tool of business. But is this trust also its downfall?

In this article, we will look at three ways that email trust can and is broken, and how personal vigilance and the use of managed IT support can help you to fix it.

Email Scams

One of the most worrying scams of recent years is the Business Email Compromise (BEC) scam.

BEC scams are big business for cybercriminals. The FBI released a report on BEC scams2 showing losses of over $12 billion. And it is only getting worse, with BEC scam rates up by 136% since 2016.

BEC scams are all about tricking companies into releasing money. The cybercriminal behind the scam uses a number of techniques to achieve this. An example is the case of Walter Stephan3, the CEO of Austrian company FACC Operations GmbH. This BEC attack started with surveillance of Mr. Stephan. The thief was able to then send an email to the finance department that looked like it was from the CEO. This email contained an urgent message to transfer money to a new project (the recipient bank account being controlled by the scammer). In the end, FACC Operations lost around $47 million to the fraudsters.

How to Avoid Becoming the Victim of a BEC Scam

  1. Use a specialist service such as DynaSis Unified Email Management (UEM) which can help to stop spoof emails entering your inbox.
  2. Buy any domain names similar to your company domain - BEC scammers may create an email address that looks like your company email address to trick users.
  3. Use a training program to ensure staff are aware of the issue and know how to spot the signs.
  4. Use a double-check system when transferring large sums of money.

BEC scams rely on surveillance of key members of staff and tricking other staff members by masquerading as a key employee. The scam may or may not involve email account takeovers. It also may or may not, involve phishing emails, so let’s look at phishing.

Phishing

Phishing is all about stealing information such as personal data and/or login credentials, e.g. username and password. According to Wombat Security, 76 percent of businesses were victims of a phishing attack4 in 2017.

Phishing takes a number of forms:

Email phishing: An email which looks like it is from a legitimate company but is, in fact, a spoof. The email will either have a link to click on or contain an attachment that is infected with malware. The link will, typically, take you to a website, which looks like a real brand. It will ask you to enter personal data or login credentials. If you do, they will be passed immediately to the cybercriminal behind the phish. Links sometimes go to an infected website which will infect your computer with malware. Email attachments in phishing emails are infected with malware. If you open the attachment it installs malware on your machine.

Spear Phishing: This is a targeted form of email phishing. Many major data breaches have started with a spear phishing email, targeted at a system administrator. The cybercriminal stealing login credentials to privileged areas of a company's IT network.

SMiShing: Text messages and mobile app messages are being increasingly used as phishing conduits. Kaspersky5 saw a 300% increase in SMiShing (the text equivalent of email phishing) in 2017.

Vishing: This is a voice form of phishing. The phisher will call, pretending to be from a well-known organization such as a government tax office or bank. They will then attempt to extract personal information from you.

How to Avoid Becoming the Victim of a Phishing Campaign

  1. Use a managed IT service company like DynaSis to apply Unified Email Management (UEM) to prevent phishing and other email-borne threats
  2. Ensure your IT resources are patched and up to date
  3. Use second-factor login credentials wherever possible
  4. Security awareness training offers phishing simulation exercises to teach your staff how to spot a phishing email

Mis-sent emails

Data breaches aren’t just about cybercriminals stealing credentials and using them to access databases. Data leaks and accidental disclosure is a major issue for companies too. Data compiled by Gemalto shows that in 2017, 1.9 billion data records were accidentally leaked. Mis-sent emails are one area where sensitive information and personal data can be exposed. An example was seen during the 2014, G20 Summit. The Australian immigration department accidentally sent an email6 to the wrong person, revealing personal details of world leaders like Obama and Merkel. Sending sensitive or personal data to the wrong person can cause financial losses, reputation damage, and non-adherence with regulations.

How to Avoid Mis-Sent Emails Leaking Your Data

Preventing complex human-centered email threats, like mis-sent emails, requires a layered approach to security. DynaSis managed IT services in Atlanta can look at your normal working patterns and apply the right tools and training to ensure email is not your weakest link.

DynaSis: The Right Choice for Your IT Support

Sources:

  1. Radicati
  2. FBI released a report on BEC scams
  3. Walter Stephan
  4. 76 percent of businesses were victims of a phishing attack
  5. Kaspersky
  6. Australian immigration department accidentally sent an email

Compliance with data protection regulations can be a complicated, heavy load to manage, especially for small to mid-sized businesses. For example, Verizon’s 2018 Payment Security Report, shows that, although improving, only 52% of companies meet full compliance with PCI-DSS.

In the last few years, we have seen regulations updated to reflect new technologies and ways of working. Issues like data privacy are now placed center stage by regulations like the General Data Protection Regulation (GDPR) with legal nuances and exacting requirements. Meeting compliance requirements is a full-time and ongoing job. Often, companies have to meet a mosaic of regulations too, including state, sector, and global, complicating the landscape even more. Using managed IT services that specialize in helping your company meet data protection compliance is a vital tool in the compliance armory of the SMB.

To steer you down the path of compliance, DynaSis has pulled together five ways that data protection compliance impacts your organization.

Money: Fines for non-compliance with data protection regulations can be hefty. Under the GDPR, the largest fine is up to 4% of global revenue or $23 million, whichever is largest. Other data breach and non-compliance fines may not reach these figures, but they are still often tens of thousands of dollars. The World Economic Forum has stated that what was previously considered a large data breach a few years ago is now normal. The risks of a data breach cuts across companies of all sizes, and if you are breached you could end up with a large fine.

Data Handling: Data protection laws require you to look carefully at your cybersecurity, general security, and privacy when utilizing personal data and Protected Health Information (PHI). This can be complicated and involve various legal overtures. Your firm will need to have an understanding of data classification, audit, data privacy, and data security. This requires specialist skills. Managed IT service and support companies with compliance expertise help you meet regulatory requirements letting you focus on your core business.

Competition:  In a report by an analyst firm, 85 percent of U.S. companies believe that the data protection law, GDPR, will make it harder for them to compete with European companies. The Ovum report also pointed out that data privacy regulations are not uniform across the world. The U.S., for example, has “unclear, varying laws” across different industries and states. The California Consumer Privacy Act (CCPA) is one such U.S., state-centric law which came into effect in 2018. How this law impacts organizations outside of California can be a complicating factor in a company’s choice of where to do business.

Using a managed IT service firm, like DynaSis, with expertise in data protection compliance, including GDPR, CCPA, and industry-specific laws can ensure you are at your competitive best.

Skill costs: The changing technology landscape means that data protection compliance is also changing. Keeping up with new regulations and new laws is something that requires a high level of skill in the legal and technical aspects of compliance. Skills in the area of compliance cost money. The average salary of a compliance officer in the U.S. is $63,746 and can be as much as $155,000. Using an outsourced IT services company helps to bridge this cost.

Reputation damage: The 2017/18 Kroll Annual Global Fraud & Risk Report found that three-quarters of companies experienced damaged reputation due to fraud and cybersecurity incidents. Data protection regulations are designed to prevent data loss, which would otherwise result in company profile damage. Managed IT services and IT support help to get your compliance measures into a compliant state to help prevent data breaches.

Fixing the Compliance Headache Using Managed IT Services

Data protection compliance is not something to take lightly. It requires expertise and diligence to meet the exacting requirements of modern data protection regulations and laws. Getting compliance right when you are a small to midsize company is a challenge. However, experts like DynaSis, who have a deep knowledge about data protection regulations, can take the weight of compliance from your shoulders. Outsourcing compliance makes sense when the needs of these regulations are complex and nuanced. Using DynaSis will help your company achieve compliance and let you get on with your core business.

DynaSis: The Right Choice for Your IT Support

In 2016, a business was attacked by ransomware every 40 seconds. In 2017, we saw a massive global ransomware attack, known as WannaCry, hit businesses of all sizes and across all sectors. Attacks of ransomware also rose by 350% in the same year, according to Dimension Data. And, Kaspersky said that a single ransomware attack can cost a small to midsize business up to $99,000.

Ransomware is a sinister and costly form of malware that has taken the cybersecurity world and our businesses by storm. Using managed cybersecurity services can help prevent ransomware infection or can help manage a ransomware incident if the worst does happen.

But what is ransomware and how can managed IT services and IT support help to prevent it?

 

What Happens When Ransomware Hits?

Ransomware encrypts files and documents on your network. Once they are encrypted you will not be able to open them. The malware can encrypt files right across your network, even those in Cloud repositories. If your business becomes infected by ransomware you can expect the following to happen:it support encrypted files

  1. You will likely see a pop-up message on the screen of the infected computer;
  2. This message will say something like “Oops your files have been encrypted”. The message will tell you to pay an amount of money (usually several hundred, often thousands of dollars) in bitcoin or similar crypto-currency, to receive a code that will decrypt the files; and,
  3. The message will threaten to delete the encrypted files if you do not pay within a given time span.

Infection by ransomware is costly, not just because of the extortion price, but because of the disruption to your business.

 

How Do You Become Infected by Ransomware?

Infection usually happens in the following ways:

  1. Email attachment: Ransomware can be delivered via a phishing email which contains an infected attachment, such as a PDF or Word document. If a user opens the attachment it can automatically run a small software program embedded in the document which then installs the ransomware. A report by Symantec found that 88 percent of malicious emails used attachments to infect computers.
  2. Email links: Malicious emails sometimes contain links to websites which themselves contain malware. If you click on the link you can be automatically infected by ransomware without even being aware of it.
  3. Infected websites: If a website is infected with malware, just navigating to it could result in your computer becoming infected with ransomware.

 

How Can You Prevent Infection by Ransomware?

The world of cybercrime is continuously updating the methods used to attack your organization. Keeping ahead of cybersecurity threats requires vigilance and expertise. Using managed IT services, like DynaSis in Atlanta, that offer experts in cybersecurity, gives you the best possible defense against ransomware.

DynaSis provides a managed cybersecurity service that protects across all of the target areas used by cybercriminals. Our managed cybersecurity uses a layered-approach to prevent ransomware, which includes:

2018 has seen continued ransomware campaigns. Malwarebytes has found a 55 percent increase in cyber-attacks, including ransomware, during Q3 of 2018. Keeping on top of cybercrime is a time-consuming and costly exercise. Managed IT support and IT services can do this job for you, keeping your IT resources free of malware and allowing you to get on with the job at hand - making your business successful.

 

DynaSis: The Right Choice for Your IT Support

Running a company is more than a full-time job, and it takes diligence, focus, and great management to make a business work well. But running a modern business means using modern methods of work. Small businesses need to be innovative to compete. This means using best-of-the-best technology solutions. Fortunately, with the advent of Cloud and mobile computing, the small to midsize business (SMB) can have the same type of technology as their enterprise cousins. But with this technology comes increased and often complex management issues.

Finding skilled staff to manage your IT resources is not easy and IT skills are hard to come by. Research into the skills gap shows growing concern in finding skilled staff. A study by Career Builder has shown that 60 percent of U.S. companies have vacancies that remain open after 12 weeks. The study also found that 67 percent of companies are concerned about a skills gap.

IT skills, and cybersecurity skills, in particular, are much sought after. The skills gap in cybersecurity is expected to see a shortfall of around 3.5 million cybersecurity jobs by 2021.

Let’s explore the benefits of engaging an IT support expert to make sure your technology use goes smoothly.

IT Support Benefits That Keep Your Operation Running Smoothly

Our businesses are embracing the digital revolution, just as our chances of finding a skilled person to maintain the technology is decreasing. Outsourcing IT tech support is the alternative that can give us the benefits of technology without the headache. Here are 5 reasons why you should hire an IT support expert:

Benefit 1: Reduced cost of staffing

The average salary for an in-house IT support person who has reached expert qualified level, is around $52K and can be up to $90K, without work benefits included. You are paying for expertise and using a fixed cost. In addition, in a SMB environment, the IT support person might not always be needed. Using managed IT support services allows you to use a variable cost model for your IT support and budget accordingly.

Benefit 2: Maintain core business focus

IT staff need to be trained in your company ethos, ways of working, and other areas. They require phones and other supplies. This takes time, money, and effort. Using a managed IT expert will allow you to focus on your core business. DynaSis operates a close business relationship by taking the time to understand your business. The result is a seamless extension to your in-house staff.

Benefit 3: Access to top people

Managed IT services employ the best in their field. There may be a limited pool of skilled people, but they will gravitate to companies where they can showcase their strengths. DynaSis managed services only employ domain experts with vast experience - we give you the best possible IT people for a fraction of the cost of recruiting and employing someone of that caliber directly.

Benefit 4: Access to better technology

Technology changes quickly. Having expert IT people who understand your business can ensure that the decisions you make around technology choices are the best for your organization. Having the most relevant technology in place, and working seamlessly during an upgrade, will keep your company competitive.

Benefit 5: Improved security

IT support is a vital cog in a wider technology machine. This includes working with you to improve your cybersecurity. Choosing a managed services company, like DynaSis, who are experts in cybersecurity and compliance, gives you access to experienced staff. Hiring a managed services IT expert will mean your IT security is monitored. It also ensures that company day-to-day security issues, including everything from forgotten passwords to software patches to phishing emails, are taken care of promptly.

 

Focusing on your core business is vital in a competitive world. Hiring a managed IT expert allows you to do that, while at the same time, giving you access to best-of-the-best IT staff without the cost. In a world where IT skills are at a premium, and experienced staff expensive, having a partner like DynaSis gives you access to scarce resources allowing you to focus on what you do best - your business. Call us today at 770.629.9615 to learn more about why DynaSis is the Right Choice for Your IT Support!

You have no doubt been hearing about cloud networks over the past few years and understand that many businesses are searching for more and more ways to utilize this technology. As with most everything new that comes along, there are benefits and challenges. That said, you don’t want to be the company that fails to embrace new technology and find yourself being left behind. To do so you may find yourself virtually irrelevant when being considered by potential new customers or clients as they choose to partner with firms similar to yours, but that are more up-to-date in terms of network security, versatility, and speed to market. Here at DynaSis, having provided IT support in Atlanta for more than a quarter century, we can give you proper guidance in determining your best way forward.

One of the first decisions we will help you make is to determine the type of network in which you need to invest: public, private, or hybrid. A private cloud network is usually one that is owned by a large company and only serves that company, while public cloud networks are generally owned by major corporations and serve many companies of all sizes. There are also public clouds owned by very small companies, but we advise you to be very careful before engaging with this type of vendor as security may be a concern. Hybrid clouds, as the term implies, combines features of public and private. Which one to use is a determination in which we, as an IT support company in Atlanta, can give you guidance, but for the purpose of this blog, let’s take a quick look at the different deployment models.

 

IT Support for Private Cloud

In a private cloud computing model, a company uses its own proprietary architecture to run its own cloud servers within its own data center. This is what we call “single tenant architecture”. Your own hardware is used within your own premises and your IT team has direct control of the underlying infrastructure.

 

IT Support for Public Cloud

In this cloud computing model, a third party, generally a significantly sized company or major corporation, provides complete computing resources over the internet. Because the vendor is providing a complete service, the customer (your company) does not need on-premises server hardware. This is what we call “multi-tenant” architecture. Costs can be variable with rapid adjustments made as business’s computing requirements change.

 

IT Support for Hybrid Cloud

This, of course, is a mixture of the above, combining some of the benefits of public and private.

Choosing between the different cloud models requires an in-depth look at your current infrastructure. DynaSis provides a complementary IT network and security assessment. During the assessment a highly experienced Solutions Architect and staff will analyze your network for capacity, security, speed, flexibility, and how up-to-date all your equipment is in terms of technical support and expected life.

If you choose, we will then provide you with cost estimates that may include new equipment that can be financed in such a way that your upgraded service and equipment actually costs the same or even less than your current costs. Because we assume the financial risk of the new equipment, we have the incentive to make sure it is always running at peak performance. This is truly a win-win situation.

 

Want to learn more about our IT support in Atlanta? Give us a call today at 770-629-9615 or contact us online. And remember, we are DynaSis: The Right Choice for Your IT Support!

Combining your cat’s name with your street address number does not make a secure password. Whiskers2089 just won’t cut it. In fact, most of the “fool-proof” passwords people use are anything but. Chances are, they have made one or more of the commonly used password mistakes and, unfortunately, almost anything we do to make remembering them easier for us, makes it easier for hackers to crack them. Our brains are filled with so much information these days, it’s very tempting to take the easy path, but as an Atlanta IT services company, we have to let you know that this can open you up to security breaches.

 

What is a Weak Password?

Have you ever created an account on a website and they let you know if the password you are entering is weak or strong? This can be very helpful, but so is knowing the criteria that determines this. Here are things that as an Atlanta IT services company we have found keep passwords from being strong:

Remember, your password is a code and the more complex it is it, the harder it is to decipher.

 

Using One Password

Using the same password very every website is a bad idea. While it might make your life easier, it also makes life easier for those who would try and hack into your accounts. As an Atlanta IT services company, we know how difficult it is to deal with a hacked bank account. Imagine if all your bank accounts, credit cards, and store cards were hacked at the same time! As annoying as it may be, you really need different passwords for each account.

 

Password Storing

We all have seen prompts to store passwords when we open up new accounts or change passwords. It certainly makes life easier…until it doesn’t. It greatly increases the chances of one or more of your accounts being hacked, and, if you are using the same password on multiple accounts, it gets even easier.

 

Creating Strong, Secure Passwords

Here are some basic, generally accepted tips:

There are practical and impractical ways to create safe passwords. We have all created online accounts and been given suggested passwords. Something like: FH78$5dJu#2wQhUjkL. But just try remembering passwords like this for four credit cards, two store cards, and two bank accounts!

That said, here is a new perspective: current thinking indicates that the most secure passwords are actually strings of unconnected words: transformermobiletandem or platterjockeyfences. Then add some capital letters: transFormermobilEtaNdem. We’ll explain this in more detail later.

You’re probably thinking: I have eight financial accounts; how can this possibly be practical? Or, I’m running a business. I can’t expect my employees to do that. Let’s look at some practical solutions.

 

Password Managers

This is a practical solution for many businesses as they allow you to maintain a large number of passwords as well as in depth information about your accounts. They work in the same manner as the auto-populate features that fill in your online forms by storing your login credentials for your different accounts so that when you go to these accounts, your passwords are automatically entered. An additional benefit of this type of application is that it discourages hacker attacks such as “keystroke logging” where the hacker is able to figure out your passwords by surreptitiously recording your keystrokes. It also means that once your passwords are stored inside the app, you only have to remember a single password.

Many password managers also incorporate multi-factor authentication, something that we as an Atlanta IT services company applaud. The best way to explain this is by example. Did you ever need to reset your password from a bank and they required you to copy a code they sent you and paste it into a blank field on your screen? This is one form of multi-factor. “Multi” means more than one way to identify you. Fingerprints and retinal scans may also be used.

 

Realistic Password Protection for Individuals

While in today’s world, nothing is truly 100% safe, we believe that the average person can develop a system to get almost there. Here is one method that may work for you. Just keep in mind two things: 1 – your passwords still need to be changed every three months, and, 2 – it’s still a bit of work. There is no such thing as simple password protection.

As we stated above, experts currently believe that the most secure passwords are those made of three unrelated words, like carouseltabledrum or relaxsweetfloor. Then change a couple of letters to capitals using a system so you can remember which ones you changed. Let’s say you were born in 1968. Capitalize the 6th and 8th letter so you have carouSeLtabledrum or relaxSwEetfloor. That’s the concept. Now, to put it into action, make a list of six totally unrelated words. We already are using: carousel, table, drum, relax, sweet, floor, so we will stick with these. Important: the first letter of each word must be different.

To remember these first two passwords, we are going to remember the first letter of each of the words: ctd and rsf, then for every additional password we need, do the same thing using different combos of these six: fds, tds, dsr, etc. In other words, we are using different combinations of the same six words, and capitalizing two of those letters.

Now, in your smart phone, under a fake name (that you will remember), create a list that starts with the last two numbers each of your financial accounts and ends with the three letters of that password:

56ctd

44rsf

87fds

You can now go to the fake name in your smart phone and you will see that the password for your credit card ending in 56 is carouSeLtabledrum.

 

IT security is becoming more complex by the day. Why? Because really talented cyber criminals are working day and night to figure out new ways to compromise your network and gain access to your most sensitive information, or to lock your files and hold them for ransom. At DynaSis, we have been on the job for more than a quarter century, protecting small to mid-sized businesses across metro Atlanta. Give us a call today at 770-629-9615 so we can discuss how we can protect your business and why DynaSis is the right choice.

For the past few weeks, we have taken a look at disaster planning and recovery and this week, to wrap things up, we are presenting a “checklist” of best practices for your consideration.

Continuity of IT Services

The value of daily continuity, the ability to recover quickly from minor outages, must be taken into consideration when you quantify the cost of business continuity in general. Businesses that experience frequent downtime know that it can be expensive. If yours is a company that has seen repeated short-term downtimes, you are probably very well aware of this. If this is the case, you need to re-evaluate your RTO and RPO to ensure you are adequately recovering your business following events like this. Of course, you also need to look into why these events are repeating.

 

RTO: Recovery Time Objective – the amount of time it will take to restore lost or corrupted data.

RPO: Recovery Point Objective – the point in time to which you can afford to lose some data. In other words, can you afford to lose a week’s worth of data (not many companies can), a day’s worth, an hour, or none at all.

 

Managed IT Support

For companies whose goals are zero to very short recovery periods, they should be evaluating a move to managed IT service providers who will work under service-level agreements guaranteeing acceptable RPOs and RTOs for their critical applications. Under service-level agreements, you can even specify zero downtime for those critical applications.

 

Back-up IT Solutions

It is probably not necessary for all your business applications to have the same RTO and RPO. Typically, you will want your email and business contacts to be recovered almost immediately, but some areas, such as accounting and inventory, can generally tolerate being down for several days. To recover quickly, this type of data can actually be stored in smartphones and other remote devices as alternate back-up solutions.

 

Upload Time

Included in recovery time must be the time required to upload data along with the application itself. Two examples:

1) a CPA firm may have to upload hundreds of complex accounting documents

2) an architect may have to upload a terabyte or two of blueprints and other drawings for his people to work with before they can be fully functional.

 

Full Documentation and Storage

When all your research and calculations have been completed and plans for upgrading your disaster prevention and recovery strategy have been completed, make sure all your work is fully documented and stored. This information can be critical in resolving issues in the event of such a disaster, and for future upgrades, as well. No sense ever having to go back to “square one”.

 

Annual Testing

Your backup and recovery process should be tested at least once a year. If this is beyond the technical capabilities of your in-house staff, a qualified managed IT support company should be hired to accomplish this.

 

Return on Investment

A rule of thumb in the industry is this: the total cost of your disaster prevention and recovery program should not exceed the losses it is designed to prevent. You don’t spend $2 to save $1. But it does make sense to spend $.50 to save $1.

 

If disaster recovery and prevention is an area you would like to explore, give us a call. We have been providing managed IT support services to small to mid-sized businesses in the Atlanta metro area since 1992, and we would welcome the opportunity to answer your questions. Call us at 770-629-9615 or contact us online.

Last week, in part 3 of this series, we took a look at creating a Business Impact Analysis to determine how much a serious data loss could cost your company, and how to determine how time – both in terms of how much data you could afford to lose and how quickly you would need to recover it – figures into your calculations. This week we are continuing our review of disaster prevention, recovery, and IT support with a look at just how much peace of mind is worth and next week we will finish this series with a check list of disaster recovery strategy best practices.

The Question

With all the information we have collected using the tools we have presented over the past three weeks, you can actively look at the cost of purchasing backup equipment, or at least know where you can locate it in an emergency, as well as the backup solutions and managed IT support company that you can call on when needed. You can evaluate cloud-based backups, some of which can be set for updates as often as every few minutes, and evaluate the recovery time. Recovery can vary from almost immediate, to hours, to days. You can install a system in which your most important files are recovered very quickly while others are restored over a number of days. The thing is, almost anything can be accomplished with today’s technology. The question you have to answer is: what do you really require and how much are you willing to pay for it?

The Answer

What we suggest is taking a look at a worst-case scenario. Price out the equipment, tools, software and personnel you will require. Balance that against business losses that might be incurred if such an event takes place. Then look at options for less catastrophic events and analyze the downsides of drive crashes or local power outages. These are more easily resolved but only if you are prepared for them.

The Solution

Vendors are important, but even more so will be an independent managed IT support company that will sort through the marketing hype that every company puts out and help you determine the equipment and software that is truly best for your company. Once you have worked through your options, you can make choices and move forward. A word of caution: all too often, companies go through the exercise of determining how they should prepare and react in the event of cyber intrusion, equipment failure, man-made or natural disaster, but fail to actually pull the trigger and spend the money necessary to implement that plan. Don’t be one of them.

Contact DynaSis Today

Here at DynaSis, we have helped many companies create their disaster prevention and recovery plans. Most are surprised to learn that we are able to provide all the equipment they need with little to no money out of pocket by tying the cost of the equipment into a monthly IT managed support agreement that covers all the equipment, software, maintenance, help desk and field support they need for not only possible disasters, but for trouble-free, worry-free daily operations. They are also surprised to learn that this service usually costs no more than they are currently paying for IT, and often costs even less. Want to learn more? Give us a call today at 770-629-9615.

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram