The digital world today is changing at break-neck speed. The protections that worked not that long ago become out-of-date in the blink of an eye. Cyber crime has also become a rapidly advancing and sophisticated “industry”. The more you rely on the Internet, and you are probably more reliant than you realize, the more you need to ensure that your business is protected.

Some of the easiest decisions can also be some of the most harmful. Why bother to install additional protection when your carrier (Comcast, ATT, CenturyLink, etc.) gives it to you for free with your bundled software? Answer: this level of protection simply is not powerful enough to provide the protection you need today, and you need to seriously consider upgrading to business grade firewall and software.

But lets take it one step farther. Even the best firewall is not going to give you the level of safety you need if the right people are not managing it. Like pretty much everything else in the IT world today, firewalls start to become outdated almost as soon as they leave the factory. The right managed IT service will monitor and maintain that protection 24 x 7 x 365, installing patches and updates on a regular basis.

So, here are 5 reasons why your SMB will be better protected with a managed IT service that maintains your firewall:

1: Your company is not an IT company. You are in business for an entirely different reason. You are a law firm, a group of CPAs, you manufacture widgets, run a call center, service automobiles, etc. Just like you would not expect an IT service provider to give legal advice or fix your car, you should not expect the people in your company to set-up, run or maintain your IT infrastructure. “But I have an IT guy on staff.” That’s great. We recognize the value in that. But does he/she have the depth of knowledge that a provider with 25 to 30 certified engineers will have? Will he/she be available 24/7/365? Think not.

2: Hiring consultants is very expensive. Here is the problem with consultants: while they may be very knowledgeable, they are expensive and since they are not involved in the day to day IT operation of your company, quite a bit of money will be spent on the time they take to get up to speed on your network, much less solve the problems. (This goes for all IT problems, not just your firewall.) And you still run into the problem that no single consultant can have the breadth of knowledge that a large team of certified engineers will have.

3: Stuff breaks. Yes, firewalls are equipment and equipment can break. The right service will be monitoring this 24 x 7 and can jump into action as soon as it happens, with technicians trained for the job. Most importantly, your service provider will have a disaster recovery plan in place and be ready to get your network up and running in the shortest amount of time. No business, large or small, wants to start searching, then waiting for, a consultant to figure out what is wrong, then try and fix it. You want a full team of experts at the ready. (BTW, engaging a managed IT service provider is often also the most cost-effective way to go.)

4: You also need protection from internal threats. Employees frequently expose their employers to viruses, worms, and other malicious attacks on their infrastructure through unauthorized use of gaming, gambling, pornography, social media and online videos. Of course, this is not only a network threat, but also a serious threat to office productivity. The right professional team can manage this and keep the filters updated.

5: New threats are being developed daily. While we are not going to do a deep dive into cyber security here (see our Cyber Security White Paper), suffice it to say that cyber criminals are today focusing more on SMBs than on big businesses. Why? The large corporations that make the news when they are attacked have invested millions of dollars in cyber protection that no SMB can afford, but your IT management company will have partnerships with the top companies in the IT world and have the best protection software available.

DynaSis has been providing IT Network protection for the SMBs of Atlanta for the past 25 years. Our resources include a team of more than 55 professionals, including more than 30 highly trained and certified engineers who specialize in IT infrastructure security. Firewalls and firewall management are just one of our "12 Layers of Protection", a unique and proprietary cyber security program we use for our clients.

You would be surprised to learn how many people still use a password like shown above...or "Password" as their password.

There are many areas of focus when it comes to keeping your IT network safe and one of the weakest points has traditionally been employee laxity. When it comes to protecting the passwords your employees use when logging in, most people don’t take the precautions necessary to protect themselves…or YOUR business. Not long ago, simply occasionally changing your passwords was considered enough, but with hackers becoming more and more sophisticated, your means of protection needs to become more sophisticated, as well.

That said, most people do realize that that securely logging in is critical. They just don’t understand what it entails. If you already understand that simply changing passwords isn’t enough, you may be familiar with the terms “two-factor” and “two-step” authentication, which are both in wide use today. Many people assume these are two terms for the same functionality, but that is not the case. There are differences…somewhat subtle but also important.

The “two-step” process is still what we call a “single-factor” authentication in that you would have a single login password that you have likely memorized, but additionally, you would have to take an additional step. For example, you may be sent a one-time code via your smartphone. This is a common practice when changing passwords on a website that is used by the public. The single factor is your password; the two steps are entering your password, then entering the code you were sent.

By adding that extra step to the login process, two-step authentication does make logging in more secure than a single-step authentication (i.e. just the password). However, if a person or business is hacked, it will do only a little to stop hackers from getting a hold of whatever they are looking for.

To reach a higher level of security, the “two-factor” (AKA “multi-factor”) authentication process takes your security to a much higher level. This authentication process requires you to provide two different types of information, such as password or passcode plus a retinal scan or fingerprint. In this case, you are providing two entirely different types of information, requiring a much higher level of effort and skill on the part of a hacker.

Essentially, every two-factor process is also a two-step process, but the reverse is not true. Not every two-step process is a two-factor process. This important distinction can be the difference between keeping your company’s data safe or leaving a way in for skilled cyber criminals.

We believe that the best way to determine the process that fits your business needs is to ask for a complimentary IT assessment from your managed IT service provider, or take you analysis to an even higher level with a Strategic Technology Review.

DynaSis has been serving the needs of the small to mid-sized business community in Atlanta since 1992 with managed IT service, managed IT security, business cloud, and a host of other IT solutions.

Did you ever wonder how safe it was for you to be sending passwords or secret codes via airwaves through WiFi or Bluetooth? It can be a problem in that these transmissions can be susceptible to hacking and, once intercepted, the codes are susceptible to having the encryptions decoded. Well, a team of researchers…consisting of electrical engineers and computer scientists…at the University of Washington, believe they have come up with a solution with what they are calling “on-body transmission.”

Your cellphone fingerprint sensors and touchpads on many computer devices generate low-frequency transmissions that they have harnessed to send secure passwords through the human body.

“Fingerprint sensors have so far been used as an input device. What is cool is that we’ve shown for the first time that fingerprint sensors can be re-purposed to send out information that is confined to the body,” said one of the lead scientists, Shyam Gollakota of the U of W.

First results show a much more secure way to transmit authentication data to any number of devices, as long as the transmitting device, such as your smartphone, and the receiving device, such a medical equipment, are both touching your body at the same time. Your smartphone confirms your identity when you type in your password and transmits this to the other (in this case medical) device. This is accomplished by leveraging the signals that the smartphone is already generating.

The sensors in most up-to-date smartphones receive data about your fingers. The researchers came up with a way to instead use this data as output that ties in with data in your password. When used in a smartphone, this authenticating data actually travels securely through your body to the device seeking to confirm your identity. Among other uses, medical devices are high on the list. For example, this technology can be used to confirm identities before sending or receiving data from insulin pumps or glucose monitors.

As a managed IT service provider, we are always interested in new technologies, particularly those that involve security, often before the practical ways in which we will eventually use them for IT security are developed. It’s just one way we stay ahead of the pack. It’s early, but we believe that this may lead to a major shift in any number of security protocols. As for accuracy, the U of W researchers have tested the technology using a wide variety of devices, on people of various ages, weights and heights, and while sitting, standing, moving and even sleeping. They even tested it on various parts of the body – head, hands, feet, etc. The technology worked in all tested situations. Again, this process is still in its infancy, but the early results are very promising.

If you are keeping up–to-date with the latest on ransomware attacks making the news these days, you may be aware of a newly discovered insidious piece of malware called Satana. Satana appears to be an offshoot, or third cousin, of another ransomware Trojan named Petya, that has kept IT security professionals on their toes in their ongoing battle to stay one-step ahead of the cyber criminal.

Here is what makes Satana more difficult to deal with than the older Petya: In order to do its evil deeds, Petya needed help from a second Trojan called Mischa, which then attacked the computer’s master file table and encrypted files that it was able to access through that table. Satana is much more self-sufficient and is perfectly capable of encrypting files on your computer without any help. More than that, instead of attacking the master file table, it attacks the Windows Master Boot Record, which not only corrupts rebooting, but also inserts code directly into the booting process. Users have no way of knowing that by simply rebooting their devices, they are unleashing this malware throughout their computers, infecting the devices and encrypting file after file.

The first clue comes as a ransom demand that starts:

“You had bad luck.” It then goes on to let you know that your files have been encrypted and that to free up these files you have to send them an email, with your personal code, that they so thoughtfully provide. Of course, the instructions continue on, explaining that you will also have to pay the “ransom” of one half a bitcoin ($340). And all this appears on your screen in bright red text on a jet-black background. The whole thing looks like pure evil, which, of course, it is. Some very smart people spent a lot of time and effort figuring out how to steal your money.

The amount of the ransom can vary greatly. This is very smart. The amounts they charge (steal) are usually small enough that it makes more sense for you to pay the ransom than try and fight them. A larger company may be asked for several thousand dollars while a small one, as in this instance, just a few hundred. Smart and effective.

On the other hand, while the $340 (or more) may not concern you that much, there may be considerable downtime that can have a very adverse effect on your business.

Kaspersky Lab, a consumer-oriented developer of anti-virus, anti-spyware, anti-spam and personal firewall products with more than 400,000,000 customers world-wide, has called Satana the “ransomware from hell.”

As for “good news”, Satana is still new and not yet widespread, and weaknesses and errors in its code have been discovered, so IT security researchers and managed IT service providers are working on methodology to severely limit its effects. It is still unknown how the virus will morph and what long-range problems it may cause.

The good news, for the time being, is that Satana is currently in its infancy stages; it is not widespread, and researchers have uncovered errors and weaknesses in its code. On the flip side, it appears that Satana is positioned to evolve over time, and with its comprehensive method of attack, it has the potential to become the next major threat in the ransomware world.

As always, follow the basic rules of cyber security:

·    Make sure your data is backed up regularly

·    Do not open email attachments unless you know who they are from

·    Have your IT service provider install both Crypto-Prevent and Crypto-Containment software. Crypto-Prevent keeps known viruses out. Crypto-Containment is a newer development. If a system does become infected, Crypto-Containment identifies it quickly and immediately locks down the infected files, preventing further spread of the infection. These files can then be deleted and replaced from the backup.

DynaSis is a managed IT service provider, serving the small to mid-sized business community for a quarter century. We have been at the forefront of cyber-security for many years and have been instrumental is developing methodology for fighting all forms of malware that is now used across the country.

While there is no longer any question about the need for I.T. in business today, in many companies there is still the perception that information technology is more of a cost center than a valuable business asset. CFO magazine, in a recent survey, reported that almost 50% of CFOs felt that there was a misalignment between what the business needed from I.T. and what I.T. was providing.

This highlights the importance of CIOs, or whichever company executive is responsible for the company’s I.T. performance, CFOs and other top executives working together, often with the company’s managed IT service provider, to ensure that I.T. is providing the services the company needs. I.T. done right can be a powerful business tool that can help virtually any business thrive and prosper, but if not handled correctly, can just waste time, money, effort and become a true drag on business growth.

In fact, we believe that a business’s I.T. needs to be run like a business itself.

Here are some things you can do to make sure your I.T. is functioning at a high level, not just in terms of stability, but in terms of fulfilling your company’s needs:

1: The employees of your company are I.T. “users”, but they are also the “customers” of the I.T. department. Whether your I.T. is handled in-house, out-sourced through an IT service provider, or co-sourced (a third party augmenting the in-house team), the users should be treated as valued customers and their needs met.

2: On the other hand, there needs to be ongoing employee IT training for several reasons, including: not wasting the time of the I.T. department, not putting company data and infrastructure at risk, as well as enabling each employee to get the most out of all that I.T. offers. At too many companies, employees continue to use outdated methodology with which they are comfortable, when a few minutes, or hours, of getting comfortable with new technologies will make them more productive and more valuable to the entity paying their salaries.

3: Where feasible, actually create a system of charging each department for the IT services it uses in order to give each department head an understanding of the cost vs value relationship.

4: Take a good look at strategic co-sourcing or out-sourcing certain I.T. functions. As smaller businesses grow, this can provide your company with the ability to expand I.T. functions without the need for additional full-time employees. A good I.T. partner will have team members trained in many vital technology areas, a knowledge base that would be hard for your company to achieve on its own.

5: Finally, never stop analyzing and measuring performance with your goal being continual improvement.

Well-conceived, developed and managed IT can cut costs, increase productivity, decrease risk and drive growth, all leading to improved profitability. But to do this, IT and the rest of management must work together to determine the services each of the other departments needs…again, treating these company employees like customers. A company with a positive I.T. culture will constantly be looking for new projects that can help drive the business forward. It is this attitude that takes I.T. from “expense” to powerful business building “asset”.

DynaSis is an Atlanta IT services and cloud computing provider for small and midsized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—availability, security and mobility. We specialize in on-demand and on-premises managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.

It has been said that email is a cyber-criminal’s best friend. Email has become a very popular tool for hackers to go after their victims. If you think the day of the Nigerian Prince who is desperately seeking your help and willing to pay you $5,600,000 just for allowing you to use your bank account to transfer his family’s immense fortune into the USA, as long as you send him $5,000 to initiate the transaction, are over, you are sadly mistaken. It just morphs into a slightly different scheme. Earlier this week I received an email from James Comey, Director of the FBI, advising me that the $10.3 million dollars due me and that had been held up by international exchange problems was now being released. All he needed was my banking information, including my ID and password. It came from the email address FBIDirectorCmey@usa.com. And, yes, Comey was spelled Cmey.

While this was an attempt to attack me personally, it is an example (ok, a poor one from the hacker’s point of view) of one of so many attempts that are made every day.

A less defendable technique is the email coming from your very own bank…or your company’s bank…asking for verification of information for your own “protection.” Except that it’s a perfect copy of your bank’s email form but it’s not from them. Unfortunately, very smart people are still falling for this every day, including employees holding sensitive information at companies of all sizes.

Another target has become the business traveler. Spoofers set up travel sites dedicated to the business traveler, whose defenses may be somewhat diminished simply because travel tires you out and when you’re tired, you make mistakes. Say you are in Cincinnati and need to book a car in Omaha. You mean to visit Expedia.com but instead, type “expedia” into your browser, hit return, and Google rewards you with a whole list of choices. You click on rentalcars.expdia.com and reserve your car, giving your company’s credit card number, expiration date, and security code and, voila!, just like that, the cyber-criminal has all your credit card information. He spends the next five minutes racking up thousands of dollars on your card, which no one will discover until the bill reaches your accounting office and someone reviews it and discovers what has happened. This may be weeks after the event. They do the same thing with banking information, personal information, health care information, etc.

This can become particularly problematic when using cell phones. Many people are diligent about email security when setting up controls on their laptops and tablets, but smartphones are harder to protect, partially because the size of the content you are trying to read can be so small.

But one of the biggest problems is simply the fact that as soon as you protect yourself against one threat, another pops up in its place. One email security expert likened it to a game of Whack-a-Mole.

In a short article like this, we can only touch the surface of the problem, but if you would like to learn more, including what you can do to protect your company, check out our white paper on Email Security.

By the DynaSis Team

With bad news about cybercrime appearing daily, many small and midsized business (SMB) owners may be wondering, “How vulnerable am I?” After all, most of the news accounts of data breaches and other attacks relate to major companies, governmental entities, and other very large targets.

Unfortunately, the reason SMBs aren’t making headlines is because they don’t make great news, not because they aren’t favored targets. A quick Internet search will turn up dozens of stories about the vulnerability of SMBs, as a group. In 2011, Symantec’s annual Internet Security Threat Report found that companies with fewer than 250 employees constituted 18 percent of targeted attacks. In the 2016 report, that figured had risen to 43 percent, with SMBs being the most heavily targeted group.

Why are SMBs so attractive? Major corporations have big security budgets, and they can afford to implement the latest techniques to protect their networks. Many have teams of security specialists whose primary tasks are to keep cybercriminals at bay. SMBs don’t have these types of resources, and hackers know that.

Nevertheless, the vulnerability of SMBs wouldn’t be enough, by itself, to make them targets. If hackers had to expend days, or even hours, finding and attacking a vulnerable SMB in exchange for a handful of proprietary information, they wouldn’t do it. Fortunately for the hackers, they don’t need to.

An entire ecosystem of cybercrime tools now exists, and many of them are freely available. Hackers have also learned they can turn groups of vulnerable systems into “botnets.” Here, multiple computing devices are interconnected and used to scan the Internet, looking for compromised websites to hijack, open corporate network connections to infiltrate, and other inadequately protected resources. Making matters worse, cybercriminals continue developing new attack tools and approaches, and even large organizations have a hard time keeping up.

For SMBs, becoming a victim at some point is a near certainty. In fact, most experts no longer counsel organizations that they can completely prevent a breach. Rather, the goal is to mitigate the damage when one happens.

Fortunately, it is neither expensive nor complicated to secure your firm and its resources and substantially reduce your odds of attack. It is also possible to implement automated mechanisms that will detect penetration and stop it, quickly. However, these tools are sophisticated and it is usually neither practical nor cost effective for in-house IT support teams to manage them.

For most SMBs, contracting with a managed services provider or an IT solutions firm is the most effective way of implementing and managing stringent IT security. However, not all IT consulting or IT support companies are created equal. Some are more security focused than others, with certified professionals and the latest technologies at their disposal.

To help organizations better understand cyber security and the considerations for hiring outside IT security assistance, DynaSis has developed two white papers: Cyber-Security 2016 and Managed IT Security. Both are complimentary downloads on our site. In future blogs, we will drill down into greater detail about cyber security, so stay tuned!

Selection of an IT outsourcing company is a very important business decision. For almost a quarter century, Atlanta’s small to mid-sized businesses have relied on DynaSis’ for managed IT services, internet security, and 24 x 7 x 365 helpdesk support. Today, with cybercrime becoming an ever-increasing threat, DynaSis has become an industry leader in network protection and ransomware prevention. Please take a tour through our website at www.DynaSis.com or speak with a technical expert at 678.218.1769.