Should You Pay for a Ransomware Attack?

by

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone.

Personally, I don’t recommend paying a ransom. It encourages the criminals to keep doing what they are doing. However, as a small business owner, I could definitely see the desire to pay the ransom, get my files back, and make this all go away. I am adamant with all of my clients to have a good offsite backup just as we do. Not all have chosen to go that direction, but hopefully, you do, as it is just a matter of time before it is needed. Now, should you pay the baddies? Here’s what to consider.

Do you trust them?

Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable cryptocurrency, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?

Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect.

How much do they want?

Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?

Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date, or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?

More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place

Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Should You Let an Amateur Loose on Your Network?

by

Most of us know a fair amount about computers, even kids are joining circuits and coding programs in schools – but that does that make everyone an IT expert? It’s fair to say almost all workplaces have that employee who can finesse the printer or use shortcuts nobody else knows about. They have skills, absolutely, but they often know just enough to be dangerous to your business.

Knowing how to Ctrl+Alt+Del does not an expert make…

Hobby IT skills are learned on home computers which are very different to a professional business setup. When something goes wrong on a home computer, there’s no drastic impact if parts need to be replaced, data is lost or it stays down for a week or two. In a business setting, every problem costs time and money, usually creating a domino effect through the entire network. Would you gamble the success of your business with a non-professional who did a quick Google? It’s unlikely you’d let someone be your lawyer purely because they can deliver a stubborn argument, nor would you let someone perform surgery just because it looked easy on TV. Businesses have unique, specialist IT needs that go beyond amateur computer skills and there’s always going to be more at stake.

We’ve seen some things…

Designing and implementing a custom backup plan for your business is a particularly interesting area. While most home users skip this part entirely, an IT professional has seen (and recovered) all manner of situations and will use that knowledge to ensure that if the worst happens, your business is covered. This could mean anything from having a complete copy of your drive stored securely in the cloud or drilling down to backup only the most important data. An IT expert is equipped to help you identify the value in each piece of data and implement a plan so robust that if your business is ever hit by disaster or breach, downtime is minimal – along with losses.

Plan for the Worst and Hope for the Best…

If a disaster ever does occur, like fire, flood or theft, would an amateur know what to do? Who to call? These situations are so charged with tension and panic that making the wrong moves can lead to more damage. A professional helps design continuity/disaster plans, which map out exactly what should happen, who should do it and in what order. It takes out the guesswork and minimizes downtime. Perhaps more importantly, the expertly written disaster plan will include a complete risk analysis so that you know in advance where to strengthen your protection. It also includes a business analysis so you know which systems are dependent so you can stop the domino effect, plus know the legal/contractual impacts, financial impacts and so on.

Are You Ready For When the Fuzz Shows Up…

Your IT professional will also help ensure your business is meeting any regulatory requirements. Many businesses are subject to strict data rules set by government bodies, such as FISMA and HIPAA. The regulations change often and demand increasingly more attention to data security, with hefty penalties for businesses that fall behind. Professionals are constantly in the loop around upcoming revisions and how best to comply with little to no disruption to your daily business.

Your Software is Not a Sponge, it Should Not Have Holes…

Part of ensuring your business is safe means staying on top of software updates and patching multiple computers at the same time. The best option is to run the updates overnight before employees arrive for the day, and since the process can take a few hours and be quite fiddly, it’s generally not something amateurs will prioritize. Unfortunately, as we’ve seen with recent cyber-attacks, delaying a security update by even a few days can lead to disaster. Engaging an IT professional is a cost-effective solution that keeps your business running, growing and earning.

Shopping for a New Computer?

by

It’s a decision that comes with equal doses of excitement and overwhelm: getting a new computer! Unlike popping out to the shops for a new toaster, choosing the right computer comes with so many questions, most of which are usually asked in some sort of alien language. Helpful sales people offering RAM as it were a side of fries, measuring CPU speeds in ‘cores’, and listing specs that mean nothing around what you actually want to do.

That’s where we start. Not with tricky language that only makes sense to other computer geeks, we simply find out what you plan to use your computer for, then help you do it. Depending on your needs, we may even be able to provide the computer right there and then. Other times, we’ll offer guidance on what’s in the stores and make sure you’re equipped with all the magic words that get you walking out with what you need, and only what you need (at the perfect price!).

Then comes the real fun.

Once you’ve got that new machine home and out of the box, you’ve inhaled that new tech smell and taken plenty of selfies to remember the moment, the overwhelm can come flying back in. Which cord goes where? It doesn’t work like your old one! Why is it doing that?! How to put programs back on? Does it come with security already loaded? If you’ve had your old computer for a few years, you know you’re in for a bit of inconvenience, no matter how shiny the replacement is. What do you need to do to make the new computers yours?

Move your old files.

One thing most people forget during their new computer bliss-phase is how to get information off your old computer and onto your new one. If you know a thing or two about moving files to a flash drive, then this can be pretty easy as long as you put the files back in the same location. If your old computer is too broken to boot, this can be a real problem. You can either turn the old hard drive into an external drive or copy the data onto a USB stick using a bootable flash drive. This can get kind of hairy if you aren’t a technician, so you may want to leave that up to the professionals.

Set up your email.

Maybe you access your e-mail using a web interface. If so, then you’re done! Simply go to the same website you are used to going to and your e-mail should be there (as long as you remember your login password). However, if you use a local client (Outlook, Thunderbird, Apple Mail), setting up email can cause headaches even for a tech person. Getting the settings perfect can sometimes be more error than success. The most common problem we see is email that can receive, but not send. It’s a frustrating problem, especially when you’re sending important emails. We can set your email up successfully and ensure it both sends and receives, as well as add in any additional accounts you’d like to manage from the same app.

Save your favorites.

All those bookmarks you’ve made and carefully sorted (or not) are important. You may even have different collections of favorites in different browsers and the last thing you want to do is to find those pages again. Most web browsers have an ‘export’ function that can bundle all of your favorites up into a neat little file that can then be transferred to your new computer and restored. If this is above your pay-grade, we can retrieve your old favorites and put them onto your new computer, making your browser experience look and feel exactly as it did before, only faster.

Set up your software.

Quite often these days, software doesn’t come on a CD. While that’s forward thinking and reducing waste, don’t you miss having a disk you could install from and the license key taped to the back? We sure do! If you don’t have your original installation disks (or you never had one), you may be able to download them from the internet, just be careful you are getting it from a reputable site! If you ware having trouble, we can help you re-download your programs and reinstall them as long as you can find your licensing. As technicians, we also tend to go one step beyond and make sure the new software is optimized, updated and working well. While we’re doing that, we make sure your anti-virus is up-to-date and you’re as secure as possible against threats.

Connect extra devices

Sometimes it’s a matter of knowing what cord goes where or getting the right adapter, but sometimes new devices can present software problems. Printers, webcams, game controllers, etc all have unique drivers that need to be installed before they can work properly. Windows 10 is great at picking most of these up automatically, but if they’re not playing nice or your new computer is suddenly missing the correct plug, you may need to go to the manufacturer’s site to get the newest driver or even replace it if it is too old.

Why Your Business Needs Unified Threat Management

by

Sounds scary, doesn’t it? Almost like a swat team dressed in black is going to swing in and start yelling orders. While just as effective at disabling the bad guys, Unified Threat Management (UTM) is a special kind of IT solution focused on proactive protection. Consider it more like a team of virtual bodyguards that stand at the door between your business and the internet, keeping trouble out while your legitimate traffic can come and go normally.

With the increasing number of connected devices in your business network and the different ways your employees now connect, it’s more important than ever to set up dedicated security systems that give integrated protection. UTM is a series of solutions that work together, simultaneously layering your protection across the board. We’ll cover the four main inclusions here, and exactly what they can do for your business.

Robust Firewall

Put simply, a firewall keeps an eye on all the data coming in and out, looking for anything abnormal. While every home PC comes with a software firewall built in, those ones pale in comparison to what a UTM firewall can do. Remember the team of virtual bodyguards? Imagine the home firewall as an aging rent-a-cop with a flimsy baton, while the UTM is an ex-special forces soldier with a 10th-degree black belt in judo and a very large gun. It exists solely to make sure the data entering your network is safe, that it’s not part of a cyber-attack, and that in the rare event your network becomes infected, your servers aren’t being used to attack another business.

Anti-virus Where it Matters

With so much new malware being released daily, it’s easy to fall behind in updates and discover you’ve been infected. Your employees are likely doing their best, but manually scanning each file can be exhausting and time-consuming. Your UTM anti-virus is built into the firewall, ensuring known or suspicious malware is stopped at the door. It’s the first layer of defense that doesn’t allow malware to even make it through to your employees, so the risk is reduced. Clearly that’s the best outcome possible and will allow your employees to work at maximum efficiency, while you can run your business with confidence.

Spam Blocking for On-Premise Mail Servers

Most cyber-attacks come via email these days, with either an attachment or a link. Once clicked, the malware is released into the network to wreak havoc. Obviously, your employees are smart enough not to open random attachments/links, so hackers use phishing emails. These are emails that look legitimate and may refer to vendors you use, financial services you have accounts with, or even seem to be from other employees.

If you have an on-premise mail server, your UTM is going to be able to mitigate these threats. It strips down each email and checks it against high-tech legitimacy markers. If it sees anything suspicious, the email is marked as spam and either held for review or bounced away.

Your employees never see the attack, so they can’t accidentally fall for it. While the UTM is monitoring for phishing/fake emails, it’s also culling out the general spam that clogs up inboxes. Employees will no longer have to spend precious minutes each day wading through the junk, and the likelihood of missing an important customer email has greatly dropped.

Web Content Filtering

In a perfect world, your employees would only access work-related sites and do work-related things online. Content filtering can help you limit the risk they’re bringing into your business via these websites. Your UTM can be set to restrict sites that infect computers, such as adult content, gambling or illegal downloads. It can also be used to restrict access to productivity vampires like Facebook or Pinterest, either during work hours or completely. It’s up to your policies how much you’d like to filter and whether to add any flexibility. Some businesses allow social media during lunch breaks or have special reward hours each week. Simple tweaks like this can increase productivity overnight and give you the security you’re looking for.

You can see how a layered security solution like UTM provides a space for your business to thrive, where systems are secure, employees are able to maintain efficiency, and cyber problems stay outside the doors. The way the layers work together is more effective than a patchwork of separate systems, and a UTM is much easier to configure and maintain.

What’s Best for Your Computer: Leave it on or shut it down?

by

Most homes are trying to reduce power costs by turning off lights and appliances, but do the same rules apply to computers? After all, it requires more than flicking a switch on your way out the door. Some people believe you should shut down after every use to save wear and tear, others believe you should never shut down your computer – ever. Others simply want to make sure the pages and apps they left open are still there waiting for them. So, who’s right and what are they really doing?

Back when computers were clunky behemoths that took a long time to start, you’d go nuts at the person who shut it down when it was your turn because it took so long to turn back on. Or, you could leave it on forever and it would slowly start to get buggy and unstable due to memory leaks. These days, modern computers are built to work differently.

You should leave your computer on (but you can turn the monitor off)

Speed and maintenance are the big selling points here. You can literally sit down and start working where you left off without the delays of bootup, finding your program, opening your saved files, scrolling down… it’s all right there and ready. Computer these days use so little power that leaving them on just doesn’t use enough electricity to justify the constant on-and-off that most people used to do. Also, modern Windows operating systems are designed to perform regular maintenance tasks during an idle time when you aren’t using your computer. If you constantly shut it off or put it to sleep, it will never get the chance to perform those tasks or even worse, it could try to do them when you turn your computer back on, right when you are trying to use it!

But you should reboot regularly

All that being said, you will still need to remember to reboot the computer once in a while to allow it to ‘refresh’ itself. While your computer is on, Windows and other updates are running in the background. If you never reboot, those pending updates may stack up and be ineffective until they either force a reboot (at the most inconvenient time) or the computer becomes unstable enough that it will crash or you give in to a restart on your own. This is why a reboot can fix strange issues. There is a good reason IT people always ask “have you tried turning it off and on again?”

Unless…

There are times when actually fully shutting down your computer is the best option. If you are leaving town or otherwise not using the computer for an extended period of time, you may want to shut it down and unplug it to prevent any lightning strikes from affecting it. Just remember when you come home and turn the machine on, you may need to wait a little extra time for everything to ‘catch up’. If you notice a problem with the machine, like a funny noise or a suspected infection, you should immediately shut the computer down until you are able to bring it to your local repair shop. In cases of potential data loss, leaving the computer or repeated attempts at booting the machine on can make matters worse. Finally, older computers or those under heavy strain like gaming or video editing machines can benefit from a rest to allow components to cool down.

What about laptops?

Our general recommendations still apply to laptops. They are still computers after all. BUT, there are a few more things to keep in mind. Since laptops have two power modes (battery and AC power), it is important to note that our recommendations only really apply to when the computer is plugged in. If you are needing to use your battery, you are going to want the computer to sleep when it is not in use. Most laptops will trigger sleep mode when you close the lid, so keep that in mind if you are wanting it to stay on while plugged in per our recommendations.

The short version

Since the whole point of having a computer is that it’s ready to work when you are, we recommend leaving the computer on normally and simply restarting it when you finish working for the day. Don’t shut it down, just RESTART IT. That way the computer will be able to finish installing updates and turn back on by itself. It can do all of this while you are out of the office. It will be ready and be waiting for you the next morning with all of its maintenance and backup tasks finished, and you’ll get the best of both worlds – speed and stability.

Why Periodic Security Assessments Should Be Your New Normal

by

By now you know that building up your cyber security is just as important as building up your cash flow. Both are essential to your success, but while most businesses keep an eye on the financials, they tend to think cybersecurity is something they can set and forget.

Unfortunately, cybercriminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today. Instead of reacting to breaches and taking on the costs of downtime, lost files, and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these problems, you’re able to proactively set up adequate protection before cybercriminals strike. It’s best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that would otherwise be missed.

Regulations change – Are you affected?

Many businesses are kept to strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and timeframe. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. HIPAA is a great example of this. While it has always been required of covered entities, most doctors have regarded it as optional for some reason. Well, in the last year or so the HHS has stepped up their efforts maintain compliance with random audits. Our team can ensure your business is meeting the relevant regulations, diving deep to be certain you’re safe.

Security patches and updates are vital

It’s so easy to fall behind on your security patches, after all, it seems like there’s a new update every week and each one takes precious time to apply. What we’re seeing though, is that cybercriminals are targeting any business running late, and it’s basically easy pickings for them. If you’re unpatched where it counts, it’s like inviting them in. It is highly recommended to have a patch management plan in place to automatically take care of these updates. If there’s an issue that’s placing you at risk now, impacted you in the past, or will in the future, the bad guys will eventually find it.

Viruses are always evolving

Just like the human variety, computer viruses are nothing to welcome into your workplace. They’re constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cybercriminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include checking that you have the latest anti-virus, it includes identifying where you’ve had the most breach attempts and where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed

As your business has grown over the years (or shorter if you’ve experienced a recent surge), your entire setup has changed. More employees, expanded remote access, additional vendors, supplementary locations…the list really is endless. With each change has come a new risk, particularly if your security has been growing around you. It might be that your password policies haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. An expert will be able to see things from a different perspective, particularly as we make sure to think the same way a cybercriminal would.

What to do with your assessment results

While many experts might present you with a long list of problems and leave you feeling overwhelmed, a good assessment and workplan ensure you have a benchmark for progress. You’ll know exactly what you need to do, and perhaps most importantly, which actions take priority. Moving ahead, future security investments will be smarter as you focus on the high-payoff areas. You’ll also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

The True & Unexpected Costs of Being Hacked

by

There are the normal costs everyone associates with a breach, like getting your own server and computers fixed up, with maybe a little downtime. But really, most businesses view the possibility of getting hacked as more of an inconvenience than a bottom-line cost. For those who’ve come out the other side though, it’s a very different story. They know the hidden and ongoing costs of a data breach can be crippling, and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close after a cyber-attack. Here are a few of the hard, but common realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack gets into your system, things get expensive, and the longer the attack goes, the more it costs. Latest stats reveal most breaches aren’t identified for around 191 days, then it can take on average another 66 days to contain the damage. During this time you’re cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fee for experts to fix everything up, all the new tools and software they insist you have, and all the hours/days/weeks when your business is struggling with downtime, you’ll exhaust your emergency funds very quickly.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. Having any medical data or legal files leak is a particularly messy scenario with fines coming from multiple sources. In any case, new privacy laws mean businesses are liable for massive fines if they don’t disclose a data breach, even if only email addresses were stolen. Where this gets even trickier is that the burden is on your business to know exactly what data has been stolen/illegally accessed, so you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you still need to hire an expert who can identify exactly what the hackers took, from where and when.

Customer retention measures

In a double-down crush to your bottom line, not only does your business have to bear the cost of the hack, your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to engage PR experts, spend more on advertising, and go all out to ensure they survive to fight another day. Even so, your breach disclosure will still come up in search results for many years. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have Pentagon level secrets to protect, your business does have information that you’d like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. Think Coca Cola recipe, Big Mac Secret Sauce or 11 Herbs & Spices…While those corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret. It may not be a secret recipe, but your proprietary methods and databases have a black-market value all of their own.

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. That means no need to raid other department budgets in a panic, pay crippling fines, make embarrassing public announcements, or fight to retain your competitive edge.

We can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians can build a virtual fortress around your business that keeps the bad guys out while letting you thrive, and even monitor security with early warning systems. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe while keeping your IT costs low.

How to Survive A Hard Drive Crash: What You Can Do Today

by

There’s been a massive digitization of the population, which despite keeping everyone entertained and connected, comes with one gaping flaw – a hard drive crash could wipe out your data in an instant. Nobody’s immune, even grandparents routinely rock the latest smartphones and post on Facebook. Nearly all schoolwork is done on computers or tablets, ebook sales far outstrip their paper cousins, and photo printing is a rarity. Unless there’s a physical requirement like putting a photo into a frame, all our data is staying digital. People’s entire lives, their memories, and work are on personal hard drives, yet a large majority of households have no backups.

If you’ve ever lost your data or had your computer stolen, you know the panic and rage that follows…turning the house upside down, hoping desperately to find that USB stick that maybe your data was copied to, once upon a time…before collapsing onto the couch as it sinks in: there’s nothing left.

While hopefully your hard drive is still in good shape, surprise failures do happen. The mechanics don’t last forever, and even brand-new drives can be blitzed by a power surge. Theft is always a risk, as is user error like deleting files accidentally or even getting hit by a nasty virus that destroys or holds your files for ransom. That last one is tricky. Most households are using apps like Dropbox, iCloud or OneDrive as their backup, thinking if their hard drive crashes or gets stolen, they’ll just download the files from there. Unfortunately, those very handy apps are no help if you’ve been hit with ransomware. Almost instantly as the malware encrypts your local files until you pay up, those sync apps upload the infected versions – for your convenience. Older, safe versions of the files no longer exist, because these apps are designed to give a constant mirror of your drive, not a backup.

Stop for a moment and think about what you’d lose right now if your hard drive failed. What’s on there? Household management files like tax info, warranties you’ve scanned in, photos of your children or grandchildren, videos of first steps and school plays, maybe even your wedding video? While some losses are merely inconvenient, like recreating your budget or rebuilding your recipe collection, other losses are heartbreaking. It’s not a feeling we’d wish on anyone!

What You Can Do

Backing up at home used to be something only tech geeks did, but like everything cool, it’s gone mainstream. We recommend a 3-2-1 approach: 3 copies of your data, with 2 local at your home and 1 offsite.

Typically, this means keeping your regular hard drive where your data is now, one copy of precious files on a backup USB drive, and one that automatically uploads to the secure cloud as you add new files. That way, the USB drive protects your data if your computer dies, and the cloud copy protects you if something happens to the computer and your USB drives, like fire, flood or theft. It’s a good idea to make sure you unplug that backup USB drive afterward and pop it into a drawer, as connected devices can easily become infected during an attack or stolen during a break-in.

Two of these methods require you to actually pay attention, which is where many households struggle. It’s a rare home where someone takes the time to sit down each week and carefully run a backup. Not that it’s tricky, but unless you’re one of those cool geeks it’s pretty boring and not a high priority after a long day! That’s why we recommend a cloud backup solution or letting us take care of it remotely.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

by

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments. Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

Why Do Computers Break?

by

We know computers always break at the worst possible time, but what exactly prompts that failure? It’s easy to think it was something you did since you were using it at the time, but while your online gaming frenzy might cause a temporary crash, normal user actions are rarely the cause of a broken computer.

Physical Damage

Accidents happen, but they don’t always mean you need to buy a new computer. As an electrical item, liquid spills are a big problem. This could be anywhere from a spill on the keyboard or next to the computer, going overboard with the screen cleaning spray or even a flood that reaches the computer. Laptop users need to be especially careful when choosing their work surface, as cafes and kitchen tables often have small puddles left behind. If you’re lucky and the liquid didn’t fry the circuits, ongoing corrosion is still likely, as is stickiness to gum up the internal parts. Similarly, a dropped computer isn’t going to be happy, nor is one that’s been knocked around. Even a light thump of frustration can cause loose cables, disconnections and internal damage.

Age

Computer parts have an expected lifetime, especially moving parts like fans or mechanical hard drives. Some computers can run 24/7 for up to a decade, while others can be barely used but fail within warranty. When age is the issue there are usually early warning signs like extra noise or slowing down, but the actual ‘break’ generally happens when you go to turn the computer on, perhaps after a crash or overnight – either it makes a valiant effort before giving up, or nothing happens at all. Sometimes lasting age is the luck of the draw with how it was manufactured, and quality does play a big part in how long it can keep churning. This is one of the main reasons we always recommend commercial grade computers over consumer grade machines when budget allows.

Power Surges

We like to think electricity is a constant stream that never varies, but computers are particularly sensitive to both surges (too much electricity) and brownouts (not enough electricity). You might notice the lights dimming or flickering during a brownout, or glowing just a tad too strong during a surge. These variations never last long, and they’re not something you can control unless it’s just your house (it’s worth checking with your neighbors), but they can easily break your computer. A surge protector can guard against mild increases in voltage, but brownouts and strong surges will still cause damage. For optimal protection, we recommend a UPS (Uninterruptible Power Supply). A UPS can block the surges and fill in the low voltages to keep your computer running smoothly.

Heat

Overheating is a big contributor to premature computer death. Some computer parts run hot and need plenty of cooling to keep them working. You might not feel it from the outside, but internal components can rapidly build up heat that needs to go somewhere. When your airflow vents get blocked with dust or pet hair, the temperature continues to increase until components literally bake themselves to failure. At set temperatures, the computer will automatically switch off to try and cool down, however, the more often this happens and the higher the temps, the more likely your computer is to die. Even if your computer doesn’t shut off from overheating, the additional temperature still reduces the life of your components, so keep it cool!

Hard Drive Failure

Your data is stored on a hard drive, and if you’ve got a mechanical hard drive (most people still do), it works a bit like a record player with a spinning ‘platter’ and a needle (read/write head) that reads it. Small bumps, liquid, age, surges, and overheating can all trigger hard drive failure. Along with making your computer unusable, hard drive failure means your data is also lost. While sudden breakage might leave you surprised, take note of any strange noises or repeated crashes and always keep data backed up so when (not if) your hard drive fails, you are prepared.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy