How Losing a Mobile Device Puts Your Entire Business at Risk

by

Losing a mobile phone or laptop is an experience that everyone dreads. The expense and inconvenience of buying a new device is unpleasant, but only represents a fraction of the damage done when a device is misplaced. The cost of data contained within every device can add up to many times more than the total value of the device itself.

Chances are, you already use automatic login on a large variety of online services. Each of these services are vulnerable to an attacker having possession of your device.

Usernames and passwords – An obvious place for an attacker to start is the likely long list of usernames and passwords saved for future use by your browser. This is often done to save time when logging into sites that you visit often. Almost universally, people opt to save login information so that they don’t have to attempt to remember it every time they return.

In only a short amount of time, a browser is trained to log in to your Facebook, cloud storage, and bank details just by visiting the page using your regular device. These details, called up by the browser, are saved in a single list accessible to anyone with access to the device. For an unscrupulous stranger with a found device, this list represents a goldmine of information. Simply by finding a phone misplaced in public they may gain access to a huge array of services.

The problem can be made many times worse where a single password or a combination of similar passwords have been used across several accounts. In some instances, an attacker need only gain access to a single one and reuse the same stolen credentials across many sites and services.

Email – Email accounts are a key target for attackers looking for access to your personal information. It is a service that many take for granted, logging in once the first time they set up the device and using automatic login every time after. It is a service that also unlocks a great deal more than just private messages. Of course, an attacker having free access to read your personal emails is bad news, but with email access a malicious user can gain access to many of the most commonly used web services online.

Using the “forgotten password” button on many sites triggers a response that emails a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords to one of their choosing. Doing this both grants themselves access to your account and denies you access to rescue it.

Contacts – One of the best features of instant messaging is that your contacts know the messages come from you. When a message is sent from your device to someone you know it displays along with your name, details, and likely a photograph too. This can lead to identity theft, one of the biggest concerns of a lost or stolen device.

With contact information already programmed in an attacker has an opportunity to impersonate you when speaking to anyone in your contacts list. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.

Social Media – Your social media accounts are often the face of your brand. They can be a primary way to reach out and contact customers. They are almost always the first point of contact a client has with your business. They are also extremely vulnerable to being hijacked from a stolen device.

Fraudulent social media access can allow attackers to harvest both client and business data. Even without profiting directly, posting privileges can be used to cause irreversible damage to a business.

Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer.

We can help you to stay secure and remain in control even in the face of losing a device. Give us a call at (515)422-1995 and let us help secure your business.

The Top 5 IT Security Problems for Businesses

by

Companies that suffer security breaches nearly always have one of these IT security problems. Is your company guilty of any of them?

No Backups

A shocking number of businesses are not backing up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.

Not only should every business be fully backing up their data, but their backups should be regularly tested to work too. It’s a step that businesses miss surprisingly often. Many businesses don’t find out that their backup can’t be used until it’s already too late.

Reactive and not proactive

The world is constantly changing. The IT world doubly so. Attackers are always figuring out new ways to break into businesses, hardware evolves faster than most can keep up, and old systems fail due to wear and tear far quicker than we would like. A huge number of businesses wait until these issues impact them directly before they respond. The result is higher costs, longer downtime, and harder hitting impacts.

By responding to hardware warnings before it fails, fixing security holes before they’re exploited, and upgrading systems before they are out of date: IT can be done the right way. Being proactive about your IT needs means systems don’t have to break or compromised before they are fixed. The result for your business is less downtime, fewer losses, and lower IT costs.

Weak Passwords

A surprising number of people will use the password “password” to secure some of their most important accounts. Even more still will write their own password on a post-it note next to their computer. In some cases, many will even use no password at all. Strong passwords act, not only as a barrier to prevent unwanted entry, but as a vital accountability tool too. When system changes are made it’s often essential that the account that made changes is secured to the right person.

With an insecure password or worse; none at all, tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.

Insufficient Staff Training

Humans in the system are commonly the weakest point in IT security. Great IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate. If staff aren’t trained to use the lock, it’s worth nothing at all.

Often times businesses can justify spending big on security for the latest and greatest IT defenses. The very same firms may exceed their budget and spend almost zero on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat where it takes place, avoiding and mitigating damage, often completely.

Weak Data Controls

Some companies can take an ad-hoc, fast and loose approach to storing professional data. Often crucial parts can be spread across many devices, copied needlessly, and sometimes even left unsecured. Client data can be found regularly on employee laptops, mobile phones, and tablet devices. These are famously prone to being misplaced or stolen out in the field along with vital client and security data.

It can be easy for both employees and firms to focus on the costs of devices and hardware purchased for the business. The reality is that the data held on devices is almost always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since the firm was first founded. Critical data is often held on single machines that haven’t been updated precisely because they hold critical data. Such machines are clearly vulnerable, outdated, and prone to failure.

Common problems with simple solutions

Each of these common issues have simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.

If you need help securing your IT to protect your business, give us a call at (515)422-1995.

Protecting A Business from Internal Threats

by

When considering IT threats to your business many articles focus on hackers, viruses, and attacks from external threats. These dangers are real, constant, and easily identifiable. In many cases, however, the largest threat to a firm comes from inside the business itself.

People inside the firm often pose the largest single threat to systems and security. These individuals often have trusted access and a detailed working knowledge of the organization from the inside. Employees therefore deserve the largest security consideration when designing a safe business system.

It is important to first distinguish the type of dangerous employee we want to defend against. We’re not talking about an otherwise model employee accidentally opening a malicious email or attachment. Rather, a disgruntled employee seeking to do damage to your business. An employee who may wish to destroy services or steal clients and files from your firm.

Security Policy

Some firms, particularly young businesses, grant employees system-wide permissions from day one. This can make administration appear simple, preventing further IT requests in future. Granting system-wide access is an inherently risky strategy.

Private information relating to the business should be restricted access information. Many types of files need to remain confidential, often as a legal requirement. Human resource files, salary information, and employee documents should be limited to only a select few employees. Yet, businesses often keep confidential information in public places on the network.

Granting system-wide read and write access can appear to save time short term. It is, however, a security policy which only serves to cause security, administration, and potentially legal troubles in the future.

The Principle of Least Privilege

The principle of least privilege is a vital tool, helping you to handle internal IT security. It defines a security policy which ensures staff can access only the resources, systems and data they require to carry out their job.

The policy protects the business from many different types of threat in day-to-day operations. Even where malicious attachments have been opened by accident, the damage is limited only to the work area of a single employee. This results in contained damage, less time needed to restore from backup, and drastically reduced downtime for the firm.

Along with limiting accidental damage, malicious employees looking to destroy or steal data are limited too. With restricted access, an employee with a grudge or profit motivation can only damage or steal from their own area of operation. This helps to ensure that no single employee can damage the entire firm’s operations.

Security Policy In Practice

A member of staff within Human Resources, for example, may have read and write access to the employee database. This will likely include payroll information and sensitive data. This same member of staff would have no need to access sensitive client data, such as sales information, in normal working conditions.

Likewise, a staff member from the sales department should have no need for accessing sensitive HR records.

Using the principle of least privilege, each employee may only have full access to systems that are directly related to their role. Similarly, some systems may be visible to a wider group of staff members even if they can only be edited or removed by one or two people.

In some cases, a security policy may be defined by even finer details than a person’s role within the organization. An HR employee should not be able to edit their own file to change salary information for example. An employee file might only be edited by their superiors in such a case.

Additional parameters can be used to assign privileges to enable the business hierarchy to work within the IT network. Seniority, physical location, and time are all examples of factors that can restrict access to critical systems and secure data.

We can tailor your network to your business, locking down your data to ensure data is only accessed on an “as needed” basis. Call us at (515)422-1995 now.

How to Stay Safe from Scams and Malware on Facebook

by

At last count, Facebook has clocked up over 2.7 billion users, which makes the platform more attractive than ever for scammers and hackers. While you may be logging in to share your latest family photos or catch up with friends, the chances of accidentally triggering a scam or malware are increasing daily. Here’s how to stay safe on Facebook and stop the spread.

Look out for freebies and surveys

Everybody loves a freebie and for the most part the competition posts on Facebook are legitimate. On the flip side though, when you see a giveaway for vouchers from a mega-store, alarm bells should ring. ‘Do this quick survey and we’ll send you a $50 Amazon Voucher!’ – it’s too good to be true. Even one click can take you on a messy journey through the underbelly of the web, picking up trackers and malware at every stop and at the end, you’re asked to share the post so your friends can get a voucher too…except nobody ever gets the reward.

Check your permissions with games and quizzes

Whenever you access a new game or quiz, you’ll need to give permissions for it to access your Facebook profile. Most people click the okay button without any thought, but if you review the permissions you’re giving, you’ll often find they’re asking for a massive amount of personal data; public profile, friend list, email address, birthday and newsfeed. Do they really need ALL this information? Sometimes the shakedown is from necessity, but sometimes the apps are preparing to launch attacks against you both on and off Facebook. For example, when you call your bank they ask certain questions like your full name, birthday and maybe which high school you went to. All that information is in your Facebook profile and now shared with your permission.

Don’t friend people you don’t know

Having lots of friends is always nice, but that friend accept could end up costing you. It might be someone pretending to know you, or a picture of a pretty girl to entice men (and vice versa). Once you friend them, they get access to everything your friends can see. In this case, it’s more than the risk of someone knowing your personal data, you’ve just given them intimate access to your life. It’s exactly how romance scams start, and there are even cases where the victim finds photos of their children circulating the internet.

If it’s weird, forget it

It doesn’t happen very often, but hackers find ways to take advantage of flaws in Facebook. A common hack that keeps popping up in various forms is to embed malware in a link. The virus then infects your machine and contacts all your friends with an enticing message, like asking whether a picture is of them. When they click to view the picture, the virus catches them and their friend list, and so on. Facebook is pretty good at staying on top of these flaws, but they need time to fix it. Just like if you got a weird email with an attachment from a friend, use that same level of scrutiny in your Facebook and don’t open messages or links that seem out of place.

Need help securing your privacy? Talk to us. Call us at 515-422-1995

New Year’s Tech Resolutions You Should Actually Keep

by

If your typical New Year’s resolutions lasted about 30 seconds, you’re not alone. Pledges to eat better, start running and learn how to juggle can be rebooted again next year easy enough.This year, we challenge you to think about your tech health with some resolutions you’ll want to keep.

No More Junk Mail

Whether you checked a box agreeing to get newsletters, or you have no idea how you got on that list, it’s time to say goodbye. Start by emptying your mailbox to zero unread messages – no you don’t have to read all that spam – you have permission to delete it unread. Let’s face it, if you were going to read it, you would have done so already. Away it goes.

Now that you’re starting with a clean slate and a huge feeling of accomplishment, resolve this: Each day, unsubscribe from 5-10 lists. Generally, if a newsletter gives the option to unsubscribe or Opt Out, you want to do that instead of just marking it as junk. So, keep an eagle eye out for that gorgeous ‘unsubscribe’ link and click it with confidence. Before too long, your inbox will be a refreshing place filled only with people and businesses you look forward to hearing from.

ProTip: Search your inbox for the word ‘unsubscribe’ to quickly find anything that has that option! You don’t need to give a reason if the link redirects to a survey page, but do watch for tricky buttons that will actually resubscribe your address.

Go Password Pro

With all these password leaks from LinkedIn, Myspace, and goodness knows who hasn’t come forward, now’s the time to get smart with your passwords. Because most people use the same passwords on every site, a single breach can be the hack that keeps on giving. If a bad guy has a set of credentials for one hacked site, they have automated programs that will check HUNDREDS of other sites to see if those same credentials get them in! Now that you know how important it is to use different passwords for each site, let’s be real, that’s a LOT of passwords to remember!

Instead of writing them down, we recommend using a password manager like LastPass or Dashlane. They remember all your various passwords for you, so all you need to know is the super-protected master password. Master passwords are kept encrypted on your system, not theirs (no chance for them to be hacked and expose your info!), and optional 2-factor authentication checks with you via text or a code on your smartphone for all big changes. We use LastPass in our shop, so we certainly feel that you can trust it for your valuable data.

Backup. No Really, Backup.

“I’ve been meaning to backup!” is the cry of someone who just lost all their photos. Good intentions don’t count AT ALL in data security because once the data is gone, it’s gone. With new modern cloud backup options, there’s no reason to put this off because backup apps are now easier and more accessible than ever before. You can backup to local hard drives instead, but this will take a little extra remembering on your part as you’ll want to have at least one drive that stays disconnected in case of encryption viruses.

There you have it. Three New Year’s resolutions you can easily keep, and that will make a real difference to your year. Opening your email will be a pleasure, you’ll be a spectator only in any future password leaks, and your precious files will be safe against all manner of disaster. Feels better than any diet, doesn’t it?

Why Your Firewall Will Never be Enough

by

Firewalls are a well-known security essential, and we’re certainly big fans, but did you know a firewall alone is not enough to keep your business safe? It’s like building a fence around your city to keep the burglars out: You feel safe, private and secure… but the reality is, anyone with a ladder, enough motivation or ninja skills poses a real threat. That’s why despite every networked business having a firewall in place, security breaches are increasing at an alarming rate – further protections are still needed.

A few strategic, well-planned measures can provide all the protection your business needs to keep operating without costly downtime. While it’s cool to imagine a system so secure you’ll be opening doors with retinal scanners, using synchronized keys to activate the server and dodging pressure-triggered plates around the storage drives, the reality is infinitely more usable and affordable. In fact, we’ll help you choose the perfect measures that blend invisibly into your existing processes, boosting security without affecting productivity. Take a look at some of our managed service inclusions:

Proper firewall configuration

While not enough by itself, your firewall is still your first line of defense like the wall around your city. However, there’s a huge difference between the generic firewall that comes standard with your Windows installation, and one specifically chosen for your business and set up properly. Without properly locked doors and monitored gates, your firewall may as well not even be there. Our technicians will work with you to identify which traffic should be allowed, eg remote employee access, and which should be automatically blocked.

Workstation antivirus

Like a bouncer standing at the door to your building, it is the job of antivirus software to check every file being downloaded to your company’s computers and watch every program that runs. So, even if a bad guy gets past the perimeter defenses they will likely be spotted by the antivirus software. Without this layer of protection, it is easy for an attacker to have their way with your files.

Web Filtering

What’s better than detecting and stopping malicious files on your computer? Preventing your users from even downloading them from the internet in the first place! Web filtering acts as a middle-man while you are browsing the web and stops users from being able to even visit a site with known issues. We can also restrict websites based on categories like adult material or social networking if desired.

Patch Management 

Keeping with the analogy of a firewall is like a wall around your city and an antivirus is like a bouncer at the door, software patching is like having someone fixing newly found holes in your walls that could potentially let the bad guys in. Instead of counting on your employees to update to the newest version of Java or Adobe Reader, automated software can take care of this for you.

Access restrictions

It is best practice to give employees access to only the files they need to do their job. It’s not a matter of trust, but rather one of security. If they were the one to accidentally let the attackers through the firewall, perhaps by clicking an email link, you’re then able to minimize the damage. Without this added layer of protection, it’s relatively easy to access (and damage) any and all files on the network.

Encrypt confidential files

More secure than simply password locking a file, encryption uses a secret ‘key’ to scramble the files and their contents so that when anyone else tries to view them all they see is incomprehensible nonsense. This way, if an attacker does manage to access or steal vital files, they don’t get anything useful! Encryption is especially useful on mobile devices that can easily be misplaced or stolen when traveling.

Backup Backup Backup!

As a final layer of defense, when all other protections have been circumvented, it is important to be able to recover from a disaster. If an attacker does manage to access and hold your network for ransom, with the proper backup in place we can simply wipe the slate clean and restore to the way it was before the attack.

No one type of protection is 100% perfect. Something (or someone) will inevitably get through. That’s why computer security works best when it’s multi-layered. When one protection fails, the next layer kicks in to keep your business safe. And then the next, and the next…but that doesn’t mean you need CIA level security that gets in your way. Most of the above protections are easily affordable for small businesses, we use all of the above ourselves!

Updated Information about the Equifax Financial Data Breach

by

As you have probably heard by now, credit reporting company Equifax revealed last week that its databases were hacked in a large-scale breach affecting millions across the US, UK & Canada. While no hacking event is ever good news, some are easier to ignore than others – this isn’t one of them. The sensitive nature of the exposed data now requires immediate action for all those even possibly affected.

The short version: Equifax is one of the three main organizations in the US that manages & calculates credit scores. To do that effectively, they have access to almost every piece of financial data for adults in the country, plus pretty much anyone who’s lived/worked in the US. We’re talking social security, tax file numbers, drivers’ license, credit card numbers…the important stuff. On September 7th, Equifax disclosed the breach, stating that hackers had repeatedly gotten in through a vulnerability in the web application from mid-May to July of this year. Since then, there has been a lot of conflicting information floating around the internet. I have gone through and tried to decifer the best course of action to recommend…

The best action now is to protect yourself against fallout:

  1. Go to: http://www.equifaxsecurity2017.com (dead link) to see if your data may have been affected. There was some news that this site was delivering random results, but Equifax announced it has been corrected. I have tested it myself and it seemed to be working now. That being said, it’s safest to assume everyone with a credit history has been impacted.
  2. Claim the Equifax free year of credit monitoring & identity theft insurance (if you’re a US resident). If you’re not eligible, consider sourcing your own. As the hacked data will continue to circulate for some time, consider extending your credit monitoring for a few more years.If you are wary of trusting Equifax with protecting your credit (They dont have a very good track record at this point!), you can instead look at services such as Lifelock to freeze and monitor your credit reports.
  3. Keep a close eye on your finances and accounts. Check for notifications of new credit applications, monitor your statements and bills, and immediately report any suspicious activity or sudden change in billing.
  4. Change all your passwords to be strong, unique and long (you should be doing this anyway!). Now that the hackers have your passwords from the Equifax site, the stolen data may give hackers a free pass into the rest of your bank accounts, email and personal information.
  5. Add two-factor authentication where possible. This is when an account demands a second layer of authentication before allowing access or changes, like a 6 digit code texted to your phone in order to log in. Even if a hacker has your password, they would need to also have your phone in order to get logged in.
  6. Finally, and probably the MOST EFFECTIVE mitigation for this issue…Consider freezing your credit report. Check out a very nicely written article HERE about how to do this. Freezing your report makes it harder for identity thieves to open accounts under your name, as access is completely restricted until you choose to un-freeze. You will have to unfreeze your reports if you ever wanted to get a loan or similar, but how often do you really do that?

4 Simple Tips to Keep Your Internet Banking Safe

by

Online banking has boomed in the past few years to become the new norm. Branches are out and apps are in. Half the time when you visit a branch, you’re steered towards a computer for a DIY transaction – with optional assistance.  But is internet banking really safe? You’re always told to keep your financial details private, but now also to jump on board the online banking train – talk about a push/pull scenario! The good news is you CAN bank safely online with a few simple precautions.

Always type in the website address

Many attackers will attempt to trick you into clicking a fake link to your bank website. Usually sent as a ‘phishing email’, they’ll claim there’s a problem and ask you to click through to your bank and correct it ASAP. The link points to a fake website that looks almost exactly like your real bank site and is recording your private account info. 2-factor authentication isn’t even a 100% guaranteed protection against this. You can avoid scams like this simply by accessing your bank by manually typing in the website or using a bookmark.

Avoid public computers and networks

Jumping onto a PC at the library or mall might seem like a quick and easy way to check your account, but public computers are often targeted by scammers. In just a few moments, they can install keyloggers to record usernames, passwords and other private data, then sit back as all future user details are emailed to them. The same problem applies with free, unsecured Wi-Fi. You’re better off using an ATM or a data-enabled smartphone.

Use a strong password with 2- factor authentication

Create a unique password for your online banking, something you’ve never used anywhere else. Mix up words, numbers and symbols to create a complex password that can’t be guessed easily. Avoid giving attackers a head start with data they can find on Facebook, like kids names, pet names, birthdates, etc and really think outside the box. And of course, never write it down anywhere near your wallet, phone or computer. If remembering is likely to be an issue, you might like to consider a secure password manager app like Lastpass. Many banks will also help boost your security with two-factor authentication, sending random codes to your phone (less secure) or a special LCD device they provide (more secure) to verify any activity.

Check page security before entering data

Finally, take a micro-second to spot the small padlock icon before you enter any data. You’re looking for a padlock appearing as part of the browser itself, not just an image on the webpage. It will be either in the bottom corner or next to the URL. The address will also start with httpS:// instead of http://. If you don’t see these things, the page is NOT secure and you shouldn’t log in.

Need some help securing your system against scammers? We can help. Call Us at 515-422-1995

How Much Could A Ransomware Attack Cost You?

by

How Much Could A Ransomware Attack Cost You?

Have you ever thought about how much your data is worth? Information is possibly the most valuable part of your business – there’s your client database, accounting software and inventory management, and of course, any intellectual property you may own.  When the ransomware, WannaCry, tore through the world recently, many businesses were suddenly forced to re-assess the value of their data: was it worth saving, and what would be the deeper cost of the attack?

Most ransomware attacks cost $150-$600 to get your files released, but that’s only IF the cyber-criminals honor the payment and actually give you the decryption key. Meanwhile, new client calls are still coming in and you may find yourself unable to operate with your systems down. Paying the ransom or restoring from an unaffected backup seems like a quick fix, but it doesn’t end there. There’s still the downtime involved to restore all your data – possibly days – and that’s a lot of lost productivity.  Plus, if word gets out that your data has been compromised, you may find confidence in your business plummets and your existing clients head elsewhere.  That $150 ransom may end up costing well over $150,000!

 

Prevent Ransomware Attacks on your Business

Keep your systems up to date: WannaCry took advantage of a flaw in older versions of Windows, one that was since patched by Microsoft. But to be protected, businesses had to be up to date with their patches AND be running a supported version of Windows. Delaying patches and updates puts your business at risk – we can help you update automatically.

Lock down employee computers: Very few staff will require full administrator access to your business network. The higher their level of permissions, the more damage a person can do – either accidentally with a whoopsie click, or by inadvertently installing malware. By locking down your employee computers, you have a better chance of containing a malware attack to non-vital systems. Our experts can design an access management plan that gives you best of both worlds: flexibility PLUS security.

Educate your workplace: Most employees believe they’re being cyber-safe but the reality is quite different. Many malicious links and embedded malware have become hard to spot in an instant – which is all it takes to click and regret. We can work with your staff to establish procedures around checking links for authenticity before clicking, awareness around verifying the source of attachments, and the importance of anti-virus scanning. We’ll help get the message through!

Have a solid backup plan: When ransomware hits, a connected backup = infected backup. Unfortunately, synced options such as Dropbox immediately clone the infected files, rendering them useless. The only safe backups will be the ones both physically and electronically disconnected, with systems designed to protect against attacks like this. Our experts can set you up with a backup system that makes recovery a breeze.

Be proactive: The best way to avoid the financial cost of a ransomware attack is to prevent it from happening in the first place. Remember, many businesses were able to watch WannaCry from the sidelines, completely unaffected and seizing opportunities while their competitors were down.

Our managed services can help protect your business against the next cyber-attack. 

WannaCry Ransomware Explained: Is Your Business At Risk?

by

WannaCry Ransomware Explained: Is Your Business At Risk?

You’d be hard-pressed to miss last week’s biggest headline, the WannaCry cyber-attack sent shockwaves around the globe. Businesses of all sizes and even police departments found themselves crippled without warning.

Among the most prominent victims were many NHS hospitals in the UK, affecting up to 70,000 individual devices such as essential MRI scanners and blood-storage refrigerators. But by the time it hit the news, it was too late – either your system was protected, or it was infected. Here’s how it all went so wrong.

What is WannaCry?

The WannaCry cyber-attack was a type of malware (the collective name for computer viruses & bad juju) called ‘ransomware’. Just like the name suggests, it’s actually a demand for money. Like all ransomware attacks, WannaCry encrypts your files and holds them hostage until you pay. In this case, the price was set at $300, payable with internet currency Bitcoin, and you had 3 days to pay before it doubled. If you didn’t pay, the ransomware threatened to delete your files permanently. It’s yet unknown how much money the WannaCry hackers have earned with their latest attack, but you can be sure plenty of people have paid the ransom. Even the FBI recommends paying the ransom, especially if the ransomed files are of a sensitive nature or weren’t backed up.

 

How It Spread So Fast

It seems WannaCry may be a ‘computer worm’ that self-replicates and spreads, rather than a phishing attack that needs to be activated with a click. So far, no common trigger has been identified, as is normally the case with phishing links. WannaCry moved rapidly from system to system, spreading out through the entire network, including all connected backups and storage devices. At the same time, it spread out to infect other networks, who then spread it further, and so on. Given the nature of the internet, it was everywhere within hours.

Why Some Businesses Were Safe

WannaCry could ONLY infect systems that have fallen 2 months behind in their Windows updates. This is because it was created to take advantage of a specific vulnerability in Windows, one which Microsoft patched months ago. Without that patch, the ransomware could waltz right past the firewall, past the anti-virus and directly into the system (the NHS were reportedly running Windows XP – no longer supported). Those running Windows 10 or a fully patched, recent version of Windows were completely unaffected – the virus literally had no way in

It just goes to show the importance of staying up to date. We haven’t seen a second spike in WannaCry attacks yet, but that doesn’t mean there won’t be one. A quick update could protect your business from weeks of downtime and lost revenue, making attacks like this a non-issue.

With our managed services, we can make sure you stay up to date – and protected. Give us a call today at 515-422-1995

Click to see our BBB Report

VISIT US