(817) 439-3051

Monthly Archives: March 2018

Would You Pay to Get Your Business’s Data Back?
Would You Pay to Get Your Business’s Data Back?

If you came to work one morning and found that your company was the victim of a ransomware attack, would you pay the ransom? Find out why security experts recommend not giving into hackers’ demands and why many organizations do not heed this advice.

 

In December 2017, a county government employee fell for a phishing email scam, which resulted in 48 servers being infected with the LockCrypt ransomware. The attack paralyzed many crucial services in Mecklenburg County, North Carolina, because the county’s tax, finance, deed, social services, and other systems were no longer available.

 

The cybercriminals were asking for a ransom of $23,000 (USD). Although county government officials were in contact with the hackers, they were still undecided about whether to pay the ransom when the deadline arrived.

 

What would you do if your business found itself in this situation? It can be a hard question to answer.

 

Rationale for Not Paying

 

Mecklenburg County ultimately decided not to pay the ransom, which is what most security experts recommend. There are several reasons for this recommendation. For starters, if you pay the initial ransom, hackers might ask for more money. That’s what happened to the Kansas Heart Hospital in Wichita. It paid the ransom, but the cybercriminals only partially restored the hospital’s files and then demanded more money to decrypt the rest.

 

Even worse, you might pay the ransom but never get your files back. Only 47% of victims who pay the ransom get their files back, according to Symantec’s “2017 Internet Security Threat Report”. Plus, some hackers sophisticated ransomware variants are designed to delete rather than encrypt victims’ files. So, even if you pay the ransom, your files are history. There is no longer honor among thieves, according to two Talos researchers who discovered one of these variants, which they dubbed Ranscam.

 

Paying the ransom can also have long-term implications for your business. It might lead to new cyberattacks against your company in the future since the cybercriminals know you will pay to get your data back. They will be banking on the chance that your systems or employees are still vulnerable. On a broader scale, the more organizations pay up, the more hackers will target them.

 

Rationale for Paying

 

Although idealistically it is best to not pay the ransom, many organizations do. Reasons why they give into hackers’ demands vary.

 

Sometimes, it is easier or quicker to pay the ransom than reconstruct files from backups. This was the reason why the Hollywood Presbyterian Medical Center in Los Angeles, California, paid cybercriminals around $17,000 to get its patient records back. “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” according to Allen Stefanek, the center’s president and CEO.

 

Similarly, organizations might find that it is cheaper to pay off the hackers than reconstruct their data from backups. Typically, ransom demands are much less than those encountered by Mecklenburg County and Hollywood Presbyterian Medical Center. In 2017, most ransom demands ranged from $500 to $2,000 for businesses, according to Statista. Plus, the ransom amount can often be negotiated down. In one experiment, F-Secure researchers found that three out of four ransomware criminal gangs were willing to negotiate their ransom fees, reducing them an average of 29%. There is even one strain of ransomware named Scarab that does not specify a ransomware amount. Instead, victims must email the cybercriminals in order to negotiate a price for recovering their files, according to Forcepoint Security Labs.

 

Not having usable backups of crucial data is another reason why some organizations give into cybercriminals’ demands. This is why an attorney in Tulsa, Oklahoma paid $500 to get his firm’s files back. Similarly, Bingham County officials in Idaho gave hackers $3,500 to get back the data stored on three servers. The ransomware attack had actually paralyzed all 28 of the county’s servers, which the hackers initially ransomed for $33,000. The county had recoverable backups for 25 of those servers, so it negotiated the price down to $3,500 to get the decryption keys needed for the three servers without usable backups. (The backups for two of the servers turned out to be corrupt, and one server had not been backed up at all.)

 

Some organizations might decide to secretly pay the ransom to minimize the chance of word getting out that they fell victim to a ransomware attack. Hundreds of ransomware attacks in a variety of industries have been kept secret, according to Robert Shaker, the chief technology officer of Incident Response Services for Symantec’s Cyber Security Group.

 

What Would You Do?

 

Whether or not to pay a ransom for your data is a hard decision that hopefully you will never have to make. No matter your decision, a ransomware attack would likely cause other problems for your business. A 2017 Malwarebytes study found that 22% of the small and midsized organizations that experienced a ransomware attack had to cease business operations immediately, resulting in downtime and lost revenue. Thus, it is important to do everything you can to protect your business from ransomware. We can help you develop an effective strategy.

 

Photo by quinn.anya

 

7 Ways Small Businesses Can Take Full Advantage of Office 365
7 Ways Small Businesses Can Take Full Advantage of Office 365

If you subscribe to Office 365 Business Premium or Microsoft 365 Business, you have access to seven apps designed for small companies. They are part of your subscription, so there are no additional costs to use them. Here is what you can do with these apps.

 

With little fanfare, Microsoft has been rolling out new tools designed to make it easier for small businesses to find and keep customers and run operations more efficiently. These apps are part of Office 365 Business Premium and Microsoft 365 Business. Four were released in November 2017, which means there are now seven apps available to subscribers at no additional cost. Here is what you can do with them:

 

1. Microsoft Listings

 

If you want to increase your company’s online presence, Microsoft Listings might be able to help. From the app, you can create business listings on Facebook, Google, Bing, and Yelp. Creating them in one place helps ensure that your company’s information and branding are consistent across these sites.

 

After you create the listings, you can use the app’s dashboard to monitor views and reviews of your business on the four sites. If you need to change some information in the listings, you only need to enter the changes once in the app. Microsoft Listings will then automatically make the changes in Facebook, Google, Bing, and Yelp.

 

2. Bookings

 

With the Bookings app, you can create a customized web page that your customers can use to check availability and schedule appointments. The scheduled appointments appear in your private Bookings calendar.

 

You can sync the Bookings app with your Office 365 work calendar. That way, when you add an appointment to your Office 365 work calendar, the Bookings web page will show that time as unavailable for appointments. Similarly, when a customer uses the web page to schedule an appointment with you, the appointment appears in your Office 365 calendar as well as your Bookings calendar. Appointment reminders are automatically emailed to both you and your customers.

 

Bookings has many other features designed with companies in mind. For example, it automatically creates a customer contact list for you. Plus, there is a mobile version of the app if you often travel for business.

 

3. MileIQ

 

Using your smartphone’s GPS service, MileIQ automatically tracks and logs the miles you spend driving for business, creating a record of your tax deductible/reimbursable mileage. The mobile app works in the background, so you do not have to remember to press a start or stop button. At the end of each drive, you just need to classify the trip as business or personal.

 

To avoid having to constantly classify trips as personal during off hours, you can enable the “Work Hours” feature. After you specify your work hours, the app will automatically classify all trips taken outside those hours as personal. If you happen to travel for business during off hours, you can reclassify the trip using MileIQ’s online dashboard.

 

You can also use the dashboard to create reports detailing your business mileage. By default, the app uses the US Internal Revenue Service’s standard business mileage rate (54.5 cents per mile in 2018) to calculate deductible/reimbursable costs, but you can customize the rate if needed.

 

4. Outlook Customer Manager

 

This tool lets you quickly access information about your company’s customers from either your Outlook inbox or the Outlook Customer Manager mobile app. For example, suppose you want to know more about a customer, Bob, who just sent you an email. If you click his profile, Outlook Customer Manager will display information about him, such as previous email exchanges, tasks completed for him, and logged calls.

 

You have the ability to share customers’ information with other staff members. Doing so helps ensure that your customers will get good customer service even when you are on vacation or out sick.

 

5. Microsoft Invoicing

 

With Microsoft Invoicing, you can generate professional-looking estimates and invoices using predesigned templates that are customizable. For example, you can insert your company’s logo, change the color scheme to match your branding, and add a “Pay with PayPal” link.

 

Using either the online or mobile version of the app, you can track pending and partial payments, mark invoices as paid, and see if any payments are overdue. If you use Intuit QuickBooks, you can have Microsoft Invoicing automatically transfer invoicing information to QuickBooks.

 

6. Microsoft Connections

 

Microsoft Connections lets you stay in touch with current customers and attract new ones via email. You can use either the online or mobile version of the app to create and send newsletters, announcements, and other marketing materials. You can even set up referral offers that give discounts (or another type of incentive) to existing customers who bring in new clientele.

 

After you send out a marketing campaign, you are able to track its effectiveness. Available metrics include the number of emails opened and how many people signed up for a particular promotion.

 

7. Office 365 Business Center

 

The Office 365 Business Center provides a central location from which you can manage the six other business apps. For instance, you have the ability to control which staff members can access them.

 

The Business Center’s dashboard gathers and displays key business metrics from the six apps. That way, you can keep track of the metrics without having to open each app. However, if you need more information, you have the ability to open any of the apps from the Business Center. The Business Center is available as an online and mobile app.

 

New Tech Support Scam Is Popping Up on Chrome and Firefox Browsers
New Tech Support Scam Is Popping Up on Chrome and Firefox Browsers

Digital con artists have devised a new way to scare people into falling for a tech support scam. Learn how this scam works and what to do if you encounter it.


A new tech support scam has surfaced. Digital con artists are freezing web browsers in hope that users will panic and call a bogus support line for assistance. The scam has been seen on Google Chrome, Mozilla Firefox, and Brave web browsers running on Windows devices.

How the Scam Works

The scam begins when users visit a compromised web page. Malicious code in the page triggers their web browsers to start downloading thousands of files in rapid succession. This causes the browsers to become unresponsive in 5 to 10 seconds.

A message then pops up. It includes the usual scare tactics found in tech support scams. Although the messages vary, they basically say that the computer is infected with some type of malware (e.g., viruses, spyware) that is stealing the users’ personal data (e.g., login credentials, credit card numbers). Users are instructed to call a help line for assistance in removing the malware. In one case, the message mentioned that users had to call within five minutes to prevent their computers from being disabled.

Because of how this scam’s malicious code works, users cannot close the tab or the browser by clicking the “x” button. This can scare users even more, prompting them to make the call.

Calling the bogus support line can lead to problems that are much more serious than a frozen browser. Sometimes, tech support scammers try to con callers into paying for unnecessary tech support services. Other times, scammers try to con callers into letting them remotely access the callers’ computers, in which case they could install malware or change settings.

Be Prepared, Not Scared

If your browser suddenly freezes and you get a message to call a help desk, it is important not to panic. Tech support scams prey on people’s fears. Take a deep breath and try to close your web browser using Windows’ Task Manager. Here is how to do so in Windows 10:

  1. Open Task Manager by right-clicking the task bar and selecting the “Task Manager” option. Alternatively, you can press Ctrl+Alt+Del (i.e., press the Ctrl, Alt, and Del keys at the same time) and choose “Task Manager”.
  2. On the Processes tab, find the “Apps” section and highlight your web browser’s name (e.g., Google Chrome).
  3. Click the “End Task” button.
  4. Close Task Manager.

If you are using Windows 7, follow these steps:

  1. Open Task Manager by right-clicking the task bar and selecting the “Start Task Manager” option. Alternatively, you can press Ctrl+Alt+Del and choose “Start Task Manager”.
  2. On the Apps tab, highlight your web browser’s name.
  3. Click the “End Task” button.
  4. Close Task Manager.

If this does not work, contact us.

GDPR Deadline Is Looming
GDPR Deadline Is Looming

The date on which companies need to be in compliance with the General Data Protection Regulation (GDPR) is approaching fast. Find out when this deadline is and what it means for businesses worldwide.

If your business has customers who live in the European Union, you have an important deadline approaching. On May 25, 2018, you need to be in compliance with the General Data Protection Regulation (GDPR).

Passed by the EU Parliament in 2016, GDPR is designed to provide data privacy rights to EU citizens and protect them from data breaches. This legislation spells out numerous requirements that companies must meet, such as:

    • Businesses must get customers’ consent to collect, process, and store their personal data. When companies ask for permission, they must use easy-to-understand terms rather than legal jargon. Plus, it must be easy for customers to withdraw their consent.
    • Companies can only collect, process, and store the personal data needed to complete a given task and not any extra information. Further, the data collected and stored for one task cannot be repurposed without further consent from customers.
    • Businesses must notify customers within 72 hours of first becoming aware of a breach that involves their personal data.
    • Companies need to include data protection measures when they are initially designing their systems rather than adding the measures later on.

All companies that collect, process, or store the personal data of EU citizens are required to comply with GDPR’s requirements, no matter where the organizations are located. For instance, US and Canadian businesses that have customers who live in the European Union must adhere to the regulation.

The penalties for noncompliance are high. The maximum fine, which is reserved for the most serious violations, is €20 million (around $24 million USD) or 4% of a company’s annual global turnover (whichever is greater). The fine structure is tiered, so smaller fines will be levied for less serious infractions.

There are resources available to help businesses understand the GDPR requirements. The official website, EUGDPR.org, has an extensive list of articles, videos, and other types of resources. Its sister site, EUGDPR.com, provides GDPR updates and news.

Some IT vendors also offer GDPR resources, many of which are free. Here are a few examples:

    • Microsoft provides an e-book, an online readiness assessment, webcasts, and whitepapers.
    • Trend Micro has an infographic, checklist, whitepaper, and webinar.
    • IBM furnishes an e-book, webinars, and whitepapers.
    • IT Governance offers a video, infographic, paper, and templates.

There are many blogs and articles are available to help companies better understand GDPR.