Planning On Failing: The Importance Of Network Disaster Recovery Planning For Your Company

Planning On Failing: The Importance Of Network Disaster Recovery Planning For Your Company

Businesses and organizations both large and small rely on their data systems to function.  In the event that these systems are compromised it can be incredibly costly to conduct data recovery, and those companies who decide to put off setting up a disaster recovery plan can end up paying a huge price.  According to San Diego-based AMA Networks owner Amir Hadziosmanovic data loss due to malware, ransomware, and scams are currently the biggest threats to the IT security of companies.

“The biggest global threat to business cyber security today is malware or ransomware. Company data is their nucleus, and a malware/ransomware attack has the potential to take out even the most stable business in the world in matter of minutes–think Home Depot, Aetna, Target, etc,” says Hadziosmanovic.

Attacks Are Alarmingly Common

Although current data suggests that malware and ransomware attacks are increasingly and troublingly common, many of them are not even reported—suggesting the actual number of attacks is much larger.  “According to the IT community, MSP forums and general IT discussion, ransomware and malware attacks on business are more frequent and they will continue to be,” says Hadziosmanovic.  “So many incidents that we do not know about are not reported because the payout amount was below $500. Average ransomware request is between $500-$2,000 and 20% of them are over $5,000.”

And if you don’t pay the ransomware or your data is non-recoverable by normal means due to a fire or flood it can get incredibly costly.  “There was a study completed by Datto in 2016 that suggested downtime from malware and ransomware can cost a small business as much as $10,000. Some say it is $1,000 per hour if you hire some of the big recovery firms to help you. According to the FBI Internet Complaint Center there were nearly 2,500 complaints registered in 2015 resulting in about $1.6B in damages,” says Hadziosmanovic.

It’s important to weigh the cost of putting proper disaster recovery in place vs how much it would cost to lose everything.

You’re Never Too Small To Be A Target

Never think that you won’t be a target, whether it’s the size of your business or your industry.  “The old school mentality “I am too small” for the hackers is no longer acceptable,” says Hadziosmanovic.  “You are a business, you make money, therefore you are fair game. If hackers can hit up 10,000 small business and every one of them paid $1,000 ransom, that would equate to a very nice paycheck for the hacker of $10,000,000.”  And it’s true; hackers often spread their nets very wide in an attempt to target hundreds of thousands of businesses at once in an effort to get a few to bite.

What Is The Best Method For Disaster Recovery?

So how can a company take steps to prevent data loss, theft, and extortion?  Planning ahead is the biggest step.  Implementing a plan of action in case your business suffers a catastrophic loss is essential to preventing the loss of money, time, and customer trust.

Establishing a disaster recovery and backup plan is tempting to put off because it’s not technically necessary for a business to have in order to operate.  You can hum along just fine without one.  However, this can leave you high and dry in the event of an emergency.  You don’t want to join the throngs of people Googling “hard disk recovery”, “ransomware recovery”, or similar.  Setting up a plan of action is also cheaper than recovery.

Additionally, ensuring that security best practices are followed by your team can also help prevent “zero day” threats, or new threats that use phishing and scam tactics to gain access via human error.

Hire The Pros

Hiring a professional IT company to custom-tailor a BDR (Backup Disaster Recovery) solution fit to your needs and budget is the most cost-effective way to ensure that your business will be protected from both cyber threats as well as natural disasters such as earthquakes, fires, and floods.

Test, Test, Test

According to Hadziosmanovic, it’s important to ensure that these backup disaster plans are tested multiple times throughout the year to ensure that they are working properly.  At AMA Networks in San Diego, when BDR plans are set up for companies they are tested for redundancy multiple times throughout the year, and often they can have a company back up in a few hours or even minutes.

San Diego Data Recovery And Planning For Businesses And Organizations

If you are a Southern California or San Diego based business and you’re interested in hiring a professional IT company to handle your backup disaster recovery planning, AMA Networks is a great choice.  “AMA Networks has helped companies implement this solution across multiple vertices; construction companies, healthcare providers, government subcontractors, professional services, government agencies, and more,” says Hadziosmanovic.  “AMA Networks will test your BDR and BC solution 2-4 times a year and ensure proper testing and failover for both BDR and BC solutions.”  Contact AMA Networks today to get a free assessment!

AWS Security Best Practices

AWS Security Best Practices

With the advent of Amazon’s cloud technology, it has become very easy for businesses to be more flexible and enhance the sharing and usage of files and applications.  However, there are certain things that companies need to be aware of when it comes to the security of the cloud.  According to security expert and writer Brian Krebs, it’s increasingly common for hackers to steal files from unsecured AWS accounts and hold them for ransom.  And this is even when a company knows about the risks.

In order to prevent your business from falling victim to hacking or extortion it’s important to follow some important AWS security best practices.

Understand Security Responsibilities

Many Software As A Service providers (SaaS) will handle the security on their end – anything going on in their software will be secured as will the data going to and from.  However, certain cloud technology providers such as Amazon’s AWS leave the security and access controls of the storage up to the users in the “shared responsibility model”.  This means that companies and users are responsible to ensure that their ecosystem in AWS has the proper security setups in place to prevent data breaches.

In one example the company All American Entertainment, a public speaking contractor, had left thousands of speaking contracts in an unsecured Amazon S3 folder.  They were not technically “hacked” in the traditional sense, but the company was publicly exposed as having left secure files out in the open by a security researcher from NightLion Security.

Not all companies end up getting exposed by a “white hat” security researcher, and instead have their files seized and held for ransom by hackers.

Ensure That User Roles Are Defined

Defining user roles is very important for access control.  Taking advantage of temporary access roles in AWS is a great way to ensure that you don’t have to manage a large amount of user roles in the future.

Never share primary AWS access credentials; instead, use the Identity and Access Management (IAM) tools to create unique roles for users.  These various users are then easily managed by the Admin.

Take Advantage Of Multi-Factor Authentication

As a second layer of security it’s a good idea to set up two factor authentication for both the Admin AWS login and the IAM users in your AWS account.

Control S3 Buckets Via IAM Credentials

The default mode for Amazon S3 buckets for cloud storage is to only allow the creator access to them.  Do not make these buckets public, as that means that anyone on the internet can have access to the files. Use IAM credentials to ensure that only proper users have access. If you do need to make them public, ensure that your have a proper reason to do so and that there aren’t any other sensitive files in the bucket.

Make Use Of The AWS Trusted Advisor

The Trusted Advisor is a tool that can let you know of possible misconfigurations of security in your AWS environment. Another great tool that can be helpful is Netflix’s Security Monkey, which monitors AWS accounts for policy changes and can alerts admins of insecure configurations in their setup.

Hire An IT Security Team If You’re Unsure

If you’re not sure that your AWS setup meets proper security guidelines, contact your local IT services company and ask them for a review of your setup.  It’s better to be safe than sorry when it comes to handling sensitive data.  Security breaches can be very costly for companies in terms of both reputation and money.  All forms of hacking and extortion schemes such as tech support phone scams and phishing attempts are getting more and more sophisticated and difficult to detect.

If you’re a San Diego business or company unsure about any of the topics in this post or wondering if your AWS setup is secure, feel free to give AMA Networks a call for a free assessment and to see whether or not we can help you with your cloud security.

Tech Support Phone Scams Are Getting More Sophisticated

Tech Support Phone Scams Are Getting More Sophisticated

Think phone scams died off along with landlines?  Think again.  Phone scams are still alive and well, if not more so than in years past.  These scammers are now using specific knowledge acquired through hacking and weaving that personal information into their calls to seem more authentic to their victims.  And it’s working.  Phone scam calls are on the rise, and it can be increasingly difficult for unsavvy people to identify them.  These scammers target both individuals as well as businesses and companies.

In addition to the famous IRS phone scam that has been making the rounds in the past few years, there have been an increasing amount of fake “tech support” scams, with criminals posing as tech support agents from popular companies such as Dell and Microsoft.

Tech Support Scammers Use Your Personal Data To Seem Convincing

In one instance a scammer was able to tell their target the last time the target had called Dell customer support, what the issue had been about, and provided their Service Tag Number and Express Service Code.  Clearly that scammer was quite sophisticated.  The person on the receiving end, thankfully, was savvy enough to know that this was in fact a scam.  However, can you be sure that all the employees in your company have the know-how to spot these types of calls?

Scams are one aspect of IT security that can sometimes elude business owners because they’re not always that obvious or talked about.  Employee education of common scams and basic computer security practices is a simple but effective way of preventing not only phone scams but email phishing and other forms of intrusion that happens on an employee-enabled level.

Oftentimes business owners doing all their own IT themselves might fall victim to these sophisticated scams because they simply don’t know the ins and outs of computer security–and that’s ok!  One person can’t be good at everything, and not all business owners can be expected to be computer experts as well.  The same goes for your employees.  If you think that any of your employees might be the type to fall victim to phishing or phone scams, it might be a good idea to educate them.

Hire A Managed IT Service Provider To Avoid Scams

One way to remove yourself and employees from the IT security “chain of command” is to hire a managed IT services company to handle all your IT needs–including security.  That way you’ll know that any random calls or email solicitations received can be forwarded to the IT company.  You can let them handle it from there – a good IT security team can sniff out a scam in seconds.

A good IT security team can also ensure that your entire network is as secure as it can be, is following various AWS security best practices and other cloud security measures, and is up to compliance standards for the industry that your business is in.

Methods Phone Scammers Use

Malicious Computer Access:  Computer access is a big one for these sophisticated scams.  In the above story the “Dell” tech support agent requested the victim to access a website from the command prompt of his computer, which almost certainly would have resulted in some sort of malware intrusion.  If an employee allows one of these phone scammers access to a company computer it could lead to a huge data breach disaster which could be incredibly costly.

Asking You For Money For Phony Or Pirated Software:  Scammers may also pose as big brand tech support agents in order to sell you software, which in some cases may be pirated software or hacked software that does not have a legal license.  One commenter on the above-linked article indicated that he had been upsold thousands of dollars’ worth of Avast security software and other services such as insurance and Windows security.  Avast then contacted him and told him he was using illegal copies of the software.

Having You Enter Payment Information Into Phony Websites:  Scammers may also simply try to get you to enter payment information into fraudulent websites so they can capture and use this data later.

The Most Common Scams In 2017 and 2018

Here are a few of the most common scams currently making the rounds:

  1. “The IRS is filing a lawsuit against you” – This scam uses a computerized voice informing victims that the IRS is filing a lawsuit against them and that local law enforcement will arrest them unless they pay a fine. This one often tricks many immigrants and elderly people.
  2. The “Can you hear me?” or “Say Yes” phone scam – This scam is very, very tricky. The aim is to get the victim to say yes, and scammers will use the recording of that person saying yes to authorize purchases made in the victim’s name.
  3. The tech support or “your computer has a virus” scam – This scam is what much of this article has been about. Scammers inform a victim that there is a virus on their computer or that they are representing tech support from companies such as Dell or Microsoft.  Scammers attempt to gain access to a victim’s computer through directing the victim to malicious websites, or they attempt to acquire financial information.
  4. The “information verification” scam – Scammers will call a victim and pose as an agent from an insurance company, telling the victim that they simply want to verify information on file.

Tips To Avoid Becoming A Victim:

  • Do not trust unsolicited calls. If you need tech support, contact the company yourself.
  • If you receive an unsolicited call that asks you to click links or hand over personal information, hang up. Companies such as Microsoft do not make unsolicited calls to consumers asking for this type of information.
  • Obtain any software that you purchase directly from the vendor website.
  • Hire a managed IT company to help you ensure that all network and computer security is up to current standards and hand off any calls or information to them.

If you think hiring an IT company to manage your network security, AMA Networks might be a great option.  AMA Networks is an IT Security services provider in the San Diego area, helping dozens of businesses ensure that their IT systems are secure and compliant with national industry regulations.  Call for your free assessment today!