Q&A Feature: What are the risks of putting our data in the cloud?

With more and more data being stored with online “cloud” providers, there are some risks to be aware of. First, you are still responsible for backups. Most cloud provider contracts explicitly state they are not responsible if your data gets lost or deleted. So, doing your own backups is still extremely important.

Secondly, if you are relying on a cloud provider for a mission critical service, then you should consider having a secondary internet connection to provide internet access if your main connection goes down. Usually these secondary services are charged a small amount per month, plus whatever data you use when the need arises.

What’s the Weakest Link in Security?

We already know that we need internet security: a Firewall, an anti-malware program, a web filter, a SPAM filter, and a monitoring system.

So, why do some companies that have all of these systems in place STILL get hit with a malware attack?

Simple. Because someone in the company clicked on something they were not supposed to.

It all comes down to people. We are the weakest link. More often than not, we don’t mean to be, but when we receive a seemingly legitimate email or see an appealing advertisement, it’s easy to forget why we need internet security in the first place.

Recently, I read about a law firm that was being “tested” by a cyber security risk evaluation company.

Here’s the test:

An analyst called the law firm tech support center, posing as one of the firm partners, and asked for help installing a piece of software insisting it was mission critical. He claimed that his password wasn’t letting him install it.

In response, the tech support employee offered his own password to help, which also happened to be the top-level administrator password. This decision goes completely against every procedure of I.T. wellness an I.T. company should employ.

This “breach” of getting top-level admin access took only a matter of minutes and only one phone call.

What does this show us?

No matter what rules we have in place, they can be broken, especially under pressure. As a business, we always want the customer to be satisfied, so if they are insisting that we break standard procedures, our judgment may start to waiver.

In other words, no matter what technical solutions we employ, they can always be circumvented by people.

So, what does this mean? Should we just give up on security altogether?

No. Education about security can greatly reduce the likelihood of a breach.

In the case of the law firm, for example, both the technician AND the partners needed to learn. The technician needed to learn that handing out his password over the phone is not allowed, no matter who asks. The partners needed to learn that giving undue pressure on employees to break the rule subverts the whole point of security.

What are your next steps?

Your first priority is to ensure that the I.T. company you employ is properly educated, and then your next step is to educate your employees. Do they understand I.T. security? Can they identify potential malware or when hacking may be occurring?

Consider getting some really solid training on security for your staff. Humans are the weakest link, and education and training are the solution.

“My computer is slow!”

This is a common phrase uttered by frustrated PC users.

Choosing a new computer is not an easy task. The process often involves a significant amount of time, effort, and money, so when you leave the store with your new PC, you expect its performance to reflect your dedication and the cost.

Everything runs smoothly for a few months, and you are satisfied with your purchase, asking yourself why you didn’t make the switch sooner.

Then… suddenly…

S-L-O-W…

The though of having to start the process all over again runs through your mind.

If it makes you feel any better, it happens to everyone.

Here are a few steps we take to determine if repair or replacement is the best option for you:

  • We check to see what’s running: extra processes, Windows updates, a poorly written program, or just too many things in the background.
  • If unnecessary software is running, we help you uninstall the programs that aren’t needed or determine which one is causing the problem.
  • Tech Tip: Do NOT run Google Drive, OneDrive, Dropbox, and iCloud all at the same time. Enough said. 
  • We troubleshoot Windows updates. If an update finishes and causes the computer to slow down, this often requires its removal and uninstallation. Same for drive updates.

If all looks well, the best “bang for the buck” upgrade is RAM. These types of upgrades are quick and relatively cheap, even if transitioning from 8 gigs of RAM to 16.

If your computer is 4+ years old, it is time for the “repair versus replace” conversation. PCs in the workplace can last 4 to 5 years, but by the 4th year, they feel very slow. You CAN upgrade a 4-year-old PC, but the money and time is usually better spent on a new one altogether.

As you can see, a slow-running PC is the bane of the workday. However, a quick call to your I.T. company may ease your mind before you jump to any conclusions.

Q & A Feature: What’s the best way to work well with your I.T. company?

Let them do their job! The biggest I.T. troubles usually come when a well-meaning client doesn’t know exactly what they are doing and tries to fix it first before calling the I.T. team for help. If something isn’t working, let the I.T. team know, and we’ll either fix it or send you the quickest solution for how to fix it!

Malware is worse than we thought: 3 things you need to do right now

In his article “The Untold Story of Notpetya, the Most Devastating Cyberattack in History,” Andy Greenberg shares how a single piece of code threw corporations and government agencies into utter chaos.

In 2017, Russia launched devastating malware as a form of cyberwarfare against Ukraine, affecting companies as far as A.P. Møller-Maersk in Copenhagen. The resulting technological disaster this shipping company experienced was a bad case of collateral damage.

To make things worse, Maersk had a number of problems in its I.T. security that did not help prevent this cyberattack. The company did not have the proper protection between the various offices and was using outdated and unpatched servers.

The worst mistake? Solely relying on online backups without having any offline protection for the servers.

When the malware hit, it wiped out all servers and their backups simultaneously.

As we can see, malware is more distressing than we thought. With governments behind some of the largest cyberattacks, no one is completely protected—not even big companies.

To avoid the chaos Maersk experienced, here are 3 things to do right now:

  • Make a backup of your most important data and store it on a hard drive that is not connected to anything. Having an offline backup is the most reliable solution for these worst-case scenarios.
  • Have your I.T. firm do a server “image backup” to get your server back and running after a security breach and cyberattack.
  • Get a security audit done on your company network to discover those issues that need to be fixed and patched.

Nonlinear Tech can help you check all of these things off your list, all while providing personalized services that satisfy your needs and build a close working relationship.

Let us help you do these 3 things, and you will be one step further in building a secure foundation around your servers.

Read Greenberg’s article at the following link: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/