Category: Blog

Top Phishing Scams of 2022

Phishing remains the most popular cybercrime suffered by U.S. businesses and individuals. The criminals typically use social engineering to trick victims into giving out sensitive information by masquerading as a trusted source. They then use or sell the information to enrich themselves or plan a more sophisticated scam.

Luckily, most phishing scams and their variations are easily identifiable and preventable with the right level of awareness and knowledge. Here are popular phishing scams we’re seeing in 2022 and how you can keep yourself safe.

Spear Phishing

A spear-phishing attack is a more targeted form of email phishing directed at a specific individual. Cybercriminals gather information about the victim from publicly available sources, such as social media platforms.

Armed with personal information, the scammers address victims by name, tricking them into opening a malicious attachment or link. Due to the well-crafted effort and realistic phrasing of the email, spear phishing scams are extremely difficult to identify.

Keeping Safe: Beware of unusual requests, especially emails from your superiors. Avoid downloading attachments you haven’t requested, and treat any attempts to gain your trust with suspicion.

Voice Phishing

Vishing or voice phishing is a reinvention of the classical spam call scam. It has seen a steady rise, so much so that the FBI sounded the alarm. Cybercriminals spoof caller IDs on VoIP phones, masquerading as family members, friends, government officials, and more.

The scammers attempt to push the victim to give out valuable information. The trick often involves creating urgency or authoritative threats that prevent the target from thinking straight.

Keeping Safe: Hang up any suspicious calls. Never visit any website provided over the phone or share any sensitive information over a call.

Business Email Compromise (BEC)

BECs are complex phishing scams that target businesses or individuals responsible for finances. Criminals gain access to an executive’s account or impersonate one and send internal requests to junior employees.

The scammers use social engineering or sophisticated computer intrusion techniques to wire funds to their accounts, defrauding businesses.

Keeping Safe: When processing large sums, an unusual sense of urgency should raise the alarm. Additionally, show wariness towards transaction requests without any legal correspondence.

Social Media Phishing

Social media platforms have become a favorite for cybercriminals wanting to launch large-scale phishing scams. Most profiles contain so much personal information that attackers can use it to sell themselves as trusted sources.

You may receive links, pictures, videos, surveys, and comments that send you to malicious websites that steal sensitive information.

Keeping Safe: Don’t click on suspicious links, even from friends or family. Their accounts are possibly hacked. Stay alert on messages or requests from unknown individuals.

Crypto Phishing Scams

The crypto crazy has provided a novel avenue for cybercriminals to launch phishing attacks. With a large percentage of the population still oblivious to blockchain technology, scammers can create clone websites and fake coin apps to collect personal information from unsuspecting visitors.

A common scam involves spoofing tweets from well-known crypto promoters to infiltrate their communities before laying a trap for ignorant victims.

Keeping Safe: Use your judgment. If the deal sounds too good, it is probably a scam. Beware of ads calling for investing in novel coins.

Search Engine Phishing

Scammers create legitimate pages on search engines, such as Google and Bing, and use high-value keywords to rank higher. Unsuspecting victims click on links to these websites where they share their personal information, completing the attack.

The pages often contain fake scholarships, job offers, discount coupons, or dating matches. With free SSL certificates, most of these sites can seem legitimate.

Keeping Safe: Look for one-in-a-lifetime offers that may entice you to click on suspicious links. Poorly-designed websites are also a major red flag.

Clone Phishing

Web fraudsters can also clone or spoof popular websites to entice visitors to share their personal information. Fake websites often contain similar features to the original, including logos, texts, and images. Health, banking, and social media sites are some popular cloning targets for cybercriminals, as they often include vital personal information.

Keeping Safe: Check for URL misspellings. Web design errors, such as pixelated logos, are also a giveaway.

Staying Safe While Online

Phishing scams can have huge financial and reputational ramifications. Proper cybersecurity practices and diligence can help thwart most of these risks in their infancy. Taking a proactive approach can help keep you and your important information safe.

Understanding VPNs & Their Uses

Digital privacy is becoming a growing concern and people are waking up to how their personal data is being exploited by unrelenting marketing companies and cyber criminals. In general, all online activity is tracked and often sold to marketing giants who profit from it—and it’s not just marketing companies who use your data. Scandals are constantly being revealed regarding how social media platforms misuse user data.

Cases such as Cambridge Analytica offer insight into how political parties work with big data to sway political attitudes. They do this by creating “psychographic profiles” of users based on their digital activity and browsing habits. By collecting your data, large corporations can create digital fingerprints of you and use these fingerprints to create sophisticated marketing strategies that are essentially designed to hack your mind.

Additionally, cybercrime is a major concern for internet users, and with protecting yourself being one of the primary VPN benefits, it’s a good idea to educate yourself about how they work and how they can benefit your digital privacy.

How Do VPNs Work?

A VPN, or Virtual Private Network, is a type of software that allows users to remain anonymous and private online. When you connect to the internet, your computer is assigned an IP address that can be used to identify you. However, when you use a VPN, your traffic is routed through a server that changes your IP address and makes it appear as though you are located in another country. This can be useful for accessing region-locked content or bypassing censorship. Let’s take a closer look at VPN benefits and uses.

Common VPN Uses and Benefits

Wondering how using a VPN can benefit you? Here’s a list of eight advantages and uses.

1. Avoiding Surveillance

Whether you’re a journalist working on sensitive stories or simply someone who doesn’t want their online activity tracked, using a VPN can help to avoid unwanted surveillance.

2. Accessing Country-Restricted Content

If you’re trying to access content that’s only available in certain countries, using a VPN can help you to bypass those restrictions.

3. Enhancing Data Protection

When you use a VPN, your traffic is encrypted, making it more difficult for anyone to intercept and misuse your data.

4. Bypassing Censorship

In some countries, the government imposes strict censorship laws blocking access to certain websites or content. A VPN can help you to bypass censorship and gain access to the information you want.

5. Improving Online Security

In addition to encrypting your traffic, a good VPN will also offer additional security features such as malware protection and firewalls.

6. Unblocking Netflix

Netflix uses geo-blocking to restrict content in certain countries. However, if you use a VPN, you can often unblock Netflix and gain access to the full range of titles available in any country, rather than being restricted to your own country of residence.

7. Saving Money on Travel Expenses

If you frequently travel for business or pleasure, you may be able to save money on travel expenses by using a VPN. Many hotels and airlines offer discounts to customers who book through their websites, but these deals are often only available if your location appears to be in the same country as the hotel or airline. By connecting to a server in that country, you can make it appear as though you’re located there and potentially save money on booking fees.

8. Boosting Internet Speed

In some cases, connecting to a server closer to your current location may actually boost your internet speed, even if it’s just by a few milliseconds. If you frequently find yourself waiting for pages to load or files to download, connecting to a VPN may help speed up your connection.

Network Communications: Connecting Multiple Offices/Locations with Effective Systems

Chain businesses are a significant part of our world now. This includes businesses with multiple public locations, like McDonald’s and Target, as well as those with fewer public locations, like Amazon. Having so many sites, however, means a great deal of communication happens outside one specific building. That information must reach different facilities and sometimes different states or even countries.

Building Network Communication

The idea of growing and expanding into multiple locations may still be new for younger businesses. All too often, companies assume that they can simply call or email information as needed to their other sites. It’s quick, it’s easy, and it’s efficient, right? But there are other things to think about when it comes to communication. It’s not just about talking to someone in another location.

Other Forms of Network Communication

Network communication includes conversing with your coworkers and data sharing, interoperability, inventory management, and much more. Of course, these things can be shared over a phone call or email, but that’s not the most efficient way to go about it.

Sending this information via email leads to security issues. Sharing it via phone calls leads to recording or transferring data errors. You need a system that will automatically allow each location to see and share the information they need in a secure, accurate fashion.

Systems Are Available

The good news is, there are systems available for precisely this function. In fact, there is a multitude of different systems that are in place specifically for multi-location organizations to communicate with each other. These systems are designed to carry out a variety of different functions, including:

– Keeping track of current inventory- Keeping all information secure– Transferring files between locations- Ensuring adequate and complete backups- Sharing devices/equipment- Enabling single software licenses for multiple locations

Do You Need a Network Communication System?

If you have more than one location, setting up a network communication system is a good idea. These systems will improve your business’s communication and make it easier for you to continue growing. In addition, by improving your communication from the outset, you reduce potential trouble later on when you’re already busy working on other, more advanced issues.

The Easiest Network Communication Option

Many businesses use cloud storage servers as the number one method for their communication systems. While several of these offer free services, there are also many more that are paid. These paid services are the best way to get started for smaller businesses because:

– Startup costs are reasonable- You only pay for what you need- They have reasonable levels of security- You can store whatever you want- They’re easy to access- They’re easy to learn- It’s easy to upload/download information

On the other hand, these systems have some limitations. Finding ones that will allow for the transfer of more detailed or specific information can be difficult. Most cloud servers are designed to be only a way-point or a storage point.

However, you can find systems that offer cloud storage as a feature rather than those that are cloud storage providers first. This allows you to get the benefits of more personalized information storage and recording while also having the ability to access that information from any location.

What to Do

The best thing you can do is find a specific system that allows for transferring the type of information you need. For example, there are systems in place that are designed for financial information. While you can do all your financial tracking through Microsoft Excel, most people will choose a more dedicated system that offers the specific features and abilities they need (rather than coding and customizing Excel to meet those needs).

The same is true of other types of network communications software and systems. You want something that will allow you to easily carry out the specific tasks you’re looking for and share that information with all your locations.

The sooner you learn which systems will do this for your business, the better off you’ll be in your expansion.

Sunsetting Legacy Systems to Build Your Business Back Better, Without the Risks

When it comes to IT, there’s a day and an age for everything. Remember when we thought it would never get better than dial-up internet? How about when we got hard drives with one gig of storage space? Or when we created a DVD player that could go in the car?

In their times, those advances were the best that was available. But things changed, and those advances then became obsolete. The same is often true of IT systems. Businesses are obligated to get rid of older systems as they become outdated.

What Does Sunsetting Legacy Systems Mean?

Sunsetting a legacy system is phasing out an old system and implementing a new one. This must be performed systematically, which requires mapping out what is to be done and remaining aware of every step of the process.

1. Is it Necessary?

If the current system can no longer be upgraded or repaired, that’s a clear sign that an upgrade is needed. Industry requirements can also change at any time, and remaining compliant is crucial. Security, for the team as well as the clients, is also a consideration.

2. Make a Plan

Consider the security and integrity of all information currently stored on the system. This involves conducting a full audit of all the data to be retained, backing up everything before initiating the transfer process, and ensuring that everything is secure and uncorrupted, during and after the transfer. Creating a plan for how to do this will minimize stress.

3. Keeping it Secure

For those sunsetting legacy systems, it’s essential to stay cognization of the legacy systems themselves. Know that any information remaining on an old framework will still be secure. Zero trust and edge security are excellent ways to protect systems. Also, be sure that only essential information is being transferred. Transferring unnecessary or incomplete data is not recommended, as it can give rise to security issues or other unforeseen problems.

4. Is it Going as Expected?

Throughout the entire process, ensure that things are progressing properly. For example, is the new system working as expected? Are problems being encountered or suggested during the transition process? If even minor errors are noticed, the transfer should be rolled back. The only way to know is to ensure proper monitoring at each step.

5. Train Everyone

Ensure that the entire team knows how to operate and interact with the new system. Some procedures will necessarily be modified, so schedule training sessions to familiarize the team with every change.

Tips and Guidelines

Remember the below recommendations when contemplating sunsetting legacy systems.

  1. Always have a backup. Without fail, backup all data before initiating a transfer. Without a backup, a serious risk of data loss will be incurred during the sunsetting process.
  2. Transfer one component at a time. This is another way to minimize the potential for loss. Transferring only one element of the old system at a time to the new system makes complete data loss nearly impossible.
  3. Monitor security. Keep an eye on all security features while sunsetting legacy systems. Then, track the latest security features and options for the new system, keeping it consistently up to date.

Final Considerations

  1. Is it necessary? Do these changes really need to be made? Is there a way to mitigate the amount of change required? Changing information or processes as slowly as possible makes things easier for the team, and can cut attendant costs.
  2. What are the benefits of sunsetting my legacy system, as well as using the new system under consideration? Will this transition ease operations for the business? For the clients? Will the new system be less or more expensive to run? More or less secure?

Sunsetting legacy systems are important. Ensure that it’s done correctly.

 

An Overview of Staff Augmentation

Technology has always been a rapidly developing career path for those that choose to follow it. IT jobs have exploded beyond our wildest imagination since the onset of the computer en masse and the introduction of the Internet. With that comes the challenge of building out strong teams that can cater to many ongoing functions within a company. The ability to work from home was something that, at one point, was a pipe dream or usually involved taking surveys or being a “mystery shopper.” Now in 2022, it’s not unusual to have an entirely distributed workforce without an office of any kind, relying solely on various communication applications and software systems to perform essential job functions. This is made stronger by cloud infrastructure and an ever-evolving mobile workflow.

For many companies, it is still essential to maintain a strong, dedicated in-house workforce for daily operational success. For others, smaller in-house teams are preferred while outsourcing to other companies or employees, usually, contractors are beneficial and can help fill in hiring gaps should those arise.

But if we take a step back, are companies leaving potential growth by not having an entirely in-house team? Or is staff augmentation here to stay?

What is Staff Augmentation?

We’re sure you’ve heard of staff augmentation, hiring outside developers, technicians, or any other type of employee to fill a talent gap. Sometimes it’s used temporarily, and other times call for more long-term endeavors with the potential, for some, to turn into full-time employment.

Benefits of Staff Augmentation

Staff augmentation can get tricky depending on the goal of the company. On the one hand, short-term outsourcing could be beneficial when staff members are out on vacation, or a specialist skill set is needed for a particular project. Long-term outsourcing can be helpful for extended assignments or a longer-term stopgap between the time in-house staff is trained or hired for that outsourced role.

Staff augmentation is also more cost-effective in most cases. This is because an augmentation firm usually handles the distribution of funds for payroll, and companies pay them a monthly fee. This saves the business from providing benefits but also disperses a lot of the tax burden usually associated with on-staff personnel.

Problems and Things to Look Out For

One problem companies may face while looking to fill talent gaps is the length of commitments. The shorter the term, the more it usually costs. In some cases, like a six-week project that needs talent ASAP, it may be cheaper to hire an independent contractor or completely outsource the work. Some staff augmentation firms provide talent in blocks of time, which may require keeping staff for specific time frames (eight weeks minimum, for example) and could be more expensive than necessary.

Is Staff Augmentation Worth It?

That’s the million-dollar question, and for good reason: It’s an incredibly valuable service that helps fill a gap for a company. Just remember to assess the needs of your business to see if staff augmentation is right for you. The time to find dedicated in-house staff is often filled with multiple-stage interviews, salary and benefits negotiations, and ongoing training.

The benefit of hiring in-house talent is that you’ll get the right candidate for the job you’re hiring for, and they’ll hopefully stick around to become an invaluable asset to your team. But when situations that need experienced talent immediately arise, staff augmentation and outsourcing can prove to be the right thing at the right time.

How to Minimize the Greenhouse Gasses from Data Centers

There is no denying that data centers are an integral part of our technology and data-driven future. One of the biggest concerns is the number of greenhouse gases produced from such large-scale energy requirements needed to power these behemoth meccas of data.

Because of data center sizes, they require an enormous amount of electricity to perform daily operations. Nature.com provides an energy forecast that states wireless and wired networks, ICT production, consumer devices, and data centers account for 20.9% of the projected energy demand throughout the 2020s. Data centers make up the largest portion of that percentage value.

Cooling Data Centers

One of the biggest problems data centers face with energy management is hyperscalars. In 2011, Facebook created the Open Compute Project, a global resource for sharing efficient computing strategies. Hyperscalars are large-scale data centers that feature uniform scaling server runs, stripped of all but the essential networking components needed for successful deployment. While this is currently the most efficient way to deploy and scale large server runs, it’s also the most energy-consuming form, thanks to sheer volume. While standard data centers have an efficiency ratio of four standard servers to one hyper scalar server, the hyperscalars deploy hundreds of thousands of these or more per run. Thus, they need much more energy to function at peak performance.

Air Conditioning

Standard air conditioning can account for up to 40% of a data center’s energy bill. Cooling towers and data centers also used approximately 626 billion liters of water in 2014. The elimination of both would allow for more efficient energy practices that are both more sustainable and cheaper to operate on a daily basis.

Alternative Cooling Methods

Free air cooling is one of the many innovative ways that some companies use to cool data centers. Essentially, data centers are constructed in cooler climate areas, and the outside air is blown into the data center. This method is starting to gain traction but is obviously limited based on location.

Another fascinating way that data centers can be cooled is with water. Similar to how liquid cooling works in a gaming desktop, water is piped throughout the server infrastructure, helping to control and dissipate excess heat.

Because the need to keep server temperatures low is such a hot-button topic, Facebook famously tested completely submerging high-performance servers in a non-conductive oil.

More Alternative Energy Sources for Data Centers

Suffice it to say data center energy is a pretty big deal. There are several other types of renewable energy, including wind, geothermal, and solar. While all of these methods have some benefits, in their current state, they are not as efficient as fossil fuel-generated electricity for stable and reliable output.

Wind turbines are large, expensive, and require immense fossil fuel usage to transport. They’re also location-restricted because they need to be put in an area that receives steady winds.

Geothermal energy is the least utilized energy resource, accounting for just .4% of the US’s energy consumption in 2020. However, this will hopefully grow to provide approximately 50,000 GW by 2050.

And solar — arguably the most popular form of renewable energy — is making great strides but is currently limited by the storage capacity of batteries. Couple that with high real estate costs and labor-intensive installation to power a smaller data center.

Overall, combining all these technologies will likely be the perfect mix of stable and renewable energy; for the time being, though, our standard fossil fuel-based systems are here to stay.

What is the Economic Effect of Data Centers?

There are mini investments that produce healthy returns and create both enormous tax revenue and new jobs. A few of them are as repeatably successful as the modern data center. According to a recent U.S Chamber of Commerce report, the average economic impact for a data center is approximately $32.5 million. This report also shows that $9.9 million in revenue is typically generated during the data center construction process.

The same report shows that data centers provide jobs for around 1,688 local workers while paying out an astonishing $77.7 million in labor wages while producing $243.5 million in output through local surrounding supply chains.

For taxes, AreaDevelopment.com states that tax revenue from data centers is explicitly a massive win for the local and state governments. At the state level, taxes are generated from employee jobs, equipment purchases, and sales tax generation through construction purchases. At the community level, sales and real estate taxes are two of the most significant avenues of new tax revenue.

The Economic Effect of Data Centers

The household name for search engines also has a bustling data center business. According to a report from Oxford Economics, Google data centers generated $1.3 billion in economic activity in 2016 alone while also providing around $750 million in labor income and 11,000 jobs throughout the United States.

Housing and the Local Economy

This is incredible, showing how much economic assistance is provided from a big room full of servers. Jokes aside, these Google data centers stimulate the economy in other, less measurable ways. For example, in the housing market: Employees from the data center helps fill vacant rentals and assist with housing growth due to the sudden influx of new people in an area. What do all of those employees do when they’re not working? They shop, eat, and patronize local amenities.

Data Centers and the Environment

Regarding energy, Google has committed to providing renewable energy generation for its data centers. Their data centers helped to create $2.1 billion in renewable energy projects, including wind and solar. This creates even more jobs during construction while also providing recurring jobs across the country.

Other Data Centers

Giant monoliths like Microsoft and Amazon also contribute similar economic impacts with their data center creation. Other big names to watch out for in the data center space include Dell, Hewlett Packard, Inspur, Facebook, Apple, and Salesforce.

Data Centers Are Revenue Wins

The average data center creates tremendous revenue generation wherever they are placed. From jobs, tax revenue, and renewable energy projects, they inject vast spikes of income that help communities become bigger and better than ever before.

Social Engineering: A Hacker’s Best Friend

In the movie Focus, Will Smith stars as Nicky, a clever conman who uses the power of social engineering to strategically remove valuables from his completely unsuspecting victims while also training Margot Robbie (Jess) how to be a better con artist. While dancing in the street, Jess flirts with a man while keeping him distracted long enough to slip his wedding band off his hand and onto hers.

Social engineering isn’t just quick cash grabs or grand larceny in the physical sense. It’s also an incredibly powerful tool used by cyber criminals to infiltrate otherwise secure businesses successfully. No amount of firewalls can keep an intruder out if that intruder is already within the protected environment. Is there anything that can be done to prevent social engineering attacks? It all depends.

How Social Engineering Works

Social engineering is a practice where people, usually in physical form but sometimes digitally, trick their peers into performing some self-infliction that allows them to be taken advantage of. A typical example is a criminal who pretends to do a magic trick but ends up stealing from the trick’s participant instead.

In the cyber security world, social engineering is a lot less glamorous in most cases but potentially even more dangerous. We’re sure you’ve seen the spam emails in your inbox that claim you’ve won some sort of prize or that your online shopping account needs a password change. This type of social engineering attack involves phishing, a practice where unsuspecting recipients are tricked into entering information or clicking a malicious link through seemingly official means. It’s common for phishing attacks to target user emails, but it has also graduated to text messaging, social networking sites, and fake websites.

Famously, Target was the victim of a phishing attack that saw 40 million credit cards get stolen. An HVAC technician contracted to Target fell victim to social engineering and opened a malicious email. Attackers used the Target credentials from the HVAC tech to gain access and deploy the malware across Target’s system. What’s worse, the malware that was released is pretty standard and easily detectable by most business antivirus systems. However, the final nail in the coffin was the security center in Minneapolis ignoring the security breach even after being notified. This led to more the 70 million customers having their information stolen.

Other forms of social engineering can include completely offline and in-person attacks, such as stealing or copying hardcopies of passwords on sticky notes or employee notebooks. While these may sound like rudimentary attacks, they are the most dangerous since attempts to infiltrate the security system happen from within. When someone can pose as an employee at the location that will be authenticated, this eliminates the most challenging part: Tricking your victim.

How to Prevent Social Engineering Attacks

  1. Check the Sender’s Email or Phone Number

Social engineers frequently use authentic-looking communications to pull off phishing attacks. With the exception of spoofing, most low-level social engineering attacks use incorrect email addresses when posing as fellow employees or vendors. The same goes with phones; if the number looks suspicious, it probably is, especially if they’re asking for some sort of login information when you have not requested a password reset, for example.

  1. Secure Login Credentials

Security measures like two-factor authentication can severely hinder a cyber criminal’s ability to gain access to user accounts. However, many times the attack happens in person. In this case, the would-be criminal only needs to find an unsuspecting victim that has left their login credentials visible to the public. Enforce strict policies stating that there’s no writing down physical passwords, and be sure to have a good password change policy, such as a new password every 60 days.

  1. Admittance Policy

While network security is obviously essential, unauthorized access to your business’s property can be one of the fastest ways for a social engineer to wreak havoc on your company’s data. That said, attendance policies, vetting outside contractors for third-party vendors, and developing a keen eye for malfeasance will go a long way.

When Being Social Isn’t Fun

Social engineering is a powerfully deceptive tactic that criminals can use to extract both physical and digital assets from you or your company. Industry-best cyber security practices and procedures can help to sort these attacks in their infancy. Still, it’s important to remain diligent, especially when it only takes seconds for an internal attack to happen.

Data Backups and Ransomware

The sole act of keeping and maintaining data backups is one of the most important things a business can do. This is true no matter what size a business is or what industry they reside in. But with the rise of ransomware attacks, it’s only a matter of time until cybercriminals target those backups along with other critical business systems.

Are offline backups enough to mitigate some of the damage and loss from a ransomware attack? To really understand the role of offline backups in a ransomware attack, it is important to understand what a ransomware attack really is and what attackers use them for.

What Is Ransomware?

Ransomware is a type of malware that holds victim data hostage in exchange for some form of payment or action. For example, in April of 2021, a group of cyber attackers targeted Quanta Computer, one of Apple’s business partners. The attackers wanted Quanta Computer to dish out $50 million by April 27th, 2021 in exchange for a decryption key that would release their now hijacked data.

Ransomware is a dirty business, but it can be an extremely profitable one for criminals, especially if their intended victim actually pays out. And despite how large of a company Quanta Computer is, they still fell victim to the attack.

Offline Backups

Ransomware attacks are quickly becoming one of the most powerful ways criminals can bully a business into paying out large sums of money in exchange for getting their own information back. A great way to offset this is with offline backups. If a criminal is able to successfully execute a ransomware attack on a business, that targeted data becomes unaccessible to the business due to sophisticated encryption mechanisms. With secured offline backups, the business can hopefully cut off attacker access and restore the backups to continue with business operations.

This doesn’t solve the initial problem of the attack in the first place, though. And if there are specific trade secrets that are going to be released, there’s not much that can be done to prevent the release if the attackers go through with their threat.

Removing Offline Backups From the Network

Even with offline backups, if those are still connected to the compromised network, attackers can encrypt that data and render the benefits of the backup useless.

To combat this, a good practice is to keep a master backup completely disconnected from a business’s network. This means locking the backup away in a secure, non-connected environment.

Best Backup Procedures

Maintain a Backup Offsite

Keep a copy of sensitive or important data backed up at an unconnected location. This helps to guarantee that in the event of a ransomware attack, an untampered copy will remain somewhere safe for later restoration.

Redundancy

Businesses should also maintain more than 1 backup. Multiple instances of offsite redundancy are always the best backup method and will likely remain that way in the future.

Maintain an Adequate Backup Schedule

How often does your backup need to happen? This is different for all businesses. Whatever the timeframe is, make sure that it’s always adhered to.

Suppose an attacker launches a ransomware attack at 2:00 pm on a Wednesday. Hourly backups would allow for restoration from at least 1:00 pm and back, daily backups from the Tuesday before, and so on. Weekly data backups, while better than nothing, are usually not frequent enough to successfully subvert a ransomware attack. We recommend daily backups at a minimum for the most effective ransomware protection.

Network Coverage Can Help Secure Your Data

Ransomware attacks are never fun, and being the victim of such an attack without a resilient backup strategy can completely cripple a business. Our team of data experts is ready to help ensure your data is safe. If you’d like to learn more, contact us today.

Foreign Threats on American Networks

“The war with Russia” hearkens back to the days of the Cold War with the Soviet Union. Back during the 1950s, students in schools all across America were trained to practice ‘Duck and Cover’ drills — there was even a catchy little jingle that played on the radio that attempted to mask the grim reality of an always looming nuclear threat.

Today, Russia is in physical conflict with its former land mate Ukraine. And while that physical conflict is easy to see, there’s been an ‘invisible’ war that’s been running rampant with all of the world’s global superpowers. That war isn’t taking place on a battlefield — at least not the physical kind we’re so used to seeing and hearing about. Instead, the cyber warfare efforts of Russia, China, and even the United States are heating up in a way that most Americans won’t be able to tangibly experience or even begin to understand until its broadcast on TV news or written about online.

Chinese and Russian Threats

If we take a moment to put aside national and geopolitical ideologies for a moment, we can see that throughout recent history, the most amplified cyber threats that average people hear about are from China and Russia. Russia has been the boogeyman in the political realm for quite some time, but its cyberattack prowess is no made-up entity. China is just as, if not more, culpable for a lot of the cyberattacks that affect many businesses today.

What’s the REAL Threat, Anyway?

But more than the hacks themselves, China’s dominant role in global corporate espionage is the most concerning factor cyber security experts worry about. There are fears about how far American consumerism have allowed the CCP to infiltrate our daily lives.

Mobile Phones

Mobile phone manufacturer Huawei was famously banned from conducting business in the United States due to concerns that the phones had hardware-level vulnerabilities that allowed the CCP access to the private information of regular US citizens as well as politicians, diplomats, and others. ZTE, another Chinese mobile phone manufacturer, was banned from the US prior to Huawei for similar reasons.

TikTok

Now, all eyes are back on the possibility of TikTok getting banned following the failure of it getting banned under the Trump administration. FCC Commissioner Brendan Carr called TikTok an “unacceptable security risk” and called for Apple and Google to remove the app from their respective stores by July 8th, 2022.

A Buzzfeed News article details leaked audio from 80 internal TikTok meetings that show how China is repeatedly accessing user data. Facial recognition images, user details, and more are being served on a proverbial tray to the Chinese Communist Party, and most Americans aren’t thinking about the implications that this could have.

Russia

As reported by Politico, a Microsoft report showed that Russian intelligence firms were hacking into various US and Ukraine-allied countries, including more than 100 organizations in the US alone, with a 30% success rate. And while this is just one instance of many where Russians were reported to be hacking the US and others, it’s certain that it won’t be the last.

The Solution

In the world of cybersecurity, there are no guarantees of safety or impenetrable network. Part of the cycle of patches and fixes that benefit consumers and businesses relies on new revelations and security discoveries, often by way of exploits or attacks. Best security practices, a good backup plan, and limiting who and what is allowed onto our networks are critical in safeguarding against would-be attackers and potential data casualties.