Average Ransomware Attack Payments Total $6,700 Per Incident

How much does a successful ransomware attack cost a victim on average? The numbers will terrify you.

Based on the latest statistics compiled by Coveware, each incident of a compromised computer costs a whopping $6,733, which is a hefty 13 percent increase from just one quarter ago.

Part of the increase stems from the fact that some strains known for demanding higher than average payments are seeing increased use. Among these are the SamSam and Ryuk families of ransomware. Another reason driving the increase is the fact that after the initial wave, hackers apparently compile statistics, enabling them to zero in on companies that are relatively easier to breach and more willing to pay. Put the two together, and they’ve got a virtually guaranteed, high profit, low risk enterprise.

Bill Siegel, the CEO of Coveware explains that his company’s Q4 data set is derived from 226 different ransomware attacks that were reported to and triaged by the company. He warns that companies that choose to pay the ransom aren’t guaranteed to receive an unlock key that will decrypt their files and give them their files back. There’s more than a little risk involved in giving the hackers what they’re demanding.

Unfortunately, many companies don’t have robust backup routines, and if they don’t pay, their files are lost forever. That’s an awful position for any company to be in, but fortunately, there’s a simple fix for that.

With the number of ransomware attacks expected to continue to increase this year, if you don’t already have a robust system of backups in place, it’s well past time to make sure that you do. Afterall, $6,733 per incident adds up quickly, and it’s a punishing price to pay indeed. It is much more expensive than a rock-solid system of backups. The choice is obvious.

Why Should You Outsource Your Business Processes?

There are quite a few reasons that it makes sense for a small-to-medium-sized business to lean on outsourced assets. Let’s take a look at a few of the biggest benefits that you could see from bringing on these kinds of services, from both a financial and operational stance…

FINANCIAL BENEFITS OF OUTSOURCING

Naturally, there are assorted financial perks to adopting an outsourcing policy, including:

Decreased Costs

This is perhaps the most well-known benefit of outsourcing, as it can often be too pricey to hire and train the internal employees, or procure the equipment needed for a process. Maybe expanding in-house resources any more would require an expensive change in location. Outsourcing allows a company to side-step these budgetary challenges, as can be seen in many other benefits we will touch upon.

Cash Flow Controls

On the subject, some of your operations can easily grow to be too expensive to realistically support. In order to stem the amount of cash that your company spends on certain needs, an outsourced resource can fulfill those needs (which control costs) without requiring an overhaul of your organization and its goals.

Eliminated Expenses

In addition to the employees who fulfill your central business objectives, there are many costs that simply having in-house employees incurs. This is especially true if their roles, while crucial, aren’t necessarily those that would require a full-time employee. Outsourcing allows you to optimize the amount you spend to have these roles filled, without pulling an excessive investment from your budget.

OPERATIONAL BENEFITS OF OUTSOURCING

There are also many advantages that can impact how your business itself works to be gained via outsourcing.

Internal Focus

When a company experiences growth, its behind-the-scenes processes can frequently hinder more growth from taking place, simply because these tasks require attention. Outsourcing these tasks allows you to focus on the elements that promoted growth in the first place, without neglecting critical responsibilities.

Access to Skills

Training an employee, especially a new recruit, can be expensive and time-consuming. However, when you turn to outsourcing, these responsibilities fall to the outsource provider. As a result, you get less-expensive access to resources with specialized, yet diverse, skill sets and large amounts of experience.

Growth Potential

It is also possible that offering your customers a particular service could prove to be quite lucrative, but you unfortunately lack the internal resources, skill sets, or budget to do so. Outsourcing frequently opens businesses to more opportunities of this kind. Furthermore, as these responsibilities are being fulfilled, your staff could be trained to do so themselves.

Minimized Risks

There are a lot of risks associated with running a business, such as the threat of employee turnover or absenteeism. Whether in the short or long term, outsourcing certain responsibilities can help insulate your operations from the impact of an assortment of less-than-ideal circumstances.

Net Activity is here to assist you with our outsourced IT services. To learn more, reach out to us by calling 216-503-5150.

Password Manager Malware Tricks Users Into Revealing Their Passwords

There’s a new threat making the rounds called ‘Metamorfo’ that you should be aware of. The malware began its life as a banking trojan.

This news is from researchers at Fortinet, who report that the malicious code has recently gotten some upgrades that make it particularly nasty.

Like many similar programs, this one finds its way onto target machines by way of phishing emails. In this case, the vehicle of choice seems to be emails that claim to have an invoice attached in the form of a Microsoft Word document.

If a user receives this email and opens the ‘invoice’ he or she will be informed that the message cannot be properly displayed without enabling macros. Of course, enabling macros is the mechanism that allows Metamorfo to be installed on the target device.

Once installed, the malicious code will first check to be sure it’s not running in a sandbox or virtual environment. Once it has confirmation that it is not, it will run its Autolt script execution program, which it uses to evade detection by antivirus programs that may be running on the target system.

Safe from detection, it will then shut down any browser sessions that may be running and prevent any new browser windows from using the auto-complete function when entering passwords. It then begins prompting the users to manually enter their passwords. When they do, the keystrokes are mapped and sent to a command and control server that the hackers control. It’s a fiendishly clever way of making sure the hackers harvest as much password information as possible from each system they infect.

Be very wary of opening attachments from any unknown and untrusted source and make sure all your systems are fully patched and up to date. It’s not a perfect solution, but it will certainly minimize your risk.

Is It Time to Upgrade your IT? 5 Ways you can tell…

The curious thing about information technology is that, while it improves as any other technology would, the environment can accelerate the various changes made to it at various rates. As a result, knowing when your business needs to upgrade its technology isn’t always so cut-and-dry. To help, we’re sharing a few clear indicators that hint that the time has come.

Your IT Team is Always Busy

Or, more specifically, they are always scrambling to fix problems as they pop up. Older technology is prone to issues like this (and others, as we will get into). So, if your internal team is always chasing down problems, or you’ve been calling in the local IT guy almost every day, it will be more helpful to upgrade your technology. More up-to-date solutions will be less susceptible to these kinds of difficulties, so the costs saved in maintenance and remediation will likely offset the financial burden of an upgrade.

Your Employees are Frustrated and Default to Using Workarounds

One of the most reassuring things about most job processes is the fact that there is a process at all, so if your technology no longer allows your set processes to be followed, how do you think your employees will react to it? They aren’t going to be happy, that’s for sure, and in order to accomplish what they are responsible for, they might resort to finding their own, less efficient (and less secure) methods to complete their objectives… methods that might be laden with problems. Improved tools can eliminate this need by providing a set, company-approved and secure process for employees to follow.

Your Technology Runs Reeeeaaaally Sloooooooowly

Speaking of things that frustrate your users, slow technology is perhaps public enemy number one in the office. Whether workstations are taking too long to boot up, the Internet connection is flaky, you deal with slow application load times, or too many other examples to list here, lagginess is generally best resolved by a replacement. This is very closely related to our next warning sign…

…You’re Feeling Financial Strains

It’s simple math, really. If each task takes longer to complete, fewer tasks can be completed throughout the day, which usually translates to reduced revenue overall. At the same time, your employees will still be paid their usual wage, meaning that you’re spending the same amount of money to generate less income. It doesn’t take an economics degree to see that this isn’t good.

Investing in an upgrade can help you improve your productivity, which gives you the potential to generate increased amounts of revenue. So, instead of working for less money, you have the chance to see some significant returns from your investment.

You’re More Vulnerable to Cyberattacks

Here’s the worst of it: as technology improves, so do the cyberattacks that bad actors will use to undermine it. By using older technology, you are effectively welcoming cybercriminals to attack you–especially if your tools have passed their end of support date. Updating your software, whether it’s your security solution or the productivity tools you rely on, helps to reinforce your overall security by reducing a particularly potent weakness.

So, when all is said and done, keeping up on your IT upgrades is a bit of a no-brainer. For more information on whether or not you need to upgrade your IT, or assistance in doing so, reach out to Net Activity! Our professionals are just a phone call away.

5 Ways to avoid Digital Sprawl in Microsoft Teams

Workplace and digital content collaboration are the way of the world. Remote workers include permanent home employees; a mobile workforce, including on-the-road sales teams; international organizations, with locations in multiple countries; and offshore development. This agility in the work environment requires effective collaboration.

With so many collaboration tools on the market with varying capabilities, content sprawl is a possibility if the right strategies aren’t in place.

Some collaboration-supporting tool sets include Box, Dropbox, Microsoft and Google, and businesses use them daily. Each varies in its abilities, but can include instant messaging, audio and video conferencing, document sharing and other types of content sharing — including tasks, to-do items, calendars and plans.

For those already using Microsoft technology, Teams is a natural choice. Teams — built on SharePoint — is a unified communications platform, with chat, video meetings, file storage and application integration. It integrates with Microsoft Office 365 products, and its extensions also enable it to integrate with many non-Microsoft services.

Organizations that use Teams run the risk of content sprawl. Before deploying it, consider these five points:

1. Teams is not a content management system. Teams can be used to store files and other content, which it does by using the underlying SharePoint. For full content management capability, users need to use the “open in SharePoint” menu that is available in various places throughout Teams. Once in SharePoint, additional capabilities are available, such as check-in and -out, file versions, tagging, retention and deletion rules.

SharePoint can be a longer-term content management platform after a business decommissions the team to avoid the content sprawl.

2. Develop an archive strategy for content developed in Teams. Consider Teams as transient content storage, for example, to support a specific project or initiative. An archive strategy will allow storage of that content beyond the life span of the team. Examples of content that a business might manage this way include documentation coming out of a project, such as standard operating procedures and application support documentation. SharePoint can be a longer-term content management platform after a business decommissions the team to avoid the content sprawl.
3. Define sound governance approaches. Organizations should use naming conventions for teams and the channels in a team, and limit team and channel creation to nominated people supported by training and standard operating procedures. Businesses should also regularly review teams to determine current business relevance, as well as content archiving and long-term storage. Create a directory of teams with attributes, including responsible owner, purpose, proposed decommission date and content confidentiality.
4. Develop clear guidelines on when Teams is appropriate for business initiatives vs. another platform. For example, organizations using SharePoint may already have a project site template. Should a team replace this or be supplementary to it? At present, there is no templated approach to creating a standardized team structure. Without a standardized approach, each project owner will construct each team differently, making it difficult for users who work across multiple projects.
5. Avoid organic and unstructured growth of collaboration tools. Teams is the most recent example from Microsoft of a history of collaboration tools, including OneDrive, Skype for Business, Yammer and SharePoint. Choice is a good thing, but knowing what tool to use and when makes for better choices. Businesses need to develop a strategy to identify which tools to adopt.

Net Activity is here to help you manage your data assets and keep sprawl in check.  Reach out to us today!

The Dangers of Autocomplete Passwords

Hackers have found a new way to track you online. Aside from using advertisements and suggestions, they can now use autocomplete passwords to track you down. Feeling insecure? Here are some ways to keep you out of harm’s way.

Why auto-fill passwords are so dangerous

As of December 2018, there are 4.1 billion internet users in the world. This means users have to create dozens of passwords, either to protect their account or simply to meet the password-creation requirements of the platform they’re using. Unfortunately, only 20% of US internet users have different passwords for their multiple online accounts.

Certain web browsers have integrated a mechanism that enables usernames and passwords to be automatically entered into a web form. On the other hand, password manager applications have made it easy to access login credentials. But these aren’t completely safe.

Tricking a browser or password manager into giving up this saved information is incredibly simple. All a hacker needs to do is place an invisible form on a compromised webpage to collect users’ login information.

Using auto-fill to track users

For over a decade, there’s been a password security tug-of-war between hackers and cybersecurity professionals. Little do many people know that shrewd digital marketers also use password auto-fill to track user activity.

Digital marketing groups AdThink and OnAudience have been placing these invisible login forms on websites to track the sites that users visit. They’ve made no attempts to steal passwords, but security professionals said it wouldn’t have been hard for them to do. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold the information they gathered to advertisers.

One simple security tip for today

A quick and effective way to improve your account security is to turn off auto-fill in your web browser. Here’s how to do it:

• If you’re using Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords.
• If you’re using Firefox – Open the Options window, click Privacy, and under the History heading, select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
• If you’re using Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

Your Business Processes Are Everything

The word “procedure” can easily be perceived in a negative light nowadays. It just sounds so… rote… compared to the exciting and dynamic buzzwords that so many “thought-leading, influencing, social media innovators” today toss around. Now, we don’t mean to disparage these personalities – we just want to emphasize that these innovations rely on a foundation to support them, and these foundations are based on business procedures and processes.

Let’s look at why even the most innovative businesses depend on their procedures to operate – and how a procedure can be properly created as well.

Why Processes and Procedures Matter to Businesses

If you were to list the most important qualities that a business should have, would your list include consistency? It really should. After all, if Client A, B, and C each paid for the same service, doesn’t it stand to reason that all three of them receive the same quality of service? Consistency can go a long way to support your client retention, your productivity, and any of a variety of other internal and external business considerations. Therefore, it only makes sense that establishing processes will work to your business’ benefit.

There are a variety of ways that they can do so, for that matter. For instance, they can…

• Help improve your business’ efficiency
• Optimize internal and external communications
• Minimize confusion in your operations
• Secure accountability in your workflows
• As mentioned above, better ensure consistency in outcomes

… so it only makes sense to invest the time it will take to standardize how your business completes certain tasks. Consider, for a moment, the modern fast food franchise.

Slight cost and menu changes aside, going to a fast food restaurant on one side of the country should be effectively identical to going to one on the other side. This is largely because there are essential processes that take place in the kitchens.

The moment a server starts to put together an order with a customer at the front counter, a screen in the back shows the order being constructed. This allows the team in the back to start putting it together, keeping the communications between the front and back teams effectively seamless. Each person back there has their own task – whether it is to cook the meat, start building the sandwiches, or finish them and send them to the front.

As a result, it isn’t unheard of for a finished sandwich to reach the customer less than a minute after they have placed their order – in fact, that’s the goal – and that is exactly how they expect it to be.

Now, while your business almost certainly has very different goals and services than a chain burger joint, there is no reason that you can’t experience similar benefits to your operations by implementing standardized procedures as well.

What Makes a Good Process

Now, this may feel like we’re getting a little into the weeds here, but not all processes are necessarily created equally. To make sure that your process is worth the time spent to formalize it, it should feature four qualities:

• It can be repeated – There isn’t much use in a process that only applies to a specific scenario or can’t hypothetically be repeated indefinitely. A good process can apply to a variety of circumstances, and be used more than once
• It contributes value – Any process you design should have a purpose to each step… there should never be any “busy work” involved in one of the included tasks.
• It has a clear beginning and an end – Every process you develop should have a defined starting point, where something signifies that the procedure should commence, as well as a conclusion, where no further action needs to be taken. Each step between these points also needs to be easy to differentiate from the others.
• The process can evolve – Of course, you aren’t going to (or at least, shouldn’t) continue using the same tools and solutions indefinitely, which will at some point impact these processes. Your processes should be able to accept these impacts without your clients seeing any ill effects.

Use Automation to Power Your Processes

If there is any issue that every business is subject to, it’s human error. Regardless of how perfect and refined your procedures are, there is always the risk that the end user will miss a step – like when the fast food worker forgets to put the pickle on your sandwich.

In your business, however, the consequences are probably a little greater than a missing crunch.

That’s why many businesses have embraced the use of automation to enhance their business processes. Not only does automation bring about the benefits we discussed above – the improved efficiency and accountability – it also helps you avoid human error at key points in your processes. Additionally, it frees up your employees to accomplish other things, perhaps related to that same process.

There are many different solutions designed to help with different tasks, and they can all play a role in your automated processes. Net Activity is here to help you determine what is best for your business’ efficiency.

To learn more about how we can help you automate some of your processes, or about the other benefits that we can provide for your organization, give us a call at 216-503-5150.

Protect your Browser, Protect your Business

In small- and medium-sized businesses (SMBs), some 50 to 150 workers access the net daily through the company network via browsers. That’s why any SMB must secure its browsers to keep its data safe from data theft and other forms of cyberattacks. To do so, follow these simple steps:

Prevent browser tracking

If you don’t like the idea of a third party (reputable or otherwise) being able to track your browsing habits, enable private browsing using built-in tools in your internet browser such as Chrome’s incognito mode. This offers protection against tracking by blocking third-party cookies as well as malware. Some browser extensions also boast secure Wi-Fi and bandwidth optimization and can guard against tracking and data collection from social networking sites such as Twitter and Facebook.

Block adverts

While online ads may seem harmless, the truth is they can contain scripts and widgets that send your data to a third party. A decent ad blocking program will stop banner, rollover, and pop-up ads, and prevent you from inadvertently visiting a site that may contain malware.

Many blockers contain additional features such as the ability to disable cookies and scripts used by third parties on sites, the option to block specific items, and options to “clean up” Facebook, and hide YouTube comments.

Consider setting up a virtual private network (VPN)

Unfortunately, browser tracking and adware are not the only internet nasties that you need to be concerned about. Hackers can intercept sensitive data between two parties, allowing them to steal and corrupt valuable information such as bank details, login credentials, and other personal information. Installing a VPN can help solve this problem. VPNs encrypt your internet traffic, effectively shutting out anyone who may be trying to see what you’re doing.

Install antivirus and anti-malware software

Finally, it goes without saying that having antivirus and anti-malware software installed on your PC, tablet, and smartphone is crucial if you want to ensure your online safety. These software programs are your first defense against malicious parties intent on stealing your data.

Get Security Browser Extensions

Browser extensions (also called add-ons) are small software programs you install on top of your browser to enhance its functionality.

There are literally thousands of browser extensions available to provide a wide variety of added functions to your browsing experience. There are extensions available for customization, productivity, shopping, privacy, security, etc.

Security and privacy extensions are highly recommended and encouraged by security professionals for securing browsers.

Secure your web browser with browser updates

Run updates regularly. Not only for the browser software but also for the extensions you have installed.

On desktops, you can set up automatic updates for the major browsers like chrome and firefox.

Although, this sometimes does not always work due to special installation method of the browser. So you still have to manually check for and perform updates.

In addition, mobile users should not ignore browser updates. As soon as an update is available for your favorite browser in your app store, make sure to upgrade immediately don’t procrastinate.

Is browsing at your workplace secure? Would you like a more comprehensive security system for your business? We can tell you all about it and help protect your business from online threats. Get in touch with Net Activity today.

Are you Defending Against this Office 365 Threat?

Some hackers have become so skilled that they don’t even need you to give up your credentials to hack into your account. One recent cyberthreat is targeted towards users of Microsoft Office 365. You don’t want to be the next victim, so read up.

A phishing scam that harvests users’ credentials

The latest cyberattack on Microsoft Office 365 involves harvesting users’ credentials. Scammers use this previously unseen tactic by launching a phishing message to users, asking them to click on an embedded link. What makes this scam more insidious than traditional phishing scams is that the URL within the message links to a real Microsoft login page.

How does it work?

The phishing message resembles a legitimate SharePoint and OneDrive file-share that prompts users to click on it. Once they do, they are taken to an Office 365 login page where they will be asked to log in if they haven’t already.

After they’ve logged in, they’ll be prompted to grant permission to an app called “0365 Access.” Users who grant permission effectively give the app — and the hackers behind it — complete access to their Office 365 files, contacts, and inbox.

This technique can easily trick lots of users since the app that requests access is integrated with the Office 365 Add-ins feature. That means that Microsoft essentially generates the request for permission. No, Microsoft is not aiding hackers to breach systems. Rather, the scam is made possible by a feature that allows users to install apps that are not from the official Office Store.

Ways to protect your Office 365 account — and your business

Given their fairly advanced approach, these scammers could effortlessly prey on careless employees. There are ways to make sure that doesn’t happen.

• Always check the email’s sender account before clicking on any link or granting apps access.
• Implement a policy that prevents staff from downloading and installing apps that are not from the Office Store.
• Regularly conduct security awareness training that covers essential cybersecurity topics. Educate employees on how to spot phishing scam red flags (e.g., unknown senders, grammatical and typographical errors, suspicious requests, and the like). Increase their knowledge about more sophisticated attacks and keep everyone informed about current and future cybersecurity risks.

Successful attacks could result in an unimaginable catastrophe to your company. For tips on how to spot this and other nefarious scams and how to plan thorough security practices, contact our experts today.