On June 27 the US Government became aware of new ransomware called Petya.
Similar to WannaCry, it didn't require any user involvement, but infected through operating system vulnerabilities. It's demand for ransom in exchange for decryption key was a hoax, as encryption of Master Boot Records cannot be undone. Infected drives became unreadable and computers became un-bootable and any ransom paid was lost.Recommended prevention steps:
- Protect end-point Windows devices with antivirus/antimalware software from respected providers (we recommend Trend Micro). Make sure subscriptions haven't expired. Central purchasing and administration allows for consistent protection and alert handling.
- Apply operating system and device patches (especially MS17-010) and updates to both Servers and end-user computers. It's true that updates occasionally cause problems. But vulnerabilities in unpatched systems increase over time.
- Apply updates to web browsers, Adobe Reader and Flash, Java, and other software regularly.
- Back up servers and file shares regularly, and periodically validate whether backups were effective. The date, time, and status should be reviewed for success. Try to extract several folders and files from backup sets. Ideally, disaster recovery and business continuity solutions are in place that synchronize continuously and can spin-up a server identical to the moment it failed. LeeShanok offers BDR and BC solutions that are effective and affordable.
- Make sure end users store data files on Shared Drives so they are included in backups.
- Protect end-user computers with active firewall software.
- Periodically review your network firewall. Businesses need a modern commercial grade device. Those with business centers or wifi for guests need filtering of malicious and illegal content, and traffic shaping. We recommend Cisco Meraki and Cisco ASA with FirePower. Make sure firmware updates are current.
- Host a security policy meeting for employees and satellite offices. Partner with LeeShanok's team as you prepare. To help you, we offer a 45 minute presentation called "IT Security for the Common Worker", also available via webinar.
- Many of these checklist items are managed by LeeShanok as part of our Managed IT and Hosted service plans.
Feel free to contact us to discuss your situation.
We all love social media, but in the era of Facebook, Twitter, Tumbler, LinkedIn, and Instagram, do you really know what information you have floating around on the Internet? Attackers in today's digital age are incredibly clever. Just because you consider something innocuous information, doesn't mean a hacker can't leverage it to their benefit.
As you saw in the video, something as simple as where you went to college can give an attacker an air of credibility. Don't think you'd fall for that? Let's look at another example. Have you publicly posted the names of your kids? What about where they go to school? Both of these are common tidbits of information that can be found on social media. Now what if somebody called saying they're from your child's school, and they're refreshing their records. Would you give them your cell number? Email? Home address? What if they told you one of your kids had an accident and you needed to come pick them up; could they get you to leave your office unattended?
Now, anecdotes like these are not meant to leave you cowering in fear. However, it's important to note that even information that may seem unimportant to you can be a treasure trove to an attacker
Don't overshare on social media! The less the world knows, the less can be used against you.
Look at email addresses closely to make sure they are from who you think they're from. Just because it has privileged information in it does not automatically make it authentic.
Call back. If someone wants information over the phone, or has called and asked you to do something, call them back. Just because they sound official doesn't mean they are! Use a number you already have for the school/ company/ partner you are talking to. Then you know you're dialing the real thing.
Change login information often! Social media is a prime target for hackers. Change your passwords on a regular basis, and make sure to use something complex.
We will be presenting all these 2ps and a plethora more in our upcoming "Security Lunch & Learn" so stay tuned for more information on that event coming up in March!
- Shorts and Damage from WATER.
- POWER Surges and Outages.
- Failure from Excessive HEAT.
WATER - In your utility room, look for gaps between floor, walls, and ceiling, and around conduit entry paths and terminations. Water will follow cables into rack-mounted and free-standing devices, then seek low points on the floor to pool. Being a good conductor with little resistance, water lets big current flow where it shouldn't, zapping anything in it's path.
Use Silicone based sealer to fill gaps in walls and around conduit and cable terminations. Patch roof coatings and gaps around flashing now to stop water on it's way to Arizona.
POWER - Spikes, shorts, lows and outages cause unplanned shutdowns and can damage electronics and data. Uninterruptible power supplies (UPS's) condition lines against low voltage brownouts and power outages, which can spike when power returns. If power remains off, the UPS can initiate normal shutdown and avoid data loss. Check UPS batteries using monitoring software or dashboard. Make sure power capacity supports what's plugged in: Servers can require 1500 VA, Desktop PC's 600 VA, Switches/Routers/Firewalls 350 VA.
If you haven't checked your backups in a while, now is a good time. Review logs for frequency and successful completion, then restore a few test files and folders. If you're not sure, create a new full backup before the first storm hits. We're here if you need help.
HEAT - Monsoon storms are accompanied by excessive heat. As dust accumulates inside enclosures and airflow around components slows down, it's like wearing a heavy jacket on a summer day with little wind. It won't take long to exceed your comfort zone. Most electronic components have built-in temperature limits that cause rapid shutdown to avoid damage. The best prevention is adequate airflow around the devices in a relatively dust-free environment, with all internal fans working well. Don't forget annual device cleanouts. Monsoon storms can be dramatic, but these tips can help protect both network and data.
As of April 11, 2017, Microsoft stopped all support of Windows Vista. If Vista exists on any of your computers and you do nothing, they will still function but will grow slower and more vulnerable. If you hadn’t considered migrating before, now is a good time.
We recommend migrating to either Windows 7 Professional or Windows 10 Professional. A clean “custom” installation is recommended over an “upgrade” for both reliability and performance.
Backup your data – Don’t forget! There are many backup tools and methods available. To ensure your data migrates successfully please call the LeeShanok Team.
Migrating to a new operating system should never be taken lightly. There are many decisions to make and tasks to do. Any mistake can be costly. It’s important to replace Vista. Engaging our team early in the process will ensure a successful transition.
As always, if you have any questions, please feel free to contact us.
Your Technology Partner,
The LeeShanok Team
When you leave home, you lock the door or close the garage. When you walk away from your computer, do you lock the display? Probably not.
In Windows 10, your display automatically locks after 10 minutes, which gives plenty of time for open windows to be inspected. One touch of the mouse or keyboard and the screen lock timer resets, providing another 10 minutes. It doesn’t take long for someone to run a search and email the findings off-site or upload them to a cloud account. They may connect a browser to a risky website or delete important folders.
Even a quick trip to the coffee station can be interrupted by a crisis that delays your return. When unattended, all computers should be:
- Display off and computer locked
Don’t have time to lock your computer? Try this:
Some industries have serious compliance regulations and penalties. This policy protects you and your employer, customers and suppliers.