the it insider - d2oc0ihd6a5bt.cloudfront.net...the it insider it jargon p. 1 virtual networks p. 2...
TRANSCRIPT
Issue November 2016
Insider The IT
IT Jargon P. 1
Virtual Networks P. 2
Delta’s IT Outage P. 3
Ransomware P. 4
While it's impossible to plan for every potential computer disaster or emergency, there are a few easy and inexpen-sive measures you can put into place that will help you avoid the vast majority of computer disasters you could experience.
#1: Make Sure You Are Back-ing Up Your System
It just amazes me how many businesses never back up their computer network. Once it’s gone, it’s gone permanent-ly!
#2: Perform A Complete Data Restore To Make Sure Your Backups Are Working Proper-ly
Many business owners set up some type of backup system, but then never check to make sure it’s working properly. The WORST time to “test” your backup is after a disaster has happened and you desperate-ly need it!
#3: Keep An Offsite Copy Of Your Backups
What happens if a fire or flood
destroys your server AND the
backup tapes or drive? What
happens if your office gets
robbed and they take EVERY-
THING? Having an off-site
backup is simply a smart way
to make sure you have multi-
ple, redundant copies of your
data!
For customized backup solu-
tion, call us at (732)716-4109
or go to:
http://www.ocitcs.com/
services/data-backup-
Everyone hates jargon. It’s ostracizing and off-putting, but somehow we just keep creating more and more of it. For those who have adopted an “if you can’t beat ‘em, join ‘em” philosophy, we have just the list for you. Let’s take a look at some of the most relevant cyberse-curity terms making the rounds today. Malware For a long time, the phrase ‘computer virus’ was mis-appropriated as a term to define every type of attack that intended to harm or hurt your computers and net-works. A virus is actually a specific type of attack, or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroy-ing or unfairly accessing networks and data should be referred to as a type of malware. Ransomware Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Cur-rently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.
Intrusion Protection System
There are several ways to safeguard your network
from malware, but intrusion protection systems (IPSs)
are quickly becoming one of the non-negotiables. IPSs
sit inside of your company’s firewall and look for suspi-
cious and malicious activity that can be halted before it
can deploy an exploit or take advantage of a known
vulnerability.
Social Engineering Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite diffi-cult to pin down, experts agree that the majority of at-tacks require some form of what is called ‘social engi-neering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account. Phishing Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value -- always verify the source of any service requesting your sensitive data.
Anti-virus Anti-virus software is often misunderstood as a way to comprehensively secure your computers and work-stations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known mal-ware variants. (continued on page 2)
Main Phone: 732-716-4109
Fax: 732-716-4169
Email: [email protected]
Website: www.ocitcs.com
Data P. 3
Protect Your Data P. 1
IT Jargon (continued) P. 2
Get More Free Tips, Tools and Services At Our Web Site: www.OCITCS.com
732-716-4109
Virtualization giant VMware has taken notice and developed a prototype to com-bine these two services. In the hopes of unleashing ‘microsegmentation’ from the limits of physical hardware, Project Goldi-locks will essentially create a virtual fire-wall for every virtualized application. When one of these applications is creat-ed or installed, it will come with a ‘birth certificate’ outlining every acceptable function it can perform. When making requests to the operating system, net-work, or hardware the application is in-stalled on, Goldilocks will cross-reference the request with the birth certificate and deny anything that hasn’t been given per-mission.
Segmenting virtual networks and apply-ing them to individual applications rather than entire networks or operating sys-tems could revolutionize the market for endpoint security. Not only would it be easier to block malware infections, but those that made it through could be quar-antined and terminated immediately be-cause of the virtual nature of their loca-tion.
While virtualization may be a complicated
state-of-the-art technology, all it really
takes is a helping hand. With our full
team of specialists, we’re ready to pull
you into the next stage of your virtualized
infrastructure. All you need to do is reach
out us -- why not do it today?
For a customized Virtualization solution, go to:
http://www.ocitcs.com/services/virtualization/
For the average business owner, a virtu-alized network may not seem ground-breaking. And until recently, even the team at VMware didn’t realize just what they could do with it. Now that they’ve publicly announced what they’re calling “Project Goldilocks,” we finally see how relevant it is. Every small- or medium-sized business is concerned with end-point security, and that’s why you abso-lutely must read on to learn about this new form of virtualization.
A virtual network is a way to connect two or more devices that aren’t physically linked by wires or cables. From the per-spective of machines on a virtual net-work, they’re essentially sitting in the same room -- even if they’re on opposite sides of the globe. The advantages of this setup range from ease of manage-ment to reduced hardware costs. AT&T and Verizon have begun offering these services, and small- and medium-sized businesses have slowly begun to adopt them.
Meanwhile, another sector of the IT world has been making its own advanc-es. Cutting-edge hardware firewalls are beginning to offer internal segmentation as a method of separating pieces of your internal network to keep them safe from threats that spread internally. The more segments you have, the safer your net-work is from poorly protected neighbors. But there are limits to how much capaci-ty one of these hardware firewalls has for segmentation.
Zero-day attacks Malware is most dangerous when it has been released but not yet dis-covered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attack-ers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is ad-dressed, it is called a zero-day at-tack. Patch When software developers discover a security vulnerability in their pro-gramming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keep-ing your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.
Redundant data When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s work-space ensures that if there is a mal-ware infection, you’re equipped with backups.
We aren’t just creating a glossary of
cyber security terms; every day,
we’re writing a new chapter to the
history of this ever-evolving industry.
And no matter what you might think,
we are available to impart that
knowledge on anyone who comes
knocking. Get in touch with us today
and find out for yourself.
For more info on Network Securi-
ty, go to:
http://www.ocitcs.com/services/
network-security/
For more info on Email/Spam
Protection go to:
http://www.ocitcs.com/services/email-
spam-protection/
Always test your backups
So although Delta had a plan to bring its business back to normalcy, the DR plan left a lot to be de-sired in practice. This begs the question as to whether the airline company is actually testing, reviewing, and reinforcing its vulnerabilities to dif-ferent disasters.
The point is that even though your company may have a failover protocol in place, that protocol adds no value to your business unless it has been rigor-ously tried and tested. In order to avoid the same fate as Delta, make sure to find out whether your disaster recovery plan is capable of running mis-sion-critical applications like email and customer service applications before -- not after -- downtime occurs.
Account for different types of vulnerability
In an interview with the Associated Press, Delta
CEO Ed Bastian said, “We did not believe, by any
means, that we had this type of vulnerability.” In-
deed, it’s often hard to foresee what threats and
vulnerabilities a natural disaster, power outage, or
hacker can produce. But it’s not impossible.
By conducting a comprehensive audit of your data center security and disaster protocols, your busi-ness will be more aware and adept at minimizing the risk of potential disasters. This also means evaluating and preparing for disasters that are likely to happen to your business depending on its geographic location. Southern US, for instance, is prone to hurricanes and flooding.
Call for help
These lessons and strategies are all crucially im-portant, but pulling off a DR and business continui-ty solution on your own may be difficult. For this reason, it’s critical to have a planned partnership with a managed services provider that can assess, plan, test and install the continuity solutions your business needs in order to minimize the impact and avoid encountering a Delta IT outage of your own.
To find out more about business continuity
and guaranteeing complete IT redundancy,
contact us at (732) 716-4109 or email us at:
[email protected] today.
Companies can pay a hefty sum if they ever experi-ence any downtime. In fact, Delta Air Lines had a bad bout of severe downtime just last month. In just three days, the airline company cancelled 2300 scheduled flights and suffered $150 million in in-come loss. That doesn’t even account for the con-siderable reputational damage from delayed ser-vice. So how do you avoid sharing the same, ex-pensive fate? Here are some valuable business continuity lessons we can all learn from Delta’s IT outage.
Strive for 100% redundancy According to Delta’s chief information officer, a power failure caused the company’s data center to crash, grounding thousands of would-be passen-gers. Although power was restored six hours after the incident, critical systems and network equip-ment failed to switch to a secondary site, corrupting valuable data in the process. And while some sys-tems failed over, other vital applications didn’t; this created bottlenecks, decreased revenue, and di-minished customers’ confidence. Delta’s case is a massive wakeup call not just for the airline industry but for every business -- large and small. Companies must implement disaster recovery plans for their data centers, on-site tech-nology, and Cloud applications to continue servic-ing customers while fixing the main issue with their primary systems. Companies also need to get rid of the false notion that redundancy plans to assure service continuity is restricted to larger corpora-tions. DR and business continuity solutions are extremely affordable today, and a partnership with a provider can help you in more ways than one (more on this later).
If an IT consultant told you that backing up data is one of the most important things for your technical team to do well, you’d prob-ably nod in agreement. But what if they suggested that your dirty data requires cleaning prior to utilization? One simple adjective like “dirty” may give you pause, and there’s a handful of other terms about “data” that you may not recognize either. Data is the lifeblood of the information age. It gets observed, collected, organized, and analyzed, and it allows businesses to compete for profit and prosperity. And it takes many forms, each one unique and often vividly-named by the addition of a simple descriptive word. As such, we thought a short glossary was in order to help keep you current on a handful of new data buzzwords and how they might impact your business. Small Data If “big data” is about powerful machines, huge databases, and sophisticated analyt-ics, its little brother “small data” is about people. Small data takes a scaled-down approach to data mining that relies on things like social media to acquire im-portant information. Archiving it is also simpler since a complex central data ware-house isn’t necessary. Slow Data The notion of “slow data” may seem a bit counterintuitive since processing ones and zeroes means things are happening fast. Some information, however, is actually acquired more slowly. Take, for example, the polar ice caps, where things literally move at a glacial pace. Since this kind of data doesn’t require frequent analysis it is suitable for back-up in its native format in a secure data lake. Fast Data We’re guessing you knew this buzzword was coming next, and it’s probably exactly what you thought it would be. “Fast data” refers to data events that happen fast - as in thousands of times per second - such as financial tickers or electrical sensors. Being able to act on it without delay is critical, so storing it immediately in a sta-ble, easy to access location is a must. Dark Data Put simply, “dark data” is nothing more than day-to-day operational data that’s not getting used. It often refers to unanalyzed information in the form of customer call records, competitors’ price fluctuations, or website visitor trends. It can also include data that’s no longer accessible, such as when a storage device becomes obsolete. Your business can bring some of this redundant, out-of-date, or hidden data into the light with software designed to tidy things up. Dirty Data And speaking of tidying, here we finally have “dirty data.” While not quite as pro-vocative as, say, dirty dancing or a dirty martini, it does have a tendency to arouse anxiety. But it’s actually not harmful to your data warehouse; it merely refers to a data set prior to its being “cleaned,” such as a leads list that contains duplicates, spelling mistakes, or formatting errors. The key is ensuring it gets spruced up before moving it into production.
If this index of buzzwords has left you
wondering about the ways that different
types of information affect your specific
business, we’ve got answers. Setting up
and managing your databases, super-
secure backup strategies, and a thorough
understanding of information technology
are what we provide, so call or message
us today.
What’s all the buzz about data?
What can we learn from Delta’s IT outage?
Are You A "Sitting Duck"?
Get Your Free Report That Outlines
The 7 Most Critical IT Security
Protections Every Business Must
Have In Place Now To Protect Them-
selves From Cybercrime, Data
Breaches And Hacker Attacks
Two new tools for defeating ransomware
The IT Insider Issue 11 November 2016
Main Phone: 732-716-4109
Fax: 732-716-4169
Email: [email protected]
A simple Google search of “ransomware” returns just over 9 million results. So, too, does a search for “Three Mile Is-land,” the location of the late-70’s Pennsylvania nuclear meltdown. And while we don’t mean to equate the near ca-tastrophe of the latter to having your company’s data hi-jacked by computer hackers, ransomware can in many cas-es end in disaster for your business.
The way in which these nefarious operators commandeer your information and deny you access usually involves some fairly sophisticated stuff. The ransomware they install on your system is essentially a virus that “locks up” your data, and it can’t be unlocked unless you pay them for the keys.
Some of these data-encrypting viruses are strong, such as the CryptXXX strain. It has been infecting businesses for the past few months, and its latest mutation can’t be quelled by decryption programs found for free on the internet.
Two relatively new types of ransomware aren’t quite as viru-
lent as CryptXXX, but we’d like to bring you up-to-date on
them nonetheless. Here’s a look at what they’re called,
what they do, and how you can defeat them should your
PowerWare
The first of these recent ransomware varieties is called PowerWare, which also goes by the name PoshCoder. It imitates a more complex ransomware program called Locky, although with less effectiveness.
This spring, PowerWare was discovered attacking healthcare organizations through Windows PowerShell, a scripting application used for systems administration. Fortu-nately, programmers at hi-tech security firm Palo Alto Re-searchers were able to quickly create a decryption tool named “powerware_decrypt.py” that unlocks ransomed da-ta with relative ease.
Implementing the fix, however, does call for a bit of tech-nical know-how, so if your IT department is experienced in this area it shouldn’t be a problem. The code that can cure you from PowerWare is published online and is free.
BART
The second new ransomware breed that we should address is called BART. Instead of employing intricate information-encrypting algorithms to take command of your data, BART will stash away your files inside password-protected ZIP folders… and you have to pay for the password.
These infections aren’t hard to identify as the imprisoned files will appear with “.bart.zip” added to their original name (for example, “spreadsheet.xlsx.bart.zip”). Thankfully, not only are they easy to detect, but for antivirus firm AVG, they are easy to decode.
Applying the remedy that AVG has produced requires an unaffected copy of one of the files that’s been locked up. And if you can’t locate one somewhere on your network, a good IT services firm will be able to. The BART decryption tool is also available online at no cost.
The fact is, there are some shady, technologically savvy
characters out there who are willing to do us harm. Keeping
them at bay takes vigilance. So if your business doesn’t
have the resources to stay safe and secure from threats like
ransomware - or, in the event that you’ve been hit, you’re
not sure how to recover your data without paying the ran-
som - call us today to talk things over. (732) 716-4109