Small Business - Guide to Ransomware

What is it?

Ransomware is the ability of the attacker to launch an application usually on your Windows Desktop to Encrypt all your Company Shared files and hold the unlock key to ransom. The ransom is usually asked for by payment of a Bitcoin key which is totally untraceable.

Such strains of this attack has usually been nicknamed Cryptolocker

There are even companies selling this Virus as a service offering 10% of all the Ransom paid!

 

How do I stop it? 

Spam Filters

Make sure you have one of these before email hits your Office 365 or Email Server. They can scan Macro's and files and also block emails which have been bulk sent and this protects you before the email even gets to your server!

User training

Make sure users are wary of what emails they open with attachments. For Example why is my gas company sending my home gas bill to my work email? Why is TNT sending me a receive note when I have not received anything?

Keep Up-To-Date

Alot of Ransomware comes from out of date programs such as Flash and Java, sometimes through Averts! Make sure you keep these up-to-date or speak to your IT Provider about a tool to deploy these weekly and Advert Blockers.

Disable Macro Scripts

Cyptolocker variants like to use Zipped up PDF , Word and Powerpoint presentations harmless looking invoices to download programs to the computer. Make sure you read the warnings before enabling these.

Group Policies

Enable Group Policy's to Disable Executables running in AppData and Local App Data

Antivirus

Make sure it's turned on - Remember when you turned off the Anti Virus to stop it annoying you about updates or a false positive. Make sure you have a management center for all your Anti Virus Clients to check what users have what enabled!

File Resource Manager

Get alerts when specific files hit your server so straight away you can action the removal of the machine from the network. The process can even be automated!

 

What if I get infected?

Call your IT Provider Straight Away

You will start seeing your files changes extension from .doc ( Work document ) to .zzz and you will be unable to open these anymore. This means they are encyrpted and the virus is encrypting or has encrypted all the company data. There will also be Readme.html files are placed in each directory with the Unlock Key and instructions of how to pay as well as a deadline.

Call your IT provider so they can determine which computer is infected which will need to be unplugged and wiped. They can also get on with the restoring of Data

Try and Find an Unlock Key

Our friends at Kaspersky have put together a load of tools to be able to unlock for files for you for free here

Backups 

Backup is the only last method of defense. If there is no unlock key from above from your strain. Depending on your backup software ( Veam / Backup Exec ) you should be able to restore from the previous' Nights backup meaning only a loss of a days data compared to everything. This might be a good time to thing about your current backup plan, maybe a midday backup would be good to mitigate a 24 hours loss instead of a 12 hour lost.

Pay up

This is the last scenario, it never helps to pay Ransom's as it encourages it , however if this is your last option, maybe a 500$ Payment is cheaper then wiping all your Data. Payments do actually work if you leave all the documents on the system intact, it will actually decrypt it per case study.

A few of our top 7 reasons for you to be in the Cloud

Cheaper Startup costs

For Small for Medium business especially new , a three pound monthly bill per user rather than an initial three hundred pound Office license is much cheaper during the first year not to mention more flexible. If the user quits the license the next monthly cost can be cancelled and email archived.

Stability

Economies of scale plays into this alot. Cloud providers ike Microsoft and Amazon invest heavilly into making sure they have multi layers of reduancy in regards to all layers of their infrasturcure as well as users existing on two datacenters just incase one gets destroyed in a natural diaster. Yes..... these services still go down from time to time however this will only get better with time! 

Collaboration 

The world is opening up wether Brexit or Trump proves otherwise! Small Business now can be under 10 people dotted around the world with the help of the internet. Internet connections from e.g. the U.K. to Australia are still not good enough yet to stream a Virtual Desktop Faultlessly. The cloud can now enable remote workers login to their local data center and work without the slowness of before.

Mobility 

Mobiles and Tablets are taking on much more of the processing them previously thanks to good development and hardware. Cost of building Web Apps are more complex thanever due to security and amount of devices. Cloud providers work on unifying their apps to work across platform which saves internal development

Latest and Greatest

Companies especially Microsoft now are writing new features and products directly into the cloud which means you get these in your existing subscription for the same costs and it happens automatically, no need to wait for updating screens!

Scalibilty / Speed

One of the great perks about cloud is  the scaling. You can start your organisation on a 5 seat E3 Office 365 license and grow up to 1000 seats by just increasing your subscription count! Let someone else worry about the building of new servers and data rooms while you continue to run your business. The amount of servers Microsoft have you can now start using this scalable resource for Business Intelligence straight into 365.

Intergration

Previously when you purchased some software for example Sage Accounting, to be able to export that data for example into Excel to be able to forecast and predict figures you  would have you build custom written macros for this. With the invention of cloud it has started getting cloud providers to build API's and work with other third partners for click of the button intergration! For example a great Accounting Tool we use called Xero. To be able to keep track of our workforces expenses, we can use a seperate thirdparty tool called Receipt Bank and this how enable employees to submit their expense forms and receipts into Zero saving out Accoutant lots of work!

Moving Offices : IT relocation service Checklist

1) Planning

When will we have physical access to the new premise to do a site audit of what is currently there? It is useful to ask the previous company if they have plans to leave anything behind. A few site moves we have been hired on, Structured Cabling, UPS's and Phone Systems are mostly left behind for the new tenant to use! They would prefer to pass these down instead of paying for the removal.

Internet Service Providers - One of the longest wait times for a new premise will be Internet and Telecom lines. Allow up to 2 months for these and check if they can reuse any existing cabling to speed things up. This will need to be ordered and followed up weekly to make sure this does not delay the move which can be actioned by your IT Managed Serice Provider. Our recommended ISP can help you with this transfer by moving the numbers and IP Address of your existing setup to your new office.

 Cabling Requirments for new Office

  • How Many Phone Lines do you need?
  • How Many Cat 5 Cables per Desk?
  • Power Outlets for each Desk?
  • Room for Server Rack

What needs to be moved and who is physically doing the move? This can be a great time to perform an IT Audit of all machines and software as this all needs to be moved anyway! Can the people who will be moving your Office Furniture also help out with physically moving IT Equipment?

Moving premise can be a great time to retire old IT Infrastructure and be a useful time to upgrade existing infrastructure so you can run both sites in parallel to speed up the move and help with the testing. It can also be a great time to look at Hosted IT services and cloud.

 Why pay for a server room to be built if you can move it all into the cloud which will help you be more flexible for future moves!? 

Recyling old IT Infrastructure should be done with a proper provider so that hard disks and old backup tapes a destroyed to prevent leak of company data

2) Evaluation

  • Make sure backups of all company system data have all been completed and that there has been a tested recovery?
  • Have you notified staff of when they will need to shut their computers down so the hardware can be moved quickly and efficiently and when the system is expected to be back up to reduce IT Downtime?
  • Is the equipment insured during the move?

3) The Move

  • Depending on the size of your office, it's best to get employee's to pack and label their personal items up which will help with the moving of IT Equipment
  • Testing - Once all equipment is moved servers and systems should be checked and signed off before starting work.

Desktop and Server Offsite Cloud Backup

Customers new or existing should always have two layers of backup protection

The first layer is always an onsite copy of company data which allows for a speedy overnight backup to local disk over a high-speed network which gives you the value of speedy restores of large data chunks if needed ( e.g. a Ransomware attack ) 

The next layer of backup is to always have an offsite backup, so in the event of a disaster such as a building fire, theft or flooding, the servers could be fully restored when the backups are brought back to the new site with replacement hardware. Around 5 years ago when the average internet upload was around 1mb/s transferring 0.41 Gig / Hour, and cloud storage was more expensive , our customers utilised offsite copies using Tapes and Hard Drives.

However now thanks to new Fibre connections to UK Business which can delivery 100mb UP and Down, with unlimited plans, the offsite backup can now go straight to the cloud instead of worrying about the administration of changing Tapes and failure of External Hard Drives due to lots of motion.

At Response IT we utilize two main Cloud Services to provide our customers with always on restores and limit the administration of backups.

Veaam Cloud Connect for Virtual Backups

  • Integrates into VMware and existing Veeam Infrastructure
  • Item Level restores of Applications such as Exchange, SQL and Active Directory and Individual Files
  • Restore whole virtual machines ( If a virus hits a server you can restore everything in a short space of time without hunting down the infected files )
  • Automated Restore tests ( Servers get booted up weekly automatically to check everything is working as expected )
  • Inbuilt Encryption and Compression

CrashPlan for Desktop and Physical server Backups

  • File Level Block by Block copies which backs up data as soon as you change it. This gives long 30 day restores from a self managed web interface
  • Backs up Remote User laptops straight to the cloud without them needing to be in the office
  • Weekly Reports straight to site managers to check what's been backed up and what hasn't
  • License included in the CrashPlan Backup Subscription
  • Inbuilt Encryption and Compression

Both of these services utilize Datacenters with Gigabit internet connections with the availability of getting data copied to Hard drives for immediate restores in disaster.

 

Is USB a Risk or a Benefit now to Small Business'?

With the recent introduction of a 5$ device reported by the BBC http://www.bbc.com/news/technology-38012699 socalled "Poison Tap" which can be used to steal all Web Browser Passwords with Cookies in the matter of seconds, is the invention of USB a benefit or hindrance on business' now?

The risk of Data loss for business with removable media has always been a risk, since CD Copying drives were cheap enough to install on all desktops. This could be restricted with not installing a CD copying app back in the day and also copying company data at 600mb at a time using a 32x Speed writer blaring across the office wasn't the easiest way to go unnoticed!

Plug and play was a great new way for devices to plug in and go with windows without the need for manual driver installation and setting up devices. This technology meant users could even install Printers themselves! Now with the invention and scaling of flash storage, Finger sized USB's sticks getting above 256GB copied over USB3 at 300MB/s the risk is more apparent of data loss using this great technology.

Software is available for business' to start logging and monitoring items being copied over USB now which can be apparently often with people leaving firms decide to copy confidential company property and previous work owned by the company. This information is invaluable for any company seeking legal action against a company or individual.

Some companies have choosen an all out policy to save money which restricts USB ports on the computer entirely, much to the dismay of the workforce who want to keep their smart phones charged using the front USB ports! 

With the new threat now of USB sticks emulating Network adapters stealing password via network traffic, new systems will have to be put in place now to require user intervention when installing USB Devices!

Why not to use a free Anti Virus for Small Business'

There are lots of Free Antivirus out there e.g. Microsoft Security Essentials and AVG, so why should your business not use these to save money?

A very good question we can answer

Lack of centralized management

When managing over five computers you want to know what machines are up-to-date, What machines have had infections and where these are, and what machines have their AV enabled. This is the best way to mitigate a wide spread infection especially with Ransomware , where the last line of defense is disconnecting a computer from the network .

Licensing 

A favorite of ours for our home users is Microsoft Security Essentials. It's great on detections and it just works , howver it is for "home" users. Microsoft actually do not allow this for use in businesses for over ten devices. https://support.microsoft.com/en-us/help/13752/windows-security-essentials-eula

Free? 

 

Free Antivirus such as Panda Free and Avast Free make money from you by installing third party applications during install and also changing your default search engine and home page so they can monitor your browsing history and target adverts at you. AVG will also notify the user with deals to upgrade to professional version which waste's time.

 

Why to have a guest Wifi For Small Business

A sperate guest wifi network for your visitors and contractors can be massive benefit to the company and here are some great reasons:

1) Segregrates your guests from your main company network. This is one of the main reasons to perform this segregation which leads to an instant increase security and privacy of confidential company data. 

2) Limit and restrict access. If guests athenticate with the guest networking using a shared password or an individual user account , these can be changed without affecting your existing workforce's connection. Access can be limited to a specific timeline for example a week , day or month automatically.

3) Marketing. One of our event companies has used the offer of free wifi to guests as a marketing opportunity where guests are asked to like the company socially. User's signing up to the wifi service accept the terms and conditions for their details to be saved by the company which can then be used to market leads or services using newsletters.

4) Auditing. As you will be providing internet access to an individual through your connection you will liable for whatever they use this for. This Access can also be controlled in regards to what is allowed on the guest network , for example disabling streaming or Netflix as well as enforcing a Web Filter for safe browsing.

 

Spear Phishing what is it and how to protect yourself from it

As techtarget.com puts it : 

Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by perpetrators out for financial gain

How is this done

We have seen a few cases of this usually in the following order :

1) Attacker uses publically available resources e.g. Social Sites , company websites to get a name and email for a financial controller as well as the managing director of the company

2) Attacker uses a third party email server to fake [email protected] email and sends the below email to [email protected]. Attacker could also try emailing from [email protected] ( notice the ltd the end! ) 

Hey financecontrollername,
I'm in the middle of a meeting , not available on the cell phone , but need this actioned NOW please transfer $$$$$ to this bank account let me know when done
managingdirectorname

Attacker also tries to send emails to financecontrollername saying 'Hey are you there ?'

3) financecontrollername sends the money and emails managingdirectorname when done , only to find out managingdirectorname never asked for this transfer

How to protect yourself from this

1) Careful what information you have publically available such as emails as it can be used against you. Also be careful emailing people you don't know , the attacker copies your signature to validate the email as best as possible

2) Get your IT provider to use SPF Records along with DKIM records to either put all the emails from your organisation that are from unknown senders into SPAM , or mark the Subject as SPAM so the end user knows to be wary. This can be done with Spam Filters and Exchange

3) Financial Controllers should always speak to MD's when unsure of moving money around , better to be safe than sorry as they say!

If you have already been effected

Speak to your local Police by dialling 101, and report it.

Speak to your bank, there is a 24 hour window where bank transfers can be halted, speak to them as soon as possible

Office 365 local UK datacenters now available for complete UK Data residency

Data residency refers to the physical or geographic location of an organization's data or information. Similar to data sovereignty, data residency also refers to the legal or regulatory requirements imposed on data based on the country or region in which it resides.

This will now help address renewed concerns from UK business around data sovereignty and privacy, particularly in the wake of the European High Court's recent decision to scrap the Safe Harbour agreement

However with the fallout from Brexit it is still unclear what agreements the UK will keep from the EU in regards to these, and it pleasing to see, Microsoft (as well as Amazon) are stilling launching their UK Datacenters

Industries effect the most by Data residency

  • Finance 
  • Legal
  • Defense
  • Government 

Microsoft’s “How to request your data move” page is clear that for UK customers the request period begins on 1 December 2016 and ends on 28 February 2017, the actual migration of the data can take up to 2 years

Top 5 Free Security Recomendations for our new and existing customers!

Be careful where you enter your username and password

There is a well-known attack on the internet called Phishing where attackers email you an email which is EXACTLY like an email your bank would send you or paypal asking you to login to your account for various reasons such as Unclaimed Tax , A security problem or a problem. When you click on the link you sign in , but unknowingly to you , you it has just sent your username and password to the attacker.

Make sure when you click on an email you are actually going to www.gmail.com if logging into email and not www.g-mail.com. 

Use Open ID / OAuth where you can

Open ID is a methodology of using a third party to authenticate yourself with for another website. For Example recently as Dropbox got hacked and their User Database leaked you can now sign into Dropbox with your Google Account. The two other main accounts you usually find are authenticating with your Facebook / Twitter account. These are GIANT organisations who invest heavily in layered security to make sure their User Databases will never get breached, as well as monitoring your behaviour to detect suspicious logins from new countries and asking for extra verification.

This enables you, just having to worry about securing your facebook/google account with a long and secure password instead of multiple accounts and it also enables Startups like dropbox to outsource it's user's security.

Use a password manager which will allow you to have a different password for each website

Most web browsers will come with one of these for free ( which save your Username and Passwords ). This enables you to have a separate random password for each site so if one does get hacked , you don't have to worry about the attacker having the same password for all your other sites.

Enable Two Factor Authentication on accounts where you can

Nowadays a 13 Character password with Uppercase , Lowercase , Digits and Symbols is still not strong enough to be compromised. Passwords get stolen in a variety of methods so you need an extra layer which changes all the time. This is something called 2 Factor Authentication and its usually done on your mobile device, so when you login you are asked for a Key which can be generated from your phone or SMSed to you. 

Sign up to https://haveibeenpwned.com/

https://haveibeenpwned.com/

When you sign up to a third party website such as LinkedIn and Dropbox , you usually sign up with a username and password that is generic across your other logins such as your email and bank accounts ... right? This is usually due to one password being hard to remember. Unfortunately sometimes these sites get hacked and the attacker downloads the whole website and can get these details. They then use these details for example to login to Paypal and send themselves money!

Signing up to this site means as soon as one of these sites gets hacked and released to the public , you get alerted so you can change all your passwords

Be careful for Spear Phishing

We will be covering this in more detail in a specific post , however briefly, Spear Phising is an email that appears to be from an individual or business that you know. But it isn't. It's from the same criminal hackers who want your credit card and bank account numbers, passwords, and the financial information on your PC. There are numerous ways this can be blocked which we do for our existing customers , however when handing over information via email especially financial transfers always double check with phone calls!

What is a MSP ( Managed Service Provider ) and why does your business need one?

MSP (Managed Service Provider ) Brief definition : Is a company that provides your company with IT Services such as Network Administrator, Server Management, Desktop and  IT Support

Here are the main Services that Managed Service Providers in Surrey, such as Response IT Provide

IT Helpdesk

This is probably the most important one that you think of when you need IT. Which is the speedy resolution of a problem with your Phone , Computer , Printer or Email! We operate a layered team of technical people who await your problem and will stay with you until we fix it or find someone who can! We use tools such as an IT Ticketing System to log calls so we can monitor call volumes from companies analyse ongoing problems so we can fix them instead of them reoccurring as well as providing training where needed.

This part of the organization is also responsible for looking at ongoing problems users face and recommending new software and hardware for the organization like server and computer upgrades or a new piece of software to speed up users existing work. These recommendations turn into Projects and are managed through the same ticketing system.
 

RMM (Remote Monitoring and Management)

This is a service we provide which you don't get to speak to as much as the IT helpdesk, but it's very important to the continued running of your IT System. We have monitoring tools to check that your system is running fine with regards to servers being alive , internet connection staying up and not being heavily utilised and also everything is up-to-date. This enables us to fix problems before you even know about it!

We have a dedicated NOC (Network Operations Center) who are solely responsible for the task of remote management. This team also help us to automate tasks such as rolling out Security Updates and Software , performing a SAM Audit of your network to check Licensing compliance and check of backups which brings us onto the subject below!

Backup and Disaster

Another big one that happens behind the scenes and is very important with new threats we are seeing such as 

  •     User Error

  •     Natural Disasters

  •     Hardware Failures

  •     Cybercrime

  •     Insider Threats

We provide services which can give you multi-layers of backups which can protect you from any of the above and enable you to recover for accidental deletions , virus outbreaks which cannot be recovered from ( such as Cryptolocker ! ) as well a Disaster Recovery solution where in the worst case the core of your business still runs to avoid and loss of business

 

Why do you need one of these?

All the above main services are there to keep your IT Infrastructure running which enables you to keep running your business without interruption. Downtime of an IT System is an unexpected cost which gets overlooked but costs the company by :

  • Employees not being able to work ( Waste of salary / time cost )
  • Existing customers not being able to contact you to either create new business or continue existing
  • New Customers not being able to contact you and going to a competitor
  • Loss of Data - The re-doing of existing work or permanent loss of a customer

Going with an MSP gives you access to a broad range of skillsets with our unique experts which enables speedy resolutions of problems if/when they happen and a plan to mitigate these in the future

 

Major British Telecom Outage - October 2016

We are seeing and this has been confirmed, that there is a current outage with BT Broadband at the moment

http://downdetector.co.uk/problems/bt-british-telecom

You can find the BT Service Status page here : https://btbusiness.custhelp.com/app/service_status/

BT actually cannot be blamed for this fault however it does point to their system needing more resilience!

Openreach have confirmed a major cable break in this area caused by a contractor working on behalf of a third party, unconnected to Openreach or BT. Specialist equipment is due to arrive onsite at 04:00 on 22/10/2016 to begin full restoration of services

Customers with Draytek Routers can failover to their 4G Wireless Dongles until the problem is fixed. Please speak to us if you would like information on getting one of these setup at your company.

What brexit means for UK IT Hardware and Software Costs ?

Brexit has dropped the price of the GBP against the USD to a 31 year low. The United States  is where most hardware and software comes from so this has direct ramifications now on costs in the UK

Time Line 

Dell increases prices by 10% - 6th July

We carefully consider price moves for our customers and partners, and have worked diligently over the past several months to postpone any increases pending the outcome of the EU referendum.”
Our component costs are priced in US dollars and unfortunately, the recent strengthening of the US dollar versus sterling and other currencies in the EMEA region, following the UK’s decision to leave the European Union, will have a direct impact on the price we sell to our UK customers and partners.”

ASUS increase prices by 9% - 19th July

“Unfortunately we are unable to continue to sustain the losses caused by a weaker pound any further, and therefore have no choice to but increase the cost of goods to our partners in line with the value of the pound.”
“This will affect majority of goods shipping from our factory for delivery in Q4 2016. We anticipate this impacting end-customers with an increase on the SRP of around nine per cent on our devices from October onwards.”

HP Prices up by 10% - 1st Augusut

"In order to maintain a sustainable and consistent approach to our operation in the UK and Ireland, we have taken the decision to make some adjustments to our channel-supported and directly-contracted end-user pricing strategy.
"Effective from 1 August, we will be implementing an adjustment of circa 10% across HP's Personal Systems portfolio."

Apple increases prices between 11% and 15% - 7th September

"Apple suggests product prices internationally on the basis of several factors, including currency exchange rates, local import laws, business practices, taxes, and the cost of doing business. These factors vary from region to region and over time, such that international prices are not always comparable to US suggested retail prices.”

 

 

Microsoft increase prices up to 22% - 21st October

https://blogs.technet.microsoft.com/uktechnet/2016/10/21/important-volume-licensing-update/

Effective January 1, 2017, we will be increasing British pound pricing to harmonise prices for enterprise software

 

 

Our recommendation to our new and existing customers would be to make sure they take advantages of the prices before the increase and try and purchase equipment for any supplier who hasn't already increased their prices!

Contact us today here for a same day quote on Hardware and Software!

Failing to connect to your VPN using Virgin Media?

This is a common issue for users of Virgin Media SuperHubs

When setting up a VPN, you can run into quite a few problems like what authentication it needs, which password do you use. If you are using a Virgin Media SuperHub you have the added challenge that by default your speedy SuperHub will block outgoing VPN traffic meaning that with all the correct details it just doesn't work. To fix this, just follow the below steps:

  • Browse to your SuperHub's IP Address (e.g. 192.168.0.1) and log in
  • Select "Advanced Settings" and click "Yes" to confirm you want to view these
  • Select "Firewall" from the list 
  • Tick "IPSec Pass-Through", "PPTP Pass-Through" and "Multicast Pass-Through" at the bottom of the page
  • Click "Yes" to confirm settings change
  • Try to connect your VPN again.

This allows the traffic through for VPN authentication and should now allow your VPN to connect as normal.

 

 

Huge rise in hack attacks as cyber-criminals target small businesses

Cybercrime attacks ALL. It is down to user knowledge to avoid the potholes of dangerous emails, and websites that sometimes appear too good to be true! Downloads, attachments and erroneous surfing all can prove fateful, as in this Case Study, from The Guardian, reports.

Response IT have dealt with over a dozen client instances of cybercrime, and its on the rise. The more data you can move to the cloud, the safer you will be. The alternative being if you have a local server, make sure it is backed up regularly - like nightly! Don't get caught out, as this type of malware will encrypt all your network shared data, quicker than you can detect it!

Please take the time to read this article...written in February this year but still current today.

Article: http://tinyurl.com/hxufszf

 

Could you be sending your firm's cash to fraudsters?

Unfortunately we have seen some of our clients caught out by this scam. A simple email, costing the organisation £1000s, all done in a keystroke.

Please do take a look at this article and instruct your staff to always speak to an email sender, personally, to authenticate the request before making this mistake.

Article: http://tinyurl.com/hltt8jx