Blog

If you aren’t storing your business data in the cloud, you’re risking physical damage that may not be recoverable. Learn how to quickly overcome these vulnerabilities in the Cloud.  

There was a time when backing up business data included checking the date stamp on a physical tape drive, making a copy, laboriously labeling it, and storing it in a drawer. Well, things have definitely changed for business data storage solutions – And for the better!

Today’s backup options still include on-premise storage but have expanded to provide cloud-based options as well as hybrid alternatives.  They support the need for immediate and full backups with lighter connectivity requirements.

Here are some answers to questions we often receive. They should help you decide which storage option is right for your business.  

Why Are There Risks with Traditional Backups?

There’s a strong likelihood that your current backup solution has been working well for years—So, you may ask, “Why switch?” Until now, you’ve probably been fortunate enough to avoid a physical or cyberattack—But continuing to use less-secure options like jump drives or tape backups simply isn’t sustainable for the long term.

Perfect examples are the recent hurricanes and wildfires ravaging through the country. If your office was in one of those areas, and you relied purely on physical media storage, you would have lost all your data.

The same goes for theft—Hacking of your systems, or someone breaking into your office and physically stealing your backups means your data is gone forever. While this is less likely, a disgruntled employee could do a great deal of damage by doing this.

While automated backup options such as Apple’s Time Machine or other scheduled backups are better, these alternatives are quickly showing their age. They are still vulnerable to physical attacks, and susceptible to cyber attacks as well. The configuration could be either external hard drives attached to each computer and server or an advanced local network setup that stores all backups in a central location.

How About DIY Data Storage?

Proponents can counter the argument that hard drive backups aren’t susceptible to fire, flood, and theft if you take them offsite to a secure location (such as a storage facility, your home or other business location). While this may mitigate some risk, it certainly doesn’t provide the same level of security as a managed security and backup solution. The sheer amount of physical data storage required could get expensive—And restore from a backup can be incredibly challenging, especially if you need data quickly.

What is Cloud-Based Document Storage?

There are different types of cloud-based storage: general document storage and dedicated cloud storage. General document storage includes options such as Dropbox, Box, Microsoft’s OneDrive, Google Drive and more. These services are excellent for providing collaboration capabilities and the ability to retrieve documents regardless of your physical location. However, when you’re dealing with vast quantities of data far beyond standard document and individual file storage, a more robust option is required.  For instance, these general cloud storage alternatives work well even for large files such as photos and videos, but they’re not ideal for highly secure data such as personal information or anything covered by HIPAA regulations.

Are Managed Cloud Services Appropriate for My Business?

This is one of the most professional and reliable options available to businesses of any size. Managed cloud services provide you with peace of mind — Why? Because security professionals will continuously monitor your data for incursions and inconsistencies.  This, plus the convenience of quick file restoration and secure physical storage, makes it a good choice. Dedicated cloud storage often includes a facility that’s staffed 24/7/365, and boasts the latest in state-of-the-art security systems—much more security than any business could afford.

My Business is Seasonal.  What’s the Best Choice for Me?

When you outsource your data storage, you can quickly and easily scale up or down based on your needs. Instead of having to purchase, install and harden a new server to grow your storage capacity, cloud systems scale automatically, or with only a phone call from you. The same is true when usage drops as well and is easily handled by your storage provider. Since you only pay for the storage that you need, many businesses find that this is a cost-effective option that has all the benefits and few, if any, negatives.

What’s Active Monitoring?

If someone hacked into your network or released malware into your systems, how long would it take you to notice? Chances are you wouldn’t see it right away, which is another reason to work with a trusted managed cloud services provider who will actively monitor your network. Active monitoring of your account means proactive patching of any security vulnerabilities, plus quick action once the danger is identified.

Want to learn more about which backup and data-storage solutions are right for your business in Omaha? Contact InfiNet Solutions at (402) 895--5777 or [email protected] to speak with one of our IT security professionals.  We’ll listen to, and understand your needs before suggesting any solutions.

The Equifax breach was bad enough. Read about the most common Equifax-related scams to keep from being a victimized twice.

Over 143 million US residents have a reason to worry about the fallout of this year’s Equifax hack. As we all try to sort out how this massive breach has affected us, there are new dangers on the horizon. Consumers from all over the country are reporting an increasing number of Equifax-related scams that attempt to take advantage of the hacker’s victims.

I strongly suggest that our clients take the necessary steps to minimize exposure to this breach. Whether you sign up for aggressive credit monitoring or freezing credit reports, it’s important to take action to keep a bad situation from getting worse by recognizing Equifax scams.

Common Equifax Scams to Avoid

Fake Help Scam

Don’t trust anyone who contacts you out-of-the-blue offering to protect you from the Equifax breach. Many consumers report getting phone calls from people pretending to work for Equifax. Once the scammers convince the target that they’re from Equifax, they explain Equifax is helping vulnerable individuals sign up for credit monitoring. But before the target can sign up, he needs to verify personal information.

This scam has a high potential to trick many people, specifically because Equifax publicly promised to provide free credit monitoring for all US residents. A similar scam involves conmen posing as employees of another credit monitoring service.

If you receive a call like this, hang up instantly. Equifax won’t contact customers by phone. While Equifax did promise to provide credit monitoring, you need to sign up yourself.

Don’t let a scammer trick you into giving up your sensitive information. And just because your Caller ID says the phone call is coming from Equifax or another well-known company, it doesn’t mean you can believe it. Spammers can spoof your Caller ID to confuse you. Remember, you can check for yourself on the Equifax’s website to determine if you’re at risk because of the hack. If you are, you can sign up for their free credit monitoring for a limited time.

Tax Refund Fraud

Most people don’t realize that an identity thief can file a false tax return using their stolen information. After all, the IRS is part of the government—Don’t they keep records to prevent this thing from happening? While the IRS does maintain records on US taxpayers, they don’t scrutinize every tax return before sending out a refund check.  By the time you realize someone stole your identity, the thieves are long gone. Now you’re faced with the difficult task of explaining what happened to the IRS.

With the popularity of eFiling, the IRS saw an increase in the number of identity crimes relating to tax returns.  The good news is that this number has declined during the last few years. In 2015, there were over 700,000 reported cases of people filing tax returns using stolen identities—But in 2016, the number fell to 377,000.  This was due to tougher security checks, and people working with tax preparers to minimize fraud. However, tax experts expect an increase in the number of fraudulent tax returns this year due to the enormous amount of personal information hacks stole in the Equifax breach.

One of the best ways to protect yourself from being a victim of a tax return scam is to file your taxes as soon as possible. Once the IRS receives your tax return for the year, any subsequent tax returns it receives won’t be processed.

Spear-phishing Scams

A phishing scam is an attempt by a fraudster to persuade you to reveal useful information. I am sure there isn’t a week that goes by when you haven’t opened your inbox and discovered at least one phishing scam. These types of emails are usually easy to spot and don’t cost people much more than a momentary delay while they delete them. However, there’s a deadlier version of a phishing scam circulating—It’s called spear phishing.

A spear-phishing scam is similar to a regular phishing scam, but it’s a lot more sophisticated. These scams are extremely dangerous because the scammer customizes the email for each victim. Instead of using generic information, like in a regular phishing email, a spear-phishing email includes real information, the same type hackers stole during the Equifax breach.  In this way, they convince a victim that the email is legitimate. Spear-phishing emails can include your name, the names of your friends or coworkers, your place of employment, or even your current purchases or available credit.

Since spear-phishing scams are difficult to recognize, I tell my clients to never click links from inside an email.  Always type the name of the website in a browser to verify that it’s trustworthy. And, be especially careful when dealing with emails that ask for private information. The best way to remain safe is to never send sensitive information via email. Instead, contact the sender of the email by telephone to make sure the correct person really requested the information from you.

The Equifax hack should serve as a wake-up call for many business owners.  Take a second look at the way your business handles data. Make sure your company has a properly designed data security plan, and that your staff knows how to reduce the risk of data loss by conducting frequent training throughout the year. Feel free to contact me to find out if your data is secure.

New Ransomware Threat Hitting US Businesses

On September 19^th, Barracuda announced that they have been tracking an “aggressive” new ransomware threat. The ransomware attack appears to have originated largely in Vietnam, although other sources have been traced back to India, Columbia, Turkey, and Greece.

This latest attack, following right on the heels of WannaCry and Petya, has been identified by Barracuda researchers as a Locky variant with a single identifier. The significance of the single identifier is worth noting: since there are no unique identifiers for each victim, it’s impossible for the attackers to determine who has paid a ransom and who hasn’t. This indicates that the criminals have no intention of sending decryption keys to the victims who pay the ransom.

This threat should not be ignored. Barracuda monitored over 20 million attempted attacks within the first 24 hours of identifying the threat, and that number has been growing steadily since.

We’ve already seen a few businesses in Omaha affected by this attack, so we wanted to remind everyone of the importance of a reliable, robust data backup system.

Here’s what you need to know:

These ransomware attacks are mainly coming through via email.

Current reports show that these attacks are coming in the form of spoof emails, usually branded with “Herbalife” logos or disguised as a “copier” file delivery. Though cybersecurity experts are working to stop this attack, the attackers are using randomly-generated payload files to stay ahead of anti-virus updates.

• The latest variants include:
  Email with ‘Emailing – .’ as the subject line. One example is: ‘Emailing — 10008009158.’
• Email with a paragraph with legal wording to make the email seem legitimate.
• Email with “payment is attached” in the subject line to entice people to click on it.

While some businesses are losing days of productivity due to encrypted workstations and servers, our clients who have chosen to protect their data and infrastructure with a reliable backup and business continuity solution are experiencing ZERO downtime. A proper business continuity strategy makes all the difference in these situations, and Datto has proven an essential part of such a strategy.

These unfortunate attacks are becoming more frequent and more difficult to contain. If your business hasn’t already been targeted, we urge you to consider the value of your data and the importance of your network’s integrity. Can you afford to lose days or weeks to a ransomware attack?

You don’t have to.

If you have any questions about this latest ransomware attack or would like to know more about business continuity solutions, InfiNet Solutions offers complete business continuity and cybersecurity experts at (402) 895--5777 or [email protected].

Cybersecurity is a key topic for our healthcare tech professionals, especially as the cost of data breaches continues to rise. As I tell all of my clients, only a layered approach to security will provide a framework for complete protection.  

Did you know that millions of records of data are impacted by data breaches every year? — And few industries are impacted as much as healthcare.

The sheer volume of personally identifiable healthcare information makes healthcare organizations like yours a prime target for cybercriminals—Especially since the going price for these details is $50 per record!

HHS has identified more than 200 data breaches so far in 2017, with each representing the PHI of a minimum of 500 individuals. Every breach requires notification of the individuals affected. The costs of remediation are taxing the resources of overworked healthcare professionals throughout the country.

Is Your Data Vulnerable?

As you know, your caregivers need access to patient data to do their jobs.  However, even the most rigorously-trained may forget and leave their computer unmanned for a few moments, potentially exposing PHI to dishonest individuals.

Your nurses, doctors, and administrators need quick access to the most detailed and personal information in order to provide the highest possible quality of care—And if this access is provided on an unsecured workstation or on personal devices such as mobile phones or tablets, the information can easily be laid bare for all to see.  The result?  You’ll pay the price.

Digital Records and Devices Are Essential But Pose a Risk to Your Organization.

EMRs and EHRs provide portability to an individual’s healthcare that your doctors and providers can track information over time.  They’ve proven to be much more efficient than using the traditional paper records of the past.

A person’s EHR contains a great many details that can easily be passed between different medical practices, hospitals or other healthcare providers—And, as helpful as this is, information can be lost or exposed if connections lack the proper security.

Lost laptops and mobile phones are also a critical concern as someone could quickly grab a device that’s been left out for only a moment. If you allow your staff to BYOD (Bring Your Own Device) you face an additional hurdle as individual phones or tablets accessing your intranet or medical records may be easier to hack than computer devices in your facility.

A Data Breach It Can Have a Far-Reaching Impact on Your Patients.

If you experience a data breach and immediately notify those affected, they can usually protect their personal accounts. However, if the notification isn’t received or acted upon, they may find themselves spending weeks, months and even years trying to untangle the web of fraudulent credit accounts and charges.

Identity theft causes an average of $2,500 in out-of-pocket costs to each person whose data has been misappropriated—a staggering sum that most American families would find difficult to recover from. This is especially distressing as fewer than one-third of the individuals a healthcare organization attempts to notify, receives the intended notification.

A Data Breach = Lost Business and Legal Fees

Studies show that more than 90 percent of individuals whose data is exposed due to a data breach move to a different healthcare provider—while others file lawsuits, change insurance providers and take actions against the organization that was the target of the cyberattack.

Unfortunately, consumers don’t typically report the data breach to the organization where the breach occurred—which can make it even more problematic for smaller healthcare providers to determine the cause of the breach, or even discover that an attack has happened.

Healthcare providers are trusted with a great deal of information. This can cause a strong negative reaction from those they serve when they find that the details of their personal health and life have been obtained by cybercriminals. The best way to maintain positive relations with your patients is by implementing stringent security protocols to ensure data integrity and preservation.

So, What’s the Lesson Learned?

Attacks will continue to grow in sophistication as your information systems grow in complexity, resulting in a perfect nexus of data that are ripe for attack. To avoid paying the price of a data breach, you must implement a sound basis for your IT operations that only a layered approach to security can provide. Contact us and we’ll be happy to explain what this is.

InfiNet Solutions
(402) 895--5777
[email protected]