How Simple IT Fixes, Could Save Your Business Millions

Opportunity makes the cybercriminal – and online travel giant Orbitz disclosed Monday, March 18th, that hackers gained access to one of its “older platforms.” Upon gaining access, the hackers now have such data as credit card numbers, street addresses, legal names, and more. While not to the scale of an Equifax or Yahoo! breach, many can rest-assured knowing the site DID NOT contain any social security information. Although offering free credit monitoring, through AllClear ID to more than 880,000 people, a total cost of $13,156,000. Orbitz is an example of how simple fixes could have prevented a $13-million-dollar mistake.

HOW COULD WE HAVE BEEN HACKED?

Phishing emails have become commonplace amongst criminals, many times, you see exploits being sold on the dark web to other hacker’s and cybercriminals, to hurt your brand’s reputation. Although indirect, your business can suffer from these effects, like that of Orbitz. Having to fix this fatal error, Orbitz has offered those affected, a years-worth of free credit monitoring. What makes this case unique, is preventative maintenance could have saved all parties involved, at minimal cost.

Three Tier Approach:

When preventing Ransomware, and doing general cybersecurity you should focus on three major components.

1. Education – You must train staff members on the trials and tribulations to these threats. As many have reported, since last-year these styles of attacks have grown 500% since 2017. As everything becomes more connected, it will become vital to train your staff on spotting phishing emails, like that used in the Orbitz hack.

2. Backups & Storage – Once inside, criminals gain access, to all saved payment data. Best practice tells us, that old data should ALWAYS be encrypted and archived for safe keeping. From a technical standpoint, you should always check with local regulations on how to handle your industries, online payment information. Although hackers and ransomware exploits can encrypt your backups, most attacks don’t bother looking through achieved data, as the process becomes far too time-consuming.

3. Email & Web Filtering – You must gain control over inbound messaging. The largest attack vectors for ALL breaches and ransomware is email phishing. Filtering provides you the ability to filter incoming messages from high-volume attack countries like Korea, Serbia, Vietnam. Don’t allow outside attachments from cybercriminals into your network. Email and web filtering will provide you the ability to better control inbound messaging.

Assuming you have a backup appliance, built a retention policy, and educating your employees, are the BARE MINIMUM you need for starting a company culture of security. Instead of purchasing 880,000 people a years’ worth of credit monitoring, focus on the preventative measures in your organization.

Don’t know where to start?

Our staff is well-versed in the threat landscape and would be happy to assist your organization in building a better stance on security, and ward-off cybercriminals looking to hurt your business. Clare Computer Solutions has been serving the SF Bay Area’s IT needs for over 30 years. Contact us today to get started.

The Benefits of Using Assessments like Azure HealthCheck

Assess physical and virtual infrastructure, provide in-depth reporting, make informed decisions on costs, and plan smooth cloud migrations. Expand your efficiency and effectiveness around the fastest-growing cloud platform, Microsoft Azure. It can be hard to know where to begin the conversation— especially if your organization doesn’t have deep experience in infrastructure.

Thorough Reporting

Our pre-migration assessment, also known as “Azure HealthCheck,” provides the data needed, to illustrate the true ROI of the cloud, building a migration plan with the corresponding workloads, and consumption. Explore the immediate advantages of Azure with consumption-based models, flat-rate billing, and regional data centers, allowing businesses a better cloud experience than ever before.

Collecting workload and usage data over the course of 14 days, to identify trends and patterns that allow for the accurate sizing of your network including, drives, computing power, processing speeds, and storage. Identifying virtual and physical server dependencies, workloads, architecture and shadow IT.

Detailed Cost-Analysis

Tracking maximum, minimum, and average workloads to accurately project the total cost of ownership in the cloud. Adjust data center regions, and capacity planning tools to make sure, your business-line applications have everything it needs before taking off to the cloud.

Planning Tools

Optimize configurations based on performance needs, NOT matching them to existing hardware, to show best and worst-case scenarios. Explore multiple configuration mappings for migration strategy plans, choosing optimal migration settings and firewall rules to prepare for a smooth transition.

How It Works

Step #1: Scan
We deploy BitTitan agents for Azure in the provided environment, scanning and collecting detailed information about each physical and virtual machine, and any additional nodes on your network.

Step #2: Report 
See live costs for moving to Azure by measuring Infrastructure-as-a-Service(IaaS) or active workloads. Providing businesses with access to detailed reports about individual nodes, processing time, memory/app usage, disk mapping, network usage, ingress/egress speeds and active ports.

Step #3: Plan
Find dependencies between nodes and applications, learning the cloud readiness of each node, optimal migration settings, and network recommendations -planning your move to the cloud has never been easier.

 

Get started with our Azure HealthCheck Assessment for on-premise and virtualized networks

Learn more at www.clarecomputer.com/azure-healthcheck

 

What Does a Messy Desk and IT Security Flaws Have in Common?

Click Here to See a Larger Version of the Image

Many businesses today don’t enforce digital, let alone, physical information security. As their Managed Service Provider (MSP), our job is to educate clients on the industry’s best practices.It’s time to put your knowledge to the test, can you find the six security flaws hidden in this picture?

What Does a Messy Desk and IT Security Flaws Have in Common?

This question might sound like the set-up of a bad joke, but these are real scenarios our engineering staff encounter every day, including repairing the damage done when cybercriminals are entering your network. Employees with cluttered desks tend to leave USB drives and cell phones out in the open, forgetting to physically secure these, along with vacant desktops, or laptops.

1. No Password Protection

From the start, we can see that this computer and monitor were left without any password protection, or logging out. Anyone passing by can easily gain access to the information your system possesses, making it critical to lock down security flaws in computers, including minimizing email clients.

2. Usernames and Passwords Left Out in the Open

Usernames and passwords should NEVER be written down on post-it notes and visible to all, this includes viewable from outside your windows!  If a non-employee were to see this information, they could easily use it to log into the corporate network or gain access to the company’s confidential information. In today’s digital age, security flaws like this can make or break a company’s reputation.

3. Un-Stowed Documents

Notes and documents should be filed away from the view of prying eyes. These documents might not contain YOUR private information, but rather company secrets, updates or ideas. File or organize your documents, regardless of digital or physical copies to keep them away from prying eyes.

4. Keys to the Castle

Often, those tiny keys that you find at the bottom of your desk, aren’t to the supply closet! Keep your cabinet, desk, drawer, or bookshelf, locked with the key on your keyring. Without it being somewhere secure, it becomes extremely easy for anyone to steal, or view confidential files.

5. Where’s My Wallet?

For most employees, mistake #5 is the most common. Likely to impact the employee, is leaving wallets, or worse, credit cards out on the desk, many executives do this, all the time. More commonly with wallets, corporate credit cards and security badges give intruders access to the office or company finances.

6. USB Sticks, Cell Phones, Tablets

Last but certainly not least, is setting important personal devices out in the open. Dangerous, because these items can be easily picked up without being caught in the act. Typically, these mobile devices such as cell phones, tablets, USB drives, all contain some level of sensitive business or personal information. Mobile security has grown at an alarming rate, with many business owners, neglecting a to adopt Bring Your Own Device (BYOD) environments. In some cases where businesses don’t offer BYOD, employees often log onto business networks on their own. Swiping a mobile device from the desk could allow access to sensitive information from such companies as Microsoft, Google, AT&T, Verizon, etc.

Conclusion

While some of these may seem like obvious and redundant fixes, it’s critical for employees to understand where company/personal data can be stolen. Maybe it’s just an office-visitor, who glances over and sees confidential information out in the open. Regardless, someone to conduct cybersecurity training as well as physical security training to educate employees on the security best practices for your industry.