Disasters are an unfortunate part of doing business in a technology-heavy workplace environment. You need to expect the worst, but it?s often difficult to predict what types of disasters your organization will have to endure. There are a few universal disasters that you?ll encounter, regardless of where in the world your business operates. Here are four of the most common ways that your business could lose data, and how disaster recovery thwarts them at every turn. Natural DisastersAll you have to do is watch the local weather channel to get a glimpse of just how unpredictable and apocalyptic natural disasters can be. One minute the sun could be shining, and the next your business could be assaulted by roaring torrents and flash flood warnings. Or, the earth would quake under your feet and you?d never know until it?s too late to do something about it. An even more common occurrence would be an electrical storm or a power outage, which could threaten to bring down your technology or fry its circuitry. The point is that it?s next to impossible to predict what effect a natural disaster could have on your business, but the fact remains that it?s most certainly nothing good. Hardware FailuresAnother common problem for businesses that rely on technology is the hardware failure. If you have resource-intensive servers that are responsible for the brunt of your network operations, you might already be intimately familiar with the devastating effects of a hardware failure. No technology can last forever, so when an untimely hardware failure claims the lives of your server units or workstations, you?ll need to be prepared. User ErrorIn much the same way as hardware failure, user error needs to be expected and planned for. You can?t realistically expect your users to never make mistakes. It?s part of human nature. People might accidentally misplace files or hand over credentials to threatening entities. Regardless of how they do so, user error is one of the primary reasons for data losses and data breaches, so it?s crucial that you prepare for this by educating your team on best practices, and implementing data backup. Hacking AttacksYou might not expect to become the victim of a hacking attack, but no matter how large your business is, you need to consider yourself a target. As long as you deal with sensitive credentials like credit card numbers, Social Security numbers, and other financial or personally identifiable information, you have something of value to hackers. When a hacker attacks, they can either steal or delete your data, so it?s best to have a backup stored in the event of something like this. Regardless of how your data is lost, you?ll need a way to recover it. The best way for a SMB is to reach out to Info Advantage. We can equip your business with the dynamic BDR solution you need to keep your organization afloat, even when you think that your business will sink. Our BDR solution features only the best and brightest features for your data infrastructure, including fast and efficient recovery times, multiple backups taken per day, and off-site, cloud-based storage. With BDR, you?ll know that your data is safely stored, just in case you need it. To learn more, reach out to us at (585) 254-8710.
These days the media is constantly reporting on new vulnerabilities and cyber attacks that devastate business. With the influx of cyber criminals with access to debilitating software, business owners are forced to take evasive security actions in order to protect their sensitive data. While a complete and comprehensive security system is ideal, it can often take time to create a fully secured system for your business. Luckily, there are a few non-technical steps any user can take to make sure their information can?t get into the wrong hands. Cover Up the Webcam Despite how it sounds, it might not be too crazy to think that someone can spy on you through your computer?s webcam. In fact, there have been actual reports of this happening on several different occasions. Hackers are able to take control of a user?s webcam, often as a way to gain access to personal information, check for signs of a location, and even spy on personal interactions. Luckily, all it takes to stop a hacker is to cover up the webcam when it is not in use. It can be as easy as covering it up with a piece of thick tape, though you can find cheap and effective webcam covers at technology or hardware stores. Use a Privacy Shield There are many professionals who work on-the-go, meaning they?ll have to find a way to take their work with them anywhere. However, using mobile devices while out in public leaves you vulnerable to prying eyes. If you have to work on sensitive data in public, it may be beneficial to invest in a privacy shield. These are similar to a screen protector, but with an added security feature. Privacy shields will limit the angle of viewable screen, making it so only the user can see the information. Privacy filters are recommended on work devices, but can also be used on personal devices to shield sensitive data. Switch to a Physical Authentication These days, many companies are advocating for a two-step authentication when logging into an account. However, there are still ways that hackers can get around these heightened security measures. For example, many two-step authentications use mobile phones to text specialized codes that will unlock an account. If a hacker had access to a user?s mobile phone, either physically or by hijacking it, they can easily get through to the user?s account. To combat this, users can get an authentication key, such as a USB or Bluetooth. These are physical keys that allow only the user to access the accounts. For more information on how to secure your information contact Info Advantage at (585) 254-8710 today.
Last week, Cisco released a high-importance alert for their customers who use its Adaptive Security Appliance (ASA) software urging them to patch a critical-level bug that could be easily exploited. This vulnerability affects the VPN feature of the software, and exploiting it could allow a hacker to force a reload of the system, or even remotely take control. ?An attacker could exploit this vulnerability by sending a crafted XML packet to a vulnerable interface on an affected system,? Cisco explains in their warning. ?An exploit could allow the attacker to execute arbitrary code and obtain full control of the system, cause a reload of the affected device or stop processing of incoming VPN authentication requests.? If left unpatched, any devices configured with Cisco?s WebVPN software, including security applications and firewalls, could be easily bypassed by a malicious party. Due to the severity of the vulnerability Cisco has given the issue a Common Vulnerability Scoring System a Critical rating of 10 out of 10. The following are the vulnerable products identified by Cisco: 3000 Series Industrial Security Appliance (ISA) ASA 5500 Series Adaptive Security Appliances ASA 5500-X Series Next-Generation Firewalls ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers ASA 1000V Cloud Firewall Adaptive Security Virtual Appliance (ASAv) Firepower 2100 Series Security Appliance Firepower 4110 Security Appliance Firepower 4120 Security Appliance Firepower 4140 Security Appliance Firepower 4150 Security Appliance Firepower 9300 ASA Security Module Firepower Threat Defense Software (FTD) FTD Virtual Cisco notes that only those ASA devices that have the WebVPN feature enabled are vulnerable, but encourage all their users to patch their systems as soon as possible. As of now, Cisco says they are not aware of any attacks that have taken advantage of this vulnerability. Cedric Halbronn from the NCC group explained how he was able to exploit the flaw at last weekend?s Recon Brussels conference. He detailed their use of a fuzzer, a software testing technique that injects random, invalid data into a program to see how it withstands it. The fuzzer allowed Halbronn and his team to discover and exploit the bug. An initial patch was released at the same time as Cisco?s initial announcement of the vulnerability. A second, more complete version was released on February 5th. ?After further investigation, Cisco has identified additional attack vectors and features that are affected by this vulnerability. In addition, it was also found that the original fix was incomplete so new fixed code versions are now available.? To make sure all of your Cisco software are up-to-date, contact the Cisco Technical Assistance Center or call Info Advantage at (585) 254-8710 to talk to a specialist.
You?ve heard it said that it?s a best security practice to routinely change your passwords. The idea here is that, if a password were stolen, then it would lose its value when the user goes to change it. While this sounds like solid logic, new research shows that it may actually be better NOT to change your passwords. This may be a hard pill to swallow for IT administrators who have always required users to change their passwords every few months or so. However, seeing as this practice could make accounts less secure, it?s worth considering. The idea behind this theory is that, whenever a user goes to change their password, they?re often rushed or annoyed and end up creating a new password that?s less secure. The Washington Post puts it like this: ?Forcing people to keep changing their passwords can result in workers coming up with, well, bad passwords.? Think about it, how often have you changed your password, only to change it from a complex password to one that?s easier to remember? Or, have you ever kept the same password and just added a number at the end of your new password? This covert move will do little to deter a hacker. Carnegie Mellon University researched this topic and found that users who felt annoyed by having to change their password created new passwords that were 46 percent less secure. Plus, let?s consider the hypothetical situation of a hacker actually stealing your password. Truth be told, once they?ve gotten a hold of your login credentials, they?ll try to exploit the password as soon as they can. If they?re successful, they?ll pose as you and change the account?s password, thus locking you out of it. In an all-too-common situation like this, the fact that you?re scheduled to change your password at the end of the month won?t change anything. Additionally, ZDNet points out yet another way that regularly changing passwords can make matters worse: ?Regularly changed passwords are more likely to be written down or forgotten.? Basically, having a password written down on a scrap piece of paper is a bad security move because it adds another way for the credentials to be lost or stolen. Whether you do or don?t ask employees to change their passwords is your prerogative. However, moving forward it would be in everybody?s best interest to focus on additional ways to secure your network, instead of relying solely on passwords. This can be done by implementing multi-factor authentication, which can include SMS messaging, phone calls, emails, and even biometrics with passwords. With additional security measures like these in place, it won?t matter much if a hacker stole your password because they would need additional forms of identification to make it work. To maximize your company?s network security efforts, contact Info Advantage at (585) 254-8710.
It?s every business owner?s worst nightmare: one mistake, and all of their data is wiped out. This very situation happened recently to a hosting provider, and his story serves as a cautionary tale in regard to data storage best practices. Hosting provider Marco Marsala was brought under fire after he posted on a server forum seeking advice for dealing with a catastrophic error he made while trying to erase a few files. Stating that he had utilized the ?rm -rf? command with undefined variables, he had inadvertently destroyed all data on the computer. What?s worse, his backups were mounted to the computers and were wiped as well. This is actually a similar blunder that Pixar experienced, almost deleting Toy Story 2 prior to its release. As a result, everything Marsala had for his company was destroyed (including the websites he had created and hosted for his 1,535 customers) with no backups surviving to restore from. Needless to say, the responses from other users on the forum were decidedly negative – a few dismissed the possibility of his company surviving the error, and others questioned his abilities as a programmer. One poster recommended Marsala seek legal counsel rather than technical advice, as he predicted that Marsala was ?going out of business.? There was a consensus on the feed that the best chance for any data recovery was to recruit the help of a data recovery firm. Fortunately for Marsala, such a data recovery company was able to recover his files and his biggest hit was financial–both from the recovery company?s fees and from the reduced income due to the loss of business he suffered. By neglecting to follow best practices in regard to backups, Marsala essentially invited this disaster to strike. Following basic best practices would have mitigated much, if not all, of Marsala?s problem. What happened to his data is exactly the reason that all data backups should be kept offline, isolated from the original file on a separate system. Without such measures in place your data is subject to not only human error, as was the case here, but also other dangers. Fire, electrical surges, accidental equipment damage, theft, all of these events have the potential to jeopardize data that?s critical to your business. Are your data backups as secure as they should be? Do you even have a backup and disaster recovery solution put into place? Be certain by calling Info Advantage at (585) 254-8710. Our experts can advise you on what your business needs to survive the worst disasters, and assure that you and your clients? information are prepared for anything.