Why Cybersecurity Matters to Your Business

As a business owner, our tendency is to focus on what crisis we’re going to resolve today. What fire we’re going to put out first. Business coaches will tell you the importance of planning, forecasting and trying to predict the future. But, many days, reality hits you smack in the face before you even walk in the door.

All that said, there are some potential future problems that are easier to plan for and prepare for than others. One of the biggest risks facing business owners today is cybersecurity. You may think that because you’re a small to medium-sized business that this is not a huge risk factor for you. But, there are often other consequences to consider. A security breach not only affects your stolen data, but it also affects your staff’s productivity, impacts your reputation and you can potentially even be facing fines due to non-compliance issues.

But, as you read on, you will learn that hackers don’t always target just the big guys.

Malware and Ransomware

Malware continues to grow at an alarming rate, with hacking techniques becoming more sophisticated and inventive every day. Most of us have a vision of hackers sitting in a dark, little room in the back of an abandoned warehouse. While small malicious attackers certainly do exist, in some cases, state-of-the-art, network-based, automated ransomware and malware have totally removed actual humans from running malware campaigns. Not only is malware technology becoming more sophisticated—it’s becoming more sophisticated in evading detection. The technology and methodology for encryption are outpacing the technology to prevent malware. These attackers are also using legitimate technology like cloud services and internet services, such as Google and Dropbox to launch malicious attacks that are practically impossible to detect until it’s too late.

  • Avast Threat Labs reports that some Android smartphones have malware or adware already built in
  • Lenovo was preloading adware Superfish on its laptops
  • Kaspersky Lab Solutions blocked nearly 800 million malware attacks
  • Web Anti-Virus detected almost 283 million unique URLs identified as malicious
  • Our File Anti-Virus identified over 187 million unique malicious unwanted objects

 

How Do Data Breaches Occur?

A data breach occurs whenever information is taken or stolen from a system without the knowledge or permission of the owner of that system. As technology advances, hackers are finding more gateways into all systems, from individual users to small businesses to mega-corporations.

Many business owners may become somewhat complacent. You may ask, why would a hacker bother with us? We’re not a huge mega-corporation like Facebook or Marriot. We only have data related to our business—we don’t have client information. The true motivation with hackers is, sometimes it’s not the actual data that’s important to them—it’s what they can do with that data.

With the use of Artificial Intelligence (AI), even though you may not think your information is important, hackers can use your seemingly innocent data for nefarious purposes. Often used with data mined from other sources hackers can, for example, “guess” social security numbers, passwords to bank accounts or other financial institutions. And sometimes it’s as simple as they will hold your data for ransom, demanding money to restore your data.

Clear back in 2009, researchers from Carnegie Mellon predicted:

“Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs.”

There are also concerns that by using this stolen data, AI will be able to mimic human speech patterns, preferences and behaviors to create more realistic-seeming phishing scams.

 

How Do Data Breaches Affect Consumers?

Stolen data is used mainly in targeted email phishing scams and identity theft.

  • According to 2017 statistics, there are over 130 large-scale, targeted breaches in the U.S. per year, and that number is growing by 27 percent per year. (from Accenture)
  • There are around 24,000 malicious mobile apps blocked every day. (from Symantec)
  • 100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion. (from Malware Tech Blog)
  • In 2017, spear-phishing emails were the most widely used infection vector, employed by 71 percent of those groups that staged cyber-attacks. (from Symantec)

Some of the Biggest Breaches

  • Facebook
    • Hundreds of millions of unencrypted passwords were visible to Facebook employees. Facebook claims that there is no evidence that this data was used for malicious purposes
    • 30 million user’s personal information was exposed in a computer network attack in 2018
    • Of that 30 million, 14 million users had their names, contact information exposed. But more importantly, sensitive information including gender, recent location check-ins and relationship status was also compromised
    • An additional 15 million had their names and contact information exposed
    • Another 1 million had their access tokens (used by users to log into their accounts without using their password) revealed
    • This attack took advantage of a weakness in a series of bugs in a Facebook feature
    • A British Analytics firm was able to access data from 87 million users without their permission in 2014
    • Facebook removed 559 pages and 251 accounts that they claim broke their spam rules in late 2018
  • Marriot / Starwood Guest
    • At least 500 million guests affected by a security breach found in 2018
    • Unauthorized breaches were discovered as far back as 2014
    • For nearly 327 million guests the breach included a combination of name, phone number, email address, mailing address, date of birth, gender, Starwood Preferred Guest account information, arrival and departure dates, reservation dates and communication preferences
  • Under Armour
    • Under Armour purchased MyFitnessPal in 2015 for $475 billion
    • Data of 150 million users of the MyFitnesPal diet and fitness app were compromised
    • The breach included users’ names, passwords and email addresses
  • Yahoo
    • 3 billion accounts were hacked in the course of 3 breaches from 2013 to 2016
    • Although Yahoo knew of the earlier breaches, it didn’t disclose the information until 2016
    • Yahoo is facing a class action lawsuit that claims Yahoo failed to protect the data of its users
  • T-Mobile
    • About 2 million users were affected
    • Data stolen included, encrypted passwords, account numbers, email addresses and billing information
    • An international group of hackers accessed T-Mobiles’ servers through an Application Programming Interface (API). Basically, an API is an access point or link to a database that allows application to “talk to each other.”
  • Wendy’s
    • In 2015-2016 more than 1 million credit cards were compromised at more than 1,025 Wendy’s locations affecting 7,500 financial institutions
    • Cybercriminals were able to install malware on Wendy’s point-of-sale credit card systems
    • Wendy’s recently agreed to pay $50 million to a group of financial institutions for their costs related to the breach
    • A consumer class action lawsuit was settled for $3.5 million

How are Cybercriminals Getting In?

According to Kaspersky Labs, in early 2018 the biggest vulnerability was found in the Microsoft Office products (Word, PowerPoint, Exel, etc.) with just over 47 percent of the total share. Other big offenders providing cybercriminal access are internet browsers at 23.74%, followed closely by Android devices at 20.68%. While some of these issues have been resolved, cyberhackers are smart and clever and always looking for new vulnerabilities.

 

Cybersecurity Risks

Many business owners are so busy running their company, that cybersecurity isn’t even on their radar. But statistics show that cybersecurity should be at the top of their to do lists. Not only is your business at risk for losing all your data, but you could also lose credibility with your customers/clients. A recent study by Ping Identity surveyed over 3,000 people in the US, UK, France, and Germany to analyze the attitudes and behaviors of consumers regarding data breaches.

Here’s what they found:

data-breach-statistics

 

 

Internet of Things (IoT)

IoT technology is advancing so quickly that some manufacturers have either taken shortcuts or ignored vulnerabilities in their products in the rush to get them on the market. This new technology has provided hackers an open door into your systems.

So, what is IoT? IoT is simply any physical device that can be connected to the internet. Basically, that means any device that can collect information and send it and devices that can receive information and do something with it.  And as we learned earlier, the internet is the second most used port of entry for malicious attacks.

Many of us are familiar with some obvious devices such as computers, laptops, smart phones, tablets, Bluetooth headphones and speakers and baby monitors. It’s estimated that there are tens of billions of these devices across the globe. Here’s a list of other devices that are also included in IoT.

  • TVs
  • Home appliances
  • Thermostats
  • Home lighting
  • Security systems
  • Industrial sensors
  • Fitness monitors and apps
  • Toys
  • Recording devices
  • Drones
  • Smart car alarms

Why Does IoT Pose a Security Risk?

Aside from the broad risk of being connected to the internet, there are some other risks that are not obvious or well known as a data breach. All these tiny computers in these IoT devices are vulnerable to malicious hackers. These vulnerabilities include unencrypted communications, weak passwords and insecure web interfaces. Many users never change the password from the factory setting. Imagine those vulnerabilities multiplied by tens of billions!

In 2016, in order to gain an advantage over other players in the online video game Minecraft, three young men created two botnets that targeted IoT devices. These botnets hijacked and gained control of nearly 65,000 devices in the first 20 hours and grew to somewhere between 200,000 to 300,000 devices. All of these hijacked devices became part of the Mirai and Clickfraud botnet schemes.

The Mirai botnet was used to cause several “distributed denial-of-service (DDOS) attack. A DDOS attack happens when many computers (IoT devices) act together to flood targeted computer(s) or server(s) with malware. Originally created to slow down Minecraft competitors’ servers, Mirai quickly became something much more dangerous. At its peak Mirai was able to disrupt internet service to most of most of the eastern United States. And there was concern that Mirai would be able to interfere with the 2016 election and media coverage.

The Clickfraud botnet was used to commit advertising fraud, specifically “clickfraud.” Clickfraud works by making it appear that a real human user has clicked on an ad in order to falsely generate revenue.

The Dyn botnet attack was able to disrupt internet service for major websites such as Netflix, Paypay, Amazon and Reddit.

What’s Does the Future Hold for Cybersecurity?

While much of this must seem like doom and gloom, there are steps that you as a business owner can take to protect your business from data breaches and malware. As we reviewed in this article, technology if advancing at light speed and hackers are becoming cleverer in their methodology.

Here are 5 Steps a Business Owner Can Take to Thwart Cyberattacks

  1. Recognize that size does not matter to Cyberhackers. No business is exempt from cyber-attacks. As a business owner, it’s not a matter if a cyber-attack will happen—it’s a matter of when
  2. Hire a reputable IT Security provider. Spry Squared can assess your system’s vulnerabilities, make recommendations and implement cybersecurity best practices
  3. Working with your trusted IT advisor, create a plan. Spry Squared will work with you and/or your IT manager one-on-one to craft a customized cybersecurity plan that is best for your business. Once your plan has been implemented, we monitor your systems and are able to spot abnormalities and take preventative measures. Additionally, we ensure that all data is continuously backed-up
  4. Create and enforce cybersecurity protocols within your organization. All the preparation and preventative measures you undertake will be rendered useless due to human error if untrained staff do not follow cybersecurity best practices
  5. Regular updates to your hardware and applications are a must. Cybercriminals are always looking for new ways to break into a system. But they continue to exploit existing known vulnerabilities. Typically, when a vulnerability is discovered, a security patch is released to “fix” it. However, if you don’t update with the security patch that leaves an “open door” for hackers

 

If you’re ready to take your Cybersecurity risk seriously, contact the IT Security experts at Spry Squared. You’ve got nothing to lose if you do—and everything to lose if you don’t! Call us today at 720-724-7730.

Managed IT Services: What Does That Really Mean?

At Spry Squared, Inc., we define our Managed IT Services programs as “the practice of outsourcing on a proactive basis, certain IT processes and functions intended to improve your company’s IT operations, reduce expenses, and provide peace of mind.” This includes providing connectivity and bandwidth, network monitoring, security, virtualization, and disaster recovery. Additionally, Spry Squared’s Managed Services includes storage, desktop, mobility, communications, hardware and software support, help desk and technical support.

 

An area that is quickly moving to the top of the list for many companies is cloud computing. While a challenge for some Managed Service Providers (MSPs), this is an area where Spry Squared, Inc. not only excels, but is breaking ground.

The Difference Between A Managed Services Plan and a “Break/Fix” Plan

There are many differences between utilizing a Managed Services strategy and going with the traditional method of “Break/Fix,” meaning you wait until something breaks and then you fix the problem. When technical difficulties come up, you have these two service provider options to get your systems up and running again:

Break/Fix

  • This method requires researching and hiring an outside vendor
  • You then wait for the arrival of a technician to your location to diagnosis and fix your issue
  • Charged an hourly rate
  • Provides assistance only when something goes wrong, leading to decreased performance as you wait for the expert to arrive and the down time while the issue is fixed
  • Doesn’t have extensive knowledge of your IT systems and may not be able to completely fix the issue. In other words—they may provide a “band-aid” fix

Managed IT Services

  • Provides a consistent relationship between you and your service provider
  • Consistent monitoring and adjustment to your systems to prevent future problems
  • 24/7 Help Desk and Technical Support
  • Provides consulting to maximize your IT needs within your budget
  • Services provided under a monthly contract

What is covered with a Managed IT Services Plan?

Some areas of Managed Services, Spry Squared, Inc. provides include:

Desktop/Laptop

  • Consulting on hardware purchases
  • Providing support for virus and malware protection
  • Security patching and updates
  • Monitoring for unauthorized Internet surfing activity

Applications

  • Support for existing applications
  • Consulting and implementation of new applications
  • Application patching/upgrades

Email/SPAM

  • Consistent monitoring
  • Anti-Malware, anti-spyware and ransomware support
  • Comprehensive support strategy

Servers/Virtualization

  • Constant monitoring for performance, security and storage
  • Virtualization to ensure your cloud or physical servers are optimized into multiple virtual machines

Cloud Computing

  • Service-oriented architecture, and autonomic and utility computing to meet your cloud computing needs

Network Administration & Security

  • Monitoring performance and security to keep your network working efficiently
  • Complete compliance assistance, risk assessment and correlation analyses to maintain a steady overview of network activity
  • Notifications of maintenance requirements and security alarms
  • Active prevention of unauthorized network access

VoIP Phone Support

  • Consultation for upgrade of existing equipment or purchase of new VoIP phones
  • Phone system management

System Backups / Business Continuity

  • Backing up your systems to ensure you are never without your data
  • Daily, weekly or monthly backups

“Our IT team brings more than 75 years of experience to the table,” said Stephen Spry, co-founder, Vice President and COO of Spry Squared, Inc. “With that level of expertise, we can zero in on your problem and identify the solution very quickly. That will save you time and money. Plus, we are with you every step of the way, ensuring your project gets launched on time or your problem gets fixed in a timely manner.”

Why Choose Spry Squared, Inc.?

There are many reasons to choose Spry Squared, Inc. for your Managed Services needs. Among them are reduced operating costs, minimized downtime and peace of mind from knowing that your environment is secure.

Spry Squared, Inc. has a strong record of success in solving IT challenges for businesses by creating robust IT architectures and infrastructures, while also managing costs and risks.

“We are well aware of the old saying, ‘Time is money,’ and we do everything we can to minimize downtime for clients,” Spry said. “At Spry Squared, Inc. we strive to understand your business from your perspective and then build a lasting partnership based on that perspective.”

A recent survey found that 66 percent of respondent companies hire at least one type of IT service provider each year. The same survey found that 37 percent of businesses do not have in-house IT staff. That means those companies may be leaving themselves exposed and could surely benefit from Spry Squared, Inc.’s services.

“There is not a client too big or too small for us,” said Bernard Wesley, Spry Squared Inc.’s Business Development Manager. “We give the same attention to detail whether your company has 200 users or is a sole proprietor. Our goal is to become an IT partner with our clients.”

When meeting with potential clients, one of the first things Wesley asks the management team is this: Has your current IT provider met your expectations this year? Do you feel your current provider gives you the kind of support that will advance your business next year and beyond?

If you answered no to any of these questions, Spry Squared, Inc. can provide a free assessment of your existing IT services.

“After the assessment is complete, we make recommendations on industry best practices factoring in process execution, budgeting, project management, operational efficiencies, and improving IT decision-making resources for your business.” Wesley said. “At Spry Squared our ultimate goal is to provide the best IT solutions for your company.”

Spry Squared, Inc. is your Managed IT Services Security Expert

Studies show email is the optimal access point for hackers to gain control of your data. Our IT team specializes in security, networking and cloud computing, and can also ensure your data is backed up on a daily, weekly or monthly basis. This will ensure your vital business data remains safe and recoverable should anything unexpected, such as unwanted power surges or natural disasters should occur.

According to Spry, the increase of technologies such as mobile, social, cloud and big data creates an increased impact on protection strategies. These technologies will continue to add to the complexity and drive the security needs of the IT infrastructure and information assets of every business. They will also challenge the integrity of current security controls and will put enterprise data and intellectual property (IP) at greater risk.

Threats can come from anywhere. And even your smallest screens—tablets, phones, etc.—are vulnerable. With over one million new computer viruses found every day by anti-virus companies, you can never be too careful. Many businesses find themselves in need of a plan for ensuring these devices stay as secure as the desktops in your headquarters.

With Spry Squared Inc.’s continuous monitoring, we know if your server and all of your desktops have the latest anti-virus and malware updates installed and are functioning correctly.

Starting with the basics of desktops and laptops, and even VoIP phone systems, Spry Squared Inc. can insure your hardware is running at peak efficiency. A part of any good Managed Services package is security monitoring, and Spry Squared, Inc. has extensive experience in this area, as well.

“We utilize the latest technology to keep your systems up and running and to keep them safe,” Wesley said. “One of the first questions we ask prospective clients is, ‘Do you find out immediately if your data back-up fails to run?’ With Spry Squared, Inc. you will.”

With data breaches, never-ending spam and malware, security is becoming one of the most important tools in any MS company’s portfolio. In several polls, many businesses cited security as the number one topic of concern. Frequently, companies aren’t aware their network security is aging and needs to be upgraded or totally replaced in the near future.

“We keep track of where your network and equipment are in their patch life cycles,” Wesley said. “That allows us to stay ahead of any problems that might arise. And, it allows us to serve our clients much better.”

Spry Squared Inc.’s dedicated IT team knows if the latest security patches have been installed on your network. They know who the heaviest internet users are, and whether they are downloading large files which can slow down the network. They can also determine if your staff is accessing inappropriate web sites, and they know which PCs are running out of memory, affecting user performance.

Why is an IT Managed Services Plan Important?

“Never underestimate the power of having your data continuously backed up,” Spry said. “If nothing else, it gives you peace of mind knowing that if a disaster should occur, your data is recoverable. That also ensures your down time will be minimal.”

Any compromise to data integrity, availability or security can have serious ramifications on productivity, stakeholder confidence and regulatory compliance—all of which impact your bottom line! Your business needs more than a simple storage solution. Spry Squared can help you create multi-tiered strategy that can prioritize data and efficiently archive, access and retrieve data using Cloud Storage, Network Attached Storage (NAS) and Storage Area Network (SAN) technologies.

Why Hire Spry Squared, Inc. as Your Managed IT Services Provider?

As your IT Managed Services team, we can discover and address technical issues before they get out of control and have a negative effect on your business. Spry Squared, Inc.  provides proactive service and regular maintenance, ensuring your computer network—and your business—continues to run smoothly and efficiently. Many times, our IT team will find an issue and bring it to your attention before it becomes a problem.

Other benefits to consider when deciding whether it makes sense for your company to take the next steps and hire Spry Squared, Inc. as your IT Managed Services team:

Cost reduction for your IT needs

  • Manage your IT budget by establishing a long-term partnership with a reliable MSP that will save you money over time
  • Increased in operational efficiency
  • Cost of managed services can be less than “break and fix” costs
  • Custom plans provide you the best “bang-for-your buck” budget. Don’t pay for what you don’t need

System Centralization Allows Consistent Capability and Performance

  • Spry Squared, Inc. will centralize your network applications and servers into a single data center
  • Creates faster speed and increased accessibility for all staff, regardless of location
  • Facilitates secure remote access so your staff can safely work on the go

High Level Support for Up-to-Date Technology

  • We have our finger on the pulse of latest industry trends in new technology, threats and best practices
  • Consistent upgraded IT systems
  • Enterprise level support at cost-effective rates

Extended Relationship with IT Experts

  • Spry Squared, Inc. will become deeply familiar with your business IT systems
  • Our extensive IT experience can make recommendations on industry best practices
  • We provide excellent service that is ready to assist at a moment’s notice
  • By addressing your IT issues, you and your staff can focus on their daily tasks, rather than changing course to address a technology problem

Let Spry Squared, Inc. be Your IT Department

While not all companies need the same level of service, all companies need some level of service. After all, in today’s Internet of Things world, the need for IT Managed Services is greater than ever. But no matter what your ongoing needs are, Spry Squared, Inc. can find a solution to match. Spry Squared can customize a plan especially for you based upon the scope of your needs.

According to Spry, many businesses only hear from their Managed Service team “after” things break. That’s not a prudent way to run your business. A more reasonable and practical approach would be to go with a Managed Services company such as Spry Squared, Inc. to ensure everything stays running at optimal efficiency.

By having Spry Squared Managed Services serve as your IT Department, you are free to focus on what you do best—running YOUR business. Spry Squared’s Managed Services plans provide a fully staffed, outsourced IT department dedicated to seeing your company’s needs are being met, at a fraction of the cost of an in-house IT department.

To get your free consultation and assessment of your Managed Services needs, contact us today to schedule an appointment. Don’t wait…call us now at 720.724.7730. We’re here to help!