There is pending cybersecurity legislation that looks like it will [...]
There has been a lot of discussion about the method [...]
Here are a couple of snippets from Perth Now Sunday [...]
Dear Valued Client,
Before we begin, if at any point while reading the message below, you need assistance or are just not sure, call 877-662-6624 or contact us by email and let us know so we may assist you. If you are one of our Patchworx clients or that rare organization that is covered through other effective measures, we sincerely congratulate you for your efforts to protect your company.
Whether you request our assistance or do the work of protecting yourself, not acting could be a very costly choice.
As you have likely heard in the national news, networks all over the world (in more than 150 countries) have been infected by WannaCryp Ransomware also known as WannaCry since Friday 5/12/2017…in fact it is estimated that 100s of thousands of computers are already infected and potentially million more will soon be. So, before we move into the details of why this matters, please DO NOT OPEN any attachments, click on links in emails from unknown senders, bring in un-scanned USB drives or otherwise invite an infection into your network.
What does ransomware do?
There are different types of ransomware but, all of them will prevent you from using your PC or server normally. They will then ask you to do something such as pay money before you can access your systems and data. Not all but most make getting data back impossible without
Educate your users - Don’t let them be tricked into downloading ransomware/malware
Everyone should follow this advice:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter, be very certain about the message and any attachments before you release it from quarantine. One user recently got burned this way.
- Avoid clicking Agree, OK, or I accept in banner ads in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. These are usually bogus. Call your IT specialist if you are concerned.
If you must comply with NIST 800-171 under DFARS you [...]
December 31, 2017 is an important date for many in the DoD world. For those with contracts subject to DFARS 252.204-7012 it might feel like an overwhelming and impending date. I am sure this is another heavy responsibility thrown onto your plate with the expectation you get it done.
Here is a blog by our friend Joe Stangarone of mrc's Cup of Joe Blog. He writes about the dangers of shadow aka stealth IT and how to spot it. Shadow IT is basically software and services that enter your company network without your knowledge or permission. Here is his blog....
Summary: A growing trend, “Shadow IT” is a term used to describe IT systems and solutions built and/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT’s back. The problem: Since Shadow IT usually happens on the sneak, IT departments don’t know where (or how much) it’s happening. Is Shadow IT lurking in your business? Read this article to learn the warning signs.
Like it or not, Shadow IT is probably alive and well in your organization. Recent surveys find that it’s not only growing, it’s far more rampant than business leaders realize.
What can you do about it? In past articles, we’ve explored a few ways to address and reduce risks of Shadow IT. We’ve looked at:
- Ways to prevent Shadow IT.
- How to reduce security risks of Shadow IT.
- The benefits of embracing Shadow IT.
That being said, there’s still a problem: You can’t address Shadow IT if you can’t see it. How do you know whether or not Shadow IT lurks in your company?
Orange County, CA - Always make sure your backups are in good working order. Here is a story of a company reports to be out of business because they lost 300 GB if their IP and company operations history - GitLab.com melts down after wrong directory deleted, backups fail. The story mentions Gitlabs.com outgrew the cloud and that is why this happened. No, they simply had bad backups and they did not check to make sure they had an ability to recover before doing work on the storage system. Data loss disasters can happen in the cloud, too. So make sure you have your backup operations in order. Disaster can strike in innumerable ways no matter your IT operation model.
Backups need to be constantly examined to make sure they are working. Here is a partial list of questions you should be asking when doing your due diligence:
There is interesting breaking news from web developer and hacker Viljami Kuosmanen as reported in The Guardian - Browser autofill used to steal personal details in new phishing attack.
“The phising attack is brutally simple… when a user fills in information in some simple text boxes, such as name and email address, the autofill system, which is intended to avoid tedious repetition of standard information such as your address, will input other profile-based information into any other text boxes – even when those boxes are not visible on the page.”
Disabling Autofill in Web Browsers
1. At the top right, click on the Settings icon (represented by three vertical dots)....