Posts Tagged ‘Disaster Recovery Plan’

Can A Cybercriminal Crack Your Company’s Network?

Tuesday, April 5th, 2016
Ransomware Attack | Cybercriminals Target Businesses | Ohio CPA Firm

Ransomware has become a formidable threat to businesses of all sizes, yet I have worked with quite a few business owners who are unfamiliar with the term. This is particularly unnerving as a Ransomware attack can be catastrophic to the financial stability of your business. Read on for tips to help you prevent a Ransomware attack from taking down your business.

Small and midsize businesses are not immune to becoming the target of a crippling cyberattack and without the proper procedures in place business owners risk the very real threat of a large-scale assault on their company’s data. Would you be able to recover if your organization was attacked?

Instances of cybercrime have reached an all-time high and ensuring that your company has the procedures in place to guard against an army of determined fraudsters is more important than ever. But before you can implement effective controls, you must have a clear understanding of what it is that threatens your business.

Know Your Enemy

Ransomware has become a formidable threat to businesses of all sizes, yet I have worked with quite a few business owners who are unfamiliar with the term. This is particularly unnerving as a Ransomware attack can be catastrophic to the financial stability of your business.

Read Also: Could Your Company Be Ransomware’s Next Victim?

Ransomware is the infection of a computer which immediately encrypts all recognizable file types. Once your network is infected, a screen appears on your monitor demanding that the company pay a ransom in exchange for the data to be “decrypted” and released. A timeframe is established by the hackers and it is made clear that if the ransom is not paid before the deadline, the organization’s data will be destroyed.

4 Tips To Help Prevent A Ransomware Attack

To protect your business against Ransomware and other similar threats:

  1.  Train your employees to identify phishing emails.
    Numerous vendors can provide your company phishing tests and video training to help educate your employees about phishing emails and ways to identify possible scams. Specifically, work to change the mindset of those within your organization when it comes to opening attachments and clicking on hyperlinks.
  2. Set employee Microsoft Active Directory rights.
    It’s unlikely that all your employees will need full-access to your company’s entire database to do their jobs. One way to protect your data is to only grant access to the data needed for employees to complete their job responsibilities. This way, if an attack does occur, the damage can be isolated.
  3. Consider implementing programs such as Microsoft “AppLocker.”
    When you implement programs like AppLocker, you require users to be assigned access to the programs they need to utilize. Again, this helps to isolate the threat which can help minimize the impact of an attack.
  4. Implement a Disaster Recovery (DR) Plan.
    Some research indicates that only about 35 percent of small- to medium-sized businesses have a working and comprehensive disaster recovery plan. We are learning time and time again just how important it is to have a plan in place to protect your business when crisis strikes. A DR plan, complete with regular plan testing and offsite backup data, will help prepare you for unforeseen events which, under current circumstances, could prove to be catastrophic. Click here to learn more about the benefits of a DR plan and how they can keep your organization and its data safe.

Guard Your Data With These Best Practices

Monitor for irregularities

If your network is infected, you can eliminate or decrease the threat of Personally Identifiable Information (such as financial records, medical information or intellectual property) from being infiltrated by utilizing an Intrusion Detection System or Security Information & Event Management application or service. These applications are designed to monitor for invalid access attempts, outgoing traffic identification and other significant alerts.

Require two-factor authentication

Many breaches are the result of access that has been granted to a third-party vendor. Oftentimes the vendor’s network will become infected and can lead to the breach of your own organization. While the data breach may not have originated within your organization, you are responsible for the inroads that were ultimately exploited by hackers to gain access into your network. A best practice is to require all vendors to utilize two-factor authentication or direct contact with your IT staff in order to gain access to your company’s network. Your networks should never be directly accessible to any outside vendor.

These tips can help you protect your organization from cybercriminals, but they only provide an initial layer of security. New threats are being developed every day and existing threats are evolving rapidly. The best thing you can do is arm yourself with knowledge and regularly test for weaknesses in your company’s armor. One day, your business will be the focus of a cyberattack. Will you be ready?

Email Rea & Associates for more information about protecting your business from cybercrime.

By Joe Welker, CISA (New Philadelphia office)

Check out these articles to learn more about Ransomware and other cyberattacks on businesses:

How Much Is Your Data Worth To Criminals?

Businesses Beware: Sloppy Data Security Could Cost You

Then & Now: Data Security In America Since The Target Breach

Share Button

Could A Cyber-Attack Cripple Your Business In 2015?

Tuesday, December 30th, 2014

As we embark on a new year, many of us will set personal goals for ourselves or renew commitments to objectives that may have eluded us over the last year – and if you are a business owner you probably have a whole other list of initiatives to conquer in 2015. But before you dive into a new campaign, product launch or acquisition, take a moment to reassess your business’s disaster recovery and business continuity planning. Doing so could save you from unforeseen financial hardships that could devastate your bottom line.

From eBay’s server breach early in 2014 to the recent Sony Pictures hack, this year major U.S. companies found out that even the best defenses cannot guard against attacks carried out by a determined hacker (or hackers). And if these large-scale businesses are vulnerable, how is your small to midsize business expected to recover? In addition to building up a solid defense to these types of threats by employing firewalls and antivirus software, businesses with a solid business continuity plan are more likely to recover if (and when) a disaster does strike.

Plan For The Best – Expect The Worse

Could you recover from a cyber-attack or data breach? Do you have a plan in place to not only shield yourself from threats, but to swiftly respond and recover? The ISACA, an organization that engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems, encourages business owners to take a proactive stance when guarding against disasters – online and offline. If you are unsure whether your business could recover, ask yourself these questions.

  1. Do you have a thorough understanding your business’s activities, including which ones are critical to support your overall operations while satisfying your customer’s expectations?
  2. Do you know what data you need to support your business’s critical operations and do you know where this data is kept?
  3. Do you have a clear understanding of the effects of downtime within your business and, using this information, are you able to identify where you are most vulnerable?
  4. Do you have current infrastructure in place to protect your business and data against hackers and viruses?
  5. Do you consider business continuity to be a priority to your business?
  6. Do you have a documented plan in place to guide all aspects of your business through a major emergency? How about smaller disruptions like organizational, process and technology changes?
  7. If a disaster were to strike today would you be able to recover quickly while protecting the best interests of your customers and business stakeholders?

If you answered no to any of these questions your business may find itself susceptible to risk and unable to recover from a cyber-attack or data breach. Make business continuity a priority in 2015. Email Rea & Associates for more information on how you can protect your business against countless internal and external threats.

By Joe Welker, CISA (New Philadelphia office)

 

Related Articles

How Prepared Is Your Business For A Potential IT Disaster?

How Can Heartbleed Affect You And Your Business’s Online Identity?

How Can I Protect My Business From A Data Security Breach?

Share Button

How Prepared Is Your Business For A Potential IT Disaster?

Tuesday, September 9th, 2014

Natural disasters. Hardware meltdowns. New variants of viruses and malware. Unfortunately, we live in a day and age where anything can happen. It’s critical that your business is on its toes, ready to tackle any potential disaster or crisis that may come your way. But is it? If your business’s computer systems crashed tomorrow, how easy (or even possible) would it be for your business to recover? Has your business ever given thought to a disaster recovery (DR) plan? Do you have one of these plans?

It’s National Preparedness Month. A month where government agencies and businesses alike work to educate companies and organizations about the importance of being prepared whatever may come your business’s way. In honor of this month, below are five reasons why your business should create (if you don’t have one) a disaster recovery plan

Top 5 Reasons For A IT Disaster Recovery Plan

A Gartner report estimates that only 35 percent of small- to medium-sized businesses (SMBs) actually have a working and comprehensive DR plan. And from its research, Gartner also found that 40 percent of SMBs that manage their networks and Internet usage in-house will have their networks hacked, and more than 50 percent won’t know they were hacked. Pretty sobering statistics, right? There are many reasons why having a DR plan is a wise business move. In fact, here are the top five reasons why a DR plan is imperative to the success of your business:

  1. You can’t control when a disaster happens – it can happen at any time. Disasters can be natural or man-made – either way, you don’t have control over when it could happen. A DR plan will help you be prepared for anything at any time.
  2. A DR plan can help you save thousands, possibly even millions, of dollars in the event of a disaster. When a disaster strikes, it’s usually not a cheap fix. Depending on its severity, many businesses’ budgets are hit quite hard. And if this is an unexpected expense, it’s that much harder to make a complete recovery.
  3. You can mitigate your losses with a DR plan. Money isn’t the only thing at stake during a disaster. Don’t forget about the trust and confidence of your customers, employees, investors, vendors – the list goes on. A DR plan can help you retain your critical audiences during a disaster.
  4. A DR plan can help you reduce confusion among your staff and audiences. When a disaster hits, imagine the confusion and uncertainty that comes with it. In some cases, it may seem like you have no control over the situation. A DR plan can help you have an organized approach to resolving the disaster.
  5. The government may require businesses within your industry to develop and utilize a DR plan. If your business handles sensitive customer information or other information that could be critical if lost, the government may require you to have a formal DR plan, which should include yearly testing of offsite back-up recovery data.

Does your business have a DR plan? If not, you need to create one. Email Rea & Associates for more information about what to include in your plan. If you already have one in place, first pat yourself on the back, and then review it to ensure that it reflects your business’s current environment. Detailed and tested plans are imperative to the successful recovery and even for the longevity of your business.

Author: Joe Welker, CISA (New Philadelphia office)

 

Related Articles

New Form Of Malware Catching Retailers Off Guard

How Do You Protect The Value Of Your Business

What Are Some IT Audit Tips That Can Keep You Off Santa’s Naughty List?

Share Button