Category Archives: Security

IT Security for SMBs and the Rising Risk of Cyber-threats

By | Business, Food for thought, IT, Security | No Comments

70% of Cyber Attacks Target Small Businesses.

This scary stat came out in late 2016 from the National Cyber Security Alliance. The reason for the very high volume of attacks against small businesses is that they make easy targets. While the payday may not be huge, the results can be devastating for the business. Most small businesses are under the impression that they are too small to be interesting for cyber crime. This means that routine IT security patches and server upgrades or maintenance are frequently deferred, exposing vulnerabilities.

Take into account one of the more popular cyber crimes, Ransomware, which systematically encrypts as many files as it can across your entire network. Once encrypted, a ransom email is sent to the company asking for anywhere from thousands to tens of thousands of dollars in exchange for the key to unlock the encrypted files. The price is usually set below the cost of hiring the IT firm to fix the problem and saves the time of performing lengthy restores.

At Symbio we encounter this occurrence fairly often when an employee opens a file or visits a site they shouldn’t have. To combat this, we have architected our IT as a Service platform to stop the spread of the attack and then to rapidly restore from the point just before the attack occurred. Regardless of the hack, make sure that you have a strong IT Security policy in place with the proper processes and infrastructure to back them up.

Going to do a series of posts around; IT Security, Liability, Data Compliance (HIPAA, FAFSA, HI-TRUST, PCI, etc.) because these are very important topics and one thing we see over and over is smaller organizations that have avoidable IT disasters.

Spear Phishing: What you need to know

By | IT, Security, SysAd | No Comments

As your IT advisor it is very important for us to remind you to never ever click on attachments that you are not expecting, and if you are responding to a questionable email, please check the address for accuracy.

Here’s why:
Over the last few years, we have made excellent strides towards improving operating systems security. We also have seen a decline in traditional computer viruses. However, there is still a lot of money to be made in the business of compromising your computer (or Virtual Desktop). As a result, there are a lot of people diligently trying to trick you into installing malicious software. We have all seen infected websites, usually pop-ups, which try to trick you into thinking you have a problem that can only be fixed by installing some piece of software. If this has ever happened to you, hopefully you know to exit the Web Browser (Alt-f4 on the keyboard rather than the X in the upper right) and that you should never install ‘security’ software from a random website.

Just as you should never trust website pop-ups, you should also be very careful about trusting your email. Our industry has spent many years developing very complicated software in an attempt to automatically remove things like spam, malicious software, and questionable web links from your incoming mail before you ever see it. This security software works remarkably well given how hard people are working to get around it. The fact is: email was never designed to be secure.

As security systems have improved over the years, smart attackers have shifted their techniques from attacking our filters and trying to get past them, to more direct, personalized emails and contacts. Instead of poorly written emails that look like gibberish, we’re seeing well written emails that reference people by name and occasionally mention specific details about your company which can be gleaned from your website.

These social engineering techniques have been a part of the systems security landscape for a long time, but we’re now seeing enough of it that computer security folks decided to give it a name: Spear-Phishing.