That bad feeling you get in your stomach. Can I restore my files?

The first thing I check when talking with a potential clients is if I can restore a file from their backup. Notice I did not say I check to see if they do backups because most do. Or they think they do. We go to test and.. that tape failed (74% eventually do). Panic!

This morning started with a phone call at 6:45. "Our system is down!" Where does your mind go? Immediately mine goes to "Did the backup run last night?" Can I trust it? Do I know for a fact that I can restore from it?

That is a sick feeling, even though just a week ago I did indeed test it to make sure I could restore. Worst case scenario I just lost a week of data. Not catastrophic but its not going to be a good day if that's the case.I still was not quite sure. No need for caffeine this morning. I am awake.

First step is to VPN in to the client's system to see what I can see. Can I ping it? (A ping is like throwing a ball as something you can not see in the dark. If it returns you know its there. If it doesn't.. YA)  YES!!  I can ping it so that means at least it is breathing. I can not log into it though.. (I guess I can breath a little..very little). 

I get on the phone with person who discovered our barely breathing system. The client is 45 minutes away. They open in about 6 minutes. HMMMMM....  Quickly I verify that the backup ran the night before. YES, but with errors. I can see when it lost communication. I am now in a state of elation and horror.. and it's Friday of course! Seems to always happen on a Friday...

I tell the client to PUSH and hold that power button and till it dies... I can hear the fans shut down.  Let it rest for a little bit. He hits the power button again and the server comes back to life.

At this point I know I there will not be an answer for about 8 -10 minutes (it is an old server). I jump in the shower thinking of all of the good, bad and ugly this day may turn into. When I get out I check my phone.. Nothing. I get dressed and go into my office. VPN, connect... AND!! Bingo.. All systems go and running like a champ. Test functions.. All look happy. Client says "THANK YOU"

I have had enough cases in my career similar to this where I wasn't quite sure if I needed a full restore I could do it. Major projects were never a problem because we did full backups and multiple test restores so confidence was there. I did have one case of a client get hit hard with a RansomWare virus (Encrypted half the network). The restore started OK but would die after 15 minutes. It was brutal but I did get it back because there was an additional layer of protection where it was backed up to a cloud server. It was a much longer time frame but it came back.

So the moral of this story is how much faith do you have in your backups AND your restores? My typical disaster recovery plan for clients is an on site storage system coupled with an upload to a cloud repository each night. I will probably never be 100% sure I can get everything back. That queasy little feeling will be there no matter how much I test. When it comes to security nothing is 100% but at least I know I am doing everything I can to give it a fighting chance. 

Is Your Biggest Cyber Threat Inside Your Own Company?

This afternoon I was at an Infragard meeting (I am a member of Infragrad which is a partnership with the FBI to protect the US infrastructure https://www.infragard.org/ and there was a presentation on insiders threats for Cyber Security. Truly eye opening with some of the stats given. One of which was the estimated 73% of breaches are done intentionally or unintentionally from the inside.

The unintentional ones are when an employee will click on a link that loads some malware, spyware or other harmful ware which is used by the bad guys to get inside. It is like someone unknowingly letting an intruder in by unlocking the door and walking away. In the meantime the intruder quietly strolls in to have a look around and to do what he pleases, undetected. I have seen examples of this myself. Though this can be a significant event the examples of other ways were shocking how huge of an impact they will have.

One example was of a company called Sinovel.  http://www.bostonglobe.com/business/2013/06/27/feds-charge-chinese-firm-with-stealing-technology-mass-company-amsc/CTE66TzhtD19qvEfU35RQN/story.html

AMSC made software for this company and suddenly its orders dropped. The long and the short of it is that the software was stolen by Sinovel and AMSC sued them for 1.2billion dollars. Why? One person stole proprietary information and gave it to Sinovel. The result was devastating and jobs were lost, families affected and ripples felt throughout industries. Proper measures were not in place to protect the intellectual property.

In another case presented today an individual stole information from the Medical College of Wisconsin.  http://www.scmp.com/news/world/article/1280109/chinese-researcher-pleads-guilty-stealing-drug-us-medical-school  In this case the individual downloaded 2.4 million files to a personal hardrive and sold the information.

I myself have been involved in aftermaths of employees who were disgruntled and tried to either destroy or steal information from employers. How devastating would this be if your client list, information about business dealings or blueprint for your product walked out the door and was sold to your competitor?  Yet I do not see companies taking this seriously. How much is going on that we don’t know about?

So how can you stop this? It is critical that you put in place policy and procedure which will first of all make it harder for this to happen and second of all detect when it does happen. I hear so many times from business owners how much they trust their employees. I also have seen multiple cases that those same employees are robbing them blind. We are trusting especially here in the Midwest. There is a difference between trusting and being aware.

I have seen one company get put out of businesses and destroyed because of this scenario. They trusted everyone only to have an employee turn on them and within 8 months they were done. Lives destroyed and a business ruined.

IF your gut is telling you to look into things that do not seem right then follow it. The worst that is going to happen is you are wrong.  I am not saying to be paranoid. I am saying you need to be aware.

It’s your business. I do everything I can to protect mine. Sometimes it’s not comfortable… but it is necessary. Don’t be your own worst enemy.

BYOD. Bring Your Own Device or Bring Your Own Disaster!

I was at one of my regular clients this morning working through my list of maintenance tasks etc. I had a complaint about the network being slow for most people. I started to investigate and as I looked at my statistics and logs I found something that disturbed me a little. There was a device on the network that was using a very healthy amount of the bandwidth. Think of bandwidth as a 4 lane highway. The more cars that are on it, the more the congestion, the slower the speeds. This morning’s example was like one very large truck taking up all 4 lanes slowing everyone else down.

Anyway. My software told me the MAC address (this is alpha numeric number assigned to the actual hardware whether it is a phone, computer or tablet). It also gave me the IP address (network address) that was assigned to that device. As I traced it I found the traffic was flowing out, not in. What that means is the device was sending large amounts of data. It was not downloading an update or anything like that.

It was identified as an IPHONE by the router. With a network full of devices to sift through and several people in training on site I decided to simply block that device from sending anything out of the network. The congestion cleared and things returned to a normal state making me friends with many of the users again.

From a technical standpoint I you should realize that the software could be wrong, the address can be faked and I could be chasing a ghost if the person goes off site so I didn’t chase. The point to all of this is how one device (if it was indeed an Iphone) can literally bring a network to its knees. This client I have advised several times to not leave the wireless open due to the fact this can so easily happen.

It did get me thinking as to how do you as a business control this yet provide access needed? More and more Androids and Iphones are being infected and many times the users will not know. They stick on the network and BANG. Problems!

The question to ask is why allow the access? Why let people use their own device? It may be cheaper up front or more convenient but in the long run you may sacrifice functionality of your entire network. I equate it to if you owned a race track where high performance cars are running but then you let your neighbor take his SUV on the track it will eventually catch up with you and slow everyone else down.

Many companies have a BYOD policy of what people can use and connect to the network. Policy and procedure is really the key to being successful. Without out it you open up your network to the wild west of devices. People don’t even know most of the time when their device is infected and then it turns out to be the time spent by the IT department looking for that device. Even at that what do you do once you find it. Clean it for the individual? How do you prevent it from coming back on your network?

Control what can go on your network. Make sure you understand the safety concern and why. It really doesn’t take much to do to ensure that network is running at peak efficiency. Most data breaches and viruses happen from within. Introducing devices you are cannot control can open you up to a world of pain as well as a major headache.

So what would a BYOD policy look like? First ask yourself the question why allow external devices. The only reason should be a business purpose. Not because you want people to be able to surf the net at lunch break. I see the mistake made by business owners where they are trying to keep employees happy by offering the ability to jump on the network. My question is how unhappy you will be when people cannot do their work because of the scenario above?

Get Serious about Cyber Security

Is Your Business Serious about Cyber Security?

Most of my clients are small businesses and as with any size business IT spending comes down to ROI (Return on Investment). Recently I had a client ask me to stop doing monthly updates. My response was that is pretty much the rule today is to do those updates on a regular basis. His reasoning was that he is trying to cut expenses and it “Wasn’t Necessary”.

Security is not a sometime thing. It is an all of the time thing. We really need to be more vigilant now than ever. I remember a client who did not renew the virus scanning software for the $300 it would of cost in order to save money. It caught up with him. A virus snuck by that would have been caught by current signature files and his network was infected.  This wound up costing him thousands in the long run and that was just the measurable impact. The loss of production, people not able to do the work, the ticked off customers can literally destroy businesses these days to what is the ROI on that virus scanning software? You can never predict what might have happened if you didn’t have it but in this case the effects were brutal.

I was talking to another business man the other day and he put it quite bluntly. He said not keeping the security portion of IT invested is like not putting oil in a car. It will run for a while but eventually you get burned.

I guess it is what I have seen for years. The “Why would anyone want to attack my network “ syndrome. Well, identity, financial and ransom are just a few I can name.  If businesses do not have a good security plan I believe the odds will continue to grow that they will be hit.

So how serious is your businesses about it? How much have you invested in your security and where is that investment? Too many companies invest in some good hardware and security measures and then leave them. Hoping they are protected.  Hardware alone will not do it folks. It has to be planned and watched. It’s like setting up video cameras and never looking at the monitor or recordings to see if anything happened.

Lastly, I had a new client I interviewed last week. They were getting prices from several places on how they can secure their systems better. As I was going through the process I asked if anyone talked to them about PCI compliance. (They are a retail store). They said none of the bidders had done that. SHOCKING!!  IT professionals with or without a security background need to understand things like PCI compliance or they are doing their customer a dis service. I am still amazed at how many businesses are not even aware of the 12 areas of PCI-DSS. Everyone needs to understand how important it is, what it is and how to become complaint no matter the cost. If not now when?

And by the way. I wasn’t the lowest price but I did get the job J

Anthem. How many big ones are coming?

Another Breach and you are probably affected!

Today it was announced that Anthem was breached. 80 Million people affected and you may have been one of them. So now what? Do you sit around an worry if your info will ever be used against you? Do you feel angry and wonder why someone would do this and why it was not prevented? Do you just move on with your life and ignore it?  I know what I am going to do.

I am going to do the same thing I have been doing which is closely watch my bank account and my credit report. To me that is the best defense against all of this short of going back to the days of keeping money in the freezer or something like that (might raise a few eyebrows too) 

The feeling is helpless so what can we do? Our data goes into the hands of so many companies on a daily basis. This is why I find it interesting when clients talk to me about going to the cloud and if it is safe or not. I tell people that I would much rather take my chances with the likes of Google who invests millions of dollars to protect data. 

Today is another example of how truly difficult it is to protect data. All over the place there are companies struggling with understaffed and frankly under educated (about Info Security) technical staff just trying to keep up with daily operations facing more and more pressure. The shortage of Info Sec (Information Security) professionals is seen as one of the largest skills shortages for IT for the 4th year running. Not enough people are getting into it and the good ones all work for large companies for the most part so how will we catch up?

I have been involved heavily on the security side now for the past few years and I have seen this trend from trying to prevent things like virus outbreaks and attacks to now struggling just to detect them. I recently had a case where it took 4 different virus scanners before I found anything wrong on a client's network. 4. That is scary. The way things can be concealed is alarming.

Early reports on the Anthem breach state that the company knew something was going on since December 10, 2014. So it was detected but they probably did not know exactly what they were dealing with until they finally found that proof. A company that size can not just "think" something is going on and then take a precaution like shutting down systems. They have to first figure out the what, how to stop it and then the why. It isn't easy in a little company and I know it is really hard in a big company.

So what can we do about it besides get mad at these big companies we think should have the resources to prevent this? First, get real because it is not preventable in our current culture. Today's breach sounds as thought it was some sort of sophisticated malware that got on to the system probably by someone inside.  I am not saying it is hopeless but the good guys seem to be chasing the bad guys and the bad guys keep getting further ahead. What this last breach does to the (Info Sec) industry is too hard to tell. Will HIPPA laws get tighter? Will PCI-DSS become mandatory and actually be checked? I don't know but I can tell you something will be triggered from this one and the future breaches we will be having I am sure. Only one thing is for sure. It will be a long 2015 from the looks of it!

Can Your Business Survive a Cyber Attack?

CAN YOUR BUSINESS SURVIVE A CYBER ATTACK?

It's a Wednesday afternoon and business is as usual. Suddenly one computer user says they can not get anywhere and their cursor is spinning. Then another, and another and soon you have an entire office at a stand still. They can not click on anything and they can do anything. You call your IT group saying you have a problem and within a few hours they are on site. The whole network is down and there is no sign as to why. After troubleshooting and hours of diagnosis the verdict is in. You were attacked! It is called a Distributed Denial of Service attack which crippled your network. A crew works overnight to figure out where it coming from and put an end to it. You just spent thousands of dollars and wasted hours of time.

Is this something your business can afford? I saw this scenario play out with a client of mine (they had a different IT group at the time but were looking for some help from me). The figure was around $3000 per hour  and that included off hours because they sold product online. They were down a total of 16 hours. They lost untold customers in a very competitive market. It took them over a week to recover inventory services and get back to where they were full strength. It was estimated in the $100,000 range in loss. It took them months to recover financially and almost didn't make it back.

The reason why this happened or was done was never discovered like many other cases. Many times the business worries about the why afterward instead of during. They just want their business back. More and more these kind of attacks are being done for extortion or as one business vs another. 

Most small businesses I run into have a very inexpensive router so things like logging all of the activity is not set up and many of the inexpensive routers are fairly easy to compromise. Higher end equipment will tell you what is going on when and can detect problems when they happen instead of finding out when users can not get to the Internet or network.

Cyber attacks continue to mount. It is not just the Home Depots of the world getting hit. I have seen industry numbers as high as 75% of small businesses being affected by attacks. Major attacks cause somewhere in the range of 60% of businesses failing.

Bottom line is no matter what size the business it is time to shore up your security efforts. Yes it is more capital you need to invest in equipment but you also need to invest time in training employees on safe practices. I know this is costly but so is losing your business!!