Select Page
Don’t Avenge a Cyber Attack – Prevent It

Don’t Avenge a Cyber Attack – Prevent It

One cyber world story that captivated me as a youth was the character of “Ultron,” as depicted in comic books and in the movie adaptation of The Avengers. The character was a breed of artificial intelligence created with the intent of protecting the earth. But he turned against his creators, and against the earth itself, becoming a cyber super villain in the process. Origin story complete. Now queue the good guys.

Cyber Attack Encrypted Files Ransomware Attack

Such is the nexus of superhero narratives. A good intention turns violently wrong, necessitating radical intervention. Movies and comic books love to prey on fears of killer robots and cyber intelligence. It’s an archetype as old as the myth of Daedalus and Icarus: technology going too far and humanity in its arrogance flying too close to the sun, then landing on those old Led Zeppelin t-shirts instead.

Companies encounter similar, albeit less explosive, narratives when deploying cybersecurity solutions, in an attempt to lock down their networks. Often such solutions are deployed in the absence of a comprehensive infrastructure threat review. As such, they fail to provide comprehensive cyber protection.

This amounts to a technical placebo. The cybersecurity plan once implemented gives the impression of the cure without any real medicine provided. And while the attempt to paint over one’s data security problems is not itself an act of malice, it can nevertheless have deleterious effects to the organization in question. 

My own experience in the business world tells me that user oblivion is as dangerous as malice when it comes to cyber vulnerability. A corporate network with rudimentary cybersecurity and normal online hacking attempts, such as phishing scams or malvertising, can be more problematic than a secured network under a heavy cyber attack, such as ransomware.

A Cyber Attack from an ERP Perspective

While the tale of Ultron and the Avengers had itself a happy ending, the story of many businesses is not so optimistic. I once worked for a manufacturing organization that was on the cusp of an ERP (Enterprise Resource Planning) cutover. Painstaking work had been done to ensure that all steps were accomplished and that everyone was ready for a successful go-live.

Training, communication, data conversion—all of the pieces were in place. Cutover weekend went without a hitch; the steps in the go-live plan were executed without issue. The first day live went off without major problems. The normal hiccups associated with a new system surfaced, but nothing unexpected came the way of the ERP implementation team.

On the second day after the ERP go-live, users quite suddenly lost access to shared network drives. Soon after, they began receiving errors when trying to save ERP transactions to the database. Then they abruptly lost access to the application entirely. Amongst all of the communication, they hadn’t even realized yet that their email server had gone down and that they were therefore no longer sending nor receiving communication. Their network had been completely compromised. Chaos ensued.

When people think of the most common reasons for an ERP failure, they normally speak of over-customization, or a lack of management support. They rarely think of ransomware. But for the company in question, getting ransomed over cutover weekend was the first step to a cascading number of failures. In a panic, the company reached for paper-based manual processes while communicating to customers and suppliers over hotspot connections, using the employees’ own private email accounts. It was a cyber mess on all ends and resulted in late shipments, efficiency issues, unhappy customers, and months of work to resolve. Time and talents could have been spent on things other than cyber attack recovery—if only the company had been prepared through preventive measures.

Companies Running ERP Systems Can Avoid Ransomware

The moral of this story is less than heroic: there are no super powers that can save a network that is unprepared, or insufficiently prepared, for an attack. And there are no super heroes to jump in and avenge the wrongdoing.  

Avoiding a cyber attack entirely is always preferable to avenging it after it’s happened. Many companies believe they’ve taken the steps necessary to mitigate a cyber attack. Enterprise risk management needs to be an ongoing activity, however, with business owners and executives involved in designing, understanding, and implementing a cybersecurity plan customized to the vulnerabilities of the industry under attack—because every industry is ALWAYS under attack. 

A company’s greatest vulnerabilities are often the ones that they never realized they had. The greatest risks are the ones they believe they’ve already mitigated. The company in this tale of ERP implementation security chaos thought they had done everything internally to secure their network. But their efforts were done in a vacuum, without any impartial opinions or outside analysis. They weren’t out to create a monster, but their vulnerabilities created a monstrous problem. They didn’t feel they were walking on enemy ground because the villians were hidden and undetected by current cybersecurity measures.

The lesson to be learned here is that malice often masquerades as magnanimity. The most significant threats to an organization are often clothed in good intentions.

Is Your Business at Risk of a Cyber Attack?

Could cybersecurity be the biggest problem you didn’t know you had? I’ll spoil the plot—cyber vulnerability, particularly the risk of a ransomware attack, is the biggest problem currently lurking within most businesses. Manufacturers are at risk of complete shutdown. Distributors face supply chain attacks on a daily basis. And there is no type of business that isn’t under attack. Law offices, financial institutions, hotels, medical facilities—all are under the threat of a cyber attack.

Are you feeling the cyber risk and wondering what you can do to protect your business? Don’t avenge your problems—prevent them before they’ve occurred. Get a security assessment, identify your vulnerabilities, and assemble your future. Know the problems you had yesterday and predict the ones you might face in the future of cybercrime.

Three Ways to Make Compliance Everyone’s Business

Three Ways to Make Compliance Everyone’s Business

Compliance acronyms often become the “inside jokes” of an industry, a sort of alphabet soup, but the language of business governance can quickly result in confusion. Clever letter combinations echo the rules and regulations of businesses, especially for companies in manufacturing and distribution. Compliance is a company-wide issue that affects everyone from owner to customer. With that in mind, here are three ways to reduce the stress of compliance management by making the rules of the road everyone’s business:

1. Know the compliance acronyms that affect your business

2. Optimize your ERP for reporting and metrics tracking

3. Bring in experts when compliance involves advanced cybersecurity, data privacy regulation, or highly sensitive record management

Business Compliance

Rules and regulations serve to keep your data protected. Here are a few of the most common regulations that govern business data:

GDPR (General Data Protection Regulation)

Information that leaves the European Union must comply with GDPR even in countries that are not part of the EU. With comprehensive regulations for security and privacy in data handling, GDPR essentially protects your company from a security breach. If you draw any traffic from the European Union, you must follow the rules of general data protection regulation (GDPR).

HIPAA (Health Insurance Portability and Accountability Act of 1996)

HIPAA compliance is very common, yet many medical facilities miss important steps necessary to meet the fine print of HIPAA laws. All organizations that interact with medical practices in any way must comply with HIPAA. Health and humans services organizations obviously fall within HIPAA privacy rule, but HIPAA violations are seen across industries as more companies host data subject to these health information laws. Small businesses often fail to comply because of limited in-house expertise, which is why 2021 is moving more and more owners toward partnership with a small business IT provider that offers compliance care.

Here are a few of the types of companies that must process data in ways that comply with HIPAA rules and regulations:

Here are signs that you are keeping up with HIPAA compliance:

Failure to comply with even a single HIPAA security rule has resulted in fines of 1.5 million for small companies and up to 16 million for large scandals. Large scale security breaches are common, and everyone handling or interacting with the medical industry needs to be ready for a cyber attack. Physical theft, such as mobile device theft, is also common, so in-house strategies must include data protection from employees and other on-site actors such as third-party consultants.

PCI DSS (Payment Card Industry Data Security Standard)

Payment data is sensitive data, and is therefore protected by advanced compliance standards. Fortunately, these regulations demand solutions that benefit all businesses. If you collect credit card information for any reason, you must ensure PCI DSS compliance. All credit card information must be encrypted. Data access must be limited and tracked so that information stays in trusted hands.

Information transmission requires firewall protection, cybersecurity software solutions, and proactive security management. The network must be accessed for vulnerabilities, and all software must stay updated, patched, and in compliance with the PCI DSS regulations. A penetration test is the best way to see if your company is at risk of a data breach.

EstesGroup can help you create a compliance plan for your business. Compliance acronyms abound, but the right IT solution will quickly make the rules and regulations of your industry as simple as saying the alphabet.

Get business compliance peace of mind by signing up for a security audit and network assessment today.

Managed Services vs. Break-Fix IT

Managed Services vs. Break-Fix IT

What happens when break-fix IT breaks?

As a business owner, you make daily decisions on how to serve your customers and how to improve your company. As part of this, you choose partners and solutions to create a support system that guarantees the quality of your work. A business process review is a popular step in the direction of improvement. For IT support services, small and medium-sized companies often fall into a costly “break-fix” cycle. Business owners can quickly end this break-fix madness by partnering with a managed services provider for affordable, reliable IT plans that are based on unique needs.

Managed Services IT Backup Cloud on Desktop

What is “break-fix” IT?

If a computer or a phone breaks or a server goes down, do you call around until you find someone who can fix the problem? This is break-fix IT. You go about your business, and when something breaks, you pay someone to fix it.

Large companies often have an in-house break-fix team that can manage everything from mobile phones to on-site servers, but these tasks need to be balanced with more complicated demands. No matter what your company size, break-fix IT is expensive and stressful. Managed IT services provide a way for you to break the break-fix cycle while lowering both risks and costs. You can even move to a more competitive managed cloud environment via new cutting-edge hosting solutions.

Signs you’re in a break-fix IT model:

  • Unpredictability across departments: Your technology fails, and all departments spin into chaos.
  • Downtime: Unexpected software and hardware failures reduce productivity and increase costs.
  • Lost revenue: Downtime is only one part of the problem, especially when a security breach is the cause of shutdown.
  • Outages: If the network is down, how can your employees support your customers?
  • Stress: The inherent stress of a break-fix IT strategy can result in high turnover and toxic work culture.

Managed IT Services that End Break-Fix IT Unpredictability

Managed Services Provide Unbreakable IT Solutions

While the break-fix model may work for a time, it ends up costing more than you plan for. This might lead you to consider hiring new in-house IT staff. However, a managed service provider can give you the same talent at lowers costs, and the services are 24/7/365 — and you don’t have to pay for benefits, vacation days, sick days, training, and everything else that supports an in-house IT department.

EstesGroup wants you to find the best IT services for your business. Learn more about our flexible IT solutions today.

Ready for a managed cloud solution that lets you completely focus on your business while EstesGroup IT & ERP specialists manage your infrastructure? Get a free demo of ECHO, our EstesCloud hosting solution. Learn more about SYSPRO hosting, Sage hosting, Epicor hosting, and Prophet 21 hosting today.

5 Takeaways from the Microsoft Exchange Server Attack

5 Takeaways from the Microsoft Exchange Server Attack

A Microsoft Exchange Server Attack Caused Hours of Downtime for Businesses Around the Globe

Last week’s Microsoft Exchange Server attack underscores the liabilities of on-premise architectures compared to their cloud counterparts. On Friday, March 5th, 2021, a zero-day Microsoft Exchange vulnerability was found being exploited across the globe. It affected on-premise Exchange servers, all versions, and allowed the attacker to read emails, exfiltrate data and run the “code of attackers” choice. Unfortunately, a zero-day exploit is one that usually doesn’t have any patches against it. In short, if you had an Exchange Server out on the internet, then it COULD likely have been compromised.

A computer popup box screen warning of a system being hacked, compromised software enviroment. 3D illustration.

Our Break-Fix Client’s Last On-Premise Exchange Server Was Compromised

Microsoft (thankfully) moved quickly, and released a LOT of information, much of it confusing, with many incorrect links. It took our team some time to weed through the chaff and get the actionable tasks from it. The patches are out now, thankfully. It might take your IT folks 4 or 5 hours to install them, and yes, it’s Exchange/email downtime to get them there.

What’s the answer?  I’d say “defense in depth”:

Here are 5 steps you can take to mitigate the potential damage of the Microsoft Exchange Server attack:

  1. PatchingPatch publicly exposed servers quickly and completely.
  2. Zero Trust – Once your servers are built, and before they are exposed to the internet, lock them down! Malware protection can help, but Zero Trust is the ultimate malware protection!
  3. Cyber Insurance – Offload the risk to the insurance company.
  4. Migration – Move the service to a more agile company. Microsoft Office 365 was not vulnerable to this exploit.
  5. Backups –  Enough said.

These 5 steps can be takeaway lessons for even those unaffected by this security breach. Cloud computing costs are decreasing while increasing cybersecurity availability via affordability. Talk to our IT specialists to learn more about how cloud technology can protect your business.

 

Worried about getting hacked?

Download our free guide to mobile cybersecurity.

IT & Managed Services vs. Healthcare

IT & Managed Services vs. Healthcare

Managed Services vs. Healthcare: Similar Strategies, Similar Outcomes

I would like to start with a little self-reflection. If we are all honest with ourselves, we’d admit that no one enjoys purchasing or paying for health insurance. The process is cumbersome. There are a ton of options when it comes to purchasing health insurance, so how do I know which is the best option for myself or my family? Finally, health insurance is not exactly cheap. Most if not all of us have run into these hurdles looking at health insurance, and many of us have weighed the risk of not having insurance vs. the cost. Health insurance is investing in financial security for the unknown, and it’s shocking how closely this relates to IT and MSP services.

Business owners can view IT services in the same light as healthcare investments, and similar questions arise:

Managed IT Services vs. Healthcare Services
  • What are the associated costs? Is this cost prohibitive?
  • With so many options, how do I choose?
  • What is the risk if I do nothing?

The truth is that IT services very closely mimic health care.

Having a good MSP (Managed Service Provider) provide these critical services very much aligns with preventive health care. Going to the doctor for a routine annual checkup can head off a lot of health issues just like having an MSP can prevent a lot of IT issues. This includes hardware failure, data loss, and security issues that if left unattended would lead to larger problems down the road.

 

Critical IT services quickly justify the cost today by reducing the risk tomorrow.

Finally, IT and MSP services are critical to minimizing and reducing risk. IT services might not always be cheap, but the alternatives can be even more costly to business owners. Let’s consider this in the managed services vs. healthcare paradigm: you might not care to pay for the health insurance that covers lab panels or medications that you can currently live without, but if you ever need the tests and the treatments, enrolling in the healthcare plan today will lower your future costs and risks.

 

  • 93% of companies without Disaster Recovery that suffer a major data disaster are out of business within one year.
  • Downtime can be extremely expensive and range anywhere from $926 to $17,244 per minute.
  • On average, businesses lose over $100,000 per ransomware incident, including downtime and recovery costs.

A Managed Services vs. Healthcare Comparison Reveals Your Need for IT Expertise

Business owners who take IT seriously understand that the benefits outweigh the costs by leaps and bounds. 96% of business that have IT and MSP services in place, including BDR plans, are able to survive ransomware and fully recover operations. IT solutions and application hosting solutions can be expensive and require specialized knowledge. This is similar to choosing a specialized physician for a specific service. If you need a heart surgery, you see a cardiologist. Similarly, if you need cybersecurity, you visit an IT security specialist.

 

An IT Health Check First Appointment

Here at EstesGroup, we strive to make IT solutions simple for customers. Not only do we monitor the health of your business technology and provide the solution when something does go wrong, we also keep solutions affordable because we understand that not every business can afford or needs the same amount of coverage.

 

Imagine being able to visit a doctor and have an annual physical and have all the diagnostics to see your overall health — but at completely no cost. EstesGroup provides such a service, but instead of for your body, it is completed for your business, which is just as important. If you are interested in a free business technical assessment so you can get a handle on the health of your network, see your security risks, and get healthful recommendations, please email me at [email protected].

 

Get healthful IT insights sent right to your inbox. Sign up for one of our newsletters today!

How to Create a Strategic BDR Plan

How to Create a Strategic BDR Plan

The Right Data For Backup & Disaster Recovery

For backup and disaster recovery (BDR) planning, you need more than a trusted solution. You need a data center that can’t fail. You need an IT team that won’t keep you up at night. Server room aside, you might want to back up everything, or you might want to delete outdated information. You might fear that your BDR plan will be too expensive if it becomes all-inclusive, or you might wonder if you’re cutting costs while risking a slow restore in the event of a disaster. Fortunately, many IT service plans for disaster recovery often rely on managed cloud services that allow you to scale up or down, adjusting your costs on a monthly, or even daily, basis (depending on your managed IT solution). However, BDR options abound, so let’s look at how to build the right BDR plan for your business needs.

BDR Solutions Across Devices

Choosing BDR

Things to consider when choosing a BDR plan revolve around your own personal preferences regarding on-premise backup vs. cloud backup. Where do you want your data stored? The varieties of BDR options are seemingly endless as we move toward a society that depends on cloud-based technology to enable nearly every aspect of business culture. Your BDR decisions are vital and unique to your company size, geography, climate, and more. Small business technology can help businesses struggling to grow stay competitive, even when business is slow. Larger businesses, especially manufacturers with complex ERP systems, choose cloud-based BDR for peace of mind against ever-evolving threats of cyberattacks and downtime. Across all industries and organizations, good BDR planning promotes the universally desired benefits of reduced risks and lower costs. So, information management similarities and differences in mind, where do you want to save, store and share your company data?

BDR Plan Quick Q&A

  • How much critical data do you need to fully protect?
  • How many users and devices will be affected by your backup and disaster recovery plan?
  • What are your greatest vulnerabilities (natural disasters, ransomware, malwaresocial engineering attacks)?
  • Do you know your RTO & RPO? Do you need DRaaS?
  • What is your BDR training and testing strategy?
  • Have you ever experienced data loss or data corruption? How did you respond? Did you achieve restoration?

Save Your Files & Save Them Again

Where is your data currently stored? In a web-based software? On a server in an office closet? In the basement storage area? In multiple places, including on personal devices (in light of BYOD trends)? You’re not alone if you’re struggling with data management. Likewise, you’re not alone if you’re struggling to choose a BDR solution that will be a perfect fit for your company’s future.

3 Basic BDR Roadmaps

If you want to back up everything, or if you want to back up one file, you have three basic options for saving your information.

  • Cloud services for BDR with true cloud environments and 100% virtual office infrastructure
  • Software solutions deployed on company-owned hardware that stores backups for disaster recovery
  • Hybrid cloud infrastructure that leverages cloud-based software solutions, off-site data centers and external technology specialists

Back up, Data Backup

A common concern is that a cloud-based BDR solution will cause excessive external data center usage, resulting in unforeseen ingress and egress expenses, among other unpredictable costs. The fear of creating luxury backups is real, and business owners have struggled in the past with surprise bills that read like fine-print privacy disclosures. This is why the planning stages of your business continuity strategy are critical in terms of IT budgeting. If you’re concerned about decisions regarding incremental backups, recovery point objectives, recovery time objectives, compliance, and all other backup and disaster recovery choices and expenses, then you’ll do well to first assess your core operations. If migrating to managed hosting, you might choose to waterfall excess data storage (such as old servers or unused servers) away from your cloud solutions. An IT specialist can assess your systems and make detailed server management recommendations.

Your BDR Plan Data Core

In a perfect business world, you can back up all of your data and also securely delete it at whim. Unfortunately, the burden of managing data often requires a highly skilled IT team to monitor and safeguard your BDR hardware and software. If you’re not at the point at which you can easily back up everything daily, then you’ll want to ensure you’re protecting critical information.

  • Financial data, including accounting software, invoices, payroll, transactions
  • Customer information and client data, including saved CRM information like prospect notes and lists
  • Critical data from project management activities
  • Employee information, including all HR files that enable operations
  • Paper-based communications, including image saves and scans
MSPAlliance Cyber Verify A Rating Badge Awarded to EstesGroup

A Perfect Plan For Your Business

If you need proactive or reactive backup and disaster recovery services, EstesCloud technology consultants are highly skilled at on-premise, hybrid and private cloud solutions. An IT expert can help you create a penny-wise BDR solution that keeps your data safe.