How Much Could A Ransomware Attack Cost Your Business?

How much is your data is worth? Information is probably the most valuable part of your business. Imagine if you lost your client database, accounting software, inventory management and any intellectual property you may own. How long will it take to recreate this data and how much money would you lose in lost productivity, staff wages and the time it takes to either recover or recreate the lost information?

Recently when the WannaCry ransomware spread through out the world, many businesses were suddenly forced to re-assess the value of their data: was it worth saving and what would be the ongoing costs of the attack?

If you don’t have a recent backup most ransomware attacks cost at least $US200 (if not a lot more) to get your files released and that is only IF the cyber criminals honor the payment and actually give you the decryption key (some even demand further payments). Meanwhile your business is still running and new client calls are still coming in and you may find yourself unable to operate with your systems down.

Paying the ransom may seem like a quick fix but:

  • There is still the downtime involved to restore your data resulting in lost productivity.
  • If word gets out that your data has been compromised you may find confidence in your business plummets and your existing clients head elsewhere.
  • The cyber criminals you pay, may now see you as an easy target and demand more money or target you for other scams and malware activity.
  • You may recover the data but is it compromised with other malware?
  • You may not get back all the data that has been lost.

So that $US200 ransom may end up costing many, many thousands of dollars!

How To Prevent Ransomware Attacks on your Business

Keep your systems up to date: Malware can take advantage of flaws in older versions of Windows and software – sometimes ones that have already been patched by Microsoft and third party vendors. To be protected businesses have to stay up to date with their patches & versions. To be up to date with Windows patches you need to be running a supported version of Windows. Delaying patches and updates puts your business at risk – we can help you keep you systems up to date.

Use corporate grade security software and firewall: Free software may be fine for low end home computers but if the worst happens you will get no support or help from a company providing free software. A firewall or UTM (unified threat management) device can also help block malware and ransomware infections. But whether it is a free or paid for solution the software (and any hardware devices) must be kept up to date.

Lock down employee computers: Very few staff will require full administrator access to your business network. With a higher level of permissions the more damage a person can do – either accidentally or by inadvertently installing malware. By locking down your computers you have a better chance of containing a malware attack to non-vital systems. Our expert computer technicians can design an access management plan that gives you best of both worlds – flexibility and security.

Educate your workplace: Most employees believe they are being cyber-safe but in reality it is quite different. Many malicious links and embedded malware have become harder to spot – and all it takes is a microsecond to click (and later regret it). We can work with your staff to establish procedures around checking links for authenticity before clicking, awareness around verifying the source of attachments and the importance of malware scanning and keeping systems up to date. We can help get the message through!

Have a solid backup plan: When ransomware hits, a connected backup = infected backup. Also a lot of cloud backup systems, such as Dropbox, immediately clone the infected files which also renders the cloud copy useless. The only safe backups will be the ones both physically and electronically disconnected. Our experts can set you up with a backup system that makes recovery simple.

Be proactive: The best way to avoid the costs of a ransomware attack is to prevent it from happening in the first place is with up to date antivirus software, regular systems updates and security audits. Remember, many businesses were able to watch WannaCry from the sidelines, completely unaffected and seized opportunities while their competitors were down.

Our regular maintenance plans can help protect your business against the next cyber-attack. Call us today on 08 8326 4364 or via email at support@dpcomputin g.com.au.

WannaCry Ransomware Explained: Is Your Business At Risk?


With all the media attention last week you would be hard-pressed to not of heard about the WannaCry cyber-attack. Businesses of all sizes and even hospitals and police departments found themselves crippled with out warning.

Here in Australia we looked to have missed a large part of the attack due to the time zone differences and the fact that a kill switch was found for the malware. We shouldn’t rely on these factors going forward though. This articles details what the malware is, why it caused so much damage and how to protect ourselves moving forward.

What is WannaCry?

The WannaCry cyber-attack was a type of malware (the collective name for malicious software which includes viruses, worms and spyware) called ‘ransomware’. Just like the name suggests, it actually demands money from the owners of the computers infected. Like all ransomware attacks, WannaCry encrypts your files and holds them hostage until payment is made –  in this case, the price was set at $300 payable with the internet currency Bitcoin (and you had 3 days to pay before it doubled). If you don’t pay the ransomware threatens to permanently delete all your files. It is not yet known how much money the WannaCry hackers have earned with their latest attack – but you can be sure that plenty of people have paid the ransom. Even the FBI recommends paying the ransom – especially if the ransomed files are of a sensitive nature or weren’t backed up.

How It Spread So Fast

WannaCry self-replicates and spreads. So far, no common trigger has been identified, as is normally the case with phishing links (a phishing attack needs to be activated – usually with a click). WannaCry moved rapidly from system to system, spreading out through the entire network, including all connected backups and storage devices. At the same time it infected other networks, who then spread it further and further. Given the nature of the internet it had spread widely within hours.

Why Some Businesses Were Safe

WannaCry took advantage of a specific vulnerability in Windows of which Microsoft patched months ago. Thus only systems that have fallen 2 months behind in their Windows updates were infected. Without that patch, the ransomware could waltz right past the firewall, past the anti-virus and directly into the system (the NHS were reportedly running Windows XP – which is no longer supported by Microsoft). Those running Windows 10 or a fully patched, recent version of Windows were completely unaffected as the virus literally had no way in

This outbreak shows the importance of staying up to date with security patches on your systems. We haven’t yet seen a second spike in WannaCry attacks yet, but that doesn’t mean there won’t be one. A quick Windows update could protect your business from weeks of downtime and lost revenue making attacks like this a non-issue.

With our regular maintenance plans we can make sure you stay up to date and protected. Give us a call today at 08 8326 4364 to discuss ways we can help your business stay safe.

How To Stay Cyber Safe When Travelling

Mobile Cyber SecurityWith cloud computing people are embracing the flexibility of working away from the office (whether at home or travelling) and working by simply accessing the relevant data or applications via the internet..

When in the office, you are protected by professionally designed firewalls, security infrastructure, and robust software. As soon as you step away from that network those protections disappear and leave your device and the data inside at greater risk.

Cyber attackers love to collect any data they can obtain – business or personal doesn’t matter to them as it can all be sold. These days the information stored on your device can be worth much more than the actual device.

Here are 3 ways a hacker may attack:

Random Opportunity: If you have left your laptop at a café or a thief has stolen the phone from your pocket, the outcome is the same – that device is gone. Hackers take any opportunity they can to gain access to a device: including taking them from hotel rooms and even asking to ‘borrow’ them for a few minutes – if they don’t steal it the device is handed back laden with spyware.

Creating a fake Wi-Fi Hotspot: We’ve all come to expect free Wi-Fi networks wherever we go. Hackers though will take advantage of this to create their own free, unsecure network just waiting for someone to connect. Once a user is connected a hacker can  grab any unsecured passwords sent across the network.

Intercepting an Unsecure Network: Hackers don’t even need to own the Wi-Fi network to steal content from it. Data traveling across an unsecure network is visible and available to anyone with the right software.

Don’t let these issues stop you using the Internet when out side the office. Just take the following precautions to increase your cyber safety and help protect your valuable data:

  1. Regularly make backups: In the event your device is lost or damaged, you’ll be able to replace the device with a new one and quickly restore all the data from a backup, all with minimal downtime.
  2. Be careful when using public Wi-Fi: Don’t use passwords or email when on a public network. Use a VPN or a 4G connection (ie tether your computer to your phones data connection) when you are accessing sensitive data or logging in to secure sites.
  3. Use passwords and encryption: At a minimum, make sure your device is password protected and has full drive encryption. With a password and drive encryption even if your storage drive is removed from the device the contents are inaccessible.
  4. Act fast after loss: If your device is lost or stolen, immediately notify the appropriate companies and people. This might include your IT provider so they can change passwords, your bank and any other financial institutions so they can lock down accounts, and any staff who need to be aware of the breach so they aren’t tricked into allowing further breaches.

If you need further help with mobile cyber security contact us on (08) 8326 4364 or on support@dpcomputing.com.au.

Internet Lingo 101 – A Cheat Sheet for Beginners

Internet Terminology 101The Internet is growing and changing so fast that even the dictionary has trouble keeping up. Here are some common terms that are helpful to know.

Browser
A browser is a software program that lets you view web pages, videos and other online content. It’s a core requirement of going online, as it converts the computer languages HTML, Javascript and XML into a readable form.

Popular browsers are Google Chrome, Safari, Firefox and Microsoft Edge – Internet Explorer has been superseded by Edge and due to security issues is no longer recommended.

Email
Electronic mail (aka email or e-mail) is a typed message sent from one person/business to another via the Internet. Email is usually delivered to the recipient quite quickly (sometimes in seconds) but can take up to a few hours or longer.

To read and write email you will need a program such as MS Outlook or access to an email service such as Gmail or Outlook.com (usually through a browser).  Most emails are in the form of letters, newsletters or catalogs and are often written with a more casual tone. Email can include text, links to the internet and images but can only include video and sound as an attachment.

Firewall
A firewall is a security measure designed to act like a bouncer to your network. It can be both a hardware or software device. When an unauthorized user attempts to gain entry, the firewall blocks their path and refuses their access.

HTTP and HTTPS
These are acronyms for the rules of how data is transmitted across the Internet. The actual mechanics are incredibly complicated, but the terms have one very important distinction – the s on the end.

HyperText Transfer Protocol (HTTP) describes how the images, text and links ion a webpage are transferred across the Internet.

HyperText Transfer Protocol Secured (HTTPS) means the page has an added layer of security to hide your personal information from hackers. Data sent through pages with this prefix are securely encrypted before transmission.

IP Address
Every device directly connected to the Internet is assigned a unique IP address to identify itself. It is used to make sure that when you request a page or document it is sent back to you. Your IP will look something like ‘202.9.64.55’ and may be referred to as fixed or dynamic IP address.

ISP
Your Internet Service Provider (ISP) is the company that allows you to connect to the Internet. You usually connect to them through a hardware device such as a modem or router. They can also offer extra services like email or web hosting.

Malware
Malware is the short form of the phrase malicious software. It is a broad term used to describe viruses and other software that performs a function that you don’t know about. Malware can trick you into paying money, take control of your computer, be used to launch attacks against other computers, steal your private details or break your computer in some way. Instead of listing each specific threat separately you’ll commonly see them lumped together under the general term ‘malware’.

Router
The traffic system for your network the connects computers and devices within your office or home and acts as a basic defensive gateway to the Internet. These hardware devices can be wired or wireless and allow you to share one Internet connection amongst all the computers and devices in your office or home.

Social Media
A term to widely describe all the websites and applications that let you share and interact with others online. To fit this term the site needs to allow user profiles, live updates and the ability to add friends and / or followers.

The most common social media websites are Facebook and Twitter.

Spam and Filtering
Spam refers to any unsolicited email message sent over the Internet. It is the electronic form of junk mail but is also a technique hackers use to trick people into clicking links which may infect their computer with malware.

Email applications are reasonably good at identifying spam and should shift dodgy messages automatically to a spam folder before you see it. Occasionally the filters get things wrong and you may find a relevant email needs to be dragged back to your inbox from the spam folder or allowed through. Filters should also allow for blacklisting and whitelisting email addresses.

URL
Each website has a unique address on the web known as a URL (Uniform Resource Locator). URLs commonly end in .com but can also end in a country specific extension like .com.au or .fr, or more recently, in new and exciting extensions such as .xyz or .me

Let me know below in the comments if you have any other words or want a description for a word or phrase you don’t understand.

 

Four Reasons To Use Anti-Spam Filtering In Your Business

Monitor screen showing spam in the mailbox

Remember the times when spam was obvious and unless you desperately needed a special blue pill they were easy to ignore and delete? The impact on your business was minimal as spam was just an annoyance rather than anything else. Unfortunately spam has now matured into an aggressive threat, marked by sophisticated attacks and rapidly evolving techniques. It is not just random electronic junk mail anymore and is putting a costly strain on your business resources.

How Spam Impacts Your Business

Hackers are now sending cleverly disguised emails to your business containing malware. Once clicked by an employee the malware can infect your computer system or steal your private data. The malware can spread across the entire computer network and beyond – including your clients and vendors. The fact that your employees must pause and examine every email adds hours of lost productivity. Some spam is so convincing that only an expert would be able to visually identify it. Employees are also more likely to miss an important email, either not seeing it arrive at the same time as a spam attack or becoming overwhelmed with the sheer number of emails.

How an Anti-Spam Filter Can Save Your Business

Spam emailEmail clients such as Outlook can perform basic filtering but to rely just on Outlook is not recommended. The best method is to implement a corporate grade filtering solution. Depending on whether you have an on premise or cloud based server an on premise or external filtering options are available. Even if you have an on premise mail server we recommend an external filtering option. An external option stops spam ever reaching your office saving precious bandwidth and server processing time.

Ways in which a spam filter will benefit your business includes:

  1. Block threats before they reach your inbox: The spam filter’s purpose is to block the spam from ever reaching your employees mailboxes. The threat is automatically identified and either held securely or immediately deleted. This is the best way to avoid activating any malware present in spam – as it’s so easy for you or an employee to click on a link in an email that seems authentic and / or important. The effects of that one click may be instantaneous or may lie hidden for months. Removing the email before it is in a users mailbox is a much safer option.
  2. Filter legitimate emails: Real mail needs to be able to stand out and avoid the trash. Anti-spam filtering has sophisticated recognition abilities which block spam only and allow real mail to land safely in mailboxes.
  3. Meet data regulations: Many businesses are subject to strict privacy and data storage regulations, some more so than others. To continue operation, they need to meet conditions including the use of spam filtering to reduce the risk of data breach.
  4. Protect your reputation: You can see how uncomfortable CEOs are when they go public to admit a breach. They must acknowledge that they failed to protect client data or that users may be infected with a virus. Not only do they then face financial loss but their business reputation takes a nosedive. Anti-spam filtering is a simple way to help reduce these types of scenarios.

Filtering has come a long way in recent years, with complex algorithms identifying and catching spam before it becomes a risk to your business. Real emails can now pass safely through without the classic catchcry of ‘check the spam folder’, and businesses can work with greater productivity and more safely than ever before. You need email, but you definitely don’t need spam or the chaos it can bring to your business.

We can block spam and keep your legitimate emails flowing. Call us at 08 8326 4364 or email support@dpcomputing.com.au today!

Is Dropbox Suitable For Your Business?

Dropbox - is it suitable for me?

It seems easy! Install Dropbox and then drag your files into a Dropbox folder and you’ve got yourself a cloud based file storage system that brings your business in line with modern expectations. But then again, maybe not!

Due to its simplicity Dropbox has grown to become one of the main file sharing and cloud storage solutions around. For some businesses using Dropbox can provide good value, and it never hurts when your staff already know how to use the software. In other cases another alternative designed to meet business needs may be more suitable.

When Dropbox is a Good Choice

Micro-sized business: If your business is small with only yourself or a couple of employees.

No sensitive information: This includes personal details of customers, vendors and staff or other proprietary data such as accounting information.

Nobody ever accidentally deletes anything: Dropbox is a syncing service, which means when a file is deleted, it is deleted from all machines. While you can recover the file from the Dropbox website you need to do this within 30 days – which by the time you notice it’s missing may be too late.

If you’re thinking those attributes sound more like a fictional business, you’re not far off.

Dropbox’s popularity in the consumer space has caused businesses to use Dropbox despite the risks. Dropbox is designed for syncing and NOT backup. This means while your data is copied across all connected devices, it is a mirror of the data only – when you delete or change the original file it is immediately synced across devices. If malware infects one machine this can spread between all your connected devices and put all of them at risk.

You may require access control on certain files or folders. Dropbox acts like a free-for-all, the shared files are sitting there available to anyone with access to read, change and copy. You will also miss collaborative editing, losing out in productivity and data resilience as multiple employees overwrite each other simultaneously.

Another issue is – where are your files that are located in Dropbox actually stored? What country, what type of data centre, what countries laws apply, for privacy reasons do you require all data to be stored within Australia or another country? These are all legitimate questions which Dropbox doesn’t have an easy answer for.

If Dropbox makes sense for your business, there’s no reason to change. But if it is clearly not a good choice for you there are multiple corporate grade solutions available. These are designed for specifically for businesses with security, encryption and collaboration controls built in. Rather than the easiest solution which may pose a risk to your business consider implementing a business class scalable solution that meets all your needs.

Call us at 08 8326 4364 or support@dpcomputing.com.au to discuss online cloud storage solutions for your business

Top Ten Tips To Stay Safe Online

Are you worried about staying safe while using the Internet?

Then check out our great tips on how to stay online by clicking the link below.

The articles go through the following topics:

  • Secure you device.
  • Shop safely with trusted sellers
  • Learn the markers of a secure site.
  • Use a safe and protective payment method
  • Think before you share
  • How to tighten privacy settings
  • What to use a a passphrase
  • How to check the senders email address
  • Check the URL.
  • How to outsmart fishing attempts..

Click the link below to access our easy to print PDF with the tips.

Top 10 Tips to Stay Safe Online Guide

If you have any questions please leave a comment below.

What is the “Internet of Things” or IoT?

You arrive at your home or business and the door unlocks because it knows who you are. The lights switch on automatically and your favorite music begins to stream gently through the room. It’s already the perfect temperature, and as you head to your fridge, you notice an alert on the screen reminding you of a meeting.

It may sound like a scene from a movie but it is actually reality today thanks to the Internet of Things (IoT). Almost anything that can be turned on or off is now able to be connected to the internet. An new industry has been created to help users create a custom experience designed around their unique needs. Electronic locks, lights, healthcare wearables and household appliances are just the beginning. IoT goes beyond devices you can use to surf the web – it’s a global revolution.

Adapters can transform even the most random appliance into a connected gadget and  add new layers of functionality. Cloud software is creating connections, resulting in not just a new experience, but a new way of interacting with the data produced. It may all seem futuristic, but IoT is less about technology and more about enhancing relationships between people to people, people to things and things to things.

Millions of people are already wearing a Fitbit to track steps and calories and others are letting their fridge order groceries! The practical applications are almost endless and include:

  • GPS trackers on pets.
  • home security via webcam.
  • patient monitoring of blood pressure/heart rate.
  • weather monitoring.
  • remote power points.

No more worrying all day if you left the iron on, just push a button on your phone and know for sure it’s turned off.

Of course, with all this comes security risks. The idea of having your toaster hacked is a bit mind-boggling but any technology connected to the internet is open to exploitation. The webcam that allows you to monitor your pets may also allow other people to glimpse inside your home – but only if it’s not secured properly. Unfortunately, it only takes one small gap for a cyber-attack to get through, and once in all connected devices may be at risk.

Having your lights taken over by a far-away prankster may seem like a small risk, but gaps may allow them into your computers, phones, tablets and other devices too. This is the part the news reports and movies skip over – the networking protections that exist in the background, shielding against attacks.

Taking the time to properly secure your IoT device is essential to making sure you get the whole, happy future-tech experience. We’re big fans of the potential of IoT and can’t wait to see what comes next!

Do you have an IoT device that needs securing or would like to learn more? Give us a call on 08 8326 4364 to help.

Windows Vista End-of-Life: What This Means For You

Windows Vista End of LifeJust like what happened with Windows XP the life of Windows Vista is coming to an end. On 11th April 2017, Microsoft will cease all support and security patching. Naturally if you are a current Vista user this wouldn’t be good news and you are not exactly leaping for joy at this news!

Vista won’t stop working on this date but there will be a higher chance of security issues. While you’re watching the count-down and thinking about scheduling an upgrade cyber-criminals and hackers are making plans of their own.

As soon as vulnerabilities surface Vista users will be wide open for attack.Thus even the most stalwart Vista user should upgrade, as continued use will expose your computer to risks. These risks include:

Security risks: Gaps exploited during the Vista lifetime have already been patched but there are many more just waiting to be discovered. Hackers are extremely fast to exploit newly-discovered vulnerabilities and without Microsoft working just as fast to close them, the risk increases exponentially every time you turn on the computer. Antivirus software may not even help you here.

Compliance risks: Many businesses are subject to a variety of compliance conditions some of which require them to run an operating system that’s regularly patched. For those working with sensitive, financial, legal or private data, this is even more important. Continuing to use an unsupported OS places the entire business at high risk.

Software incompatibility: New applications are created for current operating systems. This means you probably won’t be able to upgrade past the software you now have. This will further open your systems up with security holes that aren’t being patched for third party applications..

No support: Vista mainstream support was stopped back in 2012 but there were always avenues if you were really stuck with something. A quick Google search or even Microsoft support staff willing to bend the rules; as of 11 April though, that all stops. The only support available will be outdated pieces you can locate with Google, solutions which may send you in circles with no resolution.

Windows Vista End-of-Life: What This Means For You

The solution is quite simple: upgrade your computers. It probably won’t be as simple as just updating your current system to though. Due to the age of Vista era machine you will most likely have to upgrade your whole system – hardware and software.

Windows 10 is the latest release and will give your upgrade investment the best value and security. Vista will continue to work after April 11, but every day you use it puts your system at higher levels of risk.

Get in contact by calling us at 08 8326 4364 to upgrade your Windows.

Should I Pay For Antivirus Software?

Its the age old question that I regularly hear – is free antivirus software as good as a paid for solution?

In a perfect world the best way to avoid a computer virus is by using common sense – but that doesn’t always work with even the most careful users finding themselves infected in an instant. This is why antivirus software exists to help us not get infected – but should you choose free or paid antivirus? Here we list some of the differences between the two:

Advertising: Much like a free game making its fortune with advertising and in-app purchases, free antivirus software will push you for payment. Expect popup boxes pestering you to sign up to the paid version. Some free options will also try to change your browser home page and default search engine, an inconvenience you may be stuck with. Paid options are more respectful and largely invisible unless they have detected a problem.

Effectiveness: It is fair to expect your antivirus to detect malware, and testing shows that in a head-to-head battle free and paid are roughly equal at catching known infections. Generally free antivirus needs to have recorded a virus to its library before it can detect it. Paid antivirus is more likely to identify and stop new viruses – they can detect suspicious behavior, source and attributes and are a far more effective method of detection.

Features: Free antivirus is usually a cut down version of a paid version. In a paid version you can expect advanced features like spam filters, firewalls, parental controls and secure web browsing. Some paid antivirus packages also update your other software applications, forming a more secure protection against attack.

Support: Free antivirus options are very popular because they are free! This means there is generally no support available. If there’s a problem or conflict with another program, you may find yourself without protection until it can be resolved. Paid antivirus options usually include telephone suppor and other forms of support, ready to help with problems ranging from installation to system diagnostics.

Ease of use: Free antivirus packages are generally easy to install and use, but are  limited in their flexibility. They come as-is, meaning you can’t pick and choose what it monitors or how it reacts. For example, users occasionally find it necessary to disable ALL protections in order to install a network game. Paid versions are more likely to allow you to adapt the way it runs, switching features on and off as required.

In summary free antivirus software is fine for very basic protection, those on a budget or with an older PC – in these cases, something is always better than nothing. But we generally recommend you go with a paid antivirus solution to defend you from the new attacks that are released daily and to ensure you have solid protection that will make a real difference to your digital safety.

Talk to us about upgrading to the best security options for your needs.