Blog

Back It Up!

Backup Basics

Nowadays, we have a vast amount of data stored on our computer’s hard drive or mobile device. Whether it’s business data, financial information, or personal documentation, all are data that needs to be protected and are too valuable to lose.  Therefore, it is imperative to have a backup strategy to prevent data loss.

File backup can be done on a physical device (ex. USB flash drive, DVD, CD, external hard drive) or on the web using a cloud-based online storage.  When using a backup device, users need to make sure to keep the device in a safe place and easily accessible for doing a regular backup. On the other hand, using a cloud based backup service has the advantage of storing data in a safe remote location and can be accessed through internet connection.

File Sync vs. File Backup

File sync (ex. Dropbox, OneDrive, Google Drive) is a service that syncs a folder on your computer to the cloud.  Users choose which folder or directory should be synced. This allows users to access and work on those folders across devices.  Note that the rest of the data on the computer are not synced or stored by the service.  In the event of data loss, these services provide a rollback feature where users can recover files that were synced.

File backup (ex. Blackblaze, Carbonite, Mozy) is a service that automatically back up all data on your computer to the cloud. Any new or modified data will be backed up without dragging-and-dropping files.  Using backup service requires little to no setup from the user.  If there is a system crash or data loss, these services provide a rollback feature to restore all backed up data.

Respite for Hardware Failure

Any hardware will wear out eventually and can encounter defect, which could lead to data loss.  A local computer expert may not be able to rescue the data.  That is why backing up data as part of your cyber routine is important.  It is also a good idea to back up in more than one place: physical removable device, in case there is no internet connection, and cloud storage.  

Attached Backup is Useless

Data loss can occur due to ransomware attack. That is when a hacker puts malicious software (i.e. malware) on your computer and encrypts the data that blocks access to it unless a ransom is paid. 

There is no reason not to have back up and pay money to ransomware extortionists. Storage cost has gone down significantly for the last five to 10 years.  One of the ineffective backup strategies companies employ, is putting their backups on network drives or connected devices. This is useless since hackers can easily find and infect those.  

With business continuity plans in place that include a tested backup strategy, you can quickly roll back and restore the system using the latest backup.

Sanders IT Consulting Can Help

Backups are a CRUCIAL part of protecting your data! We’ve partnered with Carbonite to keep businesses running smoothly. Whether it’s computer protection, server backup or both, you can easily find the solution that meets your needs. For details, go to https://partners.carbonite.com/sandersitconsulting.

5 Best Password Practices

  1. Implement Long Passphrases
    For many years, users have been adopting the practice of combining numbers and symbols to create stronger passwords, although, it didn’t take very long for cyber criminals to catch on. These hackers started substituting some letters in the word with certain numbers or symbols, such as ‘e’ with a ‘3’ and ‘s’ with a ‘$’. There are also automated tools available to easily crack simple substitutions like these. Users must often memorize dozens of difficult passwords nowadays, so most users would rather let their browsers remember them instead. These practices put password security at risk and therefore, you should consider implementing long passphrases. Choose the first letter of a phrase, length is key and the complexity is a plus.
  2. Two-Factor vs. Multi-factor Authentication
    Two-factor authentication (2FA) has become a standard for managing access to corporate servers which users must now confirm their identity with a one-time code sent to their mobile device or using a personalized USB token. Two-factor and Multi-factor authentication solutions are used by businesses of all sizes seeking to keep confidential data secure. They can help to lower the likelihood of identity theft, as well as phishing scams, because criminals cannot compromise logins with usernames and password details only. Multi-factor authentication (MFA) is an additional security layer for businesses to address the vulnerabilities of a standard password-only approach. To be sure, here’s a great way to test: https://howsecureismypassword.net.
  3. Ensure a Secure Connection
    There are currently a wide range of devices and places that can provide access to corporate networks, yet hackers can still steal passwords if employees use unsecured Wi-Fi connections or devices that don’t belong to them. In order to secure your Wi-Fi network, use a Wi-Fi Protected Access (WPA) 2 that applies stronger wireless encryption methods. For businesses with remote workers, consider providing a secure VPN connection for which users can securely connect to corporate servers, since all the traffic is protected through a VPN tunnel.
  4. Add Advanced Authentication Methods
    While passwords are still the most commonly used method for authorization, there has been an increased tendency to start using non-password based and more advanced approaches. Instead of passwords, users can be authenticated using biometric verification, such as logging into an iPhone using a thumb print with Touch ID or for authenticating on a Windows 10 PC with facial recognition. These methods allow the system to identify users by recognizing their fingerprints, faces, irises, voices, or heartbeats.
  5. Apply Password Encryption
    Encryption provides additional protection for passwords even if they are stolen by cyber criminals. There is a widespread tendency to use reversible encryption or apply only one-way encryption, but these methods are ineffective, because an attacker can obtain the password database and can easily crack and compromise the passwords. Instead, consider using an end-to-end encryption that is non-reversible. This way, you can protect passwords in transit over the network. Beware that it is dangerous to store password files in a plain text. There are many cases where hackers have been able to compromise an enterprise’s password database and got away with a wealth of unencrypted passwords.

Bottom Line
Stolen or weak passwords are still the most common reason for data breaches, so it is best that businesses, whether large or small should pay very close attention to password security policies and password management. By utilizing some of these recommended best practices, you can create an effective password security policy and provide stronger protection against unauthorized access.

Email Phishing 101

Don’t get hooked!

 

Email phishing 101
Phishing is a type of online scam and easiest form of cyber attack, which can provide criminals everything they need to gain access to every aspect of your life. It is usually carried out through email that appears to be from legitimate companies to trick receivers into providing their personal information. The email usually includes a link that direct targets to malicious websites posing as legitimate sites and ask targets to enter their personal information such as credit card numbers, usernames, passwords, date of birth, etc.

Report phishing emails
Take a more proactive role to stop phishing by reporting them to the authorities. Forward spam emails to spam@uce.gov.

Phishing happens over the phone too!
Scammers are always looking for ways to get what they want to carry out fraud. With today’s technology, these crooks can make their phone numbers appear authentic (e.g. match the phone number on the back of an ATM card). Again, the objective is to get sensitive information.

Phishing quiz
Can you outsmart internet scammers? Take this quiz to find out  https://www.opendns.com/phishing-quiz/.

Avoid falling for a phishing scam
Use your own link. Do not click on the link included in the email. If you use a company and have a bookmark for the website, use that. Otherwise use a search engine to find the company’s correct site.

What to look for in a phishing email
1. Generic greeting. Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like “First Generic Bank Customer” so they don’t have to type all recipients’ names out and send emails one-by-one. If you don’t see your name, be suspicious.
2. Forged link. Even if a link has a name you recognize somewhere in it, it doesn’t mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepancy, don’t click on the link. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed.
3. Requests personal information. The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
4. Sense of urgency. Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.

What to look for in a phishing website
1. Poor resolution. Phishing websites are often poor in quality, since they are created with urgency and have a short lifespan. If the resolution on a logo or in text strikes you as poor, be suspicious.
2. Forged URL. Even if a link has a name you recognize, it doesn’t mean it links to the real organization. Read URLs from right to left — the real domain is at the end of the URL. Also, websites where it is safe to enter personal information begin with “https” — the “s” stands for secure. If you don’t see “https” do not proceed. Look out for URLs that begin with an IP address, such as: http://12.34.56.78/firstgenericbank/account-update/ — these are phishes.