Home » Blog » Your business

Tag: Your business

The True and Unexpected Costs of Being Hacked

There are the normal costs everyone associates with a breach, like getting your own server and computers fixed up, with maybe a little downtime. But really, most businesses view the possibility of getting hacked as more of an inconvenience than a bottom-line cost. For those who’ve come out the other side though, it’s a very different story. They know the hidden and ongoing costs of a data breach can be crippling, and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close after a cyber-attack. Here are a few of the hard, but common realities of life after a hack.

Raiding the budget to reduce downtime

From the moment a cyber-attack gets into your system, things get expensive, and the longer the attack goes, the more it costs. Latest stats reveal most breaches aren’t identified for around 191 days, then it can take on average another 66 days to contain the damage. During this time you’re cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fee for experts to fix everything up, all the new tools and software they insist you have, and all the hours/days/weeks when your business is struggling with downtime, you’ll exhaust your emergency funds very quickly.

The long arm of the law

Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. Having any medical data or legal files leak is a particularly messy scenario with fines coming from multiple sources. In any case, new privacy laws mean businesses are liable for massive fines if they don’t disclose a data breach, even if only email addresses were stolen. Where this gets even trickier is that the burden is on your business to know exactly what data has been stolen/illegally accessed, so you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you still need to hire an expert who can identify exactly what the hackers took, from where and when.

Customer retention measures

In a double-down crush to your bottom line, not only does your business have to bear the cost of the hack, your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to engage PR experts, spend more on advertising, and go all out to ensure they survive to fight another day. Even so, your breach disclosure will still come up in search results for many years. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.

All your secrets exposed

While you may not have Pentagon level secrets to protect, your business does have information that you’d like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. Think Coca Cola recipe, Big Mac Secret Sauce or 11 Herbs & Spices…While those corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret. It may not be a secret recipe, but your proprietary methods and databases have a black-market value all of their own.

But simply avoiding a breach doesn’t cost much at all…

The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines, make embarrassing public announcements, or fight to retain your competitive edge.

We can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians can build a virtual fortress around your business that keeps the bad guys out while letting you thrive, and even monitor security with early warning systems. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe while keeping your IT costs low.

Ready to secure your business against breaches? Give us a call today on 570-779-4018.

Fake Invoice

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click – Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments. Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

We can help increase your security, talk to us today. Call us at 570-779-4018

Fire Employee

3 Essential Steps Before You Fire an Employee

Your employees need access to your various business accounts so they can do their job, but what happens to those passwords when you fire them? Nobody likes to think of firing their employees, or why you’d need to, but nonetheless, it’s a responsibility every business owner must face at some point. While your accounts team will no doubt be on top of stopping their paychecks, it’s important to take the same proactive stance to strip their system access.

Most of the time, the former employee leaves under good terms and you’ll wish them well. If you’re lucky, they’ll even manage hand-over to their replacement so your productivity losses are minimal. Other employees may leave your business reluctantly or in a storm of anger and suspicion. While you’ll have very different feelings about the two scenarios, the risk to your business remains high until action is taken. Here are 3 steps you can take to protect your business from retaliation and other password-related disasters.

Limit access to a need-to-know basis

You might be surprised how often a new employee is presented the entire business on a platter when their actual job requires little more than a computer login. Accounts, strategy, customer details, industry secrets…all those sensitive aspects of your business that have made it a success – exposed. A better policy is to limit access to only what the employee needs to do their job. Rather than view it as a lack of trust, your employees will appreciate the care you’ve taken to protect your business (and their job). It also helps keeps them from being overwhelmed, confused or tempted if the situation ever turns sour. Likewise, take a few moments to delete old or temporary accounts that are no longer required, as you never know when a hacker or disgruntled employee will squeeze through the gaps.

Change passwords fast

On average, it takes at least a week before passwords are changed after an employee is fired, if at all. Unfortunately, this is the one type of delay your business can’t afford. In 2017, an ex-employee from the American College of Education held their entire email system to ransom for $200,000 after an unhappy exit. Stories of others stealing client databases are also common, especially as they leave to start their own business or work for a competitor. It’s not just full-time employees either, contract and part-time employees such as social media managers and customer support email specialists often have access to more of your business than you might imagine. Recent rulings make it easier for business owners to prosecute former employees who access their systems, however as we know, it only takes seconds to login and wreak absolute havoc. Knowing you can force those bad eggs into a lengthy court case is poor comfort considering the extent of damage you’ll likely endure. The best option is to change passwords fast – even before your employee knows they’re fired. This lessens the chance of revenge attacks and opportunistic access.

Use a password manager

If you have good password manager like LastPass, reducing your risk becomes mostly automated. You’ll be able to keep your logins in a central vault that only you can see, and share based on business roles/need. There’s even an option to share passwords without letting employees see them in plain-text. Instead of writing passwords down somewhere and manually entering them each time, they’ll be able to connect securely with a click. Plus, you can revoke the share at any time. If their role changes or they’re fired, you can use the dashboard to see who is having access to what and add/revoke at will. If you’re not sure what that employee has been up to, you can also generate reports of their history.

We can help you set up password management and lock down your network. Call us at 570-779-4018!

outsourcing your IT

Outsourcing your IT

Why outsource your IT?  As a Small – Medium Business (SMB), the question of outsourcing your Information Technology (IT) may have frequently crossed your mind, especially with the surging security breaches that the media outlets seem to broadcast weekly.  Whether your business does not already have a dedicated IT Department or if you are seeking complementary services to your already established IT infrastructure, outsourcing your IT technology can provide tremendous benefits to your business.  Using the 3 R’s (Reasons, Risks & Rewards) can provide a base to examine if outsourcing your IT may be beneficial and effective for your business.     

 

REASONS to outsource your Managed IT Services

  • Outsourcing is Budget Friendly – Cost Effective – Reduce & Control Operating Costs.
  • Would your business like to improve your and Your Employees’ Focus and Resources?
  • Would your business like to Reduce Labor Costs?  
  • Is your business finding it difficult to keep up to date with Routine Maintenance on Workstations and Servers?
  • Is your business finding it difficult to start or manage IT Projects?
  • Make capital available for other means in your business.
  • Reduce Security Risks.

 

RISKS involved with outsourcing Managed IT Services

Any time you hand over responsibilities for any aspect of your business you are inviting risk. Whether hiring a staff member or outsourced service, you may have lingering hesitations, such as, What are they supposed to do? Or Will they fit in with the company culture? Or Did I hire the right person?  

 

Some other risks that you may consider when outsourcing your Managed IT Services:

 

  • Loss of Control – Oversight
  • Confidentiality of DATA – entrusting someone to your company’s intimate practices may seem like a risk, but an Outsourced IT Service provider can also help protect your DATA from ending up in the wrong hands
  • Disaster Recovery – much like confidentiality, an Outsourced IT Service provider can mitigate and help to make a plan for Disaster Recovery
  • Some IT functions are not easily converted
  • Employee Morale
  • Your business may get locked into a contract

 

REWARDS of outsourcing your Managed IT Services

  • Acquire a Valuable Partner –  a committed Expert of Outsourced Managed IT that provides professional, objective and best practice advice along with keeping up with the most current technology trends.
  • Add to your In-House capabilities.
  • Little to no Human Resource (HR) Investment.  Hiring an employee hosts a staple of expenses from the hiring process, background checks and supplying a space to work to account for benefits, vacation, sick days, worker’s compensation, continued training, employee performance reviews, human resources, and of course, employee turnover.
  • Cost Savings.
  • Flexible to your Company’s changes in size, volume, and strategy.
  • Security – Keeping your Systems updated, leveraging Virus protection and proactively monitoring.
  • Predictable Monthly Budget.
  • Prevent Burnout of Yourself and Employees.

 

BONUS – Tips to Working with your Outsourced Managed IT

  • Clearly formulate and communicate goals and objectives of the business relationship
  • Have a Strategic Vision
  • Keep Open Communication

 

Managed IT Outsourcing companies have a lot of experience with different types of businesses and thus – a better understanding of a client’s expectations. This is the main reason why outsourced companies are able to be flexible with your requests and visions. They can even propose new ideas that can change your perspectives. Outsourcing companies see your existing infrastructure from a different vantage point and can customize a solution for your individual business needs.  

 

About Herstek & Associates, LLC

Herstek & Associates, LLC is a professional outsourced computer service company serving small to medium businesses in Luzerne and Lackawanna Counties in Northeast Pennsylvania (NEPA). Our specialties are network planning (network consulting), network projects, and ongoing network/computer maintenance. We pride ourselves in not only delivering the results you expect but also being knowledgeable, systematic, accountable, trustworthy and easy to work with. To speak with a Support Advisor about the the computer support provided by Herstek & Associates, LLC please call us at (570)779-4018 or contact us.

Section 179 Deduction

NEPA Section 179 Deduction

It is a great time of year to take advantage of the section 179 deduction. If you purchase software or equipment by December 31rst, you can deduct the full purchase price and a bonus depreciation. Section 179 is the product of a recent stimulus bill that is geared to help small business grow.

There are limits to what you can purchase. Most computer equipment qualifies. Most “off-the-shelf” software qualifies. PC, Laptops, Servers, and network equipment all qualify. Custom software does not but server-based software, PC operating system upgrades, MS office products, and accounting software like QuickBooks all do.

How about a business class i7-6700, 8GB ram, 250GB SSD with windows 10 pro with a 5-year parts warranty?

business class i7-6700, 8GB, 250GB SSD with windows 10 pro

Or maybe you need a new rack mount server with a Xeon Processor, 32 GB ram, 8TB hot swap raid 5 for your new virtual server host.

 Xeon Processor, 32 GB ram, 8TB hot swap raid 5

Or it could be time to upgrade your aging routers. Maybe a new SG-3100 pfSense router with 2x1GbE (gigabit ethernet) internet ports so that you can keep your business running on a backup internet connection even when the main lines goes down?

SG-3100 pfSense

Or maybe you have read some of my ransomware articles and now you are ready to have a serious disaster recovery system in place. We can configure a local backup system and supplement it with online backup. The hardware for the local backup could fall into the section 179 deduction.

Onsite Bare-Metal Recovery with Cloud Replication
We can source you other products as well. Ready for your Dual monitor setup? How about upgrading your laptop to an SSD drive? Maybe it is time to upgrade the memory on your unit?

Dual Monitor

Contact us now and we will be more than happy to configure a custom quote for whatever you need so you can take advantage of the section 179 deduction this year. Contact us here…

 

 

 

 

 

business disaster

Most Businesses Won’t Survive a Disaster. Could Yours?

With the crazy weather we’re seeing, natural disasters and cyber terrorism echoing for years, it’s not a case of ‘if’ a disaster will strike your business, but ‘when’. Surprisingly, it’s not the scope and scale of the event that influences how deeply your business is impacted, it’s your business continuity plan.

Put simply, this is the all-important set of precautions and pre-planned responses to an event, laid out in bullet-proof detail and implemented with one driving focus: keeping your business running with little or no downtime. Think about what would happen if your business was hit by a natural disaster tomorrow. Would it survive? How much downtime would it take to push you into dangerous territory?

According to an IBM study of all the companies that had a major loss of data, 43% never reopen, 51% close within two years and just 6% will survive long-term. For a fraction of those survivors, business even continued as usual thanks to their ‘failsafe’ business continuity plan. It’s more than disaster recovery, it’s full preparedness that bypasses the need for 2+ weeks of downtime, financial ruin, wasted salaries and reputation loss – but it does require a higher level of planning…in advance.

Recommendations to Put You in the Surviving 6%

Prioritize: You’ll need to plan exactly what you’ll recover first and know who’s in charge of making it happen. It goes beyond jotting down a checklist of things to do, it’s taking an analytical, process-based approach to recovery for each unique business perspective. But it’s also realistic: there’s no point dedicating precious time to reviving the email system if your customer data is leaking onto the internet, even if email did rank as your top communication priority!

Backup: Of course, the most critical part of your business continuity is having full backups in three places. Why three? One copy locally which you use each day, a backup on another (disconnected) device in the same location, and one in the cloud. That local backup is your life-saver for system crashes, cyber-attacks and the like; the cloud backup comes into play when your business has taken a major physical hit, perhaps from fire or flood. Some businesses can run entirely location-independent when using cloud systems like Office365, which can be enough to put them in that 6% of disaster survivors.

Test: Make sure all employees know what the plan is if something goes wrong, and their specific roles in these scenarios. You can test, prepare and rehearse your continuity plan under simulated disaster conditions, which will uncover new obstacles, priorities and additional threats.

As your IT environment becomes more complex, carrying more responsibility and risk, so does the importance of a robust business continuity plan. The best BC plans look beyond disaster recovery, taking into account scalability of your system and scope of your individual business, to create strong battle lines that will keep your business operational, both now and for the long term.

Give us a call at 570-779-4018 to create a custom business continuity plan for your business.

mac malware

Apple devices and Macs get malware!!

I don’t like picking on Macs… Oh, wait. That is a lie. I do like picking on Macs because I am tired of hearing “Apple’s don’t get viruses or malware.” This absolutely not true!

There hasn’t been a serious ransomware outbreak on Mac but that doesn’t mean isn’t coming. There are a few ransomware programs in the wild and there has been increased activity in the mac security sector just like there has been in the PC world. Other malware and scam software are out there and on the rise.  “Our tracking of Mac malware has seen a more than 220 percent increase in malware so far in 2017 over 2016,” said Malwarebytes. The main reason that Mac desktops and laptops seem to not be affected is that they only are about 7% of computer users. They are a much small target so there are less malicious programs out there. That doesn’t mean they don’t exist. They will still steal your data if they can. WIth RaaS (Ransomware as a Service) and cross-platform malware, it is becoming easier for the bad guys to target whatever they want. They don’t even have to be proficient at programming anymore. And with an attitude like “we don’t get malware,” you might be easy pickings.

Beyond that, you are also just as likely to lose your online data as a PC user! Just because you are browsing the internet from your Mac doesn’t mean things like the Yahoo and Equifax data breaches will not affect you. You still need to be vigilant in the cloud and protect your personal information.

Protect you and your Mac

  • Backup your data – Onsite, Offsite and Cloud
  • Keep your software and OS up to date
  • Don’t use unapproved software
  • Use an extra anti-malware solution
  • Be wary of unknown websites and unsolicited email
  • Use strong password and 2fa (Two-factor authentication) wherever you can
  • Use a standard account over an admin account for everyday use
  • If you have a laptop, consider full disk encryption

We offer backup, monitoring, and antimalware solutions if you use Apple products in your business. Let us know how we can help!

better business owner

3 Tech Tips to Make You a Better Business Owner

There’s no doubt about it, business can be tough! You’re juggling employees, customers, suppliers, stakeholders…the list is endless. You’re also operating in a competitive, high-tech economy that keeps trying to speed ahead without you. It’s no wonder you’re craving ways to get ahead of the competition, cut costs, boost productivity and dreaming of a vacation. Here are 3 tech tips that will make your life easier – and maybe get you closer to that ‘World’s Best Boss’ mug.

Consider a commuting policy

With better technology and faster internet connections, remote working isn’t just a possibility now, it’s an expectation. Clearly, not for every job (virtual burgers anyone?), but there are a lot of computer tasks in your business that could be done from home. Even if you offer a split week with 1-2 days at home and the remainder in the office, this can be a huge boost to your productivity.

From your perspective, remote employees can be more efficient without the distractions of yet another birthday sing-along, they have fewer absences and stay in the job longer. From the employee perspective, they don’t need to waste time commuting, get their work done faster, and generally feel happier and healthier.

Don’t cheap out on technology

Unsurprisingly, a tech newsletter is advising you to invest in tech, but hear us out. Technology is rapidly becoming the backbone of most businesses, yet we still see people who try and get by with the bare minimum investment and maintenance. And by ‘see people’, we mean they’re our most frequent repair and data recovery clients.

When you take shortcuts with your tech you’ll always get higher failure rates, more downtime, and employees who can’t do their job even though you’re still paying them by the hour. When businesses keep old tech longer than they should, thinking of the immediate cost saving, they usually end up paying more in the long term.

Embrace the cloud

Many of your existing software packages have a cloud version, which would allow multiple people to access it at once and give added backup or synchronization benefits. Your remote workers, mobile staff, accountant or CFO can all view the same reports without anyone having the trouble of sending out separate copies.

Cloud technology is also perfect for notetaking and collaboration using software like Evernote or OneDrive. You and your employees can think of ideas while out and about, make a few notes on a mobile device, and have it all synced perfectly to your desktop when you need it. You can even scan in paperwork and have your entire filing cabinet in your pocket.

Your business tech can unlock multiple possibilities that will make your days run smoother, more profitable and put you miles ahead of the competition. Ready?

Give us a call at 570-779-4018 to make your tech work harder for you.

Feeling the Budget Pinch? Here’s How Managed IT Can Help Save Your Business.

When it comes to running a modern business, technology is always a growing line item in the budget. Costs seem to creep up every quarter, along with a new learning curve for simply keeping everything running along smoothly. It’s no wonder then that budget restrictions for tech were recently found to be a universal concern for small/medium business.

You’re balancing the outlay of maintenance with replacement, plus securing against a steady stream of threats – all while making sure every dollar gives maximum return on investment. It even sounds exhausting! What typically happens is the tech budget gets stripped to a bare minimum, hoping nothing unexpected pops up and everything keeps moving along nicely. After all, everything is working just fine and that money could make a real difference elsewhere… except as soon as an IT emergency strikes, that tiny budget is obliterated and you’re left to either limp along with insufficient tech or dip into another budget area.

Now imagine if budget wasn’t an issue. Imagine all your tech expenses were predicted and capped, and you got everything you needed without resorting to financial magic tricks. Sounds good, doesn’t it?

Put simply, that’s how a Managed IT Service works. It’s a service designed for businesses with a limited budget who don’t have time for tech issues. For a fixed price each month (which is no doubt less than you’re thinking), you get a team of IT technicians actively monitoring your systems in order to catch issues before they occur, repairing problems on the fly, and ensuring your business is always as secure as possible. Included as part of your Managed IT Service, you also get expert business consulting around the solutions you need now, which solutions will help you rapidly scale, and which technology you don’t need. All for one predictable, fixed price each month. It gets better:

You’ll reduce downtime and associated revenue loss.

Forget scrambling while systems are down, with Managed IT Services you’ll know which tech is failing and can proactively repair or replace before it impacts your business. Downtime is planned/minimized and your staff are working uninterrupted by tech drama.

You’ll skyrocket efficiency.

You’ve probably been responding to your IT events in ‘firefighter mode’, essentially dealing with problems as they arise and switching to new, improved tech only when you must. With Managed IT Services, problems are automatically reported and optimal solutions designed in advance. Even the small issues that have been slowing your business down and limiting progress come to light, ready to be solved for greater efficiency.

You’ll secure against data loss.

Whether you’ve been following the news and worrying about the next cyber-attack, or you’re working with confidential customer or proprietary data, your Managed IT Service has you covered. Our technicians secure your business against attack using the latest technology, full backups, software updates and leverage every drop of their know-how to keep your valuable data safe.

Learn more ways Managed IT Services can benefit your business – give us a call at 570-779-4018.

6 Simple Tips to Protect Your Customer Data

As cyber-attacks continue to make headlines, hackers are exposing or selling customer data files in record numbers. But just like with any threat, there are actions you can take to minimize risk and ensure your business retains a positive reputation among customers.

  1. Stop using the same password on repeat. Set a mandate for all staff that passwords must be unique for each user and for your workplace. That means it can’t be remotely like the one on their home PC, tablet or online banking. Passwords are hacked more than ever, so when you’re prompted for a password change, dig deep and really think about what goes into a hacker-proof password. If remembering them is a problem, consider one of the latest password management tools.
  2. Go on a shredding spree. How much sensitive data is being dumped into the recycling bin? Valuable customer data is often taken from the bins of small businesses and quickly sold or published. It’s not just good practice to shred sensitive documents, it’s the law. Take 5 seconds to run documents through the shredder or book in the services of a secure shredding company.
  3. Ditch the accounting spreadsheets. Still using an Excel doc for all your number-crunching? Besides making your accountant’s job harder (and more expensive), you’re opening your business to a massive range of vulnerabilities. Even with password-protection, spreadsheets aren’t designed to safeguard your financials or those of your clients. Upgrade to a proper accounting solution with built-in customer data protections and security guarantees.
  4. Train staff explicitly. You can’t rely on common sense because what you think is a given might be news to someone else. It can be extremely beneficial to hold special data-safety training sessions once or twice a year as a reminder, as well as take the time to induct new staff into the way things are done.
  5. Limit access to data. Just like the bank manager who guards the keys to the vault, you can limit who accesses your data. Revoke employee access as soon as they leave your business for good, and set rules around who can access what – and when. Do they need access to sensitive information while working from home? Should they be able to change the files, or only view them?
  6. Keep your software updated. Possibly the most preventable hack, having outdated software can be an open invitation for cyber-criminals. They look for known weaknesses in business software and waltz right in. While the nagging pop-ups and reminders to update can feel like a selling ploy, they’re actually helping your business to stay in the safe zone. Updated software gives you protection against new viruses and hacking techniques, plus closes off those nasty weaknesses.

If you would like to make sure your business is secure from data breaches, give us a call!