How Safe is your email?

/

A hacked email account can lead to an array of serious problems. Hackers will try to gain access to the sensitive information contained within your email.  If they do manage to access your account, they could send emails on your behalf to your contacts and valuable clients.  This activity could lead to identity theft.  In a business situation, a hacked email account is even more serious and can be extremely damaging to your business and it’s reputation. And sometimes these actions can go unnoticed.

Prevention, rather than cure, is always the better option and there are things you can do to help prevent cybercriminals from compromising your email. 

Email Protection

Most attacks start with a simple email appearing to come from a colleague or someone you know, requesting you to sign in with your credentials to view the document they sent you. Sometimes the forgotten account you created years ago on a website that was recently compromised contains the same password you currently use. Or maybe your password contains part of your name, company or is one of the most commonly used passwords.

These attacks are unfortunately common and passwords need to be reinforced with MFA. Phishing emails are getting more sophisticated and harder to detect with the naked eye.  Security is best achieved with a layered approach and MFA is the solution you need to protect your accounts.

What is Multifactor Authentication ?

Multifactor Authentication (also referred to as MFA) requires the user to identify themselves by using multiple credentials.  This is becoming standard practice within businesses that take cybersecurity seriously.  Without MFA your username and password will suffice, however, with MFA you will also need to provide another form of identification.  This could be answering a security question, entering a code from your smartphone or similar.  The concept involves using something only the user knows or possesses to ensure they are the correct user.

Cyber Security

Security will always be a concern when it comes to IT and technology.  MFA is only one in a range of security solutions to protect you online.  To protect yourself successfully from cybercriminals you need to have several layers of protection and MFA should be one of them. 

Using the knowledge and expertise of your technology partner is a clever move.  For every problem there will be a solution and talking to an expert from the GDK Network Systems team will reveal many options for you.  Why not make the start and implement MFA as another layer of security for your business?  Talk to our team today to find out more. 

Are you aware of the GDPR General Data Protection Regulation?

/

The General Data Protection Regulation (GDPR) significantly changes data protection law in Europe, strengthening the rights of individuals and increasing the obligations on organisations.

Get aware and Get prepared.

Here are some short videos explaining what your organisation needs to do to achieve compliance.

 

Between now and May 2018, we will be sending more updates to our clients on this very important regulation. 

Further information is given below.

Please contact us in the meantime,  if you need further information.


The GDPR is upon us! Well, almost…

If your organization serves customers or individuals in the European Union, you’re likely already aware of the General Data Protection Regulation (GDPR). Introduced in response to concerns about data privacy, the GDPR will go into effect on May 25, 2018, requiring responsibility and accountability for every organization that processes the personal data of individuals in the EU. In today’s global economy, that includes the vast majority of enterprises and a large proportion of smaller businesses as well. The extensive requirements of the GDPR—and the high cost of non-compliance—make preparing for this new regulation a top priority for today’s organizations.

GDPR Basics

The first thing to understand about the GDPR is to whom it applies and what it covers. The regulation refers to both “controllers” and “processors” of data—in other words, any organization within the EU and any organization that stores, handles, or processes personal data of EU residents in any way. Personal data is defined quite broadly to include not only information provided by the individual, but also observed data such as online identifiers, browsing history or social media posts; data derived through straightforward processing such as previous transactional history; and data inferred through more complex processing. Given this, companies need to be extremely thoughtful about the handling of any data they collect.

The GDPR is all about accountability and governance. Companies must take steps to minimize the risk of breaches and uphold the protection of personal data, ensuring compliance through documented technical and organizational security measures.

Penalties

If GDPR compliance seems onerous, consider the alternative: organizations that fall short of GDPR requirements can face stiff penalties on a two-tier fine structure. A lack of compliance can bring a penalty of €10 million, or 2 percent of global revenue, whichever is greater.  Companies that violate the rights and freedoms of their data subjects—including those that fall victim to hacking and other breaches of personal data—are subject to twice that penalty. Add this to the already-considerable set of risks associated with a data breach.

Incident Response

In addition, under the GDPR, organizations will now have a 72-hour breach notification obligation. This applies to more than just the loss of personal data; any breach of security leading to the destruction, loss, alteration, unauthorized disclosure of, or access to personal data must be disclosed within the mandated time period. This requirement will cause many companies to mature rapidly their data incident response programs.

Additional Rights

Beyond new penalties, security requirements and incident response obligations, the GDPR extends additional rights to individuals in the EU, including the right to be informed about the use of their personal data, the right to have access, to erase and transfer their personal data.

Trust

At its core, the GDPR is about TRUST. It is about companies handling the personal data of their customers, partners and employees with care and respect. As a supplier of IT systems and services that helps Irish businesses, GDK's relationship with its customers is built on trust. GDK views GDPR as an opportunity to reinforce that relationship, and GDK is relentlessly focused on helping our customers secure all of their data, and supporting our customers’ GDPR compliance programs.

Between now and May 2018, we will be sending more updates to our clients on this very important regulation.

Please contact us in the meantime,  if you need further information.

CyberSecurity: Why your organisation needs to Get Wise to the New Threat Landscape

/

The CyberSecurity landscape changes every day, with new actors, new threats, new schemes, and new ways to infiltrate websites, emails, devices, and almost anything that is connected to the internet. We’re constantly reading about the rise of spear phishing, DDoS attacks, global malware threats, ransomware, CEO fraud, and more.

Despite all of the attention that CyberSecurity is receiving, there is still a widely held belief in the small- to medium-sized business or organization (SMB) that cyberattacks happen to someone else - the “Ostrich Effect”

Apparently, this is something that is prevalent in humans; it is our natural instinct to avoid unpleasant or difficult news or situations. Unfortunately, hiding from a problem doesn’t make it go away. It just continues without you, delaying the inevitable.

This is the state of CyberSecurity in the SMB market today. The threat exists. It’s real. It’s growing. It is not going away, and if we continue to bury our heads in the sand, it is going to get much worse. 

Ransomware as a Service or RaaS is a direct threat to SMBs

SMBs should be aware that Ransomware as a Service (RaaS) can be used by anyone with the desire to commit cyberextortion and this has changed the threat landscape. SMB's are now at more risk than ever before.
Consider these statistics:

  1. Cybercrime is expected to cost the world over $6 trillion USD by 2021.
  2. SMBs are under attack as cybercriminals understand SMBs have fewer resources and far less protection than larger entities.
  3. Half of all cyberattacks are against SMBs.
  4. Ostrich Effect statistics: 77% of SMBs say their companies are safe from cyberattacks, yet 83% of them have no formal cybersecurity plan.
  5. 6 out of 10 SMBs do not have a contingency plan should they undergo a cyberattack.
  6. 66% of SMBs say they are not worried about a cyberattack.
  7. Most SMBs do not have policies in place to provide procedures for employees in the case of an attack.
  8. While most small businesses feel that they have adequate protection for themselves and their customers, Visa, Inc. reports that SMBs represent over 90% of payment data breaches.  
  9. Most small businesses do not have any cybersecurity training in place for their employees, while 83% of breaches are caused by untrained employees being duped by phishing and spear phishing activities.

Being Proactive is the Way to Defend against Cyberattacks

While the news on the CyberSecurity front is daunting, SMBs with a proactive plan of protection are far less likely to suffer a breach. When considering a plan for protection, these four areas should be reviewed:

  1. Risk Assessment—it is critical to know what data is at risk, where it is, and how to protect it.
  2. Risk Remediation—have a process to remove/back up/encrypt data to bring to “clean state.”
  3. Protection—utilize advanced technologies to secure a safe environment for your business and your customers.
  4. Education—instigate employee CyberSecurity awareness training.

A proactive approach to protection is the key to being safe for most businesses and organisations, whatever their size.

Remember,
if you are connected to the Internet,
you must be protected!

If you would like us to assist, please Ring us now 01-2166 970 or click here to send us a form.

Protect Your Networks with Easy Patch Management

/

One of the easiest ways for hackers to breach networks is by targeting the vulnerabilities of out-of-date software. It has never been as important to ensure that all devices on your network are correctly patched with the most up to-date software updates.

That’s why keeping software current with the latest security patches
is essential for strong Cybersecurity.

GDK's Remote Monitoring & Management Software (RMM) streamlines patch management by giving you granular control over your patching policies through our Monitored Helpdesk System. Whether you want to automate the entire process, customize patches for certain devices or manually approve or deny patches, RMM gives you peace of mind while getting the job done

  • Automatically approve patches based on severity so you don’t miss a critical security update
  • Schedule updates for specific maintenance windows to avoid disrupting productivity
  • Sup port more software, including critical Microsoft programs and over 80 third party application families

Patches are provided for popular Software including, but not limited to:

  • Microsoft Office 365, Exchange, SQL Server,
  • Internet Explorer and Windows OS, Java, Adobe, Mozilla Firefox,
  • Google Chrome, Apple iTunes and Apple QuickTime.

To assist our clients we install an easy patch management strategy.

If you would like us to assist, please Ring us now 01-2166 970 or click below to send us a form.

WannaCry Ransomware Attack: What You Need to Know

/

Since being unleashed on 12 May 2017, the WannaCry Ransomware attack has become the largest ransomware event in history, crippling 200,000 computers in more than 150 countries. While it was briefly slowed (accidently, as it turns out) by a British security expert, criminals have since updated the malware. It continues to spread at an alarming rate.

A lot of media attention has focused on the organizations affected by WannaCry – notably FedEx, Nissan, Spain’s Telefonica, Britain’s National Health Service, the Russian Interior Ministry, and Germany's rail network. Maybe reporters assume multinational corporations and branches of government have been vigilant and are better at keeping their computer systems up-to-date. (Turns out, they aren’t.)

But for individuals, families, and small office/home office users, WannaCry and other ransomware programs continue to pose a serious threat to their data ... even if the impact on consumers doesn’t receive the same media attention.

What is Ransomware?

Ransomware is a particularly vicious type of malware that infects your computer, blocks you from accessing your data, and demands a ransom in order to regain control of your files. Typically, ransomware will encrypt all of the files and then post a message that promises to decrypt the files if the ransom is paid … or destroy them if not.

What is WannaCry?

WannaCry is a piece of ransomware that is also known as WannaCrypt (as well as WanaCrypt0r 2.0, Wanna Decryptor 2.0, WCry 2, WannaCry 2 and Wanna Decryptor 2). What it’s called isn’t as important as what it does.

What’s been so devastating about WannaCry is how quickly it spread. Leveraging a vulnerability in Windows with the worm-like exploit called EternalBlue (which originated with the USA’s National Security Agency, but was made public by the Shadow Brokers hacking group), WannaCry exploits a flaw in Microsoft’s network file sharing protocol. It seeks out other vulnerable computers on the network to infect, which allows it to spread at an exponential rate.

The ransom for WannaCry starts at $300 in Bitcoin (the untraceable online crypto-currency), but as time goes on the amount required to unlock your files increases. (With more than 200,000 computers infected, that potentially represents $60 million in ill-gotten gains.)

Doesn’t my anti-virus software protect me?

Using quality anti-virus and anti-malware software is absolutely vital to a strong data protection plan. However, it is important to recognize that new ransomware threats cannot be stopped by those solutions. Here’s why.

Anti-malware programs work by comparing any unknown program trying to run on your computer against a list of known threats that security researchers have already identified. That helps avoid known malware threats, but it doesn’t account for so-called zero-day exploits: malware that exploits vulnerabilities that have not yet been discovered by the security community.

WannaCry used a zero-day threat to exploit a Microsoft vulnerability that had only recently been uncovered. Microsoft issued a software patch to close that hole, but not all its customers had gotten around to installing it. The combination of unknown threat (invisible to signature-based anti-malware measures), unpatched vulnerability, and very effective replication led to the WannaCry pandemic.  

How to defend/protect against WannaCry?

Security experts recommend four steps to help safeguard your computer from being infected by WannaCry.

  1. Make sure your computer’s software up to date. Just before the ShadowBrokers hacking group revealed the vulnerability, Microsoft released a patch for the exploit, known as MS17-010. That alone was newsworthy, since Microsoft was patching operating systems that it no longer supported, but clearly a lot of individuals and organizations did not download the patch. In order to avoid infection, immediately confirm that your system software is current.
     
  2. Create a full image backup of your system, ideally using a secure backup solution with active ransomware protection. A full image backup includes everything, including files, folders, programs, operating system, and system settings. If your computer becomes encrypted, you can simply restore your system in a matter of minutes.

    Since WannaCry also infects backup files, you’ll want to use backup software with active ransomware protection in order to safeguard both your system and your backup files. If your backup solution only offers reactive ransomware monitoring – analyzing newly backed up files – that is not enough.
     
  3. Regularly download updates for your anti-malware software to ensure its signature database is up-to-date. That will protect you against already-discovered threats.
     
  4. Be alert to how criminals try to get malware on your system. Most viruses get onto your computer when you click on a link or open an attachment in a malicious email that is designed to look safe and lull you into a false sense of trust. You can also pick up infections from malicious online ads and by visiting dubious websites (think illegal or questionable content), as well as infected USB drives. There’s a whole segment of the criminal underground whose sole job is to figure out how to get you to lower your guard and open your door to them. Be wary online.

To protect yourself from the next ransomware attack, you should contact GDK to discuss how you and your computer systems can be protected using the latest Anti-Virus Software with active ransomware protection to ensure your system is protected.

What to do if I’m infected by WannaCry?

If your computer is already infected, it may be too late, but here’s what the experts recommend. Firstly, do NOT click on “decrypt” or “check payment.” Paying the ransom doesn’t always work: one in five users who pay never get the promised remedy. After all, you’re dealing with criminals on the other end of the transaction.

If you can, download and install the patch from Microsoft.

If you have an isolated backup of your system – one that was not connected to the infected computer, like a cloud backup – you can restore your infected files. But keep in mind that WannaCry will try to infect backup files as well, so if you only have a backup on a local drive, you might be out of luck.


There are real benefits to implementing a proactive GDK IT Care Plan to manage your security concerns. You are most welcome to call or email us to discuss your concerns and to investigate how GDK could help you.