ZeroIn Blog

Article: Ransomware Gang Deploys New Malware to Kill Security Software

There’s a reason why Managed Service Providers (MSPs) and in-house IT security teams embrace the "zero trust" philosophy. While Zero Trust typically means not automatically trusting users to do the right thing always, it also extends to their systems themselves.

Hackers are always on the lookout for new vulnerabilities, and even security tools are not immune. Recently, they discovered a flaw in Endpoint Detection & Response (EDR) software—the very tool designed to monitor systems, detect suspicious activity, block threats, and contain malware. In this case, the malware was able to “unhook” the EDR, allowing attackers to take control of the device.

A strong IT security team knows how to mitigate these risks. By implementing tamper protection on EDR software and keeping systems consistently updated, they can prevent hackers from exploiting such vulnerabilities and ensure the integrity of your defenses.

In today's landscape of evolving cyber threats, Zero Trust isn't just a security philosophy—it's a necessity for safeguarding your organization.

I know very little about cars. When I take my car to a mechanic, I’m often left wondering if they’re addressing the root of the problem or just patching it up. Are they experienced with the issue? Most importantly, are they being honest about the diagnosis and cost?

Small and medium-sized businesses face the same uncertainty with their technology—computers, internet, networks, phones, and printers. Often, they hire the first “IT guy” that picks up the phone or offers the cheapest rate. Unfortunately, some IT providers speak in technical jargon to sound competent or use scare tactics, like warning of potential downtime, data loss, or system breaches, to sell their services. The business hires them, and it turns into a waste of money and sometimes leaves them worse off.

Recently, a business owner contacted us for help purchasing and setting up a new server. Our engineer assessed their current setup and found the existing server was working perfectly fine, despite being a bit older. However, we quickly realized that the network wasn’t even using the server properly—computers weren’t sending data to it, defeating its entire purpose. Additionally, the network equipment was disorganized and poorly maintained.

The previous IT provider clearly lacked expertise, but masked it with confusing terminology. The client didn’t know their data wasn’t being backed up, and they were unaware of how underperforming their network was. We updated the server, fixed the network, and organized the equipment. Now, their data is backed up regularly, and their network performs smoothly, allowing them to carry out basic tasks like printing without extra hassle.

In another case, a doctor’s office contacted us because their internet was slow. They had hired an IT person who, instead of identifying the real issue, added more access points, which only worsened the situation. Their equipment, including point-of-sale systems and printers, kept disconnecting because the overlapping signals from the access points interfered with each other. The real culprit was outdated equipment installed by their internet service provider. After removing the old equipment and properly configuring the access points, their internet and equipment started working flawlessly.

So, how can business owners ensure they’re hiring the right IT services provider and not frauds that can cause more harm than good?

1. Know What You Need:You don’t need to understand the specific technology you require, just know what tasks you need to accomplish. A good IT expert will help you determine the right technology to meet your needs.

2. Ensure a Thorough Assessment:If an IT provider gives you a proposal after asking only basic questions—like how many computers you have—they either lack expertise or are trying to push their own solutions. A thorough assessment of your systems is essential.

3. Check Their Experience and Reputation:Look for an experienced team with a solid reputation. Read reviews on platforms like Google and Yelp, and don’t hesitate to ask for references.

4. Evaluate Trust and Communication:Do you trust them? Do they communicate clearly and listen to your concerns? An IT provider should be a valuable part of your team, so make sure they’re someone you feel comfortable working with.

By following these steps, you’ll have peace of mind knowing that your technology is in capable hands, allowing you to focus on running your business.

Article: No. 1 Reason The 'Shadow IT' Trend Is Benefitting Careers But Hampering Companies

Shadow IT refers to the practice of using software or hardware that the IT department of the organization has not approved. As you can imagine, this creates security risks for the organization. I remember the excellent IT team at Twitter would periodically scan our computers for unsanctioned software, and we would have to get approval for any applications or hardware we wanted to use. They encouraged us to "work smarter, not harder", so they would pay for applications and other software if it passed their security requirements and we could demostrate its value to our team. They also provided at no cost to us a TON of tools and hardware to compensate for not being able to use our own systems.

Forbes does a great job outlining how Shadow IT can potentially harm organizations. Many people have no idea about the security risk application, software, and hardware can create. They are almost always not intentionally sabbotaging their company, but simply do not understand the potential harm of their actions.

Moral of the story: While it can be frustrating to wait for approval from the IT team or be restricted from using an application you like, refraining from shadow IT can save your company.

We wanted to tackle the great debate between cloud versus on-premises backup as succinctly as possible from a different angle: introduce a situation and describe why one may be better to use over the other. Of course, organizations must consider all these factors together when deciding on their data backup strategy. We do not mention the hybrid approach, utilizing both cloud and on-premises, which most of the time can be the best solution. We wanted to keep this simple and short.

First, let’s quickly review what backup is and the general pros of each. Data backup refers to the process of creating copies of data and storing them in a separate location from the original data source. The primary purpose of data backup is to protect against data loss by providing a means of recovering lost or corrupted data. The two data backup solutions are cloud and on-site storage devices. The “cloud” refers to 3rd party services that provide a secure remote repository accessed by users via the internet.

Accessibility and Flexibility: Companies that encourage or allow working from home or the employees travel for work frequently and need to access data would require an internet connection to access data. There are ways for organizations to set up remote connections to on-premises backup servers, but that creates more front-end costs and maintenance.

Recommendation: Cloud

Customization: If an organization has unique backup needs, such as strict compliance or a large variety of access restrictions, then they will need the autonomy to configure it as they need. Most cloud backup options have limits on how the backup can be configured.

Recommendation: On-premises

Unpredictable Growth or downsizing: The servers companies purchased and configured are all that they have. They can purchase enough hardware up front to ensure they have enough data storage to scale quickly, but that can be cost prohibitive. They could be in a bind if they do not have enough storage. Cloud providers allow companies to purchase more data storage when needed and reduce storage if they downsize. 

Recommendation: Cloud

Security: Organization have enough expertise to ensure they build secure infrastructure on premises. They also need to consider natural disasters like fires, storms, etc., which can cause data loss. Meanwhile, organizations would have to trust their cloud provider has robust security measures in place that meet their standards. Speed of recovery usually favors the on-premises solution.

Recommendation: Cloud (some situations can call for on-premises)

Cost: An organization must have enough money up front to consider building on-premises data storage. Once the infrastructure has been built, the organization must pay for the maintenance of the servers and the employees to do it. Organizations incur a recurring cost when using a cloud provider that is consistently lower than the maintenance and staff.

Recommendation: Cloud

While cloud backup provides flexibility, scalability, and off-site protection against disasters, it entails ongoing costs and reliance on internet connectivity. On the other hand, on-premises backup offers autonomy, compliance assurance, and faster access but requires upfront capital investment and may lack scalability.

By carefully weighing the pros and cons of each approach and aligning them with your business objectives, you can develop a robust data backup strategy that safeguards your critical assets and ensures business continuity in the face of unforeseen challenges.

Article: Five Guys to pay $700,000 to Settle Suit over 2022 Data Breach

Our Thoughts:

As a fan of Five Guys and their delicious burgers and fries, it is disappointing to hear about the data breach they experienced. Unfortunately, data breaches occur more often in today's digital landscape, but how companies respond to such incidents is crucial. While the financial losses resulting from cyber-attacks can be significant, the loss of trust from customers and employees is equally impactful and often irreparable.

In this case, employee data was compromised. The company did the right thing by providing credit protection and identity theft monitoring services to all 38,000 employees, but they still filed a class action lawsuit against the company. This settlement, which cost Five Guys over $700,000, serves as a stark reminder of the importance of safeguarding personal information and the potential consequences of failing to do so.

Both large and small companies bear a responsibility to prioritize data security and implement robust measures to prevent breaches. Five Guys managed to absorb the monetary loss and hit to their reputation, but 75% of small businesses (<1000 employees) could not continue operating after a large data breach. People believe that small businesses fly under the radar from attacks, but 82% of reported ransomware attacks in 2021 were against companies with less than 1,000 employees. Companies must foster a culture of cybersecurity awareness and invest in comprehensive security protocols. By doing this, businesses can mitigate the risk of data breaches and uphold the trust of their customers and employees alike.

Data continues to be the lifeblood of businesses, powering operations, driving decision-making, and fueling growth. From customer records and financial transactions to intellectual property and operational data, businesses rely on their data to maintain competitiveness and drive innovation. Data loss can cripple an organization and weaken customer trust in your services. Per Gartner Consulting, only 6% of companies without proper backup or recovery plans survived for more than two years after the disaster. With the increasing prevalence of cyber threats, the potential of hardware failures, and the inevitable human errors, backing up your organization’s data is vital.

What is Data Backup?

When someone mentions computer data, they're referring to any digital information stored and processed by a computer system. Examples of data include documents, spreadsheets, software applications, images, videos, databases, configuration settings, and user preferences. Data backup refers to the process of creating copies of data and storing them in a separate location from the original data source. The primary purpose of data backup is to protect against data loss by providing a means of recovering lost or corrupted data.

Data can be lost in a variety of ways 

1. Human Error: This may be the most common way organizations lose data. Have you ever accidentally deleted an important file or erroneously executed a command that erased data from servers, like one Pixar employee did in 2012 with Toy Story 2 movie? Humans are fallible. Mistakes happen. Even when strong processes are in place, it can only take an unintended click or two, and data can be erased. People can be clumsy too. If there is a fluky crash or inadvertent spill causing hardware to get damaged, then data can be lost.

2. Hardware malfunction: Have you ever had a hard drive fail, like the State Department US Passport and Visa operations did in 2014? Natural disasters can damage data centers. Fires and floods can ruin servers that hold company data. Manufacturers are not perfect either. Hardware can fail due to system glitches or employee miscues. These can all lead to a loss of data.

3. Cyberattacks: When a database gets corrupted with malware, many times much of the data can be lost, which is what happened in 2016 to the Hollywood Presbyterian Medical Center. Many times, hackers will deploy malware deep within a system. Security teams will isolate the area wherever the malware is and erase all the contents to ensure the malware is removed. Hackers can also hold data “hostage”. If the organization being attacked does not comply with the hacker’s requests, then they can erase all the data or even worse, release proprietary material or confidential customer information.

The Benefits of Backing Up Your Data

By maintaining backup copies of critical data, businesses can minimize impact and ensure business continuity. In the event of a data loss incident, having a backup ensures that businesses can quickly recover their data and resume normal operations without significant downtime. Without reliable backup systems in place, businesses risk losing valuable data, resulting in financial loss, operational disruption, and reputational damage.

Many industries are subject to regulatory requirements regarding data protection and retention. Implementing data backup solutions helps businesses comply with these regulations and avoid potential fines, penalties, or legal liabilities associated with data breaches or non-compliance.

The 3 Data Backup Solutions

1. On-Site Backup: On-site backup involves storing backup copies of data on physical storage devices located within the premises of the business. Common on-site backup solutions include external hard drives, network-attached storage (NAS) devices, and tape drives. While on-site backup provides quick access to data and complete control over storage, it may be susceptible to risks such as theft, fire, or natural disasters.

2. Cloud Backup: Cloud backup involves storing backup copies of data in a remote location separate from the primary data source. This can be achieved through cloud backup services, where data is securely stored in the cloud infrastructure of a third-party provider. This offers enhanced security and protection against physical threats, making it an ideal solution for disaster recovery and business continuity. Other benefits include the ability to access data from different computers and devices, relief from having to maintain your own hardware, and the means to scale easily and quickly.

3. Hybrid Backup: Hybrid backup combines elements of both on-site and cloud backup solutions to provide a comprehensive data protection strategy. In a hybrid backup setup, businesses maintain on-site backup copies for quick data recovery and replicate data to off-site locations for added redundancy and disaster recovery capabilities.

No matter how secure you feel your systems are or mistake proof your process is, data backup is a critical component of any business's IT strategy. 93% of companies in the past 3 years have been hit with a natural or human-caused disaster resulting in significant data loss. Providing protection against data loss, ensuring business continuity, and safeguarding valuable assets can save organizations. We have seen it. ZeroIn specialized in cloud backup solutions, giving you peace of mind that your data is secure, and a backup is ready if needed.

In today's digital world, effective communication is the cornerstone of success for any business. With the advent of Voice over Internet Protocol (VoIP) technology, plain-old-telephone-services (POTS) are quickly becoming outdated and are unable to keep up with the demands of modern businesses. The revolution in communication began in 1995, but didn’t really take off until around 2003 when telecommunication companies and computer manufacturers began implementing the more cost-efficient and higher quality technology into their equipment and offerings. VoIP phone systems accounted for less than 1% of all voice calls in 1995 and jumped to 25% in 2003. After reading the rest of this, you will be surprised to learn that only 31% of businesses today use VoIP. Let’s delve into the world of VoIP phone systems, exploring what they are, what's happening with POTS, aka. landlines, and the myriad benefits VoIP brings to businesses and households.

Understanding VoIP Phone Systems

At its core, VoIP technology enables voice communication over the internet rather than through traditional telephone lines, which is usually copper wire. VoIP converts voice signals (analog voice signals) into digital data packets, which are then transmitted over the internet. These packets are decoded at the receiving end and put back together, allowing for seamless voice communication. Someone aptly compared it to Wonkavision from Charlie and the Chocolate Factory.

• VoIP Phones: VoIP phones resemble traditional desk phones but are equipped with built-in IP technology. Alternatively, software applications can turn computers or mobile devices into VoIP-enabled communication tools. Because of this, VoIP makes it easy to work remotely and on the move.
• Internet Connection: A stable internet connection is essential for VoIP communication. Whether through Ethernet, Wi-Fi, or mobile data, VoIP relies on internet connectivity to transmit voice data packets.
• VoIP Server or Provider: VoIP service providers manage the infrastructure necessary for routing voice data packets between users. These providers often offer additional features that traditional phone systems cannot, such as voice-to-text, voicemail, and dial by name, voice-to-email, and integrations with other business applications.

What’s Happening with Traditional Phone Systems?

Effective August 2022, the FCC removed the requirement, established by the Telecommunications Act of 1996, for telecommunication companies to maintain the infrastructure for the traditional phone services and offer discounts to competitors for its use. Due to the costs associated with maintaining traditional phone line infrastructure and the lower expenses of providing VoIP services, telecommunication companies are now either increasing prices for POTS or phasing out these services altogether.

Benefits of VoIP Phone Systems

• Cost Savings: VoIP usually costs about a third of what traditional phone systems cost. Unlike traditional phone systems that rely on dedicated telephone lines, VoIP utilizes existing internet infrastructure, which reduces hardware and maintenance costs. VoIP also lowers call charges, especially for long-distance and international calls.
• Scalability: VoIP phone systems are highly scalable, making them ideal for businesses of all sizes. Whether you're a small startup or a large enterprise, VoIP allows you to add or remove users effortlessly.
• Flexibility and Mobility: In today's increasingly mobile workforce, flexibility is paramount. VoIP phone systems empower employees to stay connected from anywhere with an internet connection. Whether in the office, at home, or on the go, users can access their VoIP phone system (same phone number) through desktop phones, softphones, computers, or mobile apps.
• Advanced Features: VoIP phone systems come equipped with many advanced features that go beyond traditional phone services. From voicemail-to-email transcription to dial by name and mobile applications, VoIP offers an array of productivity-enhancing tools. Additionally, VoIP systems can integrate with other business applications such as customer relationship management (CRM) systems.
• Reliability and Redundancy: Contrary to common misconceptions, VoIP phone systems provide great reliability due to their redundancy measures. VoIP providers often operate multiple data centers across geographically diverse locations, ensuring uninterrupted service even in the event of hardware failures or natural disasters. Additionally, built-in failover mechanisms and ability to switch to mobile data to further enhance reliability and uptime.

Choosing the Right VoIP Provider

• Reliability: Look for a VoIP provider that can switch to mobile data if there is an internet outage. The provider should also offer a specific service-level agreement with a guaranteed uptime.
• Scalability: Whether you're adding new users, opening new locations, or expanding internationally, your VoIP solution should be flexible enough to adapt to your evolving needs.
• Security and Compliance: Choose a provider that implements robust security measures such as encryption, firewall protection, and intrusion detection/prevention systems. Additionally, ensure that the provider complies with relevant data protection regulations such as GDPR or HIPAA, if applicable to your industry.
• Customer Support: Look for providers with responsive customer support teams available via multiple channels such as phone, email, and live chat. Additionally, inquire about training resources and ongoing technical support options to ensure smooth implementation of your VoIP phone system.

Summary

• VoIP phone systems represent a transformative leap forward in business communication.
• Traditional phone services are becoming more expensive as maintenance of old infrastructure becomes more difficult.
• By leveraging the power of the internet, VoIP offers cost savings, businesses flexibility, and scalability.
• When choosing a VoIP provider, prioritize reliability, scalability, and security to ensure a seamless transition to a modern communication solution.
• If you haven’t already, I highly recommend switching from a traditional phone service to VoIP.

As a managed service provider (MSP), safeguarding our clients' businesses against cyber threats is our top priority. In today's digital landscape, cyber threats are more prevalent and sophisticated than ever before. They pose significant risks to businesses of all sizes. From data breaches and ransomware attacks to phishing scams and insider threats, the consequences of a cyber incident can be devastating. They can lead to financial loss, reputational damage, and a major disruption to operations. Let’s explore the importance of cybersecurity and some tips on how you can guard your organization against cyber threats.

The late American author Kurt Vonnegut once wrote, “New knowledge is the most valuable commodity on earth. The more truth we have to work with, the richer we become.” Written in the 20th century, it has been put in practice by 21st century businesses. As the Internet has grown, the amount of companies expanded, and the amount of data that those companies collect has grown exponentially, especially now that there is a market for such data.

Profitability is less the measure of being able to turn a profit, and more the measure of how much profit you can make. For the successful small business, the integration of technology can dictate what kind of annual margins you are looking at. For the new company, however, it can be something even more critical: the difference between setting a course for success, or wallowing in failure. Today we analyze the cost difference between hosting your IT in-house, or choosing to host it in the cloud.

Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.

How much does your business rely on technology to keep your organization running forward? As business technology becomes more complex, it’s becoming increasingly popular for organizations to have their own internal IT departments to manage and maintain it. Yet, small businesses don’t often have the necessary funds for such a feat. How can your company afford quality IT service? You can start by pursuing managed IT solutions from a managed service provider.

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

The cloud has proven to be an extremely useful tool for the modern business. Not only does it provide anywhere-anytime access to applications, processing, storage, et al; it also delivers those products as a service, allowing you to budget for recurring costs rather than major upfront ones. This provides your organization with functional, supported, and secure computing environments that eliminate a lot of the support costs that traditional computing environments require. It sounds like a perfect scenario for small and large businesses alike, but things aren’t always what they seem, as a lot of cloud users have found that they have incurred several hidden costs by using cloud platforms. Today, we take a look at these hidden costs.

There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs. A responsible business owner will resist this temptation and prioritize the solutions they need over the ones they want - building profitability and generating capital needed to make other improvements.

In this blog, we’ll examine some of the implementations that can deliver a good return on investment to a small business.

Traditionally, the business telephone system is one of the most expensive operational costs, especially if you take into account a business’ expanding mobility. Today, there is an option that changes the way that businesses look at their phone platform. That option is VoIP, or Voice over Internet Protocol. Today we’ll tell you a little bit about VoIP and tell you how it can drastically improve your business’ communication.

As businesses have been allowed access to more advanced tools, the cloud and its capabilities have been shown to be among the most useful to operations. Let’s examine some practical applications of the cloud to see why this is.

It isn’t exactly a secret that small and medium-sized businesses appreciate any opportunity to reduce the amount of money they have to spend to successfully operate. One means that businesses of all sizes have used to do so has been VoIP (Voice over Internet Protocol) telephony. Here, we’ll explore just how VoIP solutions are friendlier to a business’ budget.