Author Archives: Maria Koblish

Are you a remote worker trying to keep safe and productive during these unprecedented times?

Perhaps you’re new to the whole work-from-home life?

In either case, we thought it would be helpful to collect our best tips for keeping secure and staying productive while working outside the office walls.

1. Keep up with updates

Putting off (or outright ignoring) those updates? Don’t! Software updates often address vulnerabilities. By not allowing the software to get patched, you may be leaving a door open for cybercriminals. Don’t make it easy for the bad guys!

2. Snap a photo of your computer configuration before unplugging and moving your PC

Getting wires crossed? Unplugging and reattaching all the cords and peripherals of your computer can certainly trip you up. Grab your smartphone and snap a shot of your computer setup (from all angles!) so you have a reference when you forget where to plug something in.

3. Pay attention when using Wi-Fi

Getting some work done at the local coffee shop? Don’t blindly connect to the first available network that pops up. If you’re unsure, ask the staff. To be doubly safe, turn off automatic connections.

4. Lock your computer

Make sure you set up your password-protected lock screen to keep your computer secure. The last thing you want is someone coming behind you and sabotaging your work or accessing sensitive data.

5. Make use of a password manager

Getting tired of having to memorize countless passwords? Resorting to less complex passwords? Reusing passwords across accounts?

Make use of a password manager so you can keep your passwords unique and secure. Hackers are determined and have all the time in the world. Don’t make it easy for them!

6. Heed your IT team, and by all means, ask plenty of questions

Your IT team will typically have best practices and guidelines in place for the team while working remotely. Do your best to follow them. Sometimes these rules may seem like a few too many extra steps to follow… but do follow them. They’re in place for a reason. Be sure to ask plenty of questions if you need guidance.

Would you leave your home’s front door unlocked?

Probably not.

Should you maintain a network without a firewall?

No, if you value your data and security.

—

So, just what is a firewall?

Within the context of network security, a firewall helps filter out the traffic that goes in — and also out of — your network.

This filtering is based on defined security rules.

A firewall can be hardware or software. In fact, both are often used in concert to create an even more potent barrier than just having one or the other.

“At Thrive, we advise using multiple layers of security for the best protection against the many threats out there,” said Brian Walker. “The firewall can be looked at as the first line of defense. A gatekeeper. It helps determine what traffic or sources are blocked from your network.”

“Without a firewall, you basically have your network’s ‘front door’ open to anyone who wants to come in,” explained Aaron Allen. “If you care about your systems and data (and who doesn’t?), you want to have a firewall.”

But where does one begin?

“There are a variety of firewalls you can employ, including stateful inspection and proxy, as well as next generation firewalls, which also bundle in network intrusion prevention,” explained Allen. “Thrive now also provides a completely managed firewall service.”

“This covers the whole firewall experience, from installation and configuration to ongoing maintenance and support.”

“Our managed firewall service equates to more time to spend on your business, less time worrying about security.”

“The network security experts at Thrive can assist you in determining the optimal solution for your specific environment,” said Walker. “Asking yourself, ‘What is a firewall?’ Contact us to schedule a free firewall consultation. We are offering video and phone conferences for your convenience and safety.”

Remember Emotet? Well, it’s back.

In case you don’t know, Emotet is one of the biggest cyber threats in recent years.

This damaging malware oftentimes gains a foothold in a system through a macro virus in an email attachment.

“Clever social engineering on the part of the threat actors can make detecting these malicious emails difficult,” said Brian Walker.

“These emails may look like they’re coming from a colleague, they may seem to be a continuation of a past email thread, or they may reference a timely topic in your line of business.”

The Emotet backdoor is typically installed via a macro-enabled Word document. PDFs or hyperlinks within the body of the email can also cunningly link to these Word documents.

While more and more people are becoming better educated about email security issues, the sophisticated nature of the Emotet attacks as well as the volume (1.8 million malicious emails were blasted out in a short period last February) make it a potent threat.

“Once Emotet gets in, worm-like self-propagation features allow it to spread across networks at terrifying speeds,” said Aaron Allen. “The threat actors can steal account credentials and proprietary or sensitive information. Emotet can even download and install additional malware, such as TrickBot, which steals bank logins, tax information, and other financial details. Emotet has also been known to lay dormant, ready to launch future attacks.”

In other words, Emotet is bad news. Recovery in the aftermath of an Emotet attack can be extremely costly, and the hit to your reputation can be tough to shake.

Here are 4 tips to help defend against Emotet:

1. Ensure you keep everything patched and up to date so known vulnerabilities are shored up.
2. Keep your staff educated on malicious emails.
3. Be wary of emails that seem out of place, even if they appear to be from colleagues or friends.
4. Be especially wary of attachments. Watch out for PDFs and Word documents.

Need more advice? Sign up for our blog or contact us today!

Does your business accept credit cards? Of course it does. Regardless of what industry you are in, your customers are now using payment cards for a large portion of their retail transactions both online and in-store. To protect consumers, there has been a compliance standard enacted by credit card companies. Today we will look at this standard, known as PCI Compliance.

Introducing PCI DSS

With so many people using credit, debit, and prepaid gift cards to pay for goods and services, the economic ramifications of digital payment fraud, data loss, and other side effects of continued reliance on these methods of payment have led the companies that issue these cards to band together to create what is now known as the PCI Security Standards Council. Since its inception in 2006 the PCI Security Standards Council has been overseeing the establishment and coordination of the PCI DSS, or Payment Card Industry Digital Security Standard. Let’s take a look at how PCI compliance works.

Taking a Look at PCI

PCI DSS was established in 2006 by credit card companies as a way to regulate business use of personal payment card information. That means all businesses. If your business processes or stores payment card information as a means of accepting digital payment, you need to maintain your PCI compliance. PCI DSS demands that businesses satisfactorily take the following steps:

1. Change passwords from system default
2. Install all sufficient network security tools (antivirus, firewalls, etc.) that will work to protect card data
3. Encrypt transmission of card data across public networks
4. Restrict the transmission of card and cardholder data to “need to know” basis
5. Assign user ID to all users with server or database access
6. Make efforts to protect physical and digital access to card and cardholder data
7. Monitor and maintain system security
8. Test system security regularly
9. Create written policies and procedures that address the importance of securing cardholder data
10. Train your staff on best practices of accepting payment cards

While many businesses already do these things in the normal course of doing business, if you currently don’t and you still allow for the use of payment cards, your business could have a problem on its hands.

Business Size and Compliance

Once you understand what you need to do to be PCI compliant, you then need to comply with the standards of your business’ merchant status. They are defined as follows:

• Merchant Level #1 – A business that processes over six million payment card transactions per year.
• Merchant Level #2 – A business that processes between one million-to-six million payment card transactions per year.
• Merchant Level #3 – A business that processes between 20,000-to-one million e-commerce payment card transactions per year.
• Merchant Level #4 – A business that processes less than 20,000 e-commerce payment transactions, and fewer than one million overall payment card transactions per year.

Since a business with more transactions has a better chance to foul up a situation concerning payment card compliance, they are required to do more to prove compliance than smaller businesses do. Here are the expectations for businesses in each merchant level:

Merchant Level #1

Doing massive business online and otherwise brings with it more responsibility. To maintain PCI compliance, Level one merchants need to:

• Perform a yearly Report on Compliance (ROC) through a Qualified Security Assessor (QSA)
• Allow an Approved Security Vendor (ASV) to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #2

As transactions begin to decrease there are less stringent standards. Level twos include:

• Perform a yearly Self-Assessment Questionnaire (SAQ)
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #3

Many medium-sized businesses will fall under this level and need to:

• Perform an SAQ
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council records

Merchant Level #4

The majority of small businesses fall into level #4 status and, like levels two and three, need to:

• Perform a SAQ
• Allow an ASV to complete a quarterly network scan
• Complete the Attestation of Compliance Form for PCI Council record

Businesses that are non-compliant will face fines, extra scrutiny, or risk having the privilege of accepting payment cards officially revoked. If you have questions about the particulars of PCI DSS compliance, contact the knowledgeable professionals at Thrive today.

You’re paying your IT guy to keep your computer network up and running smoothly. So why do you still have all these problems?

When it comes to the management of your computers, you need someone reliable and trustworthy. Data is the lifeblood of just about any business, and your IT services provider helps you keep it secure while giving you a competitive edge with an efficient, well-managed network.

Looking for a change?

Thrive has a high customer satisfaction rate and an experienced team that’s ready to give your network the world-class treatment it deserves.

Claim your free, unbiased IT Assessment today. Contact us today and one of our network experts will get back with you promptly.

Want to keep your systems safe and efficient?

Follow these five tips to avoid expensive and potentially catastrophic computer network failures.

1. Have off-site backup.

Relying on onsite backups? What happens if the building gets destroyed? Or your whole network (backups included) gets encrypted and held for ransom? A comprehensive backup plan includes off-site backups, which are extra copies of your data stored in geographically distant locations. In the event of total disaster, you’ll have the building blocks to get back to business.

2. Centralize your data on a server.

Want to increase efficiency, foster collaboration, and improve security in your office? Get a server. Managing email, facilitating file sharing, running applications that require secure databases, and overseeing network security are all things that deserve a dedicated server.

3. Keep your anti-virus patched.

Patches oftentimes address new threats and vulnerabilities. So, not updating your anti-virus and other security software is akin to leaving doors and windows open for cyber attackers. Be vigilant about updates. Better yet, institute a patch management service.

4. Make sure your acceptable use policy is up to date. And enforce it!

It’s often said that the weakest link in your network security is your people. Clicking a malicious link, visiting a bad website, and downloading questionable software are all mistakes your staff can make that can lead to devastating results. An acceptable use policy spells out the things users can and can’t do in the network, encouraging responsible computing. Don’t be afraid to enforce your policy.

5. Perform scheduled patch maintenance for every computer.

In the same vein as #3 above, you should keep every computer in your network patched to ensure vulnerabilities are shored up. This should be performed at least bi-weekly for best results. Scheduling patch maintenance is the perfect way to regulate this.

—

Ready for IT peace of mind? Follow these tips, keep your systems patched, and ensure your users exercise responsible computing.

Want a free network consultation? Contact us today to schedule time with one of our networking and security experts.

A successful cyber attack on a prominent Alabama city’s computer systems underscores the need for not only strong network security, but also a comprehensive business continuity and disaster recovery plan.

Florence, northwestern Alabama’s primary economic hub, per Wikipedia, agreed to pay almost $300,000 to cybercriminals. Why?

Early in June, DoppelPaymer successfully launched a cyberattack, unleashing ransomware onto Florence’s network.

Ransomware encrypts the data in a network, rendering the whole system useless. The criminals will then demand a ransom, typically in bitcoin, in exchange for the decryption keys which will unlock the data.

The DoppelPaymer ransomware gang is known for stealing large amounts of data from the target network before deploying the devastating ransomware. Thus, in addition to the ransomware, there is also the threat of having the stolen data published or sold in the Dark Web.

The city was actually warned by a security researcher in late May, almost two weeks before the successful attack, but sadly it may have already been too late at that point.

“The danger of ransomware is real,” exclaimed Brian Walker. “All organizations, businesses, and municipalities need to make cybersecurity a top priority.”

“Having a sound backup plan is a vital part of your security,” said Aaron Allen. “If your layers of security fail, your backups are the perfect last line of defense. Being able to promptly restore from a recent backup minimizes costly downtime and allows you to get back to business.”

Contact us today for a free network security consultation.

Get a free cloud cost analysis

Don’t upgrade your server until you read THIS:

Cloud computing can certainly save you money.

With more people working from home, now may be an excellent time to consider utilizing the cloud for your servers and workstations.

BUT, the cloud may not be right for you.

Pros include:

• Lower cost
• Better reliability and uptime
• Exceptional scalability
• Simplified management

Cons include:

• Security issues
• Heavy reliance on internet connectivity and bandwidth
• Reduced control and management options
• Potentially limiting contracts

Make sure you do your homework before you make the jump. Let Thrive help!

We will perform a two-hour cost analysis and take inventory of your current environment and see how your employees currently use their workstations and your network. We will also look for potential security problems and other hidden loopholes.

Contact us today to get started.

Cybersecurity: Everyone agrees it’s a necessity these days.

As you continue to strengthen your company’s network defenses, don’t forget what’s often the weakest link in the chain: Your people.

Magellan Health, a Fortune 500 company, recently suffered a data beach due to a phishing email. After the company became aware of the attack, they hired a cybersecurity firm to assist. They discovered the attackers were able to exfiltrate clients’ personal information from a corporate server.

Again, it’s of utmost importance you educate your staff on current threats and common ways cybercriminals dupe their victims.

Phishing emails and social engineering are utilized in a large portion of data breaches, and thus should be discussed.

Ready to raise your cybersecurity IQ?

Sign up for Thrive’s blog for easy-to-follow yet powerful ways you can thwart the bad guys.

Does it pay to give in to ransomware criminals?

Well, according to a recent study, paying off the bad guys may actually result in a doubling-up of clean-up costs.

Based on new research conducted by Sophos, companies hit with ransomware that refused paying the ransom paid, on average, $730,000 in recovery costs.

Yes, that’s quite a sum. But check this:

According to the same research, companies hit with ransomware that did pay the crooks paid, on average, $1.4 million in recovery costs.

While many experts believe ransomware ransoms should not be paid, some companies have paid them out of desperation. Each case is different, but this new research is certainly illuminating.

“In any case, a company should have good network security and a good data backup process in place,” remarked Aaron Allen. “Security should be layered, providing overlapping defenses that make it harder from criminals to break through. And backups should include offsite replication to ensure your data lives no matter the circumstances.

“All this should make the issue of paying ransoms moot. Your security makes it difficult for your data to be harmed or held for ransom. And in the case of disaster, you can restore your data and get back to business promptly.

“Ready to thwart the ransomware criminals? Get a free security or data backup consultation. Contact us today.”