Abilene Tech News: Disaster Recovery and Spoofing Attack

DataSecurity_Dollarphotoclub_64117399-1.jpg

We recently saw some news items here in Abilene that reminded us that no matter where you live and how great your community is, as a business owner you simply can’t afford to neglect your technology.

Disaster Recovery News

The first item has to do with disaster planning. Abilene TV station KTXS recently reported that state and local first responders are preparing for possible weather-related and other disasters by attending a four day training coordinated by the West Central Texas Council of Governments.

Planning for disasters isn’t just for first responders. As a business owner, you need to be aware that disaster can strike at any time, even here in Abilene. Ice storms, tornados, fire in your place of business, theft: any of these can be costly if they impact your customers or if your business data is impacted.

We recommend that clients have a disaster plan in place, and revisit this plan at least once a year. What does IT disaster planning include? Here are three items every disaster plan should include:

  1. Firewall protection isn’t enough. Too many business owners think that installing a firewall is all they need to protect their network from cyber-attack. Unfortunately, nothing could be further from the truth. While a firewall can protect your business from many types of incoming malicious traffic, it’s not a complete solution to network security. Hackers are creative, continually coming up with new ways to attack. Networks and firewalls have to be continuously updated to ensure they are able to stop new threats. In addition, not every type of threat is going to come in through your network. Some threats may be within your network, or behind your firewall – such as mobile devices that are brought in by employees but which are not running through your firewall. Your physical security practices could also put your business at risk. A network assessment helps identify all these types of threats.
  2. A firewall doesn’t replace a solid network security plan. Firewalls can stop incoming traffic, but they can’t resolve an issue that’s already happened, and they don’t constitute a plan to keep all your data safe. A network assessment looks at your whole network – what kind of traffic is coming in, what should or shouldn’t be connected to the network, and which components of your technology infrastructure require which types of protection. This information is then used to develop a network security plan to keep your data protected.
  3. A network security audit could get you lower insurance rates. Little known fact: businesses in the financial services and health care industry that handle financial information or HIPAA protected data are now required to have cyber-insurance. Many insurers require these businesses to have a network security plan, charging higher rates to businesses that don’t have one. If you’re like many smaller businesses in these industries, you could be paying more for your business insurance than you need to, as a result of not having a network security plan. An audit is the first step in developing such a plan, and could help you get a lower rate.
  4. Contact list – Many companies have a call tree so that they can quickly perform “wellness checks” to ensure that all their employees are well and safe. This list should also include key individuals and backup staff so that a plan to keep the business up and running can be implemented quickly.
  5. Disaster scripts – Confusion is the norm after a disaster strikes. The time to plan for the scenarios that could happen is when nothing has happened. Scripts are a great tool to ensure that people know what to do when planned scenarios arise.
  6. Testing – After disaster strikes is the worst time to find out that your plan has important omissions. Testing is important to ensure that your disaster recovery plan will work as it’s supposed to.

Disaster recovery is an important part of ensuring that your business stays up and running no matter what the future holds. That’s why we include it as part of our Complete Care managed services plan.

Spoofing and Credit Card Fraud

KTXS also recently reported a case of credit card fraud that affected a local Abilene business, and thousands of credit card customers.

Hackers were able to “spoof” the identity of an IT worker for the local restaurant, sending an email directing restaurant workers to download a malware program that resulted in a data breach that affected thousands of customers.

This case brought up four important points.

  1. Every business needs good malware protection and detection.
  2. Never install programs based on an email.
  3. Make sure you know and trust anyone directing you to download anything to your computer.
  4. When in doubt, check it out.
  5. Firewall protection isn’t enough. Too many business owners think that installing a firewall is all they need to protect their network from cyber-attack. Unfortunately, nothing could be further from the truth. While a firewall can protect your business from many types of incoming malicious traffic, it’s not a complete solution to network security. Hackers are creative, continually coming up with new ways to attack. Networks and firewalls have to be continuously updated to ensure they are able to stop new threats. In addition, not every type of threat is going to come in through your network. Some threats may be within your network, or behind your firewall – such as mobile devices that are brought in by employees but which are not running through your firewall. Your physical security practices could also put your business at risk. A network assessment helps identify all these types of threats.
  6. A firewall doesn’t replace a solid network security plan. Firewalls can stop incoming traffic, but they can’t resolve an issue that’s already happened, and they don’t constitute a plan to keep all your data safe. A network assessment looks at your whole network – what kind of traffic is coming in, what should or shouldn’t be connected to the network, and which components of your technology infrastructure require which types of protection. This information is then used to develop a network security plan to keep your data protected.
  7. A network security audit could get you lower insurance rates. Little known fact: businesses in the financial services and health care industry that handle financial information or HIPAA protected data are now required to have cyber-insurance. Many insurers require these businesses to have a network security plan, charging higher rates to businesses that don’t have one. If you’re like many smaller businesses in these industries, you could be paying more for your business insurance than you need to, as a result of not having a network security plan. An audit is the first step in developing such a plan, and could help you get a lower rate.

If you’re working with an internal IT team, or if you’re working with a reputable IT managed services like Tolar Systems, you’ll never be contacted via email to download programs on your computer. We will contact you directly by phone to install the program ourselves remotely, or we will come on-site. We’ll never ask you to download anything from an email.

Does your business have a disaster plan? Have you ever received a suspicious email? Tell us about it in the comments.