Tag Archives: encrypted

The ONE Thing You Must Do to Keep Your Data Safe in the Cloud. Is Your IT Guy Doing This?

26 Jul 17
lverbik
, , , , , , , , , , ,
No Comments

How secure is your data? Cloud data storage is becoming a massive industry in this country, and many businesses and other institutions are putting their data into the cloud. Some of this data is pretty harmless. Other stuff — like hospital records, banking information, or company payrolls — are prime targets for bad actors. Is the cloud storage tradeoff worth it?

The short answer is yes, but only if your IT guy is encrypting your sensitive data.

Every cloud storage company you talk to will claim to take top-of-the-line security measures on behalf of your data. But that, in a nutshell, highlights the problem with cloud storage. Your data is entrusted to a third party for safekeeping. It’s possible that they’d do everything in their power to safeguard your information. But bad things, like ransomware, phishing, or just plain going out of business, do happen. And when they happen, it’s not the cloud storage company whose data is on the line; it’s yours.

Even if that doesn’t occur, let’s be honest. Most of the major cloud storage companies are based in the United States, the U.K., or France, where they could be subject to NSA snooping (or questionably legal surveillance from any other government entity). Despite the best efforts of many storage companies to  prevent government intrusion, your data could still be at risk, even when it’s locked up tight.

This brings us back to encryption, which is the hands-down best way to protect your data, period. It’s just like locking sensitive data in a box, with a password needed to reopen it. Even if someone gets ahold of the box, if they don’t have the password, there’s nothing they can do with it. There are a lot of encryption tools out there and you’ll want to make sure that you have the right one for your specific needs. If you ever need a recommendation, don’t hesitate to reach out and ask! We’ll be happy to provide you with the specific recommendation (free or paid) that fits your needs.

In addition, most cloud storage companies protect your data with their own encryption, but this isn’t as secure as encrypting your own information. That’s because the cloud storage company has the encrypted data in its possession, but it also has the keys to that data. If someone can get in, they can probably get the information they want. And a disgruntled employee — or just a hapless one — can also provide hackers access to the system through good old-fashioned human engineering.

If the cloud storage company is compromised (and it happens quite often), will your data be secured or unsecured? Well, if you’re encrypting your own data before uploading it, then the bad actors will open up the safe to find … a bunch of locked boxes. Pretty frustrating, right?

On the other hand, if you’ve trusted the cloud storage company to take care of everything, you’re going to have a bad day.

As you can tell, it makes sense to have your IT guy encrypt everything that gets put on the cloud before it gets there. But remember, just as your cloud storage provider is vulnerable, you can be vulnerable as well. It’s less likely that bad actors will target your company specifically, but if they want your data bad enough, they’ll go to great lengths to get it.

Many people have a misconception that these criminals will just use a magic program to crack your encrypted files. Decryption does exist, but it requires a lot of time and processing power. It’s far more likely that hackers will target your email or other aspects of your system and try to find out the encryption codes that way. And never forget that people are the weakest part of your IT security. Educate employees so they aren’t vulnerable to phishing scams, downloading questionable software, and visiting the wrong websites.

Your #1 MUST-DO Resolution For 2017

28 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With every New Year comes the chance to reset priorities. Unfortunately, when the topic of implementing a data recovery plan comes up, the comment we most often hear is “I know I should, but I haven’t gotten around to it yet…”

So…what if the pilot on the next flight you’re on announces right after takeoff, “I know we should have run through our preflight checklist, but we haven’t gotten around to it yet…???”

Without a solid backup and recovery plan in place, just one mission-critical file that gets lost or stolen could put your company in a world of serious hurt. When you compare the high cost of replacement, repair and recovery to the relatively trivial price of keeping good backups, the choice is an absolute no-brainer.

Why disaster recovery planning matters more than you think

Let’s face it, data is the nucleus of your business. That means that a single ransomware attack could wipe you out in a matter of minutes. Today’s cybercriminals are raking in literally billions of dollars (yes, billions) preying on the unwary, the poorly protected and those who “haven’t gotten around to it yet.” Let’s consider the facts…

Ninety-seven percent of IT services providers surveyed by Datto, a data protection company, report that ransomware attacks on small businesses are becoming more frequent, and they expect that trend to continue. These attacks are taking place despite anti-virus and anti-malware measures in effect at the time of the attack.

Windows operating systems are most often infected, followed by OS X. Cloud-based applications, particularly Dropbox, Office 365 and Google Apps, are also being targeted.

Ransom demands typically run between $500 and $2,000. About 10%, however, exceed $5,000. And even at that, paying a ransom demand is no guarantee that encrypted files will be released.

For a typical SMB, downtime from ransomware can cost around $8,500 per hour, and will take an average of 18.5 hours of the company’s time. That’s a hit to your bottom line somewhere in the neighborhood of $157,250. Yet in many cases the ultimate cost has reached into multiple hundreds of thousands.

In a recent survey of 6,000 IT professionals by the Ponemon Institute, 86% of companies had one or more incidents causing downtime in the past 12 months. Typical downtime was 2.2 days, with an average cost of $366,363. And that’s just the average. Could your company survive that kind of hit? It’s no wonder that 81% of smaller businesses suffering such an attack close their doors within three years.

It’s tragic. And yet the solution is so simple…

The #1 antidote for a data disaster

What’s behind these costly incidents? Here’s the breakdown of contributing factors:

  • Human error: 60%
  • Unexpected updates and patches: 56%
  • Server room environment issues: 44%
  • Power outages: 29%
  • Fire or explosion: 26%
  • Natural disasters: 10%

Note that human error accounts for 60% of the breaches. It’s no wonder then that ransomware attacks are on the rise, since they can be triggered by just one employee inadvertently clicking a bad link in an e-mail or social media site. Human behavior is hard to control. However, the #1 antidote for a ransomware attack is having a secure backup ready and waiting to replace encrypted files.

And when you scan through the rest of the list above, it becomes clear that, while you need to implement a comprehensive set of data security measures, having a solid and reliable data recovery plan in place and ready to go the moment disaster strikes is still your best defense.