Environment has been rebuilt and secured with proper anti-virus and firewalls and a dependable backup process. The client is now protected from these types of attacks in the future.
Continue readingRansomware Case Study
“Florida city to pay $600K ransom to hacker who seized computer systems weeks ago”
One of the most terrifying new threats to organizations is ransomware. This type of digital attack is one of the most disruptive and costly things that can happen to an organization, as one city in Florida recently found out.
Rivera Beach, a small city of 35,000 people was recently targeted after an employee clicked on a malicious email link. After encrypting vital government systems like fire department and police computers, CNN reports that hackers demanded that the city pay a ransom of $600,000. With no alternative, City officials recently voted to agree to the hackers demands which will be paid out of the city’s insurance money.
Cybersecurity firm Recorded Future found that in the US alone, at least 170 county, city or state government systems have been attacked since 2013, including at least 45 police and sheriff’s offices. In 2019, there have been more than 20 major US public-sector attacks which typically force affected cities to quarantine their networks and provide most of their municipal services manually.
Attacks By Hackers Are On The Rise
You may be thinking that this is unlikely to happen to you or that your business’s data isn’t important enough to gather the attention of hackers. Sadly, this isn’t the case. Ransomware is so dangerous because hackers know how valuable your data is to you! Albertan organization are just as likely to be targeted for smaller attacks as any other place. We’ve recently helped a company in Edmonton recover from one such attack, which you can read about here.
Many ransomware attacks start with an employee clicking a malicous link. We’ve created a helpful guide to share with your staff on ‘How to Diagnose a Phishing Email’. If you’re looking for help on how you can protect your business. Our IT team is happy to help you plan for the future.
Click the link below to book a meeting with our team!
Buying, Leasing, or Renting Computers: What Should Your Small Business Do?
One challenging decision that new entrepreneurs or growing companies face is whether to buy, lease, or rent computers for your staff.
It’s probably not a decision you realized you’ll need to make, but it’s an extremely important one to ensure the long-term productivity of your staff.
In this guide, we’ll help you learn which option is right for you!
1. The Buying Option
Purchasing computers can be a big capital expenditure. In fact, it would be the highest upfront cost of the three options. It also would give you a limited number of write-offs as a business.
On a positive note you would own the inventory and also be able to purchase extended warranty for the computers for 3-5 additional years just in case you need any parts or a complete replacement.
Some business owners like to overlap this option, for example purchase 10 computers this year and 10 new computers next year to extend the upgrades. Typically, owners would do an image deployment of the operating system. This involves customizing the operating system (OS), applications, drives and settings on a single computer and creating an image of it, then automatically deploying this image to all other computers. This usually saves time, effort and creates a standardization.
If this sounds like the option for you, our team can help you purchase computers at a discount and set them up. No long-term contract needed. Contact us to learn more.
“you may not realize that you’ll be required to undergo a credit check”
2.The Lease Option
Leasing computers allows you to have a lower upfront cost than option 1, but more ongoing costs. Typically leases are paid monthly or annually and you will continue paying until you have the option to purchase the machines at the end of the lease.
This option would also provide a 3rd party lease write-off as an operational expense. Additionally, you would lease your computers from the manufacture and have their direct support.
One thing you may not realize that you’ll be required to undergo a credit check. If you’re a new business, your company may or may not have established a credit rating yet, which could eliminate this option completely.
3.The Renting Option
Renting provides some comfort knowing that your provider is responsible for everything and the service and ongoing support will be provided to you for the term of your rental. Renting is typically the same price as a lease option with a bit more overhead on each machine as they are loaded with all of the software, firewalls, and protection required. Additionally, this could be used as a business write off.
Renting has the additional benefit of allowing you to be nimble with your technology adoption. As your business changes, your technology requirements may change. Renting allows for a quicker change of your core systems.
Managed Services providers like ARC typically provide access to all three options.
We hope you’ve found these tips helpful as you decide what to do. If you ever need any advice, our team is happy to help. We provide IT services for a wide variety of companies across Canada and over the last 21 years, we’ve seen it all.
Contact us if you need a hand deciding on if buying, leasing, or renting computers is the right option for you!
Case Study: A Firm Gets Attacked by Ransomware
Client Profile
The Organization:
Our client is an Edmonton-based design firm (for privacy reasons, we’re unable to share their name, just their story). Their team of experienced architects specialize in many types of projects ranging from commercial retail and office, to national restaurant chains in Canada.
The Challenge:
When firm called us, they were in a full crisis mode. A hacker had installed ransomware on their company’s server and was holding their company’s data hostage. Their business was in grave peril.
"The hacker got through the unprotected firewall and installed ransomware and encrypted the firm’s data."
Some Background:
The firm called ARC Business Solutions previous to the security hack and requested an I.T. Audit. We preformed the audit and identified the problem of an insecure firewall and provided solutions. The firm at the time decided to hold off for the time being. The security hacker got through the unprotected firewall and installed ransomware and encrypted the firm’s data. The hackers held the company’s server hostage and requested ransom of $3000 worth of bitcoin. The firm paid it in desperation and received nothing in return.
The Solution Highlight:
In situations like this, drastic measures need to be taken. ARC shut down and cut off all systems from the internet, and systematically cleansed the infection from the system. Although the situation was not ideal for the client to have all systems temporarily shut down, ARC was successful in preventing further threats.
We isolated the server and were also able to recover valuable data and scrub the software from the database. Lastly, the firm is now protecting against any future attacks as we have implemented security measures and modern firewalls.
It is clear that the best way to respond to a ransomware attack is to avoid having one in the first place. Other than that, making sure your valuable data is protected will ensure that your downtime and loss will be minimal or none.
How to Diagnose a Phishing Email
All of us have received suspicious emails in our inbox. Some of these messages can even fool our firewalls and anti-virus software. It is very important that we know how to decipher these messages as a second line of defence from these security attackers. In this post, we’ll show you what to look out for and how to protect your organization.
Interested in a downloadable copy of this article? Click here.
An Example Of A Phishing Email:
1. Hover over from email address: [email protected]
- You can see what initially appears as an email address can be altered. You need to hover over it to see the exact source. For example, it could actually be sent by [email protected], rather than what it appears.
- Ask yourself: is this email coming from a real sender?
2. Hover over the link: View project online link to see what the true URL link location is.
- Ask yourself: is this is a trusted site? Would the sender send me this email to direct me to another site? Is the domain trustworthy?
3. Be wary of links: “click here“, “your message is waiting“, “view project online“, these links are usually sending us to the outside world. These links can be altered to read something other than the real link.
4. Main message – use common sense defensive questions: is this sender asking for money, passwords, or access, or viewing? Would a real sender ask me this kind of message? (for example, if a phishing email is tailored well to have the Manager’s email address, would my Manager ask me to send him Bitcoins)?
How To Defend Against Phishing
- Spam filtering is the first line of defence. It will determine if the majority of the messages coming in are legitimate or not. If the email is well crafted it can fool spam filtering.
- If the email gets delivered to your inbox, then YOU are the second line of defence
. - If you mistakenly click an email or get sent to a site with malware, firewalls, anti-virus programs and a good IT team is your final defence.
If you do click on a link, a good firewall should be able to block the virus. The content would be blocked from being opened to your local machine.
Web filtering should also be enabled on your network. For example, if the link tries to take you to a website that is located in a suspicious country it should automatically be blocked.
A good Unified Threat Management (UTM) will determine if the source of the link is a good source or one that should be blocked.
It doesn’t matter if you have a very secure system in place. It only takes one untrained staff member to be fooled by a phishing attack. Make sure that both you and your staff understand the telltale signs of a phishing attempt.
How To Protect Your Business From Phishing Attacks
Download Free eBook
- Learn what common tactics phishers use to trick employees
- Learn what systems you can put in place to stop them before the inbox
- Learn how you can protect your company today
Case Study: One of the Largest Theatre Companies in North America Needed More Than Managed Services
Client Profile
The Organization:
The Citadel Theatre is one of the largest not-for-profit theatres in North America, drawing over 130,000 patrons from a large geographic region. Their building features 5 performance spaces and is home to three resident theatre companies: Catalyst Theatre, Rapid Fire Theatre, and Theatre Yes, in addition to creating partnerships with Edmonton theatre and dance companies, including Brian Webb Dance Co. and Firefly Theatre & Circus.
The Challenge:
When the Citadel came to us, they required much more than a typical managed services package. They needed to update the technology powering over 100 employees, implement a new network of digital signage throughout their facility, and introduce a company intranet to aid communications with staff, performers, and partners.
The Solution:
Due to the wide range of challenges the Citadel faced, we took a layered approach, rather than a one-size-fits-all solution.
Ticket Solutions – We sourced, installed, and trained the Citadel team on a new ticketing system that interfaced with website ecommerce, on-site printers, and financial systems
Staff Computers / Laptops – We provide desktop and laptop computers and service for over 100 employees
Firewalls & Data Back-ups – We ensure employee data is secure and protected from hacking, phishing, data loss, and hardware failure
Customized Digital Signage – The Citadel team came to us with a challenge: they needed a new system of screens throughout their building to promote new performances, building announcements, and sponsor messaging. We sourced screens and developed a system to manage the screens centrally and within a user-friendly interface.
Day-to-day support – whenever a tech problem arises, our team is on site to help, day-in, day-out.
Mobile App / Light Intranet – The Citadel was looking to implement a company intranet to help communicate messages to employees, share internal events, book amenities, and coordinate company-wide news. We introduced them to our ARC Intercom system which was tailor-made to help groups of people, like organizations or communities, stay on the same page. Once they found out it could also save them thousands of dollars a year over competitive products, they jumped on board immediately!
In the ever-changing world of technology, solutions don’t always come in neat little packages. That’s why we’re here to help you find the best solution for your unique circumstances. We’re proud of our work at The Citadel, and we hope if you’re ever in Edmonton, you check out their excellent productions!
We’re here to help with your IT challenges. Contact us here and we can get started right away!
The Top IT Services Blogs to Follow in 2019
We share our most bookmark-worthy IT blog sites for 2019
While there is no shortage of IT-related information on the web, not all that information comes from credible sources. Yet now more than ever, business owners and other professionals need reliable, data-driven information they can trust. This is especially true since 89 percent of companies expect their IT budgets to grow or stay steady in 2019.
Statistics like this make it clear that IT services remain in demand, and that businesses recognize the importance of remaining ahead-of-the-curve when it comes to IT-related decisions and strategies. In fact, 85 percent of enterprise executives believe they have only two years to integrate digital initiatives before falling behind their competitors, which goes to show just how red-hot the tech market is. If you aren’t leading the pack, you’re at risk of fading to the background— a disadvantage that savvy business professionals want to avoid. So, where can entrepreneurs and other professionals go to find the latest, most trustworthy IT information?
We’ve decided to point you, our valued readers, in the right direction.
Here are the Top 5 I.T. Service Blogs To Follow In 2019:
1.Information Security Buzz
Information Security Buzz was an easy choice when deciding on our favourite information technology blogs. The site is a completely independent resource that focuses on all things “security”. From the latest vendor announcements, to cyber attack updates and the latest industry research, this is a website that delivers quality content and actionable tips that business owners can implement to protect their data and systems. We encourage you to check out their list of contributing authors, a great majority of whom have substantial experience in the IT security industry.
RECOMMENDED POST:
2. I.T. World
ITWorld was created as an IT service blog where technology decision makers, business leaders, and other IT influencers could share information easily and conveniently, but it’s also an excellent place for business professionals from outside the IT industry to gain valuable insight into the latest techniques, tips, and methods. Since the site is an online hub for IT experts who are highly proficient at what they do, readers can be sure they are getting top-notch content and information every time they visit this site— making it one of the most recommended IT blogs to follow in 2019. As the site explains, all contributors to the site “have no other agenda except to share what they know, help you solve a problem and put context around recent news, a product announcement or the latest tech trend”. It doesn’t get much more useful than that!
RECOMMENDED POST:
3. Recode – Enterprise
Recode is a technology news website that focuses on the business of Silicon Valley, and is a great place to go if you want to get the latest tips and information from some of the greatest thought leaders in the tech industry. The enterprise section of their website, specifically, looks at the latest tech developments and focuses on how the impact these developments will impact businesses.
Contributors to Recode include Kara Swisher, who formerly co-hosted the Wall Street Journal’s “D: All Things Digital” (a major high-tech and media conference), and Peter Kafta, the former managing editor of Silicon Valley Insider. With such noteworthy experts at the helm, there’s no question that the team at Recode knows what they’re talking about, making them a great addition to our list of information technology blogs we check daily.
RECOMMENDED POST:
4.MSP Business Insights
MSP Business Insights is a managed services blog where MSP business peers and MSP services vendors can provide IT marketing commentary, share tips and tricks, and discuss the latest industry trends. The site is ran by Johannes Beekman, the Digital Marketing Director at MSP SEO Factory— a leading company providing IT marketing to businesses in the United States.
While the site is intended for MSP professionals, it is also a great place for business owners to familiarize themselves with managed services trends, and to learn more about the solutions their MSP should be bringing to the table. It truly provides an inside look at the managed services industry, and gives entrepreneurs a look at how MSPs should be engaging their clients. After all, it’s difficult to hold your managed services provider accountable if you don’t fully grasp what they do or how they should be managing your company’s IT systems.
RECOMMENDED POST:
5. Laurie McCabe’s Blog
Laura McCabe has more than 25 years of experience in the IT industry to her name, and is currently co-founder and partner at SMB Group— one the world’s most reputable technology industry research, analysis and consulting firms. Her blog is dedicated to the small-to-medium-sized business market, and discusses all the latest trends and developments that SMB entrepreneurs should be aware of. McCabe likes to jam-pack her articles with straight-forward, easy-to-digest tips, and always provides her knowledgeable perspective, ensuring her readers get a no-nonsense version of the latest, most relevant tech topics. Without a doubt, this is one of the most valuable IT blogs to follow in 2019, and one that we advise clients and professional contacts to browse regularly.
RECOMMENDED POST:
We hope you find the resources as helpful as we do. And, of course, if you haven’t already, we encourage you to read more of our blog posts on the ARC Business Solutions website.
Why Canada is a Prime Target for Cyber Attacks (And How Canadian Businesses Can Protect Themselves)
We discuss what makes Canada vulnerable to cyber crimes and provide our best prevention tips
According to a study released by Risk Based Security last month, Canada was number three on the list of countries with the most cyber attacks in 2018— being surpassed by the United States and the United Kingdom only. But what’s even more concerning than our world ranking is the fact that 12,551,574 Canadian records were exposed as a result of cyber security breaches last year alone. That’s a massive amount of sensitive data that has been compromised and accessed by cyber criminals. Yet many Canadian businesses (and individuals) still continue to underestimate the likelihood and the potential severity of cyber crime incidents.
For example, in Canada, the total downtime caused by a cyber attack was 23 hours on average in 2017. That’s a significant amount of time to spend away from the day-to-day operations of your business. Yet 41 percent of companies have more than 1,000 sensitive files that are open to everyone and vulnerable to being hacked. Statistics like these highlight the complicated nature of cyber crimes in Canada, and shine a light on the fact that Canadians must become more proactive if they want to protect themselves from cyber crime incidents in the future.
Prevention Must Be A Priority
Moving forward, Canadian businesses will face added pressure to invest in more advanced forms of IT security— with a specific focus on deterring cyber crime before it happens. Some recommended methods of preventing cyber crime include:
- Hiring a Managed Services Provider who is experienced and can address your IT concerns with a thorough knowledge of industry best practices.
- Use two-factor authentication whenever possible.
- Conduct security audits on a regular basis.
- Routinely train employees on security best practices and implement clear policies on how information should be protected.
- Update your browsers, operating systems, and anti-virus software regularly.
How ARC Managed Services Can Help:
At ARC Business Solutions, our Managed Services team offers 24/7 proactive support for businesses who require added manpower. Essentially, when you hire us, you get an entire IT department that you can depend on at any time. Our dedicated and qualified IT professionals are trained to handle technology issues of any magnitude, and always come prepared with proven innovative solutions that work.
Some of the ways we can strengthen your cyber defenses include:
- Identifying your riskiest files and data
- Providing real-time, automated security testing
- Conducting a full inventory of all authorized and unauthorized devices that access your network
- Implementing automated anti-virus and anti-malware software
- Conducting vulnerability assessments
And more.
The Current State of Cyber Security (And ARC’s Predictions for the Future)
We take a comprehensive look at the threats and concerns associated with cyber security today
2018 was an eventful year for cyber security. Major brands like Under Armour, Ticketfly, Uber, and British Airways were all victims of cyber attacks that exposed sensitive client data, and posed a serious risk to overall business operations. But large corporations aren’t the only ones who are susceptible. One out of every five Canadian businesses experienced some form of cyber security issue in 2018. And when you consider how prevalent cyber attacks are becoming, it becomes easier to understand why businesses are now investing more than ever before in cyber crime prevention strategies.
For example: Did you know that the average user receives 16 malicious spam emails per month? Or that there was a 88 percent increase in new malware programs from 2016 to 2017? Security trends like these prove that there is a valid reason for concern, and emphasize the importance of making cyber security a top priority— especially for businesses and other organizations. But what can business owners do with this information? And what cyber security predictions for the future should they be paying attention to?
Well, to start, it’s essential that business owners and organizational leaders understand that cyber attacks are only becoming more sophisticated and difficult to detect. Thus, the time to invest in cutting-edge cyber crime prevention strategies is now— not later. Speaking to a professional and reputable managed services provider is always a smart place to start, since they come armed with years of industry experience, knowledge of the most powerful and insightful crime prevention tools, and the hands-on skills required to address issues in a timely manner. But as for what to expect from the future— that’s where things get a little more complicated.
Since cyber criminals are continuously fine-tuning their craft, releasing increasingly dangerous versions of malware, it’s impossible to know exactly what’s to come. With that being said, there are some data-backed predictions that can provide a general idea of future cyber security threats and their potential impact.
Here Are ARC’s Top 3 Cyber Security Predictions for 2019:
1. Multi-Factor Identification Will Become A Must
Unfortunately, due to the advancement of malicious software, the traditional username and password no longer provide the level of security most business owners want to maintain. Even the most complicated of passwords can be hacked.
Thus, it is highly likely that multi-factor identification will become a standard. Whether it’s being asked to enter a PIN (as well as a password), or having employees scan their finger using their mobile device, there are many forms of multi-factor identification that businesses can use. And since 81 percent of hacking-related breaches are successful because of stolen and/or weak passwords, this is an excellent way to reduce the likelihood of becoming the victim of a cyber attack.
2. Payouts Could Result In A Ransom Ban
It has become increasingly popular for businesses who have experienced a cyber attack to financially compensate online criminals in exchange for the safe return of their data and systems. Unfortunately, however, paying cyber criminals rarely benefits anyone other than the victim. More often than not, the online criminal will simply re-invest the money they receive from a ransom, using it to improve their malicious software and better target their next victim. Additionally, paying a ransom doesn’t guarantee that the attacker won’t strike again.
For these reasons, governments are seriously considering placing a ban on ransom payments associated with cyber crimes, as a means of preventing extortion. Thus, it’s more important than ever for businesses to educate themselves on detection and prevention, and have solid response strategies in place.
3. The Rise Of Measurable Managed Services
As cyber security becomes a fundamental part of operating a business, more and more entrepreneurs are turning to qualified professionals for protection. But they don’t simply want someone to rely on— they want proof that the services they are paying for are delivering results. Thus, managed services providers must be prepared to meet the desired outcomes of their clients, and to be accountable for those outcomes throughout the working relationship. By taking this approach, businesses are able to more closely monitor their IT spend, as well as identify opportunities for improvement. Plus, it comes with additional peace of mind, since key metrics can be used to better inform team members when IT-related decisions must be made.
3 Cyber Security Concerns That Were Unheard of Just a Few Years Ago
Everything you should know about the progression of cyber crime
A lot has changed since the emergence of malicious hacking in the 1970’s, when tech savvy criminals began manipulating phone systems as a means of making free long distance calls. Personal computers began hitting the market, and the world wide web gained traction, becoming a momentous commercial success. In fact, in 1995 there were just 16 million internet users worldwide. Today, there are 4.2 billion.
With such dramatic growth, it was to be expected that cybersecurity would become a pressing concern. Just like in the real world, criminals look for opportunities, and the digital world offered plenty of them. Cyber crime cases like the Datastream Cowboy and Kuji attacks, as well as the Melissa Virus, made businesses, government agencies, and other organizations aware of how devastating computerized crimes could really be. Fast forward to the present, and 230,000 new malware programs are being produced each and every day, while ransomware attacks grow by more than 350 percent per year— proving that the evolution of cyber crime should be a concern for everyone.
In a nutshell? It has never been more imperative for companies to understand cyber security best practices, and have expertly-conceptualized strategies in place to combat these computer-based attacks. So, what are some of the most concerning cybersecurity developments that have occured in recent years? And how can business professionals protect themselves and the organizations they work for? These are the questions we’ll be answering in today’s blog.
Here Are 3 Cyber Security Concerns That Were Unheard Of Just a Few Years Ago:
1. Steganography Attacks
Steganography is the practice of replacing portions of data within files like images, audio files, and graphics with different, infected code. This method is particularly worrying since it completely hides the fact that malicious code is being uploaded or downloaded, leaving computer users vulnerable, unaware that a virus is lurking within the file. Additionally, many anti-virus programs and security tools are unable to detect the code, due to the clever ways cyber criminals embed the code within the file.
Security researchers reported a 600 percent upsurge in steganographically-based attacks in 2017, which is highly problematic. Thus, it’s crucial that businesses and organizations invest in cutting-edge technologies and prevention strategies to ward off these types of threats. Speaking with a reputable and experienced managed services provider is always a great place to start.
2. IOT (Internet Of Things) Attacks
The Internet of Things is a term used to describe all of the various device types available today that can connect to the internet— from refrigerators, to vehicles, televisions, e-readers, and more. All of these devices (as long as they are connected to the internet) can be hacked, and once they are, any of the information stored on the device is up for grabs. Additionally, once a hacker has found their way into one of the devices on your IoT network, it becomes easier to gain access to the others.
Some recommended ways to protect your devices from IoT attacks include:
- Always changing the default username and password on your devices, and using password best practices when creating your new login credentials.
- Updating and installing IoT firmware regularly.
- Disconnecting IoT devices from the internet whenever they aren’t in use.
- Deleting apps that you don’t use or that look unfamiliar to you.
- Do your research— read up on your new device and see if other customers have experienced security issues when using the device.
Remember, approximately 50,000 IoT attacks were documented in 2017, and that number is expected to rise. Hiring a managed services company is an excellent way to ensure your business is guarded against these threats.
3. Spear Phishings
You’ve probably heard of phishing, or fraudulent email campaigns that do their best to seem legitimate, as a means of obtaining sensitive information about the receiver. But this classic online scheme has taken on a whole new level with the emergence of spear phishing. It’s the same concept, but hyper-focused, with cyber criminals focusing on one individual instead of casting a wide net and seeing what turns up. These cyber criminals will use extreme measures to gain whatever information they can about their target— and then ultimately use that information to execute better, more difficult-to-detect attacks.
The key here is that the criminal focuses on getting to know their victim, observing their online behavior and using tactics that are targeted towards the victim’s habits, interests, and vulnerabilities. This detailed and methodical approach is a recent development, proving that the evolution of cyber crime has been shaped by criminals who are willing to use whatever means necessary to infiltrate their targets. More often than not, spear phishing is done via emails, so being highly aware is essential if you want to combat these types of attacks. Employees need to be educated on email safety and should always secure their accounts by making use of spam filters and screening their inboxes for viruses.
Again, a seasoned and established managed services provider can ensure you have the right preventative strategies in place, and ensure your system is up to date and secure.