“Florida city to pay $600K ransom to hacker who seized computer systems weeks ago”

One of the most terrifying new threats to organizations is ransomware. This type of digital attack is one of the most disruptive and costly things that can happen to an organization, as one city in Florida recently found out.

Rivera Beach, a small city of 35,000 people was recently targeted after an employee clicked on a malicious email link. After encrypting vital government systems like fire department and police computers, CNN reports that hackers demanded that the city pay a ransom of  $600,000. With no alternative, City officials recently voted to agree to the hackers demands which will be paid out of the city’s insurance money.  

Cybersecurity firm Recorded Future found that in the US alone, at least 170 county, city or state government systems have been attacked since 2013, including at least 45 police and sheriff’s offices. In 2019, there have been more than 20 major US public-sector attacks which typically force affected cities to quarantine their networks and provide most of their municipal services manually.

Attacks By Hackers Are On The Rise

You may be thinking that this is unlikely to happen to you or that your business’s data isn’t important enough to gather the attention of hackers. Sadly, this isn’t the case. Ransomware is so dangerous because hackers know how valuable your data is to you! Albertan organization are just as likely to be targeted for smaller attacks as any other place. We’ve recently helped a company in Edmonton recover from one such attack, which you can read about here. 

Many ransomware attacks start with an employee clicking a malicous link. We’ve created a helpful guide to share with your staff on ‘How to Diagnose a Phishing Email’. If you’re looking for help on how you can protect your business. Our IT team is happy to help you plan for the future.

Click the link below to book a meeting with our team!

Buying, Leasing, or Renting Computers: What Should Your Small Business Do?

Should You Rent, Buy, or Lease Your Company Computers

One challenging decision that new entrepreneurs or growing companies face is whether to buy, lease, or rent computers for your staff. 

It’s probably not a decision you realized you’ll need to make, but it’s an extremely important one to ensure the long-term productivity of your staff. 

In this guide, we’ll help you learn which option is right for you!

1. The Buying Option

Purchasing computers can be a big capital expenditure. In fact, it would be the highest upfront cost of the three options.  It also would give you a limited number of write-offs as a business.

On a positive note you would own the inventory and also be able to purchase extended warranty for the computers for 3-5 additional years just in case you need any parts or a complete replacement. 

Some business owners like to overlap this option, for example purchase 10 computers this year and 10 new computers next year to extend the upgrades. Typically, owners would do an image deployment of the operating system.  This involves customizing the operating system (OS), applications, drives and settings on a single computer and creating an image of it, then automatically deploying this image to all other computers. This usually saves time, effort and creates a standardization.

If this sounds like the option for you, our team can help you purchase computers at a discount and set them up. No long-term contract needed. Contact us to learn more.

“you may not realize that you’ll be required to undergo a credit check”

2.The Lease Option

Leasing computers allows you to have a lower upfront cost than option 1, but more ongoing costs. Typically leases are paid monthly or annually and you will continue paying until you have the option to purchase the machines at the end of the lease.

This option would also provide a 3rd party lease write-off as an operational expense.  Additionally, you would lease your computers from the manufacture and have their direct support. 

One thing you may not realize that you’ll be required to undergo a credit check. If you’re a new business, your company may or may not have established a credit rating yet, which could eliminate this option completely.

3.The Renting Option

Renting provides some comfort knowing that your provider is responsible for everything and the service and ongoing support will be provided to you for the term of your rental.  Renting is typically the same price as a lease option with a bit more overhead on each machine as they are loaded with all of the software, firewalls, and protection required. Additionally, this could be used as a business write off.

Renting has the additional benefit of allowing you to be nimble with your technology adoption. As your business changes, your technology requirements may change. Renting allows for a quicker change of your core systems. 

Managed Services providers like ARC typically provide access to all three options.

We hope you’ve found these tips helpful as you decide what to do. If you ever need any advice, our team is happy to help. We provide IT services for a wide variety of companies across Canada and over the last 21 years, we’ve seen it all. 

Contact us if you need a hand deciding on if buying, leasing, or renting computers is the right option for you! 

Case Study: A Firm Gets Attacked by Ransomware

Client Profile

The Organization:

Our client is an Edmonton-based design firm (for privacy reasons, we’re unable to share their name, just their story).  Their team of experienced architects specialize in many types of projects ranging from commercial retail and office, to national restaurant chains in Canada.

The Challenge:

When firm called us, they were in a full crisis mode. A hacker had installed ransomware on their company’s server and was holding their company’s data hostage. Their business was in grave peril.

"The hacker got through the unprotected firewall and installed ransomware and encrypted the firm’s data."

Some Background:

The firm called ARC Business Solutions previous to the security hack and requested an I.T. Audit.  We preformed the audit and identified the problem of an insecure firewall and provided solutions.  The firm at the time decided to hold off for the time being.  The security hacker got through the unprotected firewall and installed ransomware and encrypted the firm’s data.  The hackers held the company’s server hostage and requested ransom of $3000 worth of bitcoin.   The firm paid it in desperation and received nothing in return.

The Solution Highlight:

In situations like this, drastic measures need to be taken. ARC shut down and cut off all systems from the internet, and systematically cleansed the infection from the system. Although the situation was not ideal for the client to have all systems temporarily shut down, ARC was successful in preventing further threats. 

We isolated the server and were also able to recover valuable data and scrub the software from the database.  Lastly, the firm is now protecting against any future attacks as we have implemented security measures and modern firewalls. 

It is clear that the best way to respond to a ransomware attack is to avoid having one in the first place.  Other than that, making sure your valuable data is protected will ensure that your downtime and loss will be minimal or none. 

How to Diagnose a Phishing Email

All of us have received suspicious emails in our inbox.  Some of these messages can even fool our firewalls and anti-virus software.  It is very important that we know how to decipher these messages as a second line of defence from these security attackers.  In this post, we’ll show you what to look out for and how to protect your organization. 

Interested in a downloadable copy of this article? Click here.

An Example Of A Phishing Email:

1. Hover over from email address: John.Smith@abccompany.com

  • You can see what initially appears as an email address can be altered.  You need to hover over it to see the exact source. For example, it could actually be sent by hackeremail@differentdomain.com, rather than what it appears.
  • Ask yourself: is this email coming from a real sender?

2. Hover over the link: View project online link to see what the true URL link location is.

  • Ask yourself: is this is a trusted site?  Would the sender send me this email to direct me to another site? Is the domain trustworthy?

3. Be wary of links: “click here“, “your message is waiting“, “view project online“, these links are usually sending us to the outside world.  These links can be altered to read something other than the real link.  

4.  Main message – use common sense defensive questions: is this sender asking for money, passwords, or access, or viewing?  Would a real sender ask me this kind of message? (for example, if a phishing email is tailored well to have the Manager’s email address, would my Manager ask me to send him Bitcoins)?

How To Defend Against Phishing

  1. Spam filtering is the first line of defence. It will determine if the majority of the messages coming in are legitimate or not. If the email is well crafted it can fool spam filtering.

  2. If the email gets delivered to your inbox, then YOU are the second line of defence

    .
  3. If you mistakenly click an email or get sent to a site with malware, firewalls, anti-virus programs and a good IT team is your final defence.

If you do click on a link, a good firewall should be able to block the virus. The content would be blocked from being opened to your local machine.

Web filtering should also be enabled on your network. For example, if the link tries to take you to a website that is located in a suspicious country it should automatically be blocked.

A good Unified Threat Management (UTM) will determine if the source of the link is a good source or one that should be blocked.

It doesn’t matter if you have a very secure system in place. It only takes one untrained staff member to be fooled by a phishing attack. Make sure that both you and your staff understand the telltale signs of a phishing attempt.

How To Protect Your Business From Phishing Attacks

Download Free eBook

  • Learn what common tactics phishers use to trick employees
  • Learn what systems you can put in place to stop them before the inbox
  • Learn how you can protect your company today

Case Study: One of the Largest Theatre Companies in North America Needed More Than Managed Services

Client Profile

The Organization:

The Citadel Theatre is one of the largest not-for-profit theatres in North America, drawing over 130,000 patrons from a large geographic region. Their building features 5 performance spaces and  is home to three resident theatre companies: Catalyst TheatreRapid Fire Theatre, and Theatre Yes, in addition to creating partnerships with Edmonton theatre and dance companies, including Brian Webb Dance Co. and Firefly Theatre & Circus.

The Challenge:

When the Citadel came to us, they required much more than a typical managed services package. They needed to update the technology powering over 100 employees, implement a new network of digital signage throughout their facility, and introduce a company intranet to aid communications with staff, performers, and partners.

The Solution:

Due to the wide range of challenges the Citadel faced, we took a layered approach, rather than a one-size-fits-all solution.

Ticket Solutions – We sourced, installed, and trained the Citadel team on a new ticketing system that interfaced with website ecommerce, on-site printers, and financial systems

Staff Computers / Laptops – We provide desktop and laptop computers and service for over 100 employees 

Firewalls & Data Back-ups – We ensure employee data is secure and protected from hacking, phishing, data loss, and hardware failure

Customized Digital Signage – The Citadel team came to us with a challenge: they needed a new system of screens throughout their building to promote new performances, building announcements, and sponsor messaging. We sourced screens and developed a system to manage the screens centrally and within a user-friendly interface.

Day-to-day support – whenever a tech problem arises, our team is on site to help, day-in, day-out.

Mobile App / Light Intranet – The Citadel was looking to implement a company intranet to help communicate messages to employees, share internal events, book amenities, and coordinate company-wide news. We introduced them to our ARC Intercom system which was tailor-made to help groups of people, like organizations or communities, stay on the same page. Once they found out it could also save them thousands of dollars a year over competitive products, they jumped on board immediately!

In the ever-changing world of technology, solutions don’t always come in neat little packages. That’s why we’re here to help you find the best solution for your unique circumstances. We’re proud of our work at The Citadel, and we hope if you’re ever in Edmonton, you check out their excellent productions!

We’re here to help with your IT challenges. Contact us here and we can get started right away!

Why Your Company Needs An External I.T. Systems and Security Audit

Do you know if your firewall is up to date?

What about your network infrastructure? Ensuring that everything is current and secure takes up valuable time and resources. What you need is a clear picture of your existing technology environment, and where it should be, and a tech audit can provide that.

That’s why we offer a Free Tech Audit. Essentially, it’s an hour-long, on-site assessment of your environment. When you submit your request for an audit, we’ll contact you to set a date and time that’s convenient and give you a general idea of how the audit will be conducted. Then, one of our technicians will come on site to conduct the assessment.

The Process

While we do have a standard list of checks, our free tech audits are more personal and based on asking questions. We’ll start off with some basic ones to better understand your I.T. situation, such as:

  • Why did you request a free tech audit?
  • What are your current I.T. pain points/challenges?

Then, based on if your infrastructure is accessible, we’ll take a deeper approach and run through a list of specific audit questions to understand what your technology can handle. These include:

  • How many computers do you have?
  • How many servers and users do you have?
  • How old is your infrastructure?
  • Which applications and plugins do you use? Do you use any special software?
  • Are there any relevant policies or procedures we should be aware of?
  • Are there any relevant legal liabilities or government regulations we should be aware of?
  • Do you have a data backup process in place?
  • Do you have a disaster recovery process in place?
  • How detailed are your processes, and have they been tested?

After The Audit

Once the audit is complete, we’ll compile a report and series of recommendations based on our findings. Then, we’ll set up a meeting with you to go through the report. It’s important to us that you understand your current I.T. environment, and where it should be. Finally, we’ll put together a technology plan and proposal, and explain how they will address your I.T. problems. Simple as that.

You can think it over and decide whether our plan fits your needs. We won’t rush you. Contact us when you’re ready. The next step is up to you!

 

Are you interested in getting a free tech audit? Submit your request and get started today!

The Top IT Services Blogs to Follow in 2019

Blog - ARC Managed Services

We share our most bookmark-worthy IT blog sites for 2019

While there is no shortage of IT-related information on the web, not all that information comes from credible sources.  Yet now more than ever, business owners and other professionals need reliable, data-driven information they can trust.  This is especially true since 89 percent of companies expect their IT budgets to grow or stay steady in 2019.

Statistics like this make it clear that IT services remain in demand, and that businesses recognize the importance of remaining ahead-of-the-curve when it comes to IT-related decisions and strategies.  In fact, 85 percent of enterprise executives believe they have only two years to integrate digital initiatives before falling behind their competitors, which goes to show just how red-hot the tech market is. If you aren’t leading the pack, you’re at risk of fading to the background— a disadvantage that savvy business professionals want to avoid.  So, where can entrepreneurs and other professionals go to find the latest, most trustworthy IT information?  

We’ve decided to point you, our valued readers, in the right direction.

 

Here are the Top 5 I.T. Service Blogs To Follow In 2019:

 

1.Information Security Buzz

Information Security Buzz was an easy choice when deciding on our favourite information technology blogs. The site is a completely independent resource that focuses on all things “security”.  From the latest vendor announcements, to cyber attack updates and the latest industry research, this is a website that delivers quality content and actionable tips that business owners can implement to protect their data and systems.  We encourage you to check out their list of contributing authors, a great majority of whom have substantial experience in the IT security industry.

RECOMMENDED POST: 

 

2. I.T. World

ITWorld was created as an IT service blog where technology decision makers, business leaders, and other IT influencers could share information easily and conveniently, but it’s also an excellent place for business professionals from outside the IT industry to gain valuable insight into the latest techniques, tips, and methods.  Since the site is an online hub for IT experts who are highly proficient at what they do, readers can be sure they are getting top-notch content and information every time they visit this site— making it one of the most recommended IT blogs to follow in 2019.  As the site explains, all contributors to the site “have no other agenda except to share what they know, help you solve a problem and put context around recent news, a product announcement or the latest tech trend”.  It doesn’t get much more useful than that!

RECOMMENDED POST:

 

3. Recode – Enterprise

Recode is a technology news website that focuses on the business of Silicon Valley, and is a great place to go if you want to get the latest tips and information from some of the greatest thought leaders in the tech industry.  The enterprise section of their website, specifically, looks at the latest tech developments and focuses on how the impact these developments will impact businesses.

Contributors to Recode include Kara Swisher, who formerly co-hosted the Wall Street Journal’s “D: All Things Digital” (a major high-tech and media conference), and Peter Kafta, the former managing editor of Silicon Valley Insider.  With such noteworthy experts at the helm, there’s no question that the team at Recode knows what they’re talking about, making them a great addition to our list of information technology blogs we check daily.

RECOMMENDED POST:

 

4.MSP Business Insights

MSP Business Insights is a managed services blog where MSP business peers and MSP services vendors can provide IT marketing commentary, share tips and tricks, and discuss the latest industry trends.  The site is ran by Johannes Beekman, the Digital Marketing Director at MSP SEO Factory— a leading company providing IT marketing to businesses in the United States.

While the site is intended for MSP professionals, it is also a great place for business owners to familiarize themselves with managed services trends, and to learn more about the solutions their MSP should be bringing to the table. It truly provides an inside look at the managed services industry, and gives entrepreneurs a look at how MSPs should be engaging their clients.  After all, it’s difficult to hold your managed services provider accountable if you don’t fully grasp what they do or how they should be managing your company’s IT systems.

RECOMMENDED POST:

 

5. Laurie McCabe’s Blog

Laura McCabe has more than 25 years of experience in the IT industry to her name, and is currently co-founder and partner at SMB Group— one the world’s most reputable technology industry research, analysis and consulting firms.  Her blog is dedicated to the small-to-medium-sized business market, and discusses all the latest trends and developments that SMB entrepreneurs should be aware of.  McCabe likes to jam-pack her articles with straight-forward, easy-to-digest tips, and always provides her knowledgeable perspective, ensuring her readers get a no-nonsense version of the latest, most relevant tech topics.  Without a doubt, this is one of the most valuable IT blogs to follow in 2019, and one that we advise clients and professional contacts to browse regularly.

    RECOMMENDED POST:

We hope you find the resources as helpful as we do.  And, of course, if you haven’t already, we encourage you to read more of our blog posts on the ARC Business Solutions website.

 

Why Canada is a Prime Target for Cyber Attacks (And How Canadian Businesses Can Protect Themselves)

Canada Flag

We discuss what makes Canada vulnerable to cyber crimes and provide our best prevention tips

According to a study released by Risk Based Security last month, Canada was number three on the list of countries with the most cyber attacks in 2018— being surpassed by the United States and the United Kingdom only.  But what’s even more concerning than our world ranking is the fact that 12,551,574 Canadian records were exposed as a result of cyber security breaches last year alone.  That’s a massive amount of sensitive data that has been compromised and accessed by cyber criminals.  Yet many Canadian businesses (and individuals) still continue to underestimate the likelihood and the potential severity of cyber crime incidents.

For example, in Canada, the total downtime caused by a cyber attack was 23 hours on average in 2017.  That’s a significant amount of time to spend away from the day-to-day operations of your business.  Yet 41 percent of companies have more than 1,000 sensitive files that are open to everyone and vulnerable to being hacked.  Statistics like these highlight the complicated nature of cyber crimes in Canada, and shine a light on the fact that Canadians must become more proactive if they want to protect themselves from cyber crime incidents in the future.

 

Prevention Must Be A Priority 

Moving forward, Canadian businesses will face added pressure to invest in more advanced forms of IT security— with a specific focus on deterring cyber crime before it happens.  Some recommended methods of preventing cyber crime include:

  • Hiring a Managed Services Provider who is experienced and can address your IT concerns with a thorough knowledge of industry best practices.
  • Use two-factor authentication whenever possible.
  • Conduct security audits on a regular basis.
  • Routinely train employees on security best practices and implement clear policies on how information should be protected.
  • Update your browsers, operating systems, and anti-virus software regularly.

 

How ARC Managed Services Can Help:

At ARC Business Solutions, our Managed Services team offers 24/7 proactive support for businesses who require added manpower.   Essentially, when you hire us, you get an entire IT department that you can depend on at any time.  Our dedicated and qualified IT professionals are trained to handle technology issues of any magnitude, and always come prepared with proven innovative solutions that work.

Some of the ways we can strengthen your cyber defenses include:

  • Identifying your riskiest files and data
  • Providing real-time, automated security testing
  • Conducting a full inventory of all authorized and unauthorized devices that access your network
  • Implementing automated anti-virus and anti-malware software
  • Conducting vulnerability assessments

And more.

 

The Current State of Cyber Security (And ARC’s Predictions for the Future)

Blog - ARC Managed Services

We take a comprehensive look at the threats and concerns associated with cyber security today

2018 was an eventful year for cyber security.  Major brands like Under Armour, Ticketfly, Uber, and British Airways were all victims of cyber attacks that exposed sensitive client data, and posed a serious risk to overall business operations.  But large corporations aren’t the only ones who are susceptible. One out of every five Canadian businesses experienced some form of cyber security issue in 2018.  And when you consider how prevalent cyber attacks are becoming, it becomes easier to understand why businesses are now investing more than ever before in cyber crime prevention strategies.

For example:   Did you know that the average user receives 16 malicious spam emails per month?  Or that there was a 88 percent increase in new malware programs from 2016 to 2017?  Security trends like these prove that there is a valid reason for concern, and emphasize the importance of making cyber security a top priority— especially for businesses and other organizations.  But what can business owners do with this information? And what cyber security predictions for the future should they be paying attention to?

Well, to start, it’s essential that business owners and organizational leaders understand that cyber attacks are only becoming more sophisticated and difficult to detect.  Thus, the time to invest in cutting-edge cyber crime prevention strategies is now— not later.  Speaking to a professional and reputable managed services provider is always a smart place to start, since they come armed with years of industry experience, knowledge of the most powerful and insightful crime prevention tools, and the hands-on skills required to address issues in a timely manner.  But as for what to expect from the future— that’s where things get a little more complicated.

Since cyber criminals are continuously fine-tuning their craft, releasing increasingly dangerous versions of malware, it’s impossible to know exactly what’s to come.   With that being said, there are some data-backed predictions that can provide a general idea of future cyber security threats and their potential impact.

 

Here Are ARC’s Top 3 Cyber Security Predictions for 2019:

 

1. Multi-Factor Identification Will Become A Must

Unfortunately, due to the advancement of malicious software, the traditional username and password no longer provide the level of security most business owners want to maintain.  Even the most complicated of passwords can be hacked.

Thus, it is highly likely that multi-factor identification will become a standard. Whether it’s being asked to enter a PIN (as well as a password), or having employees scan their finger using their mobile device, there are many forms of multi-factor identification that businesses can use.  And since 81 percent of hacking-related breaches are successful because of stolen and/or weak passwords, this is an excellent way to reduce the likelihood of becoming the victim of a cyber attack.

 

2. Payouts Could Result In A Ransom Ban

It has become increasingly popular for businesses who have experienced a cyber attack to financially compensate online criminals in exchange for the safe return of their data and systems.  Unfortunately, however, paying cyber criminals rarely benefits anyone other than the victim. More often than not, the online criminal will simply re-invest the money they receive from a ransom, using it to improve their malicious software and better target their next victim.  Additionally, paying a ransom doesn’t guarantee that the attacker won’t strike again. 

For these reasons, governments are seriously considering placing a ban on ransom payments associated with cyber crimes, as a means of preventing extortion.  Thus, it’s more important than ever for businesses to educate themselves on detection and prevention, and have solid response strategies in place.

 

3. The Rise Of Measurable Managed Services

As cyber security becomes a fundamental part of operating a business, more and more entrepreneurs are turning to qualified professionals for protection. But they don’t simply want someone to rely on— they want proof that the services they are paying for are delivering results.  Thus, managed services providers must be prepared to meet the desired outcomes of their clients, and to be accountable for those outcomes throughout the working relationship.  By taking this approach, businesses are able to more closely monitor their IT spend, as well as identify opportunities for improvement. Plus, it comes with additional peace of mind, since key metrics can be used to better inform team members when IT-related decisions must be made.