IT consulting and tech support blog
Cybersecurity must be a priority
Published November 10, 2022
Even the smallest businesses are finding that online threats such as cybercriminals and data brokers are a real threat, making infrastructure security something businesses must invest in if they want to minimize their material risk. Infrastructure security refers to the layers of defense on your computers, network, and cloud services. It is also important to note that ongoing cybersecurity training is as important, if not more so, than the technical safeguards such as antivirus.
If your business hasn’t invested in cybersecurity yet, you’re putting your reputation at risk. Here are three ways you can make cybersecurity a priority to keep your business safe from online threats.
Control and Restrict Access to Your Networks
One of the main reasons online threats are able to penetrate a business’s security system is because of unrestricted access to computers on internal networks. Cybercriminals take advantage of these poorly secured computer networks to steal data, create persistent threats, and extort cash. Research by Kaspersky Labs found that average cost of a single breach thanks to ransomware, poor password hygiene and other factors is around $101,000 for small and mid-sized businesses.
The best way to avoid a breach is by making sure that each employee uses their own account and unique, complex passwords. Your company should also set up appropriate levels of access for employees so that only employees that need access to more important financial records, client information, or intellectual property can access that information. Also critical: Use multifactor authentication wherever possible.
Conduct Drills
Just like schools run fire drills, IT service providers should run simulated phishing and cyberattacks to keep companies and employees on their toes. Your business should engage with cybersecurity companies for vulnerability testing, in which professionals will attempt to find ways to access to your networks, computers, and cloud services.
Perform Regular Updates
It's important to keep software up to date so that it effectively defends against new threats. If you fail to keep your operating systems and applications updated, you’re running a huge risk. It’s like leaving your home or car unlocked: someone can walk in at any moment. There are new vulnerabilities being discovered every day, and your systems need to be up to date to fight against emerging threats.
Taking the time and effort to make cybersecurity a priority is the best way to ensure your businesses' online security. New River Computing offers an advanced security solution, Guardian Fortress to help reduce your company's material risk. Please contact us if you want to take the next step in your cybersecurity endeavors.
Solarwinds, security, New River Computing, and you
Published February 05, 2021
Many recent news reports have come out regarding a massive hack of the Solarwinds Orion IT asset management system. This compromise is unprecedented in scale and reach, and the fallout from it will reverberate throughout the IT industry for years.
Solarwinds Orion is one of many IT asset management systems (New River Computing uses one called Connectwise Automate). This software is great for managing a large number of IT systems, with the ability to provide security updates, monitoring, and many other functions from a single console, with the click of a mouse. These abilities make it an ideal target for a malicious actor – By owning a software system such as this, the bad actor in turn owns every company or agency that uses the software.
Solarwinds Orion was hacked from the inside, most likely because of poor security practices at the Solarwinds company. Once the hackers had the ability to change the Orion software, they added backdoor code to it that was then distributed to Orion customers, allowing the bad actors access to every network that uses this management tool.
Starting in March, as many as 18,000 companies and government agencies downloaded the malicious software – 425 of the Fortune 500 companies, 10 top US telecoms, the Pentagon, Departments of State and Treasury, and many others. This malicious backdoor software remained undetected for months, allowing the bad actors access to the infected network resources, data, and almost anything on a network that you can imagine. The backdoor code is so stealthy that many organizations may not ever know that they were compromised.
The attack was almost certainly perpetrated by a government – Russia, China, and the US all have the capabilities to achieve an attack like this, as well as many other state actors. This attack will have long lasting impacts, taking years to clean up, and changing IT management behavior.
Luckily, New River Computing did not use any Solarwinds software, and so we and our clients were not affected by this attack. Early in 2020, however, New River Computing looked around and realized that security was the top priority for our internal resources. The IT industry as a whole has spent the last few years improving efficiency of and driving down costs for rigorous asset management. But Security has been lagging behind, as evidenced by this attack. New River Computing will be spending 2021 and beyond improving access to top-notch security tools and techniques.
Please feel free to reach out if you have any questions.
Save hard drive space with OneDrive files on-demand
Published March 19, 2018
OneDrive has just gotten better with the addition of "OneDrive Files On-Demand." This is a great feature that I'm extremely excited about and love using. It allows you to see your entire OneDrive, and access all the files and folders you store there, directly from File Explorer. However, this functionality used to be standard in Windows 8 (then called "Place Holders"), but for whatever reason and without warning, Microsoft took it away from us and in its place implemented a selective folder sync capability which was nowhere even close to comparable.
Now that it’s back, this new version, called Files On-Demand, Microsoft claims to have fixed all the issues that apparently plagued Place Holders (though I never experienced them) and it’s supposed to work better and faster than ever.
Here's how to get started:
- Select the OneDrive icon in the system tray, open the application and click on settings
- Enable the option "Save space and download files as you use them."
- After enabling the function, OneDrive will require a bit of time to sync your complete cloud-based file listing to your computer. But after its done, you can go to OneDrive in File Explorer to see all the OneDrive folders you've chosen to sync to your computer available offline. Also, there's a new Status column, available in the OneDrive folders, which indicates whether each file or folder is "available when online," "available on this device," or "sync pending."
If you're a OneDrive user (if not, you should be!), there's no good reason not to be using this feature. So, do yourself a favor and start using it now!
O365 version history
Published February 19, 2018
Ever wish you could restore a previous version of a Word document or an Excel spreadsheet? Well if you are an Office 365 subscriber using SharePoint, OneDrive, and OneDrive for Business, you can! Office 2016 automatically saves versions of your files while you’re working on them. This feature allows you to see how files have changed between versions or even restore to an older version should the need arise.
In Word, you can view and restore previous versions by clicking File – View and restore previous versions.
The the list of previous versions of the document opens.
Check out the Microsoft Support article View previous versions of Office files for more details.
The Equifax data breach
Published October 01, 2017
I'm sure everyone is painfully aware of the recent data breach at Equifax. Industry experts are suggesting that this breach was a state-sponsored hack, and I believe them. Chances are everyone reading this newsletter has had their personal financial information compromised. You must take action.
Go to annualcreditreport.com and get a free copy of your credit reports from the big three and review for discrepancies. You can go to the official Equifax site and jump through their hoops just don't use other sites: Some are scams. Annualcreditreport.com is the official site.
- Freezing your credit is a protective measure, my family chose. You can contact each credit reporting agency individually, or in our case, pay Experian to freeze accounts at all three agencies. Not sure if Experian is still offering this option, but it saved some hassle!
- Freezing your credit can be done online or you can call each of the three reporting agencies: TransUnion: 1-888-909-8872; Equifax: 1-800-349-9960; Experian: 1-888-397-3742.
- Freezing your credit takes about 30-45 minutes per identity.
- There are some additional costs and time associated with unfreezing your credit when you apply for a new credit card or home/auto loan. Additionally, applying for a rental agreement, new utility service or even cell phone agreements may be impacted. When you unfreeze your credit, it can only be unfrozen with your PIN. Don't lose it!
- Freezing and unfreezing your credit may be easier than cleaning up after having an identity stolen.
- Instituting a fraud alert is another option, but in my opinion, the credit freeze is adequate.
I suspect each of the credit reporting firms is doing a top-down security risk assessment, so hopefully a recurrence is unlikely.
More info is available at Federal Trade Commission's Equifax Data Breach page.