Issue November 2016

Insider The IT

IT Jargon P. 1

Virtual Networks P. 2

Delta’s IT Outage P. 3

Ransomware P. 4

While it's impossible to plan for every potential computer disaster or emergency, there are a few easy and inexpen-sive measures you can put into place that will help you avoid the vast majority of computer disasters you could experience.

#1: Make Sure You Are Back-ing Up Your System

It just amazes me how many businesses never back up their computer network. Once it’s gone, it’s gone permanent-ly!

#2: Perform A Complete Data Restore To Make Sure Your Backups Are Working Proper-ly

Many business owners set up some type of backup system, but then never check to make sure it’s working properly. The WORST time to “test” your backup is after a disaster has happened and you desperate-ly need it!

#3: Keep An Offsite Copy Of Your Backups

What happens if a fire or flood

destroys your server AND the

backup tapes or drive? What

happens if your office gets

robbed and they take EVERY-

THING? Having an off-site

backup is simply a smart way

to make sure you have multi-

ple, redundant copies of your

data!

For customized backup solu-

tion, call us at (732)716-4109

or go to:

http://www.ocitcs.com/

services/data-backup-

Everyone hates jargon. It’s ostracizing and off-putting, but somehow we just keep creating more and more of it. For those who have adopted an “if you can’t beat ‘em, join ‘em” philosophy, we have just the list for you. Let’s take a look at some of the most relevant cyberse-curity terms making the rounds today. Malware For a long time, the phrase ‘computer virus’ was mis-appropriated as a term to define every type of attack that intended to harm or hurt your computers and net-works. A virus is actually a specific type of attack, or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroy-ing or unfairly accessing networks and data should be referred to as a type of malware. Ransomware Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Cur-rently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.

Intrusion Protection System

There are several ways to safeguard your network

from malware, but intrusion protection systems (IPSs)

are quickly becoming one of the non-negotiables. IPSs

sit inside of your company’s firewall and look for suspi-

cious and malicious activity that can be halted before it

can deploy an exploit or take advantage of a known

vulnerability.

Social Engineering Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite diffi-cult to pin down, experts agree that the majority of at-tacks require some form of what is called ‘social engi-neering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account. Phishing Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value -- always verify the source of any service requesting your sensitive data.

Anti-virus Anti-virus software is often misunderstood as a way to comprehensively secure your computers and work-stations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known mal-ware variants. (continued on page 2)

Main Phone: 732-716-4109

Fax: 732-716-4169

Email: info@ocitcs.com

Website: www.ocitcs.com

Data P. 3

Protect Your Data P. 1

IT Jargon (continued) P. 2

Get More Free Tips, Tools and Services At Our Web Site: www.OCITCS.com

732-716-4109

Virtualization giant VMware has taken notice and developed a prototype to com-bine these two services. In the hopes of unleashing ‘microsegmentation’ from the limits of physical hardware, Project Goldi-locks will essentially create a virtual fire-wall for every virtualized application. When one of these applications is creat-ed or installed, it will come with a ‘birth certificate’ outlining every acceptable function it can perform. When making requests to the operating system, net-work, or hardware the application is in-stalled on, Goldilocks will cross-reference the request with the birth certificate and deny anything that hasn’t been given per-mission.

Segmenting virtual networks and apply-ing them to individual applications rather than entire networks or operating sys-tems could revolutionize the market for endpoint security. Not only would it be easier to block malware infections, but those that made it through could be quar-antined and terminated immediately be-cause of the virtual nature of their loca-tion.

While virtualization may be a complicated

state-of-the-art technology, all it really

takes is a helping hand. With our full

team of specialists, we’re ready to pull

you into the next stage of your virtualized

infrastructure. All you need to do is reach

out us -- why not do it today?

For a customized Virtualization solution, go to:

http://www.ocitcs.com/services/virtualization/

For the average business owner, a virtu-alized network may not seem ground-breaking. And until recently, even the team at VMware didn’t realize just what they could do with it. Now that they’ve publicly announced what they’re calling “Project Goldilocks,” we finally see how relevant it is. Every small- or medium-sized business is concerned with end-point security, and that’s why you abso-lutely must read on to learn about this new form of virtualization.

A virtual network is a way to connect two or more devices that aren’t physically linked by wires or cables. From the per-spective of machines on a virtual net-work, they’re essentially sitting in the same room -- even if they’re on opposite sides of the globe. The advantages of this setup range from ease of manage-ment to reduced hardware costs. AT&T and Verizon have begun offering these services, and small- and medium-sized businesses have slowly begun to adopt them.

Meanwhile, another sector of the IT world has been making its own advanc-es. Cutting-edge hardware firewalls are beginning to offer internal segmentation as a method of separating pieces of your internal network to keep them safe from threats that spread internally. The more segments you have, the safer your net-work is from poorly protected neighbors. But there are limits to how much capaci-ty one of these hardware firewalls has for segmentation.

Zero-day attacks Malware is most dangerous when it has been released but not yet dis-covered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attack-ers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is ad-dressed, it is called a zero-day at-tack. Patch When software developers discover a security vulnerability in their pro-gramming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keep-ing your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.

Redundant data When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s work-space ensures that if there is a mal-ware infection, you’re equipped with backups.

We aren’t just creating a glossary of

cyber security terms; every day,

we’re writing a new chapter to the

history of this ever-evolving industry.

And no matter what you might think,

we are available to impart that

knowledge on anyone who comes

knocking. Get in touch with us today

and find out for yourself.

For more info on Network Securi-

ty, go to:

http://www.ocitcs.com/services/

network-security/

For more info on Email/Spam

Protection go to:

http://www.ocitcs.com/services/email-

spam-protection/

Always test your backups

So although Delta had a plan to bring its business back to normalcy, the DR plan left a lot to be de-sired in practice. This begs the question as to whether the airline company is actually testing, reviewing, and reinforcing its vulnerabilities to dif-ferent disasters.

The point is that even though your company may have a failover protocol in place, that protocol adds no value to your business unless it has been rigor-ously tried and tested. In order to avoid the same fate as Delta, make sure to find out whether your disaster recovery plan is capable of running mis-sion-critical applications like email and customer service applications before -- not after -- downtime occurs.

Account for different types of vulnerability

In an interview with the Associated Press, Delta

CEO Ed Bastian said, “We did not believe, by any

means, that we had this type of vulnerability.” In-

deed, it’s often hard to foresee what threats and

vulnerabilities a natural disaster, power outage, or

hacker can produce. But it’s not impossible.

By conducting a comprehensive audit of your data center security and disaster protocols, your busi-ness will be more aware and adept at minimizing the risk of potential disasters. This also means evaluating and preparing for disasters that are likely to happen to your business depending on its geographic location. Southern US, for instance, is prone to hurricanes and flooding.

Call for help

These lessons and strategies are all crucially im-portant, but pulling off a DR and business continui-ty solution on your own may be difficult. For this reason, it’s critical to have a planned partnership with a managed services provider that can assess, plan, test and install the continuity solutions your business needs in order to minimize the impact and avoid encountering a Delta IT outage of your own.

To find out more about business continuity

and guaranteeing complete IT redundancy,

contact us at (732) 716-4109 or email us at:

info@ocitcs.com today.

Companies can pay a hefty sum if they ever experi-ence any downtime. In fact, Delta Air Lines had a bad bout of severe downtime just last month. In just three days, the airline company cancelled 2300 scheduled flights and suffered $150 million in in-come loss. That doesn’t even account for the con-siderable reputational damage from delayed ser-vice. So how do you avoid sharing the same, ex-pensive fate? Here are some valuable business continuity lessons we can all learn from Delta’s IT outage.

Strive for 100% redundancy According to Delta’s chief information officer, a power failure caused the company’s data center to crash, grounding thousands of would-be passen-gers. Although power was restored six hours after the incident, critical systems and network equip-ment failed to switch to a secondary site, corrupting valuable data in the process. And while some sys-tems failed over, other vital applications didn’t; this created bottlenecks, decreased revenue, and di-minished customers’ confidence. Delta’s case is a massive wakeup call not just for the airline industry but for every business -- large and small. Companies must implement disaster recovery plans for their data centers, on-site tech-nology, and Cloud applications to continue servic-ing customers while fixing the main issue with their primary systems. Companies also need to get rid of the false notion that redundancy plans to assure service continuity is restricted to larger corpora-tions. DR and business continuity solutions are extremely affordable today, and a partnership with a provider can help you in more ways than one (more on this later).

If an IT consultant told you that backing up data is one of the most important things for your technical team to do well, you’d prob-ably nod in agreement. But what if they suggested that your dirty data requires cleaning prior to utilization? One simple adjective like “dirty” may give you pause, and there’s a handful of other terms about “data” that you may not recognize either. Data is the lifeblood of the information age. It gets observed, collected, organized, and analyzed, and it allows businesses to compete for profit and prosperity. And it takes many forms, each one unique and often vividly-named by the addition of a simple descriptive word. As such, we thought a short glossary was in order to help keep you current on a handful of new data buzzwords and how they might impact your business. Small Data If “big data” is about powerful machines, huge databases, and sophisticated analyt-ics, its little brother “small data” is about people. Small data takes a scaled-down approach to data mining that relies on things like social media to acquire im-portant information. Archiving it is also simpler since a complex central data ware-house isn’t necessary. Slow Data The notion of “slow data” may seem a bit counterintuitive since processing ones and zeroes means things are happening fast. Some information, however, is actually acquired more slowly. Take, for example, the polar ice caps, where things literally move at a glacial pace. Since this kind of data doesn’t require frequent analysis it is suitable for back-up in its native format in a secure data lake. Fast Data We’re guessing you knew this buzzword was coming next, and it’s probably exactly what you thought it would be. “Fast data” refers to data events that happen fast - as in thousands of times per second - such as financial tickers or electrical sensors. Being able to act on it without delay is critical, so storing it immediately in a sta-ble, easy to access location is a must. Dark Data Put simply, “dark data” is nothing more than day-to-day operational data that’s not getting used. It often refers to unanalyzed information in the form of customer call records, competitors’ price fluctuations, or website visitor trends. It can also include data that’s no longer accessible, such as when a storage device becomes obsolete. Your business can bring some of this redundant, out-of-date, or hidden data into the light with software designed to tidy things up. Dirty Data And speaking of tidying, here we finally have “dirty data.” While not quite as pro-vocative as, say, dirty dancing or a dirty martini, it does have a tendency to arouse anxiety. But it’s actually not harmful to your data warehouse; it merely refers to a data set prior to its being “cleaned,” such as a leads list that contains duplicates, spelling mistakes, or formatting errors. The key is ensuring it gets spruced up before moving it into production.

If this index of buzzwords has left you

wondering about the ways that different

types of information affect your specific

business, we’ve got answers. Setting up

and managing your databases, super-

secure backup strategies, and a thorough

understanding of information technology

are what we provide, so call or message

us today.

What’s all the buzz about data?

What can we learn from Delta’s IT outage?

Are You A "Sitting Duck"?

Get Your Free Report That Outlines

The 7 Most Critical IT Security

Protections Every Business Must

Have In Place Now To Protect Them-

selves From Cybercrime, Data

Breaches And Hacker Attacks

Two new tools for defeating ransomware

The IT Insider Issue 11 November 2016

Main Phone: 732-716-4109

Fax: 732-716-4169

Email: info@ocitcs.com

A simple Google search of “ransomware” returns just over 9 million results. So, too, does a search for “Three Mile Is-land,” the location of the late-70’s Pennsylvania nuclear meltdown. And while we don’t mean to equate the near ca-tastrophe of the latter to having your company’s data hi-jacked by computer hackers, ransomware can in many cas-es end in disaster for your business.

The way in which these nefarious operators commandeer your information and deny you access usually involves some fairly sophisticated stuff. The ransomware they install on your system is essentially a virus that “locks up” your data, and it can’t be unlocked unless you pay them for the keys.

Some of these data-encrypting viruses are strong, such as the CryptXXX strain. It has been infecting businesses for the past few months, and its latest mutation can’t be quelled by decryption programs found for free on the internet.

Two relatively new types of ransomware aren’t quite as viru-

lent as CryptXXX, but we’d like to bring you up-to-date on

them nonetheless. Here’s a look at what they’re called,

what they do, and how you can defeat them should your

PowerWare

The first of these recent ransomware varieties is called PowerWare, which also goes by the name PoshCoder. It imitates a more complex ransomware program called Locky, although with less effectiveness.

This spring, PowerWare was discovered attacking healthcare organizations through Windows PowerShell, a scripting application used for systems administration. Fortu-nately, programmers at hi-tech security firm Palo Alto Re-searchers were able to quickly create a decryption tool named “powerware_decrypt.py” that unlocks ransomed da-ta with relative ease.

Implementing the fix, however, does call for a bit of tech-nical know-how, so if your IT department is experienced in this area it shouldn’t be a problem. The code that can cure you from PowerWare is published online and is free.

BART

The second new ransomware breed that we should address is called BART. Instead of employing intricate information-encrypting algorithms to take command of your data, BART will stash away your files inside password-protected ZIP folders… and you have to pay for the password.

These infections aren’t hard to identify as the imprisoned files will appear with “.bart.zip” added to their original name (for example, “spreadsheet.xlsx.bart.zip”). Thankfully, not only are they easy to detect, but for antivirus firm AVG, they are easy to decode.

Applying the remedy that AVG has produced requires an unaffected copy of one of the files that’s been locked up. And if you can’t locate one somewhere on your network, a good IT services firm will be able to. The BART decryption tool is also available online at no cost.

The fact is, there are some shady, technologically savvy

characters out there who are willing to do us harm. Keeping

them at bay takes vigilance. So if your business doesn’t

have the resources to stay safe and secure from threats like

ransomware - or, in the event that you’ve been hit, you’re

not sure how to recover your data without paying the ran-

som - call us today to talk things over. (732) 716-4109