From Our CEO:
First off, thank-you for your business.
We appreciate the fact that you are a NetAccess customer and our team here at NAS is grateful to continue to be able to work with you into 2020. If you are not a customer, we have a lot of great reasons to work with us. We would love to hear from you.
We have learned a lot over the years, it makes us proud to be able to pass along some of that knowledge to those who choose to work with us more closely in IT management. We are looking forward to the challenges and opportunities 2020 holds for us. As we go into the New Year, I wanted to pass along some security considerations; 3 things to ensure you are doing with your organization.
2019 was no different from previous years; there has been a steady increase of ransomware, network and security breaches. However, they are getting more complex and are becoming more personal, and skillful at manipulating people to give up sensitive information. Business interruption and loosing client data are key concerns among many people we discuss IT issues with.
you in a targeted attack.
Going into 2020 I recommend and suggest that it is fiscally responsible and prudent of your organization to ensure that you are considering these 3 important strategies (if you are not already):
- Ensuring the stability and security of your physical and virtual networks
- Increasing the awareness of your teams
- Being able to restore properly when things go wrong
We recently had a client that was waiting on a Canada Post delivery, they received a phishing email that indicated that their package was delayed. This email had a link to the Canada post tracking site that was actually a compromised web server. This caused illicit software to get installed. After the user clicked on the link it encrypted 27,000 files in minutes. This could have been disastrous however this client only had about 4 hours of downtime for the NAS team to respond, remove the afflicted machine and restore the previous night’s backup. They had good security in place, but it was unknowingly derailed by someone being misled. I suppose it’s bad timing being Christmas but that one click is all it takes.
That’s why security strategies and awareness are necessary.
3 Pronged Strategies
To address these 3 strategies, NetAccess has the following in place to help aid our clients:
1. Network Assessments: We have for a number of years now been handling IT services for many clients. We either work with an existing IT team or in some cases are the IT team. Our engagement normally starts with a network assessment which reviews networks, servers, current patch levels and what kind of backups are in place. This network assessment can be utilized to just check up on how well things are integrated, how the existing IT strategy stacks up to best practices or be a road map to reach a more stable environment. It does much more than just recommend security, it is more about identifying needs for a good business continuity plan to proactively reduce IT related downtime.
2. Security Awareness Training: One missing link in the past has been the education and verification of our human assets, our colleagues at work. Starting in 2019 we have begun educating our clients through a number of technical talks, security seminars and most recently we found a great organization that increases the awareness of these threats in an easy to manage ongoing platform. We call this the Security Awareness Training (SAT) program. This learning system proactively and routinely tests everyone by sending ‘fake’ phishing emails and other security tests and helps build a custom learning plan for each employee. By routinely testing and measuring employee knowledge, the system has been proven to reduce the risk of ransomware exposure & business downtime from 30% on average to 2% after a year of training.
Most IT teams are very concerned with security but many organizations that I encounter do not have a good proactive training program that is simple, easy to use and cost effective (about the cost of Anti-Virus). Definitely a wise investment to implement.
We have run a number of tests for a few organizations and have been surprised by what catches people off guard.
3. Backup and Recovery: Lastly, things go wrong. As in the example above with the Canada post email, don’t get caught unable to recover. Paying someone even just one bitcoin costs over $7000 USD now. I don’t want to admit how many businesses I know that have been hit but were unable to recover. Just check the news about the latest Insurance Company that got hit this week. Backup and Recovery isn’t an option, it’s a necessity but many organizations think that just having one backup is good enough. Backups need to be tested regularly to ensure that when you need it, your data is available.
The last thing you need when you are hit by Ransomware is to find out that your backup was also encrypted which is a possibility with many name brand backup solutions.
NetAccess has partnered with a leading backup manufacturer that has a proprietary storage system that is not on the network and not visible or in reach of current ransomware software. This in fact was one of the primary drivers, and in fact has been proven successful to be used for successful recovery. Backup and recovery just are too important to ignore.
Thank-you
Again, I wanted to thank-you for your continued business in 2020, and wanted to provide you with a little bit of insight into what we are focusing on at NetAccess. We have accomplished much in 2019 not related to IT management and security, such as building upon our wired and wireless fully redundant network and tier 3 data-centers. I know however that many business executives and owners have IT security, ransomware on their minds. I often get called into many discussions related to security, hacking and ransomware threats. Generally speaking, management teams are just are worried that someone will click that link, or worse be impersonated, and I wanted to let you know that there are proven solutions and ways to mitigate these risks.
Please reach out to us if you would like some help.
Merry Christmas and Happy New Year,
Looking forward to a great productive 2020.
Dan Nedoborski
CEO, NetAccess Systems Inc.