Has Your Company Data Been Compromised?

You might believe that your information assets are secure and your company’s security systems are keeping things safe, but how do you really know? While large scale financial services companies and other major corporations have the resources, highly trained technical staffs, and custom tools to monitor for and identify leaked data, most businesses do not. Companies with the resources are constantly scouring the internet, deep web and dark web for any indications that sensitive information has been exposed.

Now you might think, who wants my information or why would anyone target my company? It depends on an attacker’s motivation, or maybe its just a blind scan looking for vulnerable hosts by a potential hacker. If you become compromised perhaps access to your environment might be sold and your infrastructure used to email malware or house stolen data. Maybe your email credentials are compromised and someone is illicitly reading confidential communications. Whatever the outcome, certainly at a minimum, your business reputation is at risk.

Many companies that are compromised typically find out long after the initial occurrence, with time spans perhaps extending months into years. Typically breaches are not found by the company itself. Many times law enforcement or other 3rd party sources may advise a compromised organization of the unfortunate situation. 

There are organizations that take extensive proactive approaches to managing information security through the use of firewalls, intrusion detection systems and monitoring software, while also investing in various technical assessments, the approach does not take into account how to detect information that may have quietly been leaked to the internet in an isolated event or ongoing.

While building robust defensive measures have improved security for many corporations and helped protect many companies from network attacks it does not account for other sources of compromise such as theft of login credentials or compromise of a 3rd party service provider’s network connected to the company’s environment. In such instances data flows may likely be flagged as normal traffic and not detected by security management systems. In these instances companies may leak sensitive information over an extended period of time.

You may still believe that data breaches don’t apply to your company, but they do.  Unfortunately many employees may use the same email address, (name@yourcompany.com), and password for sites they access in their personal lives. A compromise of a third party site used for cooking recipes may lead to a credential compromise at your company, followed by a potential loss of sensitive company data. Maybe third party service providers that work with your company’s sensitive data may expose this information through a compromise of their own infrastructure, leading to your sensitive company information being for sale on the Internet. The point is if your information has been leaked to hacker websites, regardless of the manner in which this occurred, you really should care to know.

There are an emerging set of tools that gather information in realtime, not by directly scanning a company’s infrastructure but from querying public records and other illicit sources. These relatively new commercial offerings scan internet records, the deep web, and dark web to identify what is known that may be exploited or company data that may be for sale. This may include login credentials, proprietary data, compromised servers, client sensitive information, vulnerable hosts, or other assets. Employed ongoing, such tools can provide proactive alerting to enable a company to understand potential issues and develop realtime response strategies to protect the company and its reputation.

Network Management Solutions has been helping business navigate technology challenges since 1996. If you are concerned about what company data might be readily available on the dark web, please contact us for a free, confidential discussion. We can be reached at 908-232-0100 or on the web at www.nmscorp.com

Ransomeware Attacks Hit Home

Coronavirus (COVID-19) has proven to be challenging. For most of the US, this epidemic has been ongoing for near 9 months with a new wave overtaking the country once again. Businesses have shuttered, jobs have been lost, and financial insecurity has become an obstacle for many to deal with.  

As one of the ongoing complexities, COVID-19 has shuttered in-school learning for many US students. Several US school districts including Baltimore County, MD announced that online learning had been impacted for 115,000 students due to an apparent Ransomware attack. As parents struggle to maintain a somewhat normal learning experience for their children studying from home, lacking information security practices within the information infrastructures are paramount in these disruptions. 

So what is ransomeware and how does this impact a compromised organization? Ransomeware is malicious software designed to deny access to an organizations information assets, files and or services. The perpetrator having compromised the target organization demands a ransom payment prior to restoring access to the locked data. In the case of Baltimore County, it has been reported that access to online learning tools and grading systems have been disrupted. 

Cyber insurance policies are available to facilitate ransom payments should such an attack occur within an insured’s environment. Many organizations choose to pay the ransom through insurance or directly if not insured. The cost of ransom payments have risen with many payments now being 6 figures or larger. Other organizations that choose not to pay a ransom spend millions trying to restore systems.  Atlanta Georgia in the spring of 2018 chose not to pay a ransom of $52,000 and instead paid a reported $2.6M to recover. 

While an insurance policy payment may reduce the recovery cost of an outage it does not account for the lost time of a disruption and only encourages further ransomware attacks. Ransomware attacks accounted for 41% of policyholder claims, insurer Coalition stated in its 2020 “Cyber Insurance Claims Report,” released in September of 2020. In some instances insurance companies have denied claims with excessive damage as in the case of NotPetya.

According to a Dark Reading article Maryland State auditors found a variety of vulnerabilities that could have lead to the incident in Baltimore County. While there is not clarity yet in the Baltimore County incident, it should be noted that ransomeware attacks have been ongoing for many years and most propagate due to unpatched systems. Typically, exploited systems are Windows based. Impacted systems in the case of Baltimore County have been reported to be Windows based.

At what point do we demand that organizations who maintain our personal information and upon which we rely on make certain that vulnerabilities are minimized? Individuals that are placed in technical roles must be held accountable in some manner as well as their management teams should they choose not to appropriately address ongoing maintenance of the systems and applications for which they are responsible. 

The most formidable defense against most cyber attacks beyond a properly designed infrastructure, is to establish reliable ongoing patch management and update processes for the entire infrastructure. While some may have you believe that this is a complex endeavor and perhaps it is in a very large scale environment, once established the organization’s ability to withstand cyber attacks is significantly improved. Choosing not to establish the proper protocols either through in-house staff or consulting resources is a dire mistake.

Network Management Solutions has been assisting organizations to properly design, implement, monitor and manage information technology infrastructure since 1996. We are available to assist your company in navigating the technical complexities associated with your business infrastructure. Call us today at 908-232-0100 for a free, confidential discussion on how we can assist your business and support your ongoing information security and technology goals.

The importance of online privacy

Online privacy is a topic that is often misunderstood. Many people believe that since they are not involved in doing anything wrong that there is nothing to hide and therefore online privacy is not an important issue. However, online privacy is more about service providers profiling you, including your likes, dislikes, habits, beliefs and beyond, so that you can be the target of advertising, misinformation, and beyond. Ultimately, service providers you have trusted use your information to generate revenue. Who knows where it all goes from here and perhaps one day that profile intersects with insurance companies, healthcare providers, employers, and government if it hasn’t already.

Everywhere you travel, every move you make, the nuance of your writing, emails, phone conversations, essentially everything you do, is being logged and analyzed through artificial intelligence with the aim of monetizing the information. We are all subjected to a conglomerate of big tech company experiments. While corporate attorneys may have written language in their terms of use agreements for the applications or services we use, explaining how your information may be used, most of us never bother to read or consider the impacts of misuse.

We are barraged by privacy statements with many sites now asking you to accept their use of cookies and privacy policies.  Here is one of note:

“YouTube Privacy Warning”

“YouTube (owned by Google) does not let you watch videos anonymously. As such, watching videos here will be tracked by YouTube/Google.”

Have you ever turned off location services for Apple Maps 0n your iPhone only to have it tell you later that your car is parked 150 feet away? Did you know that Alexa has features that allow it to listen and record private conversations and forward them on to contacts? Do you know when Alexa is listening or any other “smart” devices? Have you ever had Siri speak to you when you weren’t talking to her? The point is we don’t know how a lot of the technology works and what happens with the associated data. Have we invited devices into our homes and businesses naively thinking they’d help without considering adverse consequences? How often do you see advertisements for products that you were viewing online elsewhere being presented to you as an advertisement on social media or another website?

Big tech is doing its best to monetize your private information by either directly targeting you with adds, or through the sale of your private information to other data mining companies. Google now buys credit card data so they can better understand your purchasing habits to better target adds and know when you bought an item after an advertisement was presented. Online marketing campaign metrics have become very precise.

So still, why care about privacy? The Cambridge Analytica scandal speaks for itself where a vast amount of personal information was provided by Facebook and shared with Cambridge Analytica who exploited the information for political purposes during 2016, targeting profiled potential voters with disinformation in attempt to get them to vote a particular way. This was business as usual for Cambridge Analytica who had been helping politicos win elections throughout the world with its tactics. Weaponizing personal information is clearly crossing the line.

The free services model being provided by companies like Google and Facebook are at the heart of the problem where services like email and social platforms are provided in exchange for users personal information being collected, analyzed and eventually monetized. Unfortunately our representatives are underwhelming in there knowledge of and response to the problem. This was demonstrated during a 2018 US Senate hearing where senators asked questions of Facebook’s CEO such as how do you make money. Between lobbyist and uninformed representatives we have little hope in solving the core issues in the near term.

So how can you begin to protect yourself? 

  • For starters take care in how you utilize online platforms such as Facebook and other social media applications. The questionnaires that your network routinely share that seem harmless are utilized to directly profile you and may be later used against you in the form of advertising and disinformation campaigns.
  • Use Internet Security Software that blocks website tracking by web analytics, ad agencies, behavior trackers and social networks.
  • Consider utilizing VPN services that can enable you to browse anonymously and encrypt your data end to end, so that your activity is not tracked by your Internet Service Provider nor intercepted by prying eyes.
  • Utilize web browsers, email platforms, search engines and internet security software, or services who have stated missions to support your privacy.
  • Some names that come to mind are Mozilla, Proton, DuckDuckGo, among others.

Network Management Solutions has been helping business navigate technology challenges since 1996. Please contact us for a free, confidential assessment. We can be reached at 908-232-0100 or on the web at www.nmscorp.com

Business Continuity Planning – Lessons Learned

The COVID-19 pandemic has created strife across the globe. Many families have suffered from illness, the loss of a loved one, loss of employment, and in some cases maybe a loss of hope in a way forward back to normal. While many businesses have been shuttered others deemed critical or those that operate virtually may be thriving. Assuming your business is operating, have you been able to operate effectively and efficiently? 

Some businesses are benefitting from their consumers being shut in, leading to increased online video and music consumption, people using at home time to learn a new skill, hobbyist expanding their knowledge base. All that aside, in order to operate virtually a business must have at a minimum an appropriate technology infrastructure and a business continuity plan that considers workflows.

Maybe you moved your business operations to the cloud so that all you applications are hosted in some remote data center and not your office space. Maybe you had a plan in place. Providence Regional Medical Center in Everett, WA treated patient number one in the US. They had a pandemic plan, had recently tested it, felt confident but when the pandemic hit they realized they didn’t have enough critical supplies and were scrambling for personal protective equipment, PPE. Additionally, defective test kits provided by the CDC were also a major problem. This story played out throughout Washington State, the country and world.

Some business may have segments or divisions that were able to operate just fine while other segments were shutdown. Content providers such as Netflix or Disney have had no problem providing streaming services and supporting end users watching TV shows, movies and documentaries. However, their content creation businesses that produce new movies and shows have been shuttered. Even with the best planning and infrastructure in place, market dynamics have had a huge impact on business operations.

Assuming you have been able to provide your service virtually or were deemed critical and allowed to remain open, having employees isolated at home has had its problems. I personally needed equipment and what normally would take no more than 2 days took over 2 weeks to connect, get advice and place an order. The company was operating virtually and demand was at all time highs and their technology infrastructure did not support their business process remotely as it did when employees worked onsite.

So what have we learned? For me the biggest difficulty was to have imagined the scenario we all faced. This event was beyond many organization’s planning. Perhaps many of the behemoths got it right, or scrambled to make things work. The largest obstacle perhaps was getting the business processes right when forced to operate remotely with employees in isolation. Difficulties collaborating with colleagues, maintaining business workflows, and operating efficiently are among the largest hurdles that virtually operating businesses have had to deal with. This pandemic will certainly impact business continuity planning for many years to come.

So what can we do to be better prepared for other unanticipated disruptions? A framework is important to getting things right for all business continuity planning. Below is a simplified 5 step approach.

  1. Develop a plan – Assemble a team, identify outage scenarios and goals. List what services must function as soon as possible, and what other functions can wait.
  2. Establish business operations workflows – Define how various departments and staff function both independently and cross functionally. Identify how the business operates with staff in isolation or at remote locations. Identify logistical moves of personnel that could be made today which would support business recovery plans in the future. Some firms such as Facebook are already defining work from home positions. Establishing work from home positions could potentially boost employee productivity and reduce company costs.
  3. Define the technology – Identify the services and infrastructure necessary to support the plan, as well as what other technologies could improve efficiencies or resilience. Identify potential logistical technology moves that might better protect the company, i.e. cloud computing and services.
  4. Brainstorm potential pitfalls – Ask what are we missing, identify the what ifs….
  5. Test the plan – Testing can help identify gaps in planning. After testing assess what worked well, and where expectations fell short. Identify the necessary changes and retest.

Network Management Solutions has been assisting companies since 1996 to design, implement, monitor and mange IT infrastructure. We have helped companies recover from failed projects, security breaches and outages. Contact NMS for a free, confidential, consultation to understand how we may contribute to your business ongoing businesses success.

Managed Service Providers – Strategic Investment or Cost Reduction?

Many businesses will tell you that they initially decided to engage a Managed Service Provider (MSP) to reduce their information technology costs or avert adding additional employee resources. Fast forward to 6 months later and those same businesses may speak of the strategic value they have gained from the financially motivated move. While it is true that the right MSP can help control costs and expand resources, the right MSP can also bring considerable strategic value that was perhaps not part of the initial business decision.

Persistent ongoing security threats and continuous operational tasks place a significant burden on internal IT resources responsible for managing the company’s systems and networks. While properly trained full time resources often provide excellent support, in many small to mid-sized companies these resources are stretched beyond limits leading to missed tasks that can negatively affect service and security levels. Over time a once efficient and secure infrastructure can become exposed to slowdowns, outages, data losses or worse yet, compromise. MSP resources can be a welcome addition to help assess, patch, configure and restore the infrastructure to its former state. 

Managed Service Providers can add to an organization’s technical depth and know how specific to tools, approaches, and methods to maintain and improve service levels and security. MSPs interface with its customers through Standard Operating Procedures tailored to client requirements. These procedures help define service delivery, improve efficiency, and communications between the organizations. Additionally, custom tool sets used by MSPs can be leveraged to identify potential weaknesses before problems impact business operations or security. 

Simple vulnerability assessments can identify unpatched systems that are vulnerable to exploitation. As has been the case for many years, attacks continue to propogate through improperly patched systems. Unfortunately, many unchecked systems and networks have vulnerabilities that persist, raising the probability of an inevitable compromise. Simple ongoing systems maintenance has a significant impact on improving an organizations overall security profile and operating availability. However, many companies do not maintain proper patch management across their networks, systems and applications. Whether your business operates its own infrastructure or uses cloud services, ongoing systems management and maintenance is still a requirement.

A MSP brings value not only in the services which it provides but also in the knowledge of what is available and should be done in order to protect an organization. Ask any of the municipalities, government offices, or others that have spent millions recovering from recent attacks which were propagated through unpatched systems, certainly they would do things differently to avoid the events if they could go back in time. To believe there is little chance for your organization to fall prey is a mistake.

So what are some improvements a Managed Service Provider can provide its customers?

  • Improved service levels
  • Expanded knowledge and resources
  • Monitoring and assessment tools
  • Improved security posture
  • Improved processes and efficiency
  • Increased awareness 
  • Proactive planning
  • Personel redundancy
  • Reduced operating costs

While not an all encompassing list the above can provide significant improvement to any organization and its business infrastructure.

Network Management Solutions has been providing custom information technologysolutions since 1996 for large, mid-sized and small businesses.  We provide a variety of design, assessment and managed services customized to meet your business needs. Please call us at 908-232-0100 for a complimentary, confidential discussion of how Network Management Solutions can help your organization better manage its technology challenges.

Is your business at risk from a trusted employee?

All businesses depend on their employees regardless of their size. Trust is foundational in ensuring the business operates as required, customer needs are met, and intellectual property or regulated data is protected. While many companies are focused on protecting the business from external exploitation the thought of exploitation from insiders is many times missed.

Both Twitter and Trend Micro reported in November to have fallen prey to malicious insiders with legitimate access to sensitive company information. In both cases it appears that the companies did not discover the misuses by their own measures but became aware through 3rd party sources, long after the unwanted activity was initiated. Alarmingly, Trend Micro is a cyber security company which goes to show that even the best can get taken advantage of. Insider incidents are not new and are thought to account for one-fifth of all data breaches.

In the  case of Trend Micro the company indicated that 68,000 customer data records were provided to a 3rd party source who used the information in attempt to scam Trend Micro customers. In the Twitter leak, information was being provided to the Saudi government and Royal family pertaining to individuals who were hostile to the current regime. In both cases motivated employees provided the privileged information.

So what impact could a data breach have on your business? According to IBM the cost of a data breach in a small to medium business (SMB) with fewer than 500 employees averages $2.5M or 5% of annual revenue to remediate the issue. Regulated data such as in the case of Healthcare, averages $429/record, so the overall cost could be significantly higher to remediate the issue. Beyond cleanup costs a data breach can be devastating to a company’s reputation and the resultant loss of business can overcome many companies.

There is tremendous focus on the right tool set being the answer in solving complex information security issues. While investments in software, hardware, personnel, and training are all pieces in a complex puzzle, detailed processes and procedures are as critical as all of the other investments and without such, all investments are rendered ineffective. To many technical staffs the tools are exciting, but the process and procedures that insure the tools are generating manageable alerts for support staff may be viewed as ominous and are never fully implemented.

Without a proper implementation, many times events are generated and logged to some database server and alerts to supporting staff are never generated, or there are so many alerts that a support staff becomes overwhelmed and the response is to silence or ignore the alerts. When a third party source such as law enforcement contacts the compromised company and an incident response team is hired to investigate the breach, logs of malicious activity is often found tucked away on some database server that was never configured to alert support staff. Many times the malicious events have been ongoing for months to years.

Ask yourself or your employees:

How does the company monitor security alerts?

Is privileged user access to sensitive data audited on an ongoing basis?

Does the company use an internal audit function that is outside of the information technology group or use 3rd party resources to review security?

Are processes and procedures reviewed on an ongoing basis by an independent audit function?

Are the processes and procedures updated on an ongoing basis as the business and technology changes?

Does the organization perform regular incident response testing for data loss, systems outages, component failures, or other potential business disrupting compromises?

In the case of Twitter and Trend Micro a simple ongoing audit of privileged user access may have identified the malicious activity at its commencement saving time, reducing reputational risk, and significantly improving the company’s security profile.

Network Management Solutions has been helping organization since 1996 to establish sound information technology networks, systems, processes and procedures. Please call us at 908-232-0100 for a confidential consultation on how we can assist your business in managing the security of its information assets in a continuously changing world.

Ransomeware – Should You Be Concerned?

There has been a lot of news lately regarding ransomware. What is ransomeware and should you be concerned? Ransomware as defined by CERT is a “type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid”. Theft of proprietary information, credit card data, or personal information is not a motivating factor, taking control of vulnerable systems and denying access to the information is. It’s essentially a kidnapping of your IT environment. Ransomware can spread through direct targeting of a system, phishing emails or by unknowingly visiting an infected website.

Ransomware attacks started out primarily with individuals and it origins date back to the late 1980’s. Perhaps you know someone who paid a “fee” of $25 or $50 to have their computer “cleaned” of malware detected by some random third party organization. While it seemed to be somewhat suspicious that an unknown organization would detect your computer problem, for many it was just easier to pay the “fee” and move on. 

Ransomeware exploits today are aggressive, intrusive and demanding with Bitcoin or other cryptocurrencies being the payment of choice. While crypto platforms are not technically anonymous, they do provide opportunity to act anonymously. Crypto platforms make currency exchanges between wallets. The person(s) associated with the wallet are not identifiable in the transaction. In some places crypto exchanges are required to collect personal information but this is not the case in many places.

Ransomware attacks target individuals, corporations, governments, schools and even police departments. The ballooning monetary demands of ransomware extortionists are claimed by some as being fueled by cyber-insurance companies who prefer to pay claims to help drive new business. For an insured, having a ransom paid by an insurer is the quickest way to end a crisis and get back in business.

Lake City, Florida  at the end of June this year paid 42bitcoin worth about $460,000. The loss was covered by cyber-insurance with Lake City paying a $10,000 deductible. According to ProPublica, Baltimore, Maryland did not have cyber insurance and chose not to pay a $76,000 ransom payment and has spent $5.3M to date recovering locked files. Atlanta similarly balked at a $53,000 payment and has spent $8.5M to date on recovery. Another unnamed company chose to pay a $10,000 ransom payment when they realized that recovering their data from backup tapes would take weeks. Most recently, 22 municipalities in Texas were attacked simultaneously with extortionists demanding millions of dollars in ransom payments. 

Blaming insurance companies for helping escalate extortionist’s demands by paying claims is ignoring the elephant in the room. As business owners, managers and technologists, what is important is to focus on is how these exploits occur so we can prevent infection and its potentially devastating impacts. While having insurance as a financial tool is great, preventing the event is paramount to keeping the business operating.

Cyber exploitation occurs due to mismanaged or improperly patched systems, lacking processes and procedures, compounded by insufficient employee training. Unpatched computer systems are vulnerable to exploitation either through direct attack or by individuals browsing infected sites or clicking on malicious links. Once compromised, an inability to detect the breach allows the attack to propagate over time resulting in an ultimate loss of control over the organization’s systems and information. Without a proven disaster recovery plan, an organization stands little chance of regaining control in a timely manner.  

Some questions to ask yourself and your organization supporting your IT systems are:

Do we have a properly designed infrastructure?

Do we have a process to apply security updates ongoing?

Do we regularly backup our critical data?

Do we have a disaster recovery plan that is updated and tested on a regular basis?

Do we regularly validate our security posture, including audits and testing?

Are all of our methods documented and reviewed on an ongoing basis?

If we were to suffer an attack do we have a planned response, as well as the financial resources to recover?

Network Management Solutions has been helping organizations since 1996 design, implement, monitor and manage critical IT assets. Please call us for a free, confidential discussion regarding your IT challenges and goals. We can be reached at 908-232-0100 or on the web at www.nmscorp.com.

IoT, What You Should Know

Do you know what IoT stands for? IoT is the Internet of Things. It allows organizations and individuals to interconnect their home and business devices through a cloud (Internet) based service. Tech talk has been consistent since the beginning of time with its never ending stream of acronyms. If you’re like me you might find it a bit of a put-on. I guess originally tech speak was intended to make things sound important, technical, and beyond the average person. Today not surprisingly most industries have their own acronyms. 

Back in the mainframe days of the 1980s there were FEPs, Front End Processors; DASD, Direct-Access Storage Devices; and computing power was measured in MIPS, Million Instructions Per Second. Transmission lines were measured in KBPS, kilobits per second and there was no Internet yet. Computing resources and data storage devices were guarded by physical security such as, guards, video surveillance, card readers, as well as key locks. Companies that had multiple geographic locations and could justify the cost had point-to-point transmission lines providing remote access to mainframes and other computing platforms. Many times the remote terminals were kept in secured rooms that only authorized users could access. Security in general was simplified and data breaches far less common and certainly not headline news.

Today we live in a data intensive age where digital transactions build our digital footprint and influence how we are marketed to online. The average home today has greater processing power, data storage and global broadband access than many large corporate entities maintained in the early 1980s. Physical security controls while still important today have been augmented with a large array of technologies to monitor and manage information security at a physical, connectivity, application, and transaction level.

Cloud computing has become a serious alternative to multi-million dollar corporate investments, long timeframes and large support staffs providing pay-as-you-go pricing and the ability to scale globally on a near immediate timeframe. Millions of businesses use some form of cloud computing including startups, government agencies and the largest enterprises.

Amazon’s IoT Core has millions of customers and can connect billions of devices and process trillions of messages globally. Cloud computing is an incredible leap forward in computing technology in terms of its global reach, processing, scalability, and availability. While the technology is mind blowing there are still noteworthy security risks and downsides that are not addressed by simply implementing a cloud based infrastructure.

The Commission on the Theft of American Intellectual Property estimated in April 2018 the annual costs from the loss of intellectual property ranged from $225 billion to $600 billion. These costs are projected to rise to $6 Trillion worldwide by 2021. While there are many ways that thefts occur, including social engineering, technology transfer, hacking, the point is that there are risks regardless of how you run your business and that implementing a cloud based infrastructure is not a cure all.

Whether you are a small or large business securing end-point devices such as office computers, terminals, usernames/passwords, remote access devices, networking infrastructure and properly training employees to be able to identify potential fraudulent activity is critical. End-point devices need to be maintained though ongoing backups, updates and other processes. Finally if you are breached you need to be able to detect malicious activity and eliminate it in the shortest timeframe possible. Many of the largest breaches go on undetected for years leading to serious losses and business consequences.

Network Management Solutions has been helping small to medium sized businesses, along with some large global organizations adapt to the ongoing changes in networking and computing technology since 1996. Contact us for a free, confidential consultation. We can be reached at 908-451-1821.

The Value of Independent Oversight

The other day I was working in my shop. I mistakenly placed an expensive tool in a precarious spot and as circumstance would have it, the tool fell and was damaged. I was of course upset but it was my fault and I own the mistake. I was focused on the task at hand and not paying attention to details. Well, when I checked for a new part to repair the tool and found it was more than half the cost of the original tool, I was even more regretful. It was a hefty price to pay and an expensive lesson learned.

I identified the supplier for the part, a well known company, and begrudgingly placed the order. The quicker I ordered the part the sooner I’d get over the sting of my hurried mistake. Ordering the part was easy and my credit card was charged immediately. I waited for an email to relay the shipping details, one day, three days, one week passed before I finally decided to call the supplier for an update.

Upon calling the supplier the phone was answered within a matter of minutes and the support person pleasant. I was advised that the part had yet to ship because the company warehouse was 6 days behind schedule due to a failed IT upgrade. I was assured however that the order would ship within the next week. I was not happy as the payment was processed the day of the order.

I had never dealt with the company prior. It’s likely if I listed their name you would know the brand and perhaps like me, having dealt with them or not had a positive image of the operation. The reviews I read prior to ordering were largely favorable. My opinion however has changed and I know that’s harsh. The reason is that had I been advised before placing the order I would have had an opportunity to consider a different source, or been an informed, understanding customer that waited for the part through the delay. Instead there was no communications prior, and I had to call for the company for the reason of the long delay.

Does this major tool supplier realize the cost of their failed IT upgrade? A six day delay in processing orders is a big deal. What is the cost in terms of revenue, rebates and apologies to big buyers and future sales, but far beyond that the damage to the brand’s reputation? What other companies that depend on the supplier were unable to meet their customer deadlines?

Often organizations large and small don’t consider all the details of a complex or even routine upgrade. Personnel sometimes don’t speak up due to politics or their input is dismissed. Many times companies don’t measure the business impact of failure and hence there is no back out plan to restore service or communicate status with management and other stakeholders. 

At a minimum when undertaking an upgrade consideration needs to be given to items such as, can the current infrastructure support the new requirements; can the in-house personnel support the project; is there sufficient knowledge and planning by the stakeholders to ensure success; and most importantly what are the potential impacts to the company if the project fails? Critical to every project is a back out plan. Should the project fail, how are negative impacts to the company and its customers minimized? Finally if necessary at what point does the company communicate with their customers and what is the specific messaging?

Of course I don’t have the detailed reasons for the disruption. I do however know one thing as do many of the company’s customers and that is they failed. While failure is not uncommon in the complex information technology world, it is largely due a lack of planning and oversight, and when things go wrong negative impacts are magnified. Perhaps if there had been a back out plan to revert to the prior state no one except the company and maybe it’s vendor would have known. Even planning customer messaging would have minimized impacts to the company’s brand and its customers.

Network Management Solutions has been assisting companies since 1996 to design, implement, monitor and mange IT infrastructure. We have helped companies recover from failed projects, security breaches and outages. Contact NMS for a free, confidential, consultation to understand how we may contribute to your business’s success and its good name.

Why You Should Care About Information Security As A Small or Mid-Sized Business Owner

You’ve seen the news, heard all the hype; Marriott, Chinese State sponsored hacking, DNC email leaks, along with Saks, Lord and Taylor, Panera, Facebook, Under Armour among others becoming victims of data breaches. You’ve probably also seen the TV shows and commercials portraying hackers and their potential targets being defended by some slick cybersecurity group. While it’s dramatic, what does this have to do with you, the small to mid-sized business owner or manager?

Perhaps at first glance little to nothing you would say. Who would want my company’s information, no one will target us you think. Well, while yes the big companies, political organizations, governments, and others are direct targets you may be a target as well, albeit indirect. 

While no named organization, or government entity is going to directly attempt to hack your company you may be the target of smaller groups that crawl the Internet searching for vulnerable anonymous systems. So why do they look to do this especially if you and others truly have nothing to offer you ask? Well, at the very least you have some information as well as servers or other infrastructure that is of value to the perpetrator.

Hackers have differing motives. Some may be in search of sensitive information such as credit card data or personal and private information, others may seek to take control of your systems to anonymously launch hacking operations on others from your systems, while others may look to store stolen information for sale, or host pornography. Many who conduct this type of activity may do so from Internet cafes in far off places with limited chances for prosecution. Many have little means and any payoff from compromising a system is welcome. It’s not glamorous like what you get from TV or the media, not dramatic but the ‘work’ pays off.

So how do they find me?

Hackers use simple scanning tools readily available as freeware and test address ranges, identifying networks that have weak security controls or improperly configured networks. While they may not have specifically targeted your company they may stumble upon your company as its Internet addresses lie within the range of their target scan.  

So what’s next?

When an IP address is found to have technical vulnerabilities the next step by the hacker is to exploit the vulnerability with more free pre-packaged hacking tools and see if they can gain access to your network or systems. With success additional tactics and tools will be employed to poke around inside the network to see what information or hosts may be readily available for compromise.

What’s the payoff?

If they do obtain records of value, such as credit card information they look to sell it to other criminals that will exploit the information.  Values vary but here are some rough numbers.  Credit card information roughly sells for  $5 to $8. Data that includes the number as well as a bank ID number or a date of birth sells for $15. “Fullzinfo” information, which may include details like a cardholder’s full name, address, mother’s maiden name, Social Security number, and other details, can sell for $30. $30 to someone that lives in a far away place may be more money than the average person normally sees in weeks or a month. Beyond that they may disrupt or take control of your system just to show they can.

What’s your potential harm?

The potential for reputational harm or an inability to operate may far exceed the value of any stolen data. You may loose customers, business partners and revenue should your compromise be known or legally need to be reported. Business impacts could be severe if you can’t operate for a period of time.  Beyond that you may find that you are facing lawsuits from customers or business partners.

While I can continue to write the Internet is full of information and articles related to this topic so don’t just take my word for it.  Take a look on your own though some simple Google searches.

We have helped numerous companies recover from hacking, viruses and other security events as well as strengthen defenses against random hacking. Please feel free to contact us at 908-232-0100 for a discreet, confidential discussion as to how Network Management Solutions can be of assistance to you and your company.