Close

data security

Dropbox is Not a Remote Access Solution: A COVID-19 Case Study

by
Dropbox is not a remote access solution article feature

The Scenario in Brief

During this challenging time, we all have had to scramble to adjust to a new normal, both on a professional and personal level.

Here is an example of a company that was trying to find their own way to work remotely. This particular customer has a case management suite that links to Dropbox in the office. Their case files and templates link to the cloud, their Dropbox. Our client decided to give all their employees access to Dropbox through their personal home computers.

It was easy.

The employee can work from their home computer, make their edits on Dropbox, and it updates to their case management suite. When we dug deeper, we learned that the computers they are using are shared with other family members.

If ransomware got on this computer from a clicked email that would then infect the locally-stored Dropbox files. This would then sync up to the cloud because Dropbox would not know that the data is compromised. It just sees data. The original data would not be available and the new data would be encrypted and locked.

From a support side, we had servers being backed up in the office, as well as other important folders. The client thought they had a backup, but they did not realize that Dropbox was not being backed up.

Further, the client was not aware that Dropbox stores a local copy of its files on computers that are synced. This means these confidential case client files were available to other family members in the household. To make matters worse, if the machine got infected, the case studies would be readily available to bad actors.

The Solution

We ended up setting up a VPN solution for this client, which allowed them to remote into their desktops. This is a common and easy solution, which gives employees their work environment at home. They now log in to their work computer that already had Dropbox. We uninstalled Dropbox on the unsecured personal computers.

People have this belief that everything that is going to be out in the cloud is going to be safe. Sometimes it is not clear that this “cloud” is just a server sitting somewhere else. The reality is unless you invest in creating backups, or backing it up yourself, it is as susceptible as your hard drive getting ransomware.

Finally, Dropbox has an additional plan that allows data retention for the 30 days. We implemented this as an extra safety measure.

The Lesson

Companies are going to find quick methods to solve their problems. This case study was an easy solution to remote access and our client had no idea they exposed vulnerabilities and security holes. Nothing had gone wrong, so they thought they were safe.

It’s always wise to engage a consultant in cases like this. We were thankful we could help in this regard and prevent what could have been a bad situation.

Phishing Attacks on the Rise: How To Protect Your Business

by
Phishing Attacks on the Rise

An increasingly common cybercrime, phishing is the term for when criminals attempt to get users to provide them with sensitive information via the internet, or in the past, phone calls or letters. Phishers may send fake emails or construct bogus websites, hoping internet users will either make an online “transaction” or reply with personal details. Unfortunately, cyberattacks against businesses and individuals using phishing tactics have only increased over the years, and they show no sign of slowing down.

Phishing Statistics – Small Business at Risk

The 2019 Global State of Cybersecurity in Small and Medium-sized Businesses conducted by the Ponemon Institute LLC stated:

  • “In addition to tracking trends in cyberattacks and data breaches, this year’s study reveals how SMBs are unprepared to deal with risks created by third parties and the Internet of Things (IoT).”
  • “A key takeaway from this research is that over the past three years there has been a significant increase in SMBs experiencing a data breach as shown in Figure 1. In addition, 66 percent of respondents said their organization experienced a cyberattack in the past 12 months.”
  • “In the aftermath of these incidents, these companies spent an average of $1.2 million — an increase from $1.03 million in 2017 — because of damage or theft of IT assets and infrastructure. In addition, disruption to normal operations cost an average of $1.9 million, an increase from $1.21 million in 2017.”
  • “Phishing and web-based attacks are the top two cyberattacks. Seventy-two percent of respondents said that they have experienced at least one cyberattack.”

We highlight these findings, not to create unnecessary fear but to help educate. We hope we can help prevent this for all our clients! If you own a small business, here are some proven ways to protect yourself from phishers.

Never Provide Personal Information to an Untrustworthy Source

If you are like most people, you may be used to receiving important information and updates from your bank via email or text. There is nothing wrong with this, but unfortunately, phishers often pose as banks and other financial institutions to obtain personal information from consumers. Never send personal banking information to a “bank” via email or text. If you are unsure of a company’s website or email is authentic, don’t hesitate to contact them directly.

Be Wary of Emails from Unknown Parties

Emails from unfamiliar or unlisted addresses are often phishing lures capable of infecting your computer or phone with malware. Once you click the link to the email, the malware will install itself, usually without your knowledge, and may obtain any important information you enter into your computer or online.

Don’t Fall for Scare Tactics

Phishers often attempt to scare users into providing them with sensitive data by pretending to be government organizations or large companies. For example, a phisher may send a threatening email pretending to be the IRS or the CIA. Some phishers may even claim they already have access to your personal details or browsing history, which they will share with everyone else if you don’t provide the rest of your financial information. Do not respond to such threats.

How to Mitigate this Problem

Here at Palitto Consulting Services, we understand the importance of cyber security. There are three important steps you and your business should be taking:

  1. Two-factor authentication should be added to your email accounts
  2. Anti-spam and malware and anti-phishing filter software should be used
  3. Your team should receive some phish threat and security awareness training
If we haven’t had the discussion with you and your business, please contact us today to learn more about the services we can provide to protect your business.

PCS Engineers Gain Additional Certifications

by
Sophos Security

At Palitto Consulting Services, we are always working hard to ensure that we offer our clients the best possible value. Part of that is a commitment to continual education. Our engineers and consultants regularly seek out conferences, training sessions and other learning opportunities. Recently, four of our engineers earned new certifications. These certifications both reflect our efforts to advance and give our clients the added comfort of knowing their systems are being worked on by the best in the business.

XG Firewall Certification

Team members Dan Allen, Mike Brumfield and David Virkler acquired the status of Sophos Certified Engineer for XG Firewall. This world-class firewall offers superior visibility, protection and incident response. By getting certified in applying and maintaining this firewall, our team will be able to help our clients secure their networks with best-of-breed protection.

Sophos Central

Ben Zelei received the status of Sophos Certified Engineer and Architect for Sophos Central. This unified console helps businesses more effectively apply and manage Sophos security products. The entire Sophos suite can help organizations with everything from detecting and preventing breaches to encrypting data. Attaining this certification will help Ben better serve the needs of our clients for network and core infrastructure security.

Palitto Consulting Services’ Dedication to Security

In the modern business world, security is a paramount concern. Cybercriminals are getting more advanced and learning new tricks. We know that our clients rely on our engineers to apply the best practices and top-quality tools to ensure their security. Our most recent Sophos certifications and other continued learning efforts play a major role in how we work to protect our clients’ networks.

Count on PCS for Your Security Needs

Whether you need a Sophos XG Firewall implementation, a full network security audit or any other technology consulting service, Palitto Consulting Services is always ready to serve our clients. Contact us today to learn what we can do for your business.

Learn About Cyber Security With Bryon Palitto of Palitto Consulting Services

by
Cyber Security

Technology helps businesses become more efficient and connected, but it comes with downsides as well. Flaws in security can allow criminals to access important data, putting both companies and clients at risk. Cyber security is getting the attention of many businesses, but few know what to do.

Recognizing this issue, Bryon Palitto, CEO and founder of Palitto Consulting Services, has spoken on the topic at several venues over the course of 2019. Even if you can’t hear his presentation in person, you can learn about the most important points: why you’re a target, recent attacks and how to avoid becoming a victim.

Reasons Cyber Criminals Target Businesses

Bryon Palitto News Story PhotoCommercial enterprises have a wealth of data, even if they don’t know it. According to a recent survey, 54% – 68% of small businesses have personal customer information on file, including the following:

  • Billing addresses
  • Email addresses
  • Phone numbers

Online crooks can use this information to access accounts and potentially gain more critical data such as credit card numbers.

Businesses are also at risk for ransomware. These programs lock down systems so hackers can hold them hostage and demand ransom. In the end, cyber criminals are looking for power to force others to give them what they want.

Attacks You Should Know About

According to 2018 surveys, 67% of businesses were affected by attacks, making cyber security more important than ever. You may have heard of some of the biggest cases:

  • DDoS attack on Telegram Messenger
  • Stuffing attack on Dunkin’ Donuts
  • Hackers breach Citrix servers
  • Toyota data breach

Ways To Protect Yourself

Despite the dangers, there are ways to prevent breaches. First of all, you should hire professionals to do a risk assessment. This identifies weak areas in security protocol and systems, which you can then bolster.

You should also make sure all employees understand basic email security, password protocol and other relevant cyber security measures. Everyone is responsible for protecting a company, from the CEO to part-time workers.

Want to improve your security? Interested in Bryon speaking at your event? Palitto Consulting Services has been helping businesses protect their technology for over 20 years. For more information, give us a call at 330-335-7271 or contact us online.

Joe Miller Completes Data Mining Course

by
Joe Miller News Story Photo

Joe Miller recently completed the course, Data Mining, provided by the College of Engineering at Ohio State University. This course is one of four non-credit courses in the Certification in Practice of Data Analytics (CPDA) program. The course focused on introducing data mining fundamentals and algorithms, covering topics of distance/similarity measurement, anomaly detection, and association, classification, clustering and pattern algorithms.

Data is increasingly becoming more important for almost any type of business. Ginni Rometty, CEO of IBM, recently stated the following in an interview: “Most important, we believe that the basis of competitive advantage in the future will be data. As I’ve said before, data is the next natural resource” (“Don’t Try to Protect the Past,” Harvard Business Review, July-August 2017).

PCS helps businesses make intelligent use of technology. In that context, our team of professionals appreciate the opportunity to help in regards to a company’s data.