We have been following the Kaspersky drama in the news. At this time, we have not yet seen any evidence that Kaspersky is doing anything nefarious. We do think they just have a major PR problem caused by the current political climate.
This being said, Hilltop has engaged with an alternate endpoint security provider, named BitDefender. BitDefender provides a more robust solution than Kaspersky antivirus.
...
A few years ago, a prospect requested consultation from me during the process of starting her own business after years of being a government official. She declined my proposal and went with what she felt was a less costly solution. Shortly thereafter, the contents of her mailbox were posted online on one of those "leaks" websites. Ironically, an entire email chain I had with her assistant was included in the leaked data.
The proposal that she declined included a migration from Gmail to Microsoft Office 365. I had discussed the benefits of Microsoft Office 365, such as Multi Factor Authentication and better vendor support. I warned the prospect of the risks of her current setup. I advised her on the steps it would take to mitigate the risks. As a former government official, she was at very high risk. I offered a clear path to avoid her being hacked. I sent the prospect and her assistant an agreement that needed to be signed so that the project could proceed. That was the last I heard from them. I figured my hourly rate was too high and that they went with one of those cheap online offers for migration.
...
Funny but true story.
Years ago, I went to meet a small business in Rockville to discuss Hilltop providing them managed services. I met them after I had sent in Paul Recksiek, our VP of Consulting, to conduct a free assessment of their network. I knew they were in a rush because their last MSP was circling the drain, and the only remaining good engineer from their soon-to-be former MSP was coming to work for me.
...Last week, my family did something that not many families get to do. It was an exciting adventure that involved a boat, the ocean, red hot lava, and the amazing reaction when these three things meet. This trip was part our trip to Hawaii to celebrate my 20th wedding anniversary.
The five of us took the Lava Ocean Tour based out of the Big Island of Hawaii. This was a once-in-a- lifetime excursion that my family will never forget. It was also a great learning opportunity for me, my wife, kids, and mother-in-law. It wasn’t just a chance to learn about geology or nature, but a chance to teach them about fairness and appreciation.
...
Unless you are living under a rock, perhaps even if you ARE living under a rock, you have by now heard of the “Petya” cyberattack that has hit 65 countries as of this morning. There is a LOT of varying information coming from many sources and all of it can leave one feeling dizzy. So, let’s get to the important questions: What is Petya and how can you protect your business from this attack and others like it?
The current Petya ransomware virus is a more sophisticated version of a Petya virus that surfaced last Spring. Because this is a new version of the original Ptra virus, it is also being called NotPETYA, GOLDENEYE and/or PETR. While Petya is being compared by many to the WannaCry virus that struck last month, it is important to note that thus far Petya seems to be spreading at a slower rate. However, many have noted Petya attacks newer systems (unlike WannaCry) and so far, shows no indication of a “kill-switch”. Petya can worm through computer networks, gathering passwords and credentials and spreading. Here is what happens on the infected user’s end: after a self-imposed delay of at least 10 minutes the malware uses a reboot to encrypt files, users then see a phony black-and-white "CHKDSK" message on their screen that claims an error has occurred and that the system is checking the integrity of the disk. Experts say this is the last chance for users to power down their computers and protect their files before they are encrypted and held for ransom.
...
By now, everyone knows of the ransomworm “WannaCry”. The virus has caused approximately one billion dollars in damage. Opportunists are now using different approaches to take advantage of this attack with their own lures.
In these cases, victims see a pop-up on their computer screen that claims the pop-up will not close, stating that the PC is infected with the WannaCry virus. The scam claims that the only way to get rid of the pop-up is to call an 800 number. When calling the 800 number, the victims believe they are speaking to Microsoft. They are scammed out of over $400 to remove the pop-up and to “clean” the virus. The scam artists are actually using a free tool from Microsoft and simply removing the pop-up.
...Last week, DocuSign acknowledged that they were a victim of a data breach which has now resulted in DocuSign-related malware attacks. Ransomware and other malware may be hidden in files disguised as DocuSign-ready attachments.
Although DocuSign users may be the primary targets of these campaigns, you need not be a DocuSign user to receive a tainted email. ANYONE could get one of these infected attachments. All users should be suspicious of any email with the following subject lines, or something similar.
...
This week someone sent a Tweet to President Trump using the Twitter handle of @McDonaldsCorp. The Tweet read “@realDonaldTrump You are actually a disgusting excuse of a President and we would love to have @BarackObama back, also you have tiny hands.
The McDonald’s corporation quickly deleted this Tweet, and stated that their Twitter account was compromised.
...
Almost every managed services provider includes server monitoring with their support offering. Server monitoring is a good thing, however it is just part of the “table stakes” for calling yourself a MSP. Unfortunately, this level of monitoring is not enough to fully protect even small businesses anymore.
Many managed IT services providers and IT support companies use software such as Kaseya, Labtech, SolarWinds, or N-Able to monitor their client’s servers. These software packages will notify your technology consultants that a server has either generated a critical alert, or that some utilization threshold has been crossed. Thresholds for disk space, processor, and memory utilization are very common. The monitoring tools will also tell you if your router or firewall are offline. These alerts and alarms are typically monitored by a Network Operations Center or NOC.
...
Recently, an owner of a small Managed IT Services Provider (MSP) near Atlanta, GA was arrested for shutting down access to a customer’s data due to non-payment. This is a truly unfortunate situation for all involved. The MSP should not be expected to provide services for free, and the customer should not lose access to their data – which is essentially their property.
In a perfect world, both parties would have understood the ramifications of non-payment, remediation would have been mandatory, and ownership of data clauses would have existed in the contract so that no legal questions or comebacks exist. In this example, the owner of an MSP was arrested and the business was embarrassed with having its non-payment of services advertised to potential clients and vendors in the local news.
...
Your clients’ company data is under attack. Company sensitive data is lost, stolen or exposed. Cyber security breaches happen every day but more often, the data walks out the door on a laptop, a mobile device or USB stick. According to a Ponemon Institute report , 7% of all corporate laptops will be lost or stolen sometime during their useful life. The rapid adoption of mobile devices with large storage capacities and Internet access is opening up even more channels for data loss or theft. So, a total data protection plan that protects sensitive, proprietary, and personally identifiable information must be a top priority for MSPs.
We live in a Bring Your Own Device world; therefore, any data protection solution must start at the device. Preventing data loss at the endpoint begins with monitoring and regulating through company data security policies; from how employees use and transfer sensitive data via email, IM, printing, and USB drives; to controlling how users send, access, and print sensitive data at the endpoint -- physical or virtual, through applications, and onto storage devices. Controlling data access at the device level is also important for another reason: to stop confidential data loss due to virus infections, and file-sharing applications that hijack employee credentials.
...
Most organizations have disaster recovery procedures in place. However, few have disaster recovery as a cloud entry point. This will ensure that your staff and clients can access critically-important information regardless of unfortunate events. As long as the continuity and disaster recovery plan is not dependent on hardware or tape-based, it will not take up too much time or resources. Here are the top reasons to rely on IT support in Washington DC for the implementation of disaster recovery for an entry point to the cloud.
The cost of downtime is crippling. Nearly one-quarter of all businesses endure a failure of some sort in any year. Over three-quarters of these companies go out of business in a year's time. The total cost of IT downtime exceeds $26 million per year.
...
If you are familiar with IT services providers in Washington DC, chances are you have heard of the cloud. This technological innovation allows for the rapid retrieval of information regardless of one's physical location. The cloud also allows people modify documents from afar in real-time. It is perfect mobile computing solution for collaboration between co-workers and clients. However, there is another type of cloud that your business might need: hybrid cloud. At Hilltop Consultants, we can help you understand everything there is to know about hybrid cloud IT resources.
There has been a shift of business systems, apps, and general work to hybrid cloud service providers over the past years. Many businesses are on the prowl for means of offloading the management of these complex environments in order to key in on the fundamentals that generate the most revenue.
...
When choosing an IT consulting firm in Washington DC, you need to consider their cybercrime fighting skills. Make sure that they are up-to-date on the latest security threats and cyber frauds, like Methbot, for example. And if you think a bot farm is not going to cost you money, think again. The Methbot scam has been making millions of dollars for Russian operators engaging in various types of fraud. The scheme involves fraudulent IP addresses, a bot farm that manufactures fake traffic for PPC platforms, bots watching videos, and automated web browsers. Without proper protection, threats like Methbot will ruin your business.
You have likely heard of a cyber-attack called Distributed Denial of Service, or DDoS. This kind of attack overwhelms an online service/network with traffic, making it unavailable for legitimate users and disrupting operations. But it is too hard to launch an effective attack on your network, right? Mirai malware just made it a lot easier to attack any network by infecting IOT devices and creating a Mirai botnet. A Mirai botnet recently created headlines when it targeted and attacked Dyn, the large DNS provider for Twitter, Netflix, Reddit, and other major media hubs. The DDoS attack was considered the largest of its kind in American history. The Mirai code can knock websites offline and can compromise the default factory passwords of IOT devices--- that means over 60 million devices are at risk. Unlike revenue-generator Methbot, DDoS attacks do not affect ecommerce, but can hurt a company's revenue by blocking Internet access.
...
The Managed Security Service Provider (MSSP) you select will go a long way in determining the efficiency of your operations. Your top priority is to establish a rock-solid alliance with a trustworthy partner, and this will take some time and experimentation. You can get some valuable insights from Stephen Covey's hit book, The Speed of Trust. The principles outlined in this book are applicable to your search and ensuing relationship with an MSSP. The book's theme revolves around the notion of trust being earned rather than provided to anyone. Here is the dynamic of trust between your company and your managed IT services Washington DC partner:
If you are hesitant to place your trust in an MSSP, you are not alone. Your data is highly sensitive, and inviting an MSSP to handle this information is inherently risky. Your MSSP requires access to all information and traffic on your network, otherwise, this threat-monitoring service will not prove effective. However, MSSPs do not look at every single bit of data--- they examine system and security logs to do their job. Still, monitoring devices allow access to all of information on the network. If your MSSP improperly accesses data or shares such information with others, they could ruin your business. Partner with an MSSP that adheres to a series of specific access rules and you will not have to worry about improper data access.
...
Finding fast and responsive IT support in Washington DC that also excels at execution is one of the biggest challenges for Washington-based businesses. While there are many providers to choose from, not all of them have the expertise, skills, or certifications to help your business. Below are a few things to think about when evaluating IT support consultants in Washington DC:
There are many IT providers in Washington DC, each one with their own story and their own perspective on how to support their clients. But be careful who you choose to partner with, since not all these firms will help you and your business achieve success. Things that we often see from other providers are:
...
As you evaluate the wide selection of Washington DC IT support providers, consider size and longevity. Some IT companies have been around over two decades with a hundred employees or more. The vast amount of newer companies lack the authority that commands the attention of businesses that care about quality. Thought leaders of the IT industry provide the greatest opportunities for business growth through more efficient decision-making.
The reason not every IT consultant can be considered a thought leader is that many of them don’t take the time to keep learning new developments in their industry. The average IT firm doesn’t provide a wide selection of services and can’t meet all the data management needs of any given company. Only a handful of IT companies have the experience to be able to consult on multiple issues involving computers, software, networks, and the Internet. Many businesses, unfortunately, don't do enough research and pick the first IT firm they encounter.
...
Some IT consulting firms in Washington DC try to lock clients into to long-term agreements. The problem with this arrangement is if you get stuck with a provider that doesn't live up to their side of the deal, you can be trapped with mediocre service that generates diminishing returns. Here are ways to explore the market and find the appropriate reliable provider before signing a contract.
The market is flooded with IT firms, but that doesn't mean they all provide the same level of quality service. Some firms have existed for years and employ top talent, while others are bottom feeders just trying to take money from whoever they can without worrying about customer satisfaction. Make sure that you do your homework before signing a contract. The last thing you need is to commit to a multi-year SLA, then be stuck with a lazy unreliable support team that may not know all the answers to resolving your technical issues.
...
In this article, we're going to reveal a surprising truth: not all IT consulting in Washington DC is actually local--- that, in itself, contains a lot of implications, so we're going to dive into the explanation and, more importantly, what that means for you.
Oftentimes, when you're looking for a business to work with, you'll search advertisements in your area. This makes a lot of sense: any respectable peer will have the money to put up ads both in the area and on local listings. Outside of direct recommendations and search engines, this is how most people find IT consulting in Washington DC. So, you'll get a tasty-looking listing for a company that claims top-tier IT service at a reasonable price for businesses in your area. How do you pick them apart?
...
No one wants to think about their IT system going down in the middle of the night, but when you have the right IT support in Washington DC, you can at least have the peace of mind knowing that someone is there to take care of it should the worst happen. When choosing an IT company, it can be easy to simply go with the company you like the most or the one with the flashiest website. However, what truly matters is that they’ll be there for your when something goes wrong at the worst possible time.
When comparing IT companies to hire, a staple question to ask them is if they offer 24/7 support and what that support looks like. How large is their team and how many of them are on-call or work off hours? What is their protocol if your system does down at 3 a.m.? Still not sure if you need an IT company with 24/7 support? Here are a few reasons to help convince you.
...