It’s Time to Have a Talk with your IT Company

The relationship between a business and IT team or IT person used to be so simple. Do you remember those old Saturday Night Live skits with Jimmy Fallon playing “Nick Burns: Your Company’s Computer Guy?” It was kind of like that, only with less sarcasm.

You would call up your IT Company when you had an issue with your server or a company computer, and someone would come over and fix it.

Today, things are much more complicated. Akron, OH IT Service providers are not only tasked with keeping your networks up and running, but they are also your first line of defense against cyberattacks. If they fail to adequately protect your network, or if their own system gets hacked into, your IT provider could destroy your business and everything you worked so hard for.

We meet with one or two companies every month whose business is on the brink of disaster because their IT company failed to properly secure their network or because they didn’t have a proper backup plan in place. Please, don’t let this happen to your business.

It’s OKAY to ask questions

It’s important to have an open dialogue with your in-house IT team or outsourced IT company to learn everything about what they are doing, and what they plan to do in regards to your company’s Information Technology.

Whether or not you outsource your IT or have an in-house team on staff, your IT provider is an extension of your business. You need to stay on top of what they are up to just as you would one of your employees. Often, business leaders will simply write a check and let the IT provider do “their job.”

10 questions to ask your IT Company

 

Please, have a conversation with your IT Company and ask specific questions about things like cybersecurity, backup plans, and network monitoring.

As we wrote in the article The Wild West of IT Services, there are no regulations governing IT Service Providers. It’s up to you to do your homework before hiring an IT person or team, and to continuing monitoring the work you are doing for you.

What Questions should you ask?

We have created a Cyber Security Risk Assessment that we encourage you to take. This questionnaire takes less than five minutes to complete and will give you an idea of how well your IT Service Provider is managing your network security and protecting your business against cyberattacks.

IN ADDITION, feel free to ask your IT Company any of the questions from this assessment. If there is a question you are unsure of, ASK your IT Provider for the answer. This is a great tool to help you get the conversation started.

 

Feel free to email me directly with any questions.

Pat Carroll

Cyber Tricks to Watch out for!

It’s fitting that Halloween falls during Cyber Awareness Month. That’s because cyber criminals and hackers love to dress up in costumes to try and lure us into online scams or to steal our passwords and sensitive data. This year’s most popular costumes are sure to include the usual suspects: IRS employees, friends and family members in need of cash, and the timeless classic–wealthy Nigerian princes and princesses.

But cyber criminals are also now wearing more sophisticated disguises that are becoming harder for us to identify who they really are. It’s up to us to stay on top of the latest cyber trends and be proactive when it comes to protecting our personal and business information from a devastating cyber trick.

Below are 4 current Cyber “Tricks” to look out for:

1 Malware & Ransomware

What’s scarier than werewolves? How about someone holding your computer files hostage while demanding a large sum for you to get them back! This year alone, ransomware attacks are estimated to cost businesses and individuals close to $12 billion in damages!

How to prevent Malware & Ransomware attacks? There are many things you can do to prevent becoming a victim of a malware or ransomware attack, which can be a devastating cyber trick. You can start by changing your passwords regularly, using multifactor authentication, not using public or unsecured WIFI, installing proper firewalls and antivirus software, as well as following these IT Best Practices.

Cyber trick

2 Social Media Scams

Hackers love to dress up as old high school friends or relatives trying to connect on Facebook and Linkedin, only to take advantage of your trust by asking you to click a corrupt link, viewing your private data, or even stealing your identity.

How to prevent Social Media Scams? Don’t post anything on social media that you wouldn’t want a stranger to know or see. In addition, be careful using apps that log you in through third-party sites; exercise caution when accepting friend requests; and never click on suspicious links or send money to someone asking for cash online (even if it is grandma)!

3 Corrupt Email Attachments and Downloads

Phishing scams are becoming harder and harder to detect. They may appear in the form of normal looking, everyday emails from trusted senders asking you to download a corrupt attachment or click on a corrupt link (often the source of a ransomware attack).

Also, as we discussed in the Cyber Crimes article: Case #104: The Heavy Machinery Hacker, some hackers are so bold that they impersonate vendors or trusted company employees and then ask for money to be wired for business-related purchases or expenses.

How to prevent online phishing scams? First, stay up-to-date on the latest phishing scams and educate yourself on what to look out for. Second, don’t click on any links or attachments without being 100% sure they are from a trusted source. Third, if anyone asks you to send money or for your private information, such as a credit card number, reach out to them by phone to verify that the transaction is in fact authentic.

4 Attacks on Service Providers

Is your IT company the weak link in your company’s online security? How about your cloud computing service provider? It’s becoming more and more common for hackers to go after vendors rather than individual companies.

Why? First off, there are no regulations in the IT Industry. That means your IT provider—the same company who has access to many of your passwords and sensitive company data—may not be practicing the high level of cyber security they preach, and thus are an easy target for hackers. In addition, IT companies work with multiple clients. So when a hacker infiltrates their network they gain information to all of their customer’s data.

It’s like leaving a candy jar out on the porch and letting anyone grab what they like.

How can you prevent a 3rd party vendor from being your weakest link? Only work with trusted service providers. You can start by making sure the vendors you work with have been thorough vetted by an independent auditing firm and are SOC certified.


For more cyber security tips to prevent a cyber trick, follow PCR Business Systems on Linkedin and Facebook.

PCR Welcomes Kevin Fitzgerald

We are happy to welcome Kevin Fitzgerald to the PCR Business Systems Team. Kevin is a talented IT specialist and is sure to make our Akron IT support company even better!

Here are a few things about Kevin to help you get to know him better:

  • After high school he served four years in the United States NAVY
  • In his spare time he enjoys woodworking and working with his hands around the house
  • He enjoys playing video games and also sitting down with a good book
  • He has a degree in Computer Technology and previously worked in IT at Nickles Bakery and Spectrum

Questions for Kevin:

Q: What time did you get up this morning?
A: 6 a.m.

Q: What was the last movie you saw at the cinema?
A: Godzilla: King of the Monsters

Q: What is your favorite TV Show?
A: House

Q: Favorite cuisine?
A: Indian

Q: Least favorite foods?
A: Liver and Onions

Q: Pets?
A: Two Boston Terriors

In businesses since 2004, PCR is the trusted IT provider for Akron area businesses. Learn more at pcrbusiness.com.

New Job Opening!

PCR Business Systems is one of the fastest growing Managed Service Providers (MSPs) in the Akron area, with an ever-expanding list of clients who we provide world-class service for. We offer exciting opportunities for employee advancement in an environment where you can showcase and hone your skills while working alongside talented and like-minded individuals.

We are a close-knit group who enjoy a good company BBQ, an occasional craft beer after work, and who are all supportive of each other in helping achieve one common goal—to provide service that is nothing short of excellent.


Sound like you would be a good fit? Here’s what we’re looking for…

 

The Opportunity…Full-Time Installation Support Specialist

Job Description…This entry level position is perfect for someone looking to gain experience and growth in the IT Industry. The Installation Technician will be tasked with installing, configuring, and testing new computer equipment to client specifications, recycling outdated equipment, and training clients on how to optimize new IT equipment.

Who we’re looking for… Eager, growth-minded individuals who want to grow with us and who are pursuing a career in IT.

A successful candidate will be able to perform the following duties:

  • Inspect computer equipment and prepare equipment for delivery
  • Installation of computer hardware and peripheral components on client’s premises
  • Loads specified software packages such as operating systems, Office applications and other 3rd party software on client’s computer systems
  • Responds to client inquiries concerning systems operation and diagnoses system hardware, software, and operator problems
  • Instructs users in use of equipment, software, and manuals
  • Recommends or performs minor remedial actions to correct problems
  • Coordinates activities with help desk, network services, or other information systems groups
  • Provides updates, status, and completion information to manager, problem request tracking system, and/or users, via voice mail, e-mail, or in-person communication
  • Replaces defective or inadequate software packages
  • Refers major hardware problems to manager for escalation and correction
  • Provides documentation for specific software installations and updates client’s document repository as needed

To be successful in this position, candidates will possess the following personal attributes:

  • Excellent communications skills – clear verbal skills, both spoken and written: ability to explain technical products and processes in a conceptual and clear way to a non-technical audience
  • Writing skills – important for development of customer proposals, statements of work, reports and presentations, and for communication with customers in writing/email
  • Team-oriented and skilled in working within a collaborative environment
  • Strong problem-solving abilities
  • Keen attention to detail
  • Personable and enthusiastic with the ability to build relationships with employees across all levels of the organization
  • Ability to effectively prioritize and execute tasks
  • Highly self-motivated and directed

Wage: $14.50-19.25/hr. based on experience

Other Benefits:

  • Health Benefits
  • Company matched retirement plan
  • Company paid certification/education program

Email your Resume to: amanda@pcrbusiness.com

The Company… In business since 2004, PCR Business Systems is one of the leading Managed Service Providers (MSP) in Akron, OH.  Learn more here.

 

What We Can Learn From One Of The Largest Cyberattacks In History.

It started with a single computer—one of tens of thousands from over 130 countries that were connected to the Maersk Network. It ended with the Danish shipping giant losing an estimated $300 million in a matter of days.

In the summer of 2017, in an office in Odessa, Ukraine, a port city on the Black Sea, a Maersk executive asked a member of his IT team to install the accounting software M.E.Doc (Ukraine’s version of TurboTax) on his office computer. Within seconds, NotPetya, one of the most costly and crippling cyberattacks in history began its reign of terror over Maersk—instantly turning computer screens black and completely shutting down the company’s network.

As the chaos quickly escalated, Maersk operations were halted throughout the world. Ships went dead in the water and tons of precious cargo (much of which was perishable) was stuck in shipping containers with nowhere to go.

But Maersk was only one of a number of companies and individuals who were devastated by the Russian-developed malware that was initially created to be used as a cyber weapon against Ukraine. Pharmaceutical giant Merck was believed to lose over $800 million, FedEx $400 million, and parts of Ukraine went weeks without power, food, or a working infrastructure—all as a result of NotPetya.

So what went so terribly wrong, and could companies have been able to prevent the NotPetya attack from occurring in the first place? To find an answer we must look at how NotPetya operated and how it was able to infiltrate computers in the first place.

It all began when Russian hackers hijacked the servers of a Ukrainian software firm that was in charge of providing updates for the M.E.Doc program. Going unnoticed, the hackers gained access into the update servers and thus also into the backdoors of all computers that had M.E.Doc installed. Once the malware was released, it was able to pull passwords and hack into other machines and applications using those same credentials, as well as spread throughout any company computer connected on a multi-network server. Once NotPetya infiltrated an operating system there was nothing the user could do. NotPetya was designed for one purpose only—to destroy everything in its path.

But what could Maersk and others have done to prevent the attack, and what can we do to protect ourselves from becoming victims of cybercrimes?

1- Multi-Factor Authentication: By now you should be familiar with and using Multi-factor authentication on all your connected devices. If you are not, Multi-factor authentication simply means that you must present multiple credentials (in addition to just a single password) in order to gain access to a machine, account, transaction, application, etc. 

By requiring all users to provide Multi-factor authentication you help safeguard your business against the leading cause of data security breaches- stolen credentials. In the case of Maersk, if employees were using Multi-factor authentication, NotPetya would likely not have been able to simply use passwords stored in each computer’s RAM to spread to other applications and computers.

Multi-factor authentication may seem like a time-consuming step, but trust us, a few seconds of added security could be the difference between being protected and becoming a victim. Just ask the executives at Maersk.

2. Timely updates, patches & upgrades: It is believed that many Maersk computers were still operating obsolete system software at the time of the cyberattack. A common misconception is that with how rapidly technology is changing you don’t need the “latest and greatest” software. As far as network security goes, this is a huge mistake.

As we wrote about in our piece “End of the Road for Windows 7 and Windows Server 2008 and 2008 R2,” once a software manufacturer ends support it doesn’t just mean you don’t have anyone to call if you run into a problem. You are also no longer provided with regular security updates or patches, leaving your IT vulnerable and unprotected.

Because Maersk was using an outdated operating system on some of their machines, those machines were never updated with the necessary security patches that could have protected them from NotPetya.

It is imperative that you stay up-to-date with all of  your software and program updates, not just with your operating system patches. Once a critical piece of your network loses support–whether it be Windows or any other application vital to your business–you must upgrade. There is no other choice.

3. Employee Best Practices: It’s extremely important to provide your staff with user-awareness training to mitigate the risk of a member of your team accidentally providing hackers with a backdoor into your system. Know your risks and review your security practices at least once a year to remind employees on what they need to be doing. Schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

In addition, one of the key data breach vulnerabilities we come across is when companies allow users admin rights. Do not allow admin access where it is not absolutely necessary. With Maersk, all it took was a single employee in the finance department at one of Maersk’s hundreds of offices asking to download the M.E.Doc software. You must have the proper restrictions in place to prevent your employees from downloading software to their work computers that is not essential to your business and has not been reviewed by a credible IT firm or IT administrator.

Read more about Data Security Best Practices here.

4. Trusted IT Provider: There has been an increasing and alarming trend in which cyber criminals are shifting their focus away from individual companies and going after their IT Providers. The reason? IT Service firms hold the keys to the castle. In other words, they have access to your company’s and your client’s most sensitive data. This is a dangerous combination if your IT Firm or in-house IT team doesn’t have the ability or knowledge to provide your business with the level of service and security you require. 

Less than two months ago, Wipro, one of the largest information technology providers in the world was hacked. After being hacked Wipro’s systems were then used to target at least a dozen of their clients!

You need to have a conversation with your IT Service Provider or IT manager to make sure they are not your weakest link when it comes to cyber security.  Ask them questions like: are you truly maintaining critical security updates for your IT systems? Are my backups configured properly to keep downtime to a minimum? Do you have the resources to keep up with the growing IT demands of my business?

Keep in mind, the IT industry is highly unregulated. You must do your homework before hiring an outside IT firm or in-house IT manager.

5. Don’t think it can’t happen to you: The story of Maersk and NotPetya should serve as a reminder that all it takes is one corrupt file or program to allow hackers access to your network and to possibly bring down your entire company–no matter how large or small your business is. Don’t think for one moment that you are not a target because of the industry your work in or the size of your payroll.

Furthermore, one of the scariest things about NotPetya is the intent behind the attack, and the growing trend of cyber-warfare and cyber-terrorism– where the goal isn’t to collect a ransom  or steal data or blueprints on product design, but to simply destroy. It doesn’t matter who you are or what you do. We are all targets. We all must fight to stay ahead of hackers and keep from becoming victims.

In business since 2004, PCR Business Systems is the leading IT Service Provider in Northeast Ohio- and one of (if not the only) to be SOC 2 certified. That means we have been audited to ensure that we provide the highest level of service and security for our clients.

 

The Wild West of IT Services

In 1878, William Bonney, aka “Billy the Kid,” along with a posse of gun-toting outlaws known as the “Regulators,” wreaked havoc in New Mexico as they fought for control of dry goods and cattle interests in Lincoln County. You may be familiar with the gang and their story from the movie Young Guns (and from the Warren G and Nate Dogg song, of course).

Many words come to mind when we think about the Old West and the era Young Guns depicted including lawless, wild, and dangerous. The gang took the name “Regulators” because they believed the lawmen in their county were corrupt. Despite their violent behavior they considered themselves “good guys” and sought to regulate the cattle monopoly and make sure justice was served.

Today, there are regulators in just about every industry we work with. None of them carry around side-arms or ride into our client’s offices on horseback, but they do instill fear with threats of legal actions and heavy fines if companies aren’t compliant.

Our clients are governed by laws and regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA); the Payment Card Industry Data Security Standard (PCI DSS), and the Federal Information Security Management Act (FISMA), just to name a few.

But strangely, the one industry we are most familiar (and the one in which we work) is the one that isn’t regulated at all—Information Technology Services, or IT Support.

There are no regulations or regulators in the IT Industry. IT service providers are not governed by compliance laws. It’s almost as if the IT industry is its own Wild West.  For fly-by-night companies, having little or no regulations is a wonderful thing. Any kid with a laptop can create a website and offer IT Services for Akron businesses. There’s no one looking over their shoulder to see what they’re doing with your passwords or client’s most sensitive information.

For businesses, this is a terrifying proposition. For all you know your remote IT guy is eating Cheetos and playing video games while he claims to be monitoring your network. There is really no way of knowing for sure.

Who’s watching over your IT service provider?

So what can you do to make sure you hire the right IT Provider?

1-Make sure you only work with an established company who has earned the trust of their clients over the years. PCR has been in business since 2004 and has partnered with over a hundred Akron area businesses during that time.

2-Have a conversation with your IT Service Provider. Can they answer the following questions?

  • Are they truly maintaining critical security updates for your IT systems? Have you outgrown their ability to adequately support you?
  • Are your IT systems truly secured from hackers, viruses and rogue employees?
  • Are your backups configured properly to ensure that you could be back up and running again fast in a disaster?
  • Are you unknowingly exposing your company to expensive fines and litigation under Ohio data breach laws?
  • Does your cybersecurity program conform to the new Ohio Data Protection Act.

3-***MAKE SURE THEY ARE SOC 2 CERTIFIED*** PCR Business Systems made the choice to get SOC 2 audited in order to give our clients peace of mind.

We are one of—if not the only— IT Service Provider in Northeast Ohio to be SOC 2 audited. That means we’ve spent the time and money to ensure what we promise to our clients—both in terms of the privacy and data protection protocols we follow, as well as the services we offer—is exactly what we deliver.

For more information schedule a FREE IT Discussion with me.

Pat Carroll

President, PCR Business Systems

Email me Directly