As seen in The Maryland Coast Dispatch
In the past 12 months, over 50% of small businesses have been breached by a hacker. Fears are on the rise and many people worry they’ll be the next one attacked. The key to learning how to outsmart a hacker is understanding how they operate. Sam Card answers questions about how hackers operate and what you can do to avoid being hacked.
Q: How do hackers access my computer system and how will I know if I’m being hacked?
Sam Card: It used to be that hackers used brute force to gain access to small businesses’ systems. Now, however, they’re much more cunning. Some use social engineering tactics to target your LinkedIn page, monitor connections, then use phishing scams to trick people into providing their credentials. Others monitor the dark web for stolen passwords and confidential information they can use or sell.
If you’ve been hacked, detecting the hacker’s presence might not be immediately noticeable. They may spend time lurking in your system learning your habits to better impersonate you for malicious purposes. Only when a colleague inquires why you sent an email asking him to “wire $10,000 to a Florida bank” will you recall clicking on an unusual email link several days earlier.
Q: Why is it so difficult to find out who these hackers are?
Sam Card: Unfortunately skilled hackers are not easy to catch. They mask where they came from and cover their tracks. They intentionally use hard to trace payment systems, like Bitcoin, that are easy to obtain and exchange, and provide anonymity.
The best strategy for your business is to take precautions to avoid being hacked.
Q: Will my cybersecurity system protect my business from losing everything and what should I do to protect my network?
Sam Card: Cybersecurity systems are only as good as the tools in them. First, consider what level of security your business needs, and how much risk you can tolerate. What if your business is hacked? Will you pay the ransom? Can you afford to have stolen data used inappropriately? Your answers to questions like these help you determine how you should protect your business.
It’s essential that you develop a multi-layered approach. Educate your staff on cybersecurity awareness so they can identify potential scams. Implement strict password policies. Change passwords often and employ multifactor authentication to help prevent unauthorized access. A good IT provider will provide continuous monitoring of your systems to identify any suspicious activity and take immediate action.
You have to make it difficult for a hacker to attack you. By creating a multi-layered security system you can help protect yourself from becoming another statistic.
Imagine this. You’re sitting at your desk, trying to respond to all of your emails, when all of a sudden your screen goes red and the following message pops up:
The first thing you probably do is start having a panic attack. You start hitting the escape key, hoping against hope that the message will just go away. But it doesn’t. You quickly switch to, maybe I’ll just pay the $300 worth of bitcoin and no one will ever know. But as you begin to pick up your phone to start googling, how do I pay a ransom in bitcoin, your team starts knocking on your office door, bursting with the bad news. It’s not just your data, everything is encrypted. And what’s worse, you don’t have an up-to-date backup.
This nightmare scenario has been played out in over 50% of SMBs that were breached in the past 12 months. 50%. That’s 1 out of 2 businesses. A flip of a coin. Even if you are a gambler, those aren’t good odds.
Knowing how the hackers are able to get to SMBs is the key to understanding how to outsmart them. Here are the top 3 techniques that hackers employ to attack your system:
1. Diverse delivery systems
Cyber attackers are not just one-trick ponies. They utilize a variety of delivery systems to increase their chances that someone in your company is going to click on something they shouldn’t. From social engineering tools like phishing spam and clickbait to malicious spam and advertising, hackers use a variety of means to trick you into clicking so they can take over your computer.
2. Complex coding
All of the publicity surrounding cybersecurity has helped encourage companies to beef up their security system. But that hasn’t stopped the attacks. Hackers frequently update their code to get past signature-based counter-measures that the first line of defense security programs typically perform. They also develop code that is meant to worm its way from system to system in order to infect as many machines as possible.
3. Difficult to trace payment system
Bitcoin remains the most popular choice of payment when it comes to paying a ransom. Bitcoin is easier to obtain and exchange, while providing a lot of anonymity. Ransom demands are made easy since attackers provide instructions on how to create a virtual wallet, buy the bitcoins to pay the ransom that will provide the code that will unencrypt your data.
Understanding how cyber hackers use these techniques is the key to getting a step ahead. Developing a multi-layered security system while educating your team on the best cybersecurity practices, will help ensure that your business will not become the next statistic.
Come to our free lunch and learn on Tuesday, May 8 at the Bethany Beach Ocean Suites to hear from a Watchguard cybersecurity expert and learn more about the best defense system to outsmart ransomware attackers. We look forward to seeing you there!
As seen in The Maryland Coast Dispatch
Ransomware is an increasingly common method of attack for hackers against individuals, small businesses and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world. Sam Card discusses why SMBs are a target and what you can do about it.
Q: Why would hackers be interested in my small business when they can go after the big guys?
Sam Card: You may hear about the larger organizations in the headlines, but lately it’s the small businesses that are becoming the primary targets for cyber-attacks. The main reasons that hackers find small businesses to be an easier target than larger corporations are because of vulnerable security systems, minimal formal security training and weak security policies.
Vulnerable security systems can include things like out-of-date anti-malware and endpoint security, network firewalls and email security solutions. Also, there seems to be an absence of regular cybersecurity training for staff to avoid phishing email scams or improper data sharing. Finally, infrequent network monitoring and poor password practices have been reported as “low hanging fruits” that hackers look out for.
Q: What are some immediate things I can do to protect my business?
SC: Understanding the techniques that cyber hackers use to attack your systems is a great first step in getting ahead. Things like diverse delivery systems and complex coding are common entry points into your system, and the more you know about how they are getting in, the better you can protect yourself.
Developing a multi-layered security strategy is another crucial element to protecting your organization. You may think a simple anti-virus program is enough, but there are much better tools now that work together in tandem to ward off sophisticated attacks and ensure the correct back-up options are implemented.
Educating your team on the best cybersecurity practices is another imperative step in the security puzzle. Today’s employees are regularly exposed to attacks through everyday entry points like email and mobile. Training employees to recognize threats is an essential part of complete cyber security.
Did you know that 42% of small businesses consider ransomware to be the most significant threat they face today? That’s not surprising considering SMBs can lose over $100,000 per incident as a result of downtime. You might be thinking that your business isn’t a big enough fish to be spotted by cybercriminals, but that’s not the case at all.
Studies have shown that hackers find small businesses to be an easier target than larger corporations due to:
Just like a bank robber, hackers will go where the security is the weakest, even if the payout isn’t quite as big. This makes SMBs a prime target for ransomware since they tend to have weaker security systems and lack a full backup system. This can typically lead to businesses like yours paying the ransom to recover their data.
And if you are unlucky enough to be hit with ransomware and decide to pay the hackers, it is not uncommon that they refuse to provide the decryption keys or target your business again, requiring even more money the second time around.
This disaster will cost you money and impact your reputation – since customers are reluctant to entrust their data to a business with a poor security track record. But your business doesn’t have to be a victim. At Cards Technology, we have the experience, expertise and customized security solutions to prevent you from being the next victim.
Come to our free lunch and learn on Tuesday, May 8 at the Bethany Beach Ocean Suites to hear from a Watchguard cybersecurity expert and learn more about the current threat landscape for small businesses and the best defense system to prevent attacks on your system. We look forward to seeing you there!
As seen in The Maryland Coast Dispatch
The modern workplace relies heavily on the use of technology and a stable IT environment is the backbone of how you do business. So, when a problem emerges, the time spent waiting around for your IT provider can really add up. Sam Card discusses why some IT providers have slow response times, and what you can do about it.
Q: My technology partner promises immediate service, but sometimes I am waiting days to get things addressed. Why is this happening?
Sam Card: Some IT providers make a lot of promises in regard to meeting your company's needs, yet many don’t have the systems in place
to deliver service when you need it most. There are a few reasons for this. First, if organizational roles are not clearly defined, then there is no
set process for how to move through issues quickly. For example, a provider might not have a designated person on hand to answer the phone, or online
requests are treated differently than phone calls. There’s also the risk of different people scheduling overlapping appointments, resulting in double
Not having a proven process to distinguish calls is another reason you might be waiting long for a response. Quick calls should be handled differently than diagnostic visits. Also, there should be a service manager in the office specifically assigned to service issues. If there is no accountability system in place to work through more complicated issues quickly, that could lead to a delayed response.
Q: The IT provider I work with usually comes out the same day, but only if I am in touch before 9:00 a.m. Is this standard procedure?
SC: Unfortunately, you can’t always predict when an issue will arise. And it usually happens once employees have arrived and the day has started. Instead of sticking to rules and timelines, a better way to address tickets is to base them on priority and age. Calculations can be used to figure out where in the pipeline an issue belongs and then work on an appropriate solution. That way, you don’t have to contend with antsy employees, lost revenue and frustrated clients.
Q: So, what should I ask or look for to ensure I don’t experience more downtime than necessary?
SC: Ask about team structure first. You want to make sure your provider has a dedicated service dispatcher that operates as the communication “hub” between the clients and the company. Second, look for a company with a multi-tiered help desk. Smaller, quick turnaround requests should be immediately assigned to T1 technicians, while more complicated issues can be sent to the more seasoned and knowledgeable T2 technicians. This system provides quicker resolution times with the appropriate level of skill.
As seen in The Maryland Coast Dispatch
When it comes to your company's technology, what does satisfactory mean to you? Maybe you're not constantly fighting downtime, but when it happens, it takes a toll on productivity. Sam Card discusses the risks of not knowing when something will go wrong or what it will cost to fix it.
Q: How does a business owner recognize when "satisfactory IT management" isn't benefiting their organization anymore?
Sam Card: There are some definite, measurable signs that you can look for when evaluating your IT partner. Inconsistent response times
is an important one. Let’s say your network is down and you're not sure why, so you call your current IT provider for help. They prefer to come on-site
to diagnose the problem. Sometimes that takes a few hours and other times a few days. There is no consistency of service and every minute of downtime
is costing your company money.
Lack of software automation is another. Software is constantly changing. Updates, bug fixes and newer versions require time and expertise to navigate. Without standardized templates and scheduled installations, a large chunk of your budget could be spent on repetitive activities that could have been automated.
Q: Isn’t the break-fix route of IT services cheaper?
SC: It may seem so at first, however, there are risks of not knowing when something will go wrong or what it will cost to fix it. While hourly, ad hoc or as needed services may seem like the more affordable solution, the costs are open ended. This makes it practically impossible to stick to an IT budget and downright scary when the invoice arrives. Hourly billing also gives no incentive for a break-fix provider to find a permanent solution to an underlying problem.
Have you ever heard the phrase, prevention is better than treatment? That same advice applies to your IT environment. It's certainly important to fix what
isn't working, but without proactive maintenance, you could incur the same issues over and over again.
Q: Can you give us an example of how a managed service model is a better fit for a small business?
SC: Recently, we were asked to assess the IT of a local construction company where the CFO manages their technology. When problems occurred, the CFO contacted their break fix provider. They were experiencing inconsistent response times that caused downtime and delays, and billing by the hour to fix their problems was costly. Software updates were also considered additional billable items and therefore there was no predictable budgeting.
The construction company moved over to our Cards Complete Managed IT Services package, where proactive monitoring was implemented and software templates were created for automation. With downtime practically eliminated, the CFO now focuses on managing the business finances instead of worrying about IT problems. The entire company saw a huge productivity increase.
Sam Card is the Founder and CEO of Cards Technology, which has grown from a humble computer repair shop to a full-service technology management firm that thrives on building valuable and lasting relationships with the businesses of Delmarva. After more than a decade, Sam looks back on how things have changed since he began his career fixing personal computers.
Q: What is different today about your company, regarding its capabilities and services, compared to 10 years ago?
Sam Card: The better question is probably what isn’t different? I think the biggest shift happened between 2003 and 2004, when IT downtime started to become a major problem. For example, customers would call to report that their email was down, and I would let them know that I would be out there tomorrow. This would be met with a panicked response of “No Sam, our emails are down, you don’t understand. We can’t run our business.”
Fundamentally, we can wait for our IT to be fixed, but we can’t afford our IT to be down. People don’t turn around and do paperwork anymore while they wait for a fix. This new sense of urgency sparked the development of our proven 5-step process; we get to know our customers and, from there, come up with a plan that helps them stay productive and avoid downtime.
Q: How have your services changed?
SC: The direction used to be, “we’re here when you need us, call if something comes up.” That’s known as a break/fix model of IT support, where the customer controls service delivery. We made the shift to a Managed Service model, where our focus is on anticipating and understanding an organizations’ business needs. The Managed Service model results in an improved outcome for your business, since the management and delivery of technology is completely outsourced.
As the general sense of urgency increased, the need to be proactive versus reactive became a priority.
Q: Let’s talk about a client who was helped by Cards Technology’s proven process.
SC: We created the process because we noticed that other IT providers would jump in to deliver service without first conducting a thorough overview. This would lead to the discovery of problems later on, which got very expensive and hurt the customer’s business. A clear assessment and proper standardization in the beginning is key.
Recently, we were approached by a client in the healthcare industry who had a time and materials IT company but not a managed service provider. We typically find that clients who haven't worked with an MSP are handling IT problems on their own and telling the provider what to do, instead of the other way around. This client was inviting security breaches in and experiencing other technology issues because no one was looking out for them. We performed a complete assessment from top to bottom and made sure that our unique set of standards were implemented for preventative monitoring. We stabilized the environment to prevent security threats and created a comprehensive plan for future IT needs.
Consider this - how long can you go without internet access before problems emerge? Chances are, that kind of downtime spells disaster for your business, no matter what industry. Missing deadlines, upset consumers and lost revenue all put your credibility at risk.
Many businesses are dissatisfied with their IT solution, and an erratic check-in schedule may have something to do with it. So, how often do you hear from your IT provider – only when you put it in a service request or once a year at contract renewal time? At Cards Technology, we believe preventing downtime has a lot to do with a predictable and regular check-in schedule, versus contact only when there’s a problem.
Use the following best practices as a guide:
1. Regularity is key – Checking in on a quarterly basis is a great standard. More important than the frequency, though, is that meetings occur at regularly scheduled intervals. As a business owner, you’re busy and juggling many priorities, so it’s tempting to move or cancel meetings. However, these check-ins function as a way to stay ahead of issues, such as anticipated software updates or alerts that equipment may be reaching end of life.
2. Plan for growth – Sometimes your IT provider is the last to know about your growth plans. Opening or moving an office location? Hiring new employees this quarter? Plans for expansion or upcoming changes should be discussed well in advance. Regular, check-in meetings can spark conversations that you may have forgotten to mention. Your IT partner plays a strategic role, helping you achieve your goals and get the most mileage out of your technology infrastructure.
3. Avoid the risks of inconsistent contact – One of the biggest dangers of being out of touch lies in unexpected IT expenses. When something malfunctions, not only do you worry about replacing it, but then there’s the potential for more problems to be uncovered. This leads to technology expenses you can’t avoid and didn’t budget for. Another example is investing in the latest equipment or software, but not working with your IT partner to ensure your existing systems will be compatible, so you can take advantage of all the new features.
Communicating with your IT provider exclusively to put out fires presents missed opportunities for strategic planning. Big picture planning can’t possibly be accomplished if you’re in the middle of getting your broken servers up and running. Think of regular contact like a physical for your IT infrastructure. You don't want to wait until a problem is hard to treat before taking action.
At Cards Technology, we're diligent about keeping our check-in meetings on schedule. We value our client relationships and know that getting to know you, and ultimately your goals, will help you avoid downtime and security issues for maximum productivity. If regular check-ins aren’t part of your IT strategy, click here or call us at 410-208-3933 to learn more about our communication process.
The modern workplace relies heavily on the use of technology. Whether you're in sales, e-commerce or financial services, a stable IT environment is the backbone of how you do business. So, when a problem emerges, the time spent waiting around for your IT provider can really add up. Finding a partner with a great track record of fast response and problem-solving times is essential for keeping the servers running, the Internet connected and your data secure.
IT providers make a lot of promises in regard to meeting your company's needs, yet many don’t have the systems in place to deliver service when you need it most. Here are 3 reasons why some providers take so long to respond:
So, What Are Some Solutions?
Well, we think we have a couple. Here's a look at why Cards Technology is dedicated to such a low response time:
Common complaints heard about other providers: "if you don’t call before 9am, you won’t get a call same day" or "electronic tickets get lost in cyberspace and won't get help quickly."
Instead, we base our work tickets on priority and age, using calculations to figure out where in the pipeline an issue belongs. Then, we work on a solution, so you don't have to contend with antsy employees, lost revenue and frustrated clients.
We know you can't afford to have your employees sitting around while systems are down. If limiting downtime is a priority, look toward a provider that has a documented process and a proven record of low response times. Contact Cards Technology today, and we’ll walk you through our process - from ticket origination to the final solution.
We all know the importance of IT support for "keeping the lights on." And practical IT tasks are necessary for daily operations. However, you can't underestimate the need for a balance between practicality and strategy. Many IT providers are adept at the support portion, but what about help with strategic IT goals? As your business evolves, you need to leverage technology to not only maintain your business but to help you grow.
The team at Cards Technology has developed an IT support system that combines a practical and strategic approach to IT management.
Here are the 4 ways that Cards Complete can help your company be more strategic:
An experienced IT solutions provider can help create your path towards a more strategic approach to technology. So what crucial things should you check against when evaluating providers?
Start with asking IT support providers these key questions: