Victoria | Nanaimo | Kelowna

Network Security

What is WannaCry?

What is WannaCry?WannaCry is a new ransomware that uses links to execute code which infects the local computer.

You’ll receive an email that looks legitimate, but has a link to malware instead. Once this ransomware has infected a computer on the network, it will attempt to spread to other computers.

We would like to remind every computer user to be extra careful with any email that you receive. Always check the from address to ensure that an email is from who it advertises it is from. By far the best way to protect against ransomware like Cryptolocker and ” WannaCry ” is for your users to be hypervigilant when it comes to opening any email attachments.

Please take a few minutes to discuss this virus with your co-workers to ensure that everyone is aware of the risk and ensure extra diligence is practiced.

Read more about ” WannaCry ” online at the Naked Security blog.

Read More
Ransomware Infects smart TVs
Ransomware Infects Smart TVs Too!

With so many devices connecting to the Internet in this day and age, we have to be more vigilant than ever.

For owners of Smart TV’s, be on the lookout for a ransomware known as “FLocker.” FLocker, short for “Frantic Locker,” is a lock-screen ransomware that locks your Smart TV and proceeds to demand payment to the “U.S. Cyber Police.” Initially detected by Trend Micro, back in 2015, this malware continues to spread. It can also lock your Android smartphone and take information from your device, including phone numbers, contacts, location, and other personal information.

Unfortunately, FLocker is difficult to remove. Your best option is to contact the device vendor for assistance, but even then you may not be able to get rid of it. Smart TV’s don’t generally have sophisticated anti-virus like PCs. Be careful when downloading apps from third party sites, don’t click on mysterious links, and always practice safe internet browsing as a means of first defense against malicious attacks on your technology.

Read More
Smart Security

Kaspersky Labs recently reported a 17.7% global increase in ransomware between April 2015 and March 2016. This steady spread and rapid evolution of ransomware means businesses today require a multi-layered approach to IT security.

What security essentials does your organization have in place?

Smart Security

Weak IT security increases your organizations’ network to risks which can result in:

  • Downtime (lost business, frustration and stress);
  • Costly, disaster recovery plans;
  • Lost customers or valuable employees due to IT hassles;
  • Data loss;
  • Breach of privacy and;
  • Litigation.

Managed service providers can help organizations prevent ransomware. But it’s equally important that businesses and their employees remain educated on what to look out for in a ransomware attack.

Want to learn more about the Smart Dolphins approach to network security? Download a white paper or join us for a lunch and learn.

Read More
Smart Backup & Disaster Recovery

Weather disasters, fires and power outages can all result in data loss. Data backup is one of the most common examples of risk oversight in businesses today. These days, nearly all organizations have some kind of solution. This gives confidence that  the  organization  is  bulletproof  against  disasters. This  is often  not  the case.

We regularly meet with local executives whose businesses have inadequate backup systems that are unreliable or completely neglected. There  might  be  a  copy of  the  data  some where, but it is often not tested on a regular basis. The only time those systems are tested are when data has been lost and needs to be recovered. At that point, it’s usually too late.

A solid backup should be monitored, tested, reported and reviewed regularly.

When was the last time your organization reviewed its backup?

We discovered this great infographic courtesy of EMC that outlines 10 Things you need to know about Business Data Backup.

Contact us to schedule a FREE back-up analysis.

10 Things You Need To Know About Business Data Backup [Infographic]

Read More
It Only Takes One Click!

We’ve all come across email phishing viruses (see example below). It is very easy to include an attachment in an email with a virus, from which some type of malicious code is downloaded without the user knowing.

Help! I downloaded an email attachment from an unknown sender and I think I’ve been infected, what’s going to happen?

Malware resumeIt only takes one click! The consequences largely depend on the type of malware and the device infected. If your corporate network has been compromised, you can expect some damages, both direct and indirect including:

  • Lost productivity;
  • Use of corporate network resources to send spam;
  • Complete breakdown of the corporate network or the loss of business critical data;
  • Data recovery.

Malware MonsterIf data is critical to your organization, safe computing education is key. Minimize your risk of infection by developing and following some best practice strategies.

Beware of Phishing and Spam – Do not open emails from unknown senders. Ensure you are using a quality, updated, antivirus capable of scanning email attachments. Remember, legitimate financial institutions will not ask you to give them sensitive account information via email.

Exercise caution with attachments and downloads – Do not open email attachments from unknown users, or from known users without reviewing the email preview content.

Common Sense –  Be vigilant and cautious of websites, software and people. If you are uncertain about a file or link, ask a technical support specialist for assistance.

“Ty the Security Guy” hosts a monthly malware lunch and learn. RSVP to one of his seminars.

Read More
Be Proactive in your Malware Defense

Ty Hedden

I love being proactive. Identifying and dealing with risk before disaster strikes is a huge part of my everyday job at Smart Dolphins. My routine risk management work is mostly technical. I ensure routers are secure, backups are working and security policies are in place. Being proactive with machines is a process. It can be structured and planned, made to be repeatable and scalable.

But businesses are not powered by computers; They are powered by people. Computers only do what we program them to do, and usually they do exactly what we tell them to do….For better or for worse. Ask a computer to email a file and it will email a file. Ask it to run a virus disguised as an email attachment and it will happily oblige.

While an antivirus will catch most threats, it is only one component, and should not be seen as our primary protection. The best protection is not technological but behavioural. Knowing how to safely handle a questionable attachment is key.

Being uncertain and opening  a malicious attachment could have big ramifications. In the case of crypto-ransomware like Cryptolocker, it could result in losing data on your computer, even data on your company’s server. In these cases, we fall back to closely monitored backups immune to such ransomware but there is always a cost in terms of both wasted time and lost productivity in a data restoration. Such small slips that can result in downtime which are preventable if you know what to do.

We’ve always focused on maintaining well-secured networks, but today more and more threats are targeted at people, not computers. If you’re picturing careless employees surfing nefarious websites on their lunch breaks, you are somewhat mistaken. I haven’t met anyone yet that can’t improve their computing habits and reduce the risk they carry on their business network.

Join me for lunch at one of my future lunch and learns and let’s talk about tools and habits you can use to become a malware and computer security savvy user.

Check out our events at: www.smartdolphins.com/culture/events/

Read More

If you’ve been reading (or watching) the news lately, you may have heard of a new security vulnerability called Shellshock. You may have also heard that it’s very serious. But what is it really, and how does it affect you?

How serious is it?

The Shellshock vulnerability lets an attacker execute arbitrary code on an affected system, be it a router, laptop, or server. Essentially, they can make that system do anything they want.  It can be used to gain remote access, launch attacks at other systems, sabotage websites, spread malware, steal data, and a whole host of other things. So if you have a system that’s affected, it’s pretty serious.

Who does it affect?

Shellshock affects a piece of software called Bash. Bash runs primarily on Linux and Mac systems, which means it is present on some desktops, laptops, network equipment, IP cameras, and servers. If you’re running Windows, it does not affect your computer directly. Most Mac users are safe as well, since Bash isn’t installed on them by default. Linux users and servers are the most likely to be affected by this vulnerability.

How can I check if Shellshock affects me?

Testing is, thankfully, pretty simple. Here’s how to tell if your computers, websites, and network devices are vulnerable:

  • Windows desktop or server: Not vulnerable unless you’ve installed a Bash shell. If you don’t know whether you’ve done this or not, you haven’t.
  • Linux desktop or server:  Vulnerable if your distro uses Bash. Use the console test below.
  • Mac desktop or server: Vulnerable if you configured advanced Unix services. Use the console test below.
  • Network connected device (router, camera, TV): If device is exposed to the Internet, use http test below. If not, check with manufacturer.
  • Website: If you have a website, use the http test below.

Here are some simple tests for Shellshock vulnerability:

  • Console Test:
    • Open a terminal window (Mac: Applications -> Utilities -> Terminal)
    • Paste the following in the terminal window and press enter:
      env X=”() { :;} ; echo VULNERABLE” /bin/sh -c “echo stuff”
    • If the word VULNERABLE gets printed, you are vulnerable
  • HTTP Test:

What do I do if I’m affected?

If one of your devices or services is affected by Shellshock, here’s what to do about it:

  • Desktop or server: Install updates provided by OS vendor, then retest.
  • Mac updates: http://support.apple.com/downloads/
  • Network device: Check manufacturer’s website for updates.
  • Website: Contact webhost and request resolution timeframe.

More Information

For more information on Shellshock, check out the following resources:

Read More