Posts Tagged ‘Business Continuity’

July – Improve System Security Month!

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2018 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

While speaking at a conference recently, a cybersecurity expert whose company offers email user testing and training stated that KnowBe4.com‘s solution was the best they’d ever seen. Little did they know I was in negotiations on The Church’s behalf with KnowBe4!

What Is It?
KnowBe4 is a subscription-based solution that allows an organization to send what looks like SPAM emails to users that include links, etc. The solution tracks who clicks on the links, and when they do, adds them to a group whose members must watch a short training video online to learn what to avoid. Watching the video removes them from the group.

I’m aware of organizations whose users started at an 80% or higher click-rate. They saw the solution to educate their team and get the percentage to under 10%. The results are a more secure user community, and improved security and safety for the organization.

What’s The Deal?
KnowBe4 offers a 10% discount to not-for-profit organizations, with an additional discount of 25% for a three-year subscription. So, they normally offer up to 35% in savings to charities.

Through our negotiations, KnowBe4 offered to add an additional 20% discount to any who say they were referred by MBS, and who contact a specific employee of theirs to sign up! That means you can get a 35% – 55% discount just by telling Tiffany Yeager (727.877.8226 or ​tiffanyy@knowbe4.com) you were referred by MBS! (As always, MBS makes nothing on your referral business, as per our by-laws.)

MBS Recommends Their Platinum Package
KnowBe4 offers a few packages; we believe the best for churches and ministries is their Platinum Package.

It’s July– a good month to improve your system security. This is a great way to do so!

Five Things Worth Doing in January

Written by Nick B. Nicholaou on . Posted in Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

January, 2018! The start of a new year! New beginnings are part of the Christian life, and January is a great time to make certain a few IT items are ready for the New Year. Let’s focus on protecting systems and data….

Firewalls
The most common entry point for malware and other system ills is the internet. The best way to protect your system and data from bots, rascals, and compromised websites is to be certain your firewall is adequate and is current. Some points worth examining:

  • Is your firewall adequate? There are many options to consider when buying firewall solutions– whether hardware or software. My firm’s preference is SonicWALL firewalls (we don’t sell or benefit from our hardware and software recommendations). We find the features and price point are a good ‘sweet spot’ for churches and ministries. Yes, you can buy more expensive and capable firewalls, but very few churches and ministries benefit from any features beyond what SonicWALL includes in their firewalls. We also recommend purchasing their Total Secure package, which can filter internet content.
  • Is your firewall subscription current? Regardless of which firewall you use, make certain that if it requires a subscription to stay current, your subscription is current and in force. Not doing so is the equivalent of welcoming intruders, rascals, bots, and malware that have developed new methods for gaining access to your systems and data.
  • Make certain there is no connection from your systems to the internet that don’t go through your firewall. We have seen many churches and ministries mistakenly connect their internet connection directly to their network switch. The internet connection should connect to your firewall, and then your firewall to your switch so that all internet traffic MUST go through it.

SPAM
The second most common way for malware to access your systems and data is via email attachments and links. SonicWALL is not our preference for this important role; we prefer the Barracuda SPAM Filter. It is best of breed and a best practices solution.

My firm inexpensively hosts SPAM filtering for many churches and ministries. I don’t mention that to try to sell our service, but to point out that we were surprised to see how many users of Microsoft O365 email use our hosted SPAM filtering solution (yes, we use a Barracuda SPAM Filter, model 600). We moved our email to O365 for six months and were shocked at how much SPAM got through Microsoft’s filter! Now we know why so many O365 users have their email scrubbed by other solutions!

Anti-Malware
Protecting systems and data requires multiple layers. An important one is your anti-malware solution. And simply purchasing and installing it is not enough! These solutions also have subscriptions that keep them updated and identifying new methods used to cause  harm. It is essential that the subscription on your anti-malware not be allowed to lapse– the same as your firewall subscription. I know churches and ministries that have been hit by new ransomware methods because they didn’t keep their subscriptions current.

The anti-malware my firm recommends is Thirtyseven4.com. It is capable, and it is reasonable in cost.

BTW… it should be installed on every Windows and Mac computer– whether notebook, tablet, desktop, or server. Some say it’s not necessary on Macs, but that isn’t true. Even though few anti-malware threats are written to impact Macs, Macs can be carriers that infect shared data drives and more.

Passwords
What is your password policy? Here are some quick thoughts on this important topic:

  • Passwords should be strong (minimum of 7 characters that include uppercase and lowercase alpha, numbers, and common punctuation).
  • Passwords should not be required to periodically change! Our firm has been saying for many years that forcing users to change their passwords actually lowers system security. In 2016 the U.S. Federal Trade Commission agreed with us based on two studies! You can read about it at https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes.

Backup
Some say protecting the integrity of system data is IT’s most important responsibility. Do you have a comprehensive backup strategy? And do you test it? An untested strategy is dangerous! Here’s what we recommend:

  • Establish a strategy that makes certain all important data is on your server. This is worth doing because 1) it is the organization’s data, and 2) it eliminates the requirement that all systems need to be connected to the network (facilitating notebooks, etc).
  • Backup all system data nightly to an appropriate device. LTO tape is the most affordable and durable technology for this, and is preferred by most of corporate America. Our favorite backup solution is Veeam. It’s powerful, easy to use, and they offer churches and ministries very reasonable pricing.
  • Take a copy of your backup tape off-site weekly to protect your organization from a larger disaster.
  • Create a monthly task in whatever task tracker you use (like Outlook) to test the backup. You can do this by restoring a random file or folder, and then confirming that the restored files are intact.

These five things will likely take less than an hour to check, and can help ensure that your organization’s systems and data are well-protected for 2018! Happy New Year!

How Do I SPAM Thee…

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

SPAM email can be dangerous and painful to the recipient and to any data they have access to. Whether it’s ransomware, phishing, pushing of malware, or impersonation, a strategy is needed to protect ourselves. I’ll address these different types of SPAM, and how each should be strategically managed.

SPAM Comes in Many Flavors
In addition to what many think is a tasty lunchmeat, SPAM also refers to unsolicited email, and those emails are usually intended to do the recipient harm. Sometimes the pain is small, but often it is big and costly. The most costly to an organization are usually ransomware and business email compromise; the most costly to an individual are usually phishing scams.

Here are some categories of email SPAM and how to respond to them:

  • Business Email Compromise (BEC), a.k.a. Impersonation Emails
    • Form: These SPAM emails used to only target businesses working with foreign suppliers and businesses who use financial wire transfer methodology. But in the last year we have seen many occurrences hit churches and ministries using checks! The form of the attack, as it affects churches and ministries, is usually an email supposedly from a pastor or executive in the organization directing the recipient to immediately transfer funds or cut a check. These attacks are usually well researched (we are welcoming and friendly environments, and we give them all of our staff structure and names on our websites!), and can feel legitimate.
    • What To Do: Never comply with the request. Always, require a live voice confirmation of the request in person or via live telephone call.
  • Ransomware
    • Form: Ransomware is malware installed on your computer that usually gets introduced through a SPAM email, compromised website, or even through a bot (internet program) that looks for Remote Desktop Protocol vulnerabilities. Once infected with the ransomware malware, data is encrypted and held for ransom.
    • What To Do: One of the best defenses against ransomware is to keep multiple days (we prefer a full month) of full data backups so your system can be ‘reset’ if an infection gets through your defenses. In addition to ensuring good backups:
      1. Never click on a link or graphic in an email you weren’t expecting. Even if it came from someone you know, do not click any links. If you think the email and its links may be legitimate and want to click them– before clicking on them– hover your mouse pointer over the link without clicking. Doing so should show the destination of the link. I recently did this on an email I received from Microsoft that looked legitimate, but the link would have taken me to a very different location than what I expected. Best rule: if you’re not sure that it’s okay to click, do not click!
      2. Make certain your computer has a good anti-malware program running on it. That’s true whether you’re using a Windows or a MacOS computer. The solution my firm recommends is www.thirtyseven4.com… doing so will help prevent you from accessing most compromised websites.
  • Phishing
    • Form: Phishing has a few forms, almost all of which happen through email SPAM. Phishing is the attempt to get the recipient to provide personal information about themselves that could be used to accomplish some form of identity theft. Phishing is sometimes referred to as clone phishing (a previously legitimate email that has been recreated with malware embedded or in links and re-sent to the same list of recipients as the original), whaling (phishing attacks aimed at executives and high-profile targets), and spear phishing (attacks targeting specific individuals that may even contain information about them discovered through websites, social media, and other sources.
    • What To Do: Never respond to a request for personally identifying information in an email without first confirming the source. I even take this a step further if I get a phone call from my bank about possible fraudulent activity in my credit card account! In the call they ask for my password to prove I am who they intended to reach. I decline their request and tell the caller they need to tell me my password to prove they are who they say they are since they initiated the call! They’re not allowed to tell me, of course, so that’s when I disconnect and call the number on my credit card– that way I know I’m talking to my bank.

These are a few SPAM categories. It is imperative that every organization use a high-quality SPAM filter on its email server to eliminate most of the SPAM from being delivered to email account holders. There are a lot of SPAM filter solutions available; our favorite is from Barracuda. They are the gold standard and best-of-breed in that industry.

Just an fyi… we host SPAM filtering for churches and ministries nationwide using a Barracuda SPAM Filter 600. We process more than 90,000 emails daily, and it blocks about 80%. That means about 80% of the email pointed toward your email inbox is unwanted! And some of it is dangerous!

Using a solid SPAM filter won’t stop all SPAM from getting to users’ email inboxes, but doing so will stop almost all of it. That reduces the likelihood that someone will click on something they shouldn’t. But the best protection will only come from repeated training to all team members. I recommend reminding the team of the danger on a monthly basis during all-staff meetings. And if you know a story in which an organization was hurt as a result of SPAM, tell the story! Doing so will help those who don’t take threats and threat-mitigation seriously to re-consider.

Helpful Computer Hacks

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
President, Ministry Business Services, Inc.
Reprinted from MinistryTech Magazine

I grew up in an age when a ‘hack’ was someone who was incompetent. In those days there were no personal computers or mobile devices. Now everyone has access to multiple computers and various mobile devices. And wouldn’t you know it– ‘hack’ has a new meaning! Today a hack can be a clever way to get things done well.

Following are some hacks that can really help improve your efficiency on a computer!

Hacks for Computer Users
The following hacks are especially helpful for computer users.

Keyboard shortcuts. In today’s world of Windows and Mac operating systems we have become dependent on pointing devices. Granted, those devices are very helpful. But before these current operating systems, we used keyboard combinations to do some of what we now do with a mouse or track pad. Those keyboard shortcuts are still available to use, and they can save time! Here are six I still use often:

Function

Windows

Mac

Print

Ctrl + p

⌘ + p

Copy

Ctrl + c

⌘ + c

Cut

Ctrl + x

⌘ + x

Paste

Ctrl + v

⌘ + v

Italics

Ctrl + i

⌘ + i

Bold

Ctrl + b

⌘ + b

Multiple Monitors/ Displays. For those who’ve always used one monitor or display, having two or may three seem excessive. But the increase in productivity with two or three is surprising! I always recommend at least two now; the cost is minimal and the benefits are significant! My desk is configured with three: the one on my left always has Outlook running on it, the one in the middle is where I do most of my work, and the one on my right is for research references (browser, database, etc). I also find it helpful when opening large spreadsheets to stretch them across my middle and right displays!

Recurring Tasks. We all have them: recurring deadlines that are due every Wednesday, once a month, quarterly, etc. I use Outlook’s task functionality to set the reminders I need to help me hit my deadlines. This is one of the most helpful and least used tools available. I also use Outlook tasks to remind me to do things I’ve promised to do, helping me avoid them falling through the cracks of my active schedule.

Managing Email. Email consumes a larger part of our days than most of us want. I have three email hacks that help me stay focused and efficient, even though my average daily email count is well over 100.

  • Inbox. I keep my Inbox as empty as possible so I don’t waste time reading the same emails over and over. When an email comes in I either respond and then delete the original (a copy of the original is in my response!), put a flag (due date) of when I want to respond by and drag it to a subfolder based on the type of email it is (personal, business, etc), or delete it if it’s one I don’t care about (like an ad).
  • Sent Items. Once I send an email I delete it unless I need a reminder that I’m waiting for a response or it was a topic that could have legal ramifications (if it was, I make a PDF copy and store it).
  • Trash. I empty my trash at the end of every day. In the rare case that I need to find something I deleted, I log into our email server via browser (using Outlook Web Access), search deleted files, and restore it.

Automatic Backup. I always feel bad for someone who says a hard drive crashed and they lost all of their files, including photos that were irreplaceable. Losing important files is painful. There are many cloud services available to consumers that will automatically back up files to their cloud servers. There are also utilities in the Windows and Mac operating systems that will automatically back up files to an external drive.

Hacks for IT Professionals
The following hacks are especially helpful for IT professionals.

System setup checklists. As IT pros, we often set up new systems. If the process isn’t automated, I recommend creating a checklist to help achieve standardization. In addition to improving setup consistency, checklists save time because you don’t need to review your work to determine what you’ve already done after an interruption.

Professional Relationships. It’s so helpful to build friendships with people you can turn to when a challenge comes up that stumps you! Those ‘lifeline’ calls can save so much time! The best professional organization I’ve found for those in church and ministry IT is The Church IT Network (http://churchitnetwork.com). They have a low-cost annual gathering in the Fall, and low-cost regional gatherings in the Spring.

Monthly Backup Test. Set a task in Outlook to test your backup monthly. A good test is to restore a file or folder structure and then open the file(s) to verify the backups you’re relying on are good.

Those are some hacks that can really help!

Don’t Become a Cybercrime Victim

Written by Nick B. Nicholaou on . Posted in Articles, Uncategorized

© 2017 by Nick B. Nicholaou, all rights reserved
Ministry Business Services, Inc. President
Reprinted from inSIGHT

The most current stats published by the FBI (2015 via ic3.gov) show they received nearly 290,000 cybercrime complaints that year, with an associated loss of $1.1 billion! At the time of this writing a new ransomware called WannaCry (aka WannaCrypt) is infecting computers worldwide. Are you and your data safe? What do you need to do– and not do– to be safe?

Age Groups Affected
The two age groups most impacted by cybercrime are ages 20-39, and ages 40-59, and both of those groups are about evenly split. Together they account for 80% of cybercrime victims in the U.S. Thatmakes sense when you figure that those under 20 (4% of victims) don’t have much to spend online, and of those over 60 (16% of victims), only a portion of those are heavy computer users. So, what the stats seem to say is that if you use a computer, you are equally at risk no matter what your age is.

How Do Cybercrime Infections Happen?
Most cybercrime happens one of two ways:

  1. Via Email. An email appears in your inbox that has a link, graphics, or a form to complete, or may appear to be from someone you know (known as spear phishing).
  2. Via Infected Websites. Websites, even those that are legitimate, can be infected with malware easily if their hosts are not keeping up with security patches and strategies. Criminals can buy inexpensive ‘crimekits’ that look for and infect vulnerable websites. We’ve even seen that happen to church and ministry websites!

How to Protect Yourself and Your Data
Let’s address this in the two categories of email and websites.

  1. Via Email. There are a number of things you can do and are best not to do to help in this area:
    • Make certain your email is scanned by a capable SPAM filter to help minimize the number of dangerous emails that get to your inbox. I say minimize because some will still get through even the best SPAM filter; those are often referred to as zero hour emails. Zero hour emails are newly introduced methods and strategies that have not yet been identified as a pattern of dangerous email.

      Our firm prefers Barracuda SPAM filters. We even tested Microsoft’s O365 SPAM filtering solution, and found that it let many more unwanted emails through than the Barracuda– especially­ from other O365 email accounts.

    • The FBI warns as follows:
      • Do not click links in emails. I modify their warning, that you can click only if you first hover your mouse over the link, which will show you where it wants to take you. If you’re not certain the destination is safe; do not click the link.
      • Never reply to senders you don’t know. This gets tricky, though, because the sender can be spoofed, as in spear phishing. If you want to reply to someone– even someone you know, look at the email address in the ‘To’ field when you’re composing your response to be certain that address is what you expected to see there before clicking ‘Send’.
      • Do not fill out forms in emails.
      • Do not open attachments in unsolicited email.
      • Be skeptical of those representing themselves as surviving victims or friends in need.
    • I add one more item to the FBI’s list. Immediately delete SPAM emails, and empty your deleted items daily.
  1. Via Infected Websites. I recommend two methods of protection in this area:
    • Use a good firewall to protect your entire system from dangerous content transmitted from websites. The better firewalls let you filter content, but for this discussion, the focus is on protecting your systems from malware. Typically there is a subscription from the firewall provider that must be kept current to protect you from newer methods and strategies.

      The firewalls my firm recommends are SonicWALL firewalls running their Total Secure subscription package. We find those to be the sweet spot of features, protection, and cost for churches and ministries.

      If you’re a consumer vs an organization, check with your Internet Service Provider (ISP) and confirm with them that they have all of the protections turned on in the modem or router they provided.

    • Use a capable anti-malware solution on your computers– whether Windows or Mac (yes, Macs get infected too, regardless of what many say). The solution my firm likes most is Thirtyseven4.com; it is capable and reasonably priced.

Finally, keep a history of total data backups to help you recover from an infection that somehow slips through. There are no total guarantees of protection, and having a history of backups available (we prefer a full month of daily backups to cover an infection that has an incubation period and doesn’t ‘go live’ and get noticed for awhile), you should be able to recover from any infection that happens.

What About WannaCry Ransomware?
WannaCry takes advantage of a Windows vulnerability that Microsoft patched months before the outbreak occurred for all their supported operating and network operating systems. That said, it is important to keep your systems and apps up to date regarding patches; many of the updates are security-related.

It appears WannaCry is gaining access to files from people responding to a spear phishing attack. Be cautious with the emails in your inbox!

If you are running an unsupported Microsoft operating system, like XP, Windows 8.x, or Server 2003, Microsoft recently released a patch you can manually download and apply to shore up the vulnerability WannaCry exploits. Here’s a link directly to Microsoft for help:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/.

Don’t become a victim of cybercrime! These are easy-to-implement strategies and disciplines that you, your staff, and your family can adopt. And there will likely come a time when you’ll be glad you did.