What You Need to Know about WannaCry Ransomware

A worldwide ransomware attack known as “WannaCry” has affected over 200,000 victims in 150 countries. WannaCry targeted a flaw in Microsoft’s Windows operating system. Back on March 14, Microsoft issued a patch for the vulnerability, but many computers hadn’t run the update. Many of the computers impacted run older Windows systems like XP. This caused Microsoft to issue a rare patch for XP, which is no longer supported.

How does Ransomware work?

Hackers use ransomware attacks to lock down computers and threaten to delete all data unless a ransom is paid.

What can you do to keep your data safe?

It’s simple. Patch your computers with the latest software updates. Proper patching lowers the risk of falling victim to attacks.

Ransomware is on track to be an $1 billion crime in 2017, according to FBI data. To keep your data as secure as possible be sure that you are doing the following:

Back up data regularly
Secure your offline backups
Configure firewalls
Logically separate networks
Patch operating systems, software, and firmware on devices
Implement an awareness and training program
Scan all incoming and outgoing emails
Enable strong spam filters to prevent phishing emails
Block ads
Use the principle of “least privilege” to manage accounts
Leverage next-generation antivirus (NGAV)
Use application whitelisting
Categorize data based on organizational value
Conduct an annual penetration test

What do I need to do?

If you are currently a YeoCare Client, all of your equipment is up-to-date on patches, as long as it has been consistently connected to the Internet.

If you are not a YeoCare Client, you will want to be certain that your equipment has the latest patches and security updates available. If you need assistance, please contact helpdesk to schedule technical assistance.

If you would like to know more about ransomware and how YYTECH keeps clients secure, with our YeoCare Managed Services, contact us today.

The manufacturing industry has become the main target for cybercriminals over the years. The news, trade journals, and professional organizations such as the Michigan Manufacturing Center (MMTC) and the Michigan Manufacturers Association (MMA) all have stressed the importance of manufacturers becoming aware of this growing threat.

IBM released a study in 2016 titled, X-Force Research 2016 Cyber Security Intelligence Index, which found that the manufacturing sector was second only to healthcare as the most attacked industry in the country.

The most recent Carbon Black Threat Report places the manufacturing industry at the top of the target lists for ransomware and malware.

According to the Ponemom Institute, the average price for a small business to clean up after they have been hacked stands at $690,000; for mid-market companies, it is more than $1 million.

The Carbon Black Threat Report states that when considering the total amount of ransomware seen in 2016, manufacturing companies (16% of total ransomware instances), utility/energy companies (15.4% of all ransomware instances) and companies (12.6% of all ransomware instances) led the way.

The Carbon Black Threat Report also states that overall, malware continues to target every industry with manufacturing companies (21.8% of total malware), non-profit organizations (16.4% of total malware), and utility/energy companies (15.6% of total malware) leading the way in 2016.

DoD Guidelines

Manufacturers with government contracts, issued by the U.S. Department of Defense, have until December 31 to conform to new federal guidelines mandating suppliers adopt a variety of cybersecurity best practices, countermeasures, and reporting standards to continue to qualify for contracts. The new mandates, covered in the standards described in NIST Special Publication 800-171, apply to contractors for the Department of Defense, National Aeronautics and Space Administration (NASA) and the General Services Administration.

Thankfully you’re not alone. Click here to learn how YYTECH can help.

Learn more about the DoD’s Guidelines:

MMTC Datasheet

NIST Guidelines

Microsoft Office 2007, and its suite of applications, will no longer be supported by Microsoft as of October 10, 2017.

What does this mean for me?

Unsupported applications turn environments into security and compliance risks. If a security flaw is found after the end of support date, no patches for security updates will be released to systems using Office 2007. In other words, if you’re still using Office 2007 applications, such as Word 2007 and Excel 2007, beyond the support date your company will be at risk for network security vulnerabilities.

What should I do?

It’s important to assess your network to determine what machines that need to be upgraded. If you would like more information on how to upgrade Microsoft Office on you system, our dedicated sales and support teams are available for assistance. Yeo & Yeo Technology specializes in Microsoft Office 365 and Office 2016.

Contact YYTECH today if you would like to upgrade.

Ever wonder what Sage HRMS looks like or how it functions? Take a look at this quick overview video. If you would like to learn more about Sage HRMS, visit our webpage or contact us today!

Most accounting and ERP systems come with a variety of built in Financial and Business Reports. These reports are often very general, and non-specific, and can frequently leave you wanting more. Whether it is a pinpointed category of data you are looking for, or a seemingly simple mathematical calculation that you want to perform with the data, these “canned” reports are often not able give the desired output. This is where Crystal Reports comes into the picture.

Crystal Reports offers an easy solution to your report generation and customization needs. It allows you to connect to your accounting and ERP data, and “slice and dice” it until you have the information you need in the format you want.

Yeo & Yeo Technology offers training on how to use this powerful tool to access, view, and ultimately distribute your data in the easiest to understand, and most visually appealing ways. If you aren’t looking to learn a new piece of software, but would rather have someone else gather the data and create the reports for you, YYTECH has several software consultants and programmers on staff that are well versed in the use of Crystal, and can offer that service as well.

We are in a new era of cybersecurity. Hackers are constantly inventing and innovating ways to steal our vital information. This is where Next-Generation Antivirus (NGAV) has entered the market. YYTECH is proud to offer a new NGAV solution for clients.

There are countless ways NGAV benefits users. The biggest benefit being protection going beyond just malware attacks. For many years, traditional antivirus was enough. Not anymore. Many organizations, with good traditional antivirus, fall victim to ransomware-type attacks that go undetected by standard antivirus . NGAV incorporates the industry’s newest features that target the tools, techniques, tactics, and procedures used every day by both mass scale opportunistic attackers and targeted advanced threats.

NGAV is the natural evolution of traditional antivirus that protects computers from the full spectrum of modern cyberattacks, delivering the best endpoint protection with the least amount of work. NGAV speaks to a fundamentally different technical approach in the way malicious activity is detected and blocked.

NGAV takes a system-centric view of endpoint security, examining every process on every endpoint to algorithmically detect and block the malicious tools, tactics, techniques and procedures (TTPs) on which attackers rely.

Manufacturers with government contracts have until December 31 to conform to new federal guidelines, issued by the U.S. Department of Defense, mandating suppliers adopt a variety of cybersecurity best practices, countermeasures, and reporting standards to continue to qualify for contracts.

The new mandates, covered in the standards described in NIST Special Publication 800-171, apply to contractors for the Department of Defense, National Aeronautics and Space Administration (NASA) and the General Services Administration. Many Michigan manufacturers have worked with federal agencies on classified projects; these regulations are meant to safeguard sensitive information in unclassified material, particularly as the threat of cybersecurity breaches grows.

The manufacturing industry has become the main target for cybercriminals over the years. The news, trade journals, and professional organizations such as the Michigan Manufacturers Association all have stressed the importance of manufacturers becoming aware of this growing threat.

IBM released a study in 2016 titled, X-Force Research 2016 Cyber Security Intelligence Index, which found that the manufacturing sector was second only to healthcare as the most attacked industry in the country.

The most recent Carbon Black Threat Report places the manufacturing industry at the top of the target lists for ransomware and malware.

According to the Ponemom Institute, the average price for a small business to clean up after they have been hacked stands at $690,000; for mid-market companies, it is more than $1 million.

The Carbon Black Threat Report states that when considering the total amount of ransomware seen in 2016, manufacturing companies (16% of total ransomware instances), utility/energy companies (15.4% of all ransomware instances) and companies (12.6% of all ransomware instances) led the way.

The Carbon Black Threat Report also states that overall, malware continues to target every industry with manufacturing companies (21.8% of total malware), non-profit organizations (16.4% of total malware), and utility/energy companies (15.6% of total malware) leading the way in 2016.

YYTECH Can Help

Yeo & Yeo Technology, along with the Michigan Manufacturing Center (MMTC), has implemented a process to ensure manufacturers meet the necessary qualifications of NIST Special Publication 800-171.

We begin the process with an exploratory call between YYTECH, your team, and MMTC. This is done to acquire technical info on your network, firewall, etc. to assess your company’s practices related to the new standards.

Once this discovery call is complete, YYTECH and the MMTC will provide your company with a list of necessary fixes to assure compliance. This is where the work gets done. New standards may include updates to your network, policies, firewalls and employee training. Once we test and validate that all security aspects are up-to-date, we can establish ongoing support, motoring and reporting to ensure standards continue are met and your data is secure.

Contact your YYTECH Account Executive to learn more about this program and how YYTECH can get you on track before December 31!

If you work in an office, chances are you’re sitting at a desk most of the day. In fact, 86 percent of Americans sit all day at work. There are many health risks that come with sitting all day. According to Martha Grogan, Cardiologist at the Mayo Clinic, people who sit all day share the same heart attack risks as smokers.

Yeo & Yeo Technology is proud to announce a new partnership with Ergotron to help our clients change the way they work.

What is Ergotron?
Ergotron products are designed to help adapt to the physical needs of individuals. Ergotron’s WorkFit line of desktop workstations gives users the ability to stand and sit at their desk, giving them a healthier daily routine. Ergotron products bring ultimate adjustability and aid in overall health and wellness.

Where are Ergoton Products Used?
As standing and mobile workstations increase in popularity, you will typically find them being used in:

Schools
Health Care (Carts)
Offices

If you would like to learn more about Ergotron, contact YYTECH at info@yeoandyeo.com or your Account Executive.

Cloud has been a buzzword in IT for the last few years. In fact, there are aspects of cloud computing many people find confusing. We have come across a few myths we want to debunk for you today. Here are the top three cloud myths we have seen the most and the truth you should know.

Myth 1

Everyone can access your data

The Truth: When you partner with a reputable cloud storage provider, your data will stay secure. There are numerous ways data is protected including encryption, firewalls and data backup. Having proper data backup might be the most important step an organization can take in protecting its information. Hackers and cyber-criminals are getting smarter and stronger every day. By replicating and backing up data in the cloud, users are able to get back up and running quickly in the event a disaster strikes.

Myth 2

Data kept on site is safer than the cloud

The Truth: Having all of your information on site, with your own server, might seem safe because it’s tangible. However, the requirements for maintaining network security, on site, is demanding and costly. It’s safer to keep data in the cloud. With cloud applications, security features are built in and are updated in real-time. This allows users to work with the latest updated applications with the most up-to-date security features.

Myth 3

Everything must move to the cloud

The Truth: When an organization takes its first steps into cloud computing, many start with a hybrid approach. For example, they move a single application, such as email, and grow from there. This is a great way for users to become more comfortable with the cloud and allows providers a great way to show the capabilities and scalability of cloud computing.

The cloud has long been a benefit for large organizations but now, small and medium size businesses have the same advantages at their fingertips! Reduced costs, improved security, scalability and access from anywhere are just a few examples. If you are interested in learning more about YYTECH’s Cloud offerings contact us today.

Design for Movement and Flexibility

allows us to be more mobile than ever before. So why do we keep sitting around? Ergotron is rethinking the way we design our environments, for more flexibility, greater collaboration and opportunities to move more. Workspace transformation is here! Learn about the science behind standing and get ideas for spaces where people can move more at JustStand.org.

*The content for this post is provided by Ergotron.

In the past, we have told you about Security Awareness Training and all of the benefits it provides. Having users who think before they click is one of the most valuable firewalls your organization can invest in. Now we are proud to announce a new level of training with over 300 new ways to keep users from clicking on malicious content.

The new Diamond level is now available to YYTECH clients. It gives you an all-you-can-eat buffet of more than 300 items like interactive learning modules, videos, animations, games, posters, tip sheets, and other downloadable items. It includes:

20 e-learning modules
8 interactive learning modules
7 compliance modules
100+ videos, bite-size 1-3 minute
33 trivia games
125+ pieces of artwork

YYTECH offers three additional plan options: Silver, Gold, and Platinum. No matter the size of your organization, there is an offering for you. To learn more about YYTECH’s Security Awareness Training plans, contact us today!

Managing your business data can be challenging. Many people struggle to get data out of their software in an efficient way. They’re buried in data. YYTECH’s software consultants specialize in Crystal Reports, helping our clients get the most out of their data.

What is Crystal Reports?
Crystal Reports is a reporting tool designed to help you create rich, formatted reports from your data source, such as Microsoft Excel, Sage 100 and Exact Macola. Once connected to a data source, users design reports by adding the fields from the database that are displayed from the data source and adding them to the report. The basic capabilities of Crystal Reports are to add columns, headers, groupings, and formulas. You can also add parameters that can be used to filter the data set down into a report for viewing.

Are you buried in Excel sheets all day? Crystal Reports can help.

How YYTECH Can Help
Having Crystal Reports isn’t any good if you don’t know how to use the software. YYTECH has software consultants on staff to get new Crystal Reports users up and running through proper training and guidance.

When a client signs up for Crystal Reports, they are trained step-by-step. First, we show how to connect to the database using the Crystal Report Database Connection Wizard. We then review the designer view and put fields into columns and preview a basic report. We add groupings, headers, and footers to the report and also build and add a formula to the report. Lastly, we add a parameter and run a report using it.

One of the best ways our consultants can show users the power of Crystal Reports is to let them generate a report that has been giving them trouble.

YYTECH has been consulting with Crystal Reports for nearly 20 years. If you believe that Crystal Reports could help make reporting easier, contact us today.

By now your 2017 budget is probably nearing completion. Before your budget is set in stone, we wanted to remind you to not neglect your organization’s spending.

In order to help you understand the areas you should focus your IT budget on, we have compiled a list of areas you should consider focusing your planning around. In 2016, security was a major focus at Yeo & Yeo Technology and, as you will read, we believe that security is going to be a focus for many years to come.

Security Upgrades: Staying current is vitally important. Hackers are always finding ways to exploit software and steal information. Making room in your budget for security upgrades is important. Many of the tools we use, like Microsoft Office, automatically receive upgrades and you need to be sure you are getting them. Even if you have IT staff in place, keeping track of every update, you may need to consider managed services. Keeping up with all of the patches that are released can be daunting and many small businesses are going to need assistance.

Ransomware: We have pushed out a lot of updates on Ransomware this year and for good reason – it continues to grow. We have some tips on prevention and what to do if you believe your system is infected.

Preventative Measures

Do not follow unsolicited web links in email messages or submit any information to webpages in links.
Use caution when opening email attachments.
Keep operating systems and third-party software, including anti-virus, up-to-date with the latest patches.
Perform regular backups of all systems/data to avoid serious consequences should your system fall under attack. Testing of your backup should be done monthly.

If you believe your system may be infected with the CryptoLocker Malware, follow these steps

Immediately disconnect the infected system from the wireless or wired network. This may prevent the malware from further encrypting any more files on the network
Change your passwords AFTER removing the malware from your system
Users infected with the malware should consult with a reputable security expert to assist in removing the malware, or users can retrieve encrypted files by restoring from backup, restoring from a shadow copy or by performing a system restore

Microsoft: Outside of security Microsoft had another big year with the release of Office 2016 and Windows 10 Anniversary Update. Windows 10 has continued to grow in users and is currently operating on over 350 million devices. Office 365 has also continued to be a big success for Microsoft with over 70 million active users. Microsoft is continuously updating and adding new features to Office 365. YYTECH will continue to inform you about any major changes and updates Microsoft releases.

Updating Your PC: Every year it’s important to consider the state of your PC. Hardware and software are always getting better and both need to be considered when looking at your budget. Consider the following:

Does your PC still have enough storage?
How old is your PC?
Is it running slow?
Is your software up to date?

If you would like to learn more about planning your IT budget or YYTECH’s suite of services, contact us today!

This blog post originally appeared at www.yeoandyeo.com.

Protecting a company from attack by third parties intent on stealing money, data — or both — is a constant challenge. Companies must anticipate where the threat is the most severe and defenses are the weakest and dedicate the appropriate resources there.

However, given the complexity of a company’s information environment, as well as its physical footprint, it is often a challenge to identify and prioritize which areas in the organization pose the greatest threat.

Understanding how the enemy views your company’s infrastructure is critical to deploying a robust defense. Companies of all sizes are asking “red teams” — a covert team of experienced professionals — to launch attacks against their infrastructure and report back on the findings. For example, companies that are interested in assessing their network security can engage a team of network intrusion analysts who have experience penetrating corporate and government networks.

Regardless of the exact makeup of the teams deployed, the primary goal of a red team is to find the weaknesses in your company’s IT and/or physical environment. Simply put, if the red team can uncover vulnerabilities, so too can attackers.

Before your company deploys a red team to probe its defenses, think about the following elements of the team’s responsibilities and feedback process:

Start with the end in mind.

The end result of the team’s work must be actionable intelligence that places the company in a better position to combat attacks. To that end, ask the red team leader to provide an example of the report that your company will receive at the conclusion of the exercise. Unfortunately, despite the best intentions, companies can sometimes be overwhelmed with the results of the red team exercise and fail to implement a plan to bridge gaps uncovered during the process.

Test the red team’s defenses.

Given the highly sensitive nature of the work that red teams conduct, it is important that members of that team treat the information uncovered as highly confidential. The professional services firm must have processes and in place to prevent unauthorized access. Before engaging a firm, ask them how it protects customer and client data.

For example, is client data shared on a central server within the company’s offices — or placed on a third-party cloud server? How will the firm ensure that only those with a “need to know” will be granted access to the data?

Convene a steering committee.

In anticipation of the red team exercise, it is important that your company form a steering committee with representatives from the departments most likely to be affected by the exercise. Before sharing information regarding the red team project, require that all steering committee members sign a non-disclosure agreement. Doing so will impress upon the members that the company views the exercise as highly sensitive and that secrecy must be maintained in order for it to be beneficial.

Timing is important in red team exercises. A company needs to test during a time when other important IT projects and upgrades are not going on. Further, in the event that the team triggers red flags in a particular area of the company, the department head should be able to monitor his or her department’s response without losing focus since ultimately he or she knows it is part of an exercise.

Suspend disbelief and interference.

Since the red team’s approach is supposed to mimic the activity of a criminal or attacker, it is not meant to be a highly structured event that is defined by the same people and thinking that created the company’s defenses in the first place. The red team must be able to explore the company’s defenses with relatively few limitations — just as an attacker would do. Short of inflicting harm on a business and creating significant financial losses, the red team should be allowed to conduct their work unimpeded.

The key concept that staff members must firmly grasp is that attackers intent on overcoming your company’s defenses are typically limited only by their imagination and the time needed to defeat your organization’s countermeasures. The same should apply to the red team’s efforts.

Share results on a need-to-know basis.

At the conclusion of the exercise, your company should make sure the intelligence gathered during the process is only made available to those who have a defined business need. In addition, ensure that all meetings that take place within the organization to discuss the red team findings are controlled to prevent the introduction of individuals who have not been suitably briefed on the purpose of the exercise and the associated sensitivity of the data.

Look beyond your company’s infrastructure.

Depending on the size and nature of your company’s business, employees may be asked to travel domestically as well as internationally. When they do so, they are obviously subject to an entirely different set of risks than are present in their offices.

For example, if employees travel to foreign countries, has your company taken the time to determine which hotels offer the best physical security so that laptops and smart phones are less likely to be stolen? If employees use wireless networks while in the hotel, what protections can your company put in place to minimize the potential that data will be intercepted by a third party? Hotels and offices overseas can be easily overlooked if an organization’s people and assets are largely concentrated in the company’s home market.

Red team exercises are not a one-time event.

As your business grows, the risks that it faces change. Periodically, your company should consider re-engaging the red team to conduct additional exercises. In fact, conducting regular tests can reduce your company’s risk exposure and the associated costs involved in remediating potential gaps. The drive and determination of “would be” attackers seldom wavers. A commitment to use red teams over an extended period can ultimately help your company deflect attackers and will help reveal system vulnerabilities. Your competitors may not be so prepared.

You’re starting a new business and it’s the most exciting thing you’ve ever done. How do you convey your enthusiasm and make the best possible impression?

You need an elevator pitch, a concise, persuasive story that sums up your business in no more than a minute. The term elevator pitch comes from Hollywood, where producers would try to sell their blockbuster ideas to studio executives in the span of a short elevator ride. How to craft an effective sales pitch?

Step 1

First impression. It takes just a few seconds of meeting someone to make a first impression. Even before you utter a single syllable. Nonverbal cues are important, so be sure to dress and present yourself in a way that’s consistent with your business.

Step 2

The right start. You have 15 seconds or less to grab a prospect’s attention. Use engaging language such as a clever twist on a familiar saying or an intriguing question. Steer away from industry jargon, and use references that everyone can understand.

Step 3

The middle. Simplify, take no more than 25 seconds. Present the key benefits: what is your product, what makes it unique, and what does it do for the customer. A photo or short video on your Windows device can help engage your prospect.

Step 4

The wrap up. End on a high note, 15-seconds maximum. Remember that the purpose of the elevator pitch is to interest your audience and leave them eager for more information.

Step 5

The finish. Leave a way for the prospect to get in touch with you. You can send your thank-you note and contact information from your mobile device using Office 365. And immediately track that interaction with Microsoft Dynamics CRM Online on your device.

Step 6

Next steps. You can’t count on a prospect getting back in touch with you, no matter how good your pitch. But, you don’t want to miss their call

when they do. Use Lync in Office 365 on your mobile device lets you conference in other members of the team to answer a prospect’s questions.

*This article was provided by Microsoft Community Connections

Rules for credit card and debit card information security are set forth in the Payment Card Industry Data Security Standards (PCI-DSS), a set of industry regulations. Failure to comply with these standards can result in penalties and increased transaction costs. In additional, stolen credit cards are often used to fund other criminal activity.

As part of maintaining PCI compliance, you should know what to look for and how to respond to possible credit or debit card fraud. Here are some tips to help you keep your company and customer information secure:

Report suspicious activity immediately. If you see unusual behavior in your organization, report it. For example, if someone looks like they are handling the card reader at an ATM or credit card machine, they could be installing a skimmer to steal data from unsuspecting customers. Or, if you see an unidentified individual attempt to tailgate an employee into your building, this should be reported. Even if they are in a courier uniform and carrying heavy boxes, their identity and purpose should be identified.

Report strange computer behavior to your IT team. Many data breaches happen because of an employee clicking on a link or opening an attachment in an email they weren’t expecting. Not paying attention to social engineering cues and failing to report possible phishing or scam attempts can leave your organization susceptible to and at the mercy of hackers. If you suspect you may have been the victim of a phishing attack, the best thing you can do is contact your IT team, or help desk immediately, so they can minimize the affect of a security breach. Don’t wait.

Use strong passwords. If your passwords are weak, you are putting your company at risk of being easily infiltrated by hackers.

Do not send or save sensitive card information on unsecured or unapproved devices. You should not store any sensitive data unless absolutely necessary. If data must be stored, it should be on a very secure, company-approved device. Also, if you need to write down a credit card number on paper for any reason, you should shred it immediately once you’re done using it. Do not just throw it away. Additionally, credit or debit card information should never be sent through unsecured means, such as through email or a publicly used fax machine.

Receipts or imprint machine transactions should be stored or disposed of properly. Paper records can be stolen or compromised, so they must be disposed of properly (such as in a shredding machine), or stored in a secure area, according to your company’s policy.

Employees who do not take care of sensitive information can lead their organizations into fines, increased operating costs, loss of customer confidence, and even more governmental regulation. Do your part to keep sensitive information safe at all times.

The tips included in this message are meant to remind you to keep sensitive information secure. Remember, your organization’s privacy, security, and compliance policies for handling sensitive information should be followed first and foremost.

Last week Yahoo announced that 500 million of their accounts were hacked and were sold to internet criminals. These cyber criminals are going to use this information in a variety of ways. For instance, they will send phishing emails claiming you need to change your Yahoo account password. Although these scam emails look legit, assume they are not. If you have a Yahoo account, YYTECH suggests you do the following:

Open your browser and go to Yahoo. Do not use a link in any email. Reset your password and make it a strong and complex password.
If you were using that same password on multiple websites, you need to stop now. Using the same password for multiple logins is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too. Also change the security questions and make the answer something complex.
Watch out for any phishing emails that relate to Yahoo in any way and ask for information.

So, let’s do a quick analysis of the cyber battlefield here. What are the bad guys up to? Check Point Software provided some fresh data a few days ago, which gives us the correct order of magnitude of what we are dealing with here. This by the way is great ammo to get more IT security budget.

205 Billion emails sent every day
39 percent of attachments contain malicious files
34 percent of links embedded in emails are malicious
77 percent of all malware is installed via email
Malware by file type: 52 percent are PDF, and 44 percent are EXE format

Now, how about the good guys? What are the Law Enforcement resources at our disposal to protect us against this digital onslaught? I found a September 7, 2016 interview with FBI Special Agent Lawrence Wolfenden who provided some worrisome stats.

He said: “Accept that a breach is going to occur, the issue is, what do you do about it.” That in itself is nothing new, but here are some interesting numbers:

The FBI has about 800 cyber agents, including 600 agents who conduct investigations, so the agency doesn’t have the ability to address every attack, and must triage the most significant ones.

By law, a $5,000 loss must occur before the FBI can get involved in a case, but as a practical matter, the U.S. Attorney’s Office wants to see about $50,000 or more in losses before the FBI gets involved, and the agency itself generally wants to see $100,000 to $200,000 of loss before it can justify spending investigative resources, Wolfenden said.

In other words, if you get infected with ransomware and the ransom is less than 100-200K, you are on your own. Good thing to know.

You’ve probably seen articles about the power of to “disrupt” entire industries, whether it’s Uber upending the taxi business or Facebook changing how people communicate. News stories about business disruption focus on dramatic tales of companies that grew to hundreds of millions in revenue almost overnight.

But disruption can happen on a smaller scale, too. And you don’t necessarily have to invent the to take advantage of it in a way that lets you positively disrupt how business is done in your industry. For any size of company, using digital technologies to disrupt your business requires strategic thinking, smart investment, and a commitment to long-term success. Let’s take a look at a few disruptive small business trends and technologies that could transform how you do business.

Mobile Internet

Just about everybody has affordable, fast mobile Internet these days. Mobile business is a rich source of competitive advantage for companies who really exploit it. To start with, make sure your website, ads, and e-commerce store are mobile-ready. The mobile Internet is great for employees, too. It empowers them to get work done anywhere using tools such as the mobile versions of Microsoft Office applications, available through Office 365.

The Internet of Things

Networks of low-cost sensors communicating and collecting data 24/7? Now that sounds disruptive. It also sounds like something only big companies are considering, but increasingly, Internet-connected equipment and devices are available across a range of industries. With these connected devices, you can monitor performance, perform maintenance, collect data, and control functions remotely. The key is to consider how such investments can accelerate your business and not just buy them for the “wow” factor. If you are pursuing an Internet of Things strategy, take a look at Microsoft Azure. It offers completely managed services that take a lot of work out of connecting devices together and capturing information from them.

Knowledge work automation

We’ve seen manufacturing become increasingly automated. Now, the average office worker is facing much the same scenario. For example, at one time almost every loan application was scrutinized by an individual human underwriter. Now, banks use sophisticated software to make decisions based on data. In a small and mid-size business, where there never seems to be enough time to get everything done, these kinds of tools can be invaluable. A simple example is voice recognition—a powerful too few people take advantage of. Take Cortana in Windows 10. With Cortana, you can write and search for information very efficiently just by speaking, which can save you time and keep you focused on adding value.

Cloud

The cloud—the ability to access IT infrastructure, applications, and services over the Internet—has been a focus of business innovators for many years now, but the opportunities to disrupt your business keep on growing. And it’s especially relevant for small and mid-size businesses, who now have affordable access to computing power previously accessible only to the largest enterprises. The easiest way to start with cloud is adopting software as a service, such as switching from traditional Microsoft Office to Office 365. You don’t have to run servers or worry about security because it’s all taken care of behind the scenes, and your software is always up to date with the latest (dare we say disruptive?) features.

Big Data

It’s an increasingly data-driven world, and every business needs to be looking at how they can use information to make better decisions, connect with customers, and find new opportunities. And, you don’t have to be talking terabytes to get value from data. The first step is to make sure you’re collecting and storing data somewhere you can access it. Do an inventory of the types of data your business collects, and the types of data it could collect, and make some decisions about what’s truly valuable. Then, you need tools that help you explore and make sense of the data. Excel is the go-to classic for Office users, and you can get the latest with Office 365. If you want to take things a step further, try PowerBI, which provides easy-to-use tools for asking and answering questions from your data.

Most of all, remember: business disruption is relative, and it doesn’t always have to make headlines. If your competitors aren’t following the small business trends and making the most of innovation, maybe it’s time to do a little disrupting of your own.

This article was provided through our partnership with Microsoft.

When a vendor releases software, they believe that it’s safe to use and reliable. However, this isn’t always the case. Often there are holes in the software that vendors are unaware of. These can be exploited by hackers and are known as Zero-Day attacks.

Types of Zero-Day attacks include malware, spyware, and openings in your private information. After an attack is launched, a vendor has to rush to develop and release a patch. This minimizes the damage that’s been done but for many users, it’s too little too late.

Research conducted by our partners at Symantec shows that Zero-Day attacks are increasing. In 2015 there were 54 Zero-Day vulnerabilities, which more than doubles the 24 that were found in 2014. The most attacked software is Adobe’s Flash Player. Adobe has acknowledged major vulnerabilities, as recently as June 2016 and accounted for 10 Zero-Day vulnerabilities in 2015.

There’s no way you can completely stop a Zero-Day attack but there are many ways you can protect yourself.

1.Have a secure firewall in place: Your firewall can play a critical role in protecting your PC against threats. Discuss with your IT consultant on proper configurations that are right for you.
2.Only use applications that are essential: The more browsers and software you use the most vulnerable you are to a Zero-Day attack. Use only the applications you need to reduce risk.
3.Keep current with patches: Make sure that your PC is being properly patched. If you would like to learn more about proper patch management, take a look at one of our recent newsletter articles.
4.Have a backup and disaster recovery option in place: Keep your data replicated, offsite and secure. Should your information be compromised, have the option to recover it.

Although attacks are increasing, the ways we can protect our data has never been stronger. If you are unsure about your preparedness for Zero-Day, or any other cyber-attack, contact your account executive today.