We just finished writing about an IT provider of managed services in Colorado who was hacked, and in turn all or most of their customers were hacked as well.

Well, it’s another day and this time the story comes from California.

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible.

Irvine, Calif.-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries, including state and local governments, financial services, healthcare, manufacturing, media, retail and software. The company has nearly a thousand employees and brought in more than $100 million in revenue in the past year, according to their Web site.

Much like other ransomware gangs operating today, the crooks behind Sodiniokibi seem to focus on targeting IT providers.

Every single IT provider is now a major target, because by successfully compromising a single IT provider attackers compromise dozens or hundreds of other companies in the process.

If you aren’t asking your current IT provider what they are doing to make sure that their own house is in order, you aren’t doing your due diligence.

Krebs on Security writes about a hacking incident in Colorado late in 2019:

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.

We’ve started talking about this in verbal conversations with prospects: today your biggest risk may be your IT provider.

Most IT providers (MSPs) put an RMM agent or remote-control software on each computer that they manage. This agent then connects back to a central source where the MSP can push out security updates, backups and other such measures to keep customers secure.

However, if the MSP’s central source is hacked then it is easily possible for all of their customers to be hacked at the same time.

The active targetting of MSPs is going to reach epidemic levels soon.

We’ll unpack what all of these means in a later post. For now, the top takeaway is that you should be asking your IT provider (1) how they are securing their own house, (2) what changes they have made / are making as the security threats change.

It’s time to make public a conversation that has been brewing inside the IT and managed services industry for most of the last year but has largely not broken out of those circles.

Your managed service provider is now a target for hackers because if they can get to them, they can get to you.

This is new.

2019 saw major incidents in places such as Texas and Spain where the clients of managed service providers were breached using the tools the managed service provider used to maintain client networks and keep them secure. There were at least four other significant incidents that have been written about inside in the industry but names have not been named.

This isn’t actually surprising.

2010-2016 saw the rise of ransomware, largely targetting enterprise customers.

2017-2018 saw a major shift away from big companies — who were beefing up security — to smaller companies who were not.

2019 was the year that hackers realized that if they could breach a single managed service provider they could simultaneously breach all of their customers.

Think about that for a second: what is your IT provider going to do if every single customer was hacked at the same time and they can’t use their standard toolset to fix it?

Two years ago you were your own biggest risk, and today it may be your IT provider instead.

Where do we go from here?

I don’t have all the answers, here are some places to start.

  1. You can’t adopt a weak security posture or you’ll still run into trouble. All the advice from the IT industry on using strong passwords, using multifactor authentication and using security-focused firewalls still applies.
  2. Managed IT service providers must make internal security their top priority, it is the only way to secure their customers. Sadly, many focus on revenue-generating customer projects instead of securing their own house.
  3. As an IT industry: we need to take our own medicine. We move fast and sometimes leave things partially done or less than totally secure because we had customer projects. We have to change our stance.
  4. You need to enforce it: It’s up to you to be asking your current and prospective IT vendors the right questions about what they are doing. Such questions include, (1) how do you ensure that hackers don’t have access to your tools, (2) do ALL of your critical accounts have two-factor authentication turned on for ALL employees, (3) are all of your devices encrypted and is this documented, (4) is your firewall as locked down as ours, (5) do you train your employees, regularly, on security, (6) do you carry proper cybersecurity and E&O insurance, (7) have you had any security incidents in the last 3 years?

This is only a start, it is going to get worse, maybe a lot worse, before it gets better.

5G is inherently insecure according to a new article by longtime cybersecurity industry expert Bruce Schneier.

Schneier is one of the stars of the security field, a longtime activist with nearly a crystal ball for understanding how technology is going to unfold. An important topic for him right now is the security of the cell phone networks given the central role that 5G will play in industry and business over the next decade.

His article raises up a central question that should already be at the forefront of business owner’s minds: How do you secure your company’s data on networks that are inherently insecure? Even without 5G, your data is already accessed over public networks that are owned and operated by Starbucks, McDonald’s, your vendor’s guest wireless, or any wireless network that employee connects his or her laptop or phone to.

This will only be the case increasingly in the future. Data needs to be accessed from everywhere, and everywhere the networks are insecure. But that doesn’t relieve you of your responsibility to keep both your confidential company information safe as well as the confidentiality of your clients data. For small businesses, this can be a significant hurdle to overcome.

Security and data safety are at the front of how we manage IT. It is possible to build data structures that are robust, meaningfully secure, and can alert you if it looks like they’ve been breached. Today it is even possible for the smallest businesses to implement these systems, but most don’t know how to or that they even exist at all.

We would love to talk to you about how you can better secure your data, your client’s data, and even be what sets you apart between your company and your competitors. Email us at info@JMAddington.com to schedule a free and confidential consultation on cybersecurity.

ToTok, a social media app that recently took off in international popularity, is the United Arab Emirates actually spying on your according to a new article from the New York Times.

Officially it’s supposed to be a secure way to communicate with family and friends, even in countries that block similar tools. However, is actually a spying tool the United Arab Emirates government.

While both Google and Apple have removed it from their stores it will not be automatically uninstalled from your phone.

We understand that a number of readers of our blog are not social media aficionados. However, given the widespread scope of the spying of this app we highly recommend that you send this article out as a PSA to your employees who are digital natives.

The app appears to track messages, analyze user calls, analyze user contacts and track location. And that’s just what we know so far. This raises another question. Given practical and regulatory risks of such data, and creating vulnerability for your company through your employees phones, how are you securing your company on these devices? 

Iran is targeting industrial control systems, according to Microsoft security researchers and reported by Ars Technica. The scale of the attempted hacking is incredible, with the Iranian group targeting about 2000 organizations per month.

Motivations behind the attacks are not yet clear. While the US government was concerned that Iran may retaliate in the cybersecurity space. In response, the late December drone strike on their general, this appears to have begun before that. It’s possible that this is laying the groundwork for a larger attack later on.

Given the number of organizations that directly and indirectly support Y12 and Oak Ridge National Laboratory it seems prudent to assume that some of these organizations that are targeted include those in East Tennessee.

It’s a great example of why we block Internet traffic for our managed customers from countries such as Iran. While not a panacea, it goes a long way toward securing the network.

If you’re interested in having a conversation with us about how to better secure your network. Give us a call at 865-240-2716.

You need to buy CyberSecurity insurance and you need to buy it today. And no, I’m don’t even sell it, this is just a PSA.

First, small businesses are targets for hackers today. 20% of SMBs reported that they’ve been a victim of a ransomware attack (Datto, 2019) and 60% of all cyber attacks are aimed at SMBs.

You should let that last sentence sink in for a minute, you are being targeted.

Second, rates for CyberSecurity coverage have historically been low, pennies of pennies on the dollar. Managed services providers, like JM Addington, are already seeing rates rise across the nation to purchase this type of coverage, with deductibles increasing as well. Today, you can still lock-in affordable rates. For next year it is an open question.

In addition the better your security the lower your rates are and the less likely you are to have to use the insurance in the first. I’d love to talk to you today about three easy things you can do to increase the security of your business, call me at 865-544-8045 (direct) or email jonathan.addington@jmaddington.com.

Bitlocker hard drive encryption is the encryption software that Microsoft builds into every version of Windows 10 Professional. It physically encrypts the data on your computer’s hard drive so that even if your device is lost or stolen no one else can retrieve information off of it.

This is important to your business because most states, including Tennessee, have mandatory disclosure laws for data loss. In short, data you store on your customers is or may have been stolen or hacked, you have to let them know. And that’s not an email or phone call any business owner wants to make.

Encryption is so important in today’s environment that it has become a standard for all of our managed service customers. We turn it on by default for any computers that support it. For computers that do not support it, we recommend upgrading to one that does.

If you want to have a free discussion about cybersecurity and how to better protect your business call or email us today, 865-240-2716 or info@jmaddington.com

Ars Technica and the BBC are reporting that the travel insurance and currency exchange company Travelex has been breached. Hackers have allegedly been inside the company’s network for 6 months and stolen customer information including:

  • Credit card info
  • Date of birth
  • Insurance numbers

These incidents are shockingly common yet only the big companies make the news. Data from Datto says that most small businesses either have suffered a similar attack or have been targeted by one.

How are you safe-guarding your clients’ data?

Jon, is this going to be a problem?

A customer just wrote me to ask about the email Google sent out to admins everywhere warning them that they are about to turn off access to “Less Secure Apps,” Google-speak for anything that uses a regular username and password.

If your organization uses G Suite in some specific ways

Yes, this is going to be a problem.

  1. If you use Outlook 2013 or very specific versions of Outlook 2016 to access your Google Mail it is going to stop working with Google
  2. Virtually every copier/scanner/fax that sends to email using a Google address is going to stop working with Google
  3. Old applications that use a regular username and password to send out of Google are going to stop working with Google (typically these are line of business or custom applications)
  4. Your iPhones and Androids from the Precambrian eras will not work with Google anymore.

So, what do you do?

Talk to your IT company. If you have had applications custom developed for you that send out using Google talk to the developer and have them switch you over to an API based email-application (they will know what those words are. If they don’t fire them and call us.)

If you are lucky enough to have a managed IT services provider ask them at your regular business meeting how they plan to handle this for you.

And, as always, you can call us and ask if/how/when it is going to affect you.