Tag Archives: Backup

Cybersecurity; Meltdown and Spectre; CPU exploit

The Good, The Bad and The Ugly about Meltdown and Spectre

Cybersecurity gets more complicated by the hour. The latest cyber-threats recently deemed “Meltdown” and “Spectre” have the potential for epidemic status. In this article, I hope to explain the ramifications of the cyber-threats in non-technical terms for all to understand and prepare for. Before I can break down the news, it will help if you understand the basics of how the exploit works.  In the most general terms, this exploit can allow access to the kernel memory of your CPU (also known as “chip,” these are the brain of each and every computer out there including the one you are reading this article from).  Essentially, this makes every IoT (Internet of Things) device vulnerable to this exploit.  The potential for data breach via this exploit is present.  When it comes to news about the latest vulnerabilities, we can break it down into the good, the bad and the ugly.

The Good News

Surprisingly, there is some good news.  First, as of this writing, there have been no reported data breaches due to this exploit.  At least 4 independent cybersecurity researchers reported this exploit in 2017.  Microsoft recently made information about the vulnerability public as it started to roll out a patch to counteract these threats.  Second, the patch is coming in the next few days or weeks.  Third, this is not WannaCry so it is not going to spread across the globe in a matter of hours. The nature of this vulnerability is very complicated to exploit.  Fourth, information is still trickling out about Meltdown and Spectre so the full ramifications are not yet known.

The Bad News

When it comes to bad news, there is quite a bit.  First, because the vulnerability is found in the CPU, it is widespread across all IoT devices.  Every IoT device has a CPU.  You are currently reading this from a device that is vulnerable.  The ramifications of this could reach epidemic status. Second, as the information about this vulnerability gets spread, cyber-criminals ability to exploit it will evolve.

The Ugly News

The ugly news involves the patch itself.  First, the patch will likely change the performance of your computer.  One researcher predicts an approximate 20% drop in speed due to the way CPU’s access data.  Second, incompatibility issues exist between the patch and antivirus programs. The “Blue Screen of Death” has occurred to devices where the incompatibility exists.  Loss of data often occurs as a result.

Recommendations:

1.  Call for Backup!

If you don’t already have your data backed up somewhere, please make sure you do before you patch.  The cost of backup rarely exceeds the cost of data loss. After a blue screen of death occurs, data recovery gets much more time consuming and cost prohibitive.

2. Patch management.

We minimize your worries about patching by testing the patches before we apply them.  We only schedule the patches to occur after we are confident that they are safe.  Also, we can roll out the patches on individual devices to prevent site-wide outages.

3. Hire A Better Choice Network Solutions

Cybersecurity is getting more complicated every day.  Keeping up with the latest exploit and vulnerability is our job.  Securing your business against the threat of cyber-criminals is our passion.  Call A Better Choice Network Solutions now at (813) 605-7251 for a free consultation.

If you are interested in more technical information about how Meltdown and Spectre work, check out this article on wired.com.

 

Be sure to follow us on FacebookTwitter, and LinkedIn for updates and news on cyber-security and technology.

cyber-security data breach insurance

Data Breach Insurance: Is it necessary?

In response to the sharp uptick in cyber-crime in the past few years, insurance companies have increased their offering of data breach insurance. Often, we get the question, “should I buy data breach insurance?”  The answer is complicated.  Let’s break it down together to help you decide whether it is good for your business. (Full disclosure:  Yes, we have data breach insurance along with errors and omissions insurance, but we are responsible for protecting your data.)

Budget

Data breach insurance can help you recompense your losses in the case of a data breach, but it might not be enough to save your company.  First, the point of insurance is to pay out after disaster strikes. In the case of ransomware, the amount of downtime could be hours, days, or longer.  You might never recover your data. As an example, the Brandon Chamber of Commerce lost years of data after a ransomware attack.  How much of your customer data can you afford to lose entirely and still function? How long can your company operate without access to customer data (downtime)? Data breach insurance cannot get you back up and running faster, or guarantee recovery of your data.

Additionally, the costs associated with data breaches can be very difficult to measure.  One example is customer confidence.  Imagine having to notify your customers that their information has been breached as a result of an attack on your network.  Recent studies of consumers have shown that they are less likely to do business with companies after a data breach.  Major corporations, such as Target, might be able to recover.  Can you?  That brings us to our next consideration…

Priorities

If a fire breaks out at your house, which would you rather have:  homeowners insurance, or a good fire suppression system?  Admittedly, a good fire suppression system might not eliminate all of your damage, but it should be able to contain it better than getting repaid after the damage is done.  Certain things in your house might never be able to be recovered.  Pictures of your major family events, family heirlooms, and sometimes even your loved ones can be in jeopardy.

Similarly, cyberattacks jeopardize your ability to deliver your product, the economic well being of you and your employees, and your reputation.  Wouldn’t you rather focus on prevention?   At a minimum, have a good backup solution that protects your most crucial data on the cloud.  There are options available that will cost about as much as data breach insurance.  We will help you determine your tolerance for downtime and find a solution that matches your budget.  Also, don’t forget to read the fine print!

Fine Print

Insurance is about managing risk, and agents still need to make a profit.  The fine print is often where you learn what a policy actually covers.  Here are a few things to look for in the fine print:

  • Is failure to patch a known vulnerability considered a pre-existing condition?
  • Should an unpatched system be covered under a clause for errors and omissions?
  • When an employee falls for a phishing attack and infects the network that way, is that covered?
  • Does it account for “human error?”
  • What are the limitations of coverage?  Will it cover employee salaries while they are unable to be productive?

Conclusion

Data breach insurance should be considered, but only after more proactive cybersecurity methods are in place.  Be certain that you are aware of what the policy does and does not cover.  Build your network to make your data breach policy redundant.

 

Be sure to follow us on Facebook, Twitter, and LinkedIn for updates and news on cyber-security and technology. 

 

Backup Data Recovery Disaster Recovery

World Backup Day- March 31st

World Backup Day!  This is a reminder for you to back up your photos, files and data.  30% of users have never backed up.  Whether it is a hard drive crash or a virus infecting your computer, the loss of your data can be devastating.  Some photos just can’t be replaced.  Having a backup copy (or two) is always a good idea. Continue reading