A Flurry of Cybersecurity Activity

Standard

Joe Panettieri and the good folks over at Channele2e published an excellent piece today titled MSP Judgement Day, Ransomware Attacks Threaten Industry Credibility, Reputation.  If you are an MSP, you had better read this article and not dismiss it as alarmist.

Over the last few days, I have been engaged in numerous discussions about this very concern.  Ironic that the piece I wrote this weekend titled Are You Auditing Your Suppliers IT Security? If Not, You Should Be! essentially speaks to the same issue.

Our industry is under a microscope right now and how we respond will have direct impact on the future of our industry.

combat-ransomwareAs I was coming home from the gym this morning, I heard a report on the radio claiming that hacker activity is up more than 500% this year.  Based on the near daily reports of serious attacks against federal, state and local governments as well as the private sector, I believe it.  There are even warnings this week that as a result of the new U.S. sanctions against Iran that there is a dramatic increase in cyberattacks between the two countries.  It’s like a shadow war taking place over the Internet.  Let’s hope no people are injured or worse as a result.  The warnings caution U.S. businesses that the increase in tensions between these countries has put a target on any business operating in either nation.

Things seem to be getting worse, certainly worse before they get better.  The IT industry needs to do all that it can to protect our clients and the government needs to do all it can to expand public-private partnerships aimed at securing our collective computing infrastructure.

Be absolutely vigilant in your cyber protection efforts.  Train, train and re-train as every employee you have is your last line of defense.  Stay safe out there and online.

Urgent Cybersecurity Threat Warning with LOTS of Resources

Standard

The Department of Homeland Security released the following warning yesterday.  Given current global tensions, the amount of hacking appears to be rising and the information below highlights some specific threats to be aware of.  More importantly, the link “tips and best practices for staying safe online” contains very valuable information related to the understanding of and protection against certain attacks.  Please take advantage of the valuable information in this alert.

CISA

National Cyber Awareness System:

CISA Statement on Iranian Cybersecurity Threats

Original release date: June 24, 2019

Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has released a statement in response to the recent rise in malicious cyber activity—including spear phishing and brute force attacks—by Iranian regime actors and proxies.

CISA encourages users and administrators to review the CISA Statement on Iranian Cybersecurity Threats and tips and best practices for staying safe online, including the following:

This product is provided subject to this Notification and this Privacy & Use policy.

Are You Auditing Your Suppliers IT Security? If Not, You Should Be!

Standard

The following was published in yesterday’s Foster’s and Seacoast Sunday.

You all probably know the story of the infamous data breach at Target, where customers credit card information was hacked and released on the dark web. Target was hacked through its supply chain, a vendor who had access to their network.

Chains in a Cross with Brass Padlock. Isolated. 3D render.According to reports, it was an HVAC (heating, ventilation and air conditioning) vendor who had access to Target’s corporate office from its office, in order to monitor and manage the heating and cooling system. A savvy hacker discovered this and infiltrated the HVAC company’s network as it did not have robust IT security in place. From there, they used that company’s connectivity into Target to get into the Target network and hop across into the Point of Sale (POS) systems and breached the customer credit card information.

Do you have an HVAC company managing your businesses heating and air conditioning through a direct connection into your IT network? How about your phone system vendor, security system vendor, companies that manage specialized equipment in use at your business, your printer and copier company, IT company? Yes, your IT company.

Most SMBs (small and mid-size businesses) outsource their IT management and support. In order for these companies, often referred to as MSPs (managed service providers) to properly manage and support your IT infrastructure, they require secure access to your office. One would rightly expect that an MSP would have the proper security controls in place to ensure your safety, but just this week, multiple MSPs were infiltrated and the hackers injected ransomware into client networks via the tools in use by the MSP. This is a seriously troubling development as you have to have complete trust in your IT partner in order for them to effectively do their job and provide value to your business.

This is not the first time this has happened. It happened once a few months ago. The FBI has been warning MSPs for months, to take extra steps to ensure their systems are secured as hackers are known to be targeting MSPs because of the opportunity they represent. MSPs have hundreds and thousands of clients and those clients represent thousands and millions of businesses that are targets for hackers. If you want to do the most damage, what’s better than infiltrating and organization that has connections to many, many more.

In this particular case, it appears the hack was undertaken using weak credentials. It’s amazing to think an employee of an MSP would have a weak password, but the success of this most recent hack proves that’s the case. The hackers were able to login to two widely used technology tools in use by the MSP and then inject ransomware through those tools, to the MSPs client. The client is then faced with having to recover all of their systems from backup or worse, pay an expensive ransom to the hackers if their backups were also compromised.

In case you don’t think this is something to be concerned about, also this week, the town of Riviera Beach, Florida, had to pay hackers $600,000 in order to get its data back, because its backups were not sufficient to recover from a ransomware attack.

If you have any business partners and vendors connected to your internal IT network, you should audit those individuals and entities to ensure they are using appropriate and sufficient IT security solutions. You may have adequate protections in place for your employees and organization, but don’t forget to be sure that your partners do as well.

Summer Tech Travel Tips

Standard

Top5TravelTechTips

The National Cyber Security Alliance (NCSA) recently released a good blog post titled 5 Top Tech Travel Tips that I wanted to share.  While most of it is obvious, it’s a good reminder, which we can all use.

In addition to the tips in the blog, there are some wonderful links to related content from Raytheon, Symantec and U.S. Bank that they share with their employees and have made available to the NCSA for this post.  I encourage you to check them out.

Finally, the NCSA makes available the following PDF tip sheet, which you can share with family and friends.

Have a safe summer!

A Great Event and Community

Standard

I have spent the last two days at Technology Marketing Toolkit‘s 2nd Quarter Producer’s Club meeting.  Technology Marketing Toolkit (TMT) is a marketing and sales coaching organization for service firms in the IT industry, specifically Managed Services Providers.

TMT’s mission is “To build a community of success-minded entrepreneurs that inspires excellenceencourages collaboration and expands the capacity of all members to achieve great things.”

The company was founded by Robin Robins and has evolved around her personal brand, expertise and mission over the last 15 + years.  Specifically, Robin’s top areas of expertise are:

  • Creating low-cost marketing plans for “startup” MSPs and IT services businesses that are “one-man-band” to $1 million in sales.
  • Creating more sophisticated sales and marketing systems for larger, growth-mode MSPs in the $1 to $10 million range.
  • Creating reliable, repeatable “Marketing Oil Wells” using marketing automation and CRM systems to maximize the performance of any marketing campaign or plan.
  • Creating multi-media sequencing campaigns that generate 2-3 times the average response and results.
  • Cultivating extremely profitable sponsorship and strategic joint venture partnerships.
  • Coaching IT sales and marketing teams for peak performance.
  • Creating high-performance sales processes and playbooks for IT services and MSP sales.

I was Robin’s second client when she was getting started.  Her coaching and guidance were integral to the success of my business and our eventual acquistion.  It’s been wonderful to watch TMT grow into the impressive community that it is today.  I remained a highly satisfied client until 2016, after I had sold and integrated my MSP business into the company that acquired us.

Along the way, Robin and I have become friends and confidants with tremendous mutual respect for one another.  As I embark on my next adventure, I’m excited to be working with Robin and her team on a special project for her members.  Here are some pictures of Robin and I on stage this morning, announcing this new program, which will be exclusive to her membership.  It was nice to be back on stage with Robin.

One of the hallmarks of Robin’s events are the speakers she brings in for educational sessions.  This meeting was no exception.  The educational sessions touched on all manner of marketing, sales and general business improvements.

Members also share successful strategies they have implemented.  These may be related to generating more leads, closing more sales or gaining operational efficiencies in the business.  Some of the best ideas are shared during these member sessions.  The are panels, workshops and vendor sponsor booths, many of whom also have brief opportunities to speak to the attendees in between sessions.

There is usually also one headline speaker that closes out the event.  Today, that speaker was none other than Shark Tank‘s Daymond John.  Daymond shared his life journey in an entertaining, funny and informative hour and a half talk, much of it set to hip hop music, the inspiration behind his wildly successful FUBU brand.  I had hoped to be able to get to meet Daymond and grab a quick picture with him, but I had to leave for the airport before his session wrapped up.  I did manage to capture a couple of pictures of Daymond on stage.

It’s been a great couple of days reconnecting with friends and colleagues in the industry, as well as meeting new people.  I’ve always found these meetings highly valuable and this time was no different.

It’s great to be engaging with the industry in new and exciting ways.  There’s more to follow here.  Stand by for my formal announcement soon.

Good Computer Security Tips from the FTC

Standard

The FTC maintains some excellent computer security tips at their OnGuard Online web page.  I encourage you to bookmark this page and check it frequently for updated tips.  Here are two video’s that are helpful to secure your computer and keep you safe while using public WiFi.

While you’re on the site, be sure to review the 10 Tips to Avoid Fraud sheet as well.  This page expands on the following list of what you can do:

  1. Spot imposters.
  2. Do online searches.
  3. Don’t believe your caller ID.
  4. Don’t pay upfront for a promise.
  5. Consider how you pay.
  6. Talk to someone.
  7. Hang up on robocalls.
  8. Be skeptical about free trial offers.
  9. Don’t deposit a check and wire money back.
  10. Sign up for free scam alerts from the FTC at ftc.gov/scams.

It’s Good to be Back!

Standard

Hello from Nashville!  I’m so excited to be attending the Technology Marketing Toolkit Q2 Producer’s Club meeting in Franklin, TN for the next two days.Q2 PC MtgTechnology Marketing Toolkit was a key business partner to my MSP, Jenaly.  Robin Robins and her team were instrumental in the success of my business as our trusted marketing consultants.  I was Robin’s second client nearly 15 years ago.  Watching her business flourish as my own business did was a real treat.  Just as I watched my clients businesses flourish as we worked together over many years, it was a true win-win.

I am grateful to Robin for the invitation to attend the meeting this week and catch up with industry friends and colleagues as I pursure new opportunities.  I’ve already had some great meetings that have my mind full of possibilities.

I’ll share more as the event unfolds and look forward to sharing some exciting news in the very near future.

HTTPS Phishing…Be On The Lookout For It

Standard

Any website that begins HTTPS is secure, right?  If that padlock icon HTTPS_iconis there, along with the S, you’re safe, right?  Maybe.

The Internet Crime Complaint Center (IC3) issued a warning about HTTPS phishing today and we all need to take heed.  Hackers are impersonating legitimate HTTPS sites, complete with third-party SSL security certificates, to make these sites look legitimate.  The problem is, they may not be and if you enter your credentials into one of these hacker sites, you could expose your account.

This is a tricky one, as it requires even more vigilance than a simple email phish.  A successful HTTPS phish could be very damaging.

Please review the IC3 alert here.  Also, please review Cybersecurity and Infrastructure Security Agency (CISA) tips on Avoiding Social Engineering and Phishing Attacks.  Both links contain useful information and reminders that you should share with your teams.

Father’s Day Ideas for the Techy Dad

Standard

The following was published in today’s Foster’s and Seacoast Sunday.

Father’s Day is just around the corner, so it’s a good time to look at some of the techy gifts that may make the dad in your life, one happy guy.

Father's day message on a white keyboardIf you’ve got a dad who loves sports, consider a new smart TV. With sizes ranging up to 65-inches and larger at reasonable prices, it’s a great time to upgrade an older or smaller set. With ultra-high definition, watching the Sox or any sporting event will practically feel like you’re sitting on the sideline. Especially if you are considering cutting the cord, a smart TV is a great investment as you’ll be able to access many streaming services right from the TV and not necessarily have to add a streaming stick to the equation.

If you do think a streaming stick would be a nice gift for your dad this year, the two best ones are the Amazon Fire TV and Roku. If you’re an Amazon Prime member, the Fire TV stick is the best option. If you’re not, try to check out both and go with the one that seems the most intuitive to use.

If you’ve got a dad into smart home technologies, there are tons of gadgets you can add to the mix. If he’s just getting started, start with a smart home hub. Check out the Wink and Samsung SmartThings hubs. Both are easy to setup and work with and support the widest array of smart home devices. From controlling lights to in-ground sprinkler systems, there’s hardly anything you can’t do. Check out the smart home display areas at local retailers like Best Buy, Home Depot and Lowe’s for more idea.

If you’ve got a dad into music, you’ve got lots of options. If a whole house music system is on the list, check out Sonos for the best wireless music system on the market today. Start with a Play 1 speaker and he can grow the system from there. If it’s more personal music that’s of interest, a nice pair of noise-cancelling headphones of a bluetooth speaker will surely be appreciated.

If you’ve got a real audiophile on your hands, complete with a collection of vintage LPs, think about a connected turntable, so he can bring those LPs into the modern digital era. Could be a fun project to keep someone busy and out of trouble.

If you’ve got a fitness-minded dad, you’ve got a lot of great options as well. For a real experience, consider gifting a membership to your local Orange Theory Fitness studio. Orange Theory combines a one-hour workout with smart tech to monitor your heart rate through the workout in real time. The data is fed to an app and email, so dad can really see his progress over time. It’s motivating, not to mention fun. If a membership is not his thing, consider a fitness tracker like a FitBit, Garmin or Apple Watch along with a smart scale to monitor weight and body fat. Especially for someone who likes to do their own thing when it comes to fitness, these devices help and make it more fun.

With summer about to arrive, a lot of people get back to reading books, especially at the beach or on vacation. A Kindle is the best way to keep dad’s library of books with him without needing to pack a separate back just to bring them along. You can even gift your dad magazine subscriptions he can read on the device.

Speaking of summer, you may also consider a smart grilling thermostat if you’ve got a foodie dad. These connect to an app on a smartphone and monitor what’s grilling so dad can get that perfect steak. I could go on for pages with more techy ideas. Hopefully, one or more of these will help your dad enjoy this Father’s Day.

Finally, a quick update on me. If you’re a regular reader of this column, you know that for the past two years, I’ve worked for a company called Onepath, after it acquired the last business I was with. I decided to move on from Onepath and as of June 1, I’m working on my own again, consulting to the IT industry and select clients. I’m excited about this next chapter in my career and look forward to continuing these columns and sharing insights into the wonderful world of technology with you. Thanks for your continued readership.

So Long Onepath!

Standard

Today was my last day with Onepath.  I have decided the time was right for me to moveSoLong on.  It’s definitely bitter-sweet.  I leave behind some good friends and colleagues, not to mention many clients that I truly enjoyed working with.

My last client meeting was earlier today with a client I have worked with for over 15 years!  We had a nice walk down memory lane, looking at how far we have come together.  Some very kind words were shared, along with a committment to stay in touch and get together from time to time.

It’s been a great journey as an MSP for me.  Nearly 20 years with Jenaly, another year and half with Internet & Telephone after they acquired Jenaly and another two with Onepath after they acquired Internet & Telephone.  There have been a lot of triumphs and plenty of learning experiences along the way, complete with some outright mistakes.  This is how you learn and grow.

For me, the time is right to explore new opportunities in the industry that will allow me to better balance myself and spend more time with my family at this stage of our lives.  I’m looking forward to sharing what’s next over the coming weeks.

For now, it’s time for some well earned time off.  Not quite as much as I had originally planned, but I still intend to enjoy the heck out of this summer while I continue to put what’s next into action.  I’ll be posting updates, so stay tuned.

My Dad never liked to say good bye.  He always said it was too final.  Instead, he preferred to say “so long” in the hopes of seeing you again soon.  So today, I say so long to Onepath.  I’m proud to have been a part of bringing what is known as the Northeast Region in to Onepath and I’m looking forward to seeing where the team takes it from here.  We will stay in touch!