Tag: data security

  • Threat actors attack on cloud company leads to customers data being wiped completely

    Threat actors attack on cloud company leads to customers data being wiped completely

    Last week a Danish cloud provider called CloudNordic suffered a cyber attack that led to them losing all of their customers data in one fell swoop.

    The hackers who gained access to CloudNordic’s system immediately issued a financial demand that the company was unable and unwilling to meet and led to all of their data being encrypted by the hackers. The company said that no evidence of being hacked was left behind other than the encrypted data.

    This hack also effected their sister company, AzeroCloud, and both companies released identical statements on the ongoing issues they’re facing after this event, you can see the statement below translated to English from Danish.

    In an effort to start over the company has establish a new name and new servers and have offered to restore their clients to servers with the same name as they had previously, though they’ve also included instructions for customers who want to move their domains to new hosts.

    CloudNordic suspects the attack occurred while they were moving data centers, exposing them to already infected systems. As they were mid-migration it allowed the attackers access to their systems and even their own backups.

    CloudNordic states “”The attackers succeeded in encrypting all servers’ disks, as well as on the primary and secondary backup system, whereby all machines crashed and we lost access to all data,”.

    They’ve stated while the data was scrambled during the attack, they don’t believe the attackers copied customers data as is typical with ransomware attacks, so it’s unlikely individual customers will be targeted to be ransomed back their data.

    No known ransomware group has so far taken credit for this attack. The company CloudNordic and their sister company AzeroCloud have both said they plan to try to rebuild from here without access to their previous data.

    At Valley Techlogic, backups are an important puzzle piece when it comes to maintaining the security of your business. For many businesses, a cyber event where all of your data is lost would be difficult to impossible to recover from. Many businesses that suffer attacks like these end up going out of business.

    That’s why we created our triple layer backup plan, TechVault.

    With TechVault you not only have an onsite copy of your data, there’s also a cloud backup and what we call an archival backup.

    This archival backup is what makes this program we’ve created special, as it’s write once read many. Basically, the data can be copied back to you as many times as needed but once it’s on there, it cannot be deleted.

    This, in addition to the 24/7 monitoring we provide as well as firewall, antivirus and other protections means your data is virtually bullet proof.

    If you would like to learn more about what makes Valley Techlogic a cyber security leader in the Central Valley, schedule a consultation with us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Zero trust or zero effort, how does your businesses security stack measure up?

    Zero trust or zero effort, how does your businesses security stack measure up?

    Have you been working on strengthening your cyber security stack in your business or crossing your fingers and hoping for the best? How much protection is really enough?

    There are a lot of remedies for improving cyber security out there, but which ones present the best value for your business, and what constitutes a “zero trust” environment?

    If you’re just starting out, these 10 items will greatly improve your business’s cyber security safety in a short amount of time (we call these “best practices”):

    1. Use multi-factor authentication. This one is obvious, but we still see it not being employed regularly. Multi-factor authentication is generally extremely easy to enable (often times just a checkbox) and it greatly improves the safety of that account. When we’re talking about accounts like your business email, or your banking account it’s a no brainer.
    2. Use a password manager. This is another easy one to employ but people still ignore it, or even worse they use the password manager built into their browser. We’re not saying that’s completely wrong, especially if you’ve started using stronger passwords because of it. It’s still a good idea, however, to use a password manager that’s not directly connected to your system. Often times the same password or biometric you use to log onto your computer is the one used to unlock your browsers password database, so if someone has breached the device all those passwords will be available to them too.
    3. Employ Biometrics. Speaking of biometrics, they can be an improvement over passwords when it comes to a physical devices security. Especially for mobile devices, most of us access our work emails, banking accounts, etc. through our phones. It’s very easy to lose a phone, so making that phone unusable to whoever finds it (or has taken it) is a good idea.
    4. Don’t give everyone admin privileges. Not every employee needs all the keys to your kingdom, limit admin access only to those who really need it so if you do have a breach the damage can be limited as well. This is a key component of a zero trust environment (which we describe in the chart below).
    5. Communicate your goals and train your employees. Loop employees into your increased cyber security efforts and provide training, no one wants to be responsible for a cyber-attack in their workplace but without training employees can become unknowing and unwilling threat vectors.
    6. Monitor network activity. Now we’re starting to get into the more challenging topics, monitoring your network activity can be a very effective way of noticing early when something is amiss. There are tools out there that can do this monitoring for you and provide warnings if suspicious behavior is detected (like a device being logged in after hours when it never usually is).
    7. Use encryption. It’s pretty easy to use encryption in email or with sensitive documents (again often just a checkbox) but it’s an effective way to make sure sensitive data doesn’t fall into the wrong hands.
    8. Use backups. Again, in the same vein of protecting your data having automatic backups will greatly increase your chances of recovering after a cyber-attack. Especially if those backups were stored offsite (such as cloud backups). We wrote an article on the best ways to manage your OneDrive storage (which is included in your Microsoft 365 subscription) here.
    9. Regularly patch your devices. Many of your vendors actually provide security protections for you via their patches, which more often than not are addressing specific security concerns that have been identified. Patching costs nothing but your time and the benefits are ten-fold compared to the costs of a security breach in your business.
    10. Have a security audit performed. The best way to address the holes in your security plan is to have a reputable IT company perform a security audit. Valley Techlogic is a provider of these audits in the Central Valley and you can request a consultation here.

    Performing these ten activities in your business will greatly improve your cybersecurity effectiveness across the board, but if you’ve reached the bottom of this article and have realized you do all of these you may be wondering what’s next? Or perhaps you’ve heard of zero trust but aren’t sure what that entails, here are the key components to having a zero-trust cybersecurity environment:

    We address ALL of these topics in our new book, Cyber Security Essentials, which covers all the components of a cybersecurity framework and how to implement them in your business. You can see a preview of the book in the video below.

    [youtube https://youtu.be/jlBAoq4tLNc]

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • RAID Arrays Explained, What is it and do you need one?

    RAID Arrays Explained, What is it and do you need one?

    RAID arrays or Redundant Array of Independent Disks is a type of storage configuration where your data is saved across multiple hard drives or SSDs. There are a number of benefits to doing this including increased performance and data redundancy. Because your data is saved across multiple drives you have better protection in the event of a drive failure.

    Basically, if one of the drives in your RAID array fails your drives will then go into “rebuild mode” which will allow the remaining drives to recover the data, the failed drive can then be replaced with little downtime for you. A RAID array is not always necessary, we wouldn’t suggest one for regular employee use for example as SSDs are very reliable (especially compared to hard drives with mechanical parts that can fail). You also have the option of cloud storage for devices that don’t have much data to save on a daily basis.

    However, for servers or other systems where data protection is critical, a RAID array is a necessary option to keep that data intact. They are also beneficial for systems that work with very large files as the computer can pull pieces of the file in unison and load them much quicker than a single drive. There are many different configurations for RAID arrays such as:

    1. RAID 0: In the world of data two is one and one is zero, and such is the case with RAID arrays. The first RAID array configuration involves breaking up your data into “stripes” across one or more drives, however it does not provide redundancy like other RAID arrays do. If a drive fails under RAID 0 the data is lost. However, it does improve speeds and can allow you to gain more space on your drives.
    2. RAID 1 provides an exact mirror of your data across multiple drives, which does allow for data redundancy. In the case of a drive failure as long as one drive is functional you will still have access to your data. The pitfall to this is your data storage can only be as big as the largest drive in the array, so if you have a 1 TB drive paired with a 4 TB drive only 1 TB would be usable. This RAID array type also doesn’t really provide a system performance boost, it’s purely a data redundancy setup.
    3. RAID 5 provides good redundancy coverage and improves performance. A RAID 5 array consists of 3 or more drives, this RAID array type splits your data consistently across the board and improves your system performance at the same time. However, for most clients we would suggest the next setup.
    4. RAID 10 combines two RAID 1 arrays with two RAID 0 arrays to provide both greatly improving performance (that falls in line with the RAID 0 benefit) and greatly increasing redundancy (as you get with a traditional RAID 1 set up) for not much more than you would spend to have a RAID 5 installed. For systems that run software in addition to storing data this is the setup we highly recommend.

    Here are some other benefits of having a RAID 10 setup for your server or systems where data is a high priority:

    RAID 10 Benefits ExplainedThere are still other questions that need to be answered beyond just RAID type, like what drive capacity should you be looking for? Would a HDD (Hard Drive Disk) work in this case to have more inexpensive but higher capacity or should you be looking for SDDs (Solid State Drives)?

    These are questions that can be answered by our professional sales team, they’re experts in technical equipment procurement and can help make suggestions and offer buying advice specifically tailored to your business. Learn more today by scheduling a consultation with our sales manager.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley Techlogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.