Latest News

It’s only the multi-nationals like British Airways and Marriot Hotels or big sites like Facebook and Google, right? Well yes, those companies have all been hit by big breaches over the past few years, but they most certainly aren’t the only businesses targeted by hackers.

Many smaller companies will see these large companies hit by cyber attacks and think they won’t be targeted as they never see anything about small companies being hit by hackers. But of course that in itself is the reason why more and more hackers are targeting small businesses.

On average, a small business will endure an average of 65,000 attempted attacks every day, according to research by Hiscox. Furthermore, one in three small businesses are hacked successfully every year. That equates to more than 1,500,000 SMEs getting successfully hacked per year, or 4,500 every single day.

According to government research as part of their Cyber Streetwise campaign, they found that out of the surveyed SMEs that had been hit by cyber attacks:

how small business are affected by hacking infographic

With around three quarters of SMEs not budgeting for disaster recovery and over half of them having no cyber security strategies in place, hackers are becoming more and more successful every single year and business owners are struggling to keep up.

Businesses may have technology in place to attempt to stop fraud, be it professional anti-virus software, email filtering and more, but there is no way to be 100% safe from these attacks. All it takes is one employee slipping up and a hacker can gain access. What you can do, however, is ensure that your business can continue trading without much delay.

As part of your disaster recovery / business continuity plan, you should be backing up your data. This completely eliminates the threat of ransomware and enables you to be back up and running fast, reducing downtime to a minimum. It’s like having fire alarms and fire extinguishers. You need to have precautions in place to limit the damage to your company in the case of an emergency.

For more information on data backup please check out our backup options, Datahive and Veeam.

WinRAR or LoseRAR?

A vulnerability has recently been discovered in WinRAR after 19 years of going undetected. A vulnerability that allows files unpackaged with WinRAR to be added straight to your startup library, meaning malware could be smuggled onto your machine and activate next time you boot up your machine.

Security boffins over at CheckPoint Research announced that over 500 million users of WinRAR are potentially at risk from this software exploit. The exploit that could come into play should a user open a malicious archive, which could have been downloaded from a dodgy website or maybe received in an email.

The specific issue is with a .dll that is used to parse ACE archives named unacev2.dll. ACE is a compression format that was created in the 90s and hasn’t actually been updated since 2005. In fact, the last company to create a program that offered ACE archiving did so in 2007 and it shut down a couple of years ago.

So what do you need to do to make sure you can’t be affected by this exploit? Simply make sure WinRAR is updated to at least version 5.70. WinRAR removed the vulnerability in the latest update after realising it would be very difficult to create a fix, considering they do not have access to the source code and… well no one uses the ACE format anymore anyway!

In their latest patch notes, WinRAR said, “Nadav Grossman from Check Point Software Technologies informed us about a security vulnerability in UNACEV2.DLL library. Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives.

WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users.

We are thankful to Check Point Software Technologies for reporting this issue.”

With security issues like this going undetected for so many years, it makes you wonder what else could be out there. Maybe hackers know of more that are not in the public domain yet. To make sure your business is prepared for these kinds of attack it is essential to have a data backup solution, completely removing the threat from Malware and Ransomware. Check out Datahive and Veeam to see what suits your company requirements.

Does your company force a password every couple of months? Well, you may be surprised to hear that the latest recommendations on password security from the National Cyber Security Centre (a part of GCHQ) is to avoid this practice. In fact, this isn't even new. They published this password advice in 2015!

Forcing users to change a password too often will usually lead to one of two things. Either they will choose something that is hard to remember, using a combination of capital and lower case letters, numbers and punctuation, but usually quite short as it takes longer to remember and type in.

Or they might use a password that is easy to remember and just change a number at the end of their password string. Maybe they will do something a little more complicated, but it is extremely common for subsequent passwords to be very similar.

In the first case, this is very inconvenient for users and they may end up having to reset passwords regularly, which can often lead to them doing the second scenario. Why is this an issue? Well, if a hacker gets hold of a password it isn’t going to take them long to figure out minor changes, or even complicated changes if the base word is the same. These passwords are also usually relatively short as users are still forced to add numbers, punctuation and include both upper and lower case characters, so they keep them short and easy to remember.

Short passwords can be brute forced in a relatively short amount of time even by your average home computer. For example, the random 8 character password of “+Df?x7;@” would take about 12 days to brute force normally. However, if the hacker has access to a botnet, this could be reduced to 4 hours or less. It is hard for a human to remember, but really easy for a computer to figure it out.

The current recommendation is to use a password made up of 3 or 4 random words that have nothing to do with you. For example, something like, “AngryCarrotWhispersAlone” would take more than 160,000 years to brute force as it is 24 characters long but is easy to remember. It helps to have something random that conjures strong imagery in your head to aid with remembering. You don’t want to have to write it down anywhere to remember it!

Quick tips:

  • Use a different password for every site. If one site gets compromised, you don’t want hackers to be able to use your password to log into other sites.
  • If you speak more than one language, you could include an uncommon word from a different language. If not, you could use a colloquialism or the name of a really obscure celebrity. This is all just to add another layer of protection against hackers who could use lists of common words to try and speed up the hacking.
  • It can be hard to think of something completely random. Try using a random word generator like https://www.textfixer.com/tools/random-words.php to get some ideas. After generating words a few times, I came up with, “FrozenArcaneParachuteShipment” and “ShotgunHoneybeeMohawk”
  • Check how strong your password is using Kaspersky’s strength checker. It even tells you how long it would take to brute force your password. https://password.kaspersky.com/
  • If possible, use two-factor authentication, password managers, completely random long strings of varying characters and ignore most of what I’ve said so far. Those methods are a lot more secure. This is just advice for if these are not available and you have to remember passwords.
  • Your password might already be compromised. Click here to read about a massive data breach from earlier this year, including a way to check to see if you've been compromised!

AngryCarrotWhispersAlone

Data encryption key

You wouldn’t trust a stranger with the keys to your house, so why would you trust them with the keys to your data?

Here at VSL, we thrive on creating great business relationships and we want to be as helpful as we can to all of our customers. However, one question we get asked every now and again is, “I’ve lost my encryption key. Can you send a new one?”

The thing is, we don’t hold on to any of the encryption keys. Coupled with our AES-256 encryption, this gives you the strongest possible data protection. For example, in the unlikely event that there is a data breach on our side, it wouldn’t be feasible for a hacker to use the encryption key to easily unscramble the data.

This is the same principle as to why we don’t keep the password to your account. It follows both VSL’s best practices and also helps you to comply with data protection laws such as the GDPR.

Of course, we understand that sometimes an encryption key could be missed. This is why we always prompt users to take a copy down when the key is generated.

How else do we keep your data safe?

All data that we back up in the cloud is stored in ISO 27001 accredited data centres, which means they are reliable and secure, not for just the time being either! ISO 27001 shows that the data centres are constantly reviewing and updating their systems to ensure they stay one step ahead of new threats and the latest business developments.

It’s also worth mentioning that all data is kept in award-winning UK and US data centres and doesn’t leave the country of origin. If your data originates in the UK, then you can be sure that’s where it will stay. This gives you the peace of mind that all data is going to be processed via all the applicable laws and regulations, along with our best practices.

Click here to read more about Datahive and its security features.

To answer this question we need to take a look at what Dropbox and other online storage services, such as Google Drive and OneDrive, are actually designed for. The main purpose of these services is to have quick access to files wherever you are and also easily share files, be it to co-workers or your friends and family.

We use these services here at VSL, making use of Dropbox and Microsoft Teams for collaboration on our general day-to-day tasks, such as sharing files in online meetings. However, there are a few reasons why they aren’t the best solution for backing up your data.

 

Priorities

At the top of our list is security. With cybercrime forecast to stretch into the trillions of pounds worth of damage to companies worldwide by 2021, it is incredibly important to firstly, have your data backed up and second of all, secure. One of the primary focuses for data backup services, like Datahive, is safeguarding all client data. The data you upload and store on Dropbox is not encrypted on the client side (That’s your side!) unless you have encrypted it before uploading. Yes, they are encrypted on their end, so if hackers manage to get into their servers then it should still be protected should they get hold of the data. However, if they get access to your account then all of your files are there for them to see, completely unprotected.

If you were to use Datahive, for example, as your data backup service, the data would be encrypted before you send it off, generating an encryption key that only you will have access to. Some backup providers keep hold of these and say it is in case you forget. We think this is a potential security risk and think you’d be much better off being the only person with access to this key.

 

Efficiency

Another reason Dropbox may not be the best solution is that it requires regular input from the user. Making sure you’re adding files into the correct folder to ensure they stay synced up, or even having to upload to them directly. With online backup services, you can select every folder on your computer should you wish to, be it your documents, photos, videos or even your desktop. Set it once and then you can leave it to backup automatically in the background with no further input. Don’t give yourself extra tasks to do! You’re busy enough as it is!

 

Conclusion

Overall, Dropbox is great for storing non-sensitive files and quickly sharing files with colleagues, but it shouldn’t be used by itself when considering options for data backup to the cloud. In fact, should you wish to use Dropbox still, you can do what we do and select the sync folder to backup automatically with Datahive too, so you should never lose a file again!

Globally, data centres hold over 1,500 exabytes of data. That’s 1,500,000 petabytes. 1,500,000,000 terabytes. 1,500,000,000,000 gigabytes. To put that into perspective, the average computer hard drive is around 1 terabyte these days, so it’s roughly equivalent to 1.5 billion computers worth of data.

That’s a lot of data to keep protected, so how do they go about ensuring that it is all secure? Well for starters, not all of them do. The most secure data centres are ISO 27001 certified. This accreditation is a sign that their Information Security Management Systems (ISMS) are in line with the highest standards and it covers all legal, physical and technical control risk management.

Without going too much into the finer details in this blog post, ISO 27001 covers all of the following in 12 main headings:

  1. Risk assessment
  2. Security policy
  3. Organization of information security
  4. Asset management
  5. Human resources security
  6. Physical and environmental security
  7. Communications and operations management
  8. Access control
  9. Information systems acquisition, development and maintenance
  10. Information security incident management
  11. Business continuity management
  12. Compliance

In terms of physical safety, all data in ISO 27001 data centres have manned security checkpoints and are externally patrolled 24/7. Sensitive areas of the data centres are completely isolated, requiring both card and fingerprint scans to allow authorised personnel entry. It might sound like I’m describing a building from Mission Impossible, but I don’t think even Ethan Hunt could break in here!

On top of the security equipment and personnel, the data also needs to be kept safe from other factors, such as power cuts. To combat this, the centres also have automatic power failover and full equipment failover, meaning power and servers, etc. are switched over to backup systems in the case of any faults.

To reduce the risk of fires, oxygen levels are kept between 12% and 15% to ensure the environment is still breathable for humans, but fires don’t have enough oxygen to propagate. Coupling this with VESDA early warning smoke detection, risk from fire damage is greatly reduced. But still, what if there is a catastrophic event and the data gets destroyed here? Well, not to worry, as all data is backed up separately in case of damage or hard drive faults.

So, that’s the physical protection dealt with. What about the cyber protection? Obviously it wouldn’t be the best idea to share all of the security details here, as that would give hackers specific things to aim for. However, we can say that the scope includes corporate policies and practices, IP network information security, anti-virus software and continued monitoring. One example is ensuring software and firmware is always updated to the latest version.

For more information, check out Datahive and Veeam to see how we can securely backup your data.

shutterstock 9833917

About Us

VSL Net is a division of Lane Telecommunications Inc. VSL are an experienced, ISO 9001 accredited Cloud services provider  offering innovative backup and email business solutions supported by traditional service to a loyal direct customer base and a large reseller channel.

VSL Net is an ISO9001 accredited company. Since our certification in 2013 the standard has provided the tools and guidance for us to implement a structure which has enhanced our quality management. Through continual monitoring across all operations and measurement against predefined standards, we consistently exceeded our published service level agreements.

The primary recipients of this consistency has been our customers who come to expect and enjoy the high standards we set ourselves and are not surprised when we exceed their expectations.

EMEA

VSL Net U.K.

Europe, Middle East & Africa

+ 44 (0)845 258 1500

+44 (0) 1256 301555

info@vsl-net.com

America & Asia

VSL Cloud U.S.A.

10 Lanidex Plaza West Ste 213
Parsippany, NJ 07054

+1 973 526-2979

+1 973 526-2988

info@vsl-cloud.com

 

Asia Pacific

+65 6353 0555

+65 6353 7448

info@vsl-net.com

Newsletter Optin

Sign up to our newsletter for the latest in backup and data protection solutions. No spam - we promise!

 

Sign Up Here