, , , ,

Ransomware Backup Protection | 2 of 2

Part One | Part Two

Ransomware Backup Protection: There is nothing quite like an incident infecting hundreds of thousands of computers globally to bring a problem into rather sharp focus. Ransomware has been with us for many years. We’ve seen a number of customer cases that prove it’s possible to survive these attacks. Without having to pay. in 2017 there have been two major ransomware attacks, WannaCry and NotPetya. As the ransomware threat continues, it’s imperative to understand how you can protect your business against ransomware. Having a strategy is a really good start.

Get a Ransomware Backup Protection Strategy

A ransomware protection strategy requires at least three elements, education, patching, and backup.

  • Educate: Education of your users and your Administrators is essential to protect your business from ransomware. It’s critical that your staff and stakeholders understand what ransomware is and the significant threat it poses. Provide your teams with examples of suspicious emails. Empower them with clear instructions on what to do if they encounter a potential ransomware lure. For example, don’t open attachments, if you see something, say something about it. Conduct quarterly formal training to inform staff about the risk of ransomware and other cyber security threats.
  • Patch: Antivirus software is essential for any business to protect against ransomware and other cyber risks. Ensure your security software, and all critical software elements, such as operating systems,  are up to date. Keep all business applications patched and updated to minimise vulnerabilities.
  • Backup: Snapshot-based incremental backups, as frequently as every five minutes, to create a series of recovery points are a feature of modern total data protection solutions. If you suffer a ransomware attack, this allows you to roll-back your data to a point-in-time before the attack. The benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back. Second, since you are restoring to a point-in-time before your systems were infected, you can be certain everything is clean and the malware can not be triggered again.

Ransomware Backup Protection for Business Continuity

Survival requires preparation before an attack. Data protection technology, and ransomware backup protection best practices, are critical for mitigating the damage that ransomware attacks can inflict the Business Continuity of organisations. The possibility of getting ‘hit’ by ransomware are really rather high. And it’s not getting any better. It’s obvious backup is one line of defence against ransomware.

Most Government organisations recommend backing up frequently as a way to beat ransomware. The UK National Cyber Security Centre recommends you verify the integrity of backups and secure the backups. Ransomware backup protection is best when they are maintained offline from the production environments, because the ransomware viruses can corrupt backup copies, as well. Snapshots and replication can be vulnerable to time-delayed ransomware attacks.

The National Cyber Security Centre has recently updated it’s advice regarding backup in NCSC: Basking up your Data. It is reasonable guidance, which hopefully the NCSC will expand upon in the future. In broad terms:

  • Identify what data you need to back up
  • Keep your backup separate
  • Consider the cloud
  • Read our cloud security guidance
  • Make backing-up part of your everyday business

Ransomware Backup Protection with the Cloud

Data protection vendors, such as Datto, have been adding features that will protect against ransomware. Storage vendors are also providing reporting tools that can help protect against ransomware by alerting users of anomalies occurring within files. The use of pattern detection on data and files alert administrators of unusual encryption levels, so they can intervene and limit the damage.

Serviceteam IT  use a number or vendors and solutions in order to protect customer data, not only for the last line of defence against ransomware, but also to provide seamless Business Continuity. Our primary solution recommendation for small businesses is the Datto ALTO. Datto ALTO is the only continuity solution designed specifically for small business. Using image-based backup, and a hybrid cloud model, ALTO delivers enterprise-grade functionality at a small business price. The ALTO easily protects any physical, virtual and cloud infrastructure running on Windows, Mac or Linux. Spin up lost servers in seconds without the need for additional tools.

Backup automatically on schedule to a local device, and replicate backups to the Datto Cloud. Recover granular data quickly from multiple points in time, and use Datto Cloud virtualisation to get back to business in minutes. Get more than just one server back up and running; virtualize your entire Infrastructure with the click of a few buttons. Be back up and running as fast as the images can boot in Datto’s Cloud. Once the crisis is past, ALTO makes it easy to get back to normal operations. Say goodbye to business down time, and hello to fast and easy business continuity all in one product.

In 2016, Datto released the first ransomware backup detection in the industry, as part of its Total Data Protection solution. Ransomware, like most illicit software, leaves an identifiable footprint as it takes over a server, PC or laptop. Datto devices actively monitor backups, and when a ransomware footprint is detected, it notifies admins that they have a likely ransomware attack on their hands. From there, recovery is simply a matter of restoring from a previous backup. Stop worrying about ransomware and get back to business fast with Datto Ransomware Backup Protection.

To learn more about what you can to do avoid losing your data, check out our brochure: Business Continuity.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , ,

Cloud Security elements every business should consider

Cloud Security has been a serious issue since the concept of the cloud began. The classic example was initially the discomfort of a shift from physically seeing the IT security infrastructure to simply trusting someone else with it virtually. Back in 2012, Serviceteam IT carried out major business process project for an insurance sector organisation. The conversation regarding data being located in the the Cloud was very short. Under no circumstances, no matter how much cheaper or how much more flexible, as cloud security was considered low.

Thankfully both the marketplace, and the organisation in the example above, have moved on and are cautiously adopting the benefits the cloud can offer. Last year the Enterprise Cloud Computing Survey from IDG revealed concerns that cloud security are still significant at 52%. Our own UK Cloud Snapshot Survey reveals 43% of respondents from UK organisations still cite cloud security as being the greatest barrier to cloud adoption. We can take encouragement from the downward trend, perhaps due to both improved cloud security and better end-user understanding.

One way to ensure a full understanding of cloud security, and security in general, is to understand the levels of your infrastructure that require protection. A simplistic multi-level infrastructure model, from the physical level, to the network level, to the applications.

Physical Security

Not so long ago physical security was a significant issue, as data centres were vulnerable and accessible to anyone almost, especially an in-office comms room. Companies recognised this risk, and therefore took the necessary steps to safeguard the physical infrastructure. Cloud has been has been a key player in alleviating physical security concerns. The expansion of the data centre for colocation, to the then centralisation of servers to purchase a ‘slice’ to now deploying applications without having to consider the server.

With almost all cloud providers, physical security concerns almost completely disappear, Partially due to the additional checks and measures carried out at data centre locations. Partially due to the distributed nature of the application, as the data will not only be encrypted on disk, but most probably meaningless as it’s balanced between multiple buckets.

Network Security

The second area to consider is the network, which is of upmost concern to Serviceteam IT. As an industry, cloud and IT professionals have made a great deal of progress in securing operating systems and basic networking.  Almost all organisations have the necessary cyber security tools, firewalls, access control lists and intrusion detection to safeguard against outside attacks to an internal network.

The greater challenge has come with the adoption of an ‘outside’ network, where the end-point is trusted, however, the traversal has been via the Internet. Cloud Connectivity can now take care of the network cloud security concerns, as the links have become both dedicated and secure.

Application Security

As the bottom of the ‘funnel’ has been, and can be, better secured, this has forced potential attackers to target higher up the stack. A common trend is tampering with customised applications, impersonating users or compromising some other user end-point. Whilst application security is a continual challenge, businesses can implement tools such as application monitoring. multi-factor authentication or group policy for additional protection and user verification.

Within the application layer, the emphasis should be on identifying vulnerabilities. Simple house keeping such as log file analysis, patch management, filters, scanners and yes, good old back-up! The digital world can be rather dangerous, therefore, security-aware application design, application security testing, and runtime application self-protection all combined with context-aware and adaptive access controls are needed.

Cloud Security Conclusion

Positioning as “inside” or “outside” security is very much for the past. Along with three digit passwords, open relays and no user-access controls. The simple recognition that perimeter defence is simply not enough. Applications need to be considered more actively in regards to their impact upon security as a whole.

Perhaps in the coming years the number of organisations expressing concerns regarding cloud security will continue to fall. Most probably when organisations are more comfortable with network security and application security is more robust.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , ,

Ransomware Backup Protection | 1 of 2

Part One | Part Two

Given the breach at the UK Governments leader in all things cyber security, the National Cyber Security Centre, perhaps now is a good time to discuss cyber security again, especially ransomware backup protection? As a little background the NCSC was opened to much fanfare by Her Majesty the Queen, and is headed up by chief executive Ciaran Martin, Director-General Cyber at GCHQ. The centre was announced by then chancellor, George Osborne, with £1.9 billion being made available for tackling cyber crime by 2020. Interestingly, the budget indicated an undisclosed amount to launch cyber attacks against terrorists and other countries.

To sum up, they have the right people, they have plenty of money, they have the full backing of government and industry. So why exactly do they not have a clue? The deliverables of the Cyber Security Essentials are, in my opinion, woefully inadequate, with the assumption of an organisations IT being in the 20th Century and not the 21st Century. By way of a simple example, their infographic regarding Password Guidance is nothing short of laughable. Such as, “Only use passwords where they are needed?” Passwords are a minimum requirement for every single element of an organisational network. No ifs or buts, which I said in Password, encryption and good Practice in 2015. I can’t stress enough the importance of Multi-Factor Authentication alongside passwords.

Why use Ransomware Backup Protection?

Using the recent WannaCry Ransomware incident as an example of how ransomware backup protection should be used, in October 2016 the NCSC published the guidance Protecting your organisation from ransomware. In the original guidance they recommended:

“Backups should be considered a last resort only, as the adoption of good security practices will mean not getting ransomware in the first place.”

Where I agree wholeheartedly with good practice to begin with, ransomware backup protection must form part of that. In mid-December they received feedback that “this line could be misinterpreted by a busy reader as”

“the NCSC does not advocate keeping backups”

Which therefore precipitated clarification, almost a month later! Backing up a bit, proving the Technical Director for Assurance has a sense of humour at least, although falling short of recommending ransomware backup protection:

Just to be clear: the NCSC recommend organisations use backups as a way to help mitigate against a wide range of potentially catastrophic problems, such as fire, theft, flooding, and – naturally – ransomware. Our intention with this paragraph was to note that whilst a backup can help minimise the harm that a ransomware incident causes to an organisation (assuming the backup is current, and is not able to be compromised itself by the ransomware), backups shouldn’t be seen as the primary defence against ransomware. Backups are a last resort, rather than a primary protection. It’s better to design and operate your systems in such a way as to minimise the chances of ransomware gaining a foothold, and to use backups as a mitigation should this occur.

Right then. Ransomware backup protection is good, according to the NCSC. In part two I’ll dicuss what to backup, and how to backup, whilst still wondering that perhaps the undisclosed element of the £1.9 billion was the greater proportion of the pot. And constantly looking over my shoulder, as I’m probably on a list, because of Britain’s nuclear submarines at risk of same cyber attack that crippled the NHS say experts on 21st May. The 36 page follow-up report, released by BASIC last week, HACKING UK TRIDENT: A Growing Threat makes really interesting reading.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Azure Multi-Factor Authenticator App | HowTo | 3 of 3

Part One | Part Two | Part Three

Azure Multi-Factor Authenticator App: In Part One I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

In Part Two I covered:

  • Enrol Accounts for Office 365 Multi-Factor Authentication

Once Office 365 Multi-Factor Authentication has been enabled and the users enrolled it is sensible for your users to install the Microsoft Authenticator App. The App can be downloaded for a number of devices:


Once the Azure Multi-Factor Authenticator App has downloaded and installed on your device.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Azure Multi-Factor Authentication Portal Step One

    Azure Multi-Factor Authentication Portal Step One

  2. Click on View account:

    Azure Multi-Factor Authentication Step Two

    Azure Multi-Factor Authentication Step Two

  3. Click on Security & Privacy:

    Azure Multi-Factor Authentication My Account Step Three

    Azure Multi-Factor Authentication My Account Step Three

  4. Click on Additional security verification:

    Azure Multi-Factor Authentication Security Privacy Step Four

    Azure Multi-Factor Authentication Security Privacy Step Four

  5. Click on Update your phone numbers used for account security:

    Azure Multi-Factor Authentication Additional Security Verification Step Five

    Azure Multi-Factor Authentication Additional Security Verification Step Five

  6. Select the Authenticator app tick box:

    Azure Multi-Factor Authentication Security Verification Options Step Six

    Azure Multi-Factor Authenticator App Security Verification Options Step Six

  7. While you are here you can add in the Alternate authentication phone. Click Configure:

    Azure Multi-Factor Authentication Security Verification Details Step Seven

    Azure Multi-Factor Authenticator App Security Verification Details Step Seven

  8. You should see the Configure mobile app message box:

    Azure Multi-Factor Authentication Retrieving App Step Eight

    Azure Multi-Factor Authenticator App Retrieving App Step Eight

  9. The Configure mobile app QR code will now display:

    Azure Multi-Factor Authentication Configure App Step Nine

    Azure Multi-Factor Authenticator App Configure App Step Nine

  10. Open your Authenticator App on your device. The example below is from an iPhone. Select the plus + sign in the top right:

    Azure Authenticator App for iPhone Step Ten

    Azure Authenticator App for iPhone Step Ten

  11. Select Work or school account:

    Azure Authenticator App for iPhone Account Step Eleven

    Azure Authenticator App for iPhone Account Step Eleven

  12. Point the camera of your device at your screen to detect the QR code. If you receive a notification to allow the App access to your camera, select Allow. Otherwise select the Or enter code manually:

    Azure Authenticator App for iPhone QR Code Step Twelve

    Azure Authenticator App for iPhone QR Code Step Twelve

  13. You should now have a new account:

    Azure Authenticator App for iPhone Complete Step Thirteen

    Azure Authenticator App for iPhone Complete Step Thirteen

  14. The activation status will now be checked:

    Azure Multi-Factor Authentication Checking Status Step Fourteen

    Azure Multi-Factor Authentication Checking Status Step Fourteen

  15. Click Save:

    Azure Multi-Factor Authentication App Configured Step Fifteen

    Azure Multi-Factor Authentication App Configured Step Fifteen

  16. Click Verify preferred option:

    Azure Multi-Factor Authentication Configure App Step Sixteen

    Azure Multi-Factor Authentication Configure App Step Sixteen

  17. You should now see the Verifying app notice:

    Azure Multi-Factor Authentication Verifying App Step Seventeen

    Azure Multi-Factor Authentication Verifying App Step Seventeen

  18. Open the Authenticator App on your device. Enter the code in the verification code box. The code will change every thirty seconds. Click Verify:

    Azure Multi-Factor Authentication Verification Code Step Eighteen

    Azure Multi-Factor Authentication Verification Code Step Eighteen

  19. If you receive a Verification failed error it’s most probably because you were too slow:). Click Retry and repeat steps 16, 17 and 18:

    Azure Multi-Factor Authentication Verification Failed Nineteen

    Azure Multi-Factor Authentication Verification Failed Nineteen

  20. Once successful you will see an Updates successful notice. Click Close:

    Azure Multi-Factor Authentication Setup Success Step Twenty

    Azure Multi-Factor Authentication Setup Success Step Twenty

  21. That’s it. You will now be returned to the Portal home page. I recommend using the Notify me through the app option by going through steps 1 to 5 to return to:

    Azure Multi-Factor Authentication Select Option Step Twenty One

    Azure Multi-Factor Authentication Select Option Step Twenty One

In order to test, log out of the portal then log back in. You will be prompted for your verification code or your device will notify you that verification is required depending upon which option you chose.

One final task is to create and assign App Passwords, which I will cover in two future posts: Office 365 App Password | HowTo | 1 of 2

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!