Call (716) 373-4467
10Aug

Texts from a Hacker

by Amanda Lasky

With the breach of Reddit being disclosed this week, it’s key to remember the importance of robust cybersecurity, given that the hacker of the site was able to bypass 2FA. The actor was able to do this by using a method called ‘SMS intercept’ which is when the hacker is able to receive the text that contains the code for authentication. One way this is done is by SIM-swap, which is when the attacker convinces the phone provider that he is the target and applies their service to a new SIM card. Another method of attack is when bad actor impersonates the target and tricks the phone provider into transferring the target’s number to a new provider where the attacker is then able to access any 2FA codes coming into the phone.

A more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack. Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful, and publicly too considering Reddit is one of the most popular sites on the internet.


Databranch has recently started offering a new Cyber Security offering. We will monitor your credentials in real-time on the Dark Web and notify you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Please call 716-373-4467 x 15, email info@databranch.com, or click here to get started!


What Does End of Support Mean?

  • No Updates will be developed or released after the end of support *Almost 100 critical updates have been released so far in 2018*
  • No Compliance with most industry wide compliance standards and regulations.
  • No Safe Haven - All physical and virtualized instances of Windows 7, Server 2008(R2), and Small Business Server 2011 will be vulnerable to security threats.
What Should I Be Doing?
  • Start planning your migration NOW
  • Determine how many instances of Windows 7, Server 2008(R2), and Small Business Server 2011 are being utilized in your current network setup.
  • Assess the upgrade path for applications that currently run on the Windows 7, Server 2008(R2), and Small Business Server 2011 operating systems.
  • Allocate resources and budget for necessary hardware upgrades to transition to Windows 10 and Server 2016.
The good news is we are still over a year away from the end of support date but it's important to start preparing soon. At Databranch, we have successfully migrated numerous clients from Windows 7, Server 2008(R2), and Small Business Server 2011 to newer, supported operating systems. Our account managers are excited to work with you to create a migration plan for your organization and can be reached at 716-373-4467, info@databranch.com , or click here to request an appointment.




Databranch Offers Monitoring and Alerting of Stolen Digital Credentials, Increasingly Valuable Asset on Dark Web

Olean, NY –8/1/2018 – Databranch announced its new Dark Web monitoring services provided through its partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, Databranch offers around the clock monitoring and alerting for increasingly compromised digital credentials, scouring millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards and illegal black-market sites.

“Databranch views Dark Web ID monitoring services as a critical component of our managed security suite. Through the detection of compromised credentials, we are able to offer another security layer for our clients and respond to threats against their networks in an efficient, proactive manner.” said David Prince, President at Databranch.

The Dark Web is made up of various digital communities, and while there are legitimate purposes for the Dark Web, it is estimated that over 50 percent of all sites on the Dark Web today are used for criminal activities, including the disclosure and sale of digital credentials. 

“Digital credentials such as usernames and passwords are widely used to connect to critical business applications – the reason these credentials are among the most valuable assets found on the Dark Web,” said Kevin Lancaster, CEO of ID Agent. “Unfortunately, the unaffordability of cyber offerings has played into the cyber poverty line experienced by small businesses. Dark Web ID, however, delivers an affordable model that provides small businesses with the same advanced credential monitoring capabilities used by Fortune 500 companies to organizations in the SMB and mid-market space.”

Dark Web ID is the industry’s only commercial solution available to detect customers’ compromised credentials in real-time on the Dark Web. It vigilantly searches the most secretive corners of the Internet to find compromised data associated with your customers’ employees, contractors and other personnel, and notifies them immediately when these critical assets are compromised. There are a few competitors in the market but none completely focused on the Dark Web as ID Agent’s solution.

About ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company's flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyze and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets their digital identity. From monitoring your organization’s domain for compromised credentials to deploying identity and credit management programs in order to protect the employees and customers you serve ID Agent has the solution. For more information, visit: http://www.idagent.com or go to LinkedIn, Twitter or Facebook.

About Databranch

Databranch, Inc., is an IT consulting and outsourcing provider serving local, national and international businesses in Western New York and Northwestern Pennsylvania since 1985. We help our clients use information technology to cut costs, increase efficiencies and enhance customer service across four main areas: managed technical services, networking, security, and data protection.

The Databranch staff is made up of highly skilled, experienced and certified professionals. Our clients look to us to provide technology solutions that work. We offer consulting services that provide organizations with the best possible solutions for the most affordable price that are executed with a personal touch.

Key Benefits of working with Databranch:

• Reduce complexity of managing your technology infrastructure.

• Gain confidence that your technology is aligned with your business goals.

• Have a team of skilled and certified technology professionals backing you at every step.

• Maintain flexibility, choice and control over your business.

For more information, visit:  http://www.databranch.com or go to LinkedIn, Twitter or Facebook.

Contact:                                                          

Amanda Lasky

Databranch, Inc.

716-373-4467 x 15

alasky@databranch.com


 

20Jul

The Cost of a Breach

by Amanda Lasky

A recent study conducted by IBM provides some context to the same old story that you hear in the news of big bad breaches and how scary they are for your business. The Cost of a Data Breach Study by Ponemon* puts numbers to these stories and provides a wealth of analysis so even someone who has never used a computer before can quantify the seriousness of a breach… as long as they are familiar with money.

The average cost of a breach increased this year by 6.4%, with the per capita cost rising less, but only barely, by 4.8% (page 3). The cost of a data breach varies greatly by country, with the United States average breach price coming in at $7.91 Million and per capita costing $233. Canada’s per capita cost is the second highest out of the nations surveyed at $202 per record, and their average price of a breach is $4.74 million. Australia’s cost of a breach is less than the US and Canada, but Aussies are far from getting off free. The average cost of a breach down under is $1.99 million and the per capita cost averages at $108 (page 13).

The study also explored the main factors that were found to affect the cost of a breach, stating 5 major contributing factors that could make the difference between a manageable breach vs a mega breach. The loss of customers following a breach, the size of the data breach, the time it takes to identify and contain a breach, management of detection costs and management of the costs following a breach are the factors that most contribute to the cost of a breach (page 7). The time it takes to identify a breach being a major contributing factor to the cost of a breach is particularly important due to the fact that organizations saw an increased time to identify a breach this year. This can be contributed to the ever-increasing severity of malicious attacks companies face and highlight the need for proactive monitoring for breaches, as well as a serious focus on cybersecurity on a management level. That’s why tools such as Dark Web ID™ that dredge the Dark Web for personal information and credentials can contribute greatly to decreasing the cost of a breach. Organizations that identified breaches within 100 days saved more than $1 Million (page 9) compared to companies who did not. That says a lot because after all… money talks.

Databranch has recently started offering a new Cyber Security offering. We will monitor your credentials in real-time on the Dark Web and notify you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Please call 716-373-4467 x 15, email info@databranch.com, or click here to get started!

*Source: Ponemon Cost of Breach Study 2018

  1. The URL does not match the link provided or is not a recognizable website. Hover over all links prior to clicking on them.
  2. Don’t trust the name listed right after the From: - Check the actual email address.
  3. The message contains poor spelling and grammar.
  4. Analyze the greeting – Is it vague or personalized?
  5. The message asks for personal information – A reputable company will never ask for your password, credit card number, social security number, or the answer to a security question via email.
  6. The email includes an attachment but no message.
  7. The offer is too good to be true or you didn’t initiate the action – You can’t win if you never entered the contest.
  8. You’re asked to send any kind of money upfront
  9. The email includes urgent or threatening language
  10. It just doesn’t look right – Listen to your gut and reach out to the sender through another medium.

Databranch offers end-user security trainings for organizations of all sizes. If you are interested in setting one up for your company, please reach out to Amanda at 716-373-4467 x 15 or alasky@databranch.com.




We are very pleased to announce the promotion of Adam Summers to Field Engineer. 

Adam joined the Databranch team in October of 2016 and during that time has obtained new certifications from Alcatel-Lucent and Datto. 

Adam has become our primary new telephony project engineer and continues to develop his skillset as a network engineer.

Currently, Adam holds the following certifications:
  • CompTIA A+
  • CompTIA Network+
  • Alcatel-Lucent Certified Field Expert - OXO Connect
  • Alcatel-Lucent Certified Field Expert - LAN/WLAN for SMB
  • Datto Technical Specialist II

Please join us in congratulating Adam for a well-earned promotion!


We are very pleased to announce the promotion of Adam Rix to Systems Engineer. 

Adam joined the Databranch team in July of 2013 and during that time has obtained numerous Microsoft certifications as well as certifications from SonicWALL and Datto. 

Adam has become our primary new server project engineer and has excelled at bringing projects in on time and on budget while demonstrating great calm when faced with challenging situations.

Currently, Adam holds the following certifications:
  • CompTIA A+ and Network+
  • Datto Technical Specialist II
  • MS MCP Windows 10
  • MS MCSA Windows 10
  • MS MCP Office 365
  • SonicWALL CSSA (Network Security Basic Administration)
Please join us in congratulating Adam for a well-earned promotion!

The Ultimate Disaster Recovery Checklist

World Backup Day is March 31st, 2018. Take the pledge to backup your data here.

Prepare yourself before disaster strikes. When it comes to data backup and disaster recovery (BDR), being prepared for potential disasters is key to keep your business running. It’s not only important to have a disaster recovery solution you trust, but to make sure you test it as well.

Keep this DR checklist on hand.

Prior to a disaster ever occurring (and unfortunately, it’s a matter of when and not if) ask yourself the following:
  • Do you have a disaster recovery solution in place?
  • Do you trust it?
  • How often do you currently backup these systems?
  • When was the last time your backup was tested?
  • How long does it take to recover from your current backup solution?
  • How long can you realistically be down? 1 hour? 1 day?
  • How much production time on your servers are you willing to lose?
  • When a disaster occurs, is there an offsite copy?
  • How much data is on your critical business systems?
  • How many employees would be affected if the critical systems failed?
  • What would be the average wage of the affected employees (dollars/hour)?
  • What is the overhead cost per hour of the affected employees (dollars/hour)?
  • How much revenue would be lost as a result of a system failure (dollars/hour)?
  • What is the financial cost of downtime to your business?

The disaster moment has occurred—time to walk through the following steps:

1. Assess the problem and its impact on your business
Every disaster is different. Before doing anything, understand the underlying issue and how it may affect you.
  • Is the issue local to one machine, or does it affect your entire system?
  • Have files been deleted or are servers/workstations down?
2. Establish recovery goals
Recovery is what makes a BDR solution different from a simple backup product. Plan out your road to recovery.
  • Restore the system, the data, or both? Should time be spent recovering files and folders before system recovery?
  • Identify critical systems and prioritize recovery tasks.
  • What date/time should you recover from?
    • How long can your recovery take?
3. Select the appropriate recovery type(s)
To get to your “road to recovery”, the appropriate recovery procedure must be followed. Think about which approach will best get you to your end goal.
  • File restore OR
  • Local virtualization OR
  • Off-site virtualization
4. Verify the recovery and confirm functionality with users
Once a recovery is verified, confirm that it interacts positively with users.
  • Test network connectivity.
  • Ensure all users can access resources and applications in the virtual environment.
5. Restore the original system(s), if needed
If the original system(s) needs to be restored, decide which restoration process will work best.
  • Bare metal restore OR
  • Virtual machine restore
6. Self-assess afterwards
After it’s all said and done, take a step back and think about it: How well did your team do? What could you have done differently?
  • What precipitated the failure?
  • What ongoing issues need to be addressed?
  • What can be done better in future DR scenarios?


Olean, NY— February 2nd, 2018 — Databranch, Inc., an information technology solution provider specializing in Managed Services, Networking, Data Protection, and Security today announced it has achieved a Silver Datacenter competency, demonstrating its ability to meet Microsoft Corp. customers’ evolving needs in today’s dynamic business environment. To earn a Microsoft silver competency, partners must successfully demonstrate expertise through rigorous exams, culminating in Microsoft certifications. And to ensure the highest quality of services, Microsoft requires customer references for successful implementation and customer satisfaction.

 “This Microsoft Datacenter competency showcases our expertise with today’s rapidly evolving cloud technology market and demonstrates our knowledge of Microsoft’s hybrid solutions including Microsoft Azure and Microsoft Server,” said David Prince, Databranch President. “Through our achievement of this competency we are better able serve as technology advisors for our clients as they evaluate and determine the right Microsoft server solution for their organization.”

“By achieving a silver competency, organizations have proven their expertise in specific technology areas, placing them among the top 5 percent of Microsoft partners worldwide,” said Phil Sorgen, corporate vice president, Worldwide Partner Group at Microsoft Corp. “When customers look for an IT partner to meet their business challenges, choosing a company that has attained Microsoft competencies is a smart move. These are highly qualified professionals with access to Microsoft technical support and product teams.”

 The Microsoft Datacenter competency is earned by demonstrating expertise and commitment to delivering flexible, scalable, and cost-effective solutions tailored to businesses and organizations of all sizes. Because of our focus in helping clients adopt the right server solution to accelarate their business operations, we invested and attained this competency to project our readiness to address the rising customer demand for hybrid solutions and networks that utilize both on-premise and cloud technology.

The Microsoft Partner Network helps partners strengthen their capabilities to showcase leadership in the marketplace on the latest technology, to better serve customers and, with 640,000 Microsoft partners in their ecosystem, to easily connect with one of the most active, diverse networks in the world.


Over the weekend, the world experienced one of the most severe ransomware outbreaks in history, with businesses of all sizes in over 150 countries impacted. As ransomware becomes a household name, one thing is for certain: Global cybersecurity has reached a moment of emergency.

So here are the critical questions for your business:
  • Do you have backup and disaster recovery system in place?
  • Is all of your software up-to-date?
  • How's your antivirus/firewall?
  • Is your Microsoft patched?

If you are a Databranch Managed Services client, your SonicWALL Gateway Security Suite, Symantec End Point Protection, Proactive Maintenance/Microsoft Patching, and Datto Business Continuity solution have provided an excellent first line of defense and we are diligently working to keep your business protected from future attacks.
 
This is just the beginning of ransomware attacks in 2017 and we would like to help get your business ready for what's to come. We are offering a complimentary security/data protection assessment this week to anyone who needs peace of mind that their network is secure following this weekend's attack.

Call our team today at 716-373-4467 x 15 or email alasky@databranch.com to schedule a time for us to come review your network.