What is SaaS Ransomware? How Can You Defend Against It?

Software-as-a-Service (SaaS) has revolutionized the way businesses operate. But alongside its benefits, SaaS brings with it potential threats. When software and data are online, they’re more vulnerable to attacks. One of the latest threats to move from endpoint devices to the cloud is ransomware.

Between March and May of 2023, SaaS attacks increased by over 300%. A study in 2022 by Odaseva found that 51% of ransomware attacks targeted SaaS data.

What is SaaS ransomware?

SaaS ransomware is also known as cloud ransomware. It’s malicious code designed to target cloud-based applications and services. These include services like Google Workspace, Microsoft 365, and other cloud collaboration platforms. Here are some tips to defend your business from SaaS ransomware.

Educate your team

Start by educating your employees about the risks of SaaS ransomware. Include how it spreads through phishing emails, malicious links, or breached accounts. Teach them to recognize suspicious activities and report any unusual incidents immediately.

Enable multi-factor authentication (MFA)

MFA is an essential layer of security. Enabling MFA reduces the risk of unauthorized access. This is true, even if a hacker compromises an account’s login credentials.

Regular backups

Frequently backing up your SaaS data is crucial. Having up-to-date backups ensures that you can restore your files. You won’t need to pay the attacker’s ransom demands and you’ll get your business back up and running faster.

Deploy advanced security solutions

Consider using third-party security solutions that specialize in protecting SaaS environments.

These solutions can provide many benefits including:
• Real-time threat detection
• Data loss prevention
• And other advanced security features

Apply the principle of least privilege

Limit user permissions to only the necessary functions. By doing this, you reduce the potential damage an attacker can do if they gain access.

Keep software up to date

Ensure that you keep all software up to date. Regular updates close known vulnerabilities and strengthen your defense.

Track suspicious account activity

Put in place robust monitoring of user activity and network traffic. Suspicious behavior can be early indicators of an attack. One example to watch for is several failed login attempts. Another is access from unusual locations.

Develop an incident response plan

Prepare and practice an incident response plan. It should outline the steps to take in the event of a ransomware attack. A well-coordinated response can mitigate the impact of an incident. It can also aid in faster recovery. The sooner your team can respond, the faster business gets back to normal.

Windows Fall Creator’s Update: Breaking More Than It’s Fixing

Jason Cooley is Support Services Manager for Tech Experts.

Microsoft dominates the world of operating systems. Windows has been a part of our lives for years and some of us can’t remember a world without it.

Each time Microsoft rolls out a new operating system, it is updated and patched for years for various reasons.

Over the lifespan of a Windows operating system, there are various security updates perhaps more than any other type of update.

There are fixes for issues, whether that’s problems with Windows itself or interaction with other hardware and software.

Then there are the outliers: Windows feature updates. These updates typically introduce new features or changes to the core function of the operating system. Feature updates can improve the user experience for many people.

Windows 10 launched in 2015 and, like all of its predecessors, did not launch with perfection. There have been numerous updates of all kinds since its launch. Those security patches, hotfixes, and even a handful of feature updates had rolled out by October of 2017.

That is when Microsoft released the Window’s Fall Creator update. This update was going to create a better user experience. Personal connections were going to be easier to make.

A new application allowing you to resume work or browsing started on a mobile device like a smartphone on your computer was introduced as well. There were a few security updates as well.

All in all, the Fall Creators Update was going to fix a few bugs and introduce some quality-of-life improvements.

In previous versions of Windows, the updates were able to be shut off and postponed.

Large scale feature updates are known to have some complications when rolled out.

That is why these updates are not “pushed” when initially launched, but available to download as an optional update at first.

Upon this introduction window, there were, as expected, reports of problems coming in. What was not expected was the range of issues and the severity of some.

The first issue arising from the release of Windows 1709, the Fall Creators Update, was the update failing to install.

Many people reported issues of an error when attempting to install the update. The initial portion would install, but the finalizing of the updates upon a restart would fail.

If that wasn’t frustrating enough, if the update did manage to install, it was reported that the applying updates portion could take two hours (and in some cases as many as ten hours).

Then, let’s assume you got that far. Maybe you want to use Microsoft Edge, the Microsoft browser of choice. With the 1709 update, many users found that Edge was essentially broken. It would crash repeatedly.

Then, bring in the numerous broken drivers. Imagine an update breaking your Ethernet adapter. It happened. Applications disappeared, began opening on their own, and in some cases just didn’t work. The problems continued to roll in.

Many of these issues were resolved in a timely fashion and some were not. In mid-January, Microsoft declared the Fall Creators Update ready for business. This means that the update would be pushed out to anyone that was not already using it.

After 3 months, many issues were still present and others would soon be discovered.

Many users of corporate software and other specialty software were surprised by software that no longer worked. In some cases, the suggested fix was to roll back the update, which will force itself to reinstall shortly after.

There have been some big patches to fix these issues since January and I’m hoping that in another three months Microsoft will have all of these issues resolved.

Time To “Bite the Bullet” And Upgrade Your Software

From the largest of the large companies to the everyday home user, there comes time when you have to upgrade your software, either by force or necessity.

No one wants to spend money to upgrade their software when they feel it still works and functions for their needs, but truthfully, that old reliable software needs to go.

The most important thing to remember is that software companies don’t end support of their software out of malice. It’s simply a business decision.

For a company to continue to release updates and patch security exploits, it would require countless man hours from software engineers, support staff and help desk personnel.

At the same time, they would be continuing to support software that is outdated in functionality and design. No company can survive in today’s fast-paced world by sitting idle.

By not upgrading your software, you are – by your own means – opening yourself and your company up to cyber-attacks from hackers taking advantage of the security exploits that are no longer being patched. This is the single most important reason to upgrade your outdated, End of Life (EOL) software.

While software companies do release new versions of their software and EOL old versions of their own accord, there are times when they too are forced to make changes due to upgrades in an Operating System (OS).

Consider Windows 98, which was the typical OS for several years and boosted a huge selection of software titles ranging from games to business productivity applications.

But when the following Windows releases came along (like XP, 7, 8, and 10) and grew in popularity, any software company that wanted to continue to stay unburied had come up with new versions of their software that would be compatible with each of the new OS platforms.

This, in turn, would force people to upgrade if they wanted to continue to use their software.

Businesses that use programs like Microsoft Office could feel like they are forced into upgrades. This is understandable, but at the same time, you have to make sure your business stays productive and secure.

With hackers waiting for the opportunity to gain access to your business, it’s imperative to make sure you do everything you can to block the attacks. And, yes, this includes upgrading your operating system and software.

There is light at the end of tunnel, however. Companies like Microsoft and Adobe have redesigned the way they sell their software.

No longer will you be locked into one version, whether you purchase the software by the retail copy or by volume license.

They offer plans that allow you subscribe to use the software and during your subscription period you are entitled to receive free version upgrades if there any. They have released subscription plans for large companies, students, and everyday home users.

Remember: it’s better to “bite the bullet” than be struck by the bullet. For assistance with software upgrades or ask questions about the security of your business and software, contact us at (734) 457-5000, or email us at info@mytechexperts.com.

Strategically Upgrading Your Computer Systems

Michael Menor is Vice President of Support Services for Tech Experts.

With technology growing faster than most businesses can keep up with, organizations have to continuously upgrade their solutions in order to maintain a semblance of modernity. The only issue with this is that many businesses can’t keep up, simply because they don’t have a team that’s dedicated to this important task.

What technology upgrades should be made a top priority and why?

Naturally, the first thing you need to know about workstation and technology updates is that you need to integrate them periodically in order to ensure optimal security for your organization.

Most viruses and malware will attempt to take advantage of weaknesses in your infrastructure in order to infiltrate it.

These weaknesses in your software and operating systems’ source code will ultimately allow these threats to force their way into your network, putting any contained information at risk.

These flaws are often addressed in software patches and system updates issued by the software developer, but tackling the updates in a timely fashion is a whole other monster.

Managing all software updates is easier said than done, especially without a dedicated IT department watching over your technology. Regular maintenance is often pushed to the back burner and dangerously close to being forgotten about.

Therefore, the best way to make sure that your systems are prepared to handle the threats that are found in today’s computing environment is to make upgrading your technology a priority for your organization.

Software Updates
There are several programs that your organization needs in order to stay functional, so your software updates aren’t limited to just your workstations’ operating systems.

The fewer unnecessary security flaws that can be found in your IT infrastructure, the safer your information will be.

Furthermore, users who are working with top-notch, optimized technology will be far more productive than they would be if they were using sluggish, bogged down computers.

It doesn’t make any sense to let your employees use machines that hold them back from achieving their maximum productivity.

In fact, sometimes you might encounter a situation where using a different software will be better for your business strategy.

It’s always recommended that you consult with a professional technician before making drastic changes to your business’s software infrastructure.

Antivirus Updates
Your antivirus solution is often a software solution, but virus and malware definitions are continuously being updated.

If your antivirus and other security software solutions aren’t properly maintained, it’s like you’re “leaving your keys in the front door,” so to speak.

Your antivirus solution needs to be managed on all workstations – or, better yet, centrally controlled from the server to ensure that all users are protected and up to date at all times.

Hardware Updates
Older hardware that’s been around the block a time or two might have proven reliable, but it will eventually start to show signs of its old age. Hardware failure becomes more likely and you run the risk of losing information due to the degradation of your technology.

This is why monitoring your systems for faulty tech and periodically upgrading to more recent models is preferable, if not necessary.

Granted, all of these software and hardware upgrades may feel overwhelming. This is why Tech Experts offers a remote monitoring and maintenance solution that’s designed to administer patches to your mission-critical systems remotely.

This helps your organization ensure that your systems are always up-to-date. We can also monitor your infrastructure for any irregularities that might be caused by hardware malfunctions, hackers, and much more. Call us at (734) 457-5000, or email info@mytechexperts.com to learn more.

IT Consultations: Trust In Those That Know

Scott Blake is a Senior Network Engineer with Tech Experts.

It seems that these days anyone can read an article or watch a video online and consider themselves an expert in one way or another, but when it comes to upgrading or making changes to your business infrastructure, is it wise to take and follow the advice of someone that has no hands-on or working knowledge of the IT industry or your business?

Ask yourself this: if your car needed repairs, would you take it to a lawyer or a mechanic?

Instantly, you answer “the mechanic” because the mechanic works on cars.

So in comparison, should you follow the advice of a visiting client, sales rep, or friend of an employee?

No, because none of these people know the intricacies of your business IT needs and functionality.

Will they know to check with your software vendors to verify compatibility with a new operating system?

If the plan calls for upgrading workstations and/or servers that are running outdated, unsupported operating systems, you need to check and make sure your existing software is supported on the new operating system.

Usually, accounting and office productivity software are the types most affected by changes in operating system platforms.

In some cases, a business may have spent large amounts of money to have specialized software written years ago, but unfortunately, it may not install or run on a modern operating system.

Will they know how to check and see if your internal network wiring needs to be upgraded?

If the plan calls to move your business phone system to a VOIP system, you need to make sure your existing network cabling will support it.

Cabling has categories and certain categories are more applicable to your needs than others.

Whoever is handling your IT needs to recognize what would be best and what wouldn’t work in your situation.

Keep in mind that when upgrading, you’re also future-proofing. It’s best to spend a little more on higher-quality equipment to extend the life of your upgrade.

Will they know how to calculate the amount of disk and cloud storage your business will require?

Electronic storage for your business is key. Knowing what needs to stay local and what needs to be stored in the cloud is paramount to your business’ success (and recovery, should there be a disaster).

The cost of secure cloud storage needs to be weighed against the cost of maintaining on-site local data storage. Localized storage will allow for faster access while in the building.

However, if your business has remote employees, cloud storage would be the optimal way to allow access to documents, applications, and software without having to support RDP or VPN connections into your network. This reduces the risk of outside intrusion.

Are they able to suggest the correct security devices and software for your business?

The security needs for every business are different. What works for Bob’s Golf Land may not be the best solution for your business.

A proper evaluation of your business network needs to be performed. Certain questions need to be asked and answered, such as “is a software-based firewall best for your business?” or “will you need dual WAN routers to allow for multiple ISP connections?”

If you have any doubt after considering these questions, you’ve got the wrong person for the job.

Seek out an experience and established IT professional and before making any changes, consult with them. Trust their advice. They will evaluate your business infrastructure and build a plan of action for successfully upgrading your business network and equipment.

Interested in a network evaluation or an infrastructure upgrade consultation? We can do those too… and we do it right! Contact us at Tech Experts — (734) 457-5000, or info@mytechexperts.com.

The Real Risks Of Running Outdated Software

Michael Menor is Vice President of Support Services for Tech Experts.

Are you still holding onto your trusty old server that’s aging towards uselessness?

Or perhaps you are still running important applications on older servers with old operating systems because they’re “good enough” or “doing the job just fine.”

In many ways, your old server is like a trusty old car. You know where the kinks are and it gets you where you need to go.

But lurking below the surface of that trusty old car, and your old server, can be hidden risks that can result in very big problems, even dangers. Usually, when least expected.

Security risks are the number one danger of older technology. The older your operating system or application, the longer the bad guys have to find and exploit vulnerabilities.

This is especially true when the manufacturer is no longer actively maintaining support. Dangers can lurk across the entire aging application platform.

Your older versions of SQL Server are at risk. Perhaps you are still using an old FTP server that’s innocently sitting in the corner. Or you have some older network equipment and appliances.

The bottom line is anything that listens on the network is a potential threat to the server, and therefore your business.

If that software or firmware isn’t up to date, you’re doubly at risk of a major security incident.

Here are the top 5 risks you’re taking with running outdated software:

Crashes and system downtimec505825_m
Aging systems are more vulnerable to failure, crashes and corruption causing significant downtime.

Targeted technology upgrades can reduce total annual outage risk and reduce downtime.

Increased costs
Outdated software is more expensive to maintain than newer versions. Failing software increases costs by overloading IT personnel. The process of applying patches is also costly and time consuming.

Updated software portfolios not only decrease maintenance costs but also free up IT budgets for more strategic and innovative programs.

Decreased productivity
Aging software applications that crash or require maintenance result in reduced employee productivity.

Modernizing software increases productivity by improving the efficiency and quality of work.

Security holes
Mission critical software is more vulnerable to security breaches as it ages. A security breach can compromise sensitive customer and employee information, and proprietary company data.

Legal and regulatory compliance risks
Updated software ensures compliance to governance, regulation and policy as regulatory bodies continue to mandate new global requirements.

This is especially important for healthcare professionals that need to comply with new HIPAA regulations.

With older technology, any of the above risks can strike you at any time. The consequences can be loss of productivity, or worse, loss of critical data that negatively impacts your business.

Perhaps “good enough” isn’t really good enough after all.

(Image Source: iCLIPART)

How To Know If You Have A Virus Infection

by Jeremy Miller, Technician
There is a lot of anti-virus software on the market today. They are created from many different software developers. All of them are a little different in how they protect your system.

There is no guarantee that your anti-virus software can protect you from any virus out there.

First let’s look at how anti-virus software works. Anti-virus software is usually installed on your computer, then it is scheduled to scan your computer regularly. A virus scan will scan each file on your computer for a “known” virus signature.

A virus signature is a piece of code that is known to your anti-virus software manufacturer as a virus. If your anti-virus detects a signature it will either remove it or ask you how to handle the file. You should remove any viruses that your anti-virus finds for you.

Most anti-viruses come with heuristic protection as well, which is when your anti-virus is able to detect suspicious activity on your computer.

Viruses are known to leak information, such as online banking information, or any other personal or confidential information.

They can lie dormant waiting for a specific user interaction before becoming active. They have the potential to cause unrepairable damage to computer operating systems.

There are many ways to get a virus on your computer with having an anti-virus software installed. The main reason is that virus developers have studied many different anti-virus software, and have been able to write viruses that cannot yet be detected by most anti-viruses.

The reason your anti-virus software cannot detect a newly written infection is because the anti-virus manufacturer has not yet seen the virus and does not have a signature in the database for it. This is the big reason why you should keep your anti-virus software up-to-date.

Another reason that your anti-virus software might not detect a virus would be because you trusted it.

Have you ever saw a pop-up on your screen asking for your permission to allow a program to run? If so then you may have allowed a virus to infect your system.

The last most common cause of infection is attempting to “Speed up your PC.” There is a lot of software out there that claims to speed up your PC for free. The problem is that good software is not free. Some free versions of software can actually slow your computer down, to promote the paid-version.

Also when downloading this software, there is usually a few links that look like download links.
If you click on the wrong one, you may install a virus. Also once you do get the right link, there are usually additional software included during the installation process.

You should always pay attention to every screen during the installation process to make sure you are only installing what you intended to install. There are a number of ways to detect if you may have a virus on your computer.

Your computer should behave regularly. This means your computer should not have any drastic changes day-to-day.

If you have lost access to something, or cannot connect to sites or services that you normally can you may have a virus. If you are browsing the Internet and your address bar does not go directly to the site you want, you may have a virus.

Also if your computer takes longer to startup than usual, this may be a sign of a virus.

If you have any of these symptoms on your computer or if you would like to proactively manage your computer’s security, you should contact us for assistance.

We recommend regular check-ups for your computer to prevent any malicious activity on your computer. You can contact us to work out a plan to combat malicious activity on your computer that will be simple and easy to understand.

 

Slow Down And Save Your Software Media

My how times have changed. Nothing seems to change as fast as they do in the computing world. In particular the way they package and distribute software.

When I first started in this business many years ago, computers had no hard drives and came with two 5-1/4” floppy drives. One drive was what you used to load the operating system into memory and load the program. The other drive was for storing your data.

Then came hard drives, with operating systems permanently loaded on the drive. If you wanted to load additional programs, you would go to the store and buy the program. It typically came with a large number of 3-1/2” floppy disks. You could
spend an hour or more loading a new application onto your system.

Then as things evolved, programs started shipping on CDROMS. This media was much more durable than floppy disks. With the dawn of the Internet and the variety of places to purchase software, most companies now allow you to buy and download the software immediately.

This is no doubt due to the availability (and popularity) of high speed Internet access. You can purchase a copy of Microsoft’s Office Basic 2007 and download and install the program all in less than an hour.

We’re starting to see a problem though, with the easy availability of software applications – users who don’t create any backup  disks or restore disks during the initial setup of their new computer, or when they download a new program. I am sure the anxiousness of having a new computer means they want to enjoy their new computer as soon as possible.

Please, take the time to make these disks! I’ve found that hours of time and numerous service dollars can be saved if the disks are readily available for the technician to use.

I had a business client recently who needed to have Microsoft Office reinstalled on a station. I said “Sure where are your disks?” He said that a co-worker had borrowed them and he needed to get them back.

A few days later he called and said he had the disks. I drove to the client’s office, only to discover he had the disk for re-installing his operating system, not Office Basic.

I was able to go online and download his software, because he did have his install code. Unfortunately, the download takes quite awhile.

This just illustrates the need for keeping copies of all your software that is installed or may need to be re-installed. If you’d like assistance with this cataloging your software library, please don’t hesitate to give us a call.