Bluetek IT Solutions Blog

Not a day goes by we don’t hear about another “ransomware” attack, it seems – including high-profile attacks on a major U.S. oil pipeline and the world’s largest meat processing company.

President Joe Biden pressured Russian President Vladimir Putin to crack down on ransomware attacks to “avoid unnecessary action.”

As the name suggests, ransomware is an attack that locks your computer and demands a ransom to give back your data.

Cybercriminals typically target businesses and governments – in the hopes they’ll pay bounties to release files and perhaps avoid a public relations disaster – but opportunistic crooks also extort money from regular computer users, like you and me. Because hey, it all adds up.

You might sit down to use your laptop or desktop and see an on-screen alert that your computer has been locked or that your files have been “encrypted.” To obtain a decryption key, you must pay up. The ransom demanded from individuals varies greatly, but it's typically a few hundred dollars and must be paid in difficult-to-trace cryptocurrency, such as Bitcoin.

A torn-down virtual infrastructure creates risks for any business. And it can have a significant impact on how quickly you can retrieve your data and resume operations following an attack.

These days, many businesses use virtualized infrastructure for more straightforward data storage. It’s because this approach is superior to physical solutions due to enhanced flexibility, straightforward provisioning, and affordable pricing. 

However, this model also requires a comprehensive approach to security. 

There’s a much greater risk of data loss, as many tools and practices for physical data protection are nearly useless in the virtual setting. Virtual threats are different, that’s why you need to think beyond traditional perimeter protection. 

So, if you’re using a virtualized infrastructure for data storage, keep reading. 

This article discusses the risks of improper virtualized infrastructure security and talks about ways you can improve it. 

Most companies know this by now. What they’re trying to figure out is: how can they avoid becoming yet another bad example?

The short answer is, thinking critically about the data you’re collecting and how you’re using it needs to be everyone’s job. Expanding the circle of who is in the room helping to question, build, and monitor algorithms is the only way that we will develop responsible AI. Doing that work requires data literacy — the ability to parse and organize complex data, interpret and summarize information, develop predictions, or appreciate the ethical implications of algorithms. Like math, it can be learned in beginner and advanced modes, spans multiple disciplines, and is often more practical than academic.

Data is one of the most important assets for many organizations. A significant level of care should be given to prevent data security incidents. However, despite the best plans and intentions, both man-made and natural disasters can occur at any time. The best course of action is to prepare in advance, ensuring that your enterprise has a well-developed disaster recovery plan in place to deal with potential occurrences.

The best disaster recovery plans are prepared with a logical knowledge of your environment. An organization that thoroughly evaluates possible threats, vulnerabilities and probabilities of a disaster can help ensure a more cohesive and cost-effective recovery plan. 

To get started, you should identify the critical assets that you'll need to protect in the case of a disaster. The corresponding vulnerabilities and potential threats should be assessed and preferably quantified. Based on the probability of a disaster occurring, the risk can be quantified as well. Then, your organization can build a recovery plan that prioritizes assets that meet a calculated risk threshold. Note that data recovery is the primary asset for most information security disaster planning, so make it a priority. 

Nobody likes passwords. They’re inconvenient. They’re a prime target for attacks. Yet for years they’ve been the most important layer of security for everything in our digital lives—from email to bank accounts, shopping carts to video games.

We are expected to create complex and unique passwords, remember them, and change them frequently, but nobody likes doing that either. In a recent Microsoft Twitter poll, one in five people reported they would rather accidentally “reply all”—which can be monumentally embarrassing—than reset a password.

But what alternative do we have?

For the past couple of years, we’ve been saying that the future is passwordless, and today I am excited to announce the next step in that vision. In March 2021, we announced that passwordless sign in was generally available for commercial users, bringing the feature to enterprise organizations around the world.

Beginning today, you can now completely remove the password from your Microsoft account. Use the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your phone or email to sign in to your favorite apps and services, such as Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, and more.