Blog Archives

I Remember the Time I Lost My Data (Part 2)

My data loss story isn’t simple. The data loss was not limited to one file, or even one device. Although this happened almost 10 years ago, the repercussions of this are still being felt in the organization I used to work for.

As I mentioned, this happened almost a decade ago. I had to travel for work to Mumbai, India, and as is required of any Pakistani travelling to India, I had to register with the local police station when I arrived in the city, and before I left.

Because the local office I was working with didn’t have anyone who could drive me to the police station—and this was before Uber existed—I had to rely on the local transport system alone. Aware that I could be mugged while travelling, I left my belongings with some local colleagues who were instead going straight to the hotel. They had my laptop, phone, and all my notes from the day’s meetings.

After I was done with the police station, I went back to the hotel, only to be told that my colleagues had forgotten my backpack on the local transport they used. Although they had spent the last few hours looking for the bag, it was nowhere to be found.

I left my bag behind thinking it was more secure with them than with me and lost a year’s worth of organizational data that wasn’t backed up anywhere.

LOL. Talk about irony.

The phone had valuable contact information, and my laptop had not only notes from the meetings that I had traveled to India for, but all of my data for the last year as well.

Coming back home and realizing that I would need to comb through emails for the last 10 months to recover just a part of the data I had lost was horrifying. I had managed to put my team back months as far as delivering on our goals was concerned!

Over time, I was able to recover about 80% of the data. I had to email a lot of colleagues to ask for newer versions of documents, scour through my emails to find others, and sit and re-create some of the lost data late at night.

I no longer work at the same organization, but there are still times when someone needs a file that was on my laptop and I have to say that I was not able to recover it despite my best efforts.

All my data is backed up now. All my work files, personal files, images, videos are backed up in the cloud, and on an external drive. A reminder in my calendar ensures I never forget to back up to the external storage drive. But even better, cloud backup services like Mozy are set up to back up important files automatically.

Check out the ways Mozy by Dell backs up your important data, from desktops and laptops to small servers. And Mozy Sync keeps your most active files up to date across your computers, smartphones, and tablets. You’ll have your files anywhere you go.

Rumor has it that the ransom is going up

Ransomware is a vicious form of malware that locks users out of their devices or blocks access to files, until a ransom is paid. There are numerous variants, with some ransomware designed to attack Windows devices, and others geared towards Macs or mobile devices. The WannaCry outbreak is a recent example of this form of malware that’s infecting Windows computers.

Evolution of ransomware

While ransomware has been around since the late 1980s, it went “pro” in September 2013 when CryptoLocker was released. It was the first cryptographic malware, and spread quickly via downloads from a compromised website and/or emails made to look like customer complaints. It was estimated that more than $27 million was paid in ransom.

That may seem like a hefty amount to pay out, but there’s only been an exponential increase in ransom payments, with CNN reporting that cybercriminals collected more than $209 million in the first quarter of 2016!

Over the course of time, encrypted browser software such as TOR, anonymous currencies like bitcoin, and increasingly intelligent cybercriminals have evolved ransomware to where it is the #1 security concern of organizations.

Protecting your business

Cybercriminals do not particularly care who their victims are, as long as they can pay a ransom. With a scatter gun approach to propagating ransomware, cybercriminals just want to cast the net as wide as possible so as to maximize the returns.

Here is how you can protect your business:

Educate your users

Most people can’t tell a phishing email from a safe email. Teach your employees to recognize a phishing email. Train them to only open emails from people they know and that pertain to topics they would be expected to talk to them about, and avoid navigating to URLs sent in emails.

“Humans need to be trained; they are the weakest link,” says Paul Kubler, a cybersecurity and digital forensics examiner at LIFARS LLC. “Companies should employ at minimum a bi-annual training geared towards each user group so that everyone is aware of the latest attacks.”

Use a layered defense and update your software regularly

Ransomware attacks involve many different elements. They can start off as a spam email with a link to a malicious website that exploits vulnerabilities in your system to download the virus. A layered approach to cybersecurity, such as email security as well as network protection, can defend you at each of these points. Each layer creates an extra obstacle for the malware, making it more difficult for the attack to be successful.

Keep your operating system, third-party applications, and antivirus programs updated at all times. These are layers of defense for your data, and while they are not bulletproof, they can go a long way in protecting you.

Back up your data often

Business devices often contain sensitive information, as well as operation-critical information such as customer data and business plans. Losing this data to a ransomware attack could severely cripple your business processes. Ensure regular backups are made of all important data, and that these backups are also routinely tested to make sure they work.

According to Steven J.J. Weisman, author of Scamicide, “The best defense against ransomware is to back up all of your data each day. In fact, my rule is to have three backup copies using two different formats with one off site.”

Ransomware isn’t going anywhere, and it is up to each business to protect itself from being the next victim of this type of cybercrime. Mozy by Dell can help. You can avoid a ransomware disaster!

Read about how these two businesses protect their data from ransomware:
   •     Technology consultant battles ransomware with Mozy backup
   •     IT provider chooses Mozy. ‘Nuff said!

What You Need to Know About Phishing


Social engineering scams that use email or websites into tricking users to reveal personal information or install viruses on their devices are known as phishing scams. Phishing scams can look like bank emails, or other corporate communication, and are crafted to fool the users into believing that it is a legitimate message.

The content of a phishing email is intended to cause a quick response from the user. One common scam will try to convince you that you’ve won a lottery or a prize, with a link similar to a website you already know of. This page will then ask for your personal information, which you will happily provide because you think you’ve won money.

Types of phishing attacks

There are three types of phishing attacks that you need to be aware of:

Regular phishing: These attacks are not targeted, and attempt to manipulate the user to click a link where they will enter their credentials. This is a generalized attack and no “one” person is a target.

Spear phishing: These are targeted attacks. The attackers have studied the organization or person they are trying to defraud, and will usually try and impersonate one or more parts of that organization. They may use social media to find information about the organization, and use it to create an email that will convince the reader that it is from their own business.

Whaling: This doesn’t refer to hunting for whales, but instead phishing the upper management of an organization. Done in the same manner as a spear phishing attack, it targets the highest level of the organization and often includes messages that request transfers of large funds.

How to identify phishing attacks

According to Intel Security, 97% of people cannot identify a phishing attack. Here’s how you can be prevent becoming a victim.

Don’t trust email communication: We have been trained to use email as the main mode of communication, and as far as it does not require you to divulge personal information, that is fine. Treat with care any email that asks you to click on a link, or provide personal information. Even if you receive an email from what seems like your own company, asking you to make a fund transfer, just confirm verbally with the relevant person to ensure this is not a scam.

Don’t fall for emails that sound urgent: Many phishing emails attempt to scare you into believing you need to respond or react urgently, but you must take the time to confirm that the email is from a legitimate source before responding.

Confirm links before you click on them: When you receive an email that seems legitimate with a link for you to click on, go to the actual website and then navigate to the relevant page. At the very least, always confirm that there isn’t a minor change—for example, BankofAmerica vs BankAmerica—that is meant to fool you.

Beware of online forms: Do not enter confidential information through online forms or websites. But if you have to, make sure all data you submit is done via a secure connection; that is, https. This is especially important when entering credit card information online.

One of the most important things to remember is to report a suspicious email to management immediately. Only 3% of targeted users report malicious emails to management, which is scary when you consider that 95% of all attacks on enterprise networks are due to a successful phishing attack.

Black Friday and Cyber Monday: 4 Ways to Protect Your Data When Shopping Online

Cyber Monday 2015 generated over $3 billion in sales, a 12% increase over previous years. This increase in online shopping isn’t without its pitfalls, however, as one in 86 transactions were targeted with some type of fraud.

With Black Friday and Cyber Monday just around the corner, how should you ensure that your personal information is safe and secure when you shop online?

Be careful who you trust

Don’t give out your personal information to outlets you do not trust. Every time you are asked for your personal information while shopping online, ask yourself a few questions:

Do you trust the company or site you’re on? 

Before you trust an online store with your personal information, read up on what other shoppers have said about them. Search for complaints or scams that their website may have been involved in by typing “Company Name” + “Scam” or “Complaint” into your favorite search engine.

Is the store website encrypted? 

Don’t ever give out your personal information on websites that aren’t encrypted. Encrypted sites protect your information as it travels from your computer to their server. Look for an https at the beginning of their web address. This shouldn’t just be on the login page, so check every page you visit.

Does the store have a privacy policy? 

Online retailers should have a clear privacy policy that tells you how they protect your personal information, and secure your credit card information.

Did you download the store app you’re shopping on from a legitimate link? 

When using apps, always use the link provided by the brand on their own website to download their app. According to New York Times, more and more “fake” apps are making their way onto app stores, just in time to fool shoppers for the holiday season. Fake apps are not only hoping to sell you lower quality products, they could also use your credit card information in dubious ways.

Remember, not all WiFi is created equal

Every restaurant, mall and office seems to have WiFi, and often these networks are open to all users. We’ve all logged into an unprotected WiFi network once or twice, but few people know how much more vulnerable you are when transmitting data over a wireless connection (and not just an unprotected one). Limit your buying activity to password secured connections you trust, such as your home, and never log in to your banking app or transmit credit card information over an unsecured public network.

Secure your devices and accounts

Where once you only had to ensure your computer had the latest available anti-virus software, now you have to also worry about securing phones and tablets. Most security software is set to update automatically, so opt-in for that option on the software you choose. But also set your operating system and browser to update automatically, as these updates can often include important updates required to keep your device secure from the latest threats.

Not only should your devices be updated, remember to choose smart passwords for all accounts. Using a password management service such as LastPass can allow you to create hard-to-crack passwords without having to worry about remembering them. Choose passwords with a mix of letters, numbers and special characters, and keep the length between 10 to 14 characters.

Consider a Virtual Credit Card Number

Some card issuers provider users with an alternate number that they can use when they shop online. The disposable number is still linked to your account, and your purchases do appear on your card statement, but since it can only be used for a limited time, or with a limited number of merchants, a scammer who comes across it at a later date cannot use it. You will need to check if your credit card issuing bank provides a disposable number, but it’s worth checking it out before the holiday shopping starts.

Your safety is in your own hands, so remember to stay safe while shopping online by following these suggestions. Happy holidays!