As you have probably heard in the news over the weekend, a security vulnerability named, WannaCry began infecting computers worldwide late last week. This vulnerability, if executed on a system, will encrypt the data on the computer, even backups, and then seek out other systems to infect. Once encrypted, the ransomware, demands a payment within 3 to 7 days. All it takes is one computer to be infected before many other computers on the same network could be compromised.
Currently, a new version (WannaCry 2.0) is expanding worldwide to further increase the infection rate.
JMARK had put many defenses in place prior to this outbreak and will continue to utilize further protection. However, email attachments and links in email messages still pose the top threat. We are currently assessing all possible means to mitigate the threats and taking appropriate action as necessary. We will be sending more details as this continues to unfold.
What do I do if I am infected? If you are infected, you will immediately know as you will be greeted by a screen saying “Ooops, your important files are encrypted.”
If this occurs, hold down the power button on your computer to turn off your machine as fast as possible and then contact JMARK for assistance. Do not attempt to decrypt or check payment in the screens that appear.
How does the infection occur? WannaCry exploits a known vulnerability in Microsoft Windows operating systems. The entrance of the attack can come in multiple ways, but the most common way is by email. A few things to keep you safe:
Never open an attachment from any individual that you are not expecting to send a file. If you haven’t requested it or know the sender was specifically sending you the file, do not open it as they may be infected.
Pay careful attention to the sender address and name. Often they are slightly misspelled to fool you into thinking the email is from a known colleague.
Pay special attention to any link, that you are requested to click. These can also be slightly misspelled domain names to fool you into thinking they are legit.
Please contact your JMARK support team if you have any questions, problems or concerns.
JMARK Business Solutions, Inc., a leading provider of Technology Management services, announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit, attesting to the design and effectiveness of its Security Controls
Springfield, MO — JMARK, a leading provider of Technology Management services, announced the successful completion of its first Service Organization Control (SOC) 2 Type II audit. The American Institute of Certified Public Accountants (AICPA) has issued an Interpretation under AT Section 101 permitting service auditors to issue reports that are not specifically focused on internal controls over financial reporting. These reports are considered SOC 2 reports and focus on controls at a service organization relevant to Trust Services principles, such as security.
“JMARK’s focus on strong internal controls is evident in this report,” says Tim Roncevich, Partner at SSAE 16 Professionals. “The successful completion of this audit is a testament to JMARK’s integrity, accountability, and its commitment to its customers.”
The audit undergone by JMARK was conducted in accordance with the AICPA SOC reporting standards and was conducted by SSAE 16 Professionals, LLP, which is a full service accounting firm providing SOC 2 Type I and Type II audits. SSAE 16 Professionals evaluated JMARK’s design and operating effectiveness of internal security controls and processes related to the Security Trust Services Principle. The firm has found that JMARK has met or exceeded the expectations and is fully compliant to the standard.
“Completion of the SOC 2 Type II audit demonstrates the high value that we place on security,” says Todd Nielsen JMARK’s Chief Strategy Officer, who headed up the initiative. “A SOC 2 Type II audit shows our clients, especially those in the banking, healthcare, and hospitality verticals of our dedication to privacy and security. Clients can remain confident in JMARK’s operations, policies, and procedures to keep their data protected and private.”
About SOC 2 Reports
Completion of the SOC II Type 2 audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The audit included the company’s controls related to the Trust Services Principles and Criteria of Security.
The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of to the commitment to protecting JMARK’s client data and information systems.
A SOC 2 report falls under the AICPA AT 101 guidelines and can also be either a Type I or a Type II. Whereas SSAE 16 (SOC 1) reports are used for audits of controls that impact a user organization’s internal controls over financial reporting (ICFR), SOC 2 reports are intended service organizations whose services do not impact ICFR. The typical users of a SOC 2 report will include prospective clients of the service organization, management of the service organization, and independent auditors providing services to the user organizations. The SOC 2 audit covers operational and/or regulatory compliance controls and follows pre-defined Trust Services Principles and Criteria.
JMARK Business Solutions is an award winning global technology services company that has been in operation for more than 25 years. Not only are they a market leader, but they also specialize in various specific industry and technology verticals to directly benefit their clients. This market focus allows them to be highly specialized and educated in helping their clients to be successful. JMARK offers a full range of IT Solutions and Managed Services to serve any industry, anywhere in the country and even the world. JMARK is headquartered in Springfield, MO with offices in Oklahoma, Arkansas and Colorado.
About SSAE 16 Professionals, LLP
SSAE 16 Professionals, LLP is a leading firm specializing in SSAE 16 and SOC 2 audits and readiness assessments. Each of its professionals has over 10 years of relevant experience at “Big 4” and other large international or regional accounting firms. Each professional is certified as a CPA (Certified Public Accountant), CISA (Certified Information Systems Auditor), CIA (Certified Internal Auditor), CISSP (Certified Information Systems Security Professional), and/or MBA (Master of Business Administration). For more information, please visit www.SSAE16Professionals.com.
Name: Todd Nielsen Organization: JMARK Business Solutions, Inc. Address: 601 North National, Suite 102 Phone: 417-863-1700
A big thanks to the many people within JMARK that helped make this a reality.
https://www.jmark.com/wp-content/uploads/2015/12/SOC-Service-Org_B_Marks_2c_Web.jpg16041752Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2016-07-11 13:59:032017-02-17 22:20:17JMARK Business Solutions, Inc., announces the successful completion of its first Service Organization Control (SOC) 2 Type II audit
I am proud today to announce that JMARK Business Solutions, Inc. has passed a SOC II Type I audit. This audit comes after lot of hard work by many dedicated individuals at JMARK. The SOC II audit shows our dedication and commitment to the privacy, confidentiality, and security of JMARK and its clients. SOC II addresses many areas of the company and testifies to the soundness and integrity of our: Infrastructure, Software Systems, People, Policies, Procedures, and Data.
What Does This Mean to JMARK Clients
A SOC II audit shows our dedication to the privacy and security of client systems and data. In this world of daily security incidents, few IT Service organization can show through independent analysis that their operations and procedures are aligned to keeping their clients data safe and private.
Completion of the SOC II Type I audit indicates that processes, procedures, and controls adopted by JMARK have been formally evaluated and tested by an independent accounting and auditing firm. The certification included the company’s controls related to the Trust Services Principles and Criteria of Security.
The SOC II certification is among the highest and most rigorous security achievements that can be achieved by any organization. It testifies of our commitment to protecting our client data and information systems.
https://www.jmark.com/wp-content/uploads/2015/12/SOC-Service-Org_B_Marks_2c_Web.jpg16041752Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2015-12-04 16:11:102015-12-04 16:11:10JMARK Achieves SOC II Type I Certification
No matter your opinion of the Ashley Madison hack, the real damage is yet to come, and you and your company, are the next target. Hackers are smart, and when any natural disaster, general conspiracy, or big event occurs, even another hack, they are quick to capitalize on the popularity and attempt to create more mayhem and extortion.
This is done through the sheer simplicity of common curiosity. When a popular event happens, hackers will try to squeeze the curiosity out of us to try to get us to do something, something that will hurt us, and benefit them. That brings us to the popular Ashley Madison hack.
In the Ashley Madison hack, millions of names, emails, and physical addresses of people who had extramarital affairs were posted on the Internet, but not the normal Internet you and I go to, they were posted to the dark web. You have to know what you are doing to get to the black web and it is not a safe or recommended place to enter.
That is where the hackers are taking advantage of people. Many are curious to see if anyone they know is on that list, as a result, hackers put up fake websites offering to show you that information. Someone goes to a nice looking website that looks legit in order to look at the names, and then BAM… suddenly your computer and network is hijacked and you have to pay money to get your files and data.
Stay safe and call JMARK if you have any problems. We are here to help!
https://www.jmark.com/wp-content/uploads/2015/08/bigstock-Fingers-Crossed-Behind-Back-5239824-e1440529846785.jpg294575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2015-08-25 13:58:572015-08-25 13:58:57The Ashley Madison Hack Is Gonna Hurt More Than the Cheaters
In Early August, it was reported that Russian hackers had stolen more than 1.5 billion username and password combinations. Yeah 1.5 billion, that’s not a typo. That event makes the Target breach look like small potatoes. You might think your company is safe, but are you sure about that?
This breach is a huge exposure for small and large businesses alike. If that were the only event this year, it alone would be huge news, yet there has been an average of about two major security breaches reported each month this year. These breaches together put many things at risk, even if you think your network is tied down.
The first reason for this is that employees usually do more than work. They check their personal email, check social networks, surf the Internet, perhaps pay some online bills, and much more. All of these things can potentially open up your network to a breach. All it takes is for one employee to click the wrong link or download the wrong attachment and your network can be opened up
Another reason is that hackers are continually changing their tactics. Very few systems have the ability to monitor for abnormalities in network traffic and other parameters. JMARK has a special service that allows for advanced monitoring of logs from network devices and systems to detect abnormalities that could be attacks. Contact us if you want to learn more about this special log monitoring service.
We live in a world that is changing dramatically, and security is at the forefront of the priorities that need to be in a company’s budget in order to protect its identity, reputation, and intellectual property.
JMARK has the systems and expertise to help business owners sleep better at night. Contact us to learn more about how we can help, and please change your online passwords, if you have not in the past couple months.
https://www.jmark.com/wp-content/uploads/2014/10/Security-Passwords-Cyber-Internet.jpg337575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2014-10-06 08:42:542014-10-06 08:42:54Are You Taking Responsibility for Your Company’s Security?
Another week… another security risk. It seems security risks and companies that get hacked are about as common dirt these days. This week is no different.
You may have seen the news already about very serious vulnerability known as “shell shock.” The affected software, Bash (the Bourne Again SHell), is present on most Linux and Unix-like systems, and including some Mac OS operating systems. The risk appears to be most viable on Internet-facing devices that rely on the Bash environment, such as web and mail servers, but could affect many other devices running those operating systems such as storage devices, public wireless hotspots, and other systems on the network. Additionally there is a risk for any DHCP clients that might connect to an at-risk DHCP server, which means you should be careful when connecting an Apple device to a public hotspot. The DHCP server if infected could issue commands that could put client computers at risk. Indicating that exploit could affect routers or even cell phone towers.
Patches have been made available via the official vendor of the Bash application; however, it merits noting that there are currently reports that the available patches do not fully resolve the issue. Yesterday, JMARK’s own network was under attack, but our skilled network admins diminished that threat without any loss of service.
JMARK is monitoring this situation for further developments and risks and will notify clients if the risk continues to increase.
At this time, JMARK recommends that:
Systems are updated to the latest application versions as they become available
Host activity is monitored for anomalies
Updated signatures from IDS/IPS vendors are obtained to protect against known attacks
Contact us if you feel you might be experiencing issues related to this threat.
https://www.jmark.com/wp-content/uploads/2014/09/BASH-BUG-Computer-Cyber-Network-Security-Risk.jpg360575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2014-09-26 12:51:332014-09-26 12:51:33The BASH Bug... Insecticide Is Not Gonna Help
On Sunday August 24th60 Minutes aired a show that everyone should watch. I didn’t see it when it aired, but a colleague forwarded the replay to me and I was blown away. I have followed security trends for several years, but this was new to me.
We live in a digital world. One in which everything we do, on and offline – can be tracked. That data when combined with other data makes up a profile or dossier for hundreds of millions of people in the United States alone. These dossiers are not identified with some random unidentifiable number; they are coded with your name, your email addresses, known aliases, health, buying preferences, and everything else about you.
You are probably wondering how this happens. How can you be tracked without you even knowing it? Here’s how:
Your cell phone tracks everywhere you go, that information combined with other information can identify habits, preferences, and a whole load of information that reveals information about you.
Apps on your phone that you think are providing entertainment or other communication with your friends, can actually track your location and what you do in other applications on your phone. They can learn your friends, contacts, who you call, and what you are saying to others. Many game apps are just fronts for the collection of data on you.
By just getting on the Internet, you are being followed everywhere. First of all your Internet service provider has tons of data on you, and knows what you do, what you say online, and what you buy. As soon as you log onto Google and do a search, or you go to your favorite social media account, or a host of other sites on the Internet. You are not just being monitored at that site, but every other one as well. For example, you go to Facebook and look around for a while, then you close it and go to a debt consolidation company website to learn about their services, then you go and read some articles about a health malady let’s say Diabetes, then you go to a job site and look at available jobs, etc… Facebook is tracking you during the whole session and beyond. Imagine all the personal information these sites could gather about you.
Then let’s say you go to the store and buy things, maybe you pick up a prescription at the pharmacy. Your credit card company knows everything you buy, not to mention all the retailers. Those discount cards, they are not just for discounts; they are for tracking your purchases and tying those purchases back to you, no matter what form of payment you might use. Then you swing by the elementary school and pick up your kid, you are too tired to cook so you go out to eat at some fast food restaurant.
If you take all those things and combine them, we learn that:
You are struggling with debt.
Based on your Internet search and the type of prescription you picked up, you have been just diagnosed with Diabetes.
You are most likely looking for a new job or are out of a job.
You have a child and you make poor eating decisions.
Obviously this is just supposition of a small amount of data, but each of us leaves thousands of data points a day all over the place.
If you are concerned about the security and privacy of your business, which you should be, contact JMARK. The damage in privacy that I discussed in this article is nothing compared to the damage and liability from a privacy or security breach of your business or of one of your clients or patients.
https://www.jmark.com/wp-content/uploads/2014/09/Privacy-Security-Data-Broker.jpg297575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2014-08-29 12:45:042014-08-29 12:45:04Your Private Information – For Sale to the World
Your first line of defense in all kinds of systems is the password used to get into it. Whether it is a phone, computer, tablet, firewall, wireless access point or third-party service, your password is sometimes considered the end-all, but in reality it is not enough.
I am not talking about Anti-Virus Software, Anti-SPAM software, Anti-Keylogger software, Firewalls, or the many other layers of security that can and should be be tacked onto a network; I am referring to something that can beef up the power of your password.
This extra power is called Multi-Factor Authentication. Multi-Factor Authentication is an add-on software, service, and/or device that proves that when you are typing your password, that it really is you typing the password and not someone who stole your password. JMARK uses various flavors of Multi-Factor Authentication for ourselves and for clients. Sometimes when typing a password a user gets a special code from an app on their phone, or off a device. This code changes every 30 seconds, so it can’t be hacked. This code, along with your username and password proves that you are you; and together they authenticate you to the system or software you are trying to get into.
Had Target, and many others who have experience security breaches, been using Multi-Factor Authentication, their story would have been much different.
We live in a world where security is of the utmost importance. Security discussions need to move from the server room, to the boardroom. Companies can no longer assume that they are too small to be a target, or that the security measures they’ve taken are enough. Things are always changing and it is important to stay ahead of the curve. Multi-Factor Authentication is one big way to do that.
Implementing Multi-Factor Authentication is not very expensive, especially considering what you might be preventing. If you are in the financial services, legal, healthcare, education, or any other business that is a high target or under regulation, contact JMARK to learn more about how Multi-Factor Authentication will protect you.
https://www.jmark.com/wp-content/uploads/2014/08/Muti-Factor-Authentication-Password-Security.jpg330575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2014-08-15 10:05:282014-08-15 10:05:28Your Password Alone Is Not Enough, Implement This Solution NOW!
I’ve written a lot about Network and Internet security, but have never covered a really big hole that exists in a lot of companies, and that’s, well… the door.
Talk to any business about Network Security and the conversation and thought process often focuses on hackers, attack vectors, wireless, passwords, and many other technology avenues where security can be compromised. Those are all important, but what about the physical security of your data?
Years ago I knew the CEO of a company that lost all their data, and it was not because of a hard drive crash or a hacker. Thieves broke into the office. The alarm went off, but the thieves were fast, they didn’t care about the alarm. They took a pair of giant clippers and cut all the wires in the back of the server rack, power and network were all sliced. Then they rolled the entire cabinet out the door, into a cargo van, and drove off into the night. They were in and out before the police were even close. To make matters worse they also took all the backup tapes that were sitting on a table in the server room.
Had the server room been locked and secured, this story might have ended differently. Had their video surveillance system been managed and working properly, they might have ended up catching the thieves.
Physical Security Questions You Should Think About
What are you doing to make sure that your physical security is enough to protect your data assets?
Are you using fingerprint, optical, and/or Smart Card security for access to your facilities and to your server room?
Is the server room secured so that only authorized personnel can access it?
Is the door always locked?
Do you use video surveillance and an alarm system?
Is your video surveillance system monitored and managed?
Is your server room in a central location, away from outside walls and doors?
Are servers locked in a rack?
Is your rack bolted to the floor?
There are a ton of relatively low-cost solutions that can be implemented to improve the physical security of your equipment and the critical data that is on that equipment. Losing your data is costly, so just about any money you spend for physical security is investment you cannot afford to not pay for.
Additionally this story above has other lessons. Had the data been encrypted on those servers, then data would not have been compromised and they would probably not had to tarnish their reputation by alerting everyone that data had been compromised
Lastly, every business needs a rock-solid remote backup disaster recovery solution. Had this company above employed this technology, servers could have been ordered quickly and data reloaded and they could have been back in operation after only a few days.
Many people take the belief that, “It won’t happen to me.” Don’t think that, because it very well can happen to you. Call JMARK so we can audit your physical security, backup and disaster recovery plans, and can help make sure you never have to deal with the pain that the CEO above had to deal with.
https://www.jmark.com/wp-content/uploads/2014/08/Physical-Security-Network-Server-Support.jpg287575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2014-08-07 08:00:172014-08-07 08:00:17The Often Overlooked Physical Aspect of Network Security
A 2013 survey by LinkedIn reported that 54% of people who participated, felt that security was a top concern and even a deterrent when they consider incorporating cloud computing into their business practices.
Industries that use sensitive data like health care, and finance related businesses, are especially aware of security concerns in technology and have a heightened sense of risk when it comes to placing data to the cloud. Security breaches are obviously a serious issue. If someone were to break into a business system whether it was in the cloud or not, that business’s reputation could be tarnished, it’s competitive secrets could be compromised, and it’s data could be lost, depending on the severity and type of breach. In this world of ever increasing transparency and risk, security should be a top concern for business owners and CEOs for any type of business. The old adage of “we’re to small to be hacked,” is no longer true.
Many people believe that data is safer within the confines of one’s own office space. The truth is, that with proper measures, data is often safer in the cloud, than in traditional methods of data storage. There are risks for data, no matter where it might be sitting.
While it’s true that security is a concern, data loss is also a hazard. A separate study conducted by Mimecast, showed that 57% of respondents felt their data was safer after using cloud computing, because data loss was at a reduced risk, and data was usually backed up in more than one place. Additionally cloud computing often has multiple points of failure and an army of very expensive security equipment and people to make sure data is safe.
As technology develops, standards increase. Security standards for cloud computing, and technology use in general such as: HIPAA, ISO, PCI, DSS, and SOC set the bar for IT technologists and cloud developers in terms of keeping data secure for clients. Meeting these standards allows clients to feel better about how their data is stored and missing these standards means client loss for developers and technology professionals
Some of my previous posts have addressed many areas of security for different industries and different technologies. The ways and methods that hackers can get access to data would surprise and scare most people. Whether your data is in the cloud or in your closet, JMARK understands the intricacies of cyber security and every other aspect of IT security. Our industry certifications, tight policies and procedures, overall technical scope and expertise, army of experts, advanced software, and the regulations we abide by – allow us to serve our clients and make sure that they can sleep peacefully at night, not worrying about security or the continuity of their data.
For more information about security in the cloud or in your office, contact us to get a proper security analysis performed.
https://www.jmark.com/wp-content/uploads/2014/07/Security-Cyber-Internet-Backup-IT.jpg355575Todd Nielsen/wp-content/uploads/2017/02/complete-jmark-logo.pngTodd Nielsen2014-07-18 11:53:142014-07-18 11:53:14Security – Whether in the Cloud or the Closet – Must Be a Priority!