In light of the recent catastrophic update from CrowdStrike that crippled millions of Windows computers worldwide, including critical systems at airports and financial institutions, the importance of reliable and secure IT solutions has never been clearer. This incident left countless businesses and IT providers grappling with irreversible damage, requiring a laborious, system-by-system manual fix.

At Cyclone 365, we pride ourselves on not following the path of "the big guys." Instead, we focus on delivering tailored, in-house security solutions that maintain a low profile and significantly reduce vulnerability to such widespread failures. Our approach ensures that your systems are safeguarded with the utmost precision and reliability.

Don't leave your business exposed to the risks of mass-market security solutions. Choose Cyclone 365 for a robust, personalized defense that keeps your operations running smoothly, no matter what.

Stay secure. Stay ahead. Choose Cyclone 365.

Click to Call or Email us to schedule a meeting if you’ve been affected.

In the meantime, here’s a potential fix for anyone who has been “CrowdStruck” by their current IT provider:

1. Boot cycle until you have the option to get into Recovery Mode.

2. Get to the System Settings area and Restart System.

3. Skip BitLocker recovery screens.

4. Drop to a Command Prompt.

5. Use bcdedit /set {default} safeboot minimal.

6. Return to the Recovery Environment and Continue.

7. Boot cycle until you end up in Safe Mode and log in.

8. Delete C-00000291*.sys out of C:\Windows\System32\Drivers\CrowdStrike.

9. Open a Command Prompt as Admin.

10. Use bcdedit /deletevalue {default} safeboot.

11. Restart as normal, inspect for recovered functionality.

12. Fire your current IT provider and hire us.

Were You Caught Up in a Breach Last Year?

If you’re a US resident, you were likely affected by a data breach last year. Despite a global decline in breaches in 2023, the US saw a significant increase. Surfshark reported that the number of breaches in the US tripled. The Identity Theft Resource Center (ITRC) also noted a 78% increase in reported data compromises compared to the previous year.

Notable breaches last year included:

• T-Mobile: Affected 37 million accounts, exposing names, emails, phone numbers, billing addresses, and birth dates.

• Xfinity: Nearly all its customers (~36 million) had account usernames, passwords, and security question answers exposed.

• PeopleConnect, Inc.: Impacted 20 million Instant Checkmate and TruthFinder customers, exposing names, hashed passwords, email addresses, and phone numbers.

2024 Data Breach Outlook

According to TechCrunch, the worst data breaches of 2024 have already surpassed 1 billion stolen records. Significant breaches include:

• Ticketmaster: Potentially impacted 560 million users, although the company claims the number is closer to 1,000.

• Dell: Experienced a breach affecting 49 million customers globally.

• City of Baltimore: Accidentally exposed a database containing identities of residents who reported crimes.

Reasons Behind the Surge in Breaches

There’s three core reasons for the surge:

1. Ransomware Evolution: Ransomware groups now steal data to increase ransom payment pressure.

2. Cloud Data Vulnerabilities: Many organizations store data in the cloud without proper security measures. IBM found that 82% of breaches last year involved cloud data.

3. Vendor Vulnerabilities: Organizations often rely on vendors with access to their systems. These vendors may have weaker cybersecurity, providing an entry point for criminals.

How to Know If You Were in a Data Breach

The easiest way to know if you were exposed in a data breach is through notifications from affected organizations. Additionally, you can check HaveIBeenPwned to see if your data was compromised and to receive notifications of future breaches.

Steps to Take If You Were In a Breach

The response to a breach depends on the compromised data type:

• Login details: Change passwords for the affected account and any other accounts using the same password. Enable multi-factor authentication.

• Credit card information: Immediately contact your bank.

• Social Security Number: Report the incident to the FTC and freeze your credit with each credit bureau.

• Other data: Be vigilant about potential scams using the stolen information.

No Such Thing As “Harmless Data Exposure”

Even seemingly harmless data like your email address can be problematic. Exposed data can be compiled over time to create detailed profiles on you. Cybercriminals merge data from new and old breaches, enhancing their datasets for malicious use, such as phishing campaigns.

“Fence Your Data” to Avoid Breaches

While it's challenging to ensure your data is never breached, you can take steps to minimize the risk:

• Avoid signing up for loyalty programs.

• Skip filling out optional fields on forms.

• Limit sharing your Social Security Number.

• Be cautious with personal information on blogs, social media, and forums.

Delete Unnecessary Data

You can still take action even if you’ve previously overshared. State laws may allow you to delete your information and opt out of data sales. Additionally, delete unnecessary online accounts and uninstall unused apps to reduce data exposure.

By staying informed and proactive, you can better protect your personal information in an increasingly digital world.

The only thing worst than having your personal information stolen in a breach is to be a business owner who caused it. Don’t sleep on Cybersecurity just because you’re not a multi-billion dollar corporation! We are experts in the field and can protect your company. Click to Call or Email us to schedule a meeting.

Ransomware can bring your business to a halt. It’s one of the worst things that can happen next to a breach. If you see a computer with a notice on the screen about encrypted files, you have to act quickly to mitigate further damage to your data and disruption to your business.

The first thing you have to understand is that your business must close briefly. If you’ve got ransomware, it’s highly infectious. There’s also no telling what else your systems may be infected with. Shut it all down ASAP.

Below is an abstracted guide on how to deal with a ransomware infection:

1. Immediate Response and Containment 

a. Isolate the Infection:

·         Quickly disconnect affected systems from the network to stop the ransomware from spreading.
·         Turn off Wi-Fi, unplug network cables, and disconnect from VPNs.

 b. Assess the Scope:

·         Identify which systems and files have been compromised.
·         Check if the ransomware has reached cloud storage or local backups.

 c. Notify Key Personnel:

·         Inform your IT support team or managed service provider.
·         Communicate the issue to business owners and relevant employees.

 d. Preserve Evidence:

·         Document all details related to the attack (logs, affected files, screenshots).
·         This information will be useful for forensic analysis and potential legal action. 

2. Initiate Recovery Procedures 

a. Restore from Backups:

·         Identify the latest unaffected backups stored on local and cloud storage.
·         Verify the integrity of these backups before restoring data.

 b. Clean Infected Systems:

·         Use trusted antivirus and anti-malware tools to remove ransomware from infected systems.
·         Ensure a thorough scan to confirm all ransomware traces are eliminated.

 c. Restore Files:

·         Prioritize restoring critical business files and applications first.
·         Restore data from the most recent clean backup available on the local file server.
·         Use cloud storage version history features to revert to uninfected versions of files if necessary. 

3. Post-Incident Activities 

a. Investigate and Analyze:

·         Conduct a basic root cause analysis to determine how the ransomware entered the system.
·         Review security logs and any alerts from security software.

b. Enhance Security Measures:

·         Strengthen endpoint protection and monitoring.
·         Update all software and apply security patches promptly.
·         Configure advanced threat protection features in Microsoft 365.
·         Enable and enforce multi-factor authentication (MFA) for all accounts.

c. Improve Backup Strategies:

·         Ensure both local and cloud backups are regularly tested and updated.
·         Implement a 3-2-1 backup strategy: three copies of data, on two different media, with one copy offsite.

 d. Educate and Train Employees:

·         Conduct basic cybersecurity awareness training focused on phishing and safe
computing practices.
·         Regularly remind employees of security policies and procedures.

 e. Review and Update Incident Response Plan:

·         Refine the incident response plan based on lessons learned from the attack.
·         Ensure all key personnel are familiar with their roles and responsibilities in the event of future incidents. 

4. Legal and Communication Aspects 

a. Report the Incident:

·         Notify relevant authorities and regulatory bodies if required.
·         Inform customers, partners, and stakeholders as appropriate.

 b. Manage Public Relations:

·         Prepare a public statement and responses to inquiries.
·         Maintain transparency while protecting sensitive information.

By following this guide, a small business can effectively respond to and recover from a ransomware attack, minimizing downtime and data loss while strengthening its defenses against future threats.

If you’re unable to contain the attack, we can help! Keep your systems shut down and click to Call or Email us to schedule a meeting.

Why Small Business Owners Should Ensure They’re Not Using Kaspersky Antivirus

Recently, the US Department of Commerce made a significant decision that affects many businesses across the nation. Kaspersky Lab, a well-known provider of antivirus software and cybersecurity services, is now prohibited from operating in the United States. This move is primarily a precaution to protect national security, and it's important for small business owners to understand how this impacts them.

What You Need to Know

If you’re a small business owner, you should be aware that Kaspersky’s antivirus products are now officially labeled as spyware by the US government. This determination isn’t new; it builds on earlier concerns. In 2017, the Department of Homeland Security banned Kaspersky antivirus from federal computers, highlighting potential security risks due to its ties to foreign entities.

Why It Matters for Your Business

Antivirus software plays a crucial role in protecting your business’s data and systems. These programs have deep access to your files and network, making it essential that you trust the software you use. With the US government’s latest stance, continuing to use Kaspersky products could pose risks that your business cannot afford to take.

Steps to Take

1. Check Your Current Software: Review the antivirus and cybersecurity solutions you’re currently using. If Kaspersky is among them, it’s time to consider alternatives.

2. Explore Reliable Alternatives: There are many reputable antivirus programs available that can offer robust protection for your business. Look for solutions that are recommended by cybersecurity experts and trusted by other small businesses.

3. Consult with IT Professionals: If you’re unsure about which software to switch to, consult with IT professionals. They can provide tailored recommendations based on your specific business needs and ensure a smooth transition from Kaspersky to a new antivirus solution.

Benefits of Switching

Switching to a different antivirus program ensures that your business remains compliant with the latest regulations and avoids any potential security risks associated with Kaspersky. Additionally, many antivirus solutions offer enhanced features and support, which can further strengthen your business’s cybersecurity posture.

Conclusion

The recent decision by the US Department of Commerce serves as a reminder of the importance of using trusted and secure software for your business operations. By proactively ensuring that you’re not using Kaspersky antivirus, you can protect your business from potential risks and continue to operate smoothly and securely. Take action today to review and update your cybersecurity measures, and stay ahead of potential threats.

If you are looking for a safe, reliable, and secure solution for your business, click to Call or Email us today to schedule a meeting.

Is your business unknowingly at risk due to outdated firmware? While you may think your latest gadgets are invincible, the reality can be quite different. That new wireless copier in the breakroom might be exposing more than you realize.

What is Firmware?

Firmware is the software that tells devices what to do. It's usually hidden and added by the device manufacturer. Just like your computer needs security updates, this hidden software inside your devices needs care too. Neglecting firmware updates can leave your business vulnerable to hackers.

The Importance of Firmware Security

Devices with poor firmware security can expose your network, leaving your business a sitting duck for cyber threats. Here are some tips to ensure your devices remain secure:

1. Prioritize Firmware Updates: When choosing devices, prioritize those with a history of regular and timely firmware updates. These updates patch security holes and keep your gadgets safe from harm.

2. Look Beyond Features: Don’t be fooled by fancy features! Look for manufacturers with a reputation for prioritizing security in their firmware.

3. Ask Questions: Before you buy, investigate the device's firmware update policy. Don’t be afraid to ask questions to ensure your devices won’t turn into ticking time bombs.

Conclusion

Firmware security is a crucial piece of the cybersecurity puzzle. Let us help you choose devices that are built to last and stay secure. With our expertise, we can guide you in selecting secure devices and implementing robust security measures.

Don't wait until it's too late. Ensure your business is protected by securing your firmware today. Click to Call or Email us today to schedule a meeting.