How DiamondIT is supporting clients during the COVID-19 (coronavirus)

About Matt Mayo, CEO of DiamondIT

Matt Mayo has 20 years technology field experience and is the owner/CEO of DiamondIT. He is an entrepreneur who believes in being the very best at what he does while also never taking himself too seriously.

Working from Home Exposes You to Threats – Here’s How to Stay Safe

Shelter-in-place and social distancing mean your new commute consists of shuffling to your home office or dining room table, favorite mug in hand, bathrobe secured tight around you. It seems COVID-19 has introduced millions of people to remote work almost overnight. It also created prime targets for cybercriminals.

How to Maintain Security While Employees Work Remotely

Coronavirus has changed how you and your team work together. It’s vital to take a moment to review and update your practices to keep your team, clients and data safe at this time.

Here are 13 ways to start protecting your organization from the onslaught:

  1. Turn on multifactor authentication for all devices and accounts accessing company information and applications
  2. Continually monitor, update and patch systems
  3. Where possible, only use encrypted devices to store corporate data
  4. Review spam filters and add more controls as needed
  5. Test your backup and disaster recovery solution to ensure you can access critical information in a worst-case scenario
  6. Use a Virtual Private Network (VPN) as necessary to connect company devices – do not use it on personal devices
  7. Use a firewall with advanced threat protections
  8. Use mobile device management to track and secure the computers and phones staff are using outside the office
  9. Provide COVID-19-specific employee cybersecurity training to avoid having one of your team fall victim to the ransomware, malware and scams circulating right now
  10. Enforce strong password policies on personal devices or company devices used to access company information
  11. Create a remote working security policy for your employees and train your team on it
  12. Work with an IT security expert who will implement a comprehensive security solution
  13. Get an IT assessment to uncover gaps created by switching to a remote work environment

Cybercriminals are Capitalizing on COVID-19 Fears

One factor could make COVID-19 scams more successful than other attacks: widespread fear about the spread of the virus. Turning the recipient’s anxiety and uncertainty to their advantage, hackers find it easier to get people to click malicious links, download attachments and unwittingly infect their networks with malware.

Education is the most important step to combat this style of attack. You’re less likely to fall for a threat if you know the methods and messaging cybercriminals use. Training is essential to protect your organization – whether you’re working on the front lines, remotely or you’re back in the office when this is all over. Here are a few of the tactics we’ve seen. Share these with your staff so they can watch for them:

  • Attacking VPNs and remote desktop protocols (RDPs) to gain access to your internal documents and applications
  • Impersonating the World Health Organization (WHO) officials in emails to get people into handing over personal information
  • Attaching documents to emails claiming to contain new information or miraculous cures for coronavirus. These unleash malware when opened
  • Tricking people into downloading fake, malicious COVID-19 tracking maps that infect their computers or phones

Contact us directly for more information about accessing employee training. Our Security Awareness Training and Phishing platform reduces risks and helps prevent data loss and downtime: (877) 716–8324

How DiamondIT is Fighting Back and Protecting Clients

Managed service providers are considered an essential service, and we are fully supporting our clients during the stay-at-home California government directive. For the safety of our team and yours, we’re working remotely. We will service on-site needs when it is a public safety need such as the needs of our police department and municipality clients.

Please contact us immediately with your cybersecurity concerns, questions about new remote licenses or if your current IT team is overloaded and unable to transition you to a virtual environment. We are ready to help make IT work for you again.

No Internet, No Phones, No Access: The Alarming Implications of the PBVUSD Ransomware Attack

By Matt Mayo

DiamondIT, Founder and CEO

In January, Panama-Buena Vista Union School District’s network was infected by ransomware which shut down the school’s phone system and all Windows computers. While school officials lamented late report cards and using manual processes for communications, temporary hotspots and an examination into internal controls and network security, my mind turned to the real issue here – the protection of our children at school.

In a generation that relies on school phone systems and networks to thwart the very real possibility of a school shooting, the significance of the recent data breach at Panama-Buena Vista USD is alarming. It brings to mind the question: What are school districts doing to make sure students are protected and emergency systems are operable at all times?

Your IT Manager’s IT Department

Background

Daniells Phillips Vaughan & Bock (DPVB) has served central California businesses with tax and accounting services since 1956 in its Bakersfield location. DPVB is a well-respected member of the area business community and, for the last 60 years, has strived to lead the CPA industry in adopting state-of-the-art technology solutions to better serve clients in Bakersfield and Kern county.

Thomas Woods, DPVB Director of Information Technology, has been at the forefront of these efforts for the last 17 years.

The Iranian Threat & How 3 Cali Organizations Avoided Disaster

Would You Survive a Cyberattack?

For over a month you’ve heard about the threat Iran poses to U.S. businesses. Have you taken steps to prepare? According to FEMA, 90% of small businesses fail within a year, if it takes them more than 5 days to re-open after a disaster. Thinking “It won’t happen to me” is easy now, but won’t help you if a worst-case scenario unfolds.

As the Cybersecurity and Infrastructure Security Agency (CISA) detailed in their alert, previous Iranian targets include the financial sector, a dam in New York and a corporation in Las Vegas.  Even if your business isn’t directly targeted, you can still anticipate an impact from the Iranian cyberterrorism threat. A large vendor you work with, like Microsoft, might be targeted and take systems offline, or an attack might have a reverberating impact on the economy that you need to be ready for.

Build your cyber incident response plan now.

Ransomware on the Rise: How to Improve Network Security in 2020

1. California-based medical supplier hit with ransomware

When hackers gained access to Solara email accounts, they extracted employee and patient information. Solara is a medical device provider based in Chula Vista and maintains highly sensitive personal information about patients. Although the company has taken steps to prevent future attacks, people caught up in last year’s hack are still at risk and need to carefully monitor the Dark Web to see if their information is for sale.

Cyberattacks Increase as Organizations Scramble to Protect Themselves

1. SMBs being pushed into bankruptcy by data breaches

A recent survey by Zogby Analytics confirmed what many people already knew: data breaches are wreaking havoc on SMBs. In particular, the financial implications of a data breach are overwhelming their capacity and forcing them to take drastic action. 

The survey, which questioned more than 1,000 small business leaders, found that 37% of SMBs that experienced a data breach suffered financial loss and 25% filed for bankruptcy. Ultimately, 10% of SMBs went out of business following a data breach. SMBs must have a disaster response plan to deal with the high likelihood of being breached.

4 Lessons Learned from Recent Breaches in Bakersfield and L.A.

Some lessons are better learned by observing what happened to others, like the negative consequences of successful cyberattacks. How to protect your organization and data is knowledge you want to acquire without experiencing a breach. The scenarios below illustrate what can go wrong and how you can prevent similar situations at your organization.

Cyber Wars: The Rise of Modern Security

It’s an old battle; one that many have almost forgotten as the enemy lies in wait, counting on inattentiveness to bolster their evil plans.

Sounds like an intergalactic war from Star Wars, huh? With the release of Star Wars: The Rise of Skywalker this December, our ongoing fight against cybercrime comes to mind. Many businesses seem to have become complacent in the fight against cybercrime as 48% of SMBs have budgeted $5,000 or less on security for the upcoming year. This is 54% less than what was spent by small- and medium-sized businesses on cybersecurity last year.

You might think this trend indicates a decrease in hacking, phishing and ransomware attacks on SMBs. Nothing is farther from the truth. Symantec reports employees of small organizations receive spam in 55% of their emails, considerably fewer than emails received by employees of larger organizations.

Cybercriminals Threaten Multiple Industries with Barrage of Attacks

1. Kaiser Permanente says data breach exposed information on nearly 1,000 Sacramento-area patients

The personal information held by Kaiser on 990 Sacramento-area patients was breached in September by an unknown and unauthorized individual. The cybercriminals had access to an email account with access to data including date of birth, gender, provider name, payer name and benefits information, along with other medical-care-specific information.

Unlike credit card and other financial information, personal health histories do not change and can be used to convince individuals that a scam is actually legitimate. At DiamondIT, we have tools and systems in place to identify, analyze and proactively monitor for any compromised or stolen employee and customer data. This prevents personal information from being used against you, your customers or employees. 

New Year, New Regulations – Are You CCPA Compliant?

Californians will ring in the new year with new regulations. If you don’t want the California Consumer Privacy Act (CCPA) to spoil your holiday parties and end-of-year celebrations, now is the time to prepare. We’ve put together this quick guide to get you up to speed on what you need to do to comply with the law.

Do I Need to Pay Attention?

Are you a for-profit business operating in California and collecting consumers’ personal information? You need to follow CCPA regulations if you:

  • Have annual gross revenue exceeding $25 million or
  • Purchase, sell or share data from more than 50,000 consumers, households or devices or
  • Derive 50% or more of your annual revenue from selling consumers’ private information