Author: irqsolutions_acvomn

The Crowdstrike disaster is an example of implementing worst practices. In other words, people believing Crowdstrike’s marketing, that software can protect you (or your business) from zero day attacks with third party software is implementing worst practices – as none of these products can protect you from a zero day attack.

The first fact to consider is that no-one needs to purchase anti-virus software anymore; because, both major operating systems come with software that is more than adequate to guard against non-zero day attacks.

The second fact to consider is that the best way to mitigate against zero-day attacks AND malware attacks (i.e. ransomeware) is to make sure all your software is updated (OS and Apps) to the latest version (ASAP) & have a daily backup regiment in place. If all of the businesses disrupted by the Crowdstrike update had followed these practices, the disaster wouldn’t have happened.

If you’d like to have a free conversation about how IRQ Solutions could help you implement best practices, send us a message on our Contact page.

As a general observation, many people don’t use software properly and E-mail clients are an excellent example; where, – over time – users develop unsound methods for managing their inboxes. They are enabled to do so because of their “free” (i.e. spied on) providers proclivity to give them a ridiculous amount of space to hoard their messages. Couple that with robust search tools in their “webmail” and you have a recipe that encourages inefficient e-mail practices. (So they can sell you to advertisers.)

According to this report, professionals (like YOU) spend an average of 28% of your time on E-mail. Thus, allowing your e-mail server & client manage the influx of messages would clearly save most professionals (like YOU) at least an hour a day. How you ask? Well…

First, you should have separate e-mails for work and home (personal) and access them from different devices. That will ensure people you love only show up on your phone and people you work with only show up on your laptop/desktop. Next, they recommend (and IRQ concurs) that you should move e-mails out of your inbox as you read them, that way you won’t run the risk of reading them again later. Next, you should instruct your e-mail client to check for messages once an hour. That way your client will only notify you of new messages on the hour, when you can dedicate 5 to 10 minutes to the new arrivals. Then, instead of filing the read e-mails away in a plethora of folders, decide on three actions to take with each email: Archive, Respond or Task it.

Archive is easy, most clients have a simple button to select and the e-mail is gone. Respond is easy too, create a folder labeled respond, then check the folder each morning to prioritize responses or delegate the response to someone else. Task it requires a good client (IRQ recommends eMclient), where the e-mail is turned into a task on your calendar where it can be tracked until completion. Finally, you should have filters on the e-mail server that flag automated e-mails you want (like trade newsletters) and discard all spam and e-mails you don’t want (i.e a vender who won’t take no for an answer).

IRQ can help you implement these practices to help make your e-mail a much more effective tool for getting your work done. Once you’re on the right domain footing (e-mail & website) we can decide if your business would benefit from an ERP platform (IRQ recommends ODOO) to e-mail invoices to your clients and allow them to pay online with their credit or debit cards.

Quantum computers are going to upend our computer security model and now is the time to mitigate against this eventuality. As discussed previously, the first (and most important) security measure you can make right now is using a good password.

After you have a great password policy, the next security item YOU should be concerned about are: steal now, decrypt later (“SNDL”) attacks. Which are straight forward, and easy to understand. A threat actor (hacker) steals YOUR encrypted data and either attempts immediate decryption attacks – or if that fails – simply holds onto it, waiting for advancement in computing technology to break your stolen data’s encryption.

So, what should you do about this existential threat to your data? Do not entrust third parties (Cloud Company Applications) with your valuable data. For example, its very tempting to use products such as MS Azure, Google Mail, Docs & Drive & any number of other similar cloud computing applications (Clio for Lawyers, Innago Tenant for Commercial Real estate, Clustdoc for Accountants etc…) But a simple search returns that MS Azure was hit, Google Docs was hit & Clio is a target. As the quote from this article plainly states: “Given the sensitivity of the data legal professionals routinely handle, cybersecurity can’t be an afterthought”; and that sentiment goes for every professional service provider.

At IRQ, we eschew popular cloud implementations for independent cloud infrastructure. That is, the connivence of the major players without the huge target. There is no such thing as a computer cloud, it’s a server. All servers have a physical location and can (and probably will) be attacked. Whether the attack is successful depends on the attacker’s skill, motivation and time. Thus, an attacker will spend more time and effort trying to attack Microsoft’s servers than the servers @ Hostinger. Same goes for Google, they have a bigger target on their back than Bluehost.

And this is where YOU can mitigate your risk, with a sound “cloud” solution from IRQ Solutions hosted on an uninteresting (to most attackers) target server.