You KNOW you could have / should have done more to protect your business data… but now it’s too late and your computers have been compromised.

What should you do in the event of a data security breach?



Just like a fire or medical emergency, time is of the essence. The attack may still be underway or causing further damage.

  • In the case of a virus or malware, the more people who open the email, the more computers will be infected.
  • Hackers can continue downloading files as long as they have open access. Less than 48 hours after a breach, the attacker will have control of a network – you need to act fast.
  • If the threat is coming from inside the building (an employee or contractor who either inadvertently or with ill intent caused the breach), you’ll want your IT team to be able to clearly see the source of the issue.

You don’t want a junior IT guy giving it his best shot. If you don’t have an experienced IT partner, NOW is the time to find one! (Note, however, that just like calling 911 to summon a helicopter to medically evacuate you off a cliff and into to an emergency room, finding an IT partner during a data security crisis is likely to be both difficult and expensive.)

The risk here is that if you have under-trained IT personnel panicking and changing settings, it may be difficult for your IT team to understand what really happened and diagnose the root cause of the issue. Don’t make the problem any worse than it is. Call in IT Professionals.

2. Assess and contain the damage.

Your IT professionals and senior leadership team need to set aside blame (at least for now) and be in tight communication about what happened and how to proceed in fixing the data security breach.

Hopefully you have a disaster recovery or business continuity plan in place, along with documentation of your passwords and backup of all your systems.

Your damage control team needs to decide:

  1. Is the breach contained?
  2. How severe is the damage?
  3. What steps do we need to take now?
  4. Who needs to know? If sensitive data was exposed, you’re likely legally required to notify those who are potentially impacted and/or government agencies.
  5. How can we prevent this from happening in the future?

3. Take data restoration steps.

Every situation is unique. Some actions need to be taken immediately, while others may happen over the coming days, weeks and months. Depending on what happened, restoration from a data security breach could mean:

  • Restoring files from backup
  • Changing all passwords
  • Taking a system offline until security updates can be applied
  • Paying the ransom on the ransomware (which is a terrible idea, for so many reasons!)

4. Communicate.

First to employees and then to anyone affected outside your organization, you need to clearly communicate:

  • What happened
  • How you’re fixing the issue
  • Any steps those impacted need to do to protect themselves

5. Get committed to data security.

Small businesses are not immune from cybersecurity attacks. With fewer resources to fight and recover from a breach, it’s even more important for you to Integrate security into your platform. One component of our data security offerings is to use Microsoft 365 for:

  • Identity & access management
  • Threat protection
  • Information protection
  • Security management
  • Device and application management

We also believe strongly in user data security training.

Many employees share passwords, not considering the data security ramifications. In over 63% of data breaches, attackers gain access through weak, default, or stolen user credentials.  Your technology and people need to work together to keep your business protected from malicious cybersecurity attacks.

Beyond user training, there are a few other ways you can safeguard your business:

Microsoft 365 for Data Breach Recovery

One of the solutions we use in our data security practice is Microsoft 365, which has all the perks of Office 365, plus advanced security and device management tools. Microsoft 365 helps us both with remote network monitoring, but also for data breach recovery.

Here’s some of what Microsoft 365 can do after you’ve been breached:

  • Automatically investigate and mend endpoint threats
  • Recommend what to investigate and remediate
  • Investigate company-wide emails to remediate threats
  • Visualize a hacker’s lateral movement
  • Recover OneDrive files
  • Remove ransomware

Call Us for Data Breach Prevention

We don’t want to be your 911 IT emergency call. We want to be your day-to-day IT partner who keep your IT systems health and your systems secure with IT services like:

  • Continually monitoring network traffic for anomalies
  • Maintaining backups and testing restore procedures
  • Having a “red book” of system admin credentials and vendor contact information
  • Enforcing IT policies and procedures
  • Keeping hardware and software up-to-date

Don’t wait until it’s too late – give us a call today – 1.586.263.1775.


Data Breach FAQ’s

What is the most common cause of data loss?

The most common cause of data loss is hardware failure – make sure you’re always backing up your hardware! Other causes include; human error, software corruption, theft, and viruses.

What happens when there is a data breach?

A data breach puts ALL of your personal and financial records at risk. This makes you vulnerable to identity theft, compromise of customer data, compromise of employee data, loss or risk or intellectual process, and virus attacks.

How to protect yourself after a data breach?

Take data restoration steps: 
1. Restore files from backup.
2. Change all passwords.
3. Take systems offline (if needed) until security updates can be added.
4. Integrate security into your platform.

How serious is a data breach?

A breach in your hardware will always be serious. It can lead to destruction, alteration, loss, or access to all personal data. Assessing the problem ASAP will lessen the blow.

Phishing Detection Is Becoming Harder

Recently I’ve noticed an uptick in very legitimate-appearing phishing emails. One came in as an email from “someone I knew” saying they had a task for me and to send them my personal number so they could reach me. My alarm bells went off because:

  1. The real person already had my phone number.
  2. They had “reached” me just fine through the email – why ask for my phone number?

Upon closer inspection, I could see that the person’s name was there, but the actual email address looked suspicious. One of the reasons we recommend getting an Office 365 or G-Suite account instead of using a free Yahoo or Gmail account is that employee emails are authenticated. We’ve had clients who have accidentally given away private information, mistakenly believing they were giving the information to a co-worker. As you can imagine, this data breach leads to a whole host of headaches.

Phishing Prevention Best Practices

  1. Never give out your email password.

  2. Never send passwords via email.

  3. Never send credit card information via email.

  4. Never send HIPPA or other sensitive information over email.

Email is an insecure platform. Even without hackers being involved, you could mis-type an email address and inadvertently expose sensitive information. Don’t take the risk. The small convenience factor isn’t worth it.

Common Phishing and Malware Scams

Hackers are becoming quite sophisticated, I’ve seen a few good imposters of Microsoft emails lately. Here’s a good example and where to look for clues that the email is not legitimate.

phishing email from microsoft

If you were to open up one of these emails, you expose your network to:

  1. Computer viruses, which are designed to self-replicate by sending an email from YOU to all the people in your contact list.
  2. Ransomware, where the hackers hold your data hostage until you pay them. FYI: Don’t pay them!
  3. Spyware, which will collect information from your computer and send it to the hackers.

How To Identify Phishing Emails

How can you find a phishing email / malware?

  1. Look at the sender’s email address. Usually the sender’s email address will not be a legit email associated with the organization that they are claiming to be from. They may claim to be from a company or a bank or even a friend or coworker, but the email address could have a totally different domain address.
  2. Look at who they are addressing. If they are part of a legitimate company that you work with, they should know your name. If it is a phishing email, it will most likely address you by your email address or a general name such as customer.
  3. Be on the lookout for bad grammar. Many times, there can be small to moderate grammatical errors that could easily be missed when quickly scanning an email.
  4. Be wary whenever someone tries to get you to provide personal information. They may give their own links that do not go where they say they will go, Hover over the link to see the website address. If you’re in doubt, ignore the email. Open a new web browser and login to your account. If a bank, Microsoft, Paypal or other service provider has a special alert, you can get the same information by going directly to their site.

Preventing Phishing and Malware Scams

Anti-virus software, firewalls and other data security solutions can stop most malware attacks, but they’re not infallible. If you open a suspicious email, contact an IT Professional IMMEDIATELY. The longer you wait, the worse the problem can become.

We help clients with data security breach prevention – and post-malware cleanup. Need our help? Give us a call at 586.263.1775 or

Small Business Data Security Breach

disaster recovery planning

Hurricanes. Floods. Fires. Tornados. Natural disasters remind us that we can’t control everything. What we can control is how we prepare in advance and how we respond afterward.

Read more

Setup a Small Business VPN

Will ISPs sell your data?

Last week Congress voted to allow ISPs to sell your data.  This news has people in a panic, concerned about what the ISPs can or will share.  Some sites, like Motherboard, predict a data pilfering free-for-all, proposing that information shared may include:

“Financial and medical information. Social security numbers. Web browsing history. Mobile app usage. Even the content of your emails and online chats.”

Other sites give us some reassurances that ISPs would show more restraint and that this rule change was only created to enforce consistency.  Wired magazine’s article, “Big Cable’s Case for Selling Your Data Doesn’t Hold Up” argues that you get what you pay for. Just as Facebook and Google offer free services, but “FREE” comes at the expense of being able to collect information and use it to serve up targeted advertising.  While this measure is flawed, creating consistency and clarity of the FCC rules would actually be a good idea.

In response to this ruling, Minnesota has already voted to pass internet privacy protections and other states will likely follow suit.

Don’t panic. But take data security precautions.

As a consumer, you’ll of course want to protect your personal devices.  But be cautious.  Reports show that up to 38% of Android VPNs on the Google Play store are plagued with malware. According to the Hackread article, the 10 worst VPNS are:

  1. OkVPN
  2. EasyVPN
  3. SuperVPN
  4. Betternet
  5. CrossVPN
  6. Archie VPN
  7. HatVPN
  8. sFly Network Booster
  9. One Click VPN
  10. Fast Secure Payment

Businesses need to take even greater data security precautions.

Businesses have all the same concerns as consumers, PLUS more. Leaking information could reveal:

  • Trade secrets
  • Pricing information
  • Client email addresses and private information
  • and much more!

That’s why many larger businesses (especially those in finance, health and other industries with compliance regulations) insist that remote employees exclusively connect through a VPN.

What is a VPN?

VPN stands for Virtual Private Network.  Basically this technology allows users who are on a public WIFI to create a secure, direct connection between the remote device and the main office server. Think of it like a tunnel, where all of the data that travels through this tunnel is encrypted. No one, except the VPN server IT administrators can see this data, not even your ISP.

How to setup a Small Business VPN

For small businesses, VPNs are frequently setup using software. Larger businesses often use VPN hardware that comes with additional functionality for data load balancing and a hardware firewall.  Whichever you decide – VPN software or VPN hardware – you’ll want to ensure you do all the steps to set up your VPN correctly. Setup is critical, and when done incorrectly will compromise the entire point of having a VPN.

Popular small business VPN software programs include:

·         Windows Server comes with built-in VPN software.

·         Vyprvpn

·         Hamachi VPN [AM8]

·         OpenVPN

All of these VPN software programs are well vetted. Which VPN solution is right for you? Well…that depends – on your IT environment, the number of users you plan to have on the system and the level of security you want to achieve. If you’d like our advice and are interested in having a professional IT team  set your VPN up for you, please schedule a free 30-minute call with one of our technical specialists.

VPN Consultation

Ghosts in the machina

IT Policies & Procedures

Do you have a tight onboarding / offboarding checklist you use when hiring a new employee or consultant? If not, it’s likely you have “ghosts” – people who can still access your data, even though they no longer have an affiliation with your company.  Read more

Cloudflare security breach

Cloudflare, a company that hosts and provides services for millions of websites and cloud-based software applications, announced that user data from over 3400 websites has been leaked and cached by search engines. Read more

Portfolio Items