Frequently Asked Questions

Q: I know cybersecurity is important—but what should I be doing?
  • Encrypt all of your computers. If you are attacked, at least then the information won’t be usable. Both Mac and Windows systems make it pretty easy to encrypt your systems.
  • Make sure your systems are up to date. Most software updates include security fixes.
  • Teach your employees to be very skeptical. They should never click a link in an email, even if it looks legit. They should go to the original site and find the message, if it’s there.
  • Never assume your malware application is keeping you safe. No one application can catch all the methods used by hackers. Even if you have more than one, something can slip through.
  • Never provide someone with a username and password in the same channel. First make sure you’re not giving that information to someone with malicious intent. Then, use one channel for the user name, and another completely separate channel for the password—without linking it to what the password is really for.
  • Backup constantly, to an off-network device. At least then when you are attacked and the attackers have locked you out of all your data, you will be able to use your backup systems and quickly go back to work.
  • Use password applications such as Dashlane or LastPass. They will help you create unique, garbled passwords for each site you visit.
  • Use a browser extension to block malicious sites. You will be warned before visiting a site that might be used to install malicious code onto your computer.
  • Consider hiring a vCISO—a Virtual Chief Information Security Officer—who can design a comprehensive security program that protects every door and window and help your organization gain and maintain compliance, secure and harden your business processes, and protect critical data.
Q: I’ve just been the victim of a ransomware attack. What should I do?
  • Isolate your network traffic to mitigate the risk of continued adversary activity.
  • Do not turn off your servers or computers until they have been checked by a security professional. Quite often there are clues as to the intrusion that will be wiped out if the computer or server is shut down. As per above though, make sure they are disconnected from the network.
  • Verify the state of business-critical system backups and make an offline copy of the backups.
  • Contact legal counsel.
  • Do not try to “clean up” the ransomware without professional assistance.
Q: I think I’m too small of a company to be attacked. Should I be more concerned?
Yes, you should be more concerned. Cybersecurity should be a top priority for all SMBs. Why? 28 percent of breaches in 2019 included SMBs. Sadly, more than 40 percent of SMBs don’t have any type of cybersecurity defense plan in place. One in five don’t use any endpoint security protections. Yet the average cost of an insider-related cyber incident for SMBs is a staggering $7.68 million per incident. So it should be no surprise that 60 percent of small businesses close within six months after a data breach or cyber attack. If you want to stay in business, then you need to make sure your company and employees are prepared to defend against an attack.
Q: What is the biggest threat to my company’s data?

Believe it or not, your own employees are one of the biggest threats to your company data. This is not to say your employees are malicious, but a surprisingly large percentage of cyber attacks are caused by human error. A 2020 data breach report found that 22 percent of breaches were caused by social engineering scams, another 20 percent were caused by simple human error, and another eight percent were caused by employee misuse of information. That’s why it is so important to pay proper attention to the human side of cybersecurity with regular and meaningful cybersecurity awareness training.

One of the primary ways attackers target employees is through phishing emails. An employee clicks on a link in a seemingly innocent email and unknowingly gives an attacker access to the network. From there, the attacker goes on the hunt (often undetected), looking for valuable data to hold for ransom. If you’re lucky, your business has proper back-ups of the data and can retrieve the information. But now attackers are getting smarter and extracting the data. Even if you have a back-up, the attacker can release the information to the public unless you pay up.

Cyber attacks have also been on the rise ever since COVID-19 hit, increasing in both sheer numbers and severity. Two attacks in particular that are on the rise are ransomware and business email compromise. The severity of ransomware attacks increased by 47 percent since the onset of the pandemic, while the total number of email attacks has increased by 67 percent.

No business can ever afford not to take cybersecurity seriously, but it has become even more important in the post-pandemic world. It’s imperative that every business have a vulnerability management program in place, conduct proper cybersecurity awareness training, implement proper endpoint detection and response (EDR) software, and conduct proactive network monitoring for threats. We also suggest seeking the advice of a virtual Chief Information Security Officer (vCISO) to make sure you have a comprehensive plan in place and adapt with the changing threat landscape.

Q: How do I know I can trust Blue Team Alpha with my cybersecurity?

Blue Team Alpha is a 24/7 professional team specializing in all aspects of cybersecurity. We can help you in all stages of cybersecurity, from assessment to proactive planning to emergency incident response and remediation. Our team includes certified cybersecurity experts with deep experience in handling all varieties of cybersecurity incidents across many industries. We have successfully remediated incidents stemming from ransomware, Business Email Compromise, phishing, advanced persistent threat, and more.

We understand how important every second is when you’re the victim of an attack. That’s why we have an emergency hotline in place and a live chat option on our website. We are here—for you—and will work around the clock to get your business back up and running. We can even have hands on keyboards within an hour in the event of an attack.

We are proud to be able to say that 95 percent of our incident response work comes from our partners. They know that we will respond swiftly and appropriately when a cyber attack occurs, and they trust us with their customers’ cybersecurity. Our team of experts are well-versed in cybersecurity frameworks such as HIPAA, HITRUST, NIST 800-172, NIST 800-53, Payment Card Industry Data Security Standards, and the General Data Protection Regulations. Our leadership team has experience in network services, security tools, security operations, and server administration, and we have worked on projects for the Department of Defense, the Congressional Research Service, and Facebook.

Our penetration testers and engineers consist of Certified Incident Handlers, Certified Ethical Hackers, OSCPs, and Certified Information System Security Professionals (CISSP). Additionally, they hold certifications in such areas as VMWare, CCNA, CFEFE, SECURITY+, A+, Extreme Networks, Quest Vranger, Quest DataVault, and ESI Phones. You can trust that Blue Team Alpha has the right people on board to respond immediately and effectively to any type of cybersecurity incident.

Q: I have an IT professional, or an IT department, or an outsourced IT service. Why would I need cyber security?

Cyber attackers are becoming more aggressive and more varied in their methods and approaches, thanks to “kits” being sold on the Dark Web that make attacks easier than ever.

IT managers are most experienced with networks and applications. They do not specialize in cybersecurity.

Cybersecurity experts keep up with the latest methods and use the latest tools to identify threats and stop them from multiplying in your networks. One small, seemingly insignificant piece of code can prepare your network for a ransomware attack, installed months before the attack occurs. Normal antivirus software often misses this installed code. Whenever we find signs of malicious behavior, there is usually an IT manager involved and antivirus applications installed.

Q: How can I find out if my systems are already compromised?

The best way is with a Compromise Assessment, either for your email or your overall systems. We will scan your system for malicious code or other signs of compromise. We will come back to you with recommendations. If we find malicious code, we will recommend how it should be eliminated and the rest of your systems checked further for additional intrusion or system manipulation. If we do not find that your systems are compromised, we will recommend what you should be doing to avoid being compromised in the future.