May 14, 2021 (Lubbock, Texas)

The practice of personal safety is pretty common for most of us. We lock the doors to our homes, our cars, and we watch our properties and our neighborhoods for suspicious activity. We teach our children common safety practices, such as “stranger danger” and “stop drop and roll.” But what about the unseen threats that are lurking out on the internet, just waiting for a chance to infiltrate your desktop, laptop, cell phone and other internet-enabled devices?

The first line of defense is obvious – use virus protection software, and keep it updated. This is a no-brainer! There are several great options available for your desktop and laptop computers. Purchasing these packages generally allows you to protect not only your computer, but also your tablet and cell phone.

What else can the average electronics user do to prevent virus, malware, and even ransomware from infecting devices? The same way that you use safe practices to prevent viruses and bacteria from infecting you, and your loved ones. It’s about being careful about what you touch, and allow to touch your computer operating system.

Here are the typical sources of these often-disastrous infections:

Removable media – Which is anything from CD’s and DVD’s to USB (thumb) drives, and SD cards. If you don’t know and trust where they came from, don’t put them into your device – easy! What if you’re not sure what’s on one of these devices and want to know? Use a machine that isn’t connected to the internet and doesn’t have any important files stored on the test machine to check the media contents. Make sure that the machine has virus protection installed and up to date. Use virus software to run a scan on the media device. If the files are recognized items that you need and are cleared by the virus protection protocol, you should be fine to open them on your regular computer.

Internet Downloads – You may not even realize you’re downloading something from the internet! Sometimes, the fun games and quizzes that you see on social media are a hacker’s delight. You will typically agree to expose all of your contacts in exchange for playing the game, which allows hackers to send not only you, but all of your friends and families either fraudulent messages, or links that promise more fun and games that actually install viruses or malware onto your machine. Be wary when you agree to install something on your machine, and be sure that your computer settings don’t allow for auto-installation of new software.

E-Mail Attachments and Links – There are several practices hackers employ to get users to voluntarily load viruses or disclose sensitive information.
Phishing – Hackers will send out the same e-mail to a large group of e-mail addresses, inviting the user to click on a link or open an attachment. The sender may appear to be a legitimate vendor or someone that you know of in your organization. The e-mail may ask you to reply with your username and passwords. Many of these messages tend to threaten something – that your e-mail will be blocked or inactivated, that your Paypal or bank account will be closed. Especially be wary of messages that claim to be government entities – the government will never use e-mail for an initial contact with you.
Spear Phishing – These messages target a specific group of people, such as employees at a company or organization, customers of a specific company, or even a single person. They will use the same tactics as phishing to accomplish a specific set of tasks, including installing virus-ware, ransomware, and disclosing sensitive information.
Whaling – These messages are directed at upper-level executives. The e-mail is actually crafted to look like an official contact from a court that requires that they click on a link to get more information about a subpoena or other legal filing. The link can either install a keylogger or take them to another website that requests that they install a browser add-in, which then installs a keylogger. Keyloggers record every keystroke on a computer, and save the file so that a hacker can access the file periodically and steal corporate secrets and passwords.
Vishing & Smishing – This is a newer type of attack using phone systems, cell phones and texting. The message urges users to call a number or respond to a text with banking or credit card information to prevent account closure.

The best way to handle these attacks is to be aware of what they are, and to avoid any type of response. Mark the items that you receive via e-mail as spam, and be sure to notify your IT provider of the incident. If you accidentally click on a link, turn off your computer as quickly as possible and unplug any internet connection. Notify your IT provider immediately so that they can take proper steps to isolate, evaluate and remove any virus or other malicious software from your machine.

“Staying vigilant against these attacks is the best way to avoid virus disasters,” says Brian Cook, the CEO of Fund Accounting Solution Technologies, Inc. (FAST). “Our secure state-of-the-art data center is constantly monitored and protected against ongoing virus threats. FAST staff is required to take periodic security training to stay updated with the latest threats. We encourage all of our customers to do the same.”

FAST’s Cloud ERP solution provides secure access from any internet connection. Upgrading to FundView eliminates the need for on-premise servers; updates and backups happen automatically, lowering initial investment and recurring annual software cost. FundView’s native document attachment feature stores your organization’s supporting records securely in the cloud.

August 26, 2019 (Lubbock, Texas)

End of summer brings a number of things to mind – back to school, Labor Day holidays, and preparing for cooler weather. It also brings on hurricane season, with tornadoes and flooding. Scorching summer heat may also bring a heightened fire season, which can whip through unexpectedly at any time.

Having a disaster plan in place is critical for local government entities – most likely multiple plans should be created to address different types of emergency events. Here are some pointers with regards to servicing your citizen-customers in the aftermath of a disaster:

1) Identify and Evaluate Critical Service Needs – Form an inter-departmental committee to arrange plans and identify critical services needed by citizen-customers
2) Write Out the Plans of Action – From the critical services list identify the following: If there is a total loss of building, where will services be based/housed
3) Communication – In the aftermath of a disaster, how will key (and secondary) employees communicate in the absence of electronic communication means; and how will the organization communicate to the citizen-customers

Critical Services – What is important? Keeping utilities and protective services (police and fire) available are usually the highest priority a municipal entity has.

Providing Critical Services – Do you have an alternate business location in mind if municipal facilities are inaccessible due to fire, flood or tornado? Possibilities include local hotel or meeting facilities, a mobile RV or other temporary portable facility.

Equipment – Do you have a plan for replacing necessary equipment to conduct business, including computers, printers, furniture, supplies, vehicles and other specialized equipment? You might think about entering into a partnership agreement with other local communities to co-locate and borrow specified equipment until replacements are available.

Communication is very important – if cell towers are down, is there a plan to bring in portable towers with generators to restore cellular service? In the absence of cellular service, do you have handheld radios that can facilitate staff communication? Be sure that those items are fully charged and have multiple sets available at various locations throughout your community. When municipal offices are unavailable, you’ll need to get these communication devices to critical staff members.

Protective Services – Police and Fire services have emergency management plans on file. Ask these staff members to share their plans with the committee for ideas and inspiration.

Information Technology – In the absence of electricity and internet access, you should have a plan for conducting business with paper receipt books and other means of tracking payments, for at least a day or two. With regards to records, saving copies of paper files to cloud storage is highly recommended to all businesses, including municipalities. Visit with your IT consulting company for advice on cloud storage. Make sure that your software providers have cloud-based solutions, and make the switch away from outdated local server-based solutions.

“A great disaster plan ensures that your organization is able to continue its primary function – to take care of your citizens,” says Brian Cook, the CEO of Fund Accounting Solution Technologies, Inc. (FAST). “Our organization’s entire business operation can be run from anywhere in the world with electricity and a reliable internet connection. Our goal is to help our own local government customers take care of day-to-day business in the same manner that we do, faster and easier.”

FAST’s Cloud ERP solution resides in a secure state-of-the-art data center with access from any internet connection. Upgrading to FundView eliminates the need for on-premise servers; updates and backups happen automatically, lowering initial investment and recurring annual software cost. FundView’s native document attachment feature stores your organization’s supporting records securely in the cloud.

Ransomware on the Rise

August 20, 2019 (Lubbock, Texas)

Federal cybersecurity agencies are partnering with state government associations to urge both state and local governments to be vigilant and take action to guard their information systems from the burgeoning incidents of ransomware attacks.

Ransomware attacks have cost businesses, and now local governments, millions in lost revenues, ransom fees, and other damage in recent years.
Affected municipalities include larger cities like Baltimore, Maryland, and Atlanta, Georgia. But recently, that trend is changing and smaller cities are falling victim to ransomware. Latest on the list are two smaller cities in Florida, and currently 23 cities in Texas have been targeted. Today, Bolger, TX and Keene, TX both admitted that they are struggling with taking utility payments due to a coordinated attack the unfolded last week.

The Department of Homeland Security in alliance with the National Governors Association, the National Association of State Chief Information Officers and the Multi-State Information Sharing and Analysis Center issued a three-step guideline to expand normal everyday security measures against ransomware:

  1. Regularly back-up all critical agency systems and store the back-ups offline.
  2. Reinforce basic cybersecurity awareness among employees and remind them how to report incidents.
  3. Revisit and refine cyber incident response plans, as well as have a clear plan in place to address a cyberattack when it occurs.

“Through this collective action, we can better protect ourselves and our communities, and further advance the cyber preparedness and resilience of the nation, “ the groups said in a statement.

“The growing number of such attacks highlights the critical importance of making cyber preparedness a priority and taking the necessary steps to secure our networks against adversaries,” the groups said. “Prevention is the most effective defense against ransomware.”

Local government staff should be vigilant and plan for the following methods of attack:

  • Phishing – Emails coming from known or unknown parties with embedded links or attachments. These email messages can be invitations to check gas prices, fill out a feedback form, or visit a website to win a prize. Sometimes friends unwittingly broadcast infected messages by forwarding jokes or other messages. Do not click on links embedded in emails from parties outside of your organization.
  • Trojans – A similar concept as phishing, trojans can be attached to e-mails or even reside on web pages with “free” services such as fonts, desktop themes and screensavers. Be extremely cautious about downloading free files and services, they can often be infected with trojans.
  • Network Services Exploitation – Keep systems updated often! Putting off upgrading to the latest and greatest versions of operating systems and other programs can open the door for malicious ransomware to take hold and infect the entire network, including servers holding precious data.

“Education of local government staff is key to the prevention of malicious attacks on municipal IT infrastructure,” says Brian Cook, the CEO of Fund Accounting Solution Technologies, Inc. (FAST). “Taking the time to show people what these vicious emails look like and how to quarantine or delete such messages is well worth the time taken. Internet browser security and virus protection is a great start, but personal vigilance makes all the difference against these malicious attacks.”

FAST’s FundView Cloud ERP solution offers a state-of-the-art data center with secure access from any internet connection. Upgrading to FundView eliminates the need for on-premise servers; updates and backups happen automatically – which lowers initial investment and recurring annual software cost.