In many areas of our lives there are myths that we accept as fact. Some of these are actually quite dangerous: believing that lightning never strikes in the same place twice could be fatal. Similarly, there are cybersecurity myths that demand debunking to keep your business safe.

#1 “I’m too small to attack.”Any size of business, in any industry, can be the target of a cyberattack. In fact, hackers often hit smaller businesses because they lack the necessary protection. Also, a small business is more likely to pay a ransom, because it can’t recover otherwise.
Plus, small businesses can be a first stepping stone in a supply-chain attack. After getting into your systems, they might send a faked invoice from you to the larger target. The enterprise client, trusting your credibility, opens the attacker’s malware. Or hackers can use your vendor credentials to gain access to the enterprise network.

#2 “Antivirus software is all I need.”If only it were that easy. You need antivirus software, but you can’t protect all your IT infrastructure with one tool. To detect and defend, you’ll need a comprehensive cybersecurity plan. Combine employee security awareness training with physical security measures, and put in place many layers of network and device defense, too.
Then, keep everything patched and updated. That makes sure you’re leveraging what experts know about the evolving threat environment.

#3 “Cybersecurity is IT’s job, not mine.”You may have an internal IT department you count on to handle cybersecurity. Many businesses also contract with a managed service provider (MSP) to keep them safe. These IT teams will work to secure your infrastructure and protect your data. They will put systems in place to detect threats and identify vulnerabilities. They can ensure appropriate data backup and do disaster recovery planning.
Still, IT experts (whether internal or external) are only one player in the battle. Your employees remain a weak link. They are the ones that may inadvertently download malware, fall for social engineering scams, or use easily guessed access credentials.
 
Your business needs to educate all employees about online safety and cybersecurity threats. Then, it’s everyone’s job to be aware and work to reduce risks to your business.

#4 “Too much cybersecurity will hurt our productivity”This won’t be true if you set up effective security policies and protocols. Add regular monitoring and authentication tools that provide security without adding friction for employees.
In fact, enhanced cybersecurity can actually help your productivity. It frees people up to work on other important business with less worry.
 
Avoid a false sense of securityTrusting any of these myths can leave your business vulnerable to attack. A data breach or IT downtime can be devastating. Don’t risk the worst. Instead, work with IT experts to handle your cybersecurity, backups, compliance, and more. Contact us today at 262-515-9499

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure.
​
Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked. 

Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).

Are Any of These Vulnerabilities in Your Systems??

Microsoft 
Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. It needs to be removed from any computers that still have it installed.

You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.

Here is a rundown of these vulnerabilities and what a hacker can do:

CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.

• CVE-2013-1331: This is a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
• CVE-2012-0151: This issue impacts the Authenticode Signature Verification function of Windows. It allows user-assisted attackers to execute remote code on a system. “User-assisted” means that they need the user to assist in the attack. Such as by opening a malicious file attachment in a phishing email. 

Google
Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.

• CVE-2016-1646 & CVE-2016-518: These both allow attackers to conduct denial of service attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.
• CVE-2018-17463 and CVE-2017-5070 both do the same thing. And like all these others, have patches already issued that users can install to fix these holes.

Adobe
People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities. 

• CVE-2009-4324: This is a flaw in Acrobat Reader that allows hackers to execute remote code via a PDF file. This is why you can’t trust that a PDF attachment is going to be safer than other file types. Remember this when receiving unfamiliar emails.
• CVE-2010-1297: This memory corruption vulnerability. It allows remote execution and denial of service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. You should uninstall this from all PCs and websites.

Netgear
Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws. 

• CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It's present in many different Netgear products.

Cisco

• CVE-2019-15271: This is a vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. This means they can basically do anything with your device and execute any code they like.

Patch & Update Regularly!
These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here.
How do you keep your network safe from these and other vulnerabilities?  You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.
 
Automate Your Cybersecurity!
Patch and update management is just one way that we can automate your cybersecurity. Learn how else we can help by scheduling a consultation today 262-515-9499
 
Article used with permission from The Technology Press.

​Banks and credit card companies are making it easier for us to get money on the go. We can check account balances, pay bills, and transfer funds online. We no longer even have to go into a bank or visit an ATM to deposit checks. But are you banking online safely? 

In the past, all we had to do was protect our PIN number (and remember it). Now, we need a mobile account password, too. The first precaution you can take is to have a strong, unique password. Can you believe that “password,” “123456,” and “letmein” remain common access credentials? Don’t do it! Also, avoid using things that a cybercriminal might guess or be able to learn from your social media. This eliminates anniversaries and birth dates, pets, and children’s names.

Don’t reuse your banking password anywhere else. Sure, if you duplicate the password, it’s easier for you to remember, but, a bad actor could access your credentials for another site. Then, they have that same email and password combo to use to try on your banking or credit card site, too.

It’s also not a good idea to write down your passwords or keep track of them on a note in your phone. If you’re worried about remembering all your passwords, consider a password manager. A high-quality password manager can be a safe way to keep your passwords secret yet available. Top password managers use secure encryption for your access credentials.

Make sure you’re only banking using your own, secured devices. This means don't check your balance or whether a payment cleared while in line at the coffee shop or in the airport. Don’t risk banking using a public Wi-Fi network that a hacker could be accessing to steal sensitive data. You also want to avoid using shared computers to login to your financial data. A cybercafe or library computer could have a keylogger that tracks your login details for criminal use.
​
Watch out for phishing emails that look like they come from your bank, credit card company, or a tax agency. Criminals send urgent emails warning of strange activity or that you’re being audited to get you to react.

Don’t click on any link or download any attachments in an email that appears to be from a financial institution – they don’t send private data directly in emails these days. They will send you to a secure inbox on their site. Always type the institutions’ Web address into the address bar. Otherwise, you might go to a fake, mirrored site that looks legitimate but will rip you off.

Added security for online banking
Two-factor authentication can help protect your financial accounts. Various banks will set it up differently, but you should definitely take the time to set this up. You might have to identify an image you selected besides using your password. Or you might need to enter a code sent to another device (such as a text message to your phone).
The second level of authentication can be an annoyance in our convenience-first society. Still, it keeps your accounts secure, even if cybercriminals access your password.

You work hard for your money, and you don’t want a cybercriminal taking control of or emptying out your financial accounts.

Worried about securing your online activity at home or on mobile devices? We can help. Contact us today at 262-515-9499 for expert support securing your financial data.

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.

Well, a new report by cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Employees at small companies saw 350% more social engineering attacks than those at larger ones.

Why Are Smaller Companies Targeted More?

• Small Companies Tend to Spend Less on Cybersecurity
• Every Business Has “Hack-Worthy” Resources
• Small Businesses Can Provide Entry Into Larger Ones
• Small Business Owners Are Often Unprepared for Ransomware
• Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity

Need Affordable IT Security Services for Your Small Business?
Reach out today to schedule a free technology consultation. We offer affordable options for small companies.