You would need to be new to the internet to be unaware of threats to cybersecurity. With Internet World Stats reporting that 69% of the world is now online, that naïveté is increasingly unlikely. But is your business doing all it can to prevent email breaches? We know better than to use “123456” or “letmein” as passwords, but the threat remains. No matter the industry, global businesses are always at risk. Scammers send emails and set up spoof domains to get employees to enter access credentials online. Or criminals simply buy leaked emails and passwords from a previous data breach.
Once they’ve gained access, they can easily hide their activity. Setting up a simple “forward all email” rule gives them access to business communications. They can also see what services you use from the emails you receive. For example, they can identify which payroll software your business uses. Then, they go to that site and say they “forgot the password.” The reset instructions go to the email they can already access. So, they follow the steps, delete the email, and take control of the account. Criminals will also impersonate you and send invoices to your vendors or customers. They might send an invoice that looks like your genuine ones, but they end up paying the crooks. These attacks are working for cybercriminals. So, don’t expect email breach attacks to go away any time soon. Instead, take action to reduce the risk of compromise. How to protect your businessEducating your employees is an important first step. You can take all the steps we outline next, but humans will remain your weakest link. You'll want to:
Put a password manager application in place so employees set more complicated passwords. Enable multi-factor authentication on all email accounts. This makes it so that having the stolen credentials isn’t enough. A bad actor may have the username and password, but they also need the user’s authenticating device. That’s less likely. Another important move is to limit access to functions and features online. Take a least-privilege access approach. This means users can perform assigned roles but can't access other applications. This can curtail the damage if one user’s credentials are exposed. Ongoing monitoring of technology for signs of suspicious activity is also key. Set up alerts, and track activity logs. Your business wants to be able to react quickly rather than finding out weeks later about a hack. Keep online attackers at bayCreate a business environment that prioritizes prevention and detection. Email scams aren’t going to slow soon. Instead, your business needs to take action to shore up its defenses. We can help! Contact our IT experts today at 262-515-9499. In many areas of our lives there are myths that we accept as fact. Some of these are actually quite dangerous: believing that lightning never strikes in the same place twice could be fatal. Similarly, there are cybersecurity myths that demand debunking to keep your business safe. #1 “I’m too small to attack.”Any size of business, in any industry, can be the target of a cyberattack. In fact, hackers often hit smaller businesses because they lack the necessary protection. Also, a small business is more likely to pay a ransom, because it can’t recover otherwise.
Plus, small businesses can be a first stepping stone in a supply-chain attack. After getting into your systems, they might send a faked invoice from you to the larger target. The enterprise client, trusting your credibility, opens the attacker’s malware. Or hackers can use your vendor credentials to gain access to the enterprise network. #2 “Antivirus software is all I need.”If only it were that easy. You need antivirus software, but you can’t protect all your IT infrastructure with one tool. To detect and defend, you’ll need a comprehensive cybersecurity plan. Combine employee security awareness training with physical security measures, and put in place many layers of network and device defense, too. Then, keep everything patched and updated. That makes sure you’re leveraging what experts know about the evolving threat environment. #3 “Cybersecurity is IT’s job, not mine.”You may have an internal IT department you count on to handle cybersecurity. Many businesses also contract with a managed service provider (MSP) to keep them safe. These IT teams will work to secure your infrastructure and protect your data. They will put systems in place to detect threats and identify vulnerabilities. They can ensure appropriate data backup and do disaster recovery planning. Still, IT experts (whether internal or external) are only one player in the battle. Your employees remain a weak link. They are the ones that may inadvertently download malware, fall for social engineering scams, or use easily guessed access credentials. Your business needs to educate all employees about online safety and cybersecurity threats. Then, it’s everyone’s job to be aware and work to reduce risks to your business. #4 “Too much cybersecurity will hurt our productivity”This won’t be true if you set up effective security policies and protocols. Add regular monitoring and authentication tools that provide security without adding friction for employees. In fact, enhanced cybersecurity can actually help your productivity. It frees people up to work on other important business with less worry. Avoid a false sense of securityTrusting any of these myths can leave your business vulnerable to attack. A data breach or IT downtime can be devastating. Don’t risk the worst. Instead, work with IT experts to handle your cybersecurity, backups, compliance, and more. Contact us today at 262-515-9499 Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code. The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure. Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked. Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities. This is a global problem.
What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA). Are Any of These Vulnerabilities in Your Systems?? Microsoft Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. It needs to be removed from any computers that still have it installed. You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures. Here is a rundown of these vulnerabilities and what a hacker can do: CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.
Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.
Adobe People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities.
Netgear Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.
Cisco
Patch & Update Regularly! These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here. How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network. Automate Your Cybersecurity! Patch and update management is just one way that we can automate your cybersecurity. Learn how else we can help by scheduling a consultation today 262-515-9499 Article used with permission from The Technology Press. Banks and credit card companies are making it easier for us to get money on the go. We can check account balances, pay bills, and transfer funds online. We no longer even have to go into a bank or visit an ATM to deposit checks. But are you banking online safely? In the past, all we had to do was protect our PIN number (and remember it). Now, we need a mobile account password, too. The first precaution you can take is to have a strong, unique password. Can you believe that “password,” “123456,” and “letmein” remain common access credentials? Don’t do it! Also, avoid using things that a cybercriminal might guess or be able to learn from your social media. This eliminates anniversaries and birth dates, pets, and children’s names.
Don’t reuse your banking password anywhere else. Sure, if you duplicate the password, it’s easier for you to remember, but, a bad actor could access your credentials for another site. Then, they have that same email and password combo to use to try on your banking or credit card site, too. It’s also not a good idea to write down your passwords or keep track of them on a note in your phone. If you’re worried about remembering all your passwords, consider a password manager. A high-quality password manager can be a safe way to keep your passwords secret yet available. Top password managers use secure encryption for your access credentials. Make sure you’re only banking using your own, secured devices. This means don't check your balance or whether a payment cleared while in line at the coffee shop or in the airport. Don’t risk banking using a public Wi-Fi network that a hacker could be accessing to steal sensitive data. You also want to avoid using shared computers to login to your financial data. A cybercafe or library computer could have a keylogger that tracks your login details for criminal use. Watch out for phishing emails that look like they come from your bank, credit card company, or a tax agency. Criminals send urgent emails warning of strange activity or that you’re being audited to get you to react. Don’t click on any link or download any attachments in an email that appears to be from a financial institution – they don’t send private data directly in emails these days. They will send you to a secure inbox on their site. Always type the institutions’ Web address into the address bar. Otherwise, you might go to a fake, mirrored site that looks legitimate but will rip you off. Added security for online banking Two-factor authentication can help protect your financial accounts. Various banks will set it up differently, but you should definitely take the time to set this up. You might have to identify an image you selected besides using your password. Or you might need to enter a code sent to another device (such as a text message to your phone). The second level of authentication can be an annoyance in our convenience-first society. Still, it keeps your accounts secure, even if cybercriminals access your password. You work hard for your money, and you don’t want a cybercriminal taking control of or emptying out your financial accounts. Worried about securing your online activity at home or on mobile devices? We can help. Contact us today at 262-515-9499 for expert support securing your financial data. Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business. Well, a new report by cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security. Employees at small companies saw 350% more social engineering attacks than those at larger ones.
Why Are Smaller Companies Targeted More?
Reach out today to schedule a free technology consultation. We offer affordable options for small companies. Working from home wasn’t novel when the pandemic hit, yet COVID-19 forced businesses globally to give remote work a real try. Two years later, employees have a new view of modern work. Many expect to work from home, at least part-time. If you’re “commuting” daily within your home, you’ll want to consider these easy upgrades for your home office. First, an uninterruptible power supply (UPS) can save you a lot of stress. Although common in the business environment, homeowners may not have thought about one. A UPS allows your computer to keep running in the event of a power outage. Think of the UPS as a backup battery giving you a short window of energy to protect your data. They can also regulate voltage in the event of a power surge.
With a UPS, size typically matters: the bigger the battery, the more power it will store. So, consider what technology you’ll want to keep up and running and for how long. Size can also matter with your computer monitor. Working on a laptop can be convenient, but the screen will be smaller. Setting up your home office with a wide monitor can lead to productivity gains. This is especially true for people who like to keep all their files and folders up on their desktops. You can also reduce the time spent scrolling through open windows with a second monitor. That extra monitor may also save you from printing documents and cluttering your desktop with paper. Improving work quality in the home officeThe business environment is going digital. Do the same with a document scanner that handles many pages at once. Flatbed scanners can provide quality scans, but speed and quantity may matter more. Plus, once your documents are scanned, you’ll be able to search for information using keywords. Instead of poring over pages of text, you can go pour yourself another cup of coffee. If you’re stuck at your desk once the workday starts, invest in a standing desk. There are many options that allow you to easily convert the desk from sitting to standing and back again. This can help your energy levels and reduce stress on your body from sitting in the same position all day. Speaking of reducing physical stress, an ergonomic keyboard is another good investment. Plus, you may want to get yourself a better office chair. Back when your home office was a seldom-used space, sitting at an old dining room chair wasn’t a big deal. Now, though, you’ll want to do your body the kindness of getting a comfortable, supportive chair. One more simple upgrade to consider: noise-cancelling headphones make it easier to focus on your work while dogs bark. You'll also avoid volunteering for extra work without realizing that was what your boss was saying while you were shushing a child. Need help deciding on the right technology for your home office, or want to be sure you set it up correctly and securely? Our IT experts are here to help. Contact us today at 262-515-9499 One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out. New tools replace those that are obsolete. Discontinued technology can leave computers and networks vulnerable to attacks. While older technology may still run fine on your systems that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a security breach. Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a cybersecurity breach. Approximately 1 in 3 data breaches are due to unpatched system vulnerabilities.
Another problem with using discontinued technology is that it can leave you behind. Your business can end up looking like you’re in the stone ages to your customers, and they can lose faith and trust. Important reasons to keep your technology updated to a supported version are:
Older systems are clunky and get in the way of employee productivity. If you keep these older systems in use, it can lead to the loss of good team members due to frustration. 49% of surveyed workers say they would consider leaving their jobs due to poor technology. Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use on your home computer or within your business? The Most Common Offenders Internet Explorer Many moons ago, Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers edged it out. Including its replacement, Microsoft Edge. Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser loses all support beginning on June 15, 2022. Adobe Flash Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it. The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software. Windows 7 and Earlier Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11 are now in widespread use. The Windows 7 OS lost support on January 14, 2020. While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows. MacOS 10.14 Mojave and Earlier Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version. If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple, and you need to upgrade. Oracle 18c Database If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities. The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024. Microsoft SQL Server 2014 Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. And in July of 2024, all support, including security updates will stop. This gives you a little more time to upgrade before you’re in danger of not getting security patches. But it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade. Get Help Upgrading Your Technology & Reducing Risk Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues. We can help you upgrade your technology smoothly and do thorough testing afterward. Schedule a Tech Force Review today. Call 262-515-9499 Article used with permission from The Technology Press. The number of internet-connected devices in homes has been growing. It's increased exponentially over the last decade. A typical home now has 10.37 devices connected to the internet. PCs and mobile devices make up a little over half of those and the rest are IoT devices. IoT stands for Internet of Things. It means any other type of “smart device” that connects online. IoT devices in a home can be everything from your streaming stick to your smart refrigerator. Smart baby monitors and Alexa voice assistants are also IoT.
There's also been another change that has happened over the last couple of years. It has been the increase in remote and hybrid work. The pandemic caused a major shift in where we work, turning the standard office paradigm on its head. Now, working remotely has become the norm for many companies around the world. This has put increased scrutiny on the security of all those IoT devices. They are now sharing a Wi-Fi network with business data and devices. Here are two alarming statistics that illustrate the issue with IoT security:
Hackers Can Use IoT Devices to Access Your Computer and More Smart devices are a risk to any other device on a network. They are typically easier to breach. So, hackers will use them as a gateway into more sensitive devices. A criminal may not care about the shopping list stored in your smart refrigerator. But they’ll breach that IoT device to see what other devices are on the same network. The hacker can then use sharing and permissions that are often present on home networks. Through these, they gain access to your work computer or mobile device. These devices hold important data, and access to personal details. Why are IoT devices less secure than computers and smartphones? Here are a few reasons:
Secure Your Network By Utilizing "Guest" Wi-Fi Just about all modern routers will have the ability to set up a second Wi-Fi network, called a “guest network.” This shows up when you connect to Wi-Fi as a separate Wi-Fi that a device can use to get online. By putting all your IoT devices on a separate network you improve security. You cut that bridge that hackers use to go from an IoT device to another device on the same network. Such as those that hold sensitive information (computers and mobile devices). In fact, when you separate those two (IoT devices and sensitive-info devices) a hacker can't see all. If they breach one of your smart devices, they can't tell you have a PC or smartphone. This is because they’re on the other network. This is an important layer of security to use. Whether you’re a remote worker or use your computer for home budgeting and banking, it can help. All PCs and smartphones usually contain access to online banking or personal information. As you add any new devices to your home network, make sure to connect them to the appropriate network. This keeps the layer of security effective. One more tip: When naming your Wi-Fi networks, don’t use descriptive names. This includes things like “IoT network” or your name, address, or router model name. It’s best to use names that won’t give the hackers valuable information they can use in attacks. With so many remote workers, hackers have begun targeting home networks. They know they can contain sensitive business as well as personal data. Don’t leave yourself open to a breach! Call us to schedule a home internet security review today. 262-515-9499 Patience is often a virtue and being budget-conscious is also a plus in business. Yet taking a “wait and see” approach with business tech is a top IT mistake. There is a lot of uncertainty in the current economy. You may be looking to save money to give your business more budget leeway. But if you don’t make ongoing investments in your IT, your business could suffer.
You might skip software upgrades, but that can put your business at risk from cyber bad actors, who look to exploit weaknesses when people don't upgrade their systems. Deciding to put off replacing older devices or legacy hardware, you may be thinking, "What’s one more year?" It can make a big difference, actually. Your systems may have vulnerabilities that cyberattackers will leverage. Your hardware may not be able to keep up with your business during its busy times, and your people could be working on devices that are no longer supported by the manufacturer. If something does go wrong, you’re on your own. Trying to get by with less when it comes to business technology can hurt your business. We’re not saying you have to throw all sorts of money at every new technology out there, of course; it’s about fitting the right technology to your specific business needs. Business tech: Better now than later Businesses today are undergoing digital transformation. Across industries, people see the advantages of IT. The right technology enhances the quality of work and boosts productivity. You have the tools needed to support faster processing and wider information distribution. Thinking only short-term about technology, as in “it’s working fine for now,” could hurt you in the long run, however, and by not looking after your tech and keeping it current, you could be missing out on:
Moving forward with an MSP There is an inevitability to investment in business tech. You know you’re going to need it. But taking the wait-and-see approach simply puts you at risk of a cyberattack or other productivity drains. Keeping your IT current and investing in this essential area can benefit employee engagement, customer satisfaction, and your business's bottom line. Not sure what technology to focus on while working within your budget? Our IT experts can help. We’ll get to know your systems and your unique needs. Then, we'll make suggestions about the smartest investment areas for your business. Contact us today at 262-515-9499! Hi, Important that we meet discuss speerfishing attacks over business comunicatons. We need to make plan about this IMMEDIATELY. Please click on the link [uurl.callender.com] to make an appointment with IT for quick tutorial. Regards, IT There are several things wrong with this email, and hopefully, you noticed them. All are red flags you can look for to avoid fake meeting requests or calendar-invite scams.
Business Email Communication (BEC) scams are not new. For example:
In 2020, BEC attacks were the most lucrative scam. The US estimated cybercriminals made over $1.8 billion with this approach. Beyond money, falling victim to a BEC attack also costs your business time and reputation. Here’s what to look for and how to protect against BEC scammers. How BEC Scams Work With many more people working from home and meeting virtually, there’s been an uptick in BEC spearfishing attacks. On Gmail, the bad actor needs only your email address to send an invite that adds to your calendar by default. Then, you might click on what appears to be a meeting link, which actually takes you to a malware site. Zoom has also become an attack vector. You get an invite to a meeting that asks you to login into Microsoft Outlook. You’ve done it so many times before, except this is a fake login page, and it’s set up to steal your access credentials. How to Protect Against BEC Scams Educate your users. As with any other type of email scam, users need to learn to be careful about the links they click. Some indicators to look for, which you can see in our opening example, include:
Email addresses, links, and domain name inconsistencies are more bad signs. Plus, be wary if something seems too good to be true (a free laptop?) or is an unusual request (transfer $1 million from the CEO’s account). Google Calendar users can go into General settings, then Event settings, and switch off “Automatically add invitations.” Instead, select “No, only show invitations to which I have responded.” Also, under Events from Gmail, you can stop calendar events auto-generating based on your inbox. Keep in mind, though, that you’ll also be blocking legitimate events. In these days of the hybrid workforce, we’re used to clicking on links from Zoom, Google Docs, and Microsoft Office as part of our daily workflow. The cyber bad guys know this and are taking advantage of it. Unsubscribing from email lists, keeping your email private, and reporting spam to IT can all help. Your business might also benefit from working with a managed service provider to use a third-party spam filter. Our experts can also review your cybersecurity posture and identify areas to improve your defenses. Contact us today at 262-515-9499 |
Tech Force BlogWe provide you with important, practical tips and insight for your technology and networks for both home and business. Archives
June 2023
Categories
All
|