Tag Archives: technology

Cybercriminals Confess: The Top 3 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

21 Apr 17
lverbik
, , , , , , , , , , , ,
No Comments
  1. We’re masters at getting you to click on fake e-mails. One of the most common ways hackers gain access to computer networks and devices is via phishing e-mails. Gone are the days when you could easily spot a spammer’s e-mail because of its poor English, typos and punctuation mistakes – attacks are getting more and more sophisticated. That’s because cybercriminals have access to the same cutting-edge online marketing tools that legitimate companies have, giving them the ability to send highly targeted messages that look completely legitimate from sources you trust. These e-mails often use your name, your professional title and may even reference a group you belong to. Further, if you click on the e-mails or respond, you’re inviting a hacker into your network that bypasses a firewall and antivirus software. The only way to avoid getting snared by a phishing e-mail is to NEVER click on, open or respond to any e-mail requesting personal information, passwords, login details, etc. Always go directly to the site.
  2. We automate attacks that work around the clock. Hackers have software programs that systematically test millions of possible passwords to break into your PC. Easy-to-guess passwords are worthless against the power, automation and sophistication of these super-apps that will constantly hammer away at guessing your password. Because of this, make sure your passwords contain both uppercase and lowercase letters, at least one number and special characters – and NEVER use easy-to-guess passwords like “letmein” or “password.”
  3. We can use legitimate web sites to attack you. A growing number of cyberattacks are coming via “drive-by” download, where a hacker gains access to a legitimate, honest business web site (or sets up a site that looks legit on every level) but has malicious code installed called an “exploit kit.” An exploit kit can discover a vulnerability fast by probing your operating system, browser and the software you have installed (like a PDF reader or video player) to find a way to access your PC or network. If you (or your IT company!) aren’t applying regular security updates, you are unprotected against these exploits.

While these are common ways hackers gain access, there are dozens of other more straightforward ways hackers gain access if you’re not diligently updating and patching your network, maintaining an up-to-date firewall, antivirus and spam-filtering unified threat-management system. The days of “That could never happen to me” are gone.

If you want peace of mind that YOUR business isn’t a “sitting duck” to hackers, call us for a free assessment at 317-857-0150. You’ll discover if you truly are protected from common hacker attacks and what you can do now to avoid being an easy target. Call today at 317-857-0150.

Network Abuse: Don’t Push Your ‘Luck’

16 Mar 17
lverbik
, , , , , , , , , , , , , , , , , , , , , ,
No Comments

Look around your office. Isn’t it great to see your team hard at work on their computers? Yet if we take a closer look, let’s see what’s really happening…

Joe, your new sales rep, is poring over last weekend’s game stats…

Amy in marketing is looking for a new job, surfing your competitors’ websites, chatting with their HR people…

Wes, over in customer support, just bogged down your entire network by downloading a video file of Metallica in concert…

Guy, your new hire in shipping, is on hotdate.com, viewing questionable photos…

Bob in accounting is browsing stock-investing sites, in search of a hot tip…

Okay, so maybe it’s not that bad at your company. But this type of behavior will happen to some degree if you don’t proactively prevent it. The real problem is, unfiltered content often links to malware and other threats. Ignore it and you risk productivity losses, legal liabilities, extortion, blackmail and fraud. And not only that, the resulting data loss and corruption can cost your company big-time. Cyberthreats stemming from unfiltered content aren’t something you can count on your lucky leprechaun or four-leaf clover to protect you from.

In today’s mobile environment, content filtering has becoming a greater challenge than ever before. Your company may already be doing some filtering at the network level. However, when was the last time you checked the number of mobile devices linked to your network? As your workforce goes mobile, your network is exposed to a rapidly expanding “attack surface.” With BYOD (bring your own device) now the norm, the old rules of content filtering just don’t cut it anymore.

Are You Making Any Of These Mistakes?

Old content-filtering models presume your network has a safe “firewall.” But now, with BYOD, you need a different way to protect your data. And that’s where endpoint security comes into play. Endpoint filtering keeps devices on your network safe from infection, no matter where they hook into the Internet.

But make ANY of the following mistakes with endpoint security and your network could be a sitting duck:

  1. Missing even ONE endpoint. This applies to tablets and smartphones as well as home-based machines that VPN into your network.
  1. Skimping on security policies, protocols and training. Believing that tech tools alone will keep your network secure is a recipe for breaches. In fact, no technology can keep a network safe if users cut corners.
  1. Leaving endpoint filtering out of your overall security plan. Ad hoc security invites disaster. An improperly designed system exposes holes that hackers love to find.

So, What Exactly Should You Filter?

Forrester Research states that companies whose users access the cloud should:

  • Detect and intercept unusual or fraudulent activities related to data in the cloud.
  • Detect, neutralize and eliminate malware in cloud platforms.
  • Detect and monitor unsanctioned cloud applications and platforms usage.
  • Protect against leaks of confidential information.
  • Encrypt structured and unstructured data in cloud platforms.
  • Investigate suspicious users and incidents.

Between BYOD and ever more complex cyber threats, you simply can’t afford to run around putting out fires. You absolutely MUST proactively defend your network in depth with endpoint content filtering.

Lost Employee Smartphone? Do This NOW!

15 Feb 17
lverbik
, , , , , , , , , , , , , , , ,
No Comments

“Hey boss, I lost my smartphone.”

How well have you prepared for this moment? It will happen sooner or later. If your company has a plan in place, no big deal. If not, you may suddenly get that sinking feeling in your gut …

And well you might. You now have three big worries:

Compliance Issues – If your employee had access to information covered by any number of regulations, your company could be subject to stiff penalties. One employer we know of wound up with a $900,000 fine.

Data Security – Sensitive company data in the wrong hands could spell disaster. Access to your network, secure sites, proprietary files, work-related e-mails and corporate secrets may now be out of your control. You must move quickly to prevent serious financial harm.

Employee Privacy and Property Concerns – If a valued employee had family photos and movies on the device, and you remotely delete all data on the phone, you may now have a disgruntled, or even uncooperative, employee. Especially if company policy regarding BYOD (bring your own device) and data loss were not clearly stated and agreed to up-front.

So how do you prevent a relatively minor incident from blowing up into a big problem? Here are seven smart measures you can take right now to prepare for the day an employee smartphone is lost or stolen:

  1. Install a mobile device management (MDM) system on any employee device to be used at work. This software can create a virtual wall separating work data from personal. It facilitates any security measures you wish to impose. And to protect employee privacy, it can limit company access to work data only.
  1. Determine which devices will be allowed and which types of company data people may access from them.
  1. Require that employees agree with an Acceptable Use Policy before they connect to your network. Make sure these include notice as to conditions in which company data may be “wiped” – i.e., destroyed. Also include specific policies regarding device inspection and removal of company records.
  1. Put strong data protection practices in place. Require use of hard-to-crack passwords and auto-locking after periods of inactivity. Establish protocols for reporting lost or stolen devices. Mandate antivirus and other protective software as well as regular backups.
  1. Designate someone at your company to authorize access to software and critical data. This person can also be your main point of contact for questions about BYOD policy and practices. It might also work well to distribute a resource page or FAQ document to your employees.
  1. Establish a standard protocol for what to do when a device is lost or stolen. Both Android and iOS phones have features that allow device owners to locate, lock and/or “wipe” all data on their phones. Make sure your policy requires that these features are set up in advance. Then, when a device is lost or stolen, your employee can be instructed to take appropriate action according to your protocol in order to protect company data.
  1. And finally, your best protection is to implement a well-crafted BYOD policy in advance. Develop it in partnership with risk management and operations personnel, as well as legal counsel and IT professionals, to come up with an effective and comprehensive plan.

Do not delay on this – it is a serious vulnerability that can and must be addressed in order to assure the safety of your company’s data and systems.

 

Backup

Don’t Rely on Cheap Online Backups for Your Data!

08 Feb 17
lverbik
, , , , , , , , , , , , ,
No Comments

Last Night I Was Startled Out Of Bed In A Cold Sweat,

Heart Racing, With Fear Racing Through My Mind…And YOU Were The Reason For My Panic!

Was I having a nightmare? Was I just watching too many reruns of The Twilight Zone? Had I eaten a big meal before bed? No – it simply occurred to me that you might be relying on cheap, online backups for your data!

And if that data was erased, corrupted or destroyed, you might not ever get it back! The thought of that happening scared me half to death!

You see, your business network creates a lot of important data every day, which means you need regular backups to ensure that you always have access to this information. Many cloud storage services offer remote backup for low prices, but the promise of cheap backups is often too good to be true. Instead of getting the reliable storage you need to protect your business data, you may run into frustrating pitfalls. And THAT is what had me up in the middle of the night.

Here are a few nightmares you might run into in real life, if you’re using one of those cheap cloud backups:

Data Restrictions

Some cloud services claim to have unlimited storage. However, there’s always a limit to what a server can hold. Most cheap backup services don’t have the space that businesses need. This makes it impossible to secure all of your data. Getting more space incurs extra fees, and this could be a problem for small businesses with tight budgets.

Limited Devices

Business networks can be extensive. Many cloud backup services only cover the data stored on one machine. This might work for companies that store all necessary data on a central server, but others may require a more extensive backup solution that covers multiple machines and handles larger amounts of information.

Slower Speeds

Running a backup can take a long time when you have a lot of files to copy. A cheap cloud service can’t offer the resources necessary to speed up this process. Many of them put a cap on the amount of bandwidth you get. This could lead to incomplete backups, especially for businesses that need to copy several dozen gigabytes of data every day.

Lack of Syncing and Versioning

One benefit of cloud storage and backup is the ability to sync the latest versions of files across all of your company’s devices. This service can be a lifesaver for businesses whose employees do a lot of remote work using smartphones or tablets. However, cheaper backup options don’t usually include syncing. They also don’t back up multiple versions of files. Versioning is necessary in the event that a current file becomes corrupted and an earlier version needs to be recovered.

Uncertainty

Although data stored in the cloud can be accessed from anywhere, it’s written to physical servers that belong to the company that handles the backups. All hardware is subject to failure at some point. If this happens, you could lose all the data that you thought was safe. That’s why every backup plan needs to have a fail-safe. You should plan to have at least one storage option in addition to the cloud.

Shaky Security

Business data includes sensitive information that requires encryption before being transmitted. This is true no matter what type of backup you use. Not every cheap cloud solution provides this level of security. Anyone can access information sent without initial encryption. This means that customer data and business transactions could be hacked during a routine backup. Data also needs to be encrypted once it’s on the server to prevent intrusion by hackers. Even then, there’s a chance that employees of the cloud service have access to the key that’s meant to provide this protection on the server end.

Cloud Alternatives

With all of these potential drawbacks to consider, cheap cloud service isn’t likely to be the best choice for your business backup needs. Fortunately, there are many other options that can be set up onsite to give you control over what happens to your data.

Is your data being backed up correctly? Contact us for a free analysis.

5 Tools To Keep Your Kids Safe Online

30 Jan 17
lverbik
, , , , , , , , , , , , , , , , ,
No Comments

School is in full swing, your kids are digging for the data they’ll need to fill all those reports, papers and projects that fuel their passing grades…

And Mr. Google can be their greatest friend when it comes to finding tons of tidbits to keep teacher happy.

But with great opportunity comes great risk…

Threats to your kids’ safety and well-being, posed by bullies, scam artists and pedophiles, lie in wait for the innocent. For example, according to CBS news, odds are about one in seven your kid will get picked on by a cyberbully.

Fortunately, you have a few tools and tricks up your sleeve to keep your kids safe. Here’s a helpful handful that we recommend:

  1. Kids may come across offensive web pages as they search the Internet. They can avoid this content by using child-oriented search engines, such as AskKids or KidsClick.org. This method isn’t always completely effective, so you may want to combine it with filtering software.
  1. A low-cost tablet and smartphone application can monitor, restrict and time your kids’ online activities. Mobicip blocks access to sexually explicit web sites. You may also use it to filter out various other material, such as news, social media or chat rooms.
  1. Cyber Patrol Online Protection offers a similar solution for desktop and notebook PCs. It blocks harmful web sites, logs online activity and limits the amount of time that kids can surf the web. This software also does its best to detect cyberbullying and warn parents.
  1. The STOPit smartphone app lets children tell adults about cyberbullying without risking retaliation. When kids see mean-spirited posts about their peers, they can anonymously forward the messages to parents or teachers. A high school in New Jersey successfully reduced bullying by urging students to use this app.
  1. Garfield, Nermal and Dr. Nova teach kids about Internet bullying in an interactive cartoon known as Professor Garfield Cyberbullying. The iPad app gives children tips on what to do when peers engage in this hurtful behavior. It uses a story about an online animal dancing contest to keep young learners interested.

These tools can make a big difference, but it’s still vital to talk about Internet safety. Be sure to discuss the potential risks with your child. Kids usually benefit when parents take the time to listen and offer helpful advice about specific issues.

Cloud Computing: Good, Bad & Ugly

18 Jan 17
lverbik
, , , , , , , , , , , , , , ,
No Comments

When a network of IT gadgets like routers, DVR machines and closed-circuit TVs can take down hardened, well-provisioned Internet giants like Twitter, Spotify and Amazon – as happened last October – you’ve got to think twice before moving your data to the cloud.

Yes, a move to the cloud can yield big payoffs in terms of cost savings, increased efficiency, greater flexibility, collaboration for your workforce and more. Yet there is a dark side. It would be naive to think otherwise. Your choices about whether and how to use cloud technology in your network merits serious consideration.

So, just what is “the cloud”?

Instead of constantly buying new equipment and software, cloud computing allows you to pay for just what you need. Just as with a utility company, you get software and storage on a monthly basis, with no long-term contracts. Chances are, most of the software you now use is cloud-based. You simply access it on a pay-as-you-go basis.

Similarly, you can store data in the cloud, where it can be easily accessed when you need it. This reduces the need to buy and manage your own backup gear and software, thus reducing overhead. Yet, as with any major decision, it’s critical to be aware of both the benefits and pitfalls of putting your company’s data in the cloud.

The Pros

There are three major advantages offered by cloud computing:

  1. Scaling up or down can be done without major investment or leaving excess capacity idle. It also enables your entire workforce to get more done, where and when they need to.
  1. With data and software in a shared cloud environment, staff can collaborate from anywhere. Everything from HR to accounting, and from operations to sales and customer relations, can be managed from diverse and mobile environments, giving your team greater power to collaborate effectively.
  1. Disaster Recovery. Typically, data stored in the cloud can be easily retrieved in the event of a disaster. It also augments local backup and recovery systems, adding protective redundancy.

The Cons

While the cloud offers obvious benefits, it also increases your company’s potential “attack surface” for cybercriminals. By spreading your communications and access to data beyond a safe “firewall,” your network is far more exposed to a whole bevy of security concerns. Many of them can be addressed with these three best practices:

  1. Social Engineering Awareness. Whether you go cloud or local, the weakest link in your network is not in your equipment or software; it’s in the people who use them. Cybercriminals are aware of this fact. And you can count on them to come up with an endless variety of ways to exploit it. One day it’s a phone call ostensibly from your IT department requesting sensitive data, the next it’s an e-mail that looks official but contains malicious links. Make sure your employees are aware of and trained to deal with these vulnerabilities.
  1. Password Security and Activity Monitoring. Maintaining login security is absolutely critical any time you’re in a cloud environment. Train your staff in how to create secure passwords and implement two-factor authentication whenever possible. Take advantage of monitoring tools that can alert you to suspicious logins, unauthorized file transfers and other potentially damaging activity.
  1. Anti-Malware/Antivirus Solutions. Malicious software allows criminals to obtain user data, security credentials and sensitive information without the knowledge of the user. Not only that, some purported anti-malware software on the market is actually malware in disguise. Keep verifiable anti-malware software in place throughout your network at all times, and train your employees in how to work with it.

Why Cyberthugs LOVE Your Business

14 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

It was a typical morning at the offices of a small Midwestern online retailer. This company, whose name we cannot mention due to a non-disclosure agreement with our source (Gary Miller, GEM Strategy Management) owned a very successful online catalog offering a wide variety of women’s apparel and accessories. They had a terrific reputation and brand, and every reason to be excited about their future.

Then, with a single click, the death spiral began…

An employee received an e-mail with a link to a benign-looking catalog. All it took was one click and the company’s entire network was infected. The Crytowall malware dug deep into the company’s accounting system and customer files, including credit card and social security numbers.

Fifteen thousand customer accounts were locked up by the malware. A ransom demand soon followed, requiring $50,000 for the key. Unfortunately, the company’s backup systems had been down for the last three months. With no way to remove the virus without destroying crucial data, the company had its back against a wall.

They paid for the decryption key. But no luck – it didn’t work. Business came to a grinding halt. The company owners couldn’t afford to rebuild their entire network. Within six months, the company closed its doors, strangled by a lack of sales and cash flow.

Could this happen to you?

Hackers have discovered that small businesses make juicy targets. These criminals love going after small businesses because they’re often the easiest to penetrate. IBM reports that over 62% of the 4,000 cyber-attacks that occur every day target small businesses.

Cyberthugs filch information to rob bank accounts via wire transfers. They steal customers’ personal identity information and resell it on black markets. They nab key information to file fraudulent tax returns, and commit health insurance or Medicare fraud – in your customers’ names.

Most small businesses are easy prey because they fail to take precautions. But you don’t have to be like most small businesses. Here are four things you can start doing TODAY to prevent a shutdown that could destroy your fortunes.

Understand evolving threats – Know what’s at risk in your company. Stay on top of the different schemes hackers use to gain entry. Learn all you can about phishing, spoofing, social engineering, malware, systems hacking, pharming and the latest scams so you can see them coming. Identify your company’s weak points and bolster them as needed.

Institute a dual signature policy – Require that two people sign off on every transaction. At the very least, when in doubt, pick up the phone. Verify all fund transfers or requests for payment before releasing funds.

Ingrain a solid data security policy in your company’s culture – Yes, you need to define and document protocols…but that’s not enough. In order for them to work, they must permeate every activity you and your team engages in. Your employees are the gatekeepers of critical data. Train them to see the warning signs, engage in safe practices and respond effectively to an attack. Examples include using only unique, complex passwords and keeping a “clean desk,” where sensitive information isn’t exposed.

Have – and practice – an incident response plan – Just like a fire drill, being ready for a breach gives your team an edge when faced with a crisis. When everyone knows exactly what to do, you’re better able to nip a hack in the bud.

Why play Russian roulette with your company’s data?

If you’ve been putting off cyber protection measures, thinking, “Oh, that would never happen here,” you are putting your company’s entire future in jeopardy. NOW is the time to call in an expert you can trust to verify that your data is safe in today’s rapidly evolving battle against a host of online bad guys.

When it comes to protecting your data – whether it’s bank account information, customer and employee records or proprietary IP or processes – we’ve got you covered.

5 Common Workarounds For Remembering Passwords, And Why You Should Stop Doing Them Immediately

08 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With everything we do online, it’s impossible to remember all the passwords you need for a web site. So what do most people do? They use one of the following five “workarounds” that make them an easy target for cybercriminals and hackers. Here’s what they are:

  • Using the same password for everything. If hackers gain access to one account, they know you are likely to use the same password for other sites and will use that to try and access everything. Plus, they can easily look at your browsing history to see what sites you’ve been accessing recently.
  • Using easy-to-guess passwords. Without a doubt, obvious passwords such as “123456,” “password” or “qwerty” leave the door wide-open for hackers. Their ever-more-robust programs can sniff out these easy-to-crack passwords in a heartbeat.
  • Allowing your web browser to remember them for you (autofill feature). For highly sensitive web sites, like your bank account, this is a big mistake. Plus, this still doesn’t solve your password problem entirely if you use more than one browser or have multiple devices.
  • Putting them all on a file you save on your hard drive. If a hacker gains access to your computer and discovers that file, you’re toast!
  • Writing them down on a Post-it note on your computer. You wouldn’t lock your house and then tape a key to the doorframe, so how can you possibly think this is safe?

Here’s A Quick and Easy Way To Bullet-Proof Your Passwords

The best solution we’ve found is to use a password manager such as 1Password, KeePass, LastPass or RoboForm.

These popular programs create hacker-proof passwords for you, complex enough to foil intruders, yet stored safely so you don’t have to memorize them. They work with most platforms and use encryption powerful enough that you don’t need to worry about keeping all your passwords in one place.

Choosing and enforcing strong passwords is a chore; but when you consider the costs, loss, downtime and even bad PR that can come with a hacker attack, you cannot take the “easy” road on this.

The #1 Cure For A Sluggish PC

16 Nov 16
lverbik
, , , , , , , , , , , , , ,
No Comments

If you’re often – or even constantly – frustrated with slow loading times, screen freezes or crashing programs, your network may be in desperate need of an upgrade…or a tune-up. Here’s how to make your network run like new again…

Most computers and networks bog down as they age. Here’s why:

● Spyware, viruses and other stealth programs secretly hiding in your machine. And we mean “secretly.” Today’s sophisticated malware is more elusive than ever. Most users will never know what hit them until it’s too late. The only telltale sign that your system has been infected is that it starts slowing down over time. These nasty bugs attach themselves to all sorts of programs in your network and work in the background, undetected.

● Your machine is overdue for replacement. Hey, it can only last so long. Manufacturers don’t spec PCs to last more than about three to five years. When things start slowing down…or you can’t install the latest software…or plug in some of the newer cables…it’s time to start shopping. But there are ways you can extend your computer’s useful life. Which brings me to #3…

● It’s time for a tune-up. Just like a car, your network needs routine maintenance to run at top speed and performance. To keep it running smoothly, there are over 100 checks and updates that need to be done on a regular basis. These include disk defragmentation, patch management and the removal of unnecessary files and programs, to name just a few.

If your computer network hasn’t had the routine maintenance it needs to run well, contact a Techno Pro today!

Winter 2017: Disaster For Your Data?

26 Oct 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With winter just around the corner, everyone around you may be getting “all wrapped up” in the upcoming holiday season…

But you’ve got a business to run, customers to keep happy and mission-critical data to keep safe, even if a major blizzard, lightning strike, windstorm or epic flood is taking place right outside your door.

Here are 5 easy steps you can take this holiday season to get your office prepared for this winter’s worst, without seeming like Mr. Grinch.

Be ready for power outages. A power outage can hurt your business in more ways than you think. Besides employee downtime, it takes time to safely get everything back up and running. Then you need to make sure no critical files have been damaged or lost.

Autosave features can help minimize lost files in a sudden power outage. An uninterruptible power supply (UPS) can give your team anywhere from ten minutes to an hour to back up files and properly shut down equipment. If you need longer power durability during an outage, you might want to look into a backup generator.

Keep lines of communication open. Customer frustration due to production delays and not being able to reach key people at your company can be very costly in terms of both revenues and your company’s reputation. Here are three ways to make sure calls to your office don’t get bobbled when a storm rolls in:
1. Create a new automated greeting to let callers know about changes in hours or closings.
2. Set up an emergency override that automatically reroutes key phone lines to one or more numbers that can be reached during an outage.
3. Make sure you and your staff can access voice mail remotely – from a smartphone, by e-mail as an attached sound file or transcribed message, or as a text notification.

Manage employees working from home. Many of your employees can work from home if need be. But you’ll need to prepare in advance if it’s not the norm at your company. Have your IT specialist check with employees who could work from home during rough weather. They’ll need a virtual private network (VPN) to safely access the company network. Be sure it’s set up well in advance to avoid any glitches when that winter storm hits and you need it most.

Have a disaster recovery plan (DRP) ready to go. Unless you can afford to shut down for days at a time, or even just a few hours, it’s absolutely critical to keep a written DRP on hand. Write out step-by-step details of who does what in every type of winter disruption – from simple power outages to blizzards, flooding or building damage caused by heavy winds or lightning. A downed network can cost your company big-time every minute it’s offline. Make sure your plan includes one or more ways to get it back up and running ASAP. Consider virtualizing key parts or all of your network so your team can access it remotely. Once you’ve written out your plan, keep one copy at your office, one at home and one with your IT specialist.

Get help from a professional you can trust. Trying to recover your data after a sudden or serious outage without professional help is business suicide. One misstep can result in losing critical files forever, or weeks of downtime. Make sure you’re working with a pro who will not only help set up a recovery plan, but has experience in data recovery. The old adage about an ounce of prevention applies doubly when it comes to working with the right people who can help you prepare for – and recover from – whatever winter throws your way.