Technology Advisor Blog

Don't Click on that eMail Security Warning Message!

Posted by Ann Westerheim on 1/21/19 1:53 PM

We do a lot of cybersecurity training at Ekaru and one of things we tell people is to "THINK BEFORE YOU CLICK".  But what do we need to look out for?

Fake email Security WarningHere's an example of an email received today. It sounds pretty important.  The message is saying that there is a security alert for your account, and there's a sense of urgency around clicking on the link to make sure you're protected.  Sounds like something to act fast on, right?  Actually, its just a fake message designed to get you to click on the link which could be a link to "phish" your email credentials, or to trick you into installing malware.  In either case, danger lurks ahead.

One of questions we get a lot, is "how do I know the message is a fake?".  First, assume if you have any doubt whatsoever, this is probably a good "gut" reaction that you shouldn't proceed.

In this case, the email was sent to an "alias", not an actual mailbox, so that was a big giveaway, but perhaps subtle for many users.  An alias is an address that may be used to go to a particular role in your company or to a group of users (like sales, info, techsupport, etc...)  That was the first warning that it's not even an actual mailbox.

The second warning is that if you were to hover over the link, you'll see the link goes somewhere unexpected.  This is also somewhat subtle because many users don't know that what you print in the email, and the actual link can be completely different.   Also, great care must be taken to not actually slip with your mouse and click through.

The third warning is that if you look at the "properties" of the email, the "path" of the email can be revealed in the technical header of the email.  This is also something that would be simple for an advanced user, but most users aren't aware that the "from" address can be easily faked.

With all your security protection in place, all it takes is ONE user clicking on ONE wrong link to do a LOT of damage to your business.

Given that your team probably isn't composed of a team of tech experts, what should you tell your team?

  1. Bring examples of fake messages to your staff meetings and SHOW your team what a spoofed (fake) email looks like.  Years ago they were fully of typos and obviously fake.  Today's messages can look VERY real.
  2. Educate users to trust their gut.  If you have ANY doubt about the email, listen to your instincts.  CALL your tech support to find out if there is a problem with your account.  Call a number you already have, NOT any number included in the email (same goes for any fake credit card alerts, etc.)
  3. Speak up!  Did you click on the link?  You will need to be disconnected from the network and have your system cleaned.  Keep in mind that many advanced threats are designed to run on timers so you may not notice anything right away and keep working.  Create a culture where people feel free to speak up.  Trying to hide something could do a LOT more harm.

Many messages are designed to get loyal and diligent employees to make a mistake.  The bad actors are working all the time to develop new threats.  With the availability of cryptocurrency, cyber crime is now bigger than all organized crime.  

Talk to your employees about security on a regular basis.  THINK BEFORE YOU CLICK!

Tags: email security, cybersecurity

A hacker has your password.  Now what?

Posted by Ann Westerheim on 1/17/19 11:25 AM

Hacker_PasswordThis week an astonishing 773,000,000 records were released in a monster breach.  Security researcher Troy Hunt first reported the data set which includes 772,904,991 unique email addresses and over 21 million unique passwords, all recently posted to a hacking forum.

Hunt reports that the data was posted on line for anyone to take and not even up for sale in the dark corners of the web.  In fact, not only is this the largest breach to become public, it’s second only to Yahoo’s breaches which affected 1 billion and 3 billion users, respectively. Fortunately, the stolen Yahoo data hasn’t surfaced, yet, but there's a good chance that if your information isn't out there yet, it will be soon.  

What can you do?

After your data appears in a hacker forum or somewhere on the Dark Web, there's no way to take it back.  For many, this is a wake up call to take better care of password safety.

  1.  Use STRONG passwords.  In this particular case, it doesn't matter how strong your password is, if its out there its out there, but using strong passwords is a general safety tip to help prevent many other types of cyber attacks.  
  2. Use UNIQUE passwords.  NEVER use the same password (or simple variation) for multiple sites or applications.  Your banking passwords should not be the same as your gym membership password.
  3. Change your passwords frequently.  When you hear about a major breach, this is a good reminder to change your passwords as it could be a long time before your credentials wind up for sale.  Think of it like changing batteries in your smoke detectors.  Use some calendar (daylight saving time?) to trigger the change.  Anything other than using the same password for years.
  4. Use a password manager.  Think about it.  If you need to use STRONG passwords, and UNIQUE passwords, that you change regularly, there is no way to remember these.  If just one employee in your organization cuts corners, this could put you and your organization at risk.
  5. Get Dark Web Monitoring to protect your business.  When breaches make the headlines, everyone takes notice, but this activity happens frequently, and your data can be for sale on the Dark Web long before anyone publicly announces a breach.  Think of Dark Web Monitoring as an early warning system.
  6. Use Two Factor Authentication wherever possible.  If your password is compromised, no one can get access to your stuff without the second authentication.    Many users see this as an inconvenience, but it's a critically important safety measure to safeguard your information.
  7. Educate your employees on cybersecurity.  One weak link and your business may be at risk.  Too many users still think "it won't happen to me", and too many SMBs think they're under the radar because they're too small.  

For more information on the latest breach, check out a comprehensive summary in  Wired Magazine.  

At Ekaru, we're on a mission to provide enterprise-call service to small businesses.  Please give us a call if you have any questions, or to assess your current security situation.  We're here to help!

 

 

 

Tags: password, cybersecurity, Dark Web

Want to achieve your goals in 2019?  Get organized and take action!

Posted by Nancy Amato on 1/3/19 10:50 AM

This Year I WillIt's a new year and a great time to get organized so you can achieve your goals for the year.  January is a great time for business planning, and how you effectively use your time will have a big impact on your ability to achieve your goals.
  • Before leaving work each day create a To-Do list of your priorities for the next working day.  Don’t forget to do this on Fridays.  It will help you become more organized.
  • As you begin your To-Do list never spend more than 30 minutes being confused. Stop ask for help or - you are wasting time.  These are the boundaries you need to set for yourself.
  • One benefit of time management is that if you follow your daily list, it will reduce your stress level.
  • Set up deadlines on your projects. Put a time limit on your tasks.
  • Follow your prioritized list by completing the most critical and demanding tasks first thing in the morning if possible.
  • Schedule a break if needed every 90 minutes for a quick glass of water or a cup of coffee. This will help you maintain high productivity throughout the day.
  • Exercise and regulating your sleep patterns also helps with time management. Any form of relaxation is important.   Exercise is also considered a great stress reliever.  Going to bed the same time every night and waking up the same time every day helps with your overall wellbeing.  Many presenters have brought this up during the Hubspot Inbound conference.
  • Never procrastinate. You know the famous saying ‘Why put off tomorrow what you can do today? Procrastination wastes your time and your company’s time. I recently saw 'Mary Poppins Returns', and Emily Blunt said "Today or Never" - a great motto to live by!
  • This one is tricky: Learn how to multitask!  When working in a fast paced environment it’s the only way to survive some days.  This is not easy and may take lots of practice!
  • Start each day by being on time at work. Everyone has traffic to deal with and family morning rituals, but always give yourself extra time to get to work. If you start your day late everyday then you should stay later to make up your time so why start off late everyday…It’s a waste of your time!

 

If you need a little help with time management try a popular app called Toggl.  This app helps you improve what you are doing during the day.  Toggl will help you see where your time is spent and it will help improve your daily routines.

Tags: SMB, Time Management

Cyber Attacks Increasing - Cape Cod Community College Hacked for $800,000

Posted by Ann Westerheim on 12/12/18 12:01 PM

Cyber Attacks and Small BusinessCyber threats are real and they're local.  Major corporations like Marriott make the big headlines, but too many smaller businesses and institutions think they're "under the radar".  Attacks are widespread and they're automated.  The average firewall is getting hundreds of thousands of intrusion attempts per month, over 50 ransomware attempts, and twelve phishing attempts.   All it takes is ONE user clicking on ONE wrong link and a lot of damage can be done.

Recently Cape Cod Community College was hacked for over $800,000.   In this particular case, a user opened an email that looked like it was from another college, and the user didn't have any suspicions at first.  What they didn't know, was that malware targeted their financial transactions.  The college worked with the FBI and were able to get some of the funds back, but this is actually quite rare.  The college is beefing up their cybersecurity protection now, but waiting until disaster strikes will help next time, but can't undo the damage incurred in this attack.

Working with hundreds of local businesses, we've seen a big increase in the number of threats this year, and we're advising everyone in our community to review all the risks, and make informed decisions about the level of protection needed.  The protection in place over the years (Firewall, Antivirus, Security Patch updates) just isn't enough to protect against the latest threats.  More tools are available to SMBs and the first step is to understand the risks involved.  The level of protection you had in the past is not enough.

"Cybercrime is now larger than all other forms of organized crime put together"  Michael George, Continuum Navigate.

A business class firewall is one of the most important layers of protection against intrusions, and we recommend Sonicwall, recognizedas the leader for SMB protection, but that's just one layer of protection.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through October 2018 including  a 117 percent increase in the number of ransomware attacks.

  • 9.2 billion malware attacks (44 percent increase from 2017)
  • 3.2 trillion intrusion attempts (45 percent increase)
  • 286.2 million ransomware attacks (117 percent increase)
  • 23.9 million web app attacks (113 percent increase)
  • 2.3 million encrypted threats (62 percent increase)


In October 2018 alone, the average SonicWall customer faced:

  • 1,756 malware attacks (19 percent decrease from October 2017)
  • 819,947 intrusion attempts (17 percent increase)
  • 57 ransomware attacks (311 percent increase)
  • 8,742 web app attacks (185 percent increase)
  • 152 encrypted threats (12 percent increase)
  • 12 phishing attacks each day (19 percent decrease)

For more information, read the full Sonicwall Report

We want everyone in our community to fully understand the changes in the threat landscape and what can be done to help better protect your businessCall us to schedule a time to review your current level of protection so you can understand  the protections you have in place, and where there may be gaps that need to be considered.  There is no such thing as 100% security, but understanding the risks and making an informed decision about the level of risk you can tolerate is critical for protecting your business. 

Tags: cybersecurity, SMB, ransomware

The End is Near!  Windows 7 End of Support January 2020

Posted by Ann Westerheim on 12/7/18 1:52 PM

Windows 7Microsoft Windows 7 has long been a favorite operating system for business, but now the end of life for support is just one year away.  Although we're still seeing some line of business applications with problems running on Windows 10, it would be ill-advised to roll out any new systems with this operating system.  The official end date for extended support is January 14, 2020.  After this time, there will be no more security updates, and any system would be at risk for security problems, and out of compliance for a long list of industry security requirements.  

If you don't already have a plan in place to move your remaining systems to Windows 10, now is the time!  Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it's no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.  Check out the Windows Lifecycle Fact Sheet on the Microsoft web site for more information.

As a general rule, we don't recommend upgrading an operating sytsem in place.  We typically recommend changing operating systems when you refresh hardware.  If you have very new hardware, then an in place upgrade may be worth a discussion.  In either case, we recommend having a plan in your 2019 budget to make sure this work is completed well in advance of the end of the year.

Keep in mind that many line of business applications may have problems with Windows 10.  Although Windows 10 was released three and a half years ago, not all third party software providers are up to date and this can lead to a very unpleasant surprise for a business owner.   In some cases, there's a problem because the business is running an old version and the upgrade comes with a significant price tag.  In other cases, the business may be running on the recommended version, but the third-party software provider just hasn't kept up.  This is the main reason we see businesses hanging on to older systems, but in January 2020, these systems will be out of compliance for security and a major risk to the organization.

Get your plan in place now for your remaining Windows 7 systems. We're here to help!  Call us with your questions. 

Tags: Microsoft Windows 7, data security

Watch Out for Holiday Gift Card eMail Scams

Posted by Ann Westerheim on 11/20/18 5:02 PM

Gift CardIt's the holiday season and people are busy, and it's also a season to beware of scams.  There are many different scams related to gift cards, and here's a new one we just saw locally. 

A user received an urgent message from their boss that he needed to get gift cards for important clients and there was a time crunch to get the task done.  The diligent employee replied and immediately started working on the task.  After a few email exchanges back and forth, the employee went to talk to the boss to clarify some final details, and the scam was revealed - the boss never asked for the gift cards.  They were very close to losing $2000 to a crook.

The original email from the "boss" was actually a "spoofed" message.  This is an email that's made to look like it's from a particular individual or organization (like a bank or the post office), but its actually from someone else.  It's illegal to use an SMTP server without authorization, but this doesn't stop a crook, and its actually very easy to fake an email.  The bosses email was never hacked, it was just a trick that used his email address.  The underlying technical details like the return path, etc, will give away the secret, but on the surface, the email looks like a legitimate return address.

  1. Watch out for emails with with a sense of urgency quickly worded to look like they're from a mobile device (iphone, iPad).  The typos are made to make the email appear more familiar and rushed.
  2. NEVER email financial information.  The email exchanged started getting weird when the crook started asking for the authorization codes via email.  This is a red flag.
  3. Don't get tricked if you see a familiar name in the "from" field.  Scammers are getting good at harvesting emails from websites and social media.  This is their full time job.  Make sure your employees are all aware of this trick.
  4.  When in doubt, have a face-to-face or phone conversation to clarify the details.

Sadly there are so many different variations of scams.  The bad actors are constantly working on different variations to get through all the technical and human defenses. 

User education is key!  Think before you click!

 

 

 

Tags: Cybersecurity, email scams, cybersecurity

A Creepy eMail in Your Inbox - Someone Knows Your Password

Posted by Ann Westerheim on 11/12/18 10:02 AM

Social-Media-Graphic-Comprimised-CredentialsThe Cybersecurity landscape is constantly changing, and there's a new threat to watch out for:  Extortion emails that contain either a past or current password.   We saw a big wave of these emails over the summer and shared a blog post with our community,: A Creepy Twist on Ransomware: Using your Hacked Passwords and we're seeing another wave now, with some more variations.

Here's the intro from the new email we're seeing:

"Hello

I'm a hacker who cracked your email as well as devices a few weeks back.  

You entered your password on one of the websites you visited, and I intercepted it. 

Here is the password from <your email address> on the moment of the hack:  <an email you will recognize>

Clearly one can change it, or perhaps you already changed it.  

Nonetheless, it isn't going to change anything, my own malicious software updated it each and every time.

Do not necessarily attempt to get in touch with me or find me, since I sent you email from your own account.  

Via your own email address, I uploaded harmful code to your Operating System.

I saved all your contacts along with friends, acquaintances, relatives, and an entire record of visits to Web resources..."

The email goes on to demand payment to a bitcoin wallet, and references images taken from the webcam.   It further says that law enforcement can't help you.

This email, and emails like it are very scary.  The email is made to look like someone hacked into your email account, but in fact it's just a "spoofed" email (the return path is not actually you, but it looks like it is).  

Bad actors can harvest passwords from the dark web and you may recognize the password identified.  One of the reasons this scam works so well is that you will likely recognize the password, as many people use the same password or similar passwords for multiple accounts.  Threats like this are launched using automated systems, and users who may not be aware of these threats work could be terrified of messages like these.

We track major breaches on a weekly basis, and also monitor the dark web for compromised credentials.  It may take a very long time for a breach to be acknowledged, but with dark web monitoring, you'll get advance notice.  

We strongly advise a layered approach to security.  Employee security awareness training, password managers, next-generation antivirus, and dark web monitoring are strongly advised to help keep your users secure.  The security landscape is constantly evolving and the layers of security you may have put in place years ago are no longer sufficient. 

Everyone has a different level of risk that you're okay with, there are probably some gaps that you're not comfortable with.   Our mission is to make sure you have the information you need to be aware of the current cybersecurity landscape and to make informed decisions about your acceptable risk level.

 

 

How the Dark Web Impacts Small Businesses

Posted by Ann Westerheim on 11/2/18 11:06 AM

DarkWebIdentity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the “Dark Web”.

An article on Lexology explores what the Dark Web is, what information is available for purchase there and how it impacts small businesses.

What is the Dark Web?

The Dark Web, which is not accessible through traditional search engines is often associated with a place used for illegal criminal activity. While cybercriminals tend to use the Dark Web as a place to buy and sell stolen information, there are also sites within it that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.

What's for sale on the Dark Web?

Information sold on the Dark Web varies, and includes items such as stolen account information from financial institutions, stolen credit cards, forged real-estate documents, stolen credentials, and compromised medical records. Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.

What is stolen personal information used for?

When stolen information is obtained by criminals, it can be used for countless activities like securing credit, mortgages, loans and tax refunds. It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.

Why are stolen credentials so valuable? 

Stolen user names and passwords are becoming increasing popular among cybercriminals.  Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those user names and passwords. The idea here is that many individuals have poor password practices and are using the same user name and password across various accounts, including business account such as banking and eCommerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and business-horizons. 

Why should small businesses be concerned about the Dark Web?

Since the Dark Web is a marketplace for stolen data, most personal information stolen from small businesses will end up there, creating major cause for concern. With the media so often publicizing large-scale corporate data breaches, small businesses often think they're "under the radar" and not a target for cybercriminals, however that is not the case. Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrime.

At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media. The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.

How can you reduce the risk for your small business?

To reduce the risks of a cybercriminal gaining access to your company’s information/network, you must ensure you have proper security measures in place. The FTC has a webpage that can assist with security options for businesses of any size.  In addition, it is crucial that your employees are properly trained on security, including appropriate password practices. There is also talk of a government-led cyber threat sharing program which would help enhance security across all industries by sharing cyber threat data. 

Enhanced security technology is part of the solution here, but user security awareness is increasingly becoming the weakest link.  It just takes one user in your organization to click on the wrong link and do a lot of harm.  

Tags: cybersecurity, Dark Web

A New Twist on the Microsoft Support Scam

Posted by Ann Westerheim on 11/1/18 10:42 AM

The "tech support" scam is a common threat on the Internet.  While working on your computer, a pop up will appear that says your computer has a problem and help is just a phone call or click away.  Many of these scams pretend to be from Microsoft.  The graphics may look very professional, and the tech jargon sounds convincing enough that may people fall for these scams.  After the "repair" is done, then you'll be asked for a credit card to pay.  Most people assume they won't fall for a scam, but if you're very busy, and the support price is low enough, it could seem like the fastest and most efficient way to get support and get back to work.  

A new twist on this scam is that some bad actors make the scam more convincing by directing users to go to the Microsoft Support page, and then give them a code to get support via LogMeIn.  Since you've been directed to a legitimate website, you may think you're safe, but the code you enter will simply direct you to whichever user is connected on the other end - NOT Microsoft, because the code is independent of the site. 

LogMeIn Rescue is a remote support tool used by thousands of legitimate businesses, including Microsoft (and Ekaru), but legitimate products are not immune to bad actors with nefarious intent.  Some are using trial accounts and appear and disappear on line, so they're hard to catch.

Always be alert on line.  Many scams rely on busy users who need to get their support problem resolved as quickly as possible and get back to work.  THINK BEFORE YOU CLICK!

If you have any suspicions that something may not be right, DO NOT CONNECT.  If you have already connected, then hit the "kill switch" to end the session immediately.

LogMeIn Disconnect

LogMeIn has set up a site to report abuse.  If you're approached by a suspicious technician, capture and report – but do NOT enter – the six-digit PIN code they provide. Immediately send this and any other related information: https://secure.logmeinrescue.com/ReportAbuse/Send.

They request that you provide the following details:

  • In what way you were approached (email, phone call, etc.)
  • Exact date and time of the scam
  • The PIN code or link you were instructed to use (if you have it).

In general, always be suspicious if someone offers to help you and you didn't ask for help.  Another red flag is if you're asked to either upload or download files, and don't provide any credit card or personal information over the phone.

We recommend on-going security awareness for ALL employees.  The security landscape is constantly changing, and there are probably some gaps that you're not aware of if you're not keeping up.  Scammers are always improving and updating their techniques, so you and your team need to be aware of the latest threats.   Call us for help setting up a security awareness training plan, or sign up for training on-line.

Remember:  If a pop up appears on your computer saying you have a problem and help is available, DON'T call or click.  Call your own trusted computer support specialist instead!

Reference Link from the LogMeIn Support Site:  Avoiding scammer who abuse LogMeIn Rescue accounts.

Tags: cybersecurity, data security

Got Ransomware?  What's your Disaster Recovery Plan?

Posted by Ann Westerheim on 10/30/18 1:50 PM

Social Graphic - RansomwareDisaster recovery is a basic element of good business continuity planning. You've probably heard the phrase and like many businesses, it's something you'll get around to "later". 

Business continuity planning refers to the broad range of plans created so that a business can continue to be operational no matter what negative event might occur. Business continuity planning addresses severe, catastrophic events, loss of a key employee, director, or other principals in the organization, severe natural disasters that incapacitate a physical location, employee mistakes, and insider threats, etc. Basically anything that can go wrong!  Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.

In general, smaller businesses - which often have no IT support staff - will utilize the services of a managed service provider, like Ekaru,  to develop disaster recovery plans.
 
One piece of your disaster recovery planning needs to address how the business can protect its data from a ransomware attack. Unlike more well known viruses, ransomware doesn't just access your data, it locks it down so it is unusable. The business model behind this approach is simple: They are betting you will have no segregated backups and will be willing to buy back access to your data.  Ransomware isn't about how valuable your data is to your attacker, its about how valuable your data is to you.
 
We strongly advise multiple layers of security to protect your data.  There's no such thing as 100% security, so in addition to all the security measures you put in place, a rock solid backup is required.  Plan in advance what your Recovery Point Objective needs to be:  how much data can you lose?  15 minutes?  One hour?  One week?  The frequency of your backup matters.  Also, what is your Recovery Time Objective?  How long can you wait to get your data back?  Some backups may take a week or more to recover?  How much will that cost your business to be down for a week.  Every business has a different level of risk they can live with.  New threats mean this is a question that needs to be constantly revisited, and you may find some gaps that you can't live with.  Plan IN ADVANCE to make sure you fully understand your current risk level, your options to decrease your list, and then make a decision about your level of protection.  One of the worst phone calls we get is from the business got hit with data and it's too late to talk about protection.  You don't need a complicated plan, but don't get caught by surprise.

Tags: backup, cybersecurity, ransomware

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.