Technology Advisor Blog

Changes are ahead for businesses of all sizes in the Defense Industrial Base (DIB) sector and the supply chain of the Department of Defense (DoD) with new cybersecurity certification requirements on the way. 

New normal. Our new reality. These are the various ways that we describe everyday life in the time of a global pandemic. It means a lot of change, in a lot of ways, for a lot of people. While parenting is definitely more challenging when it comes to managing to homeschool and work from home at the same time, spending so much time on the computer can lead to cyber burnout. Helping the children with schoolwork, jumping on the fifth zoom call of the day, and then trying to stay connected with friends and family on the computer can just be too much. As an IT Managed service provider helping small businesses in the Boston area, we have a big mission to help everyone get their technology to work, and at times we're also feeling a bit stretched thin.

This is a time that we're all depending on technology to "just work". At Ekaru, our jobs already had plenty of “I need help RIGHT NOW” moments that require us to solve problems fast. Careers were depending on emails getting out, networks being up, and employees knowing how to use software and hardware effectively and safely. An ongoing cybersecurity program? It is a priority, but not often one that was at the top of the list – until a breach occurred. Then we're jumping and fixing and panicking right alongside our client. And how did the breach occur? Most likely through human error.  The FBI is reporting that cyber threats are up 400% during the pandemic.  The bad actors are counting on people being distracted and stressed.

Stressful? Yes, we’d say so.
Take that, throw in the complete overhaul of how the global workforce now does their job, mix it up with a global healthcare crisis, and you have a stress smoothie that anyone would have a hard time digesting. "Work from home" to most people means that they are now setting up a space to work effectively or designating an area for the kids to go to school. To the IT employee, it means at least a dozen other things to consider that go alongside which way to face your new desk or place the art station. Securing networks, passwords, supporting remote locations, and ensuring that not only are people working securely, but they are also working within the parameters that you’re able to support if something should go wrong. Stopping rogue downloads of software that they “think might help them do their job in this new scenario” are like trying to contain a balloon that a child has let go of. A small office with eight employees now means eight remote locations.

All of this has led to a cyber fatigue that can lead to all workers experiencing exhaustion and stress.

Avoiding Cyber Burnout
Emergencies are inevitable but assessing your technology ahead of a crisis is going to offset some of those unexpected failures. Take time to tend to your own business so that you can better serve your clients. Ensure that employees are taking time off. Giving your team acknowledgment of their efforts and accomplishments will always go a long way, even if you can’t afford large financial incentives, feeling valued is… well, invaluable. We continue to have ongoing conversations around cybersecurity status so that you can plan ahead, make changes, and provide a response in non-emergency times rather than in just times of crisis. A ransomware attack is the LAST thing anyone can really deal with right now.

The human factor in preventing breaches extends beyond the user, and in this case, is directed at taking care of the humans who support the effort as well. Take a break, get outside and away from your screen, and re-charge. Adapting to the day to day stresses, and staying focused on long term strategic goals is possible with a bit of balance.

Technology is an important part of any cybersecurity plan, but technology can only take you so far.  Getting the right firewall, security patches, antivirus, and other protections are an important part of your small business security foundation, but the last line of defense is your employees.  Will they click on that link?

The New Year is a great time to get organized!  Learn how to use some simple keyboard shortcuts to boost your productivity.  Keyboard "shortcuts" are a combination of keys that give quick access to a particular computer function.  Shortcuts rely on the special keys:  Ctrl, Alt, Shift, Tab, Windows Logo Key (the key with the Microsoft four squares on the lower left of the computer).   

Bell bottoms, neon colors, Rubik's Cube, pet rocks, kale…  Trends come and go, and generally, we’re not one to care much about what’s in style, but cybersecurity trends? That’s one we can get behind and think that there can never be enough of!

So, what can you expect to see as both a consumer, employee, employer, business owner or just a member of the general public who has a computer? Let’s take a look at what we are seeing.

Home is where the heart is.
And it is where the school is, and the office, and unfortunately it is where the likelihood of an attack or breach happens as well. That means that you need to ready your home and prepare to not only protect but also respond in the event of your network or smart devices being compromised. Ensure that as a worker or student, you are well protected and working with your IT support staff to have all security measures in place. It won’t be easy since many of us are playing catch up to the unexpected transition from last year to work from home scenarios, but it will be of the utmost importance as we move forward with this being the structure for the foreseeable future.  Don't get overwhelmed as there are many smart and affordable options for security.

Inside Job
There is a horrible phenomenon that is growing in popularity known as insider-threat-as-a-service. Yes, you can buy a disgruntled employee to sabotage a business and compromise data integrity by stealing information or breaking the business from inside. While this has been around for longer than 2021, with the hiring process for remote employees being done via video or other long-distance methods, it isn’t always easy to gather and gain the trust you might have had from years of sharing office space.  A solid onboarding AND offboarding process are important parts of any business plan.

Fake ID
Stolen credentials can be used for more than obtaining a credit card. Yes, you can build up an identity and establish credit, but you can take it a step further and build up a history that doesn’t exist in reality to the person it is being created for. This is a step up from the insider job that can happen, but you do need to be aware of who you are hiring and providing your confidential information to.  "Deep fakes" are a big trend, and we can't always believe what we see. 

Bigger Phish
With humans being the biggest risk to cybersecurity and working from home being the norm, you can expect a rise in attacks. Why? Because humans are the easiest point of entry for any hacker, and unmonitored humans are even easier to trick. So phishing scams will be even more popular when it comes to attack attempts. No one thinks they'll be the one to click on the wrong email, but people do.  These types of emails are designed specifically to trick people into opening them.  You can mitigate your risks by using a training platform to make sure everyone on the team is up to date with the latest threats.

The bottom line with any trend is that it will increase and decrease in popularity over time, but the one trend that isn’t going anywhere is the threat of data breaches.  There's no such thing as 100% security, but some basic and affordable solutions will help your organization drastically improve your protection. 

Do I need a password manager?  The quick answer is YES!  

This is the time of year when many businesses decide to upgrade hardware to expense for the end of the tax year.  Every December we see a surge of urgency around getting things done at the end of the year.  If your computers are five years old or more, its time to replace! 

Google published its annual report of top searches, revealing the most popular search terms across many categories.  2020 was a year like no other, and its always fascinating to see the compiled results.

When Google experienced a major outage this morning, we all got a reminder that our "always on" world isn't always on.  Google Docs, gMail, Google Classroom and YouTube were all down early this morning.  The problems were mostly resolved within around an hour, but some users experienced longer outages.

Hackers thrive on uncertainty, and with COVID-19 cases climbing, a long election cycle, and the holidays approaching, there's a lot of stress and chaos in our lives. This is an important time to remember that hackers take advantage of this uncertainty and it's more important than ever to stay vigilant on line.

Small businesses have been particularly hard hit by the pandemic, and with the financial crisis, any stimulus funds from the government are greatly needed, but don't click too fast! Phishing scams and business email compromise (BEC) scams are an ongoing part of cybersecurity awareness training, but it's important to be aware that hackers have more choices including text messages.

We see this in a recent warning from the Internal Revenue Service to not click on any text messages that you receive which claim to have economic stimulus check information in them. In the scam, victims are instructed to provide banking information for the $1200 check to be deposited into. This trick is just another way that online crime is being committed against unsuspecting consumers – the same consumers who are likely vulnerable and looking for assistance during the pandemic.

The IRS will never ask you for your banking information via a text or phone call and will not send unsolicited texts and emails that are asking you for personal information. If you receive any of the above, get the contact information for the caller, or close the website and go to the official IRS website to call in and inquire about the request or demand. Remember, hackers can disguise links to look legitimate, but most – if not all, government websites should end in the .gov extension – but that does not always ensure it is safe! This is just a factor that can help to determine legitimacy. Also, just because a website address includes the "s" with "https" and has a "lock" icon, it doesn't mean the site is safe.

Even if you keep your security up to date with security patches, antivirus updates, firewall, and more,  these types of attacks are designed to basically get you to effectively open the front door. Years ago, fake websites looked fake - it was easy to spot them. Today, fake website are very convincing - great graphics and text, and you may not be to tell you're at a bad site.

This current scam takes you to a site that appears legitimate, and you may be inclined to enter banking information – don't do it. The verbiage will alert you that you’ve already received the stimulus check, you just need to accept it – sounds easy, but don't do it. Do not click on the link. The Get My Payment site that you are likely being redirected to is not legitimate, even if it looks like the real one.

If you receive this text, screenshot it and email it to phishing@irs.gov along with the date that you got the text, the phone number from which it came from, and your own number. Reporting these scams helps organizations increase awareness so others are less likely to be hacked.

At Ekaru, we strongly recommend ongoing security awareness training to keep your business and your employees safe. A strong foundation of security protection is critical, but for threats that are designed to sneak through and trick users, the human factor is so important. If you know how the scam works, you'll be one step ahead of the hackers.