The Value of Communication – An Inspirational Moment Shared…

Oftentimes, when you come across an article that someone is raving about as a ‘”MUST READ – Changed my life”, you glance through it with some skepticism, and then realize that it won’t change your life. However this time I came across one of these “life changing” articles and wow – it peaked my interest! It gave me an entirely different perspective on how to approach a conversation.

Let Trusted Eyes Watch Over Your Network

A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and an untrusted external network, such as the Internet.  Firewalls block unauthorized access to your computer network from hackers, malware and viruses. They monitor data as it passes between your computer, your server, and the Internet to make sure that nothing harmful or unintended slips through. A firewall may block certain downloads, or require system administers to grant authority before opening files that fail to meet their security standards.

Firewalls are a critical component to effective security, and so is the configuration. A poorly-managed firewall can block legitimate activity, causing workflow errors and excess frustration for the end user. Or, a firewall with overly lax restrictions could miss harmful data packets, lending the user a false sense of security while malware and viruses penetrate your network.  If firewalls are not managed and implemented properly, it can leave gaping holes in your security and give hackers the keys to your kingdom.

A firewall should always be properly configured.  Knowing when to override its rules and let data through, as well as to understand how to respond in case of an alert, are judgement calls that require specialized knowledge and experience.  Fortunately, a trusted IT partner like Bryley Systems will not only recommend the proper firewall, but configure, manage, and support it so that your network is locked down.

Regardless of your organizations size, no business owner wants the horrible consequences that a security breach can bring.  Larger organizations often have greater resources to dedicate towards security. If you are a small to mid-sized organization, you generally have fewer resources and smaller budgets, and having your IT network brought down by a cyberattack can bring an organization to its knees.

Unauthorized access to your system files can result in the loss of important data, the leak of confidential client information, or the compromise of other security features.  A properly managed firewall can nip this problem in the bud.

Internet usage has become a surprising sore point in employer-employee relations, as they are often used to block access to certain sites online. While some employees feel that blocking access to popular social media sites and other types of Internet browsing during work hours is simply a way to micromanage personal habits, many business owners feel it is necessary to cut down on the type of distractions that eat up productivity, as well as open up security issues at the office.

There are definite pros and cons to each side, but by prohibiting access to all but a select group of websites (or by using strict controls to determine what other websites are permissible) business owners can safeguard against employees accidentally visiting a dangerous website by mistake. This type of protection can prevent an unsuspicious employee from falling victim to a phishing scam or from entering important information into an insecure website.  A managed firewall/Internet-security solution that provides website filtering can help your organization identify which websites your employees need to be able to access, based upon the type of organization you are, and what the employee’s job role is.  It can even create a custom configuration of settings to block problematic websites for safer Internet browsing.

Having your firewall and Internet-security solution managed properly by an IT partner dramatically reduces the disruption of your day-to-day business tasks while providing you with the protection you need. Your managed IT service provider will maintain proper system configurations and monitor your network for potential security threats and will respond to alerts in a timely manner. Furthermore, your managed IT provider should be up-to-date with new technology, proper certifications, and security compliance regulations that might affect your organization. While you focus on running your business at peak efficiency, your managed IT provider also ensures your software and hardware remains up-to-date.

Educate your staff about the importance and significance of firewall protection and other Internet-security measures. This training can also help your employees spot potential scams before they fall victim to them.

Your organization should also consider other safeguards, such as monitoring software that can spot suspicious activity, or programs designed to detect and remove viruses from your system.

One of the most secure ways to protect your most valuable data is by limiting user access. Make sure to store your most secure files in as few locations as necessary. Only allow access to those employees who need it, and protect it with encryption and strong passwords.

If you would like a more thorough audit of your current security network strategy and needs, please Contact us at 978-562-6077, or by email at ITExperts@Bryley.com to learn more. We are here to help.

Family Computers – Set Up, Usage and More…

A family can benefit from sharing a computer – whether it be the kids, parents or even grandparents.  When you set up this new computer there are a few things to keep in mind so that everyone can enjoy it, especially if you have a large family.

You will want to make sure that the computer will perform to the required standards so that it will fulfill all of your needs.  If you are retiring an old computer, be sure to dispose of the old one properly.

First, if you have only one computer in your home, you should think about putting together a schedule that fits for both children and adults.  Think about the things that need to be accomplished such as homework, study time, family related chores such as bill paying, scheduling the kid’s events, or work related tasks. Figure out the time when everyone needs the computer and set time limits appropriately.  Kids can often overlook their time limits on the computer so have a plan in place as how you will address this.

Most kids will know how to use a computer but it’s important to set the ground rules and locate the computer in a common area so the computer is more visible.  Also think about the location of your computer so that the device is in a safe location to prevent it from overheating.

Each individual member will need an account.  You wouldn’t want your work documents to get mixed up with Jr.’s projects.  Having separate accounts will enable you to control each account and set up the necessary restrictions so that the kids cannot access unsuitable material, chat with strangers or change system controls.  The parental controls are important so make sure that you have put these in place prior to the kids use the computer.  You can also set up shared folders, too.  Since the majority of families have multiple devices such as tablets, smartphones, etc, so you should consider high speed internet. Most families will download and steam content so you don’t want a slow internet connection to be constantly interrupting your tasks, especially when you are sharing it with multiple people.

A key must for any computer is a good quality and up to date antivirus software.  The internet is fun but it can be dangerous, especially for kids and even inexperienced computer users such as a grandparent.  The best software will block web threats, block dangerous web sites, secure transactions, and safeguard your kids.  Top antivirus systems will protect all of your devices.  Take the time to ask questions, do research and be sure this is set up properly.  Email is something every family member can use, but if you have young children then you should set them up with a kid-safe email service.  These services will enable a parent to monitor and control who the kids are emailing, as well as content, and block out inappropriate language.

A family computer will have a lot of data on it.  It typically will contain family photos, school documents, family schedules, music, work related tasks, financial information, and more.  Backing up all of this data is crucial.  Have a scheduled “maintenance” routine to back up data to a hard drive.  You may even consider cloud storage in the event you are concerned about something happening to the hard drive.  In your regular maintenance routine, include cleaning the computer going through files, software, etc., and delete the unnecessary things you don’t need.

Family computers are fun and with a few rules for usage and adequate protection in place along with fast internet and all the software you need, your family will enjoy it – and enjoy it safely.

How CPA Firms Can Benefit from Managed IT Services

Let security and confidentiality be your watchwords!

When it comes to safeguarding your CPA firm’s confidential data, there is zero tolerance for risk. CPAs rely upon various forms of technology to gather data – whether it is a tax return or an independent audit.

CPA firms have made great strides by implementing such technology as electronic data management systems, client portals, and cloud-computing systems. However, records maintained by CPA firms must remain confidential because of professional standards, statutes, and regulations governing record retention. Data breaches can happen in numerous ways, including the following: fraud, hacking, improper disposal of data, or even a lost or stolen device.

A CPA firm will need their IT department (or an outsourced Managed IT Services vendor) to implement and maintain a comprehensive list of data and network security controls. It is helpful to understand the basics:

Perimeter security. This first line of defense includes firewall and intrusion detection systems, in addition to intrusion prevention systems. These should be configured with appropriate restrictions to block and filter both incoming and outgoing Internet traffic.

Endpoint security. Endpoint security requires each computing device on a corporate network to comply with established standards before network access is granted. These measures protect the servers and workstations and include safeguards such as administrative access limitations and anti-virus protection.

Network monitoring. Part of the control environment should include a frequent and ongoing monitoring program for all IT systems.

What We Do

circles

Comprehensive Support Program™ (CSP) — Bryley provides ongoing, proactive maintenance and remediation support to ensure a stable, highly-available computer network. Our most-popular Comprehensive Support Program (CSP) consolidates all end-user devices (mobile and desktop), servers, and computer-network equipment issues into one, Bryley-managed, fixed-fee program. Among the many services delivered under the Managed IT umbrella, Bryley installs and manages all software updates and patches.

Secure Network™ (SN) – An ongoing, managed-IT service that prevents intrusion, malware, and spam from entering the computer network through its Internet gateway and can restrict web-site surfing to inappropriate sites.

Multi-Point Security Hardening Service™ (MPSHS) – A periodic review to harden your computer-network security by reviewing/updating policies and configurations and testing. With this program, Bryley Systems can help your organization comply with the technical aspects of Massachusetts 201 CMR 17.00.

If you are looking for a business partner to help you navigate the ever-changing technology and cybersecurity landscape, we’re here for you. For more information about Bryley’s full array of Managed IT Services, Managed Cloud Services, and Cybersecurity Services please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

Smartphone Security

We all love receiving new technology during the holiday season, but we must remember to protect it.  Whether we like it or not, cell phones and laptops are no longer simply devices – they are an extension of ourselves.  They house important information and records that we wouldn’t dare give a stranger (social security numbers, passwords, confidential information). In fact, we use them for socializing, shopping, banking, browsing, and much more.  Simply for the ease of use, it becomes a habit to stay logged into your accounts on your devices, but the downside is that if your phone is lost or stolen, it can lead to identify theft.  Someone could also hack your phone and access information via web-pages you have visited.  The importance of smartphone security is something we should all be aware of and implement right away.

Nearly 40% of data breaches are caused by mobile devices.

  1. Employee negligence is typically due to employees who are busy, traveling constantly, or hurrying through a task, and simply not knowing or paying attention to the risks involved.
  2. Theft is a big problem since there are ways to breach a smartphone.
  3. Malicious attacks. Hackers are responsible for the majority of breaches and thrive on those who leave the doors wide open to an attack.  Don’t leave yourself vulnerable.

Here are some tips to enjoy that new device as well as protect your privacy and information:

  • Activate Screen Lock. Perhaps the easiest and first line of defense on any device is the lock screen. After any time of inactivity (usually 30 seconds for cell phones and slightly longer for laptops and desktops), the device should be enabled to auto-lock so no one else can access your information.  On a cell phone, the code is usually four characters, but can be longer.  No matter how protective you may be of your devices, there’s no guarantee that you may not accidentally leave it somewhere.
    • Encryption can do a lot to protect your phone’s data and the good news is that all iPhones and newer Android versions come with their phone automatically encrypt once you set a password.
  • Mind your Apps. We all like the simplicity and efficiency that apps provide, but it’s important to keep an eye on them. There has been an increase in malware attacks, especially on smartphones, since most users gain access to confidential information.  Always read the small print and consider the personal information the app requires. If an app requires significant personal information, reconsider installing it.
    • Always use official app stores. App stores generally approve and vet apps prior to granting them space on the platform. (Always make sure the Web site URL starts with a secure https:// and contains a locked padlock icon.)
    • Check permission for the app. Some apps will ask permission to access certain aspects of the device. While it will make sense for a GPS to ask for your location, the same cannot be said for a flashlight app asking permission to access your text messages.
  • Browse Carefully. When you access a web browser on your smartphone, you should be very careful because it is easy to accept messages that pop up. For instance, you might decide to save your password and other information as it leads to easier access later on.  Unfortunately, that can provide others a way to copy your data. Always use reliable and safe websites and never enter your information on new or unknown websites, especially when they are asking for sensitive information like your credit card or bank details.
  • Remote Wipe. Have security knowing that if your phone is lost or stolen, you can safely wipe the device to protect the data from falling into the wrong hands.  A similar feature can be enabled after a certain number of failed passwords to access the phone (usually it is around 10 attempts before the device is wiped).  This service provided to our clients enrolled under the CSP agreement.
  • Use caution with any links you receive via email or text message. Exercise caution when clicking on links. Phishing scams are not limited to email – a text message can incite you to click on a malicious link or ask for personal information.
  • Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone, while making it more susceptible to an attack.
  • All Wi-Fi was not created equal. Be mindful when using open Wi-Fi. When you are not using your wireless connection, you should keep it switched off. This can ensure that no one else can connect to your device without your permission or knowledge. You should also check your device’s network settings as they might be configured to connect to a network automatically when in range and may not ask for permission. In addition, your home wireless router should also be protected through a password or security code.
  • Run the Updates. Don’t put off downloading updates. Many updates tweak and fix several flaws on your phone that could open a backdoor for hackers.
  • Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off of your phone and reset the phone to its initial factory settings.

 

https://heimdalsecurity.com/blog/smartphone-security-guide-keep-your-phone-data-safe/#
http://www.nsiserv.com/blog/mobile-security-threats
http://www.smallbiztechnology.com/
https://www.networkworld.com/category/malware-cybercrime/
https://www.fcc.gov/smartphone-security
http://pcworld.com

 

2018 Tech Trends

Technology is drastically changing the way we live and work and more adjustments will be apparent in the years ahead.  Instead of thinking “bottom-up” or “top-down,” business and technology needs to be thought of in a hybrid solution.  “From the bottom up, they are modernizing infrastructure and the architecture stack.  From the top down, they are organizing, operating, and delivering technology capabilities in new ways.  In tandem, these approaches can deliver more than efficiency – they offer the tools, velocity, and empowerment that will define the technology organization of the future.”1

IoT is one such tool that continues to gain traction and will have an even larger impact in 2018.  It is estimated that there are currently between 8-15 billion IoT devices.  That’s more than there are humans on Earth!  These devices include everything from home security systems, pacemakers, voting machines, voice-activated cars, personal assistants (i.e. Alexa) and personal health trackers (i.e. FitBit), as well as toys, toothbrushes, and even pillows.2  Having these devices makes life simpler, but will truly help when the devices can “talk” to each other.  Josh Siegal, a research scientist at MIT highlights the importance of interconnected devices and their usefulness: “It’s not about the car or the home, it’s about how your car can talk to your home to tell it that you’ll be arriving home early because your car talked to the roadway to avoid traffic, and now you need to put the heat on a little bit sooner than you would – while still saving energy due to having a smart thermostat. People aren’t used to thinking in such terms today.”2

These new IoT devices must also be able to function with the older technology.  “Having the intelligence in the lightbulb makes it pretty easy to adopt. It’s as easy as screwing in a lightbulb. But the usefulness is diminished when my 8-year-old daughter turns off the light switch – and now my fancy internet-enabled lightbulb is offline.”2

Security is Paramount

Now, more than ever, security is a top concern for organizations.  Individuals were rightfully upset about the Equifax breach, but IoT devices have the potential to leak information that’s just as valuable and sensitive.  It doesn’t help matters that security of these devices seems more like an afterthought.  The most vital, and yet underrated IoT applications are those that “allow administrators to automatically update them when issues are found and enforce strong defaults for things like passwords and encryption.”2 This highlights the importance of conducting due diligence and not rushing the vetting process for a shiny, new technology.  Ultimately, organizations must balance the need for better production and employee satisfaction with protecting company data.  They must know what and where the devices are attaching to the networks and manage accordingly.

IoT Data Analytics

As IoT expands, so too does the amount of information available to organizations.  This information can and will drive business decisions.  A prime example of IoT data analytics helping an organization work more efficiently and profitably is Navistar, who reduced the cost of managing its fleet of 180,000 trucks from 15 cents per mile to just 3 cents.3 Opportunities for cost savings exist in nearly every business, but it must be done judiciously; cost savings needs to be weighed against the cost of storing and sifting through the data.

2018 is poised to see technology have an even greater impact upon organizations.  It helps to have a Managed Services Provider (MSP), such as Bryley Systems to help navigate the ever-changing landscape.  Contact us at 844.449.8770 or by email at ITExperts@Bryley.com to learn more. We’re here for you.

 

1 https://www2.deloitte.com/content/dam/insights/us/articles/Tech-Trends-2018/4109_TechTrends-2018_FINAL.pdf
2 Schuchart, Wendy. IoT for Business: Five Key Trends for 2018. Channel Partners
3 https://www.forbes.com/sites/danielnewman/2017/09/26/top-10-trends-for-digital-transformation-in-2018/#734e6621293a

Is Your Technology Ready for Winter?

Whether or not you love or detest winter, the fact of the matter is that it’s quickly advancing.  Around this time those of us in New England put snow tires on our vehicles, stake our driveways, and put sand or kitty litter in our trunks.  But what about our technology?  How can you protect it from the harsh New England weather?

 

  • Check your surroundings. Prior to turning on any heating device, make sure it is a safe distance from your technology – you do not want to risk melting portions of your device.
  • Keep your technology out of your trunk! Although keeping your laptop in the trunk is a far better option than leaving it in the back seat of the car, it’s still not optimal. If left in a trunk for an extended period of time, severe temperatures can cause computer equipment to fail.
  • Let your devices warm up. How many times have you come in from the cold and had your glasses fog?  It only last a few moments until your glasses acclimate to the new temperature.  The same phenomena occurs inside your computer, but can have more severe consequences including short circuiting the device.  Drastic temperature shifts can also cause the metal components in the devices to expand and contract, potentially causing damage.  The best way to avoid this is to allow your computer to acclimate to the new temperature prior to powering the device.
  • Do not place any heating elements (heating pad, hair dryer, etc.) on or near the device in an effort to speed up the warming process. This can cause more harm than good.
  • Protect your screens. Most screens have an LCD, or liquid crystal display, and run the risk of freezing, making them more susceptible to cracking or shattering.  To reduce the risk of this occurring, reduce exposure to extreme temperatures.
  • Have your charger ready. Cold temperatures cause batteries to drain, so it’s important to keep a charger handy to ensure maximum uptime.
  • Change the Power Settings. “You can keep your laptop warm by changing the power settings to power save mode. This keeps the laptop warm as it continues to run, and instead of shutting down the hard drive, it keeps it spinning. The longer the laptop can be kept running, the warmer it will stay as it generates its own heat.”1
  • Be wary when online shopping. Online shopping is a great way to avoid the crows and get items you desire, but be wary of cyber criminals. We recently wrote an article to provide insight to protect yourself from hackers.

Keeping these tips in mind will enable you to enjoy the winter months and protect your valuable devices.

 

1 https://www.pcrichard.com/library/blogArticle/keeping-your-devices-safe-in-the-cold/800264.pcra

http://abc13.com/weather/winter-ize-your-technology-/467519/

http://tahoetopia.com/news/winterizing-your-computer

https://www.lifewire.com/top-cold-weather-tips-for-laptops-2377656

Shopping Online — Safely

Shopping online is very convenient.  You can click here and there and order whatever product you desire and have it delivered to your front door.  You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day.  The downfall?  Wherever there is money and users to be found, there are malicious hackers roaming around.

Use familiar web sites.  You need to be aware of the safer online shops, like Amazon.  One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of malicious links. However, the most dangerous aspect you should be concerned about is the checkout process. Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name, and address. This opens you up to credit card fraud or social engineering attacks.

What are some key things to be aware of as you’re shopping?  Sticking with popular brands is as good as any advice when shopping online. Not only do you know what you’re getting by way of quality and price, but you also feel more confident that these well-established names have in place robust security measures. Their efforts can be quite remarkable, as researchers at Google and the University of San Diego found last year.1

 A few things to be aware of: 

  • Leery URL’s such as “coach-at-awesome-price.com” or “the-bestonlineshoppingintheworld.com”
  • A strange selection of brands – as an example, the website claims to be specialized in clothes but also sells car parts or construction materials
  • Strange contact information. If the email for customer service is “amazonsupport@gmail.com” instead of “support@amazon.com” then you should be suspicious that online shop is fake
  • Are prices ridiculously low?  An online shop that has an iPhone 7 at $75 is most likely trying to scam you

The old adage “if it seems too good to be true, it probably is,” rings true in this case, and it’s best to steer clear of these sites.

Use Secure Connections.  Wi-Fi has some serious limitations in terms of security. Unsecured connections allow hackers to intercept your traffic and see everything you are doing on an online shop.  This includes checkout information, passwords, emails, addresses, etc.

Before You Buy Online…

  • If the connection is open and doesn’t have a password, don’t use it.
  • If the router is in an exposed location, allowing people to tamper with it, it can be hacked by a cybercriminal. Stay away.
  • If you are in a densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot, this can be a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed. Continue to socialize, don’t shop.

Access secure shopping sites that protect your information. If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed. The site should start with https:// and you should notice the lock symbol is in the address bar at the top.

Update your browser, antivirus and operating system.  One of the more frequent causes of malware is unpatched software.  Online shoppers are most at risk due to the sensitive information involved. At a minimum, make sure you have an updated browser when you are purchasing online. This will help secure your cookies and cache, while preventing a data leakage.  You’ll probably fuss over having to constantly update your software because it can be a time consuming operation, but remember the benefits.

Always be aware of your bank statement.  Malicious hackers are typically looking for credit card data, and online shops are the best place for them to get their hands on such information.  Often times, companies get hacked and their information falls into the hands of cybercriminals.

For this reason, it’s a good habit to review your bank account and check up on any suspicious activity.

“Don’t wait for your bill to come at the end of the month. Go online regularly and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems.”2

Using a credit card vs. a debit card is safer.  Credit cards have additional legal defenses built in that make them safer to purchase online compared to debit cards.  With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.  Ultimately, banks are much more protective of credit cards since it’s their money on the line, not yours.

Additional tips for safety:

  • Never let someone see your credit card number – it may seem obvious, but never keep your PIN number in the same spot as your credit card
  • Destroy and delete any statements you have read
  • Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address
  • Keep confirmation numbers and emails for any online purchases you may have done
  • Immediately call your credit card company and close your account if you have lost or misplaced a credit card

Use antivirus protection.  The most frequent tip on how to be safe online is to use a good antivirus tool. It will keep you safe against known malware.  ”Before you begin shopping, outfit your phone or tablet with mobile security software. Look for a product that scans apps for viruses and spyware, blocks shady websites, provides lost-device protection and offers automatic updates.”3

Do not purchase from spam or phishing emails.  A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order Product” or “Buy Now”, and that’s when the malware attack starts.  A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam.  The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.

Keep a record of your transactions.  If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product.  So, write it down: what you bought, when and from what website.  Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.

Hold on to your receipts and destroy them when you no longer need them.  Keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues.  If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any information about you.

Don’t give out more private information than you need to.  ”In order to shop online you need to provide two types of information: payment information, such as credit card data, and shipping location, which is usually your home or work address. Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.”4

Don’t keep too much information on your smartphone.  These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them.  These devices are now much less about calling people, and more about photos, social media, etc.  Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents.  Be careful what information you store on your smartphone.

If you take a few safety precautions, you can enjoy the convenience of technology with peace of mind while you shop online.

1 https://www.welivesecurity.com – ESET Security Forum
2 https://www.pcmag.com
3 http://www.trendmicro.co.uk/home/internet-safety-for-kids/smart-mobile-tips-for-online-shopping/ – TrendMicro
4 https://bettermoneyhabits.bankofamerica.com/
https://staysafeonline.org – Powered by National Cyber Security Alliance
https://www.americanbar.org – American Bar Association
https://www.foxnews.com
https://www.usatoday.com

 

Worms belong in your Garden, not your PC!

When we think of worms, most of us think of the creature that helps our gardens thrive, however, in the technology field the word “worm” strikes fear into many a technology user.  This particular form of malware has caused billions of dollars in damages in the last decade alone!1 Using Symantec’s definition, worms are “programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file.”1 Some liken it to a chain letter that no one wants, but is far more insidious and damaging.

“They make your computer more vulnerable to future attack, because every machine with a worm infection is broadcasting to the entire Internet that it can be taken over by anyone who cares to copy the method the worm used. Also some viruses and worms disable standard security measures, or install their own back-door services that allow other people to use your computer over the Net.”2

Well-known Worms

The first known worm was the Morris worm in 1988, named after Robert Morris, a student at M.I.T. While the worm was initially harmless, it “quickly began replicating copies of itself onto Internet servers of the day (predating the World Wide Web), eventually causing them to stop working due to exhaustion of resources.”3

In 2001 a worm by the name “Nimda” (admin spelled backwards), infected nearly 2.2 million servers and PCs within a 24-hour period through a multi-pronged approach including searching for unpatched applications, sending an infected mass email to a victim’s contact list, and downloading from a compromised website.4 This worm caused over $635 million in damages and dramatically decreased internet speeds and wreaked havoc on a user’s email account.

One of the more powerful attributes of a worm is its ability to propagate seemingly by itself, with little to no human interaction.  This makes it ideal for cyber warfare.  A prime example of this is the 2010 attack on Iran; the United States and Israel created what is now known as the Stuxnet worm to attack Iran’s nuclear enrichment program.  By the time the worm was discovered and expelled from their infrastructure, 984 uranium enriching centrifuges were destroyed, setting Iran’s nuclear weapons program back by approximately 2 years!5

How does it spread?

What makes worms so dangerous and insidious is that once it is on your machine, it can wreak havoc without the user’s knowledge.  Once the initial sequence is started (opening an attachment, clicking on a link, etc.), the worm will move on its own through the system, impeding the user’s activity.  Worms also infect other machines by self-replicating and sending mass emails through the infected users’ email contacts.1 Oftentimes, victims think they are simply opening an attachment from a friend or acquaintance so their guard is down.

Symptoms

How do you know when you have a worm?  There are several key symptoms that may indicate you have been infected:

  • Emails sent without consent. If you are contacted by an individual in your contact list about a strange email you sent, but have no recollection of, you may be a victim of a worm.
  • Software suddenly appearing on your desktop. If you notice that applications are suddenly appearing on your desktop, or have been removed, that’s a red flag that your machine may be compromised.
  • Slow computer performance. If infected, your machine may run slower as the worm needs memory to effectively run and propagate.
  • Pop-ups galore. If you are seeing numerous pop-ups and messages, it’s a surefire sign that you have a worm or virus on your machine.
  • New windows open when connecting to the internet. A common symptom of an attack or worm is when you connect to the internet and it opens a new window that you did not request.

How to protect against worms

So, what can you do to prevent such an attack from occurring?

  • Be cautious around attachments. Even if you recognize the sender, be cautious if they send you an unexpected email with an attachment and a vague subject line (“You have to see this!”). Be extremely cautious if you don’t recognize the sender.
  • Perform regular updates. Their intended purpose is to quickly push out fixes to bugs that may be occurring and create a safe computer environment. When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal, you need to perform recommended updates.

Working with a managed IT service provider (MSP) can remove a lot of the burden and take away the mystery of proactive measures to protect your business.

Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone.  Let the Bryley experts help protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com.

 

1 https://www.veracode.com/security/computer-worm

2 http://www.bbk.ac.uk/its/services/security/secper/hints

3 https://www.lifewire.com/how-computer-worms-work-816582

4 https://www.symantec.com/avcenter/reference/nimda.final.pdf

5 https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

https://support.microsoft.com/en-us/help/129972/how-to-prevent-and-remove-viruses-and-other-malware

https://www.caida.org/publications/papers/2002/codered/codered.pdf