Shopping Online — Safely

Shopping online is very convenient.  You can click here and there and order whatever product you desire and have it delivered to your front door.  You can compare pricing, look for deals, compare products, and it all can be done quickly and in the convenience of your own home, any time, night or day.  The downfall?  Wherever there is money and users to be found, there are malicious hackers roaming around.

Use familiar web sites.  You need to be aware of the safer online shops, like Amazon.  One tactic favored by malicious hackers is to set up their own fake shopping websites. Fake websites can either infect you the moment you arrive on them by way of malicious links. However, the most dangerous aspect you should be concerned about is the checkout process. Completing a checkout process will give cybercriminals your most important information: credit card data (including security number), name, and address. This opens you up to credit card fraud or social engineering attacks.

What are some key things to be aware of as you’re shopping?  Sticking with popular brands is as good as any advice when shopping online. Not only do you know what you’re getting by way of quality and price, but you also feel more confident that these well-established names have in place robust security measures. Their efforts can be quite remarkable, as researchers at Google and the University of San Diego found last year.1

 A few things to be aware of: 

  • Leery URL’s such as “coach-at-awesome-price.com” or “the-bestonlineshoppingintheworld.com”
  • A strange selection of brands – as an example, the website claims to be specialized in clothes but also sells car parts or construction materials
  • Strange contact information. If the email for customer service is “amazonsupport@gmail.com” instead of “support@amazon.com” then you should be suspicious that online shop is fake
  • Are prices ridiculously low?  An online shop that has an iPhone 7 at $75 is most likely trying to scam you

The old adage “if it seems too good to be true, it probably is,” rings true in this case, and it’s best to steer clear of these sites.

Use Secure Connections.  Wi-Fi has some serious limitations in terms of security. Unsecured connections allow hackers to intercept your traffic and see everything you are doing on an online shop.  This includes checkout information, passwords, emails, addresses, etc.

Before You Buy Online…

  • If the connection is open and doesn’t have a password, don’t use it.
  • If the router is in an exposed location, allowing people to tamper with it, it can be hacked by a cybercriminal. Stay away.
  • If you are in a densely-crowded bar with dozens of devices connected to the same Wi-Fi hotspot, this can be a prime target for an enterprising cybercriminal who wants to blend in and go unnoticed. Continue to socialize, don’t shop.

Access secure shopping sites that protect your information. If you want to purchase from a website, make sure it has SSL (secure sockets layer) encryption installed. The site should start with https:// and you should notice the lock symbol is in the address bar at the top.

Update your browser, antivirus and operating system.  One of the more frequent causes of malware is unpatched software.  Online shoppers are most at risk due to the sensitive information involved. At a minimum, make sure you have an updated browser when you are purchasing online. This will help secure your cookies and cache, while preventing a data leakage.  You’ll probably fuss over having to constantly update your software because it can be a time consuming operation, but remember the benefits.

Always be aware of your bank statement.  Malicious hackers are typically looking for credit card data, and online shops are the best place for them to get their hands on such information.  Often times, companies get hacked and their information falls into the hands of cybercriminals.

For this reason, it’s a good habit to review your bank account and check up on any suspicious activity.

“Don’t wait for your bill to come at the end of the month. Go online regularly and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges, even originating from sites like PayPal. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate. You have 30 days to notify the bank or card issuer of problems.”2

Using a credit card vs. a debit card is safer.  Credit cards have additional legal defenses built in that make them safer to purchase online compared to debit cards.  With credit cards, you aren’t liable if you are a victim of a fraudulent transaction, so long as you report the fraud in a timely manner. Secondly, credit cards give you leverage when it comes to disputing transactions with a seller. If you pay with a debit card, you can’t get your money back unless the seller agrees to it. With credit cards, the money you paid for a product isn’t counted against you until due process is complete, debit card holders however can only get their money back after this step.  Ultimately, banks are much more protective of credit cards since it’s their money on the line, not yours.

Additional tips for safety:

  • Never let someone see your credit card number – it may seem obvious, but never keep your PIN number in the same spot as your credit card
  • Destroy and delete any statements you have read
  • Notify your credit card issuer of any address change. Doing so will prevent them from sending sensitive files to the previous address
  • Keep confirmation numbers and emails for any online purchases you may have done
  • Immediately call your credit card company and close your account if you have lost or misplaced a credit card

Use antivirus protection.  The most frequent tip on how to be safe online is to use a good antivirus tool. It will keep you safe against known malware.  ”Before you begin shopping, outfit your phone or tablet with mobile security software. Look for a product that scans apps for viruses and spyware, blocks shady websites, provides lost-device protection and offers automatic updates.”3

Do not purchase from spam or phishing emails.  A phishing email with a fake offer for a desirable product is a hard thing to resist for many shoppers, so they make an impulsive decision and click on the “Order Product” or “Buy Now”, and that’s when the malware attack starts.  A phishing email is not like a standard email. The cybercriminal simply wants your click, and nothing else. The Unsubscribe button won’t stop the email spam.  The best solution in these cases is for you to simply mark the email as spam, this will remove the mail from your inbox and block the sender from sending more spam.

Keep a record of your transactions.  If you are a frequent online shopper, it may be difficult to remember from which site you bought a certain product.  So, write it down: what you bought, when and from what website.  Compare your spending details with the banking records from your online banking account, keep track of which websites you use for shopping and buying stuff online.

Hold on to your receipts and destroy them when you no longer need them.  Keep the receipt for your purchase, just in case you need to confirm it again, as well as for warranty and return issues.  If you want to get rid of receipt, make sure to destroy it completely, so that any possible identity thief won’t be able to find any information about you.

Don’t give out more private information than you need to.  ”In order to shop online you need to provide two types of information: payment information, such as credit card data, and shipping location, which is usually your home or work address. Be suspicious of online shops that ask for information such as: date of birth, social security number or any other similar information. They don’t need it in order to sell you things.”4

Don’t keep too much information on your smartphone.  These days, everybody stores a lot of important personal information on their phone, and most of us rarely take the time to secure them.  These devices are now much less about calling people, and more about photos, social media, etc.  Increasingly, people shop online using their smartphone, but this carries its own risks. Fake online shops can infect your smartphone with malware, and then have access to information such as phone numbers, notes, photos, and even app contents.  Be careful what information you store on your smartphone.

If you take a few safety precautions, you can enjoy the convenience of technology with peace of mind while you shop online.

1 https://www.welivesecurity.com – ESET Security Forum
2 https://www.pcmag.com
3 http://www.trendmicro.co.uk/home/internet-safety-for-kids/smart-mobile-tips-for-online-shopping/ – TrendMicro
4 https://bettermoneyhabits.bankofamerica.com/
https://staysafeonline.org – Powered by National Cyber Security Alliance
https://www.americanbar.org – American Bar Association
https://www.foxnews.com
https://www.usatoday.com

 

Bryley Basics: What happens when a home is smarter than its owner?

Today, if we forget to turn off the coffee pot, or shut the garage door, we can simply hit a button on our phones, or other devices. According to a study by Intel Corporation, 71% of the population is expected to have at least one smart-home device in every home by 2025.1

This is great news for those of us that are forgetful, but one has to be wary of how much access is granted through these devices. Just like you wouldn’t leave your house keys out for anyone to take, you must also be cognizant of the security of your smart devices.   Last year, hackers were able to bring down several sites by using home devices connected to the internet such as baby monitors, cameras, and home routers without the user’s knowledge.1

There are several steps users can put in place in order to take advantage of these smart devices while remaining protected:

Do your research. Not all smart devices were made equal. It is best to do some research prior to purchasing a device to see what security measures the manufacturers have implemented. Will the device automatically perform patch updates? Does it require a passcode? Will it prompt you to change your password? Knowing this ahead of time, will give added peace of mind.

Secure your devices. By default, many of these devices have a simple security plan in place, since historically they haven’t needed to worry about cyber threats. Prior to a few years ago, no one would have thought you could have your refrigerator tell you what items you would need to purchase on your next grocery trip! Make sure your device requires a passcode that you can regularly update.

Regularly update your Passwords. Make sure to change your password every 60-90 days with a complex password using a mixture of capital and lowercase letters, numbers, and symbols. A password does nothing if it remains at the default factory password.

Separate your Network. As an added layer of protection, put some separation between your devices and the rest of your data. Most of the time, these devices only need an internet connection, so putting them on a different network from the rest of your data protects both of them. “Newer WiFi routers have built-in guest network capabilities that can isolate untrusted devices from each other and from the rest of your network – a useful feature for most devices that only need internet access and don’t need to talk to other devices. Extra configuration may be required to properly secure devices that need to talk to each other (like automation controllers and security cameras), but it’s possible to limit that communication without laying bare the rest of your home’s network.”2

Perform Regular Updates. Some devices will automatically update while others you will have to check. Regardless, it is best to check every so often to ensure the updates are performed and you are protected.

Security of these smart devices is such a concern, Senators Mark Warner, Cory Gardner, Ron Wyden and Steve Daines introduced the “Internet of Things Cybersecurity Act” aimed at forcing tech companies “to ramp up security if they want to sell connected devices to the federal government.”3 This bill is the bare minimum and will block any “IoT devices with known security issues from government use and require device makers to patch any new flaws. Security researchers who hack IoT devices used by the federal government in order to find new flaws would be exempt from the Computer Fraud and Abuse Act, which has been used to charge hackers.”3 It is the hope that this bill will encourage companies to adopt these regulations as standard for commercial sectors as well.

At the end of the day, these devices will become more and more commonplace. As this occurs, security will also improve. There are sure to be growing pains, but like most evolutions, it will improve our lives.

 

  1. 1 Best Smart Home Devices and Hot IoT Is Changing The Way We Live. Forbes Technology Council. 6 Jun 2017
  2. How To Protect your Fancy New ‘Connected Home’ from Savvy Hackers. Best Buy
  3. 3 Congress to smart device makers: Your security sucks. Ng, Alfred. CNet. 2 August 2017.

Why old technology is scarier than SCI-FI thrillers

As we’ve seen from the latest cyberattacks, old technology can be far more scary (and harmful) than the scariest Sci-Fi movies.  “We have the sci-fi depictions of sentient networks that will turn against us, but the problem is, we’ve already built something way too complex for us to be able to manage as a society,” according to Wendy Nather, principal security strategist at Duo Security. “This is a very shaky foundation that we have to clean out and redo.”1

The majority of cyberattacks occur as the result of exploiting a weak spot in legacy software running on legacy machines. “The problem with these outdated systems is that they are (predominantly) no longer supported by the company that created them. You are on your own. If a new vulnerability is discovered by cyber criminals, there will be no security updates released to patch the issue. It’s also unlikely you will be informed of this vulnerability, meaning you are blindly running a system prone to constant attack.”2

These attacks aren’t just perpetrated against small companies. In 2015 and 2016, Russian hackers brought down Ukraine’s power grid, plunging 103 cities and towns into darkness.3

Hospitals are another high-value target for cybercriminals. Medical facilities focus primarily on patient care. Technology if often a secondary concern. The WannaCry attack, for example, struck UK hospitals, forcing many to turn patients away. Security expert, Janie Larson, recounted an incident in which malware had infected EEG machines that were connected to children – disconnecting them to update the software would have proved detrimental to the patients.1 How would you choose between paying the ransom demanded by the hackers and preventing harm to high-risk patients?

So, what can be done to prevent a cyberattack like this?

  • Regularly check for updates and patches on all software and devices in your environment.
  • Be mindful of end of life. Know when your technology will no longer be supported and have a plan in place for when that happens.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent potentially catastrophic data loss and system downtime.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

We’re here for you.

 

1 Larson, Selena. CNN Tech.Why old tech is scarier than Hollywood AI.” 30 June 2017.

2 Jones, Ed. CloudTech.The hidden dangers of legacy technology – and how to resolve them.” 10 October 2016.

3 Perez, Evan. CNN Politics. “U.S. official blames Russia for power grid attack in Ukraine.” 11 Feb 2016.

Google Announces Ad Blocker for Chrome

Google is a fantastic tool to conduct research but as we scan web sites to gain access about the topic of interest, oftentimes pop-up ads and videos appear out of nowhere.  The result is that we turn away from a web site due to these interferences.  Google is aware of this and has come up with a solution that’s set to launch early next year.

What is it?  Ad blocker from Chrome works like an ad filter – it won’t block all the ads from a web site, only the ones that are determined to be too intrusive, like pop-overs and auto playing audio and video. They’ll be filtered because they’re considered to be bad ads, according to the Coalition for Better Adds.  “But who’s part of the Coalition for Better Ads? Google, for one, as well as Facebook. Those two companies accounted for 99 percent of all digital ad revenue growth in the United States last year, and 77 percent of gross ad spending.”1

Sridhar Ramaswamy, Senior VP of Ads and Commerce, said Google wanted to “build a better web for everyone” by eradicating intrusive ads online without removing all ads entirely, since so many sites rely on ads as their source of revenue. “The vast majority of online content creators fund their work with advertising. That means they want the ads that run on their sites to be compelling, useful and engaging–ones that people actually want to see and interact with. But the reality is, it’s far too common that people encounter annoying, intrusive ads on the web–like the kind that blare music unexpectedly, or force you to wait 10 seconds before you can see the content on the page. These frustrating experiences can lead some people to block all ads–taking a big toll on the content creators, journalists, web developers and videographers who depend on ads to fund their content creation.” 2

From a consumer’s end, you won’t have to do anything except for updating your Chrome browser. For publishers, Google will provide a tool that you can run to find out if your site’s ads are violating the guidelines. The blocker will apply to both desktop and mobile experiences.

Bad ads slow the web down and make it annoying to browse.  This is why many consumers install ad blockers to remove all advertising.  If this continues to be the norm, publishers are going to face more obstacles since nearly all web sites rely on ads to thrive.

With Chrome’s ad blocker, wholesale ad blocking can be controlled such that it pleases both the consumer and publisher.  Users get a better browsing experience and publishers can continue to make profits through online ad sales.

“If successful, the move from Google could slow the adoption rate of ad blockers that flat out block all advertising. However, it has drawn criticism from some because of the power it gives Google, which is itself an ad company and now wants to set standards for the entire industry.  Furthermore, Google has also announced ‘Funding Choices’, a new feature currently in beta that allows publishers to show a customised message to visitors using an ad blocker, inviting them to either enable ads on their site, or pay for a pass that removes all ads on that site through the new Google Contributor.”3

Despite some expected criticism, Chrome’s ad blocker will likely result in a better web browsing experience.

If you have any questions about the web or any Managed IT topic, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

References and Sources:
1 https://theintercept.com/
2 https://www.blog.google/topics/journalism-news/building-better-web-everyone/
3 https://www.marketingweek.com

 

Bryley Tips: Password Manager

The days of widespread, biometric-based security (voice recognition, fingerprint reading, eye scanning, etc.) are coming, but passwords are still required in many organizations and at most websites.  The problem:  How do I manage (let alone remember) all of the different usernames and passwords I have out there?

Personally, I use Tasks within Microsoft Outlook, which is secured by my network login:  Within a folder I titled “Usernames”, I create a task for each application and website and then copy-in the date and user information.  This limits my “need to remember” to only one complex password (my network login).  However, I must have access to my Outlook account to retrieve all other user information.

There are better tools called password managers.  These are software applications that “help a user organize passwords and PIN codes”1, which are held in a secure, encrypted file or database.  Many include the ability to automatically fill-in a form-based webpage with the username, password, and any other login credentials.

Most password managers can be categorized thus:

  • PC based – Application running on your PC
  • Mobile based – Application running on your tablet or smartphone
  • Token-based – Requires a separate smartcard, memory stick, or similar device to authenticate
  • Web-based – Credentials are located at a website and must be viewed and/or copied from this site
  • Cloud-based – Credentials are web-based, but are securely transferred for processing to an application running on your PC or mobile device

Most password managers are hybrids and many fit into two or more categories, but all share one trait:  You still need a master password to access your information (although some offer two-factor authentication).

Important characteristics include:

  • Access – Accessible from all devices and browsers
  • Detect – Automatically detect and save from any account
  • Secure – Advanced encryption, two-factor authentication, etc.

Pricing varies from free (for the slimmed-down, single-device versions) to annual subscriptions that range from $9.95 to $49.99 per year.

Several publications2 have reviewed password managers; the top performers:

  • LastPass 3.0 – Cloud-based and powerful yet flexible; free version available, but upgrade (at $12/year) to LastPass Premium for mobile-device support
  • DashLane 2.0 – Feature laden with an easy-to-use interface; free version, but $29.95/year to synchronize all devices and get priority support
  • RoboForm Everywhere 7.0 – Cloud-based at $9.95 for first year

Other password managers (in alphabetical order):

  • 1Password for Windows – $49.99 per user
  • F-secure Key – $15.95
  • Handy Password – Starts at $29.92
  • KeePass – Free
  • Keeper – Subscription at $9.99/year
  • My1login – Free for 1 to 3 users; $22 for 4 to 10 users
  • Password Box – Free version with subscription at $12.00/year
  • Password Genie 4.0 – Subscription at $15.00/year
  • PassPack – Free version with subscription at $12.00/year
  • PasswordWallet – $20.00

I like LastPass; the free version is easy to use and my login data is available from anywhere (with Internet access).  Plus, I like having the application locally on my PC (even though my data is stored at LastPass in encrypted format).

  1. Taken from Wikipedia at http://en.wikipedia.org/wiki/Password_manager.
  2. Recent password managers reviews:

What you need to know about the Equifax Hack

Equifax announced yesterday afternoon that they suffered a breach of their data in late July, affecting as many as 143 million individuals, or roughly 44% of the US. Equifax is one of the three main organizations that calculates credit scores, and thus has access to an extraordinary amount of personal and financial data for nearly every American, including social security numbers addresses, birth dates and driver’s license data.1

Equifax has announced that it will mail notices to those affected by the breach and is offering 1 year of credit monitoring for free.

What can you do?

  • Equifax has set up www.equifaxsecurity2017.com to see if your information has been compromised.
  • Check your credit report. Check to see if any cards have been opened in your name without your permission.
  • Place a 90-day fraud alert. “According to the Federal Trade Commission, you are allowed to activate a free 90-day fraud alert with one of the three credit bureaus, which will make it harder for identity thieves to steal your information. You can also renew it after the 90-day period is over.”2

This is a good reminder to remain vigilant in regards to your credit score.

1 https://www.wired.com/story/how-to-protect-yourself-from-that-massive-equifax-breach/
2 http://www.huffingtonpost.com/entry/how-to-check-equifax-security-hack_us_59b1f8a5e4b0354e4410c754
http://money.cnn.com/2017/09/07/technology/business/equifax-data-breach/index.html

 

Don’t be fooled by Hurricane Harvey Relief Fund Scams

In the aftermath of natural disasters, such as Hurricane Harvey, we see both the good and the bad of humanity.  We’ve heard stories of stores opening as shelters, civilians using their boats and reporters stopping during a live shot to lead rescuers to a trucker that was stuck in his cab!  Unfortunately, we’ve also heard stories of looting and theft.

In the aftermath of Hurricane Harvey, the Red Cross and several other organizations have set up funds to help those affected by the storm.  Unfortunately, some cybercriminals have also become involved.  They are attempting to take advantage of those who are trying to help the victims.
Here are some helpful tips on how to help victims of Hurricane Harvey as well as how to protect yourself:

  • Verify the Charity. If you are unsure if the organization is real, research them.  A good place to start is Charity Navigator, which will tell you whether the organization is legitimate and how they use the funds they receive through donation (% donated vs % used for admin tasks).
  • Email Address. Pay careful attention to the address of the sender.  Cybercriminals go to great lengths to disguise their email – they often put a genuine company’s name before the “@” sign to increase credibility.  Double-check these emails to ensure they are the same as the web address.
  • Links. Double check the link before clicking on it.  Hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.

To assist in what qualifies as a legitimate organization, we have highlighted a few.  This is not a list of every legitimate organization collecting for hurricane relief, but they are likely the main ones to be impersonated.

  • The Salvation Army: To donate visit www.helpsalvationarmy.org or call 1-800-725-2769.
  • Apple. Go to iTunes or the App store and you will see a link to donate to Harvey’s relief fund.  All donations will go to the American Red Cross
  • American Red Cross.  To donate visit redcross.org, call 1- 800-RED CROSS or text the word HARVEY to 90999 to make a $10 donation.
  • Hurricane Harvey Relief Fund.  This was established by Houston’s Mayor, Sylvester Turner to help his citizens with recovery efforts. https://ghcf.org/
  • United Way. Text UWFLOOD to 41444 to donate to the United Way Flood Relief Fund

It’s important to help others as long as you are protecting yourself at the same time.

 

https://www.us-cert.gov/ncas/current-activity/2017/08/28/Potential-Hurricane-Harvey-Phishing-Scams
https://www.consumer.ftc.gov/blog/2017/08/wise-giving-wake-hurricane-harvey

Why Ransomware Hits Smaller Organizations Harder

Ransomware and other cyberattacks seem to be more prevalent than in previous years. While the news has mostly focused on the large attacks (WannaCry, Petya, Netflix hack, etc), small businesses are not immune to these dangers. In fact, in a recent study performed by Symantec, it was discovered that phishing campaigns targeted small businesses 43% of the time, up 9% over 2014 and a dramatic increase from the 18% of attacks in 2011.1 While larger organizations are able to rebound, roughly 60% of small businesses that experience a cyberattack are closed within six months.2

The cost of a data breach

  • Lost Revenue. According to a report conducted in June by Osterman Research, roughly 22% of businesses with fewer than 1,000 employees experienced a ransomware attack in the last year and were forced to stop business operations immediately, resulting in 15% of those surveyed losing revenue.3
  • Downtime. When a ransomware attack occurs, many organizations are forced to shut down to stop the spread of the attack. As a result, they incur downtime. Of the organizations surveyed by Osterman Research, one in six organizations incurred 25 or more hours of downtime as a result of a cyberattack.3
  • Loss of Confidence. When a company admits to a data breach or customer data that was leaked, it causes many consumers to be wary of conducting business with the organization.

What causes a Small Organization to be a target?

The difference between larger vs. smaller organizations is that oftentimes the smaller organizations don’t always have the budget to be able to afford their own IT department.

“A survey published by Manta last month shows that 87 percent of small-business owners don’t feel that they’re at risk of a cybersecurity attack, and 1 in 3 small businesses don’t have the tools in place — firewalls, antivirus software, spam filters or data-encryption tools — to protect themselves.

“The general majority of small-business owners don’t have an IT person. It’s not the first place they spend their money,” said John Swanciger, CEO of Manta. “They’re really relying on themselves to update their software and check for security patches.”4

How can Small business owners limit their risk of an attack?

  • Perform software updates/patches. Their intended purpose is to quickly push out fixes to bugs that may be occurring and create a safe computer environment. When you browse the internet, your computer is at the mercy of its current protective measures. Viruses, malware and rootkits are always on the search for security holes to exploit and gain entry to your personal data. While the best antivirus software would prevent this from ever happening, in order to accomplish such a goal you need to perform recommended updates. These updates serve numerous functions:
    • Fix security holes
    • Optimize the utilization of resources on the operating system
    • Add newer and more secure features
    • Remove old and unprotected features
    • Update drivers to increase software efficiency
  • Regularly backup your data. To reduce downtime, make sure you perform regular backups that are easily retrievable in the event of a breach or data loss, providing a sense of security. Both offsite storage and external drive storage are potential necessities. Data backup and data recovery work basically the same way. Offsite servers are useful for data recovery as they provide massive amounts of storage for nominal prices especially when comparing the hassle it saves in the event of an information disaster. Having a safe place to put information off of the main business server can prove to be more proactive in the long run. Using an offsite server to protect your business data is one of the more effective methods to keep information safe.
  • Create strong passwords. Strong passwords reduce the likelihood that a criminal will be able to easily gain access to your data. But remember to change the password regularly. Passwords are undoubtedly essential to security, but they are not the only method that can or should be used to protect one’s computers and devices. In addition to creating a good password, people should learn how to safeguard it and use it wisely. This means never sharing it and, if unable to remember it, keeping the written copy in a secure location.
  • Protect your Wi-Fi. Wi-Fi can be an easy access point for potential cyber hackers. If you use a Wi-Fi network access in the office, make sure it’s invisible to outsiders, encrypted and secure. Set up your router to require a password for access, and set your wireless access point so it does not broadcast the network name. It is always wise to make a separate network available for guests and to check rogue access points which may have been brought in by employees or visitors.
  • Use a Firewall. Firewalls are like home security systems for your computers. They control the data coming in and out to prevent unauthorized access to your network. A Firewall is a software or hardware device that protects your computer from being attacked over the internet by hackers, viruses, and worms. Having a firewall in each company’s internet connection allows the business to setup online rules for the users. Here are the different ways of how a firewall controls online activities:
    • Packet filtering: small amount of data is analyzed and distributed according to the filter’s standards.
    • Proxy service: online Information is saved by the firewall and then sent to the requesting system.
    • Stateful inspection: matches specific details of a data packet to a database of reliable information.

Firewalls allow you to either add or remove filters based on certain circumstances such as:

    • IP addresses – If a certain IP address, not belonging to the company’s network is accessing too many files from the server, this IP can get blocked by the firewall.
    • Domain names – with a firewall, a company is able to block or allow access to certain domains.
    • Specific words and phrases – A firewall will scan each packet of information to match the filter content. You may select any word or sentence to be blocked.
  • Install antivirus software. Antivirus software helps protect against viruses or malicious software programs, which can also be damaging to your business operations. The software is designed to block damaging messages before it reaches the user. Antivirus software is the “guard” at the gate of a computer system. It protects the computer from incoming threats and seeks out, destroys and warns of possible threats to the system. New viruses are coming out all the time. It is the job of the antivirus software to keep up with the latest threats. This is achieved by daily updates of the antivirus database definitions, which counteract the latest threats to provide constant protection.
  • Educate and train employees. Establish a written policy about data security and clearly communicate it to all of your employees. Train your employees on security basics and best practices when it comes to web browsing and email. Many data breaches aren’t the result of a hacker, but by negligence or human error. If employees are trained on proper ways to handle data, it will significantly reduce the chances of a mistake being made.

Working with a managed IT service provider can remove a lot of the burden and take away the mystery of proactive measures to protect your business.

Protecting your company’s data and infrastructure should be a top priority, but you do not need to do it alone.  Let the Bryley experts help protect your company’s data and infrastructure. Please contact us at 844.449.8770 or by email at ITExperts@Bryley.com. We’re here for you.

 

1 43 Percent of Cyber Attacks Target Small Business. Sophy, Joshua. 28 April 2016.
2 CYBER SECURITY STATISTICS – Numbers Small Businesses Need to Know. Mansfield, Matt. 3 Jan 2017.
3 Why ransomware costs small businesses big money. CNN Tech. Larson, Selena. 27 July 2017.
4 Congress addresses cyberwar on small business: 14 million hacked over last 12 months. CNBC. Zaleski, Andrew. 5 Apr 2017.

How to Spot and AVOID Phishing Emails

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate, so beware.

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords. If you recognize these emails, delete them immediately.

Being informed about Phishing techniques and the current news relating to it is very important because new phishing scams are being developed all the time. Without staying on top of these new phishing techniques, you could inadvertently fall prey to one. Keep your eyes peeled for news about new phishing scams. By finding out about them as early as possible, you will be at much lower risk of getting lured in by one.

Being able to recognize these emails will lessen your chances of being compromised. Here are some tips:

  1. Email Address. This is the first thing you should look at. Criminals use two tricks when crafting email addresses. First, they’ll put a real company’s name before the “@“sign to make it look credible. Second, they’ll use a web address similar to the genuine one. Scammers will craft phishing email addresses almost (but not exactly) identical to the real addresses. Check these emails carefully to make sure they are exactly the same as the real web address.
  2. Generic Greetings. Being cautious of emails with generic greetings such as “Dear Valued Customer” or “Dear Valued Employee”. Look for poor spelling, punctuation or grammar. Scammers will go to great lengths to make their phishing emails look authentic. They’ll use an actual company logo and even the names of people who are employed at the company.
  3. Links. If a link appears within the email, hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.
  4. Sense of Urgency. Phishing emails may use phrases such as “act quickly” to create a sense of urgency in order to lure their targets in. These scammers may make you feel as if you’re missing out on something. They want to pique your curiosity or exploit your fear to push you into an instant response.
  5. Name. Look to see whose name is at the end of the email. If it’s from a person, is their name in the email address and does the email address appear valid?
  6. Keep Your Browser Up-to-Date. Security patches are released for popular browsers all the time. They are released in response to the security loopholes that phishers and other hackers inevitably discover and exploit. Don’t ignore messages about updating your browsers – when an update is available, download and install it.
  7. Use a Firewall. High-quality firewalls act as buffers between you, your computer and outside intruders. You should use two different kinds: a desktop firewall and a network firewall. The first option is a type of software, and the second option is a type of hardware. When used together, they drastically reduce the odds of hackers and phishers infiltrating your computer or your network.
  8. Add Antivirus. There are a number of antivirus options available to both home users and business owners. There are special signatures that are included with antivirus software which will protect you against known technology workarounds and loopholes. Remember to keep your software up-to-date since new definitions are added all the time due to scams being developed consistently. Antivirus software will scan files which pass through the Internet to your computer and prevent damage to your PC.These types of emails are just generic emails which are sent out to large groups of people, knowing that it only takes a few people to click to make the effort worthwhile to the scammers.

Hold on, there’s more…

Spear Phishing. Criminals who target specific individuals use what is called “spear phishing.” Spear Phishing emails are even more sophisticated than your run-of-the-mill phishing emails, often using personal information obtained from social media pages to make the emails appear credible. These cyber criminals might use your name or tailor the email to reflect your hobbies, interests, where you live or events that are happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

As a general rule, you should never share personal or financially sensitive information over the Internet. When in doubt, go visit the main website of the company in question, get their number and give them a call. Most of the phishing emails will direct you to pages where entries for financial or personal information are required. An Internet user should never make confidential entries through the links provided in the emails. Never send an email with sensitive information to anyone. Make it a habit to check the address of the website. A secure website always starts with “https”.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

You can also report the scam to the FBI’s Internet Fraud Complaint Center at www.ic3.gov.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Read this case study about a particularly vicious attack that Bryley remediated.

 

Additional Resources:

https://www.sec.gov/oit/announcement/notice-regarding-phishing-scam-targeting-edgar-filers.html
https://www.usatoday.com/tech/
https://apwg.org

Bryley Basics: How to Handle Phishing SPAM

With an uptick in cyberattacks and phishing scams, we thought it prudent to provide some tips to avoid becoming a victim:

  1. NEVER open or click on links in email unless it is a known source and you are expecting the message that contains the links (Nice work Bill).
  2. NEVER respond to an email emphasizing the need to “Act NOW!”  This urges you to not think about what you are doing and is certainly the road to perdition.
  3. The bad guys are out there trying to lure you in.  They are up to no good 24/7 and constantly seeking out new and improved ways to dislodge your sensibilities and compel you to CLICK before you think.
  4. Remember that the bad guys are very clever, intelligent, and determined.  What they do represents potential cash flow to them.  They are motivated and have resources available to them.  Tired, rushed, frustrated, angry users are a potential bumper crop for them.
  5. Putting SPAM email on Block Lists is futile.  Today they change constantly and move around geographically.  Just delete them.  Your SPAM protection will eventually catch *most* variants and block them.
  6. You WILL get SPAM.  As the good guys thwart the efforts of the bad guys (SPAMMERS) they figure out ways to get around the walls of protection.  It is a running gun fight.  Thankfully there are good guys out there fighting on the front lines of this war.  They too are clever, intelligent, and determined.  We can help by being cautious and aware of the danger.  The moment we let our guard down, is the moment they gain an advantage.
  7. Being ever vigilant and careful about what is put in front of you as you use your computer is the best defense against becoming a victim.
  8. Emphasize these basic practices to your users.  The best way to avoid most mail delivered scams and many internet-based scams is to pause and examine the links contained in the email or on the web page.  Willy-nilly clicking links at any time will ultimately make you either appreciate your backup strategy or wish you had one.
  9. See #7 above.

A periodic review of Business Security practices with users is recommended.  Keep your business best practices along with computer security best practices in the forefront of your employees’ minds.  Emphasis on how to handle emails that “look” like they could be legitimate will pay big dividends in terms of time and money.

Sending people email about what to do to keep your company secure will not be nearly as effective as taking the time to gather in a room for ½ an hour face-to-face to demonstrate the seriousness of the situation.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

As they always said in the TV series “Hill Street Blues” at the end of the morning briefing, “Let’s be careful out there…”