7 Things You Need to Know About Ransomware

by

Ransomware is a well-named type of cyberattack. Cybercriminals taking this approach kidnap your data. After accessing your network, they encrypt files and demand payment for the passcode. Here are the top seven things you need to know about this business threat.

#1 It Can Happen to You

Cybercriminals rely on your false confidence. Don’t think “it won’t happen to me.” Attacks on government, education, healthcare, or financial institutions get publicity. Yet organizations of all types and sizes are targeted.

#2 Ransomware Spreads Fast

Ransomware is malware, malicious software that can reach throughout a network. So, if Jane from accounting opens a ransomware file, every single computer on your business network could be infected. The virus can spread between businesses, too. Consider the debilitating WannaCry ransomware attack of 2017. Within four days of its first detection in Europe, the strain had spread to 116 countries.

#3 Ransomware Targets People

A common method to send out phishing emails in the hope of having people enter their access credentials. Targeted business communication emails work, too. The attacker gets to know your business first. Then they send an email impersonating a colleague, supplier, or customer asking you to take action or update contact details by clicking on the link or downloading a file.

#4 Ransomware is Costly

Once the ransomware is installed on your system, it locks down your files. To regain access to the files, you need the password or decryption key the attacker supplies when you pay up; that’s if they keep their end of the bargain once you pay the ransom. These are crooks you’re dealing with after all!

In Coveware’s analysis of Q3 2019, the average ransom payment increased by 13% to $41,198 as compared to $36,295 in Q2 of 2019. And that’s just the cost of the ransom. Indirect costs include the cost of downtime, lost revenue, and long-term brand damage. There’s also the expense of removing the ransomware, forensic analysis, and rebuilding systems.

The average ransomware attack in Q3 2019 resulted in 12.1 days of downtime. – Coveware

#5 Ransom Requires Cryptocurrency

Ransom payment is usually made by bitcoin or another cryptocurrency. Your business needs to buy cryptocurrency with actual cash, then transmit the ransom. They choose cryptocurrency because it’s very difficult to trace. It doesn’t help you that bitcoin is not something you can charge back like a credit card.

#6 A Recovery Plan Helps

Planning in advance can help you respond more reasonably. Document plans to disconnect infected computers from the network as soon as possible. Also, power down any machines that could be vulnerable to avoid spreading contagion.

You should also discuss in advance whether or not your business will pay a ransom. Weighing the costs and benefits without a deadline on the decision can help you react more strategically.

#7 You Can Take Action

You don’t have to sit around worrying and waiting for a ransomware attack. There are many things you can do to help prevent this type of attack:

  • Filter traffic, preventing it from coming into your network in the first place.
  • Scan inbound emails for known threats, and block certain attachment types.
  • Use antivirus and anti-spam solutions and regularly upgrade and patch vulnerable software.
  • Educate all users about social engineering.
  • Allow remote access to your network only from secure virtual private networks.
  • Back up your data to more than one location so that you can restore any impacted files from a known source.

Ransomware is a lucrative, relatively easy mode of attack for cybercriminals. They could target your business. Contact us today for help implementing the best protection practices to keep your data safe. Call us at (515)422-1995.

Don’t Get Hooked By a Whaling Attack

by

The executives of your company are the big fish in your sea. Yet cybercriminals think of them as whales. In fact, whaling is a new cybersecurity threat targeting the C-suite level.

You’ve likely heard of phishing attacks. Phishers use scam emails or spoofed websites to obtain user credentials or financial information. This might be an email that looks like it is from your bank asking you to log in and update your details, or a supposed tax alert needing immediate action.

A vishing attack is another fraudulent attempt to steal protected data, but the cybercriminals are going to use the phone to make contact. They might pretend to be a vendor needing to confirm account details for bill payment.

There’s also spear phishing. In these cases, the attackers do their homework first and target a specific company. They scour directories and employee social media to gather information to gain credibility.

Now, there are whaling attacks, too. The high-value target is a senior-level employee. The fraudster typically also impersonates one of the target’s C-suite counterparts.

What You Need to Know About Whaling

A whaling attack uses the same methods as phishing but focuses on top-level targets. The goal is to get “whales” to reveal sensitive information or transfer money to fraudsters’ accounts.

Whale attacks are intentional. Phishing can see attackers baiting hundreds of hooks to get nibbles. In whaling, information gathered in advance adds credibility to the social engineering. The target has higher value, so it’s worth their time to appear knowledgeable and make a request to and from someone important.

The sender’s email address will look convincing (e.g. from smithj@companyx.co instead of smithj@companyx.com). The messages will have corporate logos and legitimate links to the company site. Because humans want to help, the communications typically involve an urgent matter.

Whaling attacks are on the rise. In 2016, Snapchat admitted compromising employee data after receiving an email, seemingly from its CEO, asking for payroll information.

In another high-profile example, Mattel nearly transferred $3 million to a Chinese account. Company policy required two signatures, but the attackers (taking advantage of a recent shakeup) faked the new CEO’s signature. The second executive went ahead and added a signature. The only thing that saved the company was that it was a Chinese bank holiday.

Protecting Against Whale Attacks

As with phishing or vishing, the primary way to protect against whaling attacks is to question everything. Train your key staff members to guard what they share on social media. Encourage them to question any unsolicited request. If they weren’t expecting an attachment or link, they should follow up. If a request is unusual, they should trust their spidey-sense and proceed with caution.

It’s also a good idea to develop a policy for handling requests for money or personal information. By requiring that two people must always weigh in, you’re more likely to catch a scam before it’s too late.

Also, train all your employees to look carefully at email addresses and sender names. They should also know to hover over links (without clicking on them) to reveal the full URL.

Security awareness is crucial. It’s also a good idea to test your employees with mock phishing emails.

Need help training employees or testing social engineering? Contact our experts today, call us at (515)422-1995!

Locking Up Cybersecurity with a Managed Services Provider

by

Cybercrime is not the most costly of illegal activities. That dubious distinction goes to government corruption, followed by drug trafficking. Cybercrime comes in third. Yet cybercrime does take the top spot when it comes to numbers of victims. A managed services provider can help.

Cybercrime has hundreds of millions of victims. Two-thirds of people online have experienced personal information theft or compromise. A 2018 McAfee Security study suggested that represents more than 2 billion individuals!

If any of those people works at your business, it could mean trouble for your security, too. Why? People tend to think they have too many passwords to remember. So, they use the same login information again and again. That means a criminal could leverage employee data to access business systems, too.

Cybercrime is a global problem for both individuals and businesses. The bad actors, after all, can make big bucks from their crime with low risk of discovery. The global cost of cybercrime is an estimated $600 billion a year. And no one and no business is immune.

More people are going online. Businesses are becoming more reliant on digital transactions. Cybercriminals are quickly adapting. They’re motivated, but are you?

Securing Your Business with an MSP

It’s safe to say your Information Technology team has a lot to do. Everyone at your office is working hard, but is cybersecurity getting the attention it deserves? Ultimately, there is no better way to keep your systems secure than with managed services.

A managed services provider (MSP) helps your business stay ahead of security threats. Finding out about risks or vulnerabilities after the fact is no good. That’s like closing the barn door after the prize stallion has already bolted.

An in-house cybersecurity team providing 24/7 protection isn’t workable for most businesses. It’s cost prohibitive for most small and mid-sized businesses.

Working with an MSP is a more affordable alternative. You avoid investing in the latest technology and building up an on-premises infrastructure. Instead, you pay a consistent fee for the MSP to handle technology patching, monitoring, and assessments.

The MSP uses well-tested, leading-edge tech to stay on top of cybersecurity threats. This strategic partner can:

  • set up security on your infrastructure;
  • oversee your company’s security systems;
  • ensure regulatory compliance;
  • track threats 24/7;
  • maintain strong data protection.

An internal IT team oversees many areas, but the MSP focuses on continuous monitoring. It keeps up to date on the global threat landscape and any industry vulnerabilities.

Still not convinced that paying an MSP is worth it? The average cost of a lost or stolen record was $148 per record in 2018. You might view working with an MSP as paying for insurance. With ongoing monitoring an MSP helps your business avoid security breaches. And their devastating costs (including to productivity, compliance, revenues, and brand reputation).

This extension of your security staff helps maximize resource efficiency. And their day-to-day focus is on reducing risk and minimizing damage from cyberthreats. With an MSP you add dedicated security experts to your team. Secure your technology while gaining advanced threat intelligence and customized security strategies.

A managed services provider identifies vulnerabilities and secures your business environment. Stay ahead of cybersecurity threats with an MSP. Find out more today!

Call us at (515)422-1995

Island Hopping: Not Always a Good Thing

by

The phrase “island hopping” conjures up positive images. You might think of cruising beautiful sandy beaches on a tour of tropical islands. Too bad cybercriminals have given the term a new, less pleasant spin.

Island hopping is an increasingly popular method of attacking businesses. In this approach, the cybercriminal targets a business indirectly. The bad actors first go after the target’s smaller strategic partners. So, vendors or affiliates, who might not have the same level of cybersecurity, become stepping stones to hop.

Attackers might hack into smaller businesses handling the target’s HR, payroll, accounting, healthcare, or marketing. Then, they take advantage of the pre-existing relationship to access the final destination.

Humans are trusting. Cybercriminals exploit that. With island hopping, attackers leverage the trust established between strategic partners.

It’s quite simple: attackers gain access to Company A and send a counterfeit business communication to Company B. Company B, knowing the sender, is less likely to question a download link or opening an attachment.

After all, it’s not coming from a stranger; it’s a message from perfectly pleasant Jenny at Company A. You may have in the past already shared logins to various sites/portals, or passwords to unlock zip files.

The Rise of Island Hopping

This is not a brand-new form of attack. In fact, it’s named after a military strategy which the United States used in World War II to establish a stronghold in the Pacific Islands.

Perhaps the best-known island-hopping cyberattack was seen in the United States in 2013. Retail giant Target was the aptly named target of a point-of-sale system breach. Hackers stole payment information from 40 million customers. The first “island” in the planned attack was Fazio Mechanical Services. The heating and refrigeration firm suffered a malware attack shortly before Target’s breach. Fazio’s hackers stole email credentials needed to access the retailer’s networks.

As enterprises continue to strengthen their cybersecurity, it’s predicted that island hopping will gain momentum. According to Accenture’s Technology Vision 2019 report, less than a third of businesses globally know how strategic partners secure their networks. A majority (56%) rely on trust that business partners would uphold security standards.

Preventing Island Hopping

You may be one of the islands to hop or the attackers’ final destination. It depends on your business size and industry. Either way, your business is vulnerable to malware attack, infected systems, or a data breach. Plus, if you’re the stepping stone, you’re likely to lose the target company’s business, too.

How do you prevent island hopping? First, secure your own networks and systems:

  • Follow best practices to detect and identify vulnerabilities and reduce risk.
  • Educate your employees about the dangers of business communication scams.
  • Raise awareness of phishing schemes and social engineering.
  • Require two-factor user authentication.
  • Change all default, generic, or predictable passwords.
  • Keep security up to date (patching and system upgrades are mandatory).
  • Control who can access your networks and servers.
  • Protect all endpoints (including employee devices in a Bring Your Own Device workplace).

When it comes to cyber island hopping, your business doesn’t want to be a layover or the final destination. Keep your cybersecurity borders tight to avoid unwanted visitors.

Want to make your business inhospitable to island hoppers? Work with a managed service provider. They can help assess cybersecurity, provide a plan to reduce risk, and upgrade technology. Let us support your efforts to fend off unwanted tourists.

Give us a call on (515)422-1995.

5 Common Computer Myths Debunked

by

Common urban myths would have us believe alligators live in sewers or people put razor blades in kids’ candy. Common misconceptions about computers are just as persistent. Here are several IT myths debunked for your benefit.

#1 A slow-running computer has a virus

A virus can be to blame. Spyware or other malware can also cause a computer to slow down. However, there are also many other reasons your computer might run slower:

  • You may have a lot of programs that start up when you boot up the computer. You could remove or disable programs that start every time.
  • The computer has gone into power save mode every night, but you haven’t rebooted the computer in a long time.
  • There are many programs running in the background. On a Windows PC, you can go into task manager and see what is running and the computer resources in use.
  • A security utility is running. If it’s an antivirus scanner, let the scan finish first, then see if your computer speed improves.
  • Temporary files or other junk are taking up too much hard drive space. Your computer needs at least 200–500MB of free space on the hard drive to be able to move and manage files.
  • Your computer doesn’t have enough RAM to run programs within memory. If your computer has to swap information on the hard drive to get enough memory to run programs, it’s going to work slower.
  • The computer is old. You may need to upgrade to a computer that can handle current software needs without slowing to a snail’s pace.

#2 Macs don’t get viruses

Many Apple owners believe their Macintosh computers are immune to viruses. If only. Macs do get viruses; they are simply targeted less than PCs. Why? There are many more computers running Windows, which means a bigger, easier target for cybercriminals.

As Apple’s market share rises, the threat to Macs is growing. Apple works to protect its users from malware, but you still need to use caution with downloads and when clicking on links from unknown sources.

#3 My Windows registry needs cleaning up

Registry cleaning companies will say that scanning your Windows registry can speed up the computer and avoid error messages. The cleaner finds unused registry keys and any malware remnants for removal.

But let’s consider the fact that Microsoft has not released its own registry cleaner. Why not? Because it’s really not necessary. Worse still, going in to clean your registry (when you don’t know what you’re doing) can actually do serious damage.

#4 My laptop battery needs to be dead before I recharge if I want it to last longer

This was once true. Nickel-cadmium batteries suffered from what was called a “memory effect.” If discharged and recharged to the same point several times, they would remember that point in the future and not go further.

Now, however, laptops typically come with lithium-ion (or Li-ion) batteries. They don’t suffer from this memory effect. In fact, they function better with partial discharge instead of letting the battery run down to zero.

#5 I don’t have anything hackers would want

Cybersecurity should be a priority for everyone, not only sprawling enterprises. Let’s put it this way:

  • Do you have any money?
  • Do you have an identity cybercriminals could use to access money or sell for money?
  • Do you work anywhere?

Hackers have all kinds of ways to profit from your data or from hijacking your computer’s processing power. They can turn your computer into part of a bot network or use your information as a bridge into a business target’s system.

Keep all your computers at top speed with the best security measures in place with the help of our experts. Contact us today at (515)422-1995!

4 Common Compliance Issues You Might Be Missing

by

Information security is on every business’s radar these days. Data drives so much of what we do. Looking to contain the risks, many sectors have established IT compliance regulations. Whether meeting a standard or not, don’t overlook these common areas of concern.

Governments and regulatory agencies have established compliance standards for the financial, legal, healthcare, and energy sectors. Other organizations abide by best practices for data protection and improving system security. Whether mandated or not, the goals remain similar:

  • Improve security protocols.
  • Identify vulnerabilities.
  • Prevent breaches.
  • Reduce losses.
  • Increase access control.
  • Educate employees.
  • Maintain customer trust.

Shortcomings can mean compliance concerns, industry fines, customer churn, and brand reputation damage. Being proactive about these four common issues can benefit companies in any industry sector.

Common Issues that Thwart Compliance

Companies with Bring Your Own Device (BYOD) policies save $350 annually per employee, according to CISCO, but cost savings aren’t the only reason organizations are embracing BYOD. Letting people use personal mobile devices at work improves productivity and engages employees.

Yet allowing BYOD in the work environment can make the organization more vulnerable. There is greater risk of:

  • spread of malicious applications or viruses;
  • employees accessing business materials using unsecured Wi-Fi;
  • people who have left the company continuing to have access to proprietary systems.
  • None of these are good from a compliance point of view.

Personal portable devices may not have the same access controls as business computers, which makes them more vulnerable if lost or stolen.

This brings us to a second common compliance concern: physical security. A business may do a brilliant job of securing its devices on-site. It has firewalls, patches security regularly, and asks employees to update passwords, but what happens if a laptop, mobile phone, or USB drive is stolen or lost?

All devices accessing business systems and networks from off-site should use encryption. With remote monitoring and management, IT staff can control security configurations regardless of the end-user environment. Mobile device management allows your IT team to secure, locate, or erase any mobile device used for business.

Counting on Others for Compliance

Another area of concern is third-party connections. Again, your business may be top of the class as far as the five core functions of cybersecurity – Identify, Protect, Detect, Respond, and Recover – are concerned, but what if your vendor’s security isn’t up to snuff.

Do you have business partners that are storing your sensitive data? Or does a supplier have access to personally identifying customer or employee information? Third-party risk is a real thing – ask Target. Cybercriminals stole data for 40 million debit and credit cards via the retailer’s HVAC company.

Cybercriminals could use a third party’s lax security to target you. Make sure that your vendors are taking cybersecurity as seriously as you do.

Even in your own business environment, cut the number of people who have access to sensitive data. Obviously, you’ve hired people you think you can trust, but you can still better ward off the insider cybersecurity threat by:

  • educating employees about the importance of strong passwords, securing devices, and physical security;
  • informing people about social engineering (e.g. phishing emails or fraudulent business communications);
  • limiting personnel access to data, network, or systems based on necessity;
  • having a policy to revoke access permissions and reclaim devices from any employee leaving the company.

Ensuring compliance takes technological know-how and awareness of the evolving threat landscape. This vigilance, communication, and education require time and effort. Put the right policies and procedures in place with our help. Contact us today at (515)422-1995!

Are You Doing Your IT Due Diligence?

by

The words “due diligence” may make you think of a courtroom drama on television. Surely, that’s something only lawyers have to worry about? Not so fast. Due diligence is something your business can be doing, too. Are you covering the basics?

Due diligence is about taking care and being cautious in doing business. It extends to how you manage your technology, too. You may think you’re immune to a data breach or cyberattack, but cybercriminals can target you regardless of business size or industry sector.

Depending on your industry, you may even have compliance or regulatory laws to follow. Some insurance providers also expect a certain level of security standards from you. The costs associated with these cyber incidents are increasing, too. Don’t leave your business vulnerable.

What due diligence involves

Technological due diligence requires attention to several areas. Generally, you’ll need to show the following:

  1. Each staff member has a unique login. Require complex, distinct passwords. Educated your people to protect these (e.g. not write them on stickie notes that sit on their desktop).
  2. You have a process in place for regular data backup. We recommend a 3-2-1 backup strategy. Keep three copies of your business data. One on the cloud with the other two on different devices (e.g. on your local computer and on a backup USB drive).
  3. You patch and upgrade security consistently. Ignoring those reminders and waiting for the next release is risky.
  4. You’ve installed antivirus software. You won’t know your computers are infected until it’s too late. Be proactive.
  5. Email filtering is in place. These filters help protect your business from spam, malware, phishing, and other threats.
  6. You have installed firewalls to monitor and control ingoing and outgoing network traffic.
  7. You limit user access. Instead of giving everyone full access, set conditions based on role and responsibility. This approach minimizes vulnerabilities.
  8. There are physical security procedures to limit access to your environment. You might install security cameras, fence a perimeter, and require RFID scanning in protected areas.
  9. If your company lets employees use their own phones, laptops, or tablets, have a Bring Your Own Device (BYOD) policy in place. Installing mobile device management software is useful, too (and we can help with that!)
  10. You test your security, too. You can’t take a set-and-sit approach to securing your network, systems, and hardware. Ongoing testing will help you identify risks, repair vulnerabilities, and protect your business.

It can also help you to prove that you’re being diligent by:

  • keeping copies of any training provided and employee handbook messaging;
  • updating your organizational chart regularly;
  • vetting contractors/vendors before granting them access;
  • having a policy in place that quickly denies access to any former employees;
  • inventorying all devices on your network.

IT due diligence protects your business. Meeting these security standards can also cut costs and preserve your brand reputation. Demonstrating vigilance helps you avoid hefty compliance or regulatory fines and fight litigation. In the event of legal action, you’ll also want to prove the efforts you made. So, be sure to thoroughly document all IT security efforts.

Due diligence doesn’t have to be difficult. Our experts can help you determine the best preventative measures for your organization. Some business risks will pay off, sure, but when it comes to your IT, caution will have the best results.

What is a Firewall, and Why Does It Matter?

by

Hearing “firewall” in the context of computing can be confusing. How does a tall, blazing fire separating rescue teams from people trapped apply to computers?

Well, imagine the rescue team using heavy blasts of water to save the day. A hacker is as motivated to get at your data. They will try everything to bypass your security. They want to get inside your network perimeter. In a business office, computers and printers are often networked together. This lets Jane in accounting and Kevin in graphic design access the same business tools.

In computing, a firewall sits between that internal network and the internet outside. It’s kind of like a nightclub bouncer. You definitely want it to be as burly and intimidating as possible to keep the riff-raff out. The firewall helps reduce or prevent unwanted traffic from getting through.

The Packet Filtering Firewall Approach

Your firewall can be hardware, software, or both. A packet-filter firewall monitors and controls network traffic. It filters data entering the network according to predetermined rules. IT experts set up a firewall to examine small amounts of data (called “packets”) to see if they contain threats. It checks packet data against criteria such as allowed IP addresses and packet type. If the data is suspect, the firewall stops those packets. If not, the data will continue on to its destination.

Firewalls stop certain software from sending and receiving data to and from the internet. This reduces the number of entry points for viruses or illegitimate traffic. After all, a club wouldn’t want to hire the bouncers to cover seven different doors.

A firewall also monitors outgoing traffic. Why’s that? Because an infected computer in your network could be sending out malicious information. If your company has fallen victim to a malware attack that turns a computer into a bot, it might be “phoning home.”

Unlike E.T. trying to get back to the safety of his home planet, the malware is checking in with its Zombie master. It’s helping to strengthen the bad guy’s ability to attack victims.

Firewalls can help prevent denial-of-service (DoS) attacks. In a DoS incident, thousands of computers are used to send an overwhelming amount of traffic to a network. It’s like putting 10,000 people in an elevator with an occupancy limit of 20 – expect a crash.

One famous 2016 attack seriously disrupted Amazon, Visa, PayPal, Netflix, AirBnB, and more.

Other Types of Firewall

Packet-filtering firewalls aren’t your only option. Stateful inspection is helping to make firewalls even smarter. These check where the packet came from, where it is going, and what application requested it. This end-to-end examination is more rigorous. All the parameters must match trusted information for the packet to pass through. This approach offers a smart, fast way to inspect for unauthorized traffic.

When setting up any firewall, it is important to avoid any unintentional openings. A hole in a chainlink fence renders perimeter security useless. A hole in a firewall leaves your network vulnerable.

Need help deciding on the right type of firewall for your business? Want to be sure your firewalls are going to withstand attack?

Our experts can help set up and test your firewalls. Contact us today at (515)422-1995!

Why You Need Professional Virus Removal

by

“Your computer has a virus.” Such a dreaded five words! We don’t want to come down with a human virus; we’ll feel awful and miss work. But when a virus hits our computer, we could lose valuable information or be vulnerable to attack. Chicken soup won’t cut it.

Perhaps you have an antivirus product installed on your computer. This computer software is intended to prevent, detect, and remove viruses. Antivirus tools are designed to keep infections out. They can also delete any viruses that may already be on the computer when the software is installed.

The software provides protection by tracking malicious code and other computer threats via:

  • classifying the actions the file or code drives (as malicious or OK);
  • inspecting file signatures for matches to an existing signature in its virus dictionary;
  • scanning for rootkits that can change how your operating system functions.

However, antivirus software isn’t that good at cleaning up. When it detects a malicious file, it will delete it. But what if the virus spread before discovery? If the infection spreads before virus deletion, it can do all sorts of damage.

Think of it this way: you have a cyst on your knee. Doctors decide it is pre-cancerous and operate to remove the cyst before it spreads. But, that’s all they do. They have seen the cyst. They go for the cyst. However, they don’t notice the cancer that’s in your shin or femur, because they were only working on the cyst. The rest of your leg remains unhealthy, and you don’t even know it!

Getting a Second Opinion on Viruses

If the antivirus software is your primary physician, a computer professional is the specialist you go to for an expert second opinion. For one thing, antivirus products don’t always remove all the malicious files. Many viruses start as one thing but can mutate into several different strains. The antivirus software may not be programmed to identify all of the virus variants. A professional actively looks for undetected strains on your computer.

Viruses are always evolving. A recent strain of malware, SquirtDanger, let hackers take computer screenshots, capture passwords, download files, and empty out cryptocurrency wallets.

Some viruses can change the settings of your computer. For instance, a common virus changes your computer’s DNS, which is like a bit like the Yellow Pages for the internet. On a virus-free computer, when you type in “Google.com”, your browser goes to Google’s servers located at the IP address “216.58.203.100.” However, an infection can make Google.com on your computer go to a different address. Perhaps a server address cybercriminals use to capture your personal data. It still looks to you like Google, but it’s no longer safe. These settings can still remain after the infection is long gone.

Viruses can also leave behind browser toolbars, extensions, and other nasties designed to spy on your Web browsing habits. If you’re consistently redirected to unwanted sites, or seeing unwanted pop-up advertisements, it’s likely your computer’s infected with a browser hijacker.

Ultimately, if you detect a virus on your computer, check with a professional. Don’t trust that your antivirus software is going to do the same, thorough job an expert can offer. Sometimes your computer isn’t fully safe until the operating system is reinstalled, but you can’t know that until someone can go in and see what the virus did and what remnants are still there, lurking.

Cybercriminals are growing more sophisticated and better able to design viruses that disguise their tracks. Avoid being an unwitting victim. A computer security expert can diagnosis when your computer gets a virus, or determine if there are strains on your device you don’t know about. Let a security expert protect your computer from harm today! Call us at (515)422-1995.

Are You Banking Online Safely?

by

Banks and credit card companies are making it easier for us to get money on the go. We can check account balances, pay bills, and transfer funds online. We no longer even have to go into a bank or visit an ATM to deposit checks. But are you banking online safely?

In the past, all we had to do was protect our PIN number (and remember it). Now, we need a mobile account password, too. The first precaution you can take is to have a strong, unique password. Can you believe that “password,” “123456,” and “letmein” remain common access credentials? Don’t do it! Also, avoid using things that a cybercriminal might guess or be able to learn from your social media. This eliminates anniversaries and birth dates, pets, and children’s names.

Don’t reuse your banking password anywhere else. Sure, if you duplicate the password, it’s easier for you to remember, but, a bad actor could access your credentials for another site. Then, they have that same email and password combo to use to try on your banking or credit card site, too.

It’s also not a good idea to write down your passwords or keep track of them on a note in your phone. If you’re worried about remembering all your passwords, consider a password manager. A high-quality password manager can be a safe way to keep your passwords secret yet available. Top password managers use secure encryption for your access credentials.

Make sure you’re only banking using your own, secured devices. This means don’t check your balance or whether a payment cleared while in line at the coffee shop or in the airport. Don’t risk banking using a public Wi-Fi network that a hacker could be accessing to steal sensitive data. You also want to avoid using shared computers to login to your financial data. A cybercafe or library computer could have a keylogger that tracks your login details for criminal use.

Watch out for phishing emails that look like they come from your bank, credit card company, or a tax agency. Criminals send urgent emails warning of strange activity or that you’re being audited to get you to react.

Don’t click on any link or download any attachments in an email that appears to be from a financial institution – they don’t send private data directly in emails these days. They will send you to a secure inbox on their site. Always type the institutions’ Web address into the address bar. Otherwise, you might go to a fake, mirrored site that looks legitimate but will rip you off.

Added security for online banking

Two-factor authentication can help protect your financial accounts. Various banks will set it up differently, but you should definitely take the time to set this up. You might have to identify an image you selected besides using your password. Or you might need to enter a code sent to another device (such as a text message to your phone).

The second level of authentication can be an annoyance in our convenience-first society. Still, it keeps your accounts secure, even if cybercriminals access your password.

You work hard for your money, and you don’t want a cybercriminal taking control of or emptying out your financial accounts.

Worried about securing your online activity at home or on mobile devices? We can help. Contact us today at (515)422-1995 for expert support securing your financial data.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy