Benefits of Monitoring the Dark Web

by

The Dark Web is a hub for criminal activity. Even if your business is legitimate, you can’t ignore the Dark Web entirely. This article will explain the Dark Web and the benefits of monitoring its thousands of pages.

The US government created the Dark Web in the mid-1990s for spies to exchange information. It is still visited today by journalists and law enforcement agencies. People in countries prohibiting open communication might also use the Dark Web.

Yet the Dark Web is also home to illegal activity. This is where users can find weapons, child pornography, and counterfeit money. Criminals can also access malware, leaked data, and stolen information (including access credentials).

Bad actors like the Dark Web because it isn’t something you can find on your typical browser. The Dark Web is hidden from standard search engines, and you need specific software, configurations, or authorization to access it. Users also hide their IP addresses and use encryption to mask their identities.

Why Monitor the Dark Web?

There’s a real threat of your business suffering cyber assault. This could result in brand damage, significant financial losses, and intellectual property theft. If your business isn’t monitoring the Dark Web, you won’t know what is on there that could harm your business.

Dark Web monitoring can help you find:

  • compromised usernames and passwords;
  • proprietary company information available online;
  • stolen customer lists;
  • evidence of employee identity theft.

With Dark Web monitoring, you can limit damage to your bottom line and brand reputation. Surveillance can also help you find weaknesses and plan to prevent future attacks.

How Does Dark Web Monitoring Work?

Dark Web monitoring checks chat rooms, blogs, forums, private networks, and other sites that criminals visit. Using human and artificial intelligence, scans search for stolen customer lists or data, staff login passwords, and business email domains and IP addresses. You’re notified if there are any issues. Awareness can reduce the time it takes to discover a breach and address weaknesses.

Protecting Your Business from the Dark Web

Monitoring is the only way to shore up your cybersecurity. Obviously, it’s better if the scans find nothing from your business. So, it’s a good idea to strengthen your cyber hygiene. You can do so by:

  • educating employees about secure passwords and how to spot a phishing scam;
  • investing in password managers and antivirus and anti-malware software;
  • keeping all hardware and software up to date.

Monitoring the Dark Web is not something every business can handle solo. Even though the Dark web is far smaller than the Web you’re on every day, there are thousands of pages to scan.

Our experts can boost your cybersecurity protections and set up Dark Web monitoring. Contact us today at (515)422-1995 to lower your risk profile.

What is SIM Jacking, and Why Should You Care?

by

If you play the popular SIMS life-simulation video game, you could think SIM jacking means someone takes over your characters, but the reality is even worse. SIM jacking is a type of identity theft targeting your real-life identity via your phone.

In SIM jacking a bad actor uses the subscriber identity module (SIM) card associated with your cellphone number to make calls, send texts, and use data. This has several potential negative outcomes:

  • Your phone bill goes off the charts with international calling and data usage fees.
  • They might impersonate you by sending texts to scam your friends and family.
  • They can sign up for new email and social media accounts using your phone number.

Most importantly? They can use your phone number and SIM card to sign into your personal accounts. Many of us use text messaging for authentication. That’s when a site, say your bank, sends a code to your phone to confirm it’s you.

Now, imagine the criminal has access to your bank account through a leaked password. Whereas they couldn’t get in before because of two-factor authentication, they now have your SIM card, too. That means the SMS to authenticate your account also goes to them. They’re in, and you’re out.

How Does SIM Jacking Work?

Typically it starts, as so many cyberattacks do, with phishing. You might get a text or email that looks like it is from the cellphone carrier that asks you to click on a link. It might tell you there’s been suspicious activity on your account or that your bill is past due. It’s usually something that will make you anxious and feel the need to act urgently.

You’re taken to a fake website where you provide your name, address, cell phone number, and date of birth. With the right information, the scammer contacts your phone carrier and asks for a new SIM card. Once they have that in hand, they access your account and take over your cellphone. If they pair that with leaked credentials, they can really do damage.

If you’ve been SIM jacked, you’ll find out after the fact. You will no longer have a signal connection, so you won’t be able to send texts or make or receive calls. You may also have difficulty signing into the hacked accounts.

If you do think you’ve been SIM jacked, contact your carrier ASAP. Also, change your passwords and let your friends and family know. Otherwise, they might fall victim to a malware attack that appears to come from you.

Protect Yourself from SIM Jacking

Be careful with your personal information. Be wary of any requests to share your sensitive information online. Avoid taking action based on text messages or emails from people you don’t know and trust.

Protect yourself by using an authentication app such as Google Authenticator or Authy. Do this instead of using text messages to authenticate yourself online.

Always update the applications on your smartphone. Yes, it seems like there are constantly new updates, but they can be protecting you from vulnerabilities.

You might also get a request to restart your phone. This is a common sign your SIM card has been hacked. If you do it, you’ll lose control of your SIM card. So, call your carrier first.

It’s also a good idea to regularly review your phone bills for any charges that you don’t recognize.

Want to protect your online activity? Our IT experts can help update your applications and identify any vulnerabilities. Contact us today at (515)422-1995.

What Is Microsoft Secure Score?

by

Security is a priority no matter the size of your business. Recognizing this, Microsoft has a Secure Score measurement in its 365 Defender dashboard. But what is Secure Score, and how does it help your business? This article explains the basics.

Secure Score measures your security posture. It reviews your activity and security settings against Microsoft’s best practices. The idea is to identify areas to enhance protection and provide suggestions.

In the dashboard, administrators can view the current state of their security score. It considers all Microsoft identities, apps, and devices. There is also a target score. The higher your target score, the more recommended actions you’ll get, although Microsoft cautions that you should balance increased security against user experience.

Secure Score Recommendations

Secure Score shows you possible improvements considering security best practices. Secure Store currently offers recommendations for:

  • Microsoft 365 (including Exchange Online);
  • Azure Active Directory;
  • Microsoft Defender for Endpoint, Identity, and Cloud Apps;
  • Microsoft Teams.

The score does not measure the likelihood of a system or data breach. Instead, it looks at system configurations, user behavior, and other security-related measurements. Then, it scores what you’ve done to offset security risk in real-time.

Microsoft not only lists security recommendations but also tracks your action plan. The implementation section shares prerequisites and provides step-by-step advice to complete improvement actions. You can report on status (e.g. planned, risk accepted, resolved through third party, and complete). Rankings also help you gauge implementation difficulty, user impact, and complexity.

Scoring Security with Microsoft

The more improvement action you take, the higher your score. For example, you’re given points for:

  • configuring recommended security features;
  • doing security-related tasks;
  • addressing suggested improvements with a third-party application or software, or alternate mitigation.

Microsoft Secure Score also compares your metrics with scores for similar organizations. The data is anonymous, but in the Metrics & Trends tab, you can view how your score compares to others over time.

Raising Your Secure Score

How can you have an immediate impact on your Secure Score? These three steps can boost your organization’s security:

  1. Enable multi-factor authentication on administrator accounts in case account credentials are compromised.
  2. Enforce password expiration policies to prevent the usage of leaked credentials.
  3. Set up Azure Active Directory to track, log, alert, and remediate and better protect sensitive data and information.

Our IT experts are here to help you understand Secure Score. We can help enact action plans to apply the recommendations. Contact us today at (515)422-1995.

What Does a Data Breach Look Like

by

Part of the problem with a data breach is that your business doesn’t know about it until it’s already happened – sometimes well after. Knowing the signs of a data breach can help you mitigate the damage.

Don’t get complacent about cybersecurity. There are many things competing for your attention. But cyber vulnerabilities can mean unexpected downtime, as well as loss of data or money, and more.

Of course, you’re already installing firewalls and securing all remote entry points. You’re updating your antivirus tools and software regularly. Plus, you’re keeping strong passwords and educating employees about social engineering.

Still, bad actors can attack. Be vigilant about looking for these common signs of a potential breach.

Computer slows down

If your computer appears to be taking longer than usual to do what you ask, pay attention. You may not be imagining it. This, or frequent crashes or screen freezes, could be a sign of malware. Unwanted viruses may be monitoring your activities, corrupting files, and consuming device resources.

A slow network is another indicator of compromise, as is losing control of your computer’s mouse or keyboard. Malware takes substantial network bandwidth and can slow computers and connected devices.

Passwords don’t work

You have set passwords or you’re working with passphrases. You know what you set as your access credential, but it’s no longer working. This could mean cybercriminals have taken control of your accounts and changed the passwords.

Emails back from contacts

If you’re getting emails from your vendors or customers responding to messages you didn’t send, that’s a bad sign. Either you’re overworked and forgetting what you sent, or hackers have taken over your inbox and are using your address to send messages. They might masquerade as you to send fake invoices or request access credentials.

Unknown files appear

It is not a good sign when files that you don’t recognize appear on your screen or in Task Manager. Installing malware often downloads extra files onto the target machine. So, new files you didn’t add could mean an attack has occurred.

Also, be wary if file names change or the desktop icons look different. Monitoring for changes can help you react before a large amount of data is compromised.

Ransomware request

This one’s obvious, but we can’t fail to mention it. If your accounts are locked or you face a screen you can’t get past, you may be a ransomware victim. When someone offers you an encryption key to access your accounts or files, it’s definite.

Help prevent a ransomware infection by keeping your operating system up to date. Also, avoid installing any software without knowing exactly what it is or what it does. Additionally, you’ll want to regularly back up your files. That way, if attacked, the damage may be less significant.

With 90% of small businesses impacted by cyberattacks, you can’t afford to ignore any of these symptoms. The best protection is to prevent any infiltration in the first place. Ensure you have the necessary protection in place. Contact us today at (515)422-1995!

What You Need to Know About Browser Extension Risks

by

With “Googling it” now a common expression, it’s safe to say you do a lot online. To do it all you’re using a Web browser (such as Chrome, Edge, Firefox, etc.). To do it all more efficiently or effectively, you could be using browser extensions, but this article is going to warn you against doing so.

To clarify, browser extensions are code add-ons that you connect to your browser. You can use them to personalize your surfing experience, and they accomplish many different things, including:

  • saving time (e.g. Scribe, Evernote, StayFocusd);
  • checking your grammar (e.g. Grammarly);
  • managing your passwords (e.g. Keeper, LastPass);
  • securing your online activity (e.g. DuckDuckGo, Ghostery)

Even though we’ve just said they can help secure your online activity and manage your passwords, the problem is that they are also risky.

Consider the fact that we said this represents added code. Now, how much coding do you know? Most will say “not a lot.” That means you’re blindly trusting that browser extension.

If you download a malicious one, that code can wreak havoc. Suddenly, your default search engine gets changed, or you get redirected to a start page with malware on it. You might face an onslaught of pop-ups or ads. They can also track your browsing history without you knowing it.

That’s just the beginning

Many browsers today want to keep you safe from malevolent extensions. They’ll have permissions in place before allowing access. Yet you still end up giving that extension a lot of access. For example, an extension modifying google.com needs access to all your Google activity. That means your Gmail, too.

Browser extensions access everything you’re doing online. So, a malicious extension could also function as a keylogger capturing passwords or credit card details.

A browser extension can also be sold to or hijacked by a bad actor. Then, it’s easy enough for them to push out an update that turns your trusted extension into malware.

What to do about this issue

Does this mean you should do without browser extensions? There are even browser extensions out there to block other browser extensions, but abstinence from extensions is not your only solution.

Instead, we’d recommend reviewing the safety and credibility of that extension. This means you should:

  • Check to see who published the extension.
  • Look at the reviews. A high number of positive reviews is a good sign. Thousands of people are unlikely to give five stars to a malicious extension.
  • Pay attention to the permissions required. If an extension claims to modify only one website, check that it accesses that site only.
  • Protect yourself with a good antivirus solution.
  • Keep your antivirus solution and other software updated.

It’s also easier to stay safe by limiting the number of installed extensions you use. If you have browser extensions that you aren’t using, uninstall them. This can cut your exposure to potential threats.

Another way to secure your online activity? Work with our IT experts. We can check permissions and review your extensions. We’ll also ensure your antivirus and software are up to date. Contact us today at (515)422-1995.

Avoid Holiday Hoodwinks

by

The holidays are busy. We’re trying to get work done to have some fun, and we’re hosting family and friends. Plus, parents that have the holiday Elf tradition must remember to move the doll every night. It’s a lot, and it can make us more likely to fall for scams that can lead to data theft.

Hackers like to take the path of least resistance. Why work harder than they have to for their ill-gotten gains? Instead, they’ll use social engineering to get you to give them your data or download their malware. Look out for these top holiday scams.

Parcel delivery scams

More people are expecting packages this time of year. Bad actors take advantage of this with what’s called a smishing scam. It’s a particular type of scam using text/SMS messaging. You get a message from a known service telling you a delivery needs rescheduling, or that there’s an outstanding fee that needs to be paid.

Recipients, who are already expecting a package, are quick to fall for the request. Clicking on the message link, they enter personal information or download malicious software.

Tip: Go to the source of the package you’re expecting and see what they’re saying about your package delivery.

E-card scams

Another common holiday season scam takes advantage of our enthusiasm for money. Scammers send e-cards to your email. When you click on the link, you’ll download a virus or other malware (e.g. ransomware).

Tip: Check the credibility of any e-card sender before downloading the “gift.”

Christmas hamper scams

Everyone wants to be a winner, but don’t fall for the scammer calling or emailing to say you’ve won a Christmas hamper. They’ll claim to be from a legit organization and have some of your personal information already. That helps them make it all seem genuine. Then, they’ll ask for you to provide more personal details to collect your prize or gift.

They may ask only for your full name, address, and phone number (if the request was emailed). They’ll be collecting this information for a more focused attack in the future.

Tip: Use strong passwords and be careful about what personal details you put on social media.

Fake websites

Many people shop sites that are unfamiliar to them at this time of year. Grandparents (even parents) know nothing about that latest trendy shop! Bad actors will set up fake sites offering gifts and services. They’re looking to get your personal details and money.

Tip: Prefer secure website addresses starting with “https” and displaying a locked padlock.

Shopping scams

Every season has its in-demand items. Scammers take advantage of this and set up ads for amazing deals on those items. Desperate to get this year’s toy for your toddler, you might be hooked. Or they’ll ensure people click on their ads by offering ridiculous deals. If you do get the item purchased via these ads, it’s likely to be a sub-par counterfeit.

Tip: Shop with retailers you know and trust.

Bank scams

This scam operates year-round, but bad actors have an edge in the holiday season when people spend more. Fraudsters typically call, text, or email as your bank having noticed suspicious activity. They get you feeling anxious and then urge you to take action (e.g. click a link or share personal details) to address the issue.

Tip: Remember that banks never use unsolicited calls to ask for personal details, pressure you to give information, or tell you to move your money to a safe account.

Protecting yourself this season

The tips shared throughout this article will help. At the same time, setting up password managers and antivirus software can also be useful. We can help you secure your online activity year-round. Contact us today at (515)422-1995.

Boss Level: Cybersecurity and Online Gaming

by

Do you remember Pong? Or Galaga? Games such as these are now the stuff of old-school arcades. The graphics may have been a far cry from what you’ll see today, but there’s one advantage those games had: there were no cybersecurity worries when playing them. After all, they weren’t online like today’s gaming.

Online video gaming is meant to be fun. Yet, regrettably, there are risks once you connect to the internet. Your gaming account has value to cybercriminals. They might target your account to:

  • use your connected real-world money account to make in-game purchases;
  • steal virtual valuables which have real-world cash value;
  • trade your in-game items to their accounts;
  • sell your account to others;
  • scam others using your legitimate account.

These are not hypotheticals. One cybersecurity firm researching gaming found that the typical gamer has experienced an average of almost five cyberattacks. Worse, they didn’t detect it.

It doesn’t help that the games themselves make it easier for hackers. Take Fortnite. There are 100 players in one wave. Their usernames display right there on the screen when Scammer72 goes for the kill shot. In other games, bad actors might access usernames by going to the game’s high-score listings. Plus, this gives them an idea of who might have the most valuable account inventory.

Level up your gaming security

There are several steps you can take to game more safely. One is going to be familiar: use strong passwords. As with any of your online accounts, set up complex passwords or use a passphrase that’s difficult to hack.

Also, don’t reuse a password you’re using elsewhere. That amplifies the risk of account breach when another account’s credentials leak.

You can also enable multi-factor authentication. Many gaming platforms allow you to set up layers of protection. For instance, you would enter not only your username and password but also a code sent to your personal device or your email. This makes it more difficult for a hacker to get in. They need access to your physical technology or more than one of your accounts at once.

Finally, be wary of malware and phishing attempts. This could be an official-looking communication apparently from the game manufacturer or support. Or you might fall prey to a scammer via in-game messaging or chat. You might think it’s a user you know, but their account may be hacked. Or you make a new “friend” online who does not have good intentions. Keep best practices for any online activity in mind. Don’t click on links without first verifying the source.

We want you to be able to escape into video gaming for fun without worry. Ask our IT experts to review your security. We can check you’re not going to become the victim of a heist because you wanted to play Grand Theft Auto. Contact us today at (515)422-1995.

Common Cybersecurity Myths Debunked

by

In many areas of our lives, there are myths that we accept as fact. Some of these are actually quite dangerous: believing that lightning never strikes in the same place twice could be fatal. Similarly, there are cybersecurity myths that demand debunking to keep your business safe.

#1 “I’m too small to be attacked.”

Any size of business, in any industry, can be the target of a cyberattack. In fact, hackers often hit smaller businesses because they lack the necessary protection. Also, a small business is more likely to pay a ransom, because it can’t recover otherwise.

Plus, small businesses can be the first stepping stone in a supply-chain attack. After getting into your systems, they might send a fake invoice from you to the larger target. The enterprise client, trusting your credibility, opens the attacker’s malware. Or hackers can use your vendor credentials to gain access to the enterprise network.

#2 “Antivirus software is all I need.”

If only it were that easy. You need antivirus software, but you can’t protect all your IT infrastructure with one tool. To detect and defend, you’ll need a comprehensive cybersecurity plan. Combine employee security awareness training with physical security measures, and put in place many layers of network and device defense, too.

Then, keep everything patched and updated. That makes sure you’re leveraging what experts know about the evolving threat environment.

#3 “Cybersecurity is IT’s job, not mine.”

You may have an internal IT department you count on to handle cybersecurity. Many businesses also contract with a managed service provider (MSP) to keep them safe. These IT teams will work to secure your infrastructure and protect your data. They will put systems in place to detect threats and identify vulnerabilities. They can ensure appropriate data backup and do disaster recovery planning.

Still, IT experts (whether internal or external) are only one player in the battle. Your employees remain a weak link. They are the ones that may inadvertently download malware, fall for social engineering scams, or use easily guessed access credentials.

Your business needs to educate all employees about online safety and cybersecurity threats. Then, it’s everyone’s job to be aware and work to reduce risks to your business.

#4 “Too much cybersecurity will hurt our productivity”

This won’t be true if you set up effective security policies and protocols. Add regular monitoring and authentication tools that provide security without adding friction for employees.

In fact, enhanced cybersecurity can actually help your productivity. It frees people up to work on other important business with less worry.

Avoid a false sense of security

Trusting any of these myths can leave your business vulnerable to attack. A data breach or IT downtime can be devastating. Don’t risk the worst. Instead, work with IT experts to handle your cybersecurity, backups, compliance, and more. Contact us today at (515)422-1995.

Avoid Getting Your Cyber Insurance Payout Declined

by

Cyber insurance policies have existed since the early 2000s. Businesses going online wanted safeguards against risks associated with evolving cybersecurity threats. Having a cyber insurance policy is just a starting point, though, and your business also needs to understand the insurer’s expectations of you. Otherwise, you might find your claim gets denied.

As with most professional liability policies, your cyber insurance may have exclusions, including:

  • rogue employees;
  • wild viruses;
  • regulatory claims;
  • fines and penalties;
  • property damage.

Cyber insurers also may not pay out if they find “a failure to maintain.” This might also be “failure to follow” certain standards of care. It’s the online version of negligence. But what does it really mean?

Standard of care expectations

Insurance companies want proof that your business takes proper precautions to prevent cyberattacks. If you can’t show you’ve implemented strong security measures, you run the risk of a denied claim.

Your insurance doesn’t want to pay out. So, they’re going to require you to put protection in place. This can be internal or via a third-service provider (such as a managed service provider (MSP)).

Your security approach must be comprehensive. It’s best to map out all your technology so that you can identify every endpoint that needs protection. Relying on antivirus software, for instance, is unlikely to satisfy your insurance provider. Add active threat detection and response tools to your arsenal, too.

You’ll also need to show that you’re securing your supply chain. A breach exposing 40 million debit and credit cards started at a retailer’s HVAC vendor. Target estimated the breach cost $202 million. This was in 2013, but attack type remains a real threat due to digital interconnectedness.

Insurers also want to see evidence of effective training for your employees, because humans are the weak link. Your staff may not mean to do wrong, but they are the ones with weak passwords, or misplaced devices, and who may be downloading malware.

Expect insurers to also want you to have:

  • encryption to secure data;
  • multi-factor authentication to make unauthorized access more difficult;
  • virtual private networks (VPNs) to secure connections between computers and the internet;
  • regular data backup;
  • company policies and processes to respond to cybersecurity incidents.

Cyber insurance evolves, too

As the cyber environment is always evolving, insurers are regularly adapting. They may have quoted coverage for a particular risk but then changed their policies to decline that risk a year later. It’s one more thing to keep abreast of while also working to secure systems against cybercrime.

Have questions about your cyber insurance policy? An MSP can review your security policy and ensure you’re doing everything to maintain coverage. Our experts can also run regular audits and provide proof of your efforts. Contact us today at (515)422-1995.

Is It Worth Waiting for Something Bad to Happen?

by

It’s estimated that 46% of users lose data each year. Yet businesses may not invest in proactive data backup. They think data loss won’t impact them or don’t know how to back up in the first place.

Still, backup is more affordable and accessible than data recovery after the fact.

Any business in any industry is at risk of a data breach. It can come from an unintentional human error on the inside. Maybe someone means to send a sensitive spreadsheet to a colleague and sends it “reply all.” Oh no! Members of the press and the public were on that email thread!

Then, there are cybercriminals working diligently to attack vulnerable organizations. Sometimes they do it to obtain data they can sell, or they might install ransomware to charge you money to regain access to your data. They could also hack you to try to get to a bigger target in your supply chain.

Bad guys’ motivation aside, a data breach will hurt your business. Suffering a data breach can lead to:

  • extensive interruption of business operations;
  • financial losses;
  • damaged business reputation;
  • compliance and regulatory issues and fines.

In short, it’s not worth the risk of paying for data recovery, data breaches or ransomware. You can invest a lot less upfront to protect your data.

Prevent the Worst from Happening

Keeping your business safe from cyberscams and other risks is essential. Do it in advance. Take preventative measures to avoid the larger cost of cleaning up a cyber mess after it happens.

Invest in a solution that will manage all your software and system updates. Keep your system up to date with patch management to close weaknesses criminals might exploit.

You’ll also want to install a firewall to block any brute-force attacks made on your network. Secure any endpoints connecting to your network from outside the firewall, as well. If employees connect remotely using mobile devices, tablets, and laptops, this means you.

Also, invest in data backup. Having your data backed up can help you avoid serious downtime and give you more control in a ransomware situation.

Staying current on all the ways to protect your business from cybercrime can be overwhelming, but don’t deny the problem. Yes, a data breach could happen to you, and it costs so much more to deal with after the fact.

Be proactive by partnering with a managed service provider (MSP). For a fixed monthly cost, an MSP can take on your patch management and ensure data backups. We can help you maintain a high level of protection against threats. Contact us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy