Tackle These Four False Assumptions about Cyber Attackers

by

There’s one big assumption about cyber attackers that we regularly refute: “It can’t happen to me.” At this point, most businesses do recognize the serious nature of the cyberattack threat. Yet other assumptions about cyberattackers may also make your business vulnerable. Educate your employees about these four main misconceptions. Raising their awareness can help secure your systems against social engineering attacks.

Start with the assumption that any technology is 100 percent safe. This is as misguided as the idea that your business won’t be a victim of a cyberattack. Some employees may believe that Google and Microsoft activity is always secure. That’s not the case.

Google and Microsoft have massive market shares, and it makes sense that bad actors target their cloud storage and content distribution. Once they’re in, they have ample opportunity to scam people.

Another false assumption is that threat actors go in blind with a scatter-shot approach. In fact, many social engineers do their research first. They learn what they can about your employees, your org chart, and what your business does. This helps them to develop more credible attacks.

Cybercriminals take the time to build rapport before initiating an attack. They may send unassuming conversational emails first, which helps them lull your people into seeing them as a trusted source. After establishing false security, criminals make an urgent request or plea for help.

Counter these misconceptions too

Cyberattackers may also make their play over the phone. So, don’t assume that your online interactions are the only thing to protect. There are hundreds of thousands of “vishing” threats every day. The bad actor may send an email without any malicious links or attachments, but there’s a number to call. If your employee calls in, they’ll talk with a convincing criminal. The bad actor might act as a call center or customer service agent.

Also warn employees against the assumption that responding to an existing email is always safe. It is much easier than they might think for someone to hijack a colleague or client’s email inbox. Then, the criminals use a pre-existing email thread to send a malicious attachment or URL, or use the connection to ask the employee to perform some action for the threat actor.

Finally, emphasize the point that anything is fair game. Cybercriminals will attack anyone, in any way they can. This includes leveraging current events, pop culture, and even international health crises. One campaign exploited victims by offering early access to Season 2 of the streaming success “Squid Game”, and during COVID lockdowns, hackers offered free masks or free tests to get people to download infected files.

There is money in cybercrime – a lot of it. The bad guys are highly motivated and always looking for new ways to exploit human weaknesses. Discuss cybersecurity assumptions with your employees and put protective measures in place to secure your IT. Our experts can help. Contact us today at (515)422-1995.

Don’t Give Up on Password Managers

by

Seeing a major password manager breached, it’s hard not to throw up your hands and say, “it’s helpless.” Still, don’t give up on all password managers. Used properly, they are still better than a password spreadsheet or sticky notes of your credentials. Plus, it’s definitely smarter than reusing the same password to access more than one account.

According to LastPass, the December breach affected 30 million users and 85,000 businesses. Threat actors stole a large amount of data, including encrypted customer vaults. Industry experts are not enthusiastic about the breach handling or why it happened. So, leaving LastPass may make sense.

Yet abandoning password managers may not help you secure your sensitive data. Instead, prefer a cloud-based password manager that has no way of decrypting your data. This is a zero-knowledge password management architecture, which means that you are one with the secret key needed to access your encrypted data. That way, if the data is stolen or lost, the threat actors would still need to decode your key.

This means, of course, that you need to protect your secret key. Also, you need to make it complicated enough that the bad actors can’t hack it. So, using “password123” as your secret key would not be secure. Many security experts now recommend using a passphrase instead of complicated passwords.

Enforce Multi-Factor Authentication

Multi-factor authentication (MFA) helps stop bad actors by making access more difficult. They can’t get in with a username and password alone. You add another variable for confirmation before they can compromise your account.

You’re likely already familiar with two-factor authentication. It’s typically done through a text message or an email to another account, but these can both be compromised as well.

Biometric MFA is typically best (e.g. fingerprint or face identification). If that’s not available, prefer an authenticator app (e.g. Microsoft authenticator) or a Fido 2.0 key (e.g. YubiKey).

A Fido 2.0 key is a USB device that you keep in your physical possession to provide passwordless MFA logins. Instead of having an authentication code sent to you, you press a button on your key. It sends your code to confirm your identity. When your unique code is received, the system logs you in.

Worried you’d lose the physical key? That’s not ideal. That’s why it’s a good idea to get two. Meanwhile, the Fido 2.0 key doesn’t store identifiable usernames or any of your passwords. So, anyone finding that lost key would have no way of knowing what you use it to authenticate.

Ultimately, it’s best to prepare for any service to be breached. Cut your risk by keeping up with the latest technology for protecting your data. We can help. Contact our experts today to help you put appropriate security measures in place. Call us at (515)422-1995.

Leave that USB Drive Where You Found It

by

You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the car park of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don’t do it. Risks abound.

Consider this jaw-dropping example. That’s how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the car park.

From there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network.

Risk of thumb drive attack

Now, you might be thinking, “but I’m not an Iranian nuclear facility.” But that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact, one study found that 60 percent of people were likely to connect random thumb drives found near their building. If the business logo was on the drive, the number went up to 90 percent.

USB stands for Universal Serial Bus. Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors.

Hackers can pre-program USBs to act maliciously once connected to the network. They might:

  • steal a user’s data;
  • gain access to the user’s keyboard;
  • monitor the user’s screen;
  • encrypt user data in exchange for a ransom;
  • spread infection.

Most of these can happen without the user even knowing it, as the malware runs in the background.

Avoid USB drive attacks

How do you keep your business safe from infected USB drives? First, don’t insert unknown flash drives. Hackers will try to take advantage of human curiosity or their desire to help.

It’s also good to use different flash drives for personal and professional computers. This helps cut the chances that you’ll spread an infection from one to the other.

You might also enable security measures on USB drives, such as fingerprint authentication. This, and keeping computer software and hardware up to date, can cut vulnerabilities. Also, keep your malware and anti-virus protections current, and patch regularly.

Windows users can also disable the Autorun function. This prevents Windows from automatically opening removable media immediately upon insertion.

We’re here to help. Call us at (515)422-1995 to contact our experts if you suspect a security threat or want to update your security posture.

Is Your Data Breached? What To Do

by

News of data breaches is all too common. This company apologizes for six million accounts breached. That company acknowledges hackers accessed 35,000 users’ personal identifiable information. But the question that probably matters most: Is your data breached, too?

The company should contact you if your information is in a data leak, but you can’t rely on that. You can also find out if your phone number or email address has been leaked by visiting https://haveibeenpwned.com/.

HaveIBeenPwned has uploaded various breaches and consolidated the information to make searching easy. Enter your address and get a list of breaches that compromised that email. You’ll get a summary paragraph as well as a description of data compromised in each breach.

It is not uplifting reading!

Next, the question is what to do about your breached information.

Steps to Better Security

First, change your passwords for those breached accounts. If you use that same password to access other accounts, change those passwords, as well, even if they are not listed as leaked.

Always avoid reusing passwords. Yes, it can be a hassle to remember many different access credentials, but you risk exposing many accounts if you keep reusing one email address and password combo over and again.

Make using unique passwords for all accounts easier by using a password manager. A manager can store your many passwords in one place and generate strong ones to use. You can often download an app to your mobile device, which gives you the convenience of filling in your credentials when you’re on the go, too.

The next step is to use two-factor authentication (2FA).

Understanding 2FA

This adds a layer of difficulty for hackers trying to access your accounts. Even if they had your username and password, they would need a second way to verify your identity.

Using 2FA requires you to provide one of the following before you can gain access:

  • something you know (e.g. the answer to a secret question);
  • something you have (e.g. your smartphone);
  • something you are (e.g. your fingerprint).

A bad actor would need to have not only your leaked credentials but also your other “something.”

A common approach to FA is an SMS text message or voice-based authentication. You enter your credentials, then the site follows up with a text or phone call providing a separate code you must then enter. This is not the best method, however. Scammers can hack the SIM card associated with your device, and then use your number to make and receive calls and texts.

Software tokens for 2FA are a safer solution. You’ll download and install an application on your phone (e.g. Authy or Okta Verify). It can generate a unique verification code that is valid only for 30-60 seconds.

Want to learn more about password management and soft-token 2FA. We’re here to help. Contact us today at (515)422-1995.

Even the Vatican Is Vulnerable to Cyberattack – Are You?

by

You’ve heard it before: no one is immune from cyberattacks. Doubt that statement? The Vatican suffered an attack that prompted it to take its websites offline. Yes, even the Holy See can suffer a Denial of Service (DDoS attack).

The November 30, 2022 attack affected the official Vatican.va website. Several other Vatican sites were also inaccessible for hours.

The suspected hack came a day after Pope Francis condemned Russia’s invasion of Ukraine. In an interview, he singled out particular troops for their “cruelty” during the war.

You may think your business is not doing anything to provoke Russian cyber response, but that’s not the only way you become vulnerable to cyberattack.

Know your vulnerabilities online

A vulnerability is a point of weakness cyber bad guys exploit to access your systems. They can use these shortcomings to cause damage and undermine data privacy. Common vulnerabilities include:

  • firewall weakness
  • operating system flaws
  • network misconfigurations
  • unpatched software
  • weak access credentials
  • unencrypted information

Not every vulnerability is exploitable, as attackers may not have enough public information to leverage the weakness. Your existing security controls may be protecting the weakness, or the attacker may need authentication or local system access to target the vulnerability.

Still, vulnerabilities of any kind can put your business technology at risk.

Causes of vulnerabilities

There are many reasons for IT vulnerabilities. That’s one of the big challenges of cybersecurity. As your business enters 2023, take the time to look for symptoms such as:

  • complex systems which make misconfigurations and flaws more likely.
  • unsecured operating systems which risk viruses and malware.
  • poor password management with employees using weak passwords or reusing access credentials.
  • connectivity sprawl – each device and other connected endpoint expand your attack surface.
  • assuming user input is safe, which can lead to unintended consequences -instead, set up your systems to verify before access.

Identify vulnerabilities with network scans and by reviewing firewall logs. You should also map out your technology and all endpoints. You can’t protect it if you don’t know it needs security.

Also, update any software or hardware whenever possible. Plus, check the level of risk associated with any other vulnerabilities. Then, find countermeasures or patches to boost your security.

Protect against cyberattack

The Vatican had an $887 million budget in 2022, and you can expect they spent some of that on cybersecurity, but it proved insufficient. Still, the Holy See will rebound. The Catholic religion has endured many types of attacks over its nearly 2000 years. In fact, it also suffered a targeted attack by Chinese hackers in 2020.

Your business may not have the same resilience to cyberattack and unplanned downtime. Our IT experts can help you shore up your cybersecurity. Whatever your budget, there are steps we can take to ensure you’re ready to combat a cyberattack. Call us now at (5515)422-1995.

Benefits of Monitoring the Dark Web

by

The Dark Web is a hub for criminal activity. Even if your business is legitimate, you can’t ignore the Dark Web entirely. This article will explain the Dark Web and the benefits of monitoring its thousands of pages.

The US government created the Dark Web in the mid-1990s for spies to exchange information. It is still visited today by journalists and law enforcement agencies. People in countries prohibiting open communication might also use the Dark Web.

Yet the Dark Web is also home to illegal activity. This is where users can find weapons, child pornography, and counterfeit money. Criminals can also access malware, leaked data, and stolen information (including access credentials).

Bad actors like the Dark Web because it isn’t something you can find on your typical browser. The Dark Web is hidden from standard search engines, and you need specific software, configurations, or authorization to access it. Users also hide their IP addresses and use encryption to mask their identities.

Why Monitor the Dark Web?

There’s a real threat of your business suffering cyber assault. This could result in brand damage, significant financial losses, and intellectual property theft. If your business isn’t monitoring the Dark Web, you won’t know what is on there that could harm your business.

Dark Web monitoring can help you find:

  • compromised usernames and passwords;
  • proprietary company information available online;
  • stolen customer lists;
  • evidence of employee identity theft.

With Dark Web monitoring, you can limit damage to your bottom line and brand reputation. Surveillance can also help you find weaknesses and plan to prevent future attacks.

How Does Dark Web Monitoring Work?

Dark Web monitoring checks chat rooms, blogs, forums, private networks, and other sites that criminals visit. Using human and artificial intelligence, scans search for stolen customer lists or data, staff login passwords, and business email domains and IP addresses. You’re notified if there are any issues. Awareness can reduce the time it takes to discover a breach and address weaknesses.

Protecting Your Business from the Dark Web

Monitoring is the only way to shore up your cybersecurity. Obviously, it’s better if the scans find nothing from your business. So, it’s a good idea to strengthen your cyber hygiene. You can do so by:

  • educating employees about secure passwords and how to spot a phishing scam;
  • investing in password managers and antivirus and anti-malware software;
  • keeping all hardware and software up to date.

Monitoring the Dark Web is not something every business can handle solo. Even though the Dark web is far smaller than the Web you’re on every day, there are thousands of pages to scan.

Our experts can boost your cybersecurity protections and set up Dark Web monitoring. Contact us today at (515)422-1995 to lower your risk profile.

What is SIM Jacking, and Why Should You Care?

by

If you play the popular SIMS life-simulation video game, you could think SIM jacking means someone takes over your characters, but the reality is even worse. SIM jacking is a type of identity theft targeting your real-life identity via your phone.

In SIM jacking a bad actor uses the subscriber identity module (SIM) card associated with your cellphone number to make calls, send texts, and use data. This has several potential negative outcomes:

  • Your phone bill goes off the charts with international calling and data usage fees.
  • They might impersonate you by sending texts to scam your friends and family.
  • They can sign up for new email and social media accounts using your phone number.

Most importantly? They can use your phone number and SIM card to sign into your personal accounts. Many of us use text messaging for authentication. That’s when a site, say your bank, sends a code to your phone to confirm it’s you.

Now, imagine the criminal has access to your bank account through a leaked password. Whereas they couldn’t get in before because of two-factor authentication, they now have your SIM card, too. That means the SMS to authenticate your account also goes to them. They’re in, and you’re out.

How Does SIM Jacking Work?

Typically it starts, as so many cyberattacks do, with phishing. You might get a text or email that looks like it is from the cellphone carrier that asks you to click on a link. It might tell you there’s been suspicious activity on your account or that your bill is past due. It’s usually something that will make you anxious and feel the need to act urgently.

You’re taken to a fake website where you provide your name, address, cell phone number, and date of birth. With the right information, the scammer contacts your phone carrier and asks for a new SIM card. Once they have that in hand, they access your account and take over your cellphone. If they pair that with leaked credentials, they can really do damage.

If you’ve been SIM jacked, you’ll find out after the fact. You will no longer have a signal connection, so you won’t be able to send texts or make or receive calls. You may also have difficulty signing into the hacked accounts.

If you do think you’ve been SIM jacked, contact your carrier ASAP. Also, change your passwords and let your friends and family know. Otherwise, they might fall victim to a malware attack that appears to come from you.

Protect Yourself from SIM Jacking

Be careful with your personal information. Be wary of any requests to share your sensitive information online. Avoid taking action based on text messages or emails from people you don’t know and trust.

Protect yourself by using an authentication app such as Google Authenticator or Authy. Do this instead of using text messages to authenticate yourself online.

Always update the applications on your smartphone. Yes, it seems like there are constantly new updates, but they can be protecting you from vulnerabilities.

You might also get a request to restart your phone. This is a common sign your SIM card has been hacked. If you do it, you’ll lose control of your SIM card. So, call your carrier first.

It’s also a good idea to regularly review your phone bills for any charges that you don’t recognize.

Want to protect your online activity? Our IT experts can help update your applications and identify any vulnerabilities. Contact us today at (515)422-1995.

What Is Microsoft Secure Score?

by

Security is a priority no matter the size of your business. Recognizing this, Microsoft has a Secure Score measurement in its 365 Defender dashboard. But what is Secure Score, and how does it help your business? This article explains the basics.

Secure Score measures your security posture. It reviews your activity and security settings against Microsoft’s best practices. The idea is to identify areas to enhance protection and provide suggestions.

In the dashboard, administrators can view the current state of their security score. It considers all Microsoft identities, apps, and devices. There is also a target score. The higher your target score, the more recommended actions you’ll get, although Microsoft cautions that you should balance increased security against user experience.

Secure Score Recommendations

Secure Score shows you possible improvements considering security best practices. Secure Store currently offers recommendations for:

  • Microsoft 365 (including Exchange Online);
  • Azure Active Directory;
  • Microsoft Defender for Endpoint, Identity, and Cloud Apps;
  • Microsoft Teams.

The score does not measure the likelihood of a system or data breach. Instead, it looks at system configurations, user behavior, and other security-related measurements. Then, it scores what you’ve done to offset security risk in real-time.

Microsoft not only lists security recommendations but also tracks your action plan. The implementation section shares prerequisites and provides step-by-step advice to complete improvement actions. You can report on status (e.g. planned, risk accepted, resolved through third party, and complete). Rankings also help you gauge implementation difficulty, user impact, and complexity.

Scoring Security with Microsoft

The more improvement action you take, the higher your score. For example, you’re given points for:

  • configuring recommended security features;
  • doing security-related tasks;
  • addressing suggested improvements with a third-party application or software, or alternate mitigation.

Microsoft Secure Score also compares your metrics with scores for similar organizations. The data is anonymous, but in the Metrics & Trends tab, you can view how your score compares to others over time.

Raising Your Secure Score

How can you have an immediate impact on your Secure Score? These three steps can boost your organization’s security:

  1. Enable multi-factor authentication on administrator accounts in case account credentials are compromised.
  2. Enforce password expiration policies to prevent the usage of leaked credentials.
  3. Set up Azure Active Directory to track, log, alert, and remediate and better protect sensitive data and information.

Our IT experts are here to help you understand Secure Score. We can help enact action plans to apply the recommendations. Contact us today at (515)422-1995.

What Does a Data Breach Look Like

by

Part of the problem with a data breach is that your business doesn’t know about it until it’s already happened – sometimes well after. Knowing the signs of a data breach can help you mitigate the damage.

Don’t get complacent about cybersecurity. There are many things competing for your attention. But cyber vulnerabilities can mean unexpected downtime, as well as loss of data or money, and more.

Of course, you’re already installing firewalls and securing all remote entry points. You’re updating your antivirus tools and software regularly. Plus, you’re keeping strong passwords and educating employees about social engineering.

Still, bad actors can attack. Be vigilant about looking for these common signs of a potential breach.

Computer slows down

If your computer appears to be taking longer than usual to do what you ask, pay attention. You may not be imagining it. This, or frequent crashes or screen freezes, could be a sign of malware. Unwanted viruses may be monitoring your activities, corrupting files, and consuming device resources.

A slow network is another indicator of compromise, as is losing control of your computer’s mouse or keyboard. Malware takes substantial network bandwidth and can slow computers and connected devices.

Passwords don’t work

You have set passwords or you’re working with passphrases. You know what you set as your access credential, but it’s no longer working. This could mean cybercriminals have taken control of your accounts and changed the passwords.

Emails back from contacts

If you’re getting emails from your vendors or customers responding to messages you didn’t send, that’s a bad sign. Either you’re overworked and forgetting what you sent, or hackers have taken over your inbox and are using your address to send messages. They might masquerade as you to send fake invoices or request access credentials.

Unknown files appear

It is not a good sign when files that you don’t recognize appear on your screen or in Task Manager. Installing malware often downloads extra files onto the target machine. So, new files you didn’t add could mean an attack has occurred.

Also, be wary if file names change or the desktop icons look different. Monitoring for changes can help you react before a large amount of data is compromised.

Ransomware request

This one’s obvious, but we can’t fail to mention it. If your accounts are locked or you face a screen you can’t get past, you may be a ransomware victim. When someone offers you an encryption key to access your accounts or files, it’s definite.

Help prevent a ransomware infection by keeping your operating system up to date. Also, avoid installing any software without knowing exactly what it is or what it does. Additionally, you’ll want to regularly back up your files. That way, if attacked, the damage may be less significant.

With 90% of small businesses impacted by cyberattacks, you can’t afford to ignore any of these symptoms. The best protection is to prevent any infiltration in the first place. Ensure you have the necessary protection in place. Contact us today at (515)422-1995!

What You Need to Know About Browser Extension Risks

by

With “Googling it” now a common expression, it’s safe to say you do a lot online. To do it all you’re using a Web browser (such as Chrome, Edge, Firefox, etc.). To do it all more efficiently or effectively, you could be using browser extensions, but this article is going to warn you against doing so.

To clarify, browser extensions are code add-ons that you connect to your browser. You can use them to personalize your surfing experience, and they accomplish many different things, including:

  • saving time (e.g. Scribe, Evernote, StayFocusd);
  • checking your grammar (e.g. Grammarly);
  • managing your passwords (e.g. Keeper, LastPass);
  • securing your online activity (e.g. DuckDuckGo, Ghostery)

Even though we’ve just said they can help secure your online activity and manage your passwords, the problem is that they are also risky.

Consider the fact that we said this represents added code. Now, how much coding do you know? Most will say “not a lot.” That means you’re blindly trusting that browser extension.

If you download a malicious one, that code can wreak havoc. Suddenly, your default search engine gets changed, or you get redirected to a start page with malware on it. You might face an onslaught of pop-ups or ads. They can also track your browsing history without you knowing it.

That’s just the beginning

Many browsers today want to keep you safe from malevolent extensions. They’ll have permissions in place before allowing access. Yet you still end up giving that extension a lot of access. For example, an extension modifying google.com needs access to all your Google activity. That means your Gmail, too.

Browser extensions access everything you’re doing online. So, a malicious extension could also function as a keylogger capturing passwords or credit card details.

A browser extension can also be sold to or hijacked by a bad actor. Then, it’s easy enough for them to push out an update that turns your trusted extension into malware.

What to do about this issue

Does this mean you should do without browser extensions? There are even browser extensions out there to block other browser extensions, but abstinence from extensions is not your only solution.

Instead, we’d recommend reviewing the safety and credibility of that extension. This means you should:

  • Check to see who published the extension.
  • Look at the reviews. A high number of positive reviews is a good sign. Thousands of people are unlikely to give five stars to a malicious extension.
  • Pay attention to the permissions required. If an extension claims to modify only one website, check that it accesses that site only.
  • Protect yourself with a good antivirus solution.
  • Keep your antivirus solution and other software updated.

It’s also easier to stay safe by limiting the number of installed extensions you use. If you have browser extensions that you aren’t using, uninstall them. This can cut your exposure to potential threats.

Another way to secure your online activity? Work with our IT experts. We can check permissions and review your extensions. We’ll also ensure your antivirus and software are up to date. Contact us today at (515)422-1995.

Click to see our BBB Report

FOLLOW US

VISIT US

Privacy Policy