LetMeIn101: How the Bad Guys Get Your Password

by

Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.

Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.

Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.

Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.

Tip: Be cautious about your online activity on computers or networks you don’t trust.

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

Contact our experts today! Call us at 478-474-0861.

Island Hopping: Not Always a Good Thing

by

The phrase “island hopping” conjures up positive images. You might think of cruising beautiful sandy beaches on a tour of tropical islands. Too bad cybercriminals have given the term a new, less pleasant spin.

Island hopping is an increasingly popular method of attacking businesses. In this approach, the cybercriminal targets a business indirectly. The bad actors first go after the target’s smaller strategic partners. So, vendors or affiliates, who might not have the same level of cybersecurity, become stepping stones to hop.

Attackers might hack into smaller businesses handling the target’s HR, payroll, accounting, healthcare, or marketing. Then, they take advantage of the pre-existing relationship to access the final destination.

Humans are trusting. Cybercriminals exploit that. With island hopping, attackers leverage the trust established between strategic partners.

It’s quite simple: attackers gain access to Company A and send a counterfeit business communication to Company B. Company B, knowing the sender, is less likely to question a download link or opening an attachment.

After all, it’s not coming from a stranger; it’s a message from perfectly pleasant Jenny at Company A. You may have in the past already shared logins to various sites/portals, or passwords to unlock zip files.

The Rise of Island Hopping

This is not a brand-new form of attack. In fact, it’s named after a military strategy which the United States used in World War II to establish a stronghold in the Pacific Islands.

Perhaps the best-known island-hopping cyberattack was seen in the United States in 2013. Retail giant Target was the aptly named target of a point-of-sale system breach. Hackers stole payment information from 40 million customers. The first “island” in the planned attack was Fazio Mechanical Services. The heating and refrigeration firm suffered a malware attack shortly before Target’s breach. Fazio’s hackers stole email credentials needed to access the retailer’s networks.

As enterprises continue to strengthen their cybersecurity, it’s predicted that island hopping will gain momentum. According to Accenture’s Technology Vision 2019 report, less than a third of businesses globally know how strategic partners secure their networks. A majority (56%) rely on trust that business partners would uphold security standards.

Preventing Island Hopping

You may be one of the islands to hop or the attackers’ final destination. It depends on your business size and industry. Either way, your business is vulnerable to malware attack, infected systems, or a data breach. Plus, if you’re the stepping stone, you’re likely to lose the target company’s business, too.

How do you prevent island hopping? First, secure your own networks and systems:

  • Follow best practices to detect and identify vulnerabilities and reduce risk.
  • Educate your employees about the dangers of business communication scams.
  • Raise awareness of phishing schemes and social engineering.
  • Require two-factor user authentication.
  • Change all default, generic, or predictable passwords.
  • Keep security up to date (patching and system upgrades are mandatory).
  • Control who can access your networks and servers.
  • Protect all endpoints (including employee devices in a Bring Your Own Device workplace).

When it comes to cyber island hopping, your business doesn’t want to be a layover or the final destination. Keep your cybersecurity borders tight to avoid unwanted visitors.

Want to make your business inhospitable to island hoppers? Work with a managed service provider. They can help assess cybersecurity, provide a plan to reduce risk, and upgrade technology. Let us support your efforts to fend off unwanted tourists.

Give us a call on 478-474-0861.

Immediate Business Answers with Instant Messenger

by

You may have hated group projects in school, but collaboration is a lifeblood of business. Yet members of a team may not work in the same workspace. Even those who do, don’t want to spend their day crisscrossing the office to get quick questions answered. While they could send an email or pick up the phone, instant messaging is an even more efficient solution.

Don’t confuse this solution with the old AOL or MSN Instant messenger. Instant messaging (IM) for business takes group communication and collaboration up a notch.

First, IM is truly instant communication, faster even than email. When you type in your comment and hit Enter, your message appears on the screen instantly. You can see it, and everyone else in the chat can see it. While email is fast, it’s not instant. You must wait for the email to arrive and hope the recipient has their inbox up and will answer right away.

Calling on the phone could be as instantaneous, but often you’re going to get voicemail. Don’t even try to get several people on the phone at the same time without prescheduling a time! With IM, employees can chat in real time as if they were on the phone with someone or on a conference call. An added bonus?

They can use IM while on the phone too. So, a sales team could have IM up to relay information, while on the call, to make the best impression with the client.

Users can click and drag files, images, spreadsheets, PDFs, and more into the chat. For some businesses, IM is a way to keep all team documentation accessible in a single place.

IM Improves Productivity

Common business IM applications, such as Slack or Microsoft Teams, allow users to coordinate chats for greater efficiency. In group channels everyone on the channel can see what is going on. So, a business might set up channels for different client projects or a certain team members. Even clients can be invited to participate on channels.

IM also allows for direct person-to-person messaging. So, someone in marketing might shoot over a screenshot for a quick vote on wording or font size.

Group channels (open or private) and direct messages in the IM app become a record of what’s been going on over time. They are searchable and have many integrations with other tools you may be using in your office. For example, someone could post a link to a Dropbox or Google Docs file and instant messenger will show a preview.

A possible drawback is that instant messaging can be distracting. Being “always available” makes it more difficult to focus on the task at hand. Fortunately, most instant messengers let users change their status to “Away.” They will still be in the chat, but not available to respond to messages. Otherwise, the user can simply close the app.

IM’s Other Benefits

Since many instant messengers for business are also phone applications, employees also gain mobility. After downloading the app, people can access the system from any Internet-connected device. Talk about real-time communication and collaboration.

Other business benefits of instant messaging? Our email inboxes get cluttered with messages that steal attention and waste time. The same thing doesn’t happen in business IM as users are only in channels with other invited parties.

With an IM solution, employees won’t use personal texting, which could have compliance implications. Providing a continuous record of communications, IM channels can also help quality control.

Ready to make the move to instant messaging for your business? Let us help you find the best solution for your needs. Give us a call at 478-474-0861!

Do Macs Get Viruses?

by

Many Apple owners believe their Macintosh computers are immune to viruses. Apple itself has run ad campaigns promising its computers “don’t get viruses”. And those who have owned a Mac for years, decades even, are particularly prone to believing. After all, nothing’s happened to them yet. Regrettably, Macs do get viruses, and the threat is growing.

For a long time the argument was that cybercriminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows.

Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.

The research reflects the reality. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by total number of distinct vulnerabilities. Apple TV and Safari also made the list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac malware in 2017 than in any previous year”. By the end of 2017, the cybersecurity firm had counted 270% more unique threats on the Mac platform than in 2016.

Finding Apple’s Weak Spots

It’s obvious then that bad actors are no longer steering clear. They are actively looking for ways to exploit Macs.

A common approach is to use Trojans. Named after a gift wooden horse that hid an army, Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and open the gates to the cybercriminal.

In 2011, for instance, a Trojan called “Mac Defender” took advantage of people’s desire to protect their computers. The fake program appeared to be anti-virus software. Once the users installed it, they’d get an onslaught of pop-up ads encouraging them to buy more fake software.

Trojans get through the gates because you let your guard down. You are taken in by that supposed note from a long-lost friend. You think you want to see that pic of that famous celebrity. All it takes to stop this type of attack is suspicion of everything you might install or download.

A business would want to educate its employees about the importance of:

  • clicking on emails with care;
  • validating the source of any files they plan to open;
  • checking a website’s URL (being especially wary of those with less common endings such as .cc or .co);
  • questioning any promises of Ray-Ban sunglasses for 90% off or the latest iPhone for $29.99.

A new threat comes from within the Mac App Store, according to Thomas Reed, a Mac security researcher. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Reed found that cybercriminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.

Key Takeaway

Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe.

Find out what you can do to protect your Macs and guard against threats. Partner with a managed services provider to gauge your security levels.

Call us today at 478-474-0861!

MSP Facts: Common Managed Service Myths — Busted

by

Managed Service Providers (MSPs) are not stuff of legend like minotaur’s and unicorns. Yet there are many common myths around managed services. These can cloud understanding of a MSP’s true value. Consider the facts to decide whether partnering with a third-party IT vendor is right for you.

 

Myth #1: MSPs don’t understand our business.

Not every MSP will understand your business, that’s correct. But not every MSP is the same. The right MSP examines your existing infrastructure and workflows. They’ll also meet with your people to understand their needs.

Hiring a MSP adds IT experts who can make specific technology recommendations. Meanwhile, your in-house IT team can focus on driving growth.

Myth #2: Outsourcing to a MSP is too costly.

Take a look at your IT budget today. Internal IT costs are typically high and often unpredictable. Managed services help you stay on top of your IT costs. Your business pays a simple, manageable monthly or quarterly fee. This makes IT operating expenses easier to budget.

MSPs also provide long-term cost savings by:

  • Reducing applications downtime
  • Cutting costs of IT infrastructure
  • Improving IT team productivity
  • Implementing greater security to avoid costly cyber attacks

Myth #3: Only enterprise-sized businesses can use MSPs.

One common misconception is that only big corporations hire outsourced managed service professionals. In fact, small- to medium-sized businesses can benefit more from working with a MSP. After all, large businesses tend to have a dedicated IT to secure data and maintain its systems. Smaller companies have more difficulty competing for IT talent.

Outsourcing gives any business access to skilled IT specialists. They are specialists in securing data, managing networks, and user access. You get top talent and best practices, without having to add employees to your roster.

“Recent market studies show that, when properly executed, managed services for IT can reduce in-house IT costs by upwards of 40 percent while simultaneously facilitating a 50 to 60 percent increase in IT efficiencies.” Cisco

Myth #4: You lose control of your business.

Only if you hand it over to the MSP or don’t effectively manage your partnership with your provider. You should hire an MSP with an understanding of what level of control you want to retain. Lay out the relationship in a Service Level Agreement. This document should outline expectations, roles and responsibilities, and scope of services.

Before hiring a MSP, look at client testimonials. Have others found the MSP works with businesses to only do what needs done? Ask prospective MSPs how they will keep you up-to-date about the work they do. Also, identify someone on your team to actively manage that MSP relationship.

Myth #5: You only use an MSP for security backup.

Sure, backup and disaster recovery, are the primary service outsourced to MSPs. But that is not the only reason businesses turn to managed services. Other common managed services include archiving, networking, application management, and support services.

The MSP does the work your IT team finds tedious and your general employees care little about (but rely upon). Outsource monitoring and maintaining backend technology and routine, recurring tasks. You gain high quality, consistent IT support. And you improve the morale of your overworked, overextended IT team along the way.

Business today relies on its technology to be successful. Big or small, your business can benefit. Free up internal IT teams to focus on more value-adding initiatives. Take advantage of a MSP’s expert help and powerful new technology.

Ready to outsource IT? Give us a call at 478-474-0861 or goto QualityCareSuite.com.

FOLLOW US

Recent Posts

Tags

#bestservice #computerrepair #nocontract #qualitycomputers backup bad hard drive cloud computer repair consumer data loss data recovery email Hacker msp new computer new laptop online safety QualityCareSuite recover data remote support repair sale scam service small business Webcam