The Dark Web and Its Impact on Your Business

by

Business owners today know the internet is not only a force for good. Some people exploit the Web for ill intent. They congregate on the Dark Web, and small businesses need to understand the risks.

What is the Dark Web?

You and your employees spend time daily on the Web. They’re researching clients, checking out competitors, and searching for information. They are not accessing the Dark Web. The Dark Web houses dangerous, often illegal activity. This includes black-market drug sales, illegal firearm sales, and illicit pornography.

The Dark Web’s collection of websites is inaccessible using standard search engines or browsers. Users employ a Tor or I2P encryption tool to hide their identity and activity, and they spoof IP addresses.

To go into the Dark Web, you also need to be using the Tor or I2P service. Plus, you’d need to know where to find the site you are looking for. There are Dark Web directories, but they are unreliable. The people on the Dark Web don’t want their victims to find them. Ultimately, it’s not somewhere you or your employees need to be.

So, why do you need to know about it? Because Dark Web users can buy:

  • usernames and passwords
  • counterfeit money
  • stolen credit card numbers or subscription credentials
  • software to break into people’s computers
  • operational, financial, or customer data
  • intellectual property or trade secrets

The Dark Web is also where someone can hire a hacker to attack your computers.

The Dark Web business risk

The Dark Web itself isn’t illegal, and not all its traffic is criminal. It is also visited by journalists and law enforcement agencies, and it’s used in countries prohibiting open communication.

Yet the number of Dark Web listings that could harm your business is growing. A 2019 research study found that 60% of all listings could harm enterprises, and the number of those Dark Web listings has risen by 20% since 2016.

Business risks from these Dark Web listings include:

  • undermining brand reputation
  • loss of competitive advantage
  • denial-of-service attack or malware disruption
  • IP theft
  • fraudulent activity

With media attention on data breaches impacting millions, it’s easy to think a small business is not at risk. However, bad actors don’t target a business for its size – they look for ease of access.

Dark Web information is up to twenty times more likely to come from an unreported breach. Privacy specialists told a Federal Trade Commission Conference victims included medical practices, retailers, school districts, restaurant chains, and other small businesses.

Reduce your risk

If your information ends up on the Dark Web, there’s little you can do about it. The bright side, at least, is that you would know that your business security has been compromised. Be proactive instead. Keep your security protections current, and install security patches regularly.

Consider a unified threat management (UTM) device, or UTM appliance. The UTM plugs into your network to serve as a gateway and protect your business from malware, illicit access, and other security risks.

Your UTM security appliance can provide:

  • application control
  • anti-malware scanning
  • URL and content filtering
  • data loss prevention
  • email security
  • wireless and remote access management

Or let a managed services provider (MSP) take care of all aspects of protecting your business. Pay a consistent monthly fee for an MSP to handle all your technology, patching, monitoring, and assessment needs.

Stay on top of the latest cybersecurity threats with an MSP, or learn more about installing a UTM. We can help protect you from the dangers of the Dark Web. Call us today at 478-474-0861!

Why You Need Professional Virus Removal

by

“Your computer has a virus.” Such a dreaded five words! We don’t want to come down with a human virus; we’ll feel awful and miss work. But when a virus hits our computer, we could lose valuable information or be vulnerable to attack. Chicken soup won’t cut it.

Perhaps you have an antivirus product installed on your computer. This computer software is intended to prevent, detect, and remove viruses. Antivirus tools are designed to keep infections out. They can also delete any viruses that may already be on the computer when the software is installed.

The software provides protection by tracking malicious code and other computer threats via:

  • classifying the actions the file or code drives (as malicious or OK);
  • inspecting file signatures for matches to an existing signature in its virus dictionary;
  • scanning for rootkits that can change how your operating system functions.

However, antivirus software isn’t that good at cleaning up. When it detects a malicious file, it will delete it. But what if the virus spread before discovery? If the infection spreads before virus deletion, it can do all sorts of damage.

Think of it this way: you have a cyst on your knee. Doctors decide it is pre-cancerous and operate to remove the cyst before it spreads. But, that’s all they do. They have seen the cyst. They go for the cyst. However, they don’t notice the cancer that’s in your shin or femur, because they were only working on the cyst. The rest of your leg remains unhealthy, and you don’t even know it!

Getting a Second Opinion on Viruses

If the antivirus software is your primary physician, a computer professional is the specialist you go to for an expert second opinion. For one thing, antivirus products don’t always remove all the malicious files. Many viruses start as one thing but can mutate into several different strains. The antivirus software may not be programmed to identify all of the virus variants. A professional actively looks for undetected strains on your computer.

Viruses are always evolving. A recent strain of malware, SquirtDanger, let hackers take computer screenshots, capture passwords, download files, and empty out cryptocurrency wallets.

Some viruses can change the settings of your computer. For instance, a common virus changes your computer’s DNS, which is like a bit like the Yellow Pages for the internet. On a virus-free computer, when you type in “Google.com”, your browser goes to Google’s servers located at the IP address “216.58.203.100.” However, an infection can make Google.com on your computer go to a different address. Perhaps a server address cybercriminals use to capture your personal data. It still looks to you like Google, but it’s no longer safe. These settings can still remain after the infection is long gone.

Viruses can also leave behind browser toolbars, extensions, and other nasties designed to spy on your Web browsing habits. If you’re consistently redirected to unwanted sites, or seeing unwanted pop-up advertisements, it’s likely your computer’s infected with a browser hijacker.

Ultimately, if you detect a virus on your computer, check with a professional. Don’t trust that your antivirus software is going to do the same, thorough job an expert can offer. Sometimes your computer isn’t fully safe until the operating system is reinstalled, but you can’t know that until someone can go in and see what the virus did and what remnants are still there, lurking.

Cybercriminals are growing more sophisticated and better able to design viruses that disguise their tracks. Avoid being an unwitting victim. A computer security expert can diagnosis when your computer gets a virus, or determine if there are strains on your device you don’t know about. Let a security expert protect your computer from harm today! Call us at 478-474-0861.

Are You Due? What to Do When You Get a Renewal Notice

by

Your business relies on any number of service providers. You’re likely contracting for domain names, website hosting, data backup, software licenses, to name just a few. And that’s only your online presence! So, when a renewal notice comes in, you might just forward it on or file it away for future reference. Here’s what you should be doing instead.

First, when you get a renewal notice, you should confirm that it’s legitimate. This is especially true of domain names. Your business’s domain name and expiration date are publicly available. Anyone could look them up and send you an invoice. Scammers do. They monitor expiring domain names and then send out emails or convincing physical notices telling you it’s time to renew. They are not doing this as a civic service!

Instead, they will be trying to get you to switch your domain services to a competitor or, worse, hoping you’ll pay your renewal fee to their account, which has no connection to your domain.

  • Look out for the following indicators that the notice is a fraud:
  • The price is much more than you’d expect.
  • The deadline is within seven days.
  • You don’t know the business name.
  • This business has never contacted you before.
  • The notice requires you to send a check.

Handling Authentic Renewal Notices

Once you’ve determined the authenticity of the renewal notice, you’ll want to take stock. Putting your licenses or other online services on auto-renewal plans can be easier, but it may not be cost effective. Before re-upping your plan consider:

  • Are you still using this service?
  • Do you really still need it?
  • Do your current needs meet your current plan?
  • Should you upgrade or downsize?

You might also contact your provider directly and ask:

  • Is there a better product available now?
  • Are you eligible for a loyalty discount?

The company you’re dealing with wants to keep your business (hence, the renewal notice). That can give you some leverage in negotiating what you are paying or what service you are getting. You could treat an annual renewal notice as an opportunity to renegotiate terms. It’s not always going to work, but it can be worth a phone call as you try to keep business expenses under control.

Finally, you should pay attention to any deadlines on the renewal notification. Some are sent months in advance. That seems so helpful, but if you put it away to deal with later, before you know it you’ve missed an important date and the service is stopped.

You should always get a renewal notice for something like a domain name. The Internet Corporation for Assigned Names and Numbers (ICANN) requires companies to send reminders approximately one month and one week before your domain name expires.

Don’t leave your renewal to the last minute. With expired domain names, for instance, you can lose your website! Options and fees for renewing domain names, including expired ones, are going to vary, so be sure you know what your subscription involves.

Also, there are bad actors out there who monitor domain expirations to buy them up at bargain prices. Then, when you notice the subscription has lapsed, you have to pay a king’s ransom to get the Web address back. Yes, it can happen to you. In fact, the World Intellectual Property Organization (WIPO) handled a record 3,074 cybersquatting disputes last year.

Avoid being overwhelmed by all the subscriptions and service plans your business relies upon. A managed service provider (MSP) monitors your license and domain expiration dates to ensure your business is current. At the same time, the MSP has the expertise needed to determine what plans best suit your business needs.

Give us a call at 478-474-0861 to enjoy the peace of mind a managed service provider brings!

LetMeIn101: How the Bad Guys Get Your Password

by

Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.

Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.

Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.

Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.

Tip: Be cautious about your online activity on computers or networks you don’t trust.

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

Contact our experts today! Call us at 478-474-0861.

Island Hopping: Not Always a Good Thing

by

The phrase “island hopping” conjures up positive images. You might think of cruising beautiful sandy beaches on a tour of tropical islands. Too bad cybercriminals have given the term a new, less pleasant spin.

Island hopping is an increasingly popular method of attacking businesses. In this approach, the cybercriminal targets a business indirectly. The bad actors first go after the target’s smaller strategic partners. So, vendors or affiliates, who might not have the same level of cybersecurity, become stepping stones to hop.

Attackers might hack into smaller businesses handling the target’s HR, payroll, accounting, healthcare, or marketing. Then, they take advantage of the pre-existing relationship to access the final destination.

Humans are trusting. Cybercriminals exploit that. With island hopping, attackers leverage the trust established between strategic partners.

It’s quite simple: attackers gain access to Company A and send a counterfeit business communication to Company B. Company B, knowing the sender, is less likely to question a download link or opening an attachment.

After all, it’s not coming from a stranger; it’s a message from perfectly pleasant Jenny at Company A. You may have in the past already shared logins to various sites/portals, or passwords to unlock zip files.

The Rise of Island Hopping

This is not a brand-new form of attack. In fact, it’s named after a military strategy which the United States used in World War II to establish a stronghold in the Pacific Islands.

Perhaps the best-known island-hopping cyberattack was seen in the United States in 2013. Retail giant Target was the aptly named target of a point-of-sale system breach. Hackers stole payment information from 40 million customers. The first “island” in the planned attack was Fazio Mechanical Services. The heating and refrigeration firm suffered a malware attack shortly before Target’s breach. Fazio’s hackers stole email credentials needed to access the retailer’s networks.

As enterprises continue to strengthen their cybersecurity, it’s predicted that island hopping will gain momentum. According to Accenture’s Technology Vision 2019 report, less than a third of businesses globally know how strategic partners secure their networks. A majority (56%) rely on trust that business partners would uphold security standards.

Preventing Island Hopping

You may be one of the islands to hop or the attackers’ final destination. It depends on your business size and industry. Either way, your business is vulnerable to malware attack, infected systems, or a data breach. Plus, if you’re the stepping stone, you’re likely to lose the target company’s business, too.

How do you prevent island hopping? First, secure your own networks and systems:

  • Follow best practices to detect and identify vulnerabilities and reduce risk.
  • Educate your employees about the dangers of business communication scams.
  • Raise awareness of phishing schemes and social engineering.
  • Require two-factor user authentication.
  • Change all default, generic, or predictable passwords.
  • Keep security up to date (patching and system upgrades are mandatory).
  • Control who can access your networks and servers.
  • Protect all endpoints (including employee devices in a Bring Your Own Device workplace).

When it comes to cyber island hopping, your business doesn’t want to be a layover or the final destination. Keep your cybersecurity borders tight to avoid unwanted visitors.

Want to make your business inhospitable to island hoppers? Work with a managed service provider. They can help assess cybersecurity, provide a plan to reduce risk, and upgrade technology. Let us support your efforts to fend off unwanted tourists.

Give us a call on 478-474-0861.

Immediate Business Answers with Instant Messenger

by

You may have hated group projects in school, but collaboration is a lifeblood of business. Yet members of a team may not work in the same workspace. Even those who do, don’t want to spend their day crisscrossing the office to get quick questions answered. While they could send an email or pick up the phone, instant messaging is an even more efficient solution.

Don’t confuse this solution with the old AOL or MSN Instant messenger. Instant messaging (IM) for business takes group communication and collaboration up a notch.

First, IM is truly instant communication, faster even than email. When you type in your comment and hit Enter, your message appears on the screen instantly. You can see it, and everyone else in the chat can see it. While email is fast, it’s not instant. You must wait for the email to arrive and hope the recipient has their inbox up and will answer right away.

Calling on the phone could be as instantaneous, but often you’re going to get voicemail. Don’t even try to get several people on the phone at the same time without prescheduling a time! With IM, employees can chat in real time as if they were on the phone with someone or on a conference call. An added bonus?

They can use IM while on the phone too. So, a sales team could have IM up to relay information, while on the call, to make the best impression with the client.

Users can click and drag files, images, spreadsheets, PDFs, and more into the chat. For some businesses, IM is a way to keep all team documentation accessible in a single place.

IM Improves Productivity

Common business IM applications, such as Slack or Microsoft Teams, allow users to coordinate chats for greater efficiency. In group channels everyone on the channel can see what is going on. So, a business might set up channels for different client projects or a certain team members. Even clients can be invited to participate on channels.

IM also allows for direct person-to-person messaging. So, someone in marketing might shoot over a screenshot for a quick vote on wording or font size.

Group channels (open or private) and direct messages in the IM app become a record of what’s been going on over time. They are searchable and have many integrations with other tools you may be using in your office. For example, someone could post a link to a Dropbox or Google Docs file and instant messenger will show a preview.

A possible drawback is that instant messaging can be distracting. Being “always available” makes it more difficult to focus on the task at hand. Fortunately, most instant messengers let users change their status to “Away.” They will still be in the chat, but not available to respond to messages. Otherwise, the user can simply close the app.

IM’s Other Benefits

Since many instant messengers for business are also phone applications, employees also gain mobility. After downloading the app, people can access the system from any Internet-connected device. Talk about real-time communication and collaboration.

Other business benefits of instant messaging? Our email inboxes get cluttered with messages that steal attention and waste time. The same thing doesn’t happen in business IM as users are only in channels with other invited parties.

With an IM solution, employees won’t use personal texting, which could have compliance implications. Providing a continuous record of communications, IM channels can also help quality control.

Ready to make the move to instant messaging for your business? Let us help you find the best solution for your needs. Give us a call at 478-474-0861!

Do Macs Get Viruses?

by

Many Apple owners believe their Macintosh computers are immune to viruses. Apple itself has run ad campaigns promising its computers “don’t get viruses”. And those who have owned a Mac for years, decades even, are particularly prone to believing. After all, nothing’s happened to them yet. Regrettably, Macs do get viruses, and the threat is growing.

For a long time the argument was that cybercriminals didn’t bother to develop Mac viruses. There weren’t enough users to justify the effort. Instead, they’d focus on the lower hanging fruit – PCs running Windows.

Yet Apple’s market share is on the rise, and it’s increasingly common to see Macs in the workplace, especially in creative industries. Plus, there’s a widespread assumption that Mac users are a smart target as they are likely to be better off. So, while Macs remain harder to infect (installing most software requires a password), there’s often a greater payoff.

The research reflects the reality. In 2017, for instance, the iPhone OS and Mac OS X placed #3 and #6 in CVE Details’ top 50 ranked by total number of distinct vulnerabilities. Apple TV and Safari also made the list at #17 and #18, respectively. In 2017, Malwarebytes also reported it “saw more Mac malware in 2017 than in any previous year”. By the end of 2017, the cybersecurity firm had counted 270% more unique threats on the Mac platform than in 2016.

Finding Apple’s Weak Spots

It’s obvious then that bad actors are no longer steering clear. They are actively looking for ways to exploit Macs.

A common approach is to use Trojans. Named after a gift wooden horse that hid an army, Trojans look like something you would want to install. So, Mac users happily enter their passwords to download that application and open the gates to the cybercriminal.

In 2011, for instance, a Trojan called “Mac Defender” took advantage of people’s desire to protect their computers. The fake program appeared to be anti-virus software. Once the users installed it, they’d get an onslaught of pop-up ads encouraging them to buy more fake software.

Trojans get through the gates because you let your guard down. You are taken in by that supposed note from a long-lost friend. You think you want to see that pic of that famous celebrity. All it takes to stop this type of attack is suspicion of everything you might install or download.

A business would want to educate its employees about the importance of:

  • clicking on emails with care;
  • validating the source of any files they plan to open;
  • checking a website’s URL (being especially wary of those with less common endings such as .cc or .co);
  • questioning any promises of Ray-Ban sunglasses for 90% off or the latest iPhone for $29.99.

A new threat comes from within the Mac App Store, according to Thomas Reed, a Mac security researcher. When a user tries to install an app on a Mac, a Mac OS program called Gatekeeper checks the file’s code signature. The signature helps certify the app is valid. However, Reed found that cybercriminals could buy a legitimate certificate from Apple, or steal one and trick users. Users would install masked malware that could infect legitimate programs and evade detection.

Key Takeaway

Apple is always working to protect its users from malware. It has measures in place, and user caution can make a big difference, too. Still, it’s not true that Macs are completely safe.

Find out what you can do to protect your Macs and guard against threats. Partner with a managed services provider to gauge your security levels.

Call us today at 478-474-0861!

MSP Facts: Common Managed Service Myths — Busted

by

Managed Service Providers (MSPs) are not stuff of legend like minotaur’s and unicorns. Yet there are many common myths around managed services. These can cloud understanding of a MSP’s true value. Consider the facts to decide whether partnering with a third-party IT vendor is right for you.

 

Myth #1: MSPs don’t understand our business.

Not every MSP will understand your business, that’s correct. But not every MSP is the same. The right MSP examines your existing infrastructure and workflows. They’ll also meet with your people to understand their needs.

Hiring a MSP adds IT experts who can make specific technology recommendations. Meanwhile, your in-house IT team can focus on driving growth.

Myth #2: Outsourcing to a MSP is too costly.

Take a look at your IT budget today. Internal IT costs are typically high and often unpredictable. Managed services help you stay on top of your IT costs. Your business pays a simple, manageable monthly or quarterly fee. This makes IT operating expenses easier to budget.

MSPs also provide long-term cost savings by:

  • Reducing applications downtime
  • Cutting costs of IT infrastructure
  • Improving IT team productivity
  • Implementing greater security to avoid costly cyber attacks

Myth #3: Only enterprise-sized businesses can use MSPs.

One common misconception is that only big corporations hire outsourced managed service professionals. In fact, small- to medium-sized businesses can benefit more from working with a MSP. After all, large businesses tend to have a dedicated IT to secure data and maintain its systems. Smaller companies have more difficulty competing for IT talent.

Outsourcing gives any business access to skilled IT specialists. They are specialists in securing data, managing networks, and user access. You get top talent and best practices, without having to add employees to your roster.

“Recent market studies show that, when properly executed, managed services for IT can reduce in-house IT costs by upwards of 40 percent while simultaneously facilitating a 50 to 60 percent increase in IT efficiencies.” Cisco

Myth #4: You lose control of your business.

Only if you hand it over to the MSP or don’t effectively manage your partnership with your provider. You should hire an MSP with an understanding of what level of control you want to retain. Lay out the relationship in a Service Level Agreement. This document should outline expectations, roles and responsibilities, and scope of services.

Before hiring a MSP, look at client testimonials. Have others found the MSP works with businesses to only do what needs done? Ask prospective MSPs how they will keep you up-to-date about the work they do. Also, identify someone on your team to actively manage that MSP relationship.

Myth #5: You only use an MSP for security backup.

Sure, backup and disaster recovery, are the primary service outsourced to MSPs. But that is not the only reason businesses turn to managed services. Other common managed services include archiving, networking, application management, and support services.

The MSP does the work your IT team finds tedious and your general employees care little about (but rely upon). Outsource monitoring and maintaining backend technology and routine, recurring tasks. You gain high quality, consistent IT support. And you improve the morale of your overworked, overextended IT team along the way.

Business today relies on its technology to be successful. Big or small, your business can benefit. Free up internal IT teams to focus on more value-adding initiatives. Take advantage of a MSP’s expert help and powerful new technology.

Ready to outsource IT? Give us a call at 478-474-0861 or goto QualityCareSuite.com.

FOLLOW US

Recent Posts

Tags

#bestservice #computerrepair #nocontract #qualitycomputers backup bad hard drive cloud computer repair consumer data loss data recovery email Hacker msp new computer new laptop online safety QualityCareSuite recover data remote support repair sale scam service small business Webcam