Don’t Get Hooked by Spear Phishing Attacks

by

Phishing attacks have been around for a long time in IT. Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective. Today, a more modern and more effective version of the same attack is commonly used.

A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users. The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.

By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts. Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack. It’s typically targeted at businesses and their staff.

A Convincing, Dangerous Attack

While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise. The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.

The attacker focuses on building a relationship and establishing trust with the target. By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.

Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.

A Trusted E-mail

The malicious email can appear to come from a vendor you deal with regularly. It may even look like an invoice you are expecting to receive. Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.

Such an attack is very difficult to detect. It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected. Even a single small mistake by an unaware member of staff can compromise your business accounts.

Defending Your Business

The key to stopping a spear phishing attack is education. Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.

Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding. Are you expecting this email? Is the vendor attempting to rush you into a quick decision or transaction? Have you checked all the details are correct and as you expected? Sometimes a simple query to the vendor can protect you against worst-case scenarios.

In many cases, a phishing attack can be halted in its tracks with a strong IT security package. Web filtering prevents malicious emails and links from entering the network, shutting attacks down before any damage can be done.

Good Security Practice

As with many types of IT threat, good security practices help mitigate damage. Locking down security to ensure employees only access the systems they need helps to prevent damage spreading across the network.

Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised. Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.

Give us a call at 478-474-0861 to audit your security practices. It could be the difference that secures your firm against sophisticated spear phishing attacks.

Is Your Physical Security as Good As Your Cybersecurity?

by

Headlines are often made by firms that have been hacked by “elite” cybercriminals. These events sound high tech, sophisticated, and interesting. The truth is almost always an amateur attacker chancing their luck with an unpatched security hole or bad password. Physical break-ins affect businesses far more commonly and cause much more damage, but get talked about far less.

Similar to technology hacks, most physical security threats come from criminals that chance their luck on businesses that look poorly secured. On a rare occasion, they may strike a business owner that has forgot to lock up or failed to set the security alarm.

By breaking in, these criminals exploit poor physical security to cause damage and steal valuables. Typically, by destroying or taking critical assets, a criminal may make a few hundred in profit while the total damage done to the business is counted in the tens of thousands.

While most IT security packages act automatically and always remain on, physical security needs to be made a daily habit and require periodic updates.

Threats Starting from Within

Every business should have secure locks protecting their doors. Many use an alarm system to add protection to valuable assets. However, there are common threats that neither of these can protect you from. How would your business be protected if the attack came from within your firm?

A disgruntled employee, or even a former employee, can do an enormous amount of damage to a business. Attacking their own business, an employee can likely do more damage during the day than a criminal could breaking-in overnight. Misplaced trust in the wrong individual can result in devastating consequences.

Employees typically have access to one of your business’s most valuable assets: data. A criminal may steal computer hardware to sell on for quick cash because most don’t fully understand the value of the data stored on it.

The value of the data in a business machine can easily exceed the cost of the hardware one hundred times over.

Physical Security Heists

For criminals who do understand the value of data; physical security can be the weakest spot in a business’s armor. In 2013, media streaming service Vudu suffered a break in where criminals stole server hardware to obtain credit card information stored within.

A technology savvy streaming firm is highly likely to have up-to-date IT with excellent security measures. Thieves looking for easy cash recognized that the best way to get to the data was through their comparatively weak physical security.

The best security packages in the world are completely infective if the keys are left in the door and physical hardware is easy to remove. This challenge of securing your data can be made even more difficult when using a location that must remain open to the public.

Securing Your Data with Good Security Practices

Keeping your customer data safe is one of the most significant responsibilities small business owners take on. It requires a duty to employ the best possible security practices to keep your customers safe. For a customer to have the trust to use your business over the competition, they have to see their concerns put to rest.

Locking down data access for employees so they can only view and edit what is strictly needed, protects both customers and the business against many kinds of damage; both accidental and malicious. Limiting device access, such as disabling USB ports to thumb drives or storage devices, helps to prevent data being copied and carried offsite.

Physically locking down a server in the location it sits is one of the best deterrents available to prevent against theft. Locked server racks are an excellent piece of physical security that works on top of the building security already in place.

Make sure your business is up to the task of securing its data. Give us a call at 478-474-0861 to audit both your digital and physical security.

MSP Facts: Common Managed Service Myths — Busted

by

Managed Service Providers (MSPs) are not stuff of legend like minotaur’s and unicorns. Yet there are many common myths around managed services. These can cloud understanding of a MSP’s true value. Consider the facts to decide whether partnering with a third-party IT vendor is right for you.

 

Myth #1: MSPs don’t understand our business.

Not every MSP will understand your business, that’s correct. But not every MSP is the same. The right MSP examines your existing infrastructure and workflows. They’ll also meet with your people to understand their needs.

Hiring a MSP adds IT experts who can make specific technology recommendations. Meanwhile, your in-house IT team can focus on driving growth.

Myth #2: Outsourcing to a MSP is too costly.

Take a look at your IT budget today. Internal IT costs are typically high and often unpredictable. Managed services help you stay on top of your IT costs. Your business pays a simple, manageable monthly or quarterly fee. This makes IT operating expenses easier to budget.

MSPs also provide long-term cost savings by:

  • Reducing applications downtime
  • Cutting costs of IT infrastructure
  • Improving IT team productivity
  • Implementing greater security to avoid costly cyber attacks

Myth #3: Only enterprise-sized businesses can use MSPs.

One common misconception is that only big corporations hire outsourced managed service professionals. In fact, small- to medium-sized businesses can benefit more from working with a MSP. After all, large businesses tend to have a dedicated IT to secure data and maintain its systems. Smaller companies have more difficulty competing for IT talent.

Outsourcing gives any business access to skilled IT specialists. They are specialists in securing data, managing networks, and user access. You get top talent and best practices, without having to add employees to your roster.

“Recent market studies show that, when properly executed, managed services for IT can reduce in-house IT costs by upwards of 40 percent while simultaneously facilitating a 50 to 60 percent increase in IT efficiencies.” Cisco

Myth #4: You lose control of your business.

Only if you hand it over to the MSP or don’t effectively manage your partnership with your provider. You should hire an MSP with an understanding of what level of control you want to retain. Lay out the relationship in a Service Level Agreement. This document should outline expectations, roles and responsibilities, and scope of services.

Before hiring a MSP, look at client testimonials. Have others found the MSP works with businesses to only do what needs done? Ask prospective MSPs how they will keep you up-to-date about the work they do. Also, identify someone on your team to actively manage that MSP relationship.

Myth #5: You only use an MSP for security backup.

Sure, backup and disaster recovery, are the primary service outsourced to MSPs. But that is not the only reason businesses turn to managed services. Other common managed services include archiving, networking, application management, and support services.

The MSP does the work your IT team finds tedious and your general employees care little about (but rely upon). Outsource monitoring and maintaining backend technology and routine, recurring tasks. You gain high quality, consistent IT support. And you improve the morale of your overworked, overextended IT team along the way.

Business today relies on its technology to be successful. Big or small, your business can benefit. Free up internal IT teams to focus on more value-adding initiatives. Take advantage of a MSP’s expert help and powerful new technology.

Ready to outsource IT? Give us a call at 478-474-0861 or goto QualityCareSuite.com.

FOLLOW US

Recent Posts

Tags

#bestservice #computerrepair #coronavirus #covid19 #IT #nocontract #qualitycomputers #remoteworkforce #remoteworking backup bad hard drive cloud computer repair consumer data loss data recovery email Hacker msp new computer new laptop online safety QualityCareSuite recover data remote support repair sale scam service small business Webcam