Resources: IT Security

Security has been a concern with the internet since its inception. Anyone who remembers the early days of the internet will remember how easy it was to cause fairly significant trouble. Employees left passwords in plain sight. There wasn’t anything in the way of certificates, computer identification, or anything else to ensure password safety. With these vulnerabilities, it inevitably results in password theft.

Back then, there was no such thing as a secure connection. Even the banking systems were incredibly vulnerable. Luckily, these cracks in the system didn’t result in many newsworthy meltdowns because there weren’t enough tech-savvy criminals to take advantage of them. Modern-day hackers could have done a lot of damage back then.

Since then, we’ve seen some significant cases of password and identity theft. The PSN fiasco with Sony is a recent example. Thousands upon thousands of users had their credit card numbers, passwords, and personal information stolen and sold off by Chinese hackers. Yet this could have been entirely avoidable. Had Sony prioritized two-step authentication (2FA), and better security protocols it wouldn’t have happened.

That was an attack on servers, which is hard to pull off when the servers are set-up properly. It usually involves either a brute force attack into the servers or finding an unknown exploit in the back door. In other words, it requires either bashing the front door open or finding an unlocked window. Smart businesses make sure their front doors are strong and their windows are locked!

Most password and identity theft won’t happen through this sort of invasion. Like a large city, the internet has its safer and more questionable neighborhoods. There are also neighborhoods nobody in their right mind should be going anywhere near. Let’s take a walk around these neighborhoods and point out some of the risks.

How Hackers Steal Passwords and Personal Information

To steal passwords and other valuable information, Phishing is one of the most common types of cyberattacks. Hackers will send out emails containing malicious links to as many users as possible. That link takes users to a bogus, or spoofed site, and tricks them into giving out their private information.

Once hackers acquire this information, they will attempt to break into as many business and personal accounts as possible. And if they gain access to those accounts, it’s only a matter of time before data is stolen or access to those accounts is lost.

SSL and HTTPS are security measures that provide certificate management to ensure foreign devices are not connecting to your account. They provide strong ciphers that prevent intercepted packets from being dismantled. It’s the equivalent of only allowing certain phones to dial into yours, and scrambling the voice on both ends so wiretaps can’t understand the conversation.

Unfortunately, people have the bad habit of accessing sensitive information over public Wi-Fi. Even with SSL enabled, public Wi-Fi can be very dangerous. Shady people can access your Wi-Fi transmissions without you knowing it. With enough hard work, they can collect your passwords, your personal information and even gain access to your devices. Once they’re in, you are in a lot of trouble.

Another culprit is a lack of strong security on your computer or laptop. Without Windows defender or a third-party equivalent running in strict mode, you may allow sneaky executables to run in the background. These can log keystrokes, spy on your browser, go through your cache, and much more.

Knowing the Neighborhood is Important

Your first line of defense as a user against password and identity theft is to ensure that you only enter passwords and personal information into websites with the proper security in place. 2FA logins are currently the safest way to log in. And second, never enter private information over public Wi-Fi. This warning goes for your phone too.

When using a business device, you should avoid lesser-known sites, such as aggregate sites, fan-based websites, and other nonprofessional web sites. If you want to purchase something on noncommercial websites, make sure the exchange is through a safe, insured, and secure environment.

Finally, while at work, stay off the dark web entirely.

What If I am Compromised?

If you are compromised, report it to your IT department or Managed Service Provider immediately. If possible, back-up your hard drives. Report your credit cards as stolen, and talk to your bank. Later on, if you see fraudulent transactions on your account, debit, or credit cards, contest them immediately,

Once you have your system backed up and running, go through all of your old accounts and change every password. You may also want to change your mobile phone number. Hackers can sell that information too.

In the end, identity theft and password theft are usually the user’s error in judgment. Most employees don’t learn proper security measures, and they’re too trusting. It is important to teach everyone in your office proper password hygiene and basic security protocol. They need to know the rules of safety on the internet, and not be trusting of unknown people they come in contact with.

Sadly, because of these threats, we do have to worry about security and privacy. Like any other innovation, the internet was a dangerous place upon arrival. It’s a game between hackers and our security forces. If you’re smart, however, you can avoid these traps. Contact us today to ensure your data, passwords, and privacy are protected.

Worldwide losses from cybercrime skyrocketed to nearly $1 trillion in 2020. That’s more than the net worth of most countries.
Run a quick search and you’ll be surprised at how many hacks occur every week. Modern security is the best it has ever been. Unfortunately, hackers are motivated to be one step ahead of all of us. Breaches resulting in credit card information hacked by the millions are quite common. Even the pandemic hasn’t slowed them down.

According to zdnet.com, the switch to businesses using remote employees has changed the hacking landscape. In 2020, up to 20% of all cybersecurity attacks were aimed at the new remote workforce. With employees and companies learning how to shift into going remote, hackers knew this weak-link was ripe for the picking.

Cyberwarfare is the battlefield of the 21st century and beyond. There are three common types of entities that create most hacks. Let’s discuss these entities, their motivations, a few of the biggest ones that happened this year, and what we can learn from the nature of those hacks.

The Forces of Evil

Simplifying things, there are basically three types of hacking profiles that are likely to engage in these nasty hacks. What most people think of first are criminals and ne’er-do-wells looking to profit from this inexcusable behavior. Money motivates them to steal credit card information or sensitive personal information. Then they sell it to sketchy third parties. On a global scale, foreign powers can, will, and have engaged in destructive hacks to disrupt economies. Often politically motivated, these crooks hope to instill unrest and frighten civilians.

Finally, some hackers just think they’re smarter than everyone else. They breach security systems because they enjoy causing chaos. Some of these hackers insist they’re working for a good cause. They focus on blowing the whistle on government projects they feel are wrong. But all too often these hacking attempts are completely random. Sometimes years of data and research is wiped out or stolen. They don’t seem like Robin Hood then!

Some of the biggest hacks in 2020

By studying past events we can learn a lot about protecting ourselves both in the corporate and private worlds. The most common attacks are usually through malware. Short for “malicious software,” malware is invasive software that finds a way into PCs and corrupts or destroys files and programs.

One victim of a malicious malware attack last year was Travelex. In January 2020, they lost an undisclosed amount of money. And an undisclosed number of private records were compromised due to the presence of malware. Everyone who has given them personal information, like credit card numbers, are now at risk.

Estee Lauder had over 440 million internal records exposed due to Middleware, and other security failures. Middleware, while not the same as malware, does add extra complications to systems. Middleware gets its name by hiding between the operating system and the applications on a PC. Hackers can then use middleware to delete, copy, or encrypt anything that passes through it.

Phishing, another hacking method, lead to damaging incidents with Virgin Media, Whisper, and Marriott throughout January, February and March. Using phishing tactics to learn password and login information, hackers gained access to countless records. Again, millions of innocent people are now at risk of credit card fraud, drained bank accounts, or identity theft.

What can we learn from this?

These are far from the only hacks. As you can see, no matter how secure we think we are, hackers can usually find a way in. Poor training and the lack of conscientiousness in user security are the biggest ways hackers gain access to information.

This results in things like ransomware attacks, data loss, and stolen files. These breaches can do serious damage to businesses and private citizens alike. Presently, despite great security measures, we still need stronger security in place on the corporate side. Better training is a necessity for employees. Middleware, which is often found by using Antivirus programs, needs to be eliminated whenever possible. Better walled gardens can be built and utilized by businesses that hold private records and data.

These attacks are unfortunate, but rather than being rueful to the victimized companies, we should demand that they learn from these mistakes. Hackers are not going to go away. You can count on them to find more and more ways to steal your data.

These major companies can afford the best cybersecurity defenses available. Yet, they are still vulnerable. If you don’t feel your cybersecurity is as strong and safe as it should be, please contact us anytime. As your Managed Service Provider, it is our job to make sure your precious data is as safe as possible.

Anyone with a computer is well aware of security concerns on the Internet. As time goes on, security and internet safety becomes more and more of an issue. It’s clear that hackers are becoming more advanced and will continue to find ways to steal our data. With a large part of our lives spent online, it’s just a matter of time before hackers affect you. If you own a business, the sheer amount of valuable information you are responsible for is something to be concerned about. Moving into 2021, data safety will continue to be a growing issue. In this blog, we will discuss SSL and security concerns for your company’s website and the types of sites you may be visiting. 

What’s an SSL? 

SSL stands for Secure Sockets Layer, also known as Transport Layer Security. This may sound like nerdy talk that doesn’t matter much, but the fact is that you interact with SSLs every day.  They are specific technology designed to keep your Internet connection safe, especially when secure data is involved. SSLs run a protocol of data encryption to make sure third parties can’t see what either party is viewing or sending. 

This includes sensitive and non-sensitive information, such as passwords, names, banking information, and more. This setup uses a handshaking procedure that both the parties involved agree to use. The data transaction creates a cipher so information can be sent from one to the other in an encrypted format. Theoretically, even if a third party were to intercept your data, it would be gibberish since they don’t have the means to decipher it. 

This is essential for safe Internet communication these days. You and your company likely send highly-sensitive information back and forth online all day long. What used to be something kept safe in a drawer can now become public information because of a malicious hacker. This layer of safety is so standard we don’t even notice it. Sites that have an “HTTPS” in front of their address use some form of SSL or TLS.  

Managing a TLS/SSL  

Not only do you want to keep your company’s information private, but you need to make sure that customer information stays private as well. Unfortunately, SSLs and TLSs are not a one-and-done procedure. Like any other security protocol, SSLs change over the years. Make sure that any certificate your company’s website uses is up to date and effective. You can do this by installing updates as they are released. 

Think of the SSL protocol like a deadbolt. Having a deadbolt on your door is much safer than a locking doorknob. Yes, there are always people who know how to compromise it, but it is still much safer. Over the years, deadbolt technology has improved and evolved as people learn to bypass obsolete technology. Sometimes, however, it takes working with an experienced locksmith to have it installed correctly. 

SSLs/TLSs are certainly much better options than nothing at all. However, these protocols, particularly older versions, are still prone to many vulnerabilities. There are numerous common attacks that hackers use to break this encryption. And some of these threats have very colorful names. For example, POODLE, BEAST, CRIME, BREACH, and HEARTBLEED are commonly used attacks, and they are highly successful. 

Keep Yourself and Your Customers Safe 

Having your company’s private information exposed to the highest bidder can have devastating effects on your operations. Stolen customer information due to a lack of care in your communications could result in lawsuits and legal trouble. Customers have well-deserved expectations: when they share information with you, it needs to be kept confidential and secure. 

This can be especially true in organizations that deal with sensitive information regularly, such as financial institutions and medical centers. In the hacking community, there is a highly lucrative market for personal information. The dark web is flooded with people selling private information databases to the highest bidder — and there is always “a highest” bidder.  

If you want to avoid liability, make sure your security protocols are up to date. It is also critical that you maintain them professionally. A relatively small investment in this area of security can end up saving large amounts of money and possibly your business itself. 

We regularly report on attacks that businesses like yours face daily. But we don’t always mention that many of these attacks are successful because the victim has a lax security protocol. The last thing we would want is for you to be another statistic. If your SSL/TLS certificates are getting old and dusty, or (even worse) you don’t have any at all, now would be the best time to contact us. As 2021 quickly approaches, these threats are only going to be more significant and more challenging to handle.  

Our team of security professionals is one of the most experienced in the business. The web can be a scary place, and the last thing you want is to be caught unprepared! By making sure your SSL/TLS certificates are in perfect order, you can rest a little bit easier at night. 

This year has been…interesting, to say the least. One minute businesses were running normally. Seemingly overnight, many of us got the work-from-home position we always wanted. Within and beyond the pandemic, many companies have been transitioning portions of their workforce to work remotely. As technology marches forward, the image of the modern office changes with it.

That being said, cybersecurity is completely different working from home versus an office with dedicated IT support to set up and maintain all computer systems. Cyber thieves are all too aware of this and have acted quickly to take advantage of these new vulnerabilities.

This final Cyber Security Month article discusses protecting yourself and your business from the new threats lurking at home.

Security Dangers Working From Home

When working from home, we generally can’t use the same equipment we enjoyed in the office. Many businesses told their people to use their personal computers when they scrambled to send them home in March. Even if they’re using traditional security techniques, working online makes them more vulnerable to attacks.

For example, maybe they’re relying on the standard Windows firewall. There’s a reason Microsoft constantly pushes security updates to cover the holes in the OS exposed by hackers. This firewall is simply not secure. Perhaps they are extra responsible and installed a computer grade antivirus program. That’s fine against some automated threats, though not for active hackers trying to get access to the system.

Additionally, with many kids learning at home, that same computer may now have additional programs that create vulnerabilities. Many school districts are using software that has had breaches in recent months.

Finally, there’s the latest trend for remote work: VPNs. While some people swear by it for security, last week’s article focused on all the reasons VPN security isn’t all it’s cracked up to be.

Options to Create a Secure Environment Working From Home

When possible, it’s best to provide the computers and other devices that your employees need when working from home. That way you have complete control of the programs they use and how you set up and maintain their systems. This is often, however, too costly and complex to supply and control systems used in the office and remote.

You could also deploy a relatively new option: a virtual office (or hosted desktop solution). Essentially, this creates a secure place online for employees to log in and do their work from home or any other remote location. This is different from a VPN because a VPN protects only the connection itself, whereas a virtual office gives you a safer harbor, of sorts, to do all your work and store files. This can be extra effective as you know who you’re dealing with from beginning to end and if any sorts of problems arise, they can be fixed from a single source.

Who You Gonna Call?

If the idea of supplying your employees with company-owned devices or the setup and maintenance of a virtual office seem overwhelming, don’t worry! Even many large corporations find this to be too difficult or time-consuming to do on their own. In fact, a recent study showed that more than half of all of the companies surveyed use external services to help with their IT needs, and that number goes up significantly with a larger percentage of their workforce working remotely.

This is complicated stuff and no one expects someone from a nonrelated field to be a pro, which is exactly why we work so hard to make sure these processes and services are as seamless as possible for our clients. We’re a managed service provider — this is what we do. We make sure that when some specter hangs overhead and requires your company to have your employees work remotely (even on a moment’s notice), we can be there to make the transition as smooth as possible. Even if you currently have some sort of remote work arrangement in place currently, we can assess your current setup and make sure that you are optimized for what the business world may throw at you today or in the future!