Blog

Deidre Frith 6/5/17 Deidre Frith 6/5/17

DEFEND YOURSELF WITH AN UNHACKABLE PASSWORD

One of the easiest ways to protect yourself from hackers is to use a strong password. Human nature tells us to use the same or similar passwords across different applications; and given a choice, most of use would use something very simple that we could easily remember.

This, however, leaves you open to attacks. Hackers like to use "guessing" - a technique in which they repeatedly guess words or phrases using your children's names, sports teams, etc. There is also an automated program that hackers use called an Online Dictionary Attack. Here, the program attempts to log on using a different word from the text file on each try. These are only two ways that hackers attack your system but there are many, many more. The best method of defense is to learn to create a password that is safe and you can remember.

THINGS NOT TO USE IN YOUR PASSWORD

Your Birthday
Any part of your name
Your mother's maiden name
Names of your children or pets
City where you were born
Local sports teams
Any part of your address

TIPS ON CREATING A SECURE PASSWORD

Replace a letter with the same character every time you make a password. EXAMPLE: Use % instead of an A
Use a minimum of 9 characters
Make sure to include upper and lower case letters, numbers and symbols.

Attacks can be slowed down significantly through the use of strong passwords.

Deidre Frith 5/15/17 Deidre Frith 5/15/17

"WannaCry" RANSOMWARE TAKES ADVANTAGE OF WINDOWS VULNERABILITY

The ransomware, called "WannaCry," locks down all the files on an infected computer and asks the computer's administrator to pay in order to regain control of them. The exploit was leaked last month as part of a trove of NSA spy tools.

WHAT IS HAPPENING?

The ransomware is spread by taking advantage of a Windows vulnerability that Microsoft (MSFT, Tech30) released a security patch for in March. But computers and networks that hadn't updated their systems were still at risk.

In the wake of the attack, Microsoft said it had taken the "highly unusual step" of releasing a patch for computers running older operating systems including Windows XP, Windows 8 and Windows Server 2003.

"Affected machines have six hours to pay up and every few hours the ransom goes up," said Kurt Baumgartner, the principal security researcher at security firm Kaspersky Lab. "Most folks that have paid up appear to have paid the initial $300 in the first few hours."

Sixteen National Health Service (NHS) organizations in the UK have been hit, and some of those hospitals have canceled outpatient appointments and told people to avoid emergency departments if possible.

When CNNTech first reported the Microsoft vulnerabilities leaked in April, Hickey said they were the "most damaging" he'd seen in several years, and warned that businesses would be most at risk.

HOW TO PROTECT YOURSELF

Consumers who have up-to-date software are protected from this ransomware. Here's how to turn automatic updates on.

READ THE FULL ARTICLE

*This blog post is excerpts from the original article on money.cnn.com

Deidre Frith 5/11/17 Deidre Frith 5/11/17

5 TYPES OF SOCIAL ENGINEERING SCAMS

With the recent phishing scam using Google Docs, phishing is a word on everybody's lips. Educating yourself and your employees to understand all the different types of cyber threats is important and how to avoid them is crucial to keeping your company and personal information secure. In today's blog, we'll cover the 5 different types of social engineering scams.

PHISHING

This is the leading tactic used by today’s ransomware hackers, usually delivered in the form of an email, chat, web ad or website designed to impersonate a real system and organization. The message within these emails often appears to be from the government or a major corporation; it can include corporate logos and/or other legitimate-looking branding and is often written in a way to deliver a sense of urgency and importance.

QUICK TIP: You should never click through the offered link or hit reply unless you are 100% certain that an email is legitimate.

BAITING

Like phishing, baiting involves the offer of something enticing in exchange for private data. The “bait” comes in many forms: it could be digital, such as a music or movie download, or it might be physical, such as a jump drive left out on a desk for an end user. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

QUICK TIP: Never insert any item into your computer that you "found" to see what is on the drive.

QUID PRO QUO

Quid pro quo is also a request for the exchange of private data but in this scheme, the enticement is a service. For example, an employee might receive a phone call from the hacker posed as a technology expert offering free IT assistance in exchange for login credentials.

QUICK TIP: Never give out your login credentials to anyone, especially to someone you don't know over the telephone.

PRETEXTING

When a hacker creates a false sense of trust between him/herself and an end user by impersonating a co-worker or an authority figure within the company to gain access to private data, this is known as pretexting. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data to comply with a corporate audit (that isn’t real).

QUICK TIP: Don’t give out your personal information on the phone, via email or snail mail unless you’ve initiated the contact or unless you’re sure it’s safe. Pretexters are especially interested in information such as your SSN, mother’s maiden name, pet or child’s name, bank, brokerage and credit card account numbers, and phone company.

TAILGATING

Tailgating is the most face-to-face cyber threat: a scam artist physically enters your business through the front door. Often these hackers will try to befriend an employee or will ask a person with access authorization to hold the door open claiming they’ve forgotten their RFID card. In this way, they gain access into a restricted area and can steal valuable company secrets and /or wreak havoc on your IT infrastructure.

QUICK TIP: Never hold the door open to a secure building for someone you don't work with directly.

Deidre Frith 4/18/17 Deidre Frith 4/18/17

4 STEPS TO A HEALTHY ONLINE REPUTATION

Ensuring that you have a large online presence with a controlled message is very important. We have four ways to help your business protect its online reputation.

1. Be in control

Ensuring that you have a large online presence with a controlled message is very important. Below are several ways to ensure that your business has its best foot forward.

Company Website
Social Media Channels: Facebook, LinkedIn, Twitter, etc...
Company Blog
Online Advertising including Google Adwords or other sponsored content

2. Follow Review Networks

The following list is just a few places to check for reviews to monitor your online presence. Some are industry-specific and you can certainly do a search to find more review-based sites:

Yelp
Facebook
Google Reviews
Angie's List
Zocdoc
WebMD
Angies List

3. Setup google alerts

This is a great free tool that allows you to monitor what is being said about your company online. You can set it up to monitor different ways and frequency based on your preferences.

Enter a term you want to monitor (i.e. company name, high-level employees, etc.)
Prioritize alerts (i.e. "company name + fraud")
Use it to monitor everything from your competitor to current industry topics

4. Research and Maintain

Do a general Google search of your company to see where you appear
Use yext.com, a free tool that will discover online directory listings for you. Use this to claim your listings and be sure to maintain.
Be sure to check your own social media site reviews on a regular basis

FINALLY

Being aware of what is online about your company is key to creating and maintaining a healthy online reputation. If, and when, you run across negative feedback (you will, because it happens to the best of us) be sure to respond in a prompt, professional manner.