What’s Trending? Protect  Your Business with Cyber Solutions

Do you feel that? Is that the crisp fall air coming? Maybe it’s the sudden change of decorations in the stores, foretelling the coming of Halloween? Maybe, but that’s not what we’re excited about… October is National Cybersecurity Awareness Month! This is the month we are asked to raise awareness about the importance of everything we do to keep you and your business safe and we ask you to learn a little bit more about how you can protect yourself from breaches in your cyber security, and take action to protect yourself and your business so that you can be safer and more secure online.

So… since October is National Cybersecurity Awareness Month, we thought we’d take a moment to share with you some of the latest issues and trends we’re seeing and try to give you some pointers on how to protect yourself and your business from cyber-attacks. To do this, we gathered some thoughts from our Service and Security Compliance Manager, and a few of our System Engineers at Cyber Solutions, and asked them to share a little bit about cyber security these days and the benefits of having Cyber Solutions as your Managed Service Provider.

Select an option to learn more.

Phishing is so simple, it’s almost genius. It works because it’s not very sophisticated, but if you’re not paying attention, you’ll take the bait and you might find yourself in a dangerous situation if you bite. Phishing attacks are used to get your contacts and your credentials (your login information) so that the information can be used to further attack you or other users in an effort to gain more information and maybe make a few bucks selling access to your information, or worse, steal from you and your friends and business associates. Phishing is mostly successful through social engineering tactics such as:

  • Using authority to pretend to be someone you would usually comply with – such as Microsoft or the IRS,
  • Using intimidation to deceptively bully you and cause you to take action,
  • Using fake testimonials as a consensus or made-up social proof listing all the reasons you should buy their seemingly “safe” and “highly recommended” software to protect you,
  • Deceiving you into thinking you have to make a quick decision on something that is exclusive and scarce,
  • Shutting off your brain and common sense by invoking a feeling of urgency that you must act now,
  • Developing a deceptive sense of familiarity to get you to divulge information or take action,
  • And working to gain your trust.

Basically, phishing is designed to deceive you and trick you into sharing information for malicious reasons.  Think of it as sending out a net and seeing what they catch. Often, you think you’re sharing information with someone safe, who has your best interests at heart, or that you’re just being social and not really sharing important information.

Spear Phishing is designed to target a specific individual, organization, or group, in an effort to steal data or install malware.

Here are some phishing examples we’re seeing –

Have you ever received an email from your bank that said there was a breach and you need to reset your password, or from your email provider saying that you need to reset your password or that you need to login to view a very important email? Chances are, there wasn’t a breach… yet. So, you click on the link in the email, everything looks legit, so you put in your login credentials, thinking you’re protecting yourself from a breach, when in fact, you just fell for the scam and caused the breach. A few days later an associate of yours calls and says they got an odd email from you with a link that seemed out of character for you. After a little research, your Managed Service Provider determines that your account was hacked, and your contacts stolen. While the hacker was gathering information on your contacts, they used YOUR email account to send a “safe” email to all your friends and family with a link to further gather your friends’ login credentials and install malware on their machines.

So, how do you avoid this unfortunate chain of events?

If you get an email suggesting you change your password, don’t click on the link. Instead, go directly to your usual login source and change it yourself.

Likewise, if you get a link that appears to be a voicemail message, asking for you to login using your Microsoft credentials so you can listen to the voicemail, be skeptical. If you use a service like this, go directly to the source website yourself and login from there. If you don’t have a service like this in place, then assume you’re being phished.

Don’t bite! Scammers are working hard to trick you these days, and it will likely only get worse. And, once a hacker has access to your email, they potentially can access other devices and accounts you have, including online shopping, since most accounts these days use email to reset other account passwords.

When it comes to trying to protect yourself from being phished, Scott Peterson, Service and Security Compliance Manager at Cyber Solutions has this to say:

“Use strong passwords. Use different passwords for different accounts. Don’t share your password. Have multifactor authentication; you could literally give them your password and they still couldn’t get in. Don’t share an account with another person because the other person might not be as diligent as you; there are other options if two or more people need access to the same information.  And of course, don’t click on junk.”

Great question! You and your employees are on the front lines of cyber security. The best thing you can do to help protect you and your business is to have policies in place, follow best practices as recommended by Cyber Solutions as your Managed Service Provider, train your employees so that they’ll understand that their everyday  actions and choices play a big part in keeping your company safe and avoiding a data breach, and always always make sure you have a reliable backup plan in place that is tested regularly, just in case the unfortunate does happen.

Click here to learn more about keeping your business safe.

Click here for more information about training.

We’re glad you asked! With a Total IT Solution from Cyber Solutions, we have several security measures in place to keep you safe. With a firewall that blocks everything except what is needed to do business, strong antivirus to protect you, frequently updated spam filtering that keeps the garbage out, an email platform with multi-factor authentication that grants access to only you, the principle of least privilege in place to secure your data from those who don’t need access, account lock in place to keep your accounts safe from brute force attempts, password rules to make it nearly impossible to guess your passwords, frequently tested and secure backup options just in case you ever need it, training opportunities at low or no cost to keep you and your employees up to date and safe, disabling and closing remote access points and implementing a VPN if you have to work outside the office, running software updates and patches as soon as possible, and encouraging you to decommission your End-of-Life hardware and software products that are not supported and updated anymore so that your business isn’t vulnerable and exposed to modern cybersecurity attack methods, we do our best to keep you safe.

We also keep you updated via email when we see trends in cyber-attacks. Recently, we notified many of you about a trend involving an unprecedented number of email breaches in recent weeks and steps that you can take to keep your business safe.

If you didn’t receive our email, please contact us right away so that we can be sure that you know what to do to protect your business from the newest type of phishing attacks occurring locally. Last, but not least, remember that when you connect to public wi-fi, such as a local fast food restaurant or business, your data is potentially not secure. Be wise with where and what you connect to.

Would you give your 10-year-old your car keys? Would you give your 16-year-olds your car keys without ever teaching them how to drive safely? Sounds silly, right? But businesses do something similar to this every day. Every day, businesses are giving their employees full access to company data, even if they don’t need full access or aren’t fully trained on how to keep them and the data safe.

At Cyber Solutions, we like to operate under the principle of least privilege. We won’t take your car keys from your 10-year-old and aren’t in the business of teaching your kids to drive, but when it comes to technology, we’re your experts in helping your business stay safe. One of the best ways to do this is to limit access to users so that they have the bare minimum permissions needed to perform their job. To reduce the chances of malware propagation and the risk of hackers stealing passwords and installing malicious software, it’s important to give users only as much access as they need. That way, if your business does experience a breach or malware infection, it’s easier to keep it contained, so it doesn’t spread rapidly through your systems and further infect, lock down, or compromise your precious data.

That’s probably the most important question a business could ask. Sharon Vanhoose, Systems Engineer with Cyber Solutions, shares this very valuable information:

“A complete backup is the best security you can have for your data.  We have seen in the past if a customer was struck with ransomware, a good backup is their saving grace.  We have also seen what happens when you do not have a good backup.  The critical words here are “GOOD BACKUP.” The backup doesn’t have to be a top of the line backup, but it does need to be a reputable backup that has good reporting, and clear methods of restoring data. When it comes to backups, unfortunately, a lot of companies choose the cheapest solution.  Cheapest is not always best - They really need to think about the time they will lose if they lose data, and that cost.  Then most would understand the importance.”

When it comes to backing up your data and making sure it’s there when you need it, the saying “you get what you pay for” definitely applies. Consider the lost time that the City of Baltimore experienced this year alone from a ransomware attack. And, it’s estimated that the cost of their recovery will be over $18 million. And, last year when the City of Atlanta was hit, they spent over $17 million to recover from a ransomware attack.  Risk of ransomware attacks is real, and recovery can be very expensive.  Sharon suggests that before you go for the cheapest option in backing up your company’s data, spend some time talking with your Account Manager at Cyber Solutions to make sure you have what you need to get your business back up and running as quickly as possible in case the unfortunate does happen. And, chances are, in today’s world, it’s only a matter of time…

CONCLUSION

At Cyber Solutions, we do everything we can to keep you safe and get you back up and running as soon as possible if something does happen, but it’s important that businesses do their part when it comes to protection too. If there is any question in your mind about the status of the security of your data, we invite you to contact us without delay. We’ll take a look at what you have and provide suggestions to make your business more secure, so that you can stay in business.