SpireTech Blog - Category: Security
IT Security topics
We’ve been recommending for quite a while that our clients implement multi-factor authentication (MFA) on their email and Office365 accounts – really, anything that can have MFA enabled should. You may have heard of two-factor authentication (2FA) before, multi-factor can use two or more methods of authentication.
We’re asking our clients to use two factors to login now. This is because like it or not, employees will use weak passwords – or use the same password on multiple websites. If a hacker gains access to your email, they can trick your clients or employees into sending your hard-earned cash to them, or worse. Some regulated industries have penalties associated with data breaches. At a minimum, your reputation is at stake – do you want to have to tell your clients you’ve had a breach?
Microsoft has made two-factor authentication easy to use with the authenticator app for iOS and Android. Once connected to your account, all you have to do is push the “approve” button when prompted on your phone. Read more...
At SpireTech, our managed services clients often contact the helpdesk to determine if an email is fake or not. We thought it’d be helpful to put together a short instructional video to help you identify some common signs that an email is a phish or fake email.
While this doesn’t cover all the possibilities, we think it hits on the most common ones. Another thing we’re seeing occasionally is a real, targeted email to a client purporting to be be from an owner of the company or a vendor. Always pick up the phone if there’s any question on the validity of an email, and contact our service desk if you need help! Read more...
used with permission from Norton by Symantec, by Steve Symanovich
You’re probably no stranger to those little pop-up windows. They tell you software updates are available for your computer, laptop, tablet, or mobile device.
You might be tempted to click on that “Remind me later” button. Don’t do it. Or, at least don’t put off updating your software for long.
Software updates are important to your digital safety and cyber security. The sooner you update, the sooner you’ll feel confident your device is more secure — until the next update reminder.
Why are software updates so important? There are a lot of reasons. Here are 5 that show why it’s important to update software regularly.
1. Software updates do a lot of things
Software updates offer plenty of benefits. It’s all about revisions. These might include repairing security holes that have been discovered and fixing or removing computer bugs. Updates can add new features to your devices and remove outdated ones. Read more...
used with permission from FTC.gov., by Colleen Tressler
Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity, or both. They also use phishing emails to get access to your computer or network. If you click on a link, they can install ransomware or other programs that can lock you out of your data.
Scammers often use familiar company names or pretend to be someone you know. Here’s a real world example featuring Netflix. Police in Ohio shared a screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method. Read more...
Think about this scenario: A friend tells you that they received a message from your email address that wasn’t really sent from you. They think you’ve been hacked and your account is sending malicious emails to friends. How do you know if your email address account has been compromised, or if this malicious attempt is just spoofing your email address?
Email “spoofing” means that an attacker is impersonating you by pretending to send an email from your account. The recipient of the email will see your email… but if you dig deeper into the email message’s contents, you can often see whether the email was truly sent from your account or only made to appear so.
This type of impersonation is possible because email messages can show a difference between “display” information and the actual information embedded in what’s called the “email header”. Spoofing is an attempt to forge the email header, taking advantage of email protocols’ lack of authentication. Read more...
used with permission from FTC.gov., by Andrew Smith, Director, FTC Bureau of Consumer Protection
Mention the word “ransomware” at a meeting of small business owners and you’ll feel the temperature in the room drop by 20 degrees. A ransomware attack is a chilling prospect that could freeze you out of the files you need to run your business. When FTC staff met with business owners across the country, you cited ransomware as a particular concern. New resources from the FTC can help protect your company from this threat.
Ransomware: How It Happens
What is a ransomware attack? It can start innocently enough. An employee clicks on a link, downloads an email attachment, or visits a website where malicious code is lurking in the background. With just one keystroke, they inadvertently install software that locks you out of your own files. The cyber crook then demands a ransom, often in the form of cryptocurrency. Read more...
used with permission from Microsoft On the Issues, by Athima Chansanchai
And then, before you know it, responding to these warnings has delivered your passwords and personal information to scammers, your PC is under their control and now they’re extorting you by peddling bogus security software and services.
A new Microsoft survey of 16 countries released this month, focused on tech support scams and their impact on consumers, shows less people are now susceptible to these scams. And the percentage of respondents who’ve been exposed to them is decreasing. Overall, people are losing less money. This 2018 Global Tech Support Scam Research report follows an earlier one Microsoft released in 2016.
Just in time for October, National Cybersecurity Awareness Month, this research revealed consumers have developed a healthy skepticism about unsolicited contact from technology and software companies. Read more...
used with permission from Tektonika (HP), by Karen Gilleland
“Gimme the dough—or you’ll never see your files again!” In this scenario, the thug in the mask is ransomware, and it’s only one of the ways cybercriminals attack businesses—which are often left vulnerable due to poor business security or cybersecurity practices. Alongside the devastating effects cyber attacks can have on individuals, cybercriminals are sucking billions of dollars out of the economy, and you do not want your business in that position.
Toward the end of 2017, the US government passed H.R.2105, a law aimed at helping businesses beef up their cybersecurity by providing guidelines about effective tools and strategies to combat the rise of cybercrime. The National Institute of Standards and Technology (NIST) has been charged with developing a comprehensive set of guidelines by October 2018, but what can you do while waiting around for that to happen? Start firming up your IT environment with the following tips, of course. Read more...
used with permission from FTC.gov., by Amy Hebert
Tech support scams, which get people to pay for fake computer help or steal their personal information, are convincing. You might already know the signs of a tech support scam, but do your friends and family? Here’s what they need to know now:
- Companies like Microsoft don’t call and ask for access to your computer. If you get a call like that, it’s a scam.
- Real companies also won’t ask for your account passwords. Only scammers do.
- Tech support scammers try to convince you they’re legitimate. They’ll pretend to know about a problem on your computer. They’ll ask you to open normal files that look alarming to make you think you need help.
- If you do need computer help, go directly to a person, business, or website you know you can trust. General online searches are risky because they might pull up another scam.
used with permission from Tektonika (HP), by Karen Gilleland
Unlike fine wine, your cyber assets don’t get better with age. Any PC more than four years old is not only costly to keep, but it’s also hack-friendly tech that could pose serious office security risk. Old PCs lack the built-in security triggers needed to repel the thousands of malware threats discovered each hour. With new technology, you could avoid 70–80 percent of the top malware detected.
Down-level hardware could potentially jeopardize your business—and that risk carries a price tag far exceeding an investment in state-of-the-art technology. As Two River Community Bank put it, “The risk just isn’t worth it.” There’s no reason to stick with outdated hardware, especially when computing power is growing exponentially and faster than ever. Older hardware may be costing you precious time, and the longer you delay updating old equipment, the further behind you’ll fall in the skills, knowledge, and technology needed to compete with companies on top of the curve. Read more...