SpireTech Blog - Category: Security
IT Security topics
IT workers around the world have been busy the last couple of weeks. At SpireTech, the service desk has been slammed with issues relating to everybody getting setup to work from home (WFH) and we apologize for any delays or long hold times. The sorts of issues our clients have been facing are:
- Users learning how to properly use new videoconferencing tools
- Issues with passwords
- Learning how to properly use VPN’s or Remote Desktop
- A remote control session will always be slower than if you are sitting in front of the computer
- Avoid videos or conferencing software on your remote computer, run those locally.
There are things you can do to make it easier for our team to keep on top of your requests:
- When calling the service desk, please let us know if you’ve previously emailed us regarding your issue so we do not create a duplicate ticket.
- If you are emailing us and working from home, please include your mobile number in your email.
- If you are emailing us about a prior issue, please locate the earlier correspondence and reply to it, instead of starting a new email.
Let’s encrypt, an industry nonprofit that issues free SSL certificates, had to revoke 3M certificates Wednesday March 4, 2020 due to a bug. SSL is the technology that gives websites the https “padlock” and is often used to secure other things like mail servers.
For more information, you can visit the Sophos security blog. We’ve already checked all SpireTech web hosting and Managed Services clients to see if anyone is affected, and installed new certificates where needed.
If you visit an https website and receive a certificate error in the next several days, it’s possible the site is affected. We don’t recommend proceeding to the site, instead consider notifying the site owner. Bad actors are already taking advantage of this and launching phishing emails and banners, so use caution. If you find that a website we host or server we manage for you is affected, please let us know and we’ll fix it right away. Read more...
We’ve been recommending for quite a while that our clients implement multi-factor authentication (MFA) on their email and Office365 accounts – really, anything that can have MFA enabled should. You may have heard of two-factor authentication (2FA) before, multi-factor can use two or more methods of authentication.
We’re asking our clients to use two factors to login now. This is because like it or not, employees will use weak passwords – or use the same password on multiple websites. If a hacker gains access to your email, they can trick your clients or employees into sending your hard-earned cash to them, or worse. Some regulated industries have penalties associated with data breaches. At a minimum, your reputation is at stake – do you want to have to tell your clients you’ve had a breach?
Microsoft has made two-factor authentication easy to use with the authenticator app for iOS and Android. Once connected to your account, all you have to do is push the “approve” button when prompted on your phone. Read more...
At SpireTech, our managed services clients often contact the helpdesk to determine if an email is fake or not. We thought it’d be helpful to put together a short instructional video to help you identify some common signs that an email is a phish or fake email.
While this doesn’t cover all the possibilities, we think it hits on the most common ones. Another thing we’re seeing occasionally is a real, targeted email to a client purporting to be be from an owner of the company or a vendor. Always pick up the phone if there’s any question on the validity of an email, and contact our service desk if you need help! Read more...
used with permission from Norton by Symantec, by Steve Symanovich
You’re probably no stranger to those little pop-up windows. They tell you software updates are available for your computer, laptop, tablet, or mobile device.
You might be tempted to click on that “Remind me later” button. Don’t do it. Or, at least don’t put off updating your software for long.
Software updates are important to your digital safety and cyber security. The sooner you update, the sooner you’ll feel confident your device is more secure — until the next update reminder.
Why are software updates so important? There are a lot of reasons. Here are 5 that show why it’s important to update software regularly.
1. Software updates do a lot of things
Software updates offer plenty of benefits. It’s all about revisions. These might include repairing security holes that have been discovered and fixing or removing computer bugs. Updates can add new features to your devices and remove outdated ones. Read more...
used with permission from FTC.gov., by Colleen Tressler
Phishing is when someone uses fake emails or texts to get you to share valuable personal information – like account numbers, Social Security numbers, or your login IDs and passwords. Scammers use your information to steal your money, your identity, or both. They also use phishing emails to get access to your computer or network. If you click on a link, they can install ransomware or other programs that can lock you out of your data.
Scammers often use familiar company names or pretend to be someone you know. Here’s a real world example featuring Netflix. Police in Ohio shared a screenshot of a phishing email designed to steal personal information. The email claims the user’s account is on hold because Netflix is “having some trouble with your current billing information” and invites the user to click on a link to update their payment method. Read more...
Think about this scenario: A friend tells you that they received a message from your email address that wasn’t really sent from you. They think you’ve been hacked and your account is sending malicious emails to friends. How do you know if your email address account has been compromised, or if this malicious attempt is just spoofing your email address?
Email “spoofing” means that an attacker is impersonating you by pretending to send an email from your account. The recipient of the email will see your email… but if you dig deeper into the email message’s contents, you can often see whether the email was truly sent from your account or only made to appear so.
This type of impersonation is possible because email messages can show a difference between “display” information and the actual information embedded in what’s called the “email header”. Spoofing is an attempt to forge the email header, taking advantage of email protocols’ lack of authentication. Read more...
used with permission from FTC.gov., by Andrew Smith, Director, FTC Bureau of Consumer Protection
Mention the word “ransomware” at a meeting of small business owners and you’ll feel the temperature in the room drop by 20 degrees. A ransomware attack is a chilling prospect that could freeze you out of the files you need to run your business. When FTC staff met with business owners across the country, you cited ransomware as a particular concern. New resources from the FTC can help protect your company from this threat.
Ransomware: How It Happens
What is a ransomware attack? It can start innocently enough. An employee clicks on a link, downloads an email attachment, or visits a website where malicious code is lurking in the background. With just one keystroke, they inadvertently install software that locks you out of your own files. The cyber crook then demands a ransom, often in the form of cryptocurrency. Read more...
used with permission from Microsoft On the Issues, by Athima Chansanchai
And then, before you know it, responding to these warnings has delivered your passwords and personal information to scammers, your PC is under their control and now they’re extorting you by peddling bogus security software and services.
A new Microsoft survey of 16 countries released this month, focused on tech support scams and their impact on consumers, shows less people are now susceptible to these scams. And the percentage of respondents who’ve been exposed to them is decreasing. Overall, people are losing less money. This 2018 Global Tech Support Scam Research report follows an earlier one Microsoft released in 2016.
Just in time for October, National Cybersecurity Awareness Month, this research revealed consumers have developed a healthy skepticism about unsolicited contact from technology and software companies. Read more...
used with permission from Tektonika (HP), by Karen Gilleland
“Gimme the dough—or you’ll never see your files again!” In this scenario, the thug in the mask is ransomware, and it’s only one of the ways cybercriminals attack businesses—which are often left vulnerable due to poor business security or cybersecurity practices. Alongside the devastating effects cyber attacks can have on individuals, cybercriminals are sucking billions of dollars out of the economy, and you do not want your business in that position.
Toward the end of 2017, the US government passed H.R.2105, a law aimed at helping businesses beef up their cybersecurity by providing guidelines about effective tools and strategies to combat the rise of cybercrime. The National Institute of Standards and Technology (NIST) has been charged with developing a comprehensive set of guidelines by October 2018, but what can you do while waiting around for that to happen? Start firming up your IT environment with the following tips, of course. Read more...