Catching a Phish: What is phishing?

Phishing is an email scam designed to trick the recipient in to giving valuable information to a hacker. Have you ever received invoices claiming money owed, unsolicited UPS or FedEx shipping notifications, or emails claiming your online bank password needs to be reset? These are phishing emails trying to reel you in by imitating legitimate businesses and their communications; once you click the link or open the attachment the hacker has set the hook. Here are some Google Image examples of phishing emails: http://bit.ly/2qkHAOU.

Business-grade email systems that have a decent anti-spam filter will catch most phishing emails these days, and anti-virus programs are able to detect and prevent most malicious attachments and phishing websites. To get around these advanced prevention technologies, hackers have become more sophisticated in their approach and have developed a technique called spear-phishing. Spear-phishing is a very targeted attack on a small number of individuals, possibly even a single user. This differs from phishing where the hackers send out thousands upon thousands of emails knowing that only a tiny percentage will ever make it to a user’s inbox, with an even tinier percentage being opened and the bait taken. Spear-phishing is usually supported by social engineering, a practice where the hacker gathers enough information about the target to accurately represent themselves as someone the target interacts with on a regular basis. Common examples of spear-phishing emails are a note from the CEO/Owner to the CFO/Controller asking them to move money to a certain account or an email from “IT” asking a user for their password to resolve an issue. Spear-phishing emails are much more difficult to detect as they usually do not include any links or attachments initially, while the hacker probes his target to see if they will fall for the trick.

How can you protect yourself? The best way to stay protected is through education. Knowing what to look for in an email to determine if it is legitimate, being suspicious of any communication that seems out of the ordinary, and verifying the authenticity of an email through another means like phone or text are all ways to avoid getting caught on the hook. Take our phishing quiz to test your knowledge: http://bit.ly/2zw0wiC. There are also many technologies available to assist in protecting you. Email systems with anti-spam, security software with anti-phishing link tracking, and spear-phishing pattern detection and testing systems are all available to help keep you safe. This article from one of our partners has some great tips on what to look for in an email to determine if it is legitimate or not: http://bit.ly/2yr77Yx.

Advertisements

October is Cybersecurity Month

Pumpkin

What is cybersecurity? Google defines cybersecurity as “the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this”. The technology industry uses it as an umbrella term to cover anything from the anti-virus protection on your home computer to corporate policies that define how to respond to a data breach (think Equifax).

So why is cybersecurity important? It’s very easy to be affected by any number of threats these days. Some of the more recent threats involve companies like Equifax and Yahoo, where just having an account means you were affected. Then there is the most recent revelation that all wireless devices have a security flaw that can allow malicious access to anything connected to a wireless device.

Education Concept.

So what can you do? Education is key. The most common way to be affected is through email based scams called phishing attacks. Here are a few examples of these fake emails: http://bit.ly/2qkHAOU. You can also take advantage of local educational events, like the Westfield, NJ chamber’s cybersecurity panel event (details here: http://www.gwaccnj.com/events/cybersecurity/). Making sure you are backing up your data, and using multiple layers of security, like firewalls and anti-virus software, are other ways to minimize your risk. You should also make sure all your software is up to date; this includes Microsoft Windows, Microsoft Office, and any Adobe products.

 

Want to learn more? CBTech Support’s Marc Pickard will be part of a free online cybersecurity panel hosted by Barracuda MSP on October 31 at 2:00pm EST. Use our contact us form to request your free virtual seat.

What Is Ransomware?

ransomware

Sure, you’ve heard the phrase “ransomware”, and some of its specific variants like Locky, Crypto, or WannaCry, since they’ve made headlines, but what exactly is “ransomware”? Google defines the term “ransomware” as “a type of malicious software designed to block access to a computer system until a sum of money is paid”. That’s straightforward and concise, but how exactly does it “block access”? In laymen’s terms, it changes the contents of files it thinks are important, like documents, spreadsheets, pictures, so that you cannot open the file. If you want to open the file, you first need to change the contents back to normal. Of course, you can’t change the contents back to normal without paying money to get a password to do so and that’s why it’s called “ransomware”.

So what can you do to combat “ransomware”? First, have a good backup system in place. Make sure you’re backing up important data, if not entire computers/servers, and that you’re testing those backups to make sure they are able to be restored. Second, employ a multi-layered approach to security. Having multiple layers like anti-virus software, firewalls, file permissions, etc helps ensure that even if a malicious actor gets past one layer they won’t necessarily gain access to your data. Third, make sure all your software is up to date. This includes Windows, Office, Adobe products, and anything else that you have installed.

Want to learn more? CBTech Support is hosting a webinar in conjunction with SCORE of Northwest New Jersey at 12:00pm on Wednesday, October 4. To register, follow this link: http://conta.cc/2hjGDkm

How to work from the beach in Hawaii

It’s August. You’re on vacation. You need to finish up some details to close a last minute deal. You need to access that critical file because you’re the only that can handle. Or maybe you’re the person responsible for payroll and it just happens to fall on a day in the middle of your vacation. You’re out of luck, right? Not so fast! There are many different ways to remotely, and securely, access business resources outside the office.

Disney Aluni resort beach. Photo: Hawaii.com member Tina W.

The first rule of thumb is to ask your technology services provider what methods are available to you. They should be able to help you implement something that fits your needs, budget, and security concerns, if they haven’t already.

The next rule of thumb is that the ways to get to what you need are as varied as the types of resources you want to get to. It all depends on what you need to get to: files like documents or spreadsheets, or applications like QuickBooks. And each business is going to have different requirements, regulations, budgets, et cetera, that will determine what method or methods can be used. This brings the first rule of thumb back in to play: your technology services provider will know what methods fit your situation best.

To learn more about a simple way to get secure access to your files from anywhere, collaborate with your team, and even share documents securely with people outside your organization, download our free whitepaper: 8 Ways to Boost Employee Productivity.

Enjoy your vacation!

Cybersecurity Tips: The Basics

Growing in sophistication, phishing attempts appear trustworthy, but the goal is simple: steal valuable data. With infectious links spreading through any means— email, instant message, and even social media posts—phishing has become one of the most common security challenges facing businesses and consumers.

Many businesses are hit by these attacks simply because they fail to educate their staff about phishing schemes and other cyber threats. Others don’t use and maintain the right technology and managed IT services to prevent the attack in the first place.

Here are some tips to get started:

  1. None of us are immune. When you think of data breaches, you probably think of Sony, Target, or Anthem, but in reality, SMBs are often targeted by cyber criminals as well. In 2014, about 60 percent of all U.S. cyber attacks were aimed at SMBs, according to the Internet Security Threat Report.
  2. Protect yourself from social engineering and phishing attacks. For the most part, you can do this by using good judgement. For starters, don’t open emails from untrusted sources, and if you see an email that looks like it’s from a contact but seems suspicious, give them a call rather than responding via email.
  3. Set up an intrusion-prevention system and security software on all computers. We recommend a combination of antivirus software, firewalls, and spam filters.
  4. Travelers should take extra precautions to guard themselves from cyber threats and protect devices they take on the road. This includes backing up all files, removing sensitive documents and information from their devices, ensuring passwords are in use and that antivirus software is updated.

Download our full list of Cybersecurity Tips here.

Your data prefers to live in the cloud

You have team members working remotely, staff away at a conference, sales personnel out in the field – how will everyone get access to the most current version of every single file?

Some common misconceptions about data in the cloud:

  • Bring your own device – if employees, or some employees, only need access to company data, then you need to buy them a company computer to maintain control over proprietary data.
  • If an employee leaves I can just change the password for Onedrive, Google Drive, or Dropbox and they no longer have access to company data.
  • If my data is out of the office it is less secure, anyone can access it!
  • Expensive infrastructure is required to remotely access company data, such as a VPN.

How does CBTech Support’s Documents Everywhere solve these challenges?

Cloud file sync

Our proprietary product allows you the freedom to access all of your work documents everywhere you are from any device you use. Your team members will have access to all the data they need to perform their tasks, wherever they are, from any device with internet connectivity. Our Documents Everywhere product gives you the ability to:

  • Decide which employees have access to what data from what device.
  • Remove access to company data from personal devices when access is no longer needed, including remote wiping of company data from any device.
  • Provide access to company accounts instead of personal accounts such as OneDrive, Google Drive, or Dropbox.
  • Secure data using high encryption to protect data from unauthorized access.
  • Achieve this solution with convenient monthly billing.

Call us for more information or download our white paper “8 Ways to Boost Employee Productivity with Documents Everywhere“ here

Ransomware Strikes Again

As you may already know, on Friday May 12th there was a massive ransomware attack that at last count has affected over 150 countries and more than 350,000 computers. It is taking advantage of a security hole in Windows that Microsoft fixed in March.

Make sure your system has the latest updates installed, and that your anti-virus has the latest updates as well. Also, be vigilant when checking your emails as that has been the number one avenue for this attack.

Our clients didn’t need to worry about this attack because our services proactively install updates every weekend. In addition, our multiple security layers would block infections like this before they could do any damage.

Small Businesses at Risk

50% of all small businesses in the US have been hacked. That’s a scary statistic. Even more alarming is that a survey published by Manta in February shows that 87% of small business owners don’t think they’re at risk of a cybersecurity attack.

This information comes from a recent article published on CNBC’s website, which discusses a bill in Congress that would update the Cybersecurity Enhancement Act of 2014 to include small business guidelines for cybersecurity. The article is worth a read: http://www.cnbc.com/2017/04/05/congress-addresses-cyberwar-on-small-business-14-million-hacked.html.

What can business owners like you do to protect themselves?

The most common tools you need to have in order to prevent attacks are firewalls, anti-virus software, spam filters, and data-encryption tools.

The most overlooked step is to keep your software up to date. Take our quiz to see if you’re at risk: http://bit.ly/2pFA1Ak.

Basic Security Tips for Home

Our company focus is on business computers but we often get asked about home computers. It’s just as important to protect your home computers as it is to protect your business computers. Here are a few tips to help secure your home computers:

Use antivirus software – here is a good comparison of several different products in varying price ranges: http://www.pcmag.com/article2/0,2817,2372364,00.asp.

Add an additional layer of security to protect against malware, and help protect devices like tablets and phones – Cisco Umbrella protects networks by examining DNS traffic (basically the address book of the internet) and blocking anything attempting to get to a compromised destination. It’s a bit more complex to implement than installing antivirus software, but it has the additional benefit of offering content filtering (block websites based on category such as adult content, nudity, or gambling). https://www.opendns.com/home-internet-security/

Don’t open emails you don’t recognize – you’ve heard it at work, but the same applies at home: don’t open emails you’re not expecting, don’t click on links in emails (especially purporting to be from your financial institutions), and don’t open attachments you’re not expecting. Having a good antivirus program, and adding OpenDNS, will help protect you in the event you accidentally open something malicious but it’s better to avoid it in the first place.

Don’t illegally download software/music/videos – everyone likes watching the latest movies, having the latest music, getting software for free, but it comes at a steep price: your machine will most likely become part of a botnet, meaning it is controlled by someone else and can be used to carry out attacks on other internet-connected entities.

 

For more tips like these, sign up for our Timely Tech Tips: http://www.cbtech.support/timelytechtips.html