Don’t Let Your Employees Become Your Biggest Vulnerability

Computer Repair and Managed IT Services in Delray Beach

A couple years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous To Business As Hackers And Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

And yet, many employees do, and it’s almost always unintentional. Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, but it happens. One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.” 

Where does this weakness come from? It stems from several different things and varies from business to business, but a big chunk of it comes down to employee behavior.

Human Error 

We all make mistakes. Unfortunately, some mistakes can have serious consequences. Here’s an example: an employee receives an e-mail from their boss. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.

The problem is that it’s fake. A scammer is using an e-mail address similar to what the manager, supervisor or other company leader might use. It’s a phishing scam, and it works. While it doesn’t necessarily compromise your IT security internally, it showcases gaps in employee knowledge. 

Another common example, also through e-mail, is for cybercriminals to send files or links that install malware on company computers. The criminals once again disguise the e-mail as a legitimate message from someone within the company, a vendor, a bank or another company the employee may be familiar with. 

It’s that familiarity that can trip up employees. All criminals have to do is add a sense of urgency, and the employee may click the link without giving more thought.

Carelessness

This happens when an employee clicks a link without thinking. It could be because the employee doesn’t have training to identify fraudulent e-mails (See How to Spot a Phishy Email) or the company might not have a comprehensive IT security policy in place. 

Another form of carelessness is unsafe browsing habits. When employees browse the web, whether it’s for research or anything related to their job or for personal use, they should always do so in the safest way possible. Tell employees to avoid navigating to “bad” websites and to not click any link they can’t verify (such as ads). 

Bad websites are fairly subjective, but one thing any web user should look for is “https” at the beginning of any web address. The “s” tells you the site is secure. If that “s” is not there, the website lacks proper security. If you input sensitive data into that website, such as your name, e-mail address, contact information or financial information, you cannot verify the security of that information and it may end up in the hands of cybercriminals. 

Another example of carelessness is poor password management. It’s common for people to use simple passwords and to use the same passwords across multiple websites. If your employees are doing this, it can put your business at a huge risk. If hackers get ahold of any of those passwords, who knows what they might be able to access. A strict password policy is a must for every business and MFA or 2-Factor should be used whenever possible.

Turn Weakness Into Strength 

The best way to overcome the human weakness in your IT security is education. An IT security policy is a good start, but it must be enforced and understood. Employees need to know what behaviors are unacceptable, but they also need to be aware of the threats that exist. They need resources they can count on as threats arise so they may be dealt with properly. Working with an MSP or IT services firm may be the answer – they can help you lay the foundation to turn this weakness into a strength.

MANAGED IT SERVICES

CYBERSECURITY | HELPDESK | UPDATES | BACKUPS

Criminals Are Using YouTube Video Channels To Spread Malware

YouTube has long been a hunting ground used by hackers and scammers to push all manner of hoaxes, scams and malicious code onto unsuspecting users. A security researcher known only as Frost is working for Cluster 25.

Frost has reported a significant uptick in the number of malware campaigns orchestrated from YouTube.

Overwhelmingly these campaigns are pushing Trojans onto the PCs and smart devices of their victims.

Frost has identified what appear to be two clusters of malicious activity occurring simultaneously. One of these is pushing the RedLine trojan and the other is pushing Racoon Stealer.

Literally thousands of videos and channels have been made in the conduct of these two campaigns. Based on Frost’s personal observation the campaigns are adding 100 new videos and 81 channels every twenty minutes.

He had the following to say about the identified campaigns:

The videos in question cover a wide range of topics. The hackers behind the campaigns tend to favor videos about software cracks, how to guides that outline how to get around software licenses, cryptocurrency, software piracy, game cheats and VPN software.

The videos are at least vaguely helpful and contain a link that the video’s authors claim is to a tool that will help the viewer on his or her quest related to the topic of the video. Naturally the link is nothing of the sort and clicking on it will install malicious code on the viewer’s device.

The problem has gotten serious enough that YouTube’s owner Google made a formal statement about the matter.

Google’s statement reads in part as follows:

“We are aware of this campaign and are currently taking action to block activity by this threat actor and flagging all links to Safe Browsing. As always, we are continuously improving our detection methods and investing in new tools and features that automatically identify and stop threats like this one. It is also important that users remain aware of these types of threats and take appropriate action to further protect themselves.”

The moral of the story is simple: Be very careful about any links you click.

MANAGED IT SERVICES

CYBERSECURITY | HELPDESK | UPDATES | BACKUPS

The Easiest Way To Disaster-Proof Your Cyber Security

The Easiest Way To Disaster-Proof Your Cyber Security

Though no one would dispute the increasing prevalence of cyber-attacks on businesses in recent years, many small-business owners believe themselves and their business to be immune to such cyber attacks. Broadly speaking, many small-business owners are likely to think that cybercriminals will go after the bigger fish. However, the fact of the matter is that cyber-attacks are crimes of opportunity, and small businesses often have access to a good amount of sensitive data without many major safeguards. In other words, they’re low-hanging fruit, ripe for the picking. 

Back in 2019, two-thirds of respondents to a survey about cyber security didn’t believe that their small to mid-size business (SMB) would fall victim to a cyber-attack. Consequently, only 9% of respondents said cyber security was a top priority for their business, and 60% didn’t have any sort of plan for deterring a cyber-attack. All of this, despite the fact that, according to a report from CNBC, SMBs endured 43% of reported cyber-attacks, and according to data from the Ponemon Institute and Keeper Security, 76% of SMBs in the U.S. alone reportedly endured a cyber-attack within the previous year. 

Every small-business owner should have some plan for deterring cyber-attacks so they don’t end up as another statistic. Here are a few strategies for keeping the cybercriminals at bay. 

Boost Your Cloud Security

Storing data in the cloud is easy and cost-effective, but you should take care to find the most secure cloud storage platforms. Not all cloud platforms make security a priority, but some do. A few of the top-rated, most secure cloud platforms, according to Cloudwards.net, include Sync.com, pCloud and Icedrive. 

Secure All Parts Of Your Network

Our computers and the many smart devices hooked up to our network can become weak spots for hackers to get in. Taking steps to safeguard each device in your network with strong passwords and robust authentication measures will go a long way toward keeping the hackers at bay. In fact, one of the most basic security measures you can take for your network is to restrict access to your WiFi with a strong password. 

Invest In Extra Security Measures

Virtual private networks (VPNs) and firewalls are tools that are highly effective in protecting against cyber-attacks, even if they can’t prevent 100% of them. 

Pay Attention To Updates And Upgrades

When you get notified that one of the technological tools that you use has a new update, it’s easy to ignore it. However, you should commit to regularly updating and upgrading these tools because developers will often add patches to their programs that make them more secure against attacks with each update. So, it behooves business owners to regularly install updates for their tech tools. 

Back Up Your Data

With one of the most common forms of cyber-attacks being ransomware attacks, where hackers will hold your company data hostage until you pay them a ransom amount, having your company data stored on multiple backup solutions can ensure that your business won’t crumble due to your data’s inaccessibility.

Limit Employee Access To Your Network

As much as we’d wish it were true, many cyber-attacks don’t come from outside of your company. Instead, they originate from within. If you want to limit the amount of damage that someone inside your company can do in a cyber-attack, the best course of action is to limit their access to different parts of your network. 

Train Your Employees

At the same time, just as many cyber-attacks occur not because of an employee’s malicious intent, but because of their ignorance. They click on a link in a sketchy e-mail and fall for a phishing scheme, volunteer their password info without thinking about it or choose a weak password for their computer. That’s why you need to dedicate time to training your employees on best practices when it comes to security. 

Set Up A ‘Security Culture’ At Your Workplace

You need to make cyber security a top priority, not just for your IT department, but for every department at your business. When everyone works together to protect their workplace from a cyber-attack, you have a better chance of actually succeeding. 

Will protecting your business from a cyber-attack require a good amount of time and money? Absolutely. Can you afford to ignore the prevalence of cyber-attacks any longer? Statistically, no. The sad truth is that 60% of SMBs that fall victim to a cyber-attack end up shuttering within six months. Don’t put yourself in that kind of position. Instead, take your business’s cyber security seriously. 

MANAGED IT SERVICES

CYBERSECURITY | HELPDESK | UPDATES | BACKUPS

How To Keep Your Password Secure

How To Keep Your Password Secure

  • Make sure your password is long and strong. That means at least 12 characters. Making a password longer is generally the easiest way to make it stronger. Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases. If the service you are using does not allow long passwords, you can make your password stronger by mixing uppercase and lowercase letters, numbers, and symbols.
  • Don’t reuse passwords you’ve used on other accounts. Use different passwords for different accounts. That way, if a hacker gets your password for one account, they can’t use it to get into your other accounts.
  • Use multi-factor authentication when it’s an option. Some accounts offer extra security by requiring something in addition to a password to log in to your account. This is called multi-factor authentication. The “something extra” you need to log in to your account fall into two categories:
    • Something you have — like a passcode you get via an authentication app or a security key.
    • Something you are — like a scan of your fingerprint, your retina, or your face.
  • Consider a password manager. Most people have trouble keeping track of all of their passwords. The longer and more complicated a password is, the stronger it is, but a longer password can also be more difficult to remember. Consider storing your passwords and security questions in a reputable password manager. To find a reputable password manager, search independent review sites, and talk to friends and family for ones that they use. Make sure to use a strong password to secure the information in your password manager. KeeperSecurity & LastPass are just a couple options.
  • Pick security questions only you know the answer to. If a site asks you to answer security questions, avoid providing answers that are available in public records or easily found online, like your zip code, birthplace, or your mother’s maiden name. And don’t use questions with a limited number of responses that attackers can easily guess — like the color of your first car. You can even use nonsense answers to make guessing more difficult — but if you do, make sure you can remember what you use.
  • Change passwords quickly if there’s a breach. If a company tells you there was a data breach where a hacker could have gotten your password, change the password you use with that company right away, and on any account that uses a similar password.

Why businesses need DNS protection

DNS Protection

What is DNS protection?

Before we talk about DNS security, you need to understand the DNS. The domain name system (DNS) works like a phone book for the internet. When a user enters text into a browser, DNS servers take that input and translate it into the unique internet protocol (IP) addresses that let the browser open the desired site. But DNS protocols were never designed with security in mind, and are highly vulnerable to cyberattacks, such as cache poisoning, DDoS, DNS hijacking, botnets, C&C, man-in-the-middle, and more.

By redirecting users’ web traffic through a cloud-based, DNS security solution, businesses can finely tune and enforce web access policies, ensure regulatory compliance, and stop 88% of threats at the network’s edge—before they ever hit the network or endpoints.  If your business is like many others that have embraced remote workforce DNS Protection should absolutely be part of your network security plans.  DNS Protection can also secure your mobile workforce without interfering with the VPNs, firewalls, and other security tools you already use.

Why businesses need DNS protection

Uncontrolled internet access is a high-risk activity for any business, regardless of size.  DNS Protection helps protect you from wasted bandwidth, malware from sophisticated attacks such as ransomware and other cybercrime.

Per a report from EfficientIP, the average cost of a single attack was $715,000 USD. When you do the math, it’s clear how DNS Protection for servers, endpoints, and other networked devices could make all the difference to a business’ success (and survival).

What DNS Solution is best for my business?

Choosing a DNS protection solution doesn’t need to be hard.  There are several reputable options we can work with including Webroot DNS Protection & Cisco Umbrella.  These are 2 great solutions that offer up a DNS layered security to protect your workforce.  Don’t wait call us today. (561) 404-9251