Category Archives: Internet

What is the “Internet of Things” or IoT?

If you are tech savvy or just try to stay up with the constant changes within the technology world, chances are you have stumbled upon many acronyms. One of the newest to emerge that has many people asking Google for help is the IoT. The Internet Of Things.

For titles, it’s the most ambiguous and non-descriptive you can get. “Things” is the word you substitute when your brain stalls and can’t come up with anything more professional or eloquent. So why is this weak word the main substance of the title? Because things is an all encompassing word. And all encompassing is exactly what IoT wants you to know about it.

From pacemakers to smart watches, the Internet of Things simply put is anything that will communicate data between devices and over networks. The newest home thermostat, door locks, light switches or refrigerator that can be controlled by your smart phone falls under this category. While all of this on the outset can seem incredibly cool and handy ( I mean, who wouldn’t want to walk into a house that is already at the perfect temperature), it does come with security concerns.

With more and more devices being connected to the internet, that means more opportunities for cyber criminals to gain vital information. With this knowledge,we have to ask then, what is being done to safeguard us? According to William H. Saito, who wrote this article on Forbes.com, if leading thinkers don’t act soon, IoT could mean “internet of threats”.  Firmware needs updated, standards need set and regulated and patches need pushed. And that’s just where the security of IoT starts.

So, are you looking suspiciously at your Smart Watch now?

The Threat of Social Engineering.

You can defend your data with all the latest and best technology. But if just one team member gets tricked into giving away the keys to the castle, it’s game over. Hackers know this. And that’s why so many use social engineering to break in.

And it’s not just the big companies you hear about on the news. On February 3, 2016 a suspect posing as the CEO of Magnolia Health Corp. obtained a spreadsheet with sensitive data about their employees. On February 23, someone posing as an employee of Central Concrete Supply Company obtained confidential W2 records and disappeared with them.

In a 2011 survey, Check Point Software Technologies found that nearly half of the companies surveyed reported one or more social engineering attacks resulting in losses ranging anywhere from $25,000 to $100,000 per occurrence.

Unfortunately, there just aren’t any whiz-bang tricks or tools that will automatically prevent a clever “social engineer” (SE) from breaking in. The keys to protection are awareness and vigilance. To help you know what to watch for, here are five common ploys – and how to deflect them:

Familiarity – In this type of scheme, the hacker becomes familiar to an employee. Social networking sites can reveal an employee’s schedule and favorite hangouts. The hacker might then frequent the same bar or restaurant. After a drink or two, some key fact may slip out… The best way to bust this ploy is to be careful to not get lulled into a false sense of security around people you haven’t thoroughly vetted.

The Consultant – A social engineer poses as a consultant for hire. Once they get the gig they can scoop up all the info they need from you and your team because of their seeming authority. Watch for this especially with IT consultants. Do NOT trust blindly. Vet every consultant, and never give all the keys to the kingdom. Just because someone has the skills to fix your server or network doesn’t mean they won’t steal your data. Vet thoroughly, and, as Ronald Reagan said, ‘trust but verify’.

Piggybacking – The SE waits by a secured door for someone to use their passcode and enters right behind them. Or the SE struggles with a heavy box and asks a legit employee to hold the door open for them. Being kind and helpful, the employee helps the SE right into the building… free to do as they please. To foil this one, never forget the dangers of allowing a stranger in without proper clearance.

The Interview – Key information often escapes during interviews. A smart social engineer will gain an interview and deftly pick up all the information they need to hack into your network. Make sure any data provided during an interview offers nothing in the way of secrets. Keep the conversation light, or even superficial to avoid leaking critical data.

Angry Man – You may have seen this on TV… Somebody has an angry tone on the phone, or is grumbling to themselves as if they’ve just had an argument. We all tend to avoid people like that. Enough people avoid them and the way is cleared into the heart of the company – and your data. Don’t go along with it. When you see this exploit unfolding, call security.

The key to preventing social engineering attacks is a well-trained workforce. You and your people may be your company’s greatest asset. Yet without regular, proper training, human beings can be the weakest link in your company’s data defenses.

What is Blockchain Technology?

You may have recently heard of the word “blockchain” being thrown around in certain articles or news stories. Specifically, blockchain comes up when the crypto-currency Bitcoin is being mentioned.  Sometime the term is used interchangeably with Bitcoin which is inaccurate and can give blockchain a bad stigma, making people believe it is only something hackers use to stay anonymous. However, blockchain is very interesting technology that may just revolutionize the way in which we make any type of transactions in the future.

What is Blockchain?

Blockchain technology is designed to let you safely exchange any type of digital property (like money) without the need for a middleman (like banks). Skipping the middle man then makes the transfers faster, and cheaper. Blockchain is also a hard coded permanent record of all transactions that ever happened, once information is added, it is impossible to remove. This does not allow anyone to change the record of what transactions took place, making it a reliable record of what happened. Since no one can change the records, the blockchain is a trustworthy source of information that lets strangers agree that a transfer happened even if they do not trust each other.

Blockchain has also solved the double spend problem. Digital money, like bitcoin is just a computer file, so it would be easy for someone to copy, paste and counterfeit it. When digital money is spent, its publicly added to a receivers account, so if a scammer tries to spend money twice, it can easily be discovered. Not needing a third party to handle the double spending problem allows digital property to be sent directly from one person to another.

How Does Blockchain Work?

When a transaction is sent (using the example of money), that transaction is recorded on EVERY record of the blockchain around the world. Each copy is an identical record of all transactions. Once one stranger gives money to another, now every stranger has a record of the transaction, the blockchain then compares all the transactions to make sure they all match. If a record does not match throughout the blockchain, the transaction does not get approved.

When a transaction is approved, it is placed into the block and given a unique transaction code. This code in the blockchain is directly related to past transactions and future transactions, making it impossible to go in and change. This permanent record will make it safe for people to directly exchange digital property without an expensive middle man.

What Use Does Blockchain Have?

  1. Entertainment: now people have the ability to pay an artist directly. Readers can pay authors directly. Artist can now self publish onto blockchain platforms and cut out all middlemen.

2. International Payments: Payments by companies and individuals become fast, cheap and secure, blockchain also ensures the money changes hand fairly.

3. Voting: With blockchain people could vote directly and from anywhere. Voting can be securely counted in a system that cannot be changed after the fact.

4. Ownership Records: By permanently  recording everything, this technology automatically ensures that the ownership for anything purchased can easily be proven. Currently purchase records exist in paper or items that can easily be corrupted or lost, changing this can reduce the possibilities of fraud and disputes.

5. Charities: Donations can now be tracked all the way from giving, receiving and spending. Blockchain can ensure that donations get to right people and used for what was promised. This allows for more transparency and accountability.

There are many more uses for blockchain  and the technology is still in its infancy, but as more and more practical uses come up we can start to see a huge shift in how we will exchange property. We will also have a more secure online market where people can trust that their personal data will not be compromised.

How to Identify a Phishing Email

You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.

Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.

To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.

This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:

  1.  You are asked to send money to cover expenses.
  2. The message asks for personal information.
  3. The message contains poor spelling and grammar.
  4. The email contains mismatched URL’s.
  5. The offer of the email seems too good to be true.

Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!

 

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

Forgot Your Password? The Future May Help.

Probably one of the most annoying things about technology today is trying to remember all your passwords, from your desktop login, social media sites, down to your online financials, a combination of words and numbers can really start to all blend together. If you’re like most of us, you probably have the same password for everything. This practice is EXTREMELY unsafe, and not recommended by any IT technicians or service providers. So, is there any end in sight to the madness? Well, current trends in biometrics may just make passwords obsolete.

Today, many cell phone users are logging onto their phones and entering all their apps with their fingerprints. Apple’s “Apple Pay” on iPhones are becoming ever more popular and allows for users to pay with their cards at retail locations using their fingerprints to authenticate the purchase. The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone and can be used as a second factor in authenticating any number of online services. Microsoft’s Hello is allowing Windows 10 users to login through facial recognition and a patent for the company indicates they are trying to develop ways to pair a touchscreen with gestures made on the screen to authenticate. Some ideas out there are even hinting at using brainwaves for authentication to unlock computers!

What will this mean for the future of passwords? Maybe soon all you will have to do is think about unlocking your Facebook page and like magic, it would work. While that may seem farfetched, who knows what the future can hold? Much of this research to eliminate passwords is being supported. In the U.K. the National Cyber Security Center is looking for proposals that will do away with passwords and is offering $32,160 in research funds per proposal.

However, while things are still in the works we will have to still stick to the “old-school” way of keeping our information safe, with your first pets name and your birth date numbers (did we get some of you??…). Until then, we recommend creating strong passwords (using capital letters, numbers and symbols) and using different passwords for each account you have.

 

Call ECMSI today for a free consult!

330.750.9412