Category Archives: Security

Quiz Time: How Protected Is Your Business against the Threat of Phishing?

In the last three weeks, we have been discussing phishing attacks. We have talked about what they are, the different forms they take, the telltale signs of an impending attack, and specific steps you can take to protect your business. Given everything you now know, you should be able to tell if your employees can protect your business.

Having the right information is very important indeed. But often, the level of what you know has nothing to do with how you will react when hypothetical situations become reality. Take your employees, for instance. Let’s say you have trained them repeatedly on how to handle phishing attacks. If you want to find out if they can apply what they have learned, the simplest thing to do would be to test them and have them answer the following questions.

A Brief Quiz on Phishing

The following are some statements that have to do with phishing. Consider each one carefully and identify whether the statement is TRUE or FALSE.

  1. If you feel that you have been a victim of phishing, it is best to keep it to yourself.
  2. Incredible prize offers and deals that appear to be too good to be true are likely to be scams.
  3. Almost 88% of data breaches result from human error.
  4. Cybercriminals collect about $1.5 billion through phishing annually.
  5. Spam messages full of grammar and typo errors have consistently made good business sense for scammers.
  6. Sending millions of emails is an expensive task.
  7. You can protect yourself from phishing by validating emails before reacting to them.
  8. In managing your company’s social media accounts, accepting friend requests from anyone will help you generate more business leads.

Quiz Answers

  1. False

It’s quite surprising to know that a lot of employees feel embarrassed if they feel they have been phished. They probably think that it is their fault and that someone might blame them for exposing the rest of the company to online threats. It is necessary to report any phishing threat to your supervisor and the IT department so that they can take measures to remedy the situation and minimize further risk.

  1. True

Greed is one of the most effective ways to lure people into making poor decisions. If you get an email or text message saying you won something, think twice before clicking the link to claim the prize.

  1. True

It’s alarming to know that this number is increasing every year. The good news is that we can easily prevent these errors with sufficient employee training and education on phishing attacks and other online threats.

  1. False

Unfortunately, the number is even bigger. Phishing scams collect approximately $1.5 trillion dollars every year!

  1. True

Strangely, the poorly written emails that hackers send, which are riddled with all kinds of errors, have worked very well for them for many years.

  1. False

Online criminals can afford to send out email blasts to millions of recipients because it is very cheap for them to do so, costing just a few dollars for the entire batch.

  1. True

Before opening each email, you need to check the email address of the sender. If it’s someone you don’t know or if the domain looks suspicious, it’s best to just ignore the email.

  1. False

It’s tempting to accept friend requests from anyone because the more followers your company has, the better it is for marketing, right? Not necessarily, especially with the rampant online attacks that are going on these days. You should only accept requests from users validated by someone from within your company.

Evaluating the Results

After gathering your responses to the quiz, you will have a better picture of how you or your team would react in the event of an attack.

If you feel you need to boost your defenses, contact us. We will schedule a free consultation right away to discuss what we can do for your company.

Protect Your Business from Phishing Attacks

Phishing is a severe issue that is becoming worse. Hackers continue to improve their ways even as IT professionals work to develop more effective defenses against online attacks. What should a business owner do? Is it possible to defend your company against these increasingly damaging phishing attacks? Thankfully, there is, and that is what we will discuss today.

It is crucial to have a current security system in place to protect your data and apps. You require a solid firewall, up-to-date antivirus software, a thorough disaster recovery plan, and other security measures. More than this, you can take advantage of the many other highly efficient methods for safeguarding your company from phishing attempts, such as the ones listed below.

Password Policy

A password protects your sensitive data from the spying eyes of hackers. Passwords must be unique and challenging to break. When a user needs to create a new password, impose some restrictions. And change the passwords frequently to remain safe.

It’s best to create secure passwords randomly using a mix of capital and lowercase letters, numbers, and special characters. The ones that use the user’s genuine name, birthday, or other publicly available information that can be simple for anyone to figure out are the worst.

Consistent Staff Training

The secret to your data’s security rests in the hands of your staff. Hackers use phishing emails and other communication channels to find a way into your business. A small error could have serious repercussions, including data loss and disruption of corporate operations. If your company regularly trains personnel in cybersecurity best practices, you have an improved chance of preventing such incidents. You can evaluate their understanding of what they learned by having them complete this Employee Readiness Check after each training session.

Device Security on Mobile

Online hazards have increased as remote employment has grown in popularity. Employees put data at risk by accessing it on their laptops, smartphones, or other mobile devices. To help prevent these threats, implementing strict mobile security regulations and effective mobile device management is essential.

Frequently Updated Software

Even the best security programs require periodic updates to remain effective against recent threats. Check to see if your system has the most recent security fixes available.

Superior Security

Many companies avoid using professional cybersecurity services because they believe they are just another unneeded expense and would like to use their own, less expensive security measures. While maintaining a budget is crucial, we always recommend that you invest in a trustworthy cybersecurity solution to protect your company from phishing and several other types of cyber threats.

We can put all these procedures into action for your company as a trustworthy managed service provider that has assisted companies of all sizes for years. Get in touch with us if you wish to strengthen your protection against phishing and other online risks. We’ll be pleased to provide you with a free consultation, so contact us today!

Telltale Signs of a Phishing Attack

The main reason phishing has become such a prevalent problem is that it works. And hackers keep finding new ways to increase the success rate even further. What used to be easily distinguishable attempts at stealing information have now become brilliant scams that look valid at first glance.

However, this doesn’t mean that phishing attacks always work. All that’s needed is for everyone to stay vigilant with online communications and ensure they know what to look for to identify a phishing scam. Here are some of the most important signs you should look out for.

Fake Email Address

Very few people stop to look at the sender’s address when they get an email. Most of the time, employees will glance at the subject line and check the message. If the recipient checked the validity of an email address, it might prevent most phishing attacks.

Amateur cybercriminals might use free email accounts like Gmail or Yahoo to send a phishing scam. Major players, however, use email domains just like real email. For instance, if you get an email from [email protected] rather than [email protected], you’d better be wary.

Inconsistencies in Writing Style

If the style of writing is suspiciously different from what you have been getting from what appears to be the same sender, this can be a sign of a phishing hook. Also, some countries use different date formats. If date formats are not what you are used to, that’s also one sign.

Errors in Grammar and Spelling

Official emails get checked for grammar and spelling mistakes or go through basic spellcheck. A few minor typos and one or two misspellings are forgivable, but email with blatant errors, especially if it is supposed to be from a reputable company, is a good sign of a phishing scam. It’s likely because the hacker used an automated language translator to mass produce the message for potential victims.

Suspicious Attachments

You should never open attachments unless you are expecting them or if you can confirm with the actual sender that they indeed intended them for you. Otherwise, don’t open it, no matter how legitimate looking the filename might be. It’s likely they loaded these attachments with malware that will unleash themselves on your system once you click on them.

Fake Links

No one would knowingly click on a fake link, but these phishing emails are made to look so real. To check whether they are valid or not, hover over them and read the URL, particularly the domain name. If it seems questionable, that’s because it probably is. Delete the email and don’t give it a second look.

There is no 100% guarantee of protection against phishing attacks but looking out for these telltale signs is an excellent first step. As a business owner, be sure that all your employees know these signs and that you have properly trained them on the critical security measures against online threats.

It’s time to take cybersecurity seriously. Contact us and let’s protect your business today.

Understanding the Dangers Phishing Poses To Your Business

Phishing is one of the newest and most dangerous online threats that have pervaded businesses and private accounts in recent years. Reports show that phishing attacks this year are 70% higher than the total number of attacks reported last year.

A Brief Explanation of Phishing

What is phishing, anyway? How does it work, and why is it so dangerous for businesses? Phishing is a kind of cybercrime where a hacker essentially poses as a legitimate entity. They will send emails or forms to unsuspecting individuals, hoping to lure these potential victims into providing confidential information. The hackers usually aim to get credit card numbers, usernames and passwords, social security details, and banking info. Many will also create fake websites so that if someone clicks on their links, they will seem like genuine links.

Phishing scams have improved considerably over the years, and today, most victims are not even aware that a virus has infiltrated them until the damage starts.

Different Styles of Phishing

In the beginning, phishing happened through emails, but recently, hackers have expanded their channels and are now attacking from more diverse angles. There are three main types of phishing used today. As a business owner, learn about these attacks to protect your company accordingly.

Spear Phishing

This threat is the most common type of phishing used today because it is very effective. Reports show that over 90% of phishing attacks are of this nature. The attack aims at specific targets, and the hackers have prepared for it beforehand by gathering information about the target to make their snare more convincing.

Clone Phishing

This type of phishing involves cloning or duplicating legitimate emails that the recipient has already received and turning them into system infiltration tools. The hackers copy the original emails, subtly replacing the valid URLs with malicious links. They also use a recipient’s email address similar to the original so that the entire email looks legit. They will then send this fake email to the targets in the guise of being a resend or an updated version of the previous email.

Whaling

Hackers target these phishing scams at executives or high management of a company, not just any random employee. Hence, the term “whaling” as it targets the “big fish” of the business. The tone and content of these phishing emails are also very different. To blend in with other emails, they take the form of customer complaints, top-level office matters, or even subpoenas. They come with the illusion of urgency, so the executives who receive them feel compelled to click on the link as instructed, which is a malicious link.

Protect Your Business through Employee Training

Your protection against phishing threats depends on your employees’ knowledge of these threats. If your employees are careless about clicking links, you might as well hand your data to hackers. The simple solution is to train your employees. Teach them how to identify a phishing scam. Equip them with the skills to handle an attack.

Don’t leave your business unprotected in these times of rampant online threats. Contact us today, and we will boost your defenses against phishing and other online threats!

The History of Computer Viruses

Since the dawn of computing, there has always been programs people developed that had the ability to self-replicate. In the beginning, this seemed like amazing modern programs that were wise beyond their years. These programs have since developed into Viruses and the Malware that we know today. Which are not so amazing… However, they are wise, which is the scary part. Let us look at the history of how modern malware came to be. Understanding the root and origins can help us understand how these programs work and how we can defend against them.

1949- YES! As Early as 1949 we see some of the first Self Replicating programs that were established.

1966- John von Neumann, known to be the “Father of Cybernetics” wrote an article on the “Theory of Self- Reproducing Automata”.  Self-Reproducing Automata sounds much more interesting than “Virus”

1971- A self-replicating program called “The Creeper” was developed and accessed the Advanced Research Projects Agency Network and copied to a remote host system. The funny part is that it would display a message that said, “I’m the creeper, catch me if you can!”. Soon after another program called, “The Reaper” was developed to go in and delete the harmful “Creeper”.

1974- An infectious program called the “Wabbit” was created, its goal was to make multiple copies of itself on a computer and clog up the system so the computer performance would be compromised.

The 80’s – This was the decade where the term “Virus” was first coined. We also began to see these programs turn more malicious. The Lehigh virus in 1987 was programmed to infect command.com files at Yale University. A virus discovered in the city of Jerusalem was developed to destroy all file in an infected computer on any Friday the 13th.

The 90’s – At the start of the 90’s Symantec launched one of the first antivirus programs called Antivirus to help fight against the infectious programs. In 1996 a macro virus named Laroux was made to infect Microsoft Excel Documents. in 1999 The Happy 99 virus spread and attached itself to emails with the message “Happy New Year”

00’s-10’s – Were the target of more elaborate viruses which included the ILOVEYOU virus capable of deleting files. The Anna Kournikova virus that spread through emails and promised pictures of the tennis player, but instead hid a malicious virus. The Koobface, which targeted social media Users.

While viruses began harmless and with the intention to further society into understanding how programming works, this information was then used for evil and shadowed the excitement of new technology with threats to personal security. Luckily the good always outweighs the bad and with many steps to prevent, counteract, and fight back against cybercrimes, the world can rest easy.

 

Contact ECMSI for any questions you may have about your network or if you think you fell victim to a virus or cyber attack.

Why Slackers Love Tech

You just gave your staff an extra 6-week paid vacation to check in with friends on Facebook, expose your company’s valuable trade secrets from smartphones, watch cat videos, and send résumés to your competitors  – all on your time, and your dime… That’s right: if a full-time employee wastes just ONE measly hour each day, it equals 250 hours burned – 6 weeks of paid time – on non-work-related activities.

 

Sites like Facebook, Twitter and Instagram are a constant source of distraction to people who feel like they need to keep in touch at all times.

Not only is work time being frittered away, but crucial company secrets slip through the cracks more easily. And sites being visited on your network expose your whole system to malware, hackers and online theft.

So, what are you going to do about it?

Face it – you rely more than ever on mobile technology. And you want to have faith in your team… But how do you know they aren’t secretly taking advantage of your good nature when they’re online?

You don’t. The only way to know what’s really going on at work is to monitor their on-the-job online activities.

Celeste O’Keefe, CEO at DANCEL Multimedia, a Biloxi, Mississippi, marketing firm, started monitoring her employees when she noticed some of them attempting to cover their computer screens as she walked by.

Since then, she’s fired four people for digital infractions. One was a man doing side deals with clients that should have come into the firm. She also fired a woman doing schoolwork on the clock.

Your rights as an employer to track web and e-mail activities of employees using company computers are well-established. But should you? And if so, how do you do so legally, and without damaging company morale?

Several good things happen when you check your team’s online behavior. For one, it can help your company avoid theft, embezzlement or other financial harm. Monitoring can also prevent gathering information about your employees’ religion, political views, sexual orientation or medical history. This could expose your firm to discrimination lawsuits.

Disciplining an employee for making negative comments about you online could result in trouble with the National Labor Relations if you have well-founded suspicions and documented agreement with your attorney and top managers.

Set clear policies. Document your corporate policy on Internet and device usage to make rights and responsibilities clear to everyone – and to protect you in the event of a legal challenge.

Inform and gain consent. It’s not enough to simply let your employees know you’ll be watching them. By being fully transparent and explaining the risks to the business from improper use of digital assets, you’ll steer clear of legal issues without putting a damper on morale.

 

How to Stay Cyber Safe During Your Summer Travels

The summer time is the busiest time of year for travelling and whether you are going to an exotic location abroad, taking a work trip or driving to your destination in the US, it is important to take good cyber safety precautions not just on the trip, but starting from booking. Keeping track of your digital behaviors could be one of the best prevention methods for cyber attacks while on the go. While people are at home or work they are connected to a secure network but that can change when they are away. Technically speaking when they are away people are more likely to connect to a network that they shouldn’t. Below are some helpful tips that you can use to protect your digital security and privacy while traveling.

The Adventure Starts with Booking

When planning your trip, and comparing all the final details, make sure the websites you are using to book are legitimate and secure. It can be very easy for a scammer to spoof a URL or make a travel sight seem real but really it is a ploy to grab your information. Always double check the URL and make sure the site is verified to be HTTPS. A good rule to follow is to always make sure the top bar in left corner has a secure indicator (see below) before making any online transactions with that site. Be aware of your email inbox as well, If you get an email that looks like its from a major airline and offering a too good to be true deal, do not click on the link.


Get Ready to Go

One of the best pieces of advice is to make sure all of your devices are up to date. Updates ensure that all your devices have the latest security patches and reduce their vulnerability to attacks. Be sure that you have a password set up to get into your devices in case of them being lost or stolen. Apps are also important to keep updated, especially those that hold precious information like banking apps. “Running the most recent versions of your mobile operating system, security software, apps and web browsers is among the best defense against malware, viruses and other online threats” says the U.S. Computer Emergency Readiness Team

Have a Great Time!

While traveling, worries such as flight delays, traffic or a variety of other nuisances could completely take your mind off cyber security, and that is understandable.  If you covered everything discussed up to now, then you should be very well protected and ready. However, there are a few other items to take note of.

Free WIFI may be too good to be true: Never use a WiFi that isn’t secured with a password. It could possibly be a fake hotspot set up by cyber criminals. Be cautious with Free Airport WiFi because even the legitimate one can be insecure.

Take Advantage of New Payment Methods: The last thing you want to happen is your credit card to be declined while you are on vacation. One good way to minimize the chances of your credit card information being stolen is to use payment apps such as Apple Pay, Google Pay or Samsung Pay. These services do not directly transmit your credit card number, instead they provide the vendor with a randomly generated code in its place. That information is useless to anyone trying to intercept it. this can give you peace of mind when making transactions in unfamiliar locations.

To all that are traveling this summer, it is important to stay safe, and while cyber security isn’t the first on your list when your sipping a margarita on the beach, you will be happy you prepared.

Why is Everyone Updating Their Privacy Policies?

For the past month, your email inbox has probably been flooded with companies updating their privacy policies online. Maybe you even thought they were fake and receiving spam because of the high volume. But there is a major reason businesses like Twitter and Facebook are all updating their policies online. These companies sending them have been preparing for a new privacy law enacted by the European Union on May 25th known as the General Data Protection Regulation.

What is the GDPR?

These new European Union Guidelines are limiting how companies can use and process the personal data of consumer, giving the average person more control over their information and how a company can track them. Under this regulation companies need to explicitly ask if they can collect your data, they have to answer if you want to know what that data is used for, and they must give you the right to permanently delete that information. Companies also must warn the public about data breaches within 72 hours of them finding out.

GDPR in the U.S.A

So why would this be affecting people in the United States? Well any company that conducts business within the EU will have to comply with these standards or face high penalties. While the United States is not enacting the same privacy policy standards major corporations are enacting them in order to keep their websites functioning overseas. Those companies that have not caught up to the privacy standards have shut down their websites within Europe while they catch up on the back end.

What Will GDPR Change?

These new set of policies are changing the way people think about their data and how companies use them. Companies use data to make significant decisions about you and how they interact with you. While no policy change of this magnitude has occurred on the internet since 1995, experts say the GDPR is going to be the leader in new privacy policies around the globe. The internet and the way people share, store and send data has drastically changed since 1995. So, it will not come by surprise that even more regulations will come out within the years to come about how personal customer data is treated and handled.

What is Blockchain Technology?

You may have recently heard of the word “blockchain” being thrown around in certain articles or news stories. Specifically, blockchain comes up when the crypto-currency Bitcoin is being mentioned.  Sometime the term is used interchangeably with Bitcoin which is inaccurate and can give blockchain a bad stigma, making people believe it is only something hackers use to stay anonymous. However, blockchain is very interesting technology that may just revolutionize the way in which we make any type of transactions in the future.

What is Blockchain?

Blockchain technology is designed to let you safely exchange any type of digital property (like money) without the need for a middleman (like banks). Skipping the middle man then makes the transfers faster, and cheaper. Blockchain is also a hard coded permanent record of all transactions that ever happened, once information is added, it is impossible to remove. This does not allow anyone to change the record of what transactions took place, making it a reliable record of what happened. Since no one can change the records, the blockchain is a trustworthy source of information that lets strangers agree that a transfer happened even if they do not trust each other.

Blockchain has also solved the double spend problem. Digital money, like bitcoin is just a computer file, so it would be easy for someone to copy, paste and counterfeit it. When digital money is spent, its publicly added to a receivers account, so if a scammer tries to spend money twice, it can easily be discovered. Not needing a third party to handle the double spending problem allows digital property to be sent directly from one person to another.

How Does Blockchain Work?

When a transaction is sent (using the example of money), that transaction is recorded on EVERY record of the blockchain around the world. Each copy is an identical record of all transactions. Once one stranger gives money to another, now every stranger has a record of the transaction, the blockchain then compares all the transactions to make sure they all match. If a record does not match throughout the blockchain, the transaction does not get approved.

When a transaction is approved, it is placed into the block and given a unique transaction code. This code in the blockchain is directly related to past transactions and future transactions, making it impossible to go in and change. This permanent record will make it safe for people to directly exchange digital property without an expensive middle man.

What Use Does Blockchain Have?

  1. Entertainment: now people have the ability to pay an artist directly. Readers can pay authors directly. Artist can now self publish onto blockchain platforms and cut out all middlemen.

2. International Payments: Payments by companies and individuals become fast, cheap and secure, blockchain also ensures the money changes hand fairly.

3. Voting: With blockchain people could vote directly and from anywhere. Voting can be securely counted in a system that cannot be changed after the fact.

4. Ownership Records: By permanently  recording everything, this technology automatically ensures that the ownership for anything purchased can easily be proven. Currently purchase records exist in paper or items that can easily be corrupted or lost, changing this can reduce the possibilities of fraud and disputes.

5. Charities: Donations can now be tracked all the way from giving, receiving and spending. Blockchain can ensure that donations get to right people and used for what was promised. This allows for more transparency and accountability.

There are many more uses for blockchain  and the technology is still in its infancy, but as more and more practical uses come up we can start to see a huge shift in how we will exchange property. We will also have a more secure online market where people can trust that their personal data will not be compromised.

Local Governments Cyber Security Crisis in 8 Charts

Within the past few weeks, two large American cities learned that their information systems were hacked. First, Atlanta revealed that it had been the victim of a ransomware attack that took many of the city’s services offline for nearly a week, forcing police to revert to taking written case notes, hampering the Atlanta’s court system and preventing residents from paying water bills online. Then, Baltimore’s 311 and 911 dispatch systems were taken offline for more than 17 hours, forcing dispatchers to log and process requests manually. Both attacks could have been prevented. And they are more evidence of the poor, if not appalling, state of local government cyber security in the United States.

We know this because in 2016, in partnership with the International City/County Management Association, we conducted the first-ever nationwide survey of local government cybersecurity. Among other things, the survey data showed just how poorly local governments practice cybersecurity.

Under near-constant attack, but not fully aware

Nearly half – 44 percent – of all the respondents told us they experience cyberattacks at least daily. Based on prior research, we are confident that rate is actually much higher.

The volume of attacks isn’t dropping – and in some cases it’s increasing.

But even so, many communities didn’t know how frequently they are attacked, and most didn’t count or catalog initial attacks – though more than half did track more serious incidents and breaches.

More than half weren’t able to determine who was attacking their systems.

Unprepared to respond, and with not enough support

Certainly, there are local governments that do a commendable job with cybersecurity. If previous research into government information technology systems and electronic government can be a guide, they are most likely larger, more well-funded and more well-managed governments. However, the data from our more recent survey strongly suggest that at least some, and perhaps even a large fraction of, local governments may be unable to respond to electronic intrusions.

In part this is because few local officials are aware of the need for cybersecurity. Nearly two-thirds of the respondents to the survey, who were nearly all information technology or cybersecurity officials, said that top managers understood the need. However, among other groups in local governments, awareness dropped considerably. Perhaps as a result, support for cybersecurity efforts was also not as strong as Atlanta’s and Baltimore’s experiences suggest it should be.

With most local government officials and staff unaware and unsupportive, it is not surprising that cybersecurity is so poor among American local governments. Atlanta Mayor Keisha Lance Bottoms admitted that cybersecurity was not a high priority, although “it certainly has gone to the front of the line.”

And yet, crucial barriers remain, largely to do with how much money is allocated to cybersecurity efforts.

Getting more people in the know

If local officials are going to do a better job protecting their information assets, they’ll first need to know a lot more about what’s actually happening. The numbers of survey respondents who answered “Don’t know” to our questions was surprisingly high. No top local officials, whether elected or appointed, should be unaware of basic cybersecurity information, like whether their systems have been attacked or breached, or who’s attacking their systems and why.

Knowing these answers will only become more critical as computing becomes more deeply embedded in systems running “smart” cities. If computers control traffic lights, sewage plants and electrical grids, then the consequence of attacks is more severe than just loss of information or computer services.

Source: Norris, Donald, et al. “Local Governments’ Cybersecurity Crisis in 8 Charts.” The Conversation, 3 May 2018, theconversation.com/local-governments-cybersecurity-crisis-in-8-charts-94240.

This article was originally published by The Conversation. See here