Tag Archives: security

Keep Your Business Thriving in a World of Risks

Managed security can protect your Business from cyber attacks.

In the early 2000s, cybersecurity risks began to increase in their effectiveness, but antivirus (AV) solutions kept small and medium-sized businesses (SMBs) safe. With AV updates, employee training, and software patching, most SMBs were able to avoid the worst of cyberattacks—until now. 

Incidents like the WannaCry ransomware attack, which affected organizations across the globe, served as wake-up calls for many that cyberthreats are changing, and many companies still aren’t prepared. Many SMB owners know someone who’s been forced to pay a ransom to retrieve data or even had to shut down because data and systems were too costly to restore or weren’t restored as promised. Still others have experienced cleanup costs from other malware attacks. 

Many SMB owners think they won’t be targeted due to their size or small attack surface. Yet as this chart shows, that simply isn’t the case. Cybercriminals increasingly target SMBs, as it much easier to circumnavigate their defenses than those of enterprise companies. 

The Truth About Security for Your Small to Mid-sized Business

Yes, you are a target: 43% of all cyberattacks targeted small to medium-size business (SMB) operations in 2018. Source: Verizon. Here’s why: Many cyberattackers see SMBs as an easy entry into their larger customers. SMBs were responsible for the Target and JPMorgan Chase data breaches. Even if they aren’t targeting larger partners, cybercriminals can still make money off SMBs who have valuable data (and they almost all have valuable data). 
You may not know you’ve been hit: It takes companies an average of 279 days to realize they’ve been hit by a data breach, increasing the business harm. SMB clean-up costs are high: The average cost of a data breach for organizations with fewer than 500 employees was $2.74M in 2018. 
Did you know?: Of all SMBs that are attacked, 60% do not reopen.

The Risks Your SMB Faces Grow Every Day 

Connections are growing: Businesses are using more devices, applications, and cloud services than ever before. Shadow IT is a real problem: Your employees are likely using more cloud services than you know about, creating a blind spot for your IT team and your organization’s security. 
Passwords are a weak link: Employees often reuse passwords across accounts and use easy-to-guess passwords. Human error is hard to prevent: Your employees may use public Wi-Fi to do their work, accidentally click on phishing emails, or share sensitive data on cloud services or flash drives. 
The latest threats elude AV: Weaponized documents, fileless threats, zero-day threats, and ransomware lack signatures and can slip through scheduled AV scans. You may have compliance risks: If your SMB works in a heavily regulated business, you could face regulator fines in addition to cleanup costs. 
Data sharing: Your partners may not have air-tight security, exposing your data to unauthorized access. 
Businesses today rely on their digital assets increasing security risks.

What You Can Do About Cybersecurity Risks? 

It pays to get tough on cybersecurity. Enhancing your security posture proactively can help you harden your defenses and protect yourself from threats before they hit your company networks and disable your business, systems, and data. 

When you invest in managed security, you get: 

  • A comprehensive solution for all your security needs 
  • Cloud-based solutions that are updated automatically with the latest threat data 
  • The ability to “roll back” any systems hit with ransomware to a pre-infection state 
  • Complete security coverage and simplified cost structures 
  • An end to security management headaches and worries 

Get started with managed security today. 

As soon as you focus on preventing downtime events instead of reacting to them, your IT infrastructure will increase your productivity. EMCSI offers a FREE Network Health Assessment to identify what devices are on your network and where your vulnerabilities lie.  Call Shane Nesbitt, IT Consultant, today to schedule : (330) 750-1428

www.ecmsi.com

How to Avoid Becoming the Next Hacking Victim

Cyber attacks are so common now that hardly a week passes without news of another major network security breach involving a high-profile company. Well-known brands like Target, Sony and Yahoo have all fallen victim to security breaches in the last few years.

But hackers don’t just limit themselves the market’s major players – they will, and do, attack companies of all sizes, exploiting their weak defenses to infiltrate and steal valuable corporate data. In fact, smaller businesses are seen as much easier targets, because they usually lack the robust defenses that large enterprises routinely use.

So why should you worry about being next? The costs of a network security breach can be enormous, sometimes even crippling. One study from the National Cyber Security Alliance reports that around 20 percent of small businesses fall victim to a cyber attack each year, and of these, just 40 percent are still around six months later.

Can your business foot the bill from a major cyber security breach? Not likely.

Keep the bandits out

At ECMSI, our overriding goal is to help your company thrive, but you won’t stand a chance of doing that if your servers are leaking corporate and customer data all over the place. That’s why we make your network security such a big priority. We want to see our customers to succeed — and enjoy longer-lasting relationships with them.

As one of the leading Managed Services Providers, we’ll strive to protect your network against everything attackers can throw at it.

Our big secret is that unlike other MSPs, we take time to get to know our clients and help them understand how to take full advantage of their technology.

When we uncover your unique risks and concerns, we prepare a plan to help you defend against the wide variety of cyber threats that could slow down and damage your business — and your reputation — including ransomware, insider attacks and other viruses.

And we go further to proactively avoid these threats by teaching you best practices to minimize the risk of becoming a victim in the first place. We’ll also help get you up and running with the latest antivirus software, firewalls and threat detection software to ensure your network security is as tight as it’s possible to be.

Your depend on your business technology to be successful, that much you know already. But it can also become your Achilles’ heel if your network defenses aren’t up to scratch. Contact ECMSI today and we’ll show you how to avoid becoming headline news for the wrong reasons.

Fight Back! How to Scam an Email Scammer

Wouldn’t it be nice if the Nigerian Prince that just so happened to email you would actually deliver on his promise of depositing that “$2,000,000 USD” into your bank account? Hopefully you know that this is just a scam to steal your financial information, however, many people around the world have fallen into the traps of these phishing emails.

“The idea is to waste their time and make it impossible for scammers to turn out a profit, it also delivers satisfying karma and allows you to scam a scam.”

These scams are so well known that they do not fool many people anymore, but it can be quite annoying when we receive these emails. If you’re one of those people that enjoy a good prank and like to humor an obvious scam, then look no further. A new service from NetSafe called Re:Scam can help you waste the time of email scammers to prevent them from moving forward to another victim. So just how does this service waste the time of “Nigerian Princes” and “UN Bureaucrats”? In the funniest way possible.

Re:Scam is a AI-powered chatbot designed to draw out the conversation and exchange as long as possible. All you do is forward an email from a scammer to [email protected], the chatbot then uses a proxy email address to communicate with the crook. The idea is to waste their time and make it impossible for scammers to turn out a profit, it also delivers satisfying karma and allows you to scam a scam. Some of the funniest interactions go something like this:

Scammer: “Do you wish to be a member of the great Illuminati family? Do you want to be payment $5,000,000 weekly? Let us now if you are interested in success.”

Chatbot: “Dear Illuminati, What a wonderful surprise. I’d love to join your secret club. Do you do a bingo night?”

Scammer: There is not bingo night. Please complete attached form with bank details for your receive full payment of 5 million.

Chatbot: Terrific! But to avoid detection I’m going to send my bank account details through one number at a time.  Ready? 4.

Scammer: “This is not necessary”

Chatbot: “7”

The full video from Netsafe can be found here

The video mentions that email scamming is a billion dollar industry, and it is time to fight back with a sort of eye for eye treatment. If these scammers are going to try to waste our time we might as well waste theirs. If everyone began using this service we can help prevent them from moving forward and soon enough stop these emails by making these scams completely useless to attempt.

 

How to Identify a Phishing Email

You wake up and like many of us today, you immediately check your phone. Scrolling through your email you see a message in your inbox that reads “Microsoft account security alert” this email then goes on to explain how someone might have accessed your account and how they may have your password and access to personal information. The email then contains a button you can click through to “recover your account”. This email looks a little something like this.

Seems normal enough right? WRONG. This email contains an abundance of red flags that to someone not so tech savvy could fall victim to. This email is meant to be malicious and ironically while it is trying to get you worried about your information getting hacked into. It is trying to hack into your information. Let’s dive into what these red flags are so that others do not fall victims to these malicious emails.

To begin with, this email claims it is from the Microsoft team, however within the email itself we see no Microsoft branding of any kind, and is overall poorly designed. The next indicator of suspicious activity is that the email keeps mentioning a Microsoft account has been accessed, but shows a Yahoo email address. The person who received this email knew that their email address was not registered with any Microsoft account, especially being that they were a Mac only user. There was also not enough characters or asterisks that reflected any email this user had.

This is just one example of a phishing email and there are many more, some are formatted well, others are blatantly a scam, but paying close attention and really evaluating each point the email is trying to make is extremely important. Be sure to be on the lookout for other signs such as:

  1.  You are asked to send money to cover expenses.
  2. The message asks for personal information.
  3. The message contains poor spelling and grammar.
  4. The email contains mismatched URL’s.
  5. The offer of the email seems too good to be true.

Finally, if something in that email just does not seem right to you, there is most likely a reason why and immediately. If an email looks suspicious and catches you off guard or does not relate to any recent activity you have done online, it is best to not act upon that email and flag it as spam and delete the email immediately. Clicking through could cause major issues to your computer system or others if it happens in your workplace. Be sure to always be attentive, be curious and ask questions and stay protected!

 

My Coffee Machine Got Hacked

In today’s world it seems like anything can fall victim to a cyber attack. We all know that a computer, wireless network, server, (etc.) can be compromised. Now imagine that you’re at work and you see a ransomware message on your coffee machine’s screen. That’s right… a COFFEE MACHINE. This may sound ridiculous but it did happen and could happen to any workplace. Bet you didn’t know ransomware is now a part of the new continental breakfast.

A chemical engineer with a degree in computer science posted this instance on Reddit and explained exactly what happened that led to this attack on their workplace coffee machine. It all began when a factory worker encountered a ransomware message on his computer, he then called the help desk to get the issue resolved and stepped out to grab a cup of coffee. The worker then noticed the same message on the coffee machine’s screen. Now, this ransomware did not just shut down the employee coffee supply and hold it for ransom (which, that would be a whole other nightmare),this ransomware spread throughout the factory and shut down factory systems. So how did this all happen?

Coffee machines are supposed to be connected to their own isolated WiFi network, the person who was installing the network made the mistake of connecting it to the internal control room network, when they noticed the coffee machine still wasn’t getting internet they then connected it to the isolated WiFi network. While a hacker was poking around in their systems they noticed that huge security fall and managed to squirm their way into the system and gridlock the entire factory network.

A coffee machine is not the only issue, practically any computer- implemented or computer enabled device can be compromised, this then leads to a wild search for what else is connected to that same network that could also become infected? Network vulnerability is like a screen door. If you do not pay attention and their is the tiniest hole in the screen somehow at least one fly will manage its way through and get into your home.

Being proactive and making sure your systems are always being monitored for any issues is very important. Implementing the right security precautions and making sure your network is sealed tight is the only way to prevent malware from grid locking your network. Finally, please make sure your office coffee machine is installed properly!

What Does your Business IT and Car have in Common?

THEY BOTH NEED TO BE INSURED!

When we talk about car insurance the dark thoughts and questions begin to arise. What if I get into an accident? What if I’m travelling and left on the side of the road? What if someone hits me without my control? While all of these thoughts are very pessimistic, these things do happen, sadly, more often than we would like them to. This makes driving without some sort of car insurance seem completely ludicrous. So why should your business IT be any different?

Think about your business IT as the “vehicle” that keeps your company running. What if your network “crashes”, what if your employees are working and your computers decides to leave them on the side of the road? Or what if a hacker “hits” your network with ransomware or the many other hundreds/thousands of malicious malware that is out there today?

When talking about business IT “insurance”, we mean something a little bit different. You need to make sure that the technology in your business is secure, protected and keeps your employees as productive as possible in order for your business to stay viable. Like a car, you have to have some sort of disaster protection, or else a whole bunch of time, money and productivity of your business is lost on fixing the issue when it happens. The best “insurance” for your business network is using an outsourced IT service management provider, and here’s why.

When you outsource the management of your important IT resources they help optimize your networks performance, to make it work at the peak efficiency and reliability levels that your business demands. This can allow you to stay focused on running your business and not your network. This security, networking, data protection and user support is handled at a fraction of the cost than if your business decided to take on all of that cost itself. Risk is something your business deals with every day from market competition, to the state of the economy, don’t let your IT be another risk. Businesses have limited resources, and every owner/manager has limited time and attention. Outsourcing can help your business stay focused on your core business and not get distracted by complex IT decisions.

Secure your network today with ECMSI !

330.750.9412

 

 

Forgot Your Password? The Future May Help.

Probably one of the most annoying things about technology today is trying to remember all your passwords, from your desktop login, social media sites, down to your online financials, a combination of words and numbers can really start to all blend together. If you’re like most of us, you probably have the same password for everything. This practice is EXTREMELY unsafe, and not recommended by any IT technicians or service providers. So, is there any end in sight to the madness? Well, current trends in biometrics may just make passwords obsolete.

Today, many cell phone users are logging onto their phones and entering all their apps with their fingerprints. Apple’s “Apple Pay” on iPhones are becoming ever more popular and allows for users to pay with their cards at retail locations using their fingerprints to authenticate the purchase. The Samsung Galaxy S8 phone has an upgraded retinal scanner that can be used to unlock the phone and can be used as a second factor in authenticating any number of online services. Microsoft’s Hello is allowing Windows 10 users to login through facial recognition and a patent for the company indicates they are trying to develop ways to pair a touchscreen with gestures made on the screen to authenticate. Some ideas out there are even hinting at using brainwaves for authentication to unlock computers!

What will this mean for the future of passwords? Maybe soon all you will have to do is think about unlocking your Facebook page and like magic, it would work. While that may seem farfetched, who knows what the future can hold? Much of this research to eliminate passwords is being supported. In the U.K. the National Cyber Security Center is looking for proposals that will do away with passwords and is offering $32,160 in research funds per proposal.

However, while things are still in the works we will have to still stick to the “old-school” way of keeping our information safe, with your first pets name and your birth date numbers (did we get some of you??…). Until then, we recommend creating strong passwords (using capital letters, numbers and symbols) and using different passwords for each account you have.

 

Call ECMSI today for a free consult!

330.750.9412