Protecting Your Small Business from Cyber Crimes

In the last few months cyber crimes have been all over the news with the WannaCry Ransomware and other hacking events. It may seem like millions of miles away from your small business, but small and medium sized companies are just as vulnerable as larger corporations. You wouldn’t leave the door to your office wide open all day and night right? You take reasonable precautions to keep your business safe and secure, so be sure to do the same with your website and online data as well. Here are a few tips to protect your small business from cyber hacking and online dangers.

  • Stay Updated – Hacker News online suggests maintaining software and applications that are updated. The newer the updates the better as they will have the latest security.
  • Toughen Up Access ControlThe admin level of your website is an easy way into everything you do not want a hacker to see. Enforce user names and passwords that can not be guessed. Limit the number of login attempts within a certain time, even with password resets, because email accounts can be hacked as well. Never send login details by email, in case an unauthorized user has gained access to the account.
  • Tighten Network Security – Computer users in your office may be inadvertently providing an easy access route to your website servers. Ensure that logins expire after a short period of inactivity. Passwords should be changed frequently.Passwords should be strong and NEVER written down. All devices should be plugged into the network and scanned for malware each time they are attached.
  • Back Up Often – Back up your files on a regular basis to avoid losing data in the case of a breach.
  • Install the Highest Security – Your business should have the highest security protocols from software to employee protocols. If you have questions on how to protect your small business from cyber crimes call M&H Consultants.

Latest Cyber Attack

Just weeks after the WannaCry ransomware was announced, the world has seen yet another disruptive cyber attack. June 27, 2017 a more sophisticated global ransomware attack crippled computers from Eastern Europe to North America. What seems to have originated from a tax software provider in the Ukraine has spread across the continent of Europe and has even impacted Australia and the United States.

 

This attack impacted thousands of computers in a wide range of businesses such as: computers that operated ATMs, radiation monitoring machines at the damaged Chernobyl nuclear plant, and even computers that run chocolate production at the Cadbury company in Australia. What at first appeared to be an amatuer attack is now seen as a much more sophisticated attack that locks up files and demands ransom for access from tens of thousands of computers.

CNN is reporting that this, “ ransomware virus is a worm that infects networks by moving from computer to computer. It uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft (MSFT, Tech30) released a patch for the flaw in March, but not all companies have used it. EternalBlue was in a batch of hacking tools leaked earlier this year that are believed to have belonged to the U.S. National Security Agency.”

 

Early research into this attack shows that the cyber criminals hope to to destroy and damage. Unlike the WannaCry attack this latest attack has no easy kill switch. There have only been reports of a kill switch for one version and it is not known if that will be effective. Check back with us as we continue to cover this event.

 

 

Tips on Being Aware of Hacking

Hacking incidents are inevitable and one can never know if you or someone you know will fall victim to it. There are, however, several different ways to stay safe and stay on top hackers before the hacking is even done.

A few of the best ways to do so are:

  • Stay suspicious of emails – Email is used as a great communication platform, but this also makes it a huge security risk. Many cyberattacks happen through email. Phishing sends innocent emails that are meant to trick their victims. It leads them to a fake website asking for updates on their personal information. The best way to stay aware of emails is to check the sender and make sure it is someone you know. You can also check the IP address of the sender.
  • Link locations – Link locations is a huge one. Unknown messages always contain links to unknown sites. When visiting an unknown site it can have major consequences and it usually tends to mimic a familiar site, or it can also simply be unsecure and infected with malware the minute you visit. The best way to know where it is taking you is to copy and paste the link location into a new browser to check what site is on the other side. It is important to know that encrypted sites are always the safest one to visit. You will see HTTPS in the URL, as well as a lock icon on your browser.
  • Two-factor authentication – Two-factor authentication requires users to help enter several entry confirmations such as a code texted to a phone, before entering your password. This is a great way to stop attackers from stealing passwords. Most places now have made it as a standard for logging in.
  • Sharing personal data on Wi-Fi – It is best to stay away from checking your personal information such as checking your bank account, or buying a plane ticket when using internet in coffee shops, libraries or any free public Wi-Fi.

With these helpful tips you will be well prepared to in case of any phishing attack that occurs.

 

Google’s Latest Phishing Hack

Early last month, Google fell under attack in a huge phishing operation.

Many received an email that looked similar to an invitation to join a Google Doc from someone they knew on their mailing list. However, once they clicked the link to open the file, you were then directed to grant access to an app that looks like Google Docs. Instead, this was actually a program that sends spam emails to everyone you have previously mailed.

Specifically, this spam email included the following:

  • Used the name “Google Docs”
  • Used the existing Google login system
  • Bypassed any 2 factor authentication or login alerts
  • Only detectable as fake if you click “Google Docs’ while granting permission
  • Replicates itself by sending itself to all your contacts

This process of sending an email to trick someone into granting access into their personal information is called phishing. It is usually done for malicious reasons, just like stealing a credit card information or tricking someone into sharing their password.

Google released an official statement in which they mention they did indeed resolved the issue. They have removed the fake pages, updated all of their Safe Browsing preferences and system. As a result, they continue to encourage their uses to report phishing emails within their Gmail.

If you have or ever do receive an email like this, do not open it. Always remember to:

  • Change your password every three months
  • Make sure your passwords are long with lower and upper cases letters, as well as special characters such as several symbols and/or numbers
  • Make yourself familiar with the style and fonts and specific uses of Google Docs as it can be incredibly helpful when needed to detect a fake.

Cautions to take in Computer Hacking

Computer hacking can occur at the worst of times and when we least expect it. The worse of it being that once the hacking has occurred, you can never undo the damage that’s been done. However, you can take steps to prevent it. Follow along to find out how you can prevent a malicious cyber-attack.

  • SSL – Secure Socket Lockets are the next best thing when it comes to online security. Using an encrypted SSl protocol helps to prevent information being read in transit or gain access without the proper authority. For example, it can help safely transfer users’ personal information between a website and your database, without anyone else seeing it.
  • Updates – Updates are made because it is necessary to maintain the softwares functioning properly, and maintain all its security protocols. If an update is made for a phone, for example, it could be because of a security vulnerability. Delaying this will only expose you to attacks, which is what hackers are looking for.
  • Tighten network security – Doing simple and basic things such as changing passwords frequently, ensuring passwords are strong, as well as making sure all plugged into the network are scanned for malware each time they are attached can make a great difference. This can also apply to installing a web application firewall. A WAF can be software or hardware based, and its purpose is to fit between a website server and the data connection and read every data passing through it.
  • Remove autofill – Leaving autofill enabled on websites, can leave you vulnerable to attacks from any user’s phone or computer that has been stolen. With your information already plugged in and accessible, it is easy for hackers to steal it.
  • Back-up frequently – It is vital to ensure that everything is backed up. Whether it is weekly, daily, or 10 times a day in total, back everything up. From saving files, sharing docs, everything should be backed up. If the worst case scenario were to happen, it is important to backup in case one hard drive fails, etc.

With these helpful tips, you’ll be taking the right precautions to limit your chance of a cyberattack.

 

Tech Life Hacks (Pt. 1)

Technology can be complicated and understanding them can require a lot of work. Because of this, there are many tech hacks available to help make our technology experience easier and our overall lives easier through technology. Since there are so many hacks available, we have split these lists into a two-part series. Here is the first set of tips to help you get through your technology uses; stay tuned for the next set!

For quick browsing:

Type on “CTRL” and “Enter” at that the same time after typing a domain on the URL bar and the “.com” will appear.

For capitalization purposes:

Highlight a word or phrase and press on “Shift” and “F3” at the same time to switch the capitalization through lowercase, all uppercase and first letter capitalization. Unfortunately, this hack is only useful for PC devices.

For slideshow presentations:

When saving PowerPoint presentations, try saving it as “.PPS” rather than the standard “.PPT”. By doing this, you will be able to skip a step and automatically open your presentation as a slideshow whenever the file is opened.

For your headphones:

To keep your apple headphones handy and safe from getting tangled all up, stick them onto your macbook while doing work. Confused? Well, apparently the Headphones are able to stick onto macbooks like magnets.

To help you differentiate between left ear bud and right ear bud, and skip the misplacing process that can be uncomfortable, try painting or marking each ear bud with different colors.

Test these hacks out and stay tuned for the next set!

Hacking- A Year in Review

 

Over two billion records were stolen in 2016 alone. Unless you have been hiding under a rock for the past year, it has been hard to miss the reports of major hacking that impacted our American economy and our global one as well. From the 2016 U.S. elections to banks to medical records – hackers were able to breach large corporations(public and private)  and small businesses with equal skill. Let’s take a quick look and review the hackings that made the headlines this year. Visit our blogs again in the coming weeks as we discuss methods for you and your company to protect yourselves from hackers.

Feb 2016 Department of Justice –  Kicking off the year the Department of Justice was compromised. Hackers angry about U.S. relations with Israel tried to call attention to their cause in February 2016 by breaching the U.S. Department of Justice’s database. CNN reported the hackers released data on 10,000 Department of Homeland Security employees one day, and then released data on 20,000 FBI employees the next day. A full week went by before the department realized the hack had occurred. While no sensitive data was believed to be lost it brought attention to the fact that even the US is not immune to hackers.

May 2016 LinkedIn – Social media giant LinkedIn was compromised this year when 117 million email and password combinations stolen by hackers four years ago popped up online.It is not clear who stole the information or published it online, but LinkedIn is actively working with law enforcement officials.

November  2016 AdultFriendFinder– This X-rated website, was targeted by hackers for the second time in two years. This time, though, the amount of accounts compromised was immense — approximately 412 million users had personal information stolen and published in online criminal marketplaces.

 

screen-shot-2016-11-18-at-8-34-47-amInformation is Beautiful has been tracking Data Breaches since 2004.  This year saw the largest spike in hacking and the largest number of files stolen or compromised. Here is a quick screenshot of the latest breaches. They tally in real time and keep track of breaches daily.

Protect your Identity on Social Media

You probably have heard of many people getting “catfished” or of people “catfishing” others. This is one form of identity theft that usually comes about through a social media network with photos and identity information taken from other strangers’ profiles. The act of being catfished may not sound as serious to some. After all, it is social media, where pictures are easily taken; that’s what you sign up for when you create an account, right? Wrong. There are many things that can go wrong: someone can ruin your reputation by using your image or, even worse, gather information to piece together and create financial fraud, or any other serious identity theft crimes. But, don’t panic or go off to delete all of your accounts! We have some tips to help you stay safe.

Set your account to private. Keep all strangers from getting information about you. While doing this, go through the entire privacy setting to make sure everything you want to keep private stays that way. If you come across a setting you don’t understand, keep them closed anyway; it’s better to be safe than sorry.

Don’t give strangers access to follow you online. If you don’t know who those people are, you don’t know what their intentions may be in following you or adding you as a friend. After all, all it takes to file a fraudulent tax returns is a name, birth date and social security.

Use a hidden name. This can be a middle name or a nickname that only your friends and family would know, so that they can still find you online or know who you are.

Be aware of the content you are sharing. Make sure you are not mindlessly revealing the answers to your security questions online. Also, try not to post images that show the layout of your home so that strangers can’t figure out where you live. Avoid sharing your location and birthday, if possible.

Avoid clicking on random links on social media. This includes those random social media quizzes. Many times, those links can carry malicious and invasive codes along with them that can infect your account or, even worse, your technology.

Cyber Attack Trends to Watch out for

With all new technology trends come new cyber attack trends. According to an article in TechRepublic.com, 90 million attacks will hit tech users in a year and 70 percent of them will go unnoticed! Because of this, we have searched for the patterns of cyber attacks to be on the look out for years to come. Here is what we found:

Ransomware will continue to rise:

There have been many cases of ransomware in the past and they are expected to rise as a security problem in taking advantage of vulnerable servers. A large part of the reason for its rise is because this is one of the easiest ways of getting confiscated data back; you just pay the ransom.

Rise in attacks on Industrial Control Systems:

Let’s face it; many of our Industrial Control Systems are past the outdated stage of technology. Because these outdated systems were not designed with cyber security in mind, they are expected to be a security issue for the future.

More Sophisticated Spear Phishing:

With more sophisticated spear phishing, it will be more difficult to tell which emails should be avoided from those that are legitimate. Spear phishing emails are no longer as simple as a scam link being sent and asking to be clicked on. They are disguised as important business/company emails.

Hacking on Internet of Things:

Because the Internet is being applied in every device, even those, which were not originally built to connect online, many every-day appliances are expected to be hit with cyberattacks. These devices can be anything from an app-controlled coffee maker to self-driven vehicles. With these devices, privacy is limited once they are hacked. Hackers can get access to your home and business through these technologies.

Simply being aware of these cyber attack trends is not enough. Security measures need to be taken in order to prevent such attacks. For information on how to get ahead of these attacks, contact M&H Consultants!

The Best Way to Recover from a Hack

In the past we have touched base on the basics on recovering from a hack. Although there are many ways to prevent you or your business from becoming victims of a cyber attack, some hackings can be inevitable. Because of this, we are providing you with more information on the best way to recover from a hack.

The first step in the recovering process is to search for find out what exactly happened. During this step, make sure to keep the following questions in mind:

      What happened?

      Where did it happen?

      How did it happen?

      Why did it happen?

      Who did this affect?

      What was compromised?

Once you have all the answers to all these questions, you will be able to fulfill the following steps.

The next step is to let your clients and other stakeholders, that may have been affected by the attack, know what happened at a reasonable time. Give them information on what occurred, how your company will be handling the effects, and what they can do while the situation is being taken cared of. Depending on the damages, you may also want to seek legal advice as a business on the best ways to do so. Make sure to send updates on what is happening behind the scenes periodically.

One of the important steps in this process is to scan all of your devices and systems. Pay attention to any suspicious behaviors and look through any suspicious files, including codes, traffic and Internet bandwidth.

Once you have officially cleared your devices from all the damages and the holes in your system, it’s time to secure your accounts. This includes all third party passwords that may have been connected to the account or software that was hacked. If a software was hacked, then all third-party programs/accounts connected to it will also be at risk.

The final and most important step is to implement a strict security management system in your business in order to prevent another attack from occurring again. Need help determining a security management that works best for your business? Contact M&H for this and any other questions you may have.