Preventative Cyber Security

There is a growing movement of IT professionals who are looking at the idea of preventing cyber-attacks and data breaches before they happen – otherwise known as Preventative Cyber Security. Small- and medium-sized businesses are leaning toward this technique as a way to stop a hack, breach, or malware in advance from happening to their company as they are realizing that even smaller businesses are vulnerable. Here are some things to consider if your company hopes to avoid becoming an all-too-familiar statistic of cyber crime.

 

  • Understand Threats – Know what security threats are out there and may find their way to your doorstep. This may mean bringing in an IT specialist or beefing up the IT department you already have.
  • Understand Vulnerabilities – Have a risk assessment done on your network, look for problems that may red flag your software, internet connection, or computer devices as open to hackers, malware, or data breaches.
  • Make a Plan – Create a security plan that includes every single one of your devices, including mobile devices used by people who work remotely or salespeople who often connect to the company data remotely.
  • Simulate – With help from IT experts, your company can simulate a breach or hack, and pinpoint your business’s strengths and weaknesses.
  • Follow the Plan – Depending upon what the conclusion of your research shows about your company, you may need to consider: training for employees about about password management and mobile device usage, routine checkups for software updates, licenses, and patches, an increase in front-line defenses such as firewalls and web-filtering devices, and an increase in anti-virus/anti-malware software.

 

Call M&H Consulting for any IT security issues 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

Lock down your Smartphone

Where would we be without our mobile devices? We use them to keep track of our busy work and home lives. We use them to navigate traffic and circumvent construction hold ups. We use them to connect with clients and communicate important business dealings. Can you even remember a time when you conducted business chained to a desk?

 

Businesses rely heavily on mobile devices, especially smartphones, to keep track of business calendars, client data, and to communicate with consumers on a daily basis. So keeping that vital device safe and secure is critical. Let’s look at some of the ways you can lockdown your device and keep your sensitive information private.

 

Today, smartphone users have a multitude of ways to lock and unlock their phones including face scans, fingerprint presses, PIN codes, location detection, and the list goes on.

  • iPhones – Currently, iPhone users have the option of Touch ID fingerprint scans and a PIN code, which these days has to be six digits long (ramped up from the former four digit code). The next generation of  iPhone will offer some sophisticated face recognition tech as well as.
  • Android phones – For these versions of smartphones there are more manufacturers and models to consider, and thus more variety in options. For example, the fingerprint sensors and PIN codes are standard virtually everywhere now. The Galaxy S8 from Samsung was one of the first major flagships to introduce iris scanning as an option. Overall, most Android handsets also support pattern unlock, which is slightly more convenient than a PIN, with a smaller number (including the Galaxy S8) offering their own take on face recognition too.

 

Almost all smartphone locks have been hacked, so try to follow some simple rules researched and recommended by the Guardian to increase your security.

  • Install the most recent software updates to maintain the most recent security fixes.
  • Be warey of the Apps you install.
  • Be sure to lock your device whenever it is not in use.
  • Plan ahead and have tracking capabilities on your phone in case it is stolen or lost.
  • Don’t leave online services unlocked.
  • Be wary of public or open WiFi.
  • Review your Apps often and get rid of the ones you no longer use.

 

Call M&H Consulting for any IT issues 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

Hackers: The Good and the Bad

Between pop culture movies such as The Matrix, Mr. Robot, The Net, and Hackers, and the constant news coverage of cyber events such as the recent Equifax, Verizon, or WannaCry breaches, most Americans have a pretty good idea of what hacking is all about. But is this accurate? Are all hacking incidences bad? Let’s take a closer look at the types of hacking and how it can impact users as well as IT departments globally.

 

When asked what a hacker is, most of us would answer something like this: Someone who has expert computer programming knowledge and uses this to gain unauthorized access to systems, corporations, governments, or business networks, in order to cause problems, delays, or lack of access. This type of hacker, who usually has malicious intent, whether it is stealing data, passwords, or money/valuables, are considered Black Hat Hackers.

 

There are, however, other types of hackers. These hackers are considered White Hat and Hacktivists. White Hat Hackers or “good hackers” are those individuals who break into computer systems to root out security flaws or bring attention to a cause. Their intentions are not necessarily to wreak havoc, but rather to do a public service. Many times these White Hat Hackers are hired by security companies or the businesses themselves to pinpoint network vulnerabilities that should be shored up in order to prevent a Back Hat from discovering the weakness.

 

There are still other types of hackers known as Hacktivists. They are groups that have ideological beliefs about government, politics, and/or the greed of large corporations, and they tend to use their hacking expertise to further their groups cause or ideology. One such group that you may have heard of before is Anonymous or Lulz Security group. So, as you can see, there is more than meets the eye to the groups we tend to lump together into the criminal hacking type. While there are a multitude of malicious hackers, there are still some out there with good intentions and those who hope to use their expertise for the greater good.

Red Flags for the latest Phishing Scam – “Office 365 Account Compromise”

Are you one of the 70 million active users of Microsoft’s Office 365? Since 1 in every 5 corporate employees and most federal and governmental employees use this, you are not alone if you have fallen prey to the latest phishing attack. According to the Better Business Bureau, “Scammers send an email claiming to be from Microsoft and notify the user that their account has been suspended. The message then states that in order to take action, you must click on a link in the email. Once the user has clicked on the link, they are asked to provide their login credentials. If the user follows through, their account is compromised. This will only allow the criminals to gain access to the user’s contacts, but also to confidential information about your company that could leave it susceptible to internal hacks.” How can you tell whether an email is real or a phishing attempt by scammers? First and foremost, specific to this particular phishing scam, Microsoft does not issue suspension notices by email. Second, there are tell-tale signs of a fake email.

 

These Red Flags should put you on alert:

 

  • You don’t recognize the sender’s email.
  • The sender’s email is from a strange domain name.
  • The email seems to be from someone you know but it is out of the ordinary that they would send you an email of this kind.
  • The email has an embedded hyperlink.
  • The email is addressed to an unusual mix of people or people who have no connection to you.
  • When you hover your mouse over a hyperlink that’s displayed in the email message, the link-to address is for a different website.
  • The hyperlink has a misspelling of a common website.
  • The email is blank except for the hyperlink.
  • The email was sent at an unusual time for business – say 4 am.
  • The email is a reply to something you never requested.
  • You notice an attachment with a possibly dangerous file type. The only file type that is always safe to click on is a .txt file.
  • The title of the email claims a negative consequence will happen if you ignore the email.
  • The email has bad grammar or spelling errors.
  • You have a gut feeling that something seems illogical or off by the sender, content, addressee, or other item.

 

Want to know more about phishing scams and how to protect your business? Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

Mother Nature and Disaster Recovery

Let’s take a walk down memory lane. Remember Hurricane Sandy in 2012 when it shut down data centers in New York including servers hosting BuzzFeed, Gawker, Huffington Post, and other sites. A general loss of power in companies all over the area caused outages and loss of connectivity and ultimately loss of data. Fast forward five years and we have recently had three very powerful hurricanes – Harvey, Irma, and Marie – that impacted the states of Texas, Louisiana, Florida, and the territory of Puerto Rico. Businesses all over those regions dealt with loss of power, flooding and destruction due to high winds. Is your company ready for an act of nature, whether it is a category five hurricane, a tornado, snow storm, flash flood, earthquake, or any number of other things that Mother Nature can throw at us?

 

Here are some things to consider when designing your disaster recovery plan.

 

  • Create a Disaster Recovery Plan or Plans – Don’t have a disaster recovery plan? Ummm well you should. While action may differ depending upon the event, all businesses should plan ahead for a disaster. The plan should include not only what steps to take to protect, recover, and rebound from a disaster, but also how the data will be handled. The plan should prioritize critical processes depending upon emergency scenarios and each team member’s response role.
  • Complete a Data Review – Map out exactly where all of your data is and where you would need to access to regain control of backed up data. Your business team should do a periodic review of where all the digital assets are so that the information can be easily dealt with in the case of an emergency.
  • Risk Assessments – Have a professional risk assessment done on your company including your hardware, software, and all the data you have stored. Identify your system vulnerabilities and patch them up as best you can. Once inspected, if anything is not up to par you should seek outside expertise for recommendations to secure your data.
  • Assess Back Ups – If you do not have multiple layers of back ups depending upon the data, you will be in a tough spot once a disaster strikes. Be sure to have a backup plan and a solution for each area that you deem a priority. Customers expect that even after a large event that their data is accessible again fairly quickly.

 

Do you have questions about Disaster Recovery or Backup Plans?  Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

Data Breach at Yahoo

Do you Yahoo? Or more accurately, did you Yahoo in 2013? Well, if the answer is yes, then you may want to continue reading and find out more about the latest breach that has hit the internet world. Chances are that if you had a Yahoo email account in 2013, you may be one of the billions, (yes billions with a B), with your personal information compromised including: your name, email address(es), password(s), birthday, phone number(s), and, in some cases, security questions and answers could have all been compromised.

According to investigative reporting by the Associated Press and CNN, “it’s unclear who exactly was behind the 2013 break-in, but cybersecurity analysts reported in December that the stolen data was up for sale on the dark web, a murky network only accessible through certain software.” On its part, Yahoo will send emails to the additional affected accounts and continue forensic investigations to find out who is responsible for the hack.

Some advice from the technical experts on this case suggest:
Deleting your Yahoo account and then checking later that it actually was deleted as many users are finding it difficult to delete.
Check all of your online accounts – especially if you use identical passwords for multiple accounts. This may limit the fallout of the breach for your personal information.
Install a password manager to help you come up with new passwords and try not to reuse old passwords.
Change your password and enable 2-factor authentication. This essentially ties your account to a device, such as your phone, and makes it more difficult for any hacker to login remotely. Although this does not undo the damage of your compromised info it does stop a person from logging in under your Yahoo account somewhere else.

Check back with M&H Consulting as we stay on top of recent breaches and will keep you up-to-date. Call M&H Consulting at 1-(866)-964-8324 or visit our website at http://www.mhconsults.com

Are Pop-Ups Dangerous?

Are you tired of the constant “pop-ups” on your computer every time you try to surf the web? I know I am! These pop-ups bring advertising that usually has nothing to do with the website and often tries to convince the viewer that they need some type of security software by claiming that the system is infected. Worse yet are the pop-ups that have adult content or offensive ads that are not appropriate for younger viewers. But aside from being annoying and sometimes inappropriate, are they dangerous? Could these seemingly innocuous ads harm your computer? Let’s take a closer look.

 

According to the website The Insider, 50 percent of all ads are closed before they have even finished loading, and whilst this study was only based on a survey of 36 people, the over 10-million users of pop-up blocking extensions on Chrome says something about the popularity of these sometimes unwelcome website visitors. Over the years computer users have become accustomed to the occasional pop-up ad and have learned to either use blockers or ignore the ad altogether. Most pop-ups are harmless forms of advertising, but there have been pop-ups that are more sinister than the typical marketing ploy.

 

Safety When Dealing with Pop Ups

 

  • A general rule of thumb when dealing with pop-up ads is to not click on it if you don’t know the site or don’t fully understand the ramifications of activating the pop-up.
  • Clicking on an ad of this nature could redirect the user to another website that could be infected or geared to steal your personal information.
  • Some pop-ups are said to have malware embedded on the code of the ad. So be sure not to click unless you trust the source.
  • In addition, never reveal your email, name, personal I.D., or sensitive personal or financial information.
  • Do not fall victim to the Scareware pop-ups that want you to pay for a fake anti-virus software, drive-by download pop-ups, or pop-ups which install malware when you close them.

 

For those of us who live on the internet, whether it is for shopping, researching, or working, the best practice is to keep to well known sites like Google, Bing, Yahoo and other big-name blogs/sites/etc. then the likelihood of you getting propositioned by a malicious pop-up is small.

Physical Security – Best Practices

Safeguarding client and consumer information is a top priority, and many business owners spend countless hours researching and investing in the best antivirus, antispyware, and antimalware options out there. But while creating a great cyber defense is a good idea, it is also a good idea to make sure that you are doing the same for the physical security of your office as well.

 

  • Lock Up the Server Room – Your servers are the core of your digital information. Without them things will go from bad to worse in a heartbeat. Be sure to lock all server rooms and create policies requiring that those rooms be locked when not in use.

 

  • Protect from Fire – Be sure that your servers are protected in the case of a disaster such as a fire. Most server rooms and high tech companies are using fire suppression systems that use Halon to protect critical business systems.

 

  • Protect Portables – Most companies have numerous mobile devices that are used by employees. Be sure to have a system in place to lock these up after hours. All devices that would be easy to walk away with should be locked and stored in a special location or potentially go home with the employees nightly.

 

  • Surveillance – It is important to know who has physically accessed your computers daily, so it is best to not only have individual logins, but also consider surveillance that can keep an eye on your physical property.

 

  • Rack Mount Servers – When designing your server room consider using rack mount servers that take up less space and are easily locked and bolted to the floor.

 

  • Secure Workstations – If your office sees a fair amount of traffic you will want to create protocols for employees to lock or safeguard against someone logging in at their desktop while they have stepped away.

 

Do you have questions about securing your hardware? Call M&H Consulting today at 1-(866)-964-8324 or visit our website M&HConsults

Practicing Safe “Internetting”

We all love the internet. We shop, browse, read the news, network, hunt for information, and play on social media. But while we are busy doing all these things, there is always the risk of being vulnerable to a cyber crime. Do you know what to look for and what should raise a red flag? There are so many risks to be wary of, including: phishing, viruses, spyware, fraud, and malicious websites with the goal of stealing personal information. Here are a few steps to take to practice safe “internetting”.

 

  • Exercise common sense. If a website or link does not look legitimate, then do not click on it. For example, be wary of websites which promote schemes that involve the recruitment of others, receiving money for other people, or advanced payments.
  • Check the website info for errors such as address errors, misspellings, or things that look out of place. Make sure that names match and the website and email have common names so that it does not redirect you to another site.
  • If there is NO icon of a padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site.
  • Only download software from sites you trust. Carefully evaluate free software and file-sharing applications before downloading them.
  • Type in a trusted URL for a company’s site into the address bar of your browser to bypass links in an email or instant message.
  • Never open an email or a link in an email that looks suspicious, such as one from an unknown source.
  • Don’t click on an unknown pop-up as it may be spyware. Never click on pop-ups that claim you have won millions of dollars. These are scams.
  • Do not give out personal info to websites that you don’t know or have not dealt with in the past.

 

For more information or training for your clients or employees on safe browsing online, call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults

You’ve Been Hacked! Now What?

Millions of Americans have had their personal information exposed over the past ten years with thousands of small- and large-scale hacks responsible for most. Maybe you opened an email you shouldn’t have or maybe a company that you do business with was vulnerable to cyber attacks. Either way, now you need to figure out what the next steps are and how to protect yourself moving forward.

 

If it is your personal computer that is compromised, then there are several steps you should take to rectify the situation.

 

  • Isolate the computer so it can not interact with other networks. This will prevent the hacker from continuing to be able to obtain files and other information.
  • Shutdown and remove the hard drive to stop it from damaging other files. If you don’t feel comfortable removing a hard drive yourself or you don’t have a spare computer then you may want to take your computer to a reputable professional who can help you.
  • Scan for Problems – Using antivirus, anti spyware and anti malware, scan for problems once your drive has been placed in a secondary computer. Remove all problems from the hard drive.
  • Back up important files if you have not already done so. Copy to a clean drive.
  • Decide on what to do with the old drive. Talk to a professional about scanning, cleaning and replacing the old hard drive back into your computer once it has been dealt with and can be reused safely and without threat to your system.
  • Reload the operating system and all security measures. Update software wherever possible to have the most recent security protocols available.

 

If you are a business owner and you have been hacked it is best to call in the professionals for a thorough investigation, notification to clients and solution to getting your system up and running again. If you have hacking issues or want to avoid them call M&H Consulting today at 1-(866)-964-8324 or visit our website M&H Consults