Month: March 2018

Categories
Casserly Consulting Blog

Encryption Helps Keep your Smartphone Secure

mobile_safe_encrypt_smart_phone_400.jpg

These days everyone has a smartphone; and, they can do some pretty incredible things. One place that the average smartphone may seem to be a little loose is in the arena of data security. Today’s smartphones do, in fact, come with encryption by default, so there is some semblance of device security on every device. What does this mean? We’ll break it down.

“Smartphone encryption” describes the state in which the data on the device is scrambled so that people that don’t have the proper security clearance, won’t be able to see the device’s contents. While this is extraordinarily helpful for device security and personal privacy, it has nothing to do with protecting actual data transmission.

Without entering the credentials or biometric data that allows for a device to open, many of the features a device has are not able to be accessed. In fact, most modern smartphones won’t actually connect to a Wi-Fi network without the proper credentials. This is handled differently on the different mobile platforms.

Apple
The iPhone ships with 256 AES encryption. It is not stored on the phone (which could result in more successful hacks), a correct passcode combines with data stored on the Secure Enclave chip to generate a key that unlocks the device. This chip also holds biometric data (fingerprint and facial recognition) that can be used to open the device or use Apple Pay. Any Apple product that is repeatedly unsuccessfully opened will lock, stopping unwanted parties from getting into your iPhone.

Android
Since so many more people use the Android mobile OS, Google did not make device encryption standard until devices that run their Android 6.0 Marshmallow mobile OS. If your new Android device runs 6.0 Marshmallow or better, it now ships with encryption enabled. Since Google’s implementation of encryption depends on the manufacturer, some phones will use a key generation system similar to the iPhone’s, while others will use a more complex system called file-based encryption. File-based encryption allows for varying levels of decryption and provides unauthorized users access to a limited number of the features on the device.

In the News
Over time, there has been a push for mobile OS developers to build in “backdoors” to ensure that law enforcement can get into a device if/when they need to. Companies like Apple, Microsoft, and Google have had to field their fare share of criticism, but strongly defend their position. Apple CEO Tim Cook states the following, “In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks – from restaurants and banks to store and homes. No reasonable person would find that acceptable.”

Encryption is for your benefit. If you would like more information about modern digital cryptography or any other mobile security, visit our blog.

Categories
Casserly Consulting Blog

Tech Term: Defining Motherboard

tech_term_motherboard_400.jpg

Inside its casing, your computer contains many parts. While these parts may not be moving, they are hard at work, enabling you to use your computer to accomplish your goals. For today’s Tech Term, we’ll take a closer look at just one, the motherboard, and examine what it contributes to your device’s operation.

What the Motherboard Does
Your computer’s motherboard is its internal control center, the communications hub for the rest of the device. It is through this circuit board that all of the computer’s components and peripherals connect and share data. In this way, the motherboard is what makes a computer a computer, and not just a box filled with disparate components.

When the computer first boots up, the first thing to get power is the motherboard. Its different components then activate the various other parts of your computer.

Parts of a Motherboard
In order to properly function, the motherboard requires quite a few pieces to be present and correct. While the layout, or form factor, varies based on the specifications needed, all motherboards have these basic components incorporated.

Chipset – the chipset is what enables the transfer and flow of data between the various other components of the motherboard. Divisible into two parts, the Northbridge and Southbridge, the chipset allows the different components to communicate with each other.

CPU – The CPU is the part of the motherboard that relays information from the Northbridge to the different parts that it communicates with. A better CPU will assist you in having a fast and efficient computer.

Slots – A motherboard’s slots are what hold the different pieces that make up a particular motherboard in place. These pieces could include:

  • Random Access Memory, or RAM
  • PCI(e), which connects to expansion cards, like video, network, or sound cards
  • SATA, which connect to storage drives like HDD and SSD

In short, your computer’s motherboard is a small, but absolutely critical component to the function of the device as a whole. Have any more questions about motherboards, or any other aspect of your technology? Reach out to us and let us know!

Categories
Casserly Consulting Blog

Preventing Identity Theft Should be a Priority, But Do You Know How to Handle It?

identity_theft_Security_400.jpg

The more people use technology, the more they have to deal with the negative aspects of doing so. One of the most prevalent problems users experience today is cybercrime that leads to identity theft. What can you do to prevent this from happening to you?

How You Can Work with Identity Thief
There are numerous ways that a potential identity thief can gain access to the information they want. Since businesses often collect a lot of data, would-be identity thieves have both more data to steal, and typically more access points in which to get into the network. Additionally, a lot of companies may say that they have hackers as a top-of-mind threat, but since a comprehensive cybersecurity strategy requires that everyone within an organization buy into it, there are usually some holes left open though a lack of employee diligence; or, worse yet, blatant employee indifference. Since throwing employee regulations out there won’t stop someone who is hell-bent on getting the information, knowing how to protect your business becomes critical.

One-way hackers can get sensitive information is though the trash. You’ve seen it in movies and on television: organizations go through the mail and recreate shredded documents to get sensitive information. That’s why doing what you can to create a paperless office can go a long way toward protecting against the dumpster-diving thieves of the world.

Your Responsibilities if You Allow Your Clients’ Identities to Be Stolen
No matter how diligent you are about your data protection, there can be a time where your network is breached, and your clients’ sensitive information could be stolen. To help your clients out, you’ll want to provide them with the following information:

  • Notified Banks or Creditors – If it was financial information that was stolen it is their responsibility to notify their financial institution and see what services they can offer to help rectify the situation. Most banks have been proactive in the quest to limit identity theft and can walk your clients through what they need to know to ensure that any personal information hackers make off with will be of little consequence. If you do this promptly they can report this breach and ensure that they will be protected. Unauthorized charges within two days of any complaint limits individual liability to a mere $50; a huge savings in some identity theft cases.
  • Credit Reports – Any client that has his/her data potentially stolen has to monitor their credit reports. Setting fraud alerts will help automate this process, although they should still constantly check for warning signs of fraud. If reports come back conclusive for identity theft, considering a credit freeze until everything returns to normal may be a good option.
  • Theft Reports – In the U.S. the Federal Trade Commission (FTC) only has the resources to follow up on larger-scale fraud cases, but they will monitor identity theft cases to identify suspicious patterns that suggest the involvement of organizational wire fraud. The FTC’s website has a form that will file a complaint. Once that is done, it may be best to secure a police report to dot all the i’s and cross all the t’s. This report needs to be sent to all creditors and credit reporting agencies to ensure that you aren’t on the hook for malicious or unauthorized access.
  • Lock It Down – Immediately updating passwords is a great way to lock down your accounts after a potential breach. Furthermore, not only should you report any false use of your Social Security Number, you should also ensure that no additional accounts have been opened in your name.

Identity theft is serious business. COMPANYNAME’s IT experts can do their best to keep unwanted entities out of your network. For more information about cyber security and data theft, call us today at PHONENUMBER.

Categories
Casserly Consulting Blog

Android Ransomware Kits on the Rise

android_phone_ransom_400.jpg

The do-it-yourselfers of the world have enjoyed the autonomy that the Internet brings into their lives. They can now look up how-to guides and YouTube videos on how to do just about anything. However, the Internet has also given hackers and other cybercriminals access to all sorts of technology that makes using malware and other threats easier than ever before–even for inexperienced users.

Malware kits are certainly not a new concept, although you might be surprised to hear that the first kits first emerged as early as the 1990s. The introduction of the Dark Web made the transfer of illegal goods and services easier on a global scale, and developing technologies like cryptocurrency have only contributed to the rise of contraband being spread without consequences. The anonymity provided by virtual private networks is simply the icing on the cake, making it difficult for authorities to investigate the activity.

While most of these kits target the Windows operating system, there is an increasing number of malware kits that target other operating systems. In the past year alone, cybersecurity analysts expect an increase in ransomware kits that target Android smartphones. These types of kits are called “ransomware as a service,” in which just about any user with basic knowledge of how computers work to pull off a legitimate ransomware attack.

The type of malware that’s targeting Android smartphones can potentially cost your business thousands of dollars, and that’s not mentioning the data and reputation lost from the incident. These kits go for about $200 on the black market, making them a very lucrative solution. To make matters worse, there are plenty of reasons why Android devices are ideal targets for these types of attacks. Android is used on the vast majority of smartphones–approximately 86% of smartphones around the world. The fact that a $200 investment can yield untold profits makes it tempting, regardless of how ethical the decision is.

Furthermore, statistics show that many Android users are running outdated versions of the operating system, which means that there are patches and security updates that aren’t being implemented on these devices. This makes it more likely that the ransomware attack will succeed on Android-based devices.

It’s almost guaranteed that your business will eventually have to deal with mobile devices in the workplace, accessing important data and information from your network. The best way to ensure that mobile devices are secure from these types of threats is to implement a mobile device management policy that takes into account security and network access. To learn more about how you can keep your business safe from ransomware, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Tip of the Week: How to Transfer Apps to a New Phone

phone_new_data_apps_400.jpg

There is little that is more satisfying than obtaining a new phone. However, this sense of satisfaction is often undermined by the need to get your applications and data to ensure that your new device has everything you normally use installed. For this week’s tip, we’ll go over a method of making this process easier on an Android phone.

The first step to ensuring that your Android’s data can be retrieved is to ensure that it is properly backed up and able to be retrieved.

To check, you will need to access Settings, before opening Backup & reset. You will then have to toggle on Back up my data. You’ll then return to previous menu and select Backup & reset. Check that your Android account is the correct one in Backup account. You will then toggle automatic restore to On to be able to restore settings and data associated with the Android account in question.

Now that you’ve enabled Android’s backup service, your personal settings and application data will be saved to Google Drive. Now that the preliminary steps are handled, it’s time to restore your applications and settings to your new phone.

Restoration
Restoring your applications and data is pretty straightforward if you are utilizing the Lollipop-version of the Android OS or above. This setting is available to phones as they’re booting up for the first time, or just after they have been factory reset.

  1. Select the arrow at the welcome screen to start setting up your phone.
  2. Select System language and log into your Wi-Fi network.
  3. Select Accept and continue.
  4. You can then copy your Google accounts, apps, and data from another device. If you choose not to do that, you can then forge ahead by logging in to your Google account.
  5. There will be a privacy statement, press Accept.
  6. Now go to the Google services page. Here you can select to enable the backup service for your account.
  7. Choose all your preferences and select Next.
  8. If you want to add an email account, you can do so in the Add another email section. If you don’t need to do that, just select Not now, then click Next.
  9. You will then have to restore your apps from the “Which device?” menu. You will see all the Android devices that you’ve used. Select the device to see which apps will be available when you restore. If you don’t want everything restored, you can choose the arrow next to the Restore option and select what you’d like to restore and what you’d like to leave off your new device.
  10. Choose which device’s configuration you want to restore from, hit Restore.

After your apps are restored, be sure to enable security for your phone; and, if you so choose, get Google Now for your device.

The Android smartphone is one of today’s most important productivity tools. For more great information about mobile usability and security, give us a call today at PHONENUMBER.

Categories
Casserly Consulting Blog

Email Attachments are Schrӧdinger’s New Cat

Schrdingers_Cat_Lives_Dies_400.jpg

Have you ever heard of the physicist Erwin Schrӧdinger? He is most well-known for explaining a paradox related to quantum physics which involves a cat. Even though the theory behind Schrӧdinger’s cat is meant to explain something quite different, it can still be applied to a lot of different concepts. In particular, when explaining email security.

The thought experiment works as follows. The Schrӧdinger’s Cat scenario was created to strike down an interpretation of quantum mechanics that states an object can exist in all states but will revert to just one if it’s observed. As for Schrӧdinger’s experiment, a cat was hypothetically shut in a box with a small amount of radioactive material. This material had about a 50% chance of setting off a geiger counter. In this case, a hammer would smash a container filled with poison, killing the cat. If the Copenhagen interpretation is presumed to be correct, the cat would be both alive and dead until you see which one it really is.

At the time, Schrӧdinger’s cat was designed to challenge the Copenhagen interpretation, but a more modern version of this experiment can be seen in a business email solution. The primary topic associated with this line of thought is email attachments.

Spam and phishing emails are some of the more popular ways that cybercriminals use to spread their influence. The idea of how this ties into Schrӧdinger’s hypothetical cat involves approaching each email as both a normal message and a real threat at the same time. The only issue here is that there’s a lot more at risk with your business’s infrastructure than with a hypothetical scenario (no cats were harmed in the creation of this blog). After all, you don’t want to click on an email attachment unless you’re absolutely sure that it’s not going to cause problems for your organization.

Thankfully, there are ways that your business can protect itself from advanced threats that make their home attached to email messages, especially spam and phishing threats. Preventative measures like antivirus and anti-malware tools are great for keeping threats off of your infrastructure, and spam protection can help remove messages from your inbox before they become a cause for concern.

Your inbox needs to be secure, so why not do it the right way? To get started with network security solutions, call COMPANYNAME at PHONENUMBER today.

Categories
Casserly Consulting Blog

How to Spot Three Forms of Phishing Attacks

three_phishing_scams_400.jpg

One of the crazy things about hackers is that they will do whatever it takes to ensure that they steal as much information and sensitive data as possible. One of the more innovative ways that hackers spread threats is through spam. Unwanted messages have grown from simple annoyances, to the spread of unwanted software and malware, all the way to sophisticated attacks on targeted individuals known as phishing attacks. Do you have ways to secure your business?

Phishing attacks come in various shapes and forms. Here are some of the most common ways that hackers will use elaborate phishing attacks to scam your business, including phone calls, normal emails, and social media.

Phishing Calls
If you receive calls from strange numbers that don’t leave messages, there’s a solid chance that you could be the target of a phishing call. These messages are designed to target specific employees within your organization to coax information out of them. They might try to be from IT support to steal a printer model number, or perhaps they are hoping to steal usernames and passwords. Either way, the point stands that your organization contains lots of information that a scammer finds helpful.

It’s incredibly important that you teach your employees to know the difference between a fake phone call and a real one. Put them through the ringer when they call and try to guarantee their authenticity (or lack thereof). You should always cross-check contact information before giving up any information to anyone. When in doubt, simply don’t give away anything important.

Phishing Emails
While a phishing phone call will be pressuring your staff to make an immediate decision, a phishing email will likely give you more time to decide if you want to hand over information or commit to a decision. Tailor-made and customized phishing messages have risen in popularity with the intention of stealing specific information from a specific user. Often times, phishing emails will convince the user to click on a malicious link or download an attachment.

Implementing a spam filter and employee training exercises can go a long way to secure your company from phishing attacks. However, it’s still important to be able to identify the throwaway signs of spam and phishing. You should look for spelling errors or incorrect grammar, falsified information, and just about anything else that doesn’t necessarily belong. Still, phishing messages have become more elaborate than ever before, so make sure to consult security professionals if you truly can’t tell the difference between a real and fake message.

Phishing Accounts
It’s easy to use social media for bad purposes. Hackers can use them to attack their targets through the identity of someone else. A hacker can take on any identity they want, which makes phishing accounts even more difficult to identify–particularly if they have taken the identity of someone you might know. In general, just try to avoid messages that come out of the blue, and use your previous interactions with the sender to see if they are (or aren’t) who they claim to be.

Overall, just ensure that you approach potential phishing incidents with skepticism. It’s the best way to make sure that your business doesn’t fall to spam and phishing attacks. To learn more about how you can secure your company, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Tip of the Week: ‘Secure’ Browsing Doesn’t Mean ‘Private’

secure_browsing_doesnt_private_400.jpg

Internet browsers, by in large, provide enough security for the average user to come out unscathed. Nowadays, people deal with many more threats than they once did, but by in large, users stay secure when using today’s most popular browsers. Privacy, however, is a whole different matter.

Nearly every brand of browser offers some of supposedly covert browsing options. Google Chrome has Incognito mode, Microsoft Edge allows you to access the web using “InPrivate” mode, and Apple’s Safari browser also offers users private browsing. Each of these platforms, however, are a would-be nightmare for privacy advocates. For this week’s tip, we will discuss some things you can do to keep yourself private while online.

Privacy in Browsing
Shielding your online identity inside your browser may prevent your browser’s history from tracking your online activity, but your ISP doesn’t have those kind of restrictions. Your ISP is capable of tracking every site you go to no matter what browser you use. Additionally, websites you visit when you are browsing privately, can also track your IP address regardless of your use of private browser settings. Since your path is left unprotected, it leaves your website activity open for inspection.

On that note, it also should be mentioned that no matter what kind of in-browser private setting you use, your employer, who typically owns the network you are working on, can still see what sites you access. For business owners that are serious about lost productivity from employee web surfing, there are solutions to ensure that you control what your workers can see. If you are serious about keeping your web browsing private, your best bet is to use your own virtual private network (VPN).

Virtual Private Browsing
Using a VPN will keep the connection between your system and your destination hidden, allowing you to choose the location you are browsing from. In hiding your connection under the encryption afforded by the VPN, you can get the privacy you need from anywhere on any Internet connection.

For assistance in implementing a VPN for your business’ browsing needs, reach out to COMPANYNAME at PHONENUMBER.

Categories
Casserly Consulting Blog

IRS to CPAs – Hackers are Targeting You

income_tax_calculation_400.jpg

The IRS has issued a warning to tax professionals to step up their cyber security to prevent sensitive taxpayer information from being stolen. CPA firms, large and small, are being targeted by hackers and identity thieves, especially during the high traffic tax season.

CPAs collect and store a treasure trove of sensitive information that is deemed valuable to cybercriminals. This includes client contact information, credit card information, and social security numbers. Plus, the bad guys know that even though smaller, local tax professionals might not have as many clients as a nationwide firm, but the chances that their data is easier to get to makes them a viable target.

How easy could it be for someone to steal all of your clients’ sensitive information? Depending on the security you have in place, it could be shockingly simple. All it takes is parking near a CPA firm and finding an exploit to get connected to their Wi-Fi. If proper measures aren’t in place, that is enough to give the criminal carte blanche access to any data that isn’t properly protected. Then they can simply drive up to the next tax professional in town and attempt it again.

If the hacker wants to save on gas, they could also target hundreds of thousands of tax professionals at once with a single mass email. The email could look like a legitimate message from a client or organization, but contain an attachment that installs malware and instantly gives the hacker access to what they want.

The time to protect yourself (and your clients) is now. The IRS is urging tax professionals to encrypt all sensitive data and ensure that their network is equipped with the proper measures to protect data. Educating employees on how to not get baited into fake phishing emails is also critical. COMPANYNAME can audit your network and help you protect the identities of your clients. Don’t wait. Give us a call today at PHONENUMBER to get started.

Categories
Casserly Consulting Blog

Why Your IT Toolkit Should Include a VPN

Your_IT_Toolkit_Should_Include_a_VPN_400.jpg

Have you ever felt like someone was watching you while you’re doing your work from somewhere outside of your business’ infrastructure? If you’re working from a remote location, this situation might not be far from the truth. If you’re not using a private connection, onlookers could see everything that you’re doing or steal data. How can you keep your business secure while working out of the office?

The easiest way to do so is with a virtual private network, or VPN. You might have already heard quite a bit about VPNs thanks to the Federal Communications Commission’s verdict on Net Neutrality. Many users are hoping to take advantage of VPNs to limit the potential issues caused by ISPs selling browsing information to advertising companies, and just in general to protest the ruling. However, VPNs have a very important role in the business world as well, and they are an essential part of securing your organization.

Basically, a VPN works by encrypting your connection to important assets on your company’s network. This data is encrypted while it’s in transit, meaning that even if a hacker could intercept it, they would see nothing but a bunch of jumbled up letters, numbers, and symbols. Encrypted data is often simply useless for hackers as the time needed to crack the code is rarely worth spending. This goes for any data that’s being sent to or sent by your device, meaning that essentially any data that you need to send or receive is protected by military-grade encryption.

Think of it like this; you’re sending a letter to someone, but it’s locked in a box. The box can only be opened by specific users that have the key to it. Therefore, anyone hoping to intercept the box won’t be able to take the contents. Sure, they could steal the box if they want, but without the key, it won’t be of any use.

Overall, a VPN is the best way to keep your business from suffering data leaks or loss altogether. However, you want to ensure that the one you implement is an enterprise-level VPN that is capable of securing all of your business’s devices. If your business is in need of a powerful VPN, COMPANYNAME can help. To learn more, reach out to us at PHONENUMBER.