Author: Casserly Consulting

Categories
Casserly Consulting Blog

Android Ransomware Kits on the Rise

android_phone_ransom_400.jpg

The do-it-yourselfers of the world have enjoyed the autonomy that the Internet brings into their lives. They can now look up how-to guides and YouTube videos on how to do just about anything. However, the Internet has also given hackers and other cybercriminals access to all sorts of technology that makes using malware and other threats easier than ever before–even for inexperienced users.

Malware kits are certainly not a new concept, although you might be surprised to hear that the first kits first emerged as early as the 1990s. The introduction of the Dark Web made the transfer of illegal goods and services easier on a global scale, and developing technologies like cryptocurrency have only contributed to the rise of contraband being spread without consequences. The anonymity provided by virtual private networks is simply the icing on the cake, making it difficult for authorities to investigate the activity.

While most of these kits target the Windows operating system, there is an increasing number of malware kits that target other operating systems. In the past year alone, cybersecurity analysts expect an increase in ransomware kits that target Android smartphones. These types of kits are called “ransomware as a service,” in which just about any user with basic knowledge of how computers work to pull off a legitimate ransomware attack.

The type of malware that’s targeting Android smartphones can potentially cost your business thousands of dollars, and that’s not mentioning the data and reputation lost from the incident. These kits go for about $200 on the black market, making them a very lucrative solution. To make matters worse, there are plenty of reasons why Android devices are ideal targets for these types of attacks. Android is used on the vast majority of smartphones–approximately 86% of smartphones around the world. The fact that a $200 investment can yield untold profits makes it tempting, regardless of how ethical the decision is.

Furthermore, statistics show that many Android users are running outdated versions of the operating system, which means that there are patches and security updates that aren’t being implemented on these devices. This makes it more likely that the ransomware attack will succeed on Android-based devices.

It’s almost guaranteed that your business will eventually have to deal with mobile devices in the workplace, accessing important data and information from your network. The best way to ensure that mobile devices are secure from these types of threats is to implement a mobile device management policy that takes into account security and network access. To learn more about how you can keep your business safe from ransomware, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Tip of the Week: How to Transfer Apps to a New Phone

phone_new_data_apps_400.jpg

There is little that is more satisfying than obtaining a new phone. However, this sense of satisfaction is often undermined by the need to get your applications and data to ensure that your new device has everything you normally use installed. For this week’s tip, we’ll go over a method of making this process easier on an Android phone.

The first step to ensuring that your Android’s data can be retrieved is to ensure that it is properly backed up and able to be retrieved.

To check, you will need to access Settings, before opening Backup & reset. You will then have to toggle on Back up my data. You’ll then return to previous menu and select Backup & reset. Check that your Android account is the correct one in Backup account. You will then toggle automatic restore to On to be able to restore settings and data associated with the Android account in question.

Now that you’ve enabled Android’s backup service, your personal settings and application data will be saved to Google Drive. Now that the preliminary steps are handled, it’s time to restore your applications and settings to your new phone.

Restoration
Restoring your applications and data is pretty straightforward if you are utilizing the Lollipop-version of the Android OS or above. This setting is available to phones as they’re booting up for the first time, or just after they have been factory reset.

  1. Select the arrow at the welcome screen to start setting up your phone.
  2. Select System language and log into your Wi-Fi network.
  3. Select Accept and continue.
  4. You can then copy your Google accounts, apps, and data from another device. If you choose not to do that, you can then forge ahead by logging in to your Google account.
  5. There will be a privacy statement, press Accept.
  6. Now go to the Google services page. Here you can select to enable the backup service for your account.
  7. Choose all your preferences and select Next.
  8. If you want to add an email account, you can do so in the Add another email section. If you don’t need to do that, just select Not now, then click Next.
  9. You will then have to restore your apps from the “Which device?” menu. You will see all the Android devices that you’ve used. Select the device to see which apps will be available when you restore. If you don’t want everything restored, you can choose the arrow next to the Restore option and select what you’d like to restore and what you’d like to leave off your new device.
  10. Choose which device’s configuration you want to restore from, hit Restore.

After your apps are restored, be sure to enable security for your phone; and, if you so choose, get Google Now for your device.

The Android smartphone is one of today’s most important productivity tools. For more great information about mobile usability and security, give us a call today at PHONENUMBER.

Categories
Casserly Consulting Blog

Email Attachments are Schrӧdinger’s New Cat

Schrdingers_Cat_Lives_Dies_400.jpg

Have you ever heard of the physicist Erwin Schrӧdinger? He is most well-known for explaining a paradox related to quantum physics which involves a cat. Even though the theory behind Schrӧdinger’s cat is meant to explain something quite different, it can still be applied to a lot of different concepts. In particular, when explaining email security.

The thought experiment works as follows. The Schrӧdinger’s Cat scenario was created to strike down an interpretation of quantum mechanics that states an object can exist in all states but will revert to just one if it’s observed. As for Schrӧdinger’s experiment, a cat was hypothetically shut in a box with a small amount of radioactive material. This material had about a 50% chance of setting off a geiger counter. In this case, a hammer would smash a container filled with poison, killing the cat. If the Copenhagen interpretation is presumed to be correct, the cat would be both alive and dead until you see which one it really is.

At the time, Schrӧdinger’s cat was designed to challenge the Copenhagen interpretation, but a more modern version of this experiment can be seen in a business email solution. The primary topic associated with this line of thought is email attachments.

Spam and phishing emails are some of the more popular ways that cybercriminals use to spread their influence. The idea of how this ties into Schrӧdinger’s hypothetical cat involves approaching each email as both a normal message and a real threat at the same time. The only issue here is that there’s a lot more at risk with your business’s infrastructure than with a hypothetical scenario (no cats were harmed in the creation of this blog). After all, you don’t want to click on an email attachment unless you’re absolutely sure that it’s not going to cause problems for your organization.

Thankfully, there are ways that your business can protect itself from advanced threats that make their home attached to email messages, especially spam and phishing threats. Preventative measures like antivirus and anti-malware tools are great for keeping threats off of your infrastructure, and spam protection can help remove messages from your inbox before they become a cause for concern.

Your inbox needs to be secure, so why not do it the right way? To get started with network security solutions, call COMPANYNAME at PHONENUMBER today.

Categories
Casserly Consulting Blog

How to Spot Three Forms of Phishing Attacks

three_phishing_scams_400.jpg

One of the crazy things about hackers is that they will do whatever it takes to ensure that they steal as much information and sensitive data as possible. One of the more innovative ways that hackers spread threats is through spam. Unwanted messages have grown from simple annoyances, to the spread of unwanted software and malware, all the way to sophisticated attacks on targeted individuals known as phishing attacks. Do you have ways to secure your business?

Phishing attacks come in various shapes and forms. Here are some of the most common ways that hackers will use elaborate phishing attacks to scam your business, including phone calls, normal emails, and social media.

Phishing Calls
If you receive calls from strange numbers that don’t leave messages, there’s a solid chance that you could be the target of a phishing call. These messages are designed to target specific employees within your organization to coax information out of them. They might try to be from IT support to steal a printer model number, or perhaps they are hoping to steal usernames and passwords. Either way, the point stands that your organization contains lots of information that a scammer finds helpful.

It’s incredibly important that you teach your employees to know the difference between a fake phone call and a real one. Put them through the ringer when they call and try to guarantee their authenticity (or lack thereof). You should always cross-check contact information before giving up any information to anyone. When in doubt, simply don’t give away anything important.

Phishing Emails
While a phishing phone call will be pressuring your staff to make an immediate decision, a phishing email will likely give you more time to decide if you want to hand over information or commit to a decision. Tailor-made and customized phishing messages have risen in popularity with the intention of stealing specific information from a specific user. Often times, phishing emails will convince the user to click on a malicious link or download an attachment.

Implementing a spam filter and employee training exercises can go a long way to secure your company from phishing attacks. However, it’s still important to be able to identify the throwaway signs of spam and phishing. You should look for spelling errors or incorrect grammar, falsified information, and just about anything else that doesn’t necessarily belong. Still, phishing messages have become more elaborate than ever before, so make sure to consult security professionals if you truly can’t tell the difference between a real and fake message.

Phishing Accounts
It’s easy to use social media for bad purposes. Hackers can use them to attack their targets through the identity of someone else. A hacker can take on any identity they want, which makes phishing accounts even more difficult to identify–particularly if they have taken the identity of someone you might know. In general, just try to avoid messages that come out of the blue, and use your previous interactions with the sender to see if they are (or aren’t) who they claim to be.

Overall, just ensure that you approach potential phishing incidents with skepticism. It’s the best way to make sure that your business doesn’t fall to spam and phishing attacks. To learn more about how you can secure your company, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Tip of the Week: ‘Secure’ Browsing Doesn’t Mean ‘Private’

secure_browsing_doesnt_private_400.jpg

Internet browsers, by in large, provide enough security for the average user to come out unscathed. Nowadays, people deal with many more threats than they once did, but by in large, users stay secure when using today’s most popular browsers. Privacy, however, is a whole different matter.

Nearly every brand of browser offers some of supposedly covert browsing options. Google Chrome has Incognito mode, Microsoft Edge allows you to access the web using “InPrivate” mode, and Apple’s Safari browser also offers users private browsing. Each of these platforms, however, are a would-be nightmare for privacy advocates. For this week’s tip, we will discuss some things you can do to keep yourself private while online.

Privacy in Browsing
Shielding your online identity inside your browser may prevent your browser’s history from tracking your online activity, but your ISP doesn’t have those kind of restrictions. Your ISP is capable of tracking every site you go to no matter what browser you use. Additionally, websites you visit when you are browsing privately, can also track your IP address regardless of your use of private browser settings. Since your path is left unprotected, it leaves your website activity open for inspection.

On that note, it also should be mentioned that no matter what kind of in-browser private setting you use, your employer, who typically owns the network you are working on, can still see what sites you access. For business owners that are serious about lost productivity from employee web surfing, there are solutions to ensure that you control what your workers can see. If you are serious about keeping your web browsing private, your best bet is to use your own virtual private network (VPN).

Virtual Private Browsing
Using a VPN will keep the connection between your system and your destination hidden, allowing you to choose the location you are browsing from. In hiding your connection under the encryption afforded by the VPN, you can get the privacy you need from anywhere on any Internet connection.

For assistance in implementing a VPN for your business’ browsing needs, reach out to COMPANYNAME at PHONENUMBER.

Categories
Casserly Consulting Blog

IRS to CPAs – Hackers are Targeting You

income_tax_calculation_400.jpg

The IRS has issued a warning to tax professionals to step up their cyber security to prevent sensitive taxpayer information from being stolen. CPA firms, large and small, are being targeted by hackers and identity thieves, especially during the high traffic tax season.

CPAs collect and store a treasure trove of sensitive information that is deemed valuable to cybercriminals. This includes client contact information, credit card information, and social security numbers. Plus, the bad guys know that even though smaller, local tax professionals might not have as many clients as a nationwide firm, but the chances that their data is easier to get to makes them a viable target.

How easy could it be for someone to steal all of your clients’ sensitive information? Depending on the security you have in place, it could be shockingly simple. All it takes is parking near a CPA firm and finding an exploit to get connected to their Wi-Fi. If proper measures aren’t in place, that is enough to give the criminal carte blanche access to any data that isn’t properly protected. Then they can simply drive up to the next tax professional in town and attempt it again.

If the hacker wants to save on gas, they could also target hundreds of thousands of tax professionals at once with a single mass email. The email could look like a legitimate message from a client or organization, but contain an attachment that installs malware and instantly gives the hacker access to what they want.

The time to protect yourself (and your clients) is now. The IRS is urging tax professionals to encrypt all sensitive data and ensure that their network is equipped with the proper measures to protect data. Educating employees on how to not get baited into fake phishing emails is also critical. COMPANYNAME can audit your network and help you protect the identities of your clients. Don’t wait. Give us a call today at PHONENUMBER to get started.

Categories
Casserly Consulting Blog

Why Your IT Toolkit Should Include a VPN

Your_IT_Toolkit_Should_Include_a_VPN_400.jpg

Have you ever felt like someone was watching you while you’re doing your work from somewhere outside of your business’ infrastructure? If you’re working from a remote location, this situation might not be far from the truth. If you’re not using a private connection, onlookers could see everything that you’re doing or steal data. How can you keep your business secure while working out of the office?

The easiest way to do so is with a virtual private network, or VPN. You might have already heard quite a bit about VPNs thanks to the Federal Communications Commission’s verdict on Net Neutrality. Many users are hoping to take advantage of VPNs to limit the potential issues caused by ISPs selling browsing information to advertising companies, and just in general to protest the ruling. However, VPNs have a very important role in the business world as well, and they are an essential part of securing your organization.

Basically, a VPN works by encrypting your connection to important assets on your company’s network. This data is encrypted while it’s in transit, meaning that even if a hacker could intercept it, they would see nothing but a bunch of jumbled up letters, numbers, and symbols. Encrypted data is often simply useless for hackers as the time needed to crack the code is rarely worth spending. This goes for any data that’s being sent to or sent by your device, meaning that essentially any data that you need to send or receive is protected by military-grade encryption.

Think of it like this; you’re sending a letter to someone, but it’s locked in a box. The box can only be opened by specific users that have the key to it. Therefore, anyone hoping to intercept the box won’t be able to take the contents. Sure, they could steal the box if they want, but without the key, it won’t be of any use.

Overall, a VPN is the best way to keep your business from suffering data leaks or loss altogether. However, you want to ensure that the one you implement is an enterprise-level VPN that is capable of securing all of your business’s devices. If your business is in need of a powerful VPN, COMPANYNAME can help. To learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Tip of the Week: How to Avoid Spam Emails

Spam_avoid_emails_400.jpg

Would you just give your bank account information to anyone who called you up and asked for it? Probably not. For the same reason, you wouldn’t just download attachments from your email messages without a second thought. This can be a dangerous practice, as some of the most common threats nowadays spread themselves via unwanted email attachments. It’s important that you can identify when it’s the right time to download an attachment, and when it’s best to just leave it be without exposing your business to unnecessary risk.

First, a little information about why you might be forced to make this decision in the first place. Spam messages are often the easiest way to spread the influence of malware and other threats. It’s simply a fact that you can send one message to countless individuals knowing that at least some of them will be fooled into downloading the attachment, and in turn, downloading all of the nasty things found on it.

For example, ransomware makes its home on workstations due to infected attachments. Your company might receive an unsolicited message from a prospective employee, who has attached their resume for review. Before your HR department knows what’s happening, their files are encrypted due to the attachment actually containing malware from a hacker. Surprise–your organization has fallen victim to a targeted phishing attack, with an infected infrastructure being the fallout.

While your spam filter might flag some of these messages as dangerous, it’s unlikely that the most dangerous ones will be caught in its web. Be wary of messages that claim to be receipts, shipping information, resumes/CVs, and other information that might be important for your organization. Hackers understand this and want to take advantage of that knowledge, which could potentially put your company in a tight spot.

Ultimately, the best way to keep your company safe is by taking a two-pronged approach–educating your employees on the importance of email security, and a technology solution designed to eliminate the majority of spam in the first place. The first can be maintained simply by holding awareness training and actively practicing proper email etiquette. Teach your employees that they should never open attachments from anyone they don’t know, and to always investigate the source of the message before declaring that it’s safe enough.

For the second measure, you can rely on COMPANYNAME to help you out. Our technicians can hook you up with an enterprise-level spam blocker to keep the majority of dangerous messages from making their way to your inbox in the first place. It’s a great measure that can minimize your employees’ exposure to risky elements. To learn more, reach out to us at PHONENUMBER.

Categories
Casserly Consulting Blog

Are Mobile Devices Putting Your Workplace at Risk?

mobile_device_workplace_risk_400.jpg

How many devices find their way into your office every day? In this age of mobile devices, it’s no surprise for each of your employees to have everything from a smartphone or tablet, to wearable technology like a Fitbit. Depending on the type of device, you’ll want to ensure that you have every opportunity to secure it so that it doesn’t become a security problem later on down the road.

The reasoning for doing so is simple; the more devices on your network, the more opportunities that a hacker has to gain entrance to it. If you don’t maintain who can or cannot access your network with specific devices, you could be leaving the backdoor open to any number of threats out there. Therefore, you need to take a multilayered approach to network security for mobile devices, and it all starts with a Bring Your Own Device strategy.

Bring your Own Device, or BYOD, aims to manage the risk of employees bringing their own devices to the office without sacrificing the privilege of doing so. Some of the major features of BYOD are great ways to augment mobile device security for your organization, so here are a couple of them to consider:

Blacklisting and Whitelisting Apps
The apps downloaded to your device have a lot to do with your business’ security. There are apps out there that are known to cause security discrepancies for your organization, so it makes sense that your business has a way to keep undesired apps off of your devices. By blacklisting and whitelisting apps, you can control your devices to an extent, keeping known threats off of smartphones and tablets.

Remote Wiping
Losing a device is a worst-case scenario for a lot of organizations. Not only do you risk the device falling into the hands of someone who refuses to return it, but you also risk the data on the device being compromised. In any case, you should enable the option to remotely wipe any lost, misplaced, or stolen devices so that they can’t be accessed by malicious actors. This way, you preserve the right to protect company data while still allowing employees to use and access their devices.

Let’s start talking about implementing your BYOD policy. COMPANYNAME can help your organization implement a solution that’s ideal for your specific needs. To learn more, call us today at PHONENUMBER.

Categories
Casserly Consulting Blog

Are the Apps on Your Device Safe?

trustworthy_apps_400.jpg

It’s difficult to judge whether or not an app can expose your business to risk without first downloading it. Despite their best efforts, Google Play and the iTunes store can’t possibly identify every single malicious application out there. Unfortunately, you’re charged with taking the security of your mobile devices into your own hands, but thanks to Google Play Protect, this responsibility is a bit more mild.

Google Play Protect is a new way to help users protect themselves from dangerous smartphone applications. It’s not necessarily an app on your device, but is instead a feature of the Google Play store itself. It’s found on Google Play Services v.11 or higher. Essentially, Google Play Protect scans your apps in the background and looks for anything sketchy going on behind your back. It can also manually scan your device for threats, as well as improve the detection of harmful apps that haven’t been installed through the Google Play store.

One of the major downfalls of Google Play Protect is that it can’t immediately scan an app that you install. Instead, you have to scan the app before you open it for the first time. We recommend that you always approach any new application with caution long before you download it from the Google Play store.

Even with Google Play Protect handling some of the dirty work behind the scenes to keep your devices safe, there are still measures that you can take to augment its approach. Here are just a few of them.

  • Only download apps from trustworthy sources: You might run into links that allow you to download an app to your device. By default, your device won’t let you download apps from external sources, and this is for a good reason. There is a greater chance that your organization could run into a malicious app while outside of the Google Play store. To be safe, only trust those that you find in the store itself.
  • Be wary of app permissions before downloading: Depending on the app you’re downloading, you might find that apps will require permissions to specific information on your device. An easy giveaway that an app isn’t the most secure is when it’s asking for too many permissions than you’re comfortable with. A great example is a flashlight app–why would it need access to your calls or text messages?
  • Consider Bring Your Own Device (BYOD): If each of your employees has a smartphone, a tablet, and a laptop, that’s three devices per user that are accessing important data. Therefore, it makes sense that in order to minimize risk, you implement some type of BYOD strategy that blacklists apps, remotely wipes compromised devices, and enhances mobile security.

Does your business need a way to ensure mobile security? COMPANYNAME can hook you up with a great mobile device strategy that can help your organization minimize risk. To learn more, reach out to us at PHONENUMBER.