Category: Security

Categories
Security

Are American Voting Systems Secure?

american_voting_secure_400.jpg

Election Day for the United States is November 6th, and regardless of your feelings regarding U.S. politics, the fact of the matter is that millions of Americans will soon go to the polls and cast their ballots. Unfortunately, what many of them don’t realize is how insecure their voting machines actually are, and how they are potentially putting their vote at risk.

What Most Polling Places Have
The majority of American polling places are operating with equipment that is fast approaching 15 years old. For reference, here’s a brief list of products and technologies that haven’t even been around for ten years yet:

  • Google Chrome
  • Airbnb
  • Spotify
  • Kickstarter
  • 4G
  • Mobile GPS
  • Instagram
  • The iPad

One cofounder of nonprofit group Open Source Election Technology, Greg Miller, puts it this way: “You have equipment that was introduced in 2005. In that time frame, how many times have you changed your mobile phone? And how many times have we replaced our laptops?” In short, the American voting system is reliant on, as Miller described it,”… obsolete hardware [and] software that relies on a diet of spare parts.”

The other cofounder of the nonprofit OSET, John Sebes, has demonstrated just how vulnerable these systems could potentially be to manipulation.

Most polling places collect all of the voting data onto a piece of portable media, like a CD or a USB drive, and bring it to a separate location to be tallied. Unfortunately, the machines used here are also usually outdated, as is the software used to process the results of the vote.

In a live demonstration on a national news network, Sebes used one of these machines to tally votes for two fictional candidates, Thorfer and Varda. In the example, Thorfer had won in a landslide with over 3,000 votes, the opposing Varda only receiving 100. However, with a very simple malware, Sebes was able to just switch the tallies, making “Varda” a fraudulent winner – and while access to these tallying computers is secured, some may not be secured as well as others are.

Furthermore, many polling places maintain a paper backup of the vote, just in case there needs to be a recount, but there are also many who have no paper backup at all. This includes some states known as “battleground” or “swing” states, where a much smaller number of votes can potentially have a significant impact on the final outcome.

How to Minimize the Issue
Unfortunately, the easiest solution to this problem is also impossible. One would think that there would be a singular set of standards for all polling places to abide by – but since the American Constitution specifies that each state is in control of its own electoral procedures, this consistency is effectively made impossible.

However, there are other ways that have been suggested to protect voting technology… some of which are decidedly lower-tech.

Temporarily Eliminate Online Voting
Some states have made online voting available, primarily to service members or other citizens who may be abroad, and many allow email ballots to be submitted. However, until security is improved for these methods, it has been suggested that they are suspended.

Utilize Physical Backups
Yes, we know. We generally say that all of your backups should be saved to the cloud, but in this case, that would be counterproductive. After all, a physically-generated paper backup that records each vote isn’t hackable (unlike a digital system) and could easily be used to cross-check any contested results.

Invest in Improved Voting Equipment
As one might imagine upon hearing that most American voting machines are over a decade old, updating the infrastructure that enables the prime responsibility of democracy is clearly not a priority for those dispersing the funds. It has been suggested that Congress get involved, funding research into improving these machines and replacing the problematic older machines, as was last done in 2002.

Americans view the right to vote as a basic human right, so it seems especially bad that their infrastructure can get in the way of their doing so. Don’t let your business technology do the same to your employees and their work. Reach out to COMPANYNAME for a better solution by calling PHONENUMBER.

Categories
Security

3 Time-Saving Benefits to Outsourced Email Management

b2ap3_thumbnail_email_management_400.jpg You don’t have time to worry about managing your email solution, but it’s still a vital aspect of your business’s operations. You never know when someone will fall for a spam message, and you certainly can’t look over the shoulders of each employee to make sure they don’t. What’s the busy business owner to do? How can you get quality email management without it eating up too much time and effort on your part?

The answer, like many technological pain points of SMBs, is to outsource the responsibility to a managed IT provider. Managed IT is great for businesses that want to focus on their operations rather than spending time managing technology. We’ll discuss three of the ways that email management helps your organization stay on task and ahead of the game.

Strengthen Security with Spam Blocking
Spam is the favored vehicle for major online threats, including phishing and ransomware schemes, specifically because it allows hackers to spread their work in a way which allows them to target as many people as possible without devoting much individual work. Users can accidentally download attachments or click on links to malicious websites. Enterprise-level spam blocking solutions allow your organization to keep threatening or suspicious messages out of your inbox indefinitely, significantly reducing the risk of finding such messages in your email solution.

Hosting and Management
If you’re the one who has to constantly add new users or check to see that your email servers are working properly, you’ll find that you have less time to spend doing your actual work. Of course, nothing is more important than making sure operations proceed as intended. COMPANYNAME can manage your technology and free up incredible amounts of time to focus on building your company’s profitability. We can ensure maximum uptime and optimal mail flow so that you don’t have to.

Archive Messages for Future Viewing
Email archiving is a great way to ensure that your business retains a record of any incoming and outgoing messages for your business. This helps you keep a better track of who shares information with who, and more importantly, why information might be shared with those outside of your business. Furthermore, if an employee has recently left your business, but you weren’t privy to their reasons, you might find some clues in your email system that could strengthen retention and prevent turnover in the future.

If you want your business to flourish, managing email effectively is a great place to start. In the hands of professionals like those at COMPANYNAME, you can focus on operations without worrying about keeping mail flow from working as intended. For more information about email management, reach out to us at PHONENUMBER.

Categories
Security

Study Finds Social Media Phishing Scams to Be the Most Dangerous

b2ap3_thumbnail_employee_misuse_causes_problems_400.jpg Ordinary fishing, where you hope for a simple-minded fish to latch onto your hook, relies on using a proper lure. The same can be said for the virtual method of phishing, where a hacker will use a similar type of “lure” to convince the target to bite. These phishing scams are especially useful for hackers who want to take advantage of social media to find new targets. A recent study has shown that this is a surprisingly effective method of phishing.

A report from phishd by MWR InfoSecurity orchestrated a simulated phishing attack that attempted to target a million users. ITProPortal told of their findings: “Almost a quarter of users clicked a link to be taken to a fake login screen. Out of that number, more than half (54 percent) provided user credentials, and 80 percent downloaded a file.”

This means that about 10 percent of users fell victim to the first two stages of the simulation and gave up their account credentials. Now, compare this rate to how often a normal scam, like spam, accomplishes its goal. While the typical spam message will only have a fraction of a percentage point rate of success, social media provides a substantially larger chance of success to hackers.

James Moore, the Managing Director of phishd by MWR InfoSecurity, states: “More concerning is that out of those targeted with a social media request or a promotional offer, more than 10 percent downloaded a potentially malicious file via their corporate email accounts.” This is especially a problem, as there are so many people who connect their social media accounts to their work accounts–risky business for any organization that wants to avoid a critical data breach.

If anything, this study shows why your business needs to keep data safe. This includes being capable of identifying phishing scams and responding to them properly, but also the implementation of security tools like antivirus, spam blocking, and content filtering. If you’re very concerned about social media phishing, you can go so far as to block social media websites completely on your network. Additional measures such as comprehensive training can help your users identify phishing attacks both in and out of the office, on a variety of platforms. Often times, the lures used by hackers can be so tantalizing that they’re able to bypass your security, so the only thing standing between you and a data breach is the knowledge you’ve imparted to your users.

You can’t trust anyone on the Internet, be it a new friend on social media, a new entry into your address book, or a seemingly-legitimate website. You have to be ready for anything, but this can be a daunting task. Thankfully, you don’t have to endure it alone. With COMPANYNAME by your side, you’ll be prepared to handle any cyber threat. To learn more about what we can offer your business, reach out to us at PHONENUMBER.

Categories
Security

Tip of the Week: 9 Hacker Profiles You Need to Be Aware Of

b2ap3_thumbnail_cybercrime_classificiations_400.jpg “Hacker” is a word that can bring up many powerful impressions in people. It may very well bring up images of a pale super genius hunched over a keyboard, awash in dim blue light, as it does for many people. However, this extremely specific image does little but pigeonhole the many hackers in the real world into this dramatized caricature.

In reality, there are many different kinds of hacker, each with a preferred target and reason for doing what they do. For your part, it helps to be familiar with the 10 types of hackers you have a chance to encounter.

Amateurs

  • Script Kiddies: There’s a reason that this type of hacker is under the “amateur” heading. These are the hackers who are capable of little more than piggybacking onto larger efforts, or dabbling in the more basic forms of cybercrime. They are little more than nuisances, compared to their hacking compatriots.

The Good Guys

  • White Hats: These ethical hackers, usually security researchers, are those that help the average user by using their skills to keep threats at bay.

Political Players

  • Hacktivists: Using DDoS attacks and website vandalism to humiliate and hobble their targets, these actors are usually part of a larger group, working towards an ideologically driven common cause.
  • Nationalist Hackers: These actors are those that, thanks to their sympathies and patriotic motives, are often given a pass by law enforcement.
  • Nation State Agents: These typically work for a government body, usually in a military or intelligence capacity. They have access to great capital resources, but will not hesitate to use common tools as well.

The Criminals

  • Cyber Mercenaries: These are hackers-for-hire, who will be brought on to assist other cybercriminals for a share of whatever ill-gotten gains there are to be had.
  • Repeat Offenders: These hackers are skilled, yet disorganized, which keeps them from obtaining the profits that other varieties of hackers do.
  • Organized Crime: These are criminal organizations that focus on cybercrime, with a hierarchy that allows them to reap great profits from their schemes.
  • Malicious Insider: These are the criminals who sit inside your walls, actively working to sabotage your efforts and leak critical information to your competition, often for personal motivations.

These malicious insiders are easily the most dangerous threat to an SMB, but that doesn’t mean that the others don’t cause problems as well. In order to keep them all at bay, you will not only need to encourage diligence in the workplace, but also protect that workplace with comprehensive security solutions.

The experts at COMPANYNAME are ready to assist you in securing your business assets against external influences. Call PHONENUMBER to get started.

Categories
Security

Your Business Should Be in the Headlines for the Right Reasons, Not for a Cyber Attack

b2ap3_thumbnail_business_ramifications_400.jpg Today’s headlines are peppered with stories of major companies and institutions falling victim to a cyberattack. As a business owner, what’s your response to these gut-wrenching stories? If you write them off as fear mongering and believe that these attacks can never happen to your SMB, well, you’re wrong. They can and it’s up to you to prevent such a disaster.

One reason why it’s so important to shore up your company’s network security is because the ramifications of a breach extend well beyond the sensationalism surrounding a news story. Take for example one of the biggest stories of hacking in recent memory; the revelation made public last December that Yahoo had more than one billion of its accounts compromised, dating all the way back to 2013. While the headlines focused on the plight of Yahoo and the negative effect this would have on the tech company’s value, what didn’t get reported is how millions of Yahoo users were negatively affected by having their sensitive information exposed to hackers.

In the same way, seeing to your company’s network security goes beyond protecting your corporate image from a negative headline. It’s also about protecting all of those who have entrusted you with their sensitive data. This includes customers and vendors that have provided your business with their financial information, as well as employees that each have a wealth of their personal information connected to your HR department.

We’ve established that there’s a lot riding on your network security and that it’s your job to make sure this is taken care of. If you don’t currently have a security plan in place protecting your company from a data breach, where do you even begin? Fortunately, you don’t need to be an IT security expert or have a computer science degree to implement adequate security measures. As is the case with the many vital responsibilities connected to your business, you can outsource the protection of your network to the professionals, such as the IT technicians at COMPANYNAME.

That said, IT security is such an important and comprehensive matter that it’s not something that you should outsource and then disregard. In fact, IT security works best when everybody in the company understands that they have an active role in its upkeep. Yes, everybody. We’re talking from the C-level executives down to the cleaning lady who connects her smartphone to Wi-Fi. If everyone in your company understands how to avoid the snares laid by hackers, then the cake that is your network security measures will be topped with the icing of best practices.

Remember, securing your network from cyberattacks isn’t something that you have to do on your own. COMPANYNAME is here to help, and we can do so by implementing proven and comprehensive network security solutions like our Unified Threat Management tool, as well as remote monitoring and maintenance in order to detect and take care of any threats that may breach your defenses. We’re also available to equip your staff with the means and know-how to better understand cybersecurity.

For assistance in all of these areas of security and more, give us a call today at PHONENUMBER.

Categories
Security

These Police Officers Called for Backup… and it was Infected with Ransomware

b2ap3_thumbnail_police_ransomware_400.jpg The police exist to serve, protect, and enforce the law, but who can we turn to if even the cops are made victim of a cyberattack? This is the question the residents of Cockrell, Texas have to answer, as their police department fell victim to a ransomware attack known as the Osiris Ransomware.

Before you start to worry too much about this terrible new strain of ransomware, you should know that “Osiris” has been identified as a recent version of the Locky ransomware. The police department likely only referred to it as “Osiris” due to their encrypted files all sporting the extension “.osiris.”

This began as many ransomware attacks do; an on-screen message notified the police that their files had been locked, and would only be unlocked if the department paid up the demanded $4,000. As happens far too often, the ransomware was introduced into their system when a member of the department opened a spoofed email that appeared to be an official department communication. In keeping to best practices, the police’s IT department elected to restore the infected server’s files from a backup.

Unfortunately, the backup they had to restore from was taken after their systems had been infected, meaning that all they had were more locked and infected files.

This caused Cockrell authorities no small amount of trouble, as the encrypted files included years and years of photographic and video evidence to be used to prosecute cases. Time will only tell how much of an impact this will have on legal proceedings.

These events serve as a warning to all who rely on data in order to do their job, including businesses everywhere. It is essential to remember that your security is only as good as the people who are given access to your data. Furthermore, it reinforces the importance of keeping more than just one backup of your system. Backing up incrementally, and storing archived backups off site will usually safeguard a business from having the entire backup corrupted in the event of ransomware like this.

Reach out to us at PHONENUMBER so we can optimize your IT to protect you against ransomware and other critical issues.

Categories
Security

20% of Customers and Revenue are a Lot to Lose From a Single Data Breach

b2ap3_thumbnail_business_data_breach_400.jpg Data breaches are common problems for businesses of all shapes and sizes. In fact, they often have huge repercussions that aren’t initially seen in the heat of the moment. How can you make sure that a data breach won’t negatively impact your business, even well after you’ve fixed the initial problem?

Cisco, for example, claims that out of all companies that experienced a major data breach in 2016, over one-third of them lost more than 20 percent of their customers, opportunities, or revenue. This clearly shows that your business has far more than just data on the line when it comes to cybersecurity. Simply put, by not taking measures to keep your organization secure, you stand to put the future of your business itself at risk.

This makes sense, especially when you consider a consumer’s natural reaction to a poor experience with a specific vendor or brand. If you were a customer at a store that experienced a major data breach (one in which your financial information was stolen), would you still want to shop there? Many organizations will reassure their customers that the vulnerability has been resolved, and some might even offer to make amends for their careless handling of customer data. Yet, sometimes even this isn’t enough to retain customers, and often times, you won’t find this out until it’s too late.

As a small business owner, can you imagine what it would feel like to lose as much as 20 percent of your current clientele? Large organizations might have enough resources and offerings to make the loss seem more manageable, but chances are that a 20-percent loss would be a huge hit for any smaller organization.

Furthermore, it’s likely that such a loss of customers, opportunities, or revenue would affect long-term growth. If your organization loses 20 percent of its customers, that’s not just lost business for you–that’s a whole bunch of customers who won’t recommend your organization to new clients. What’s worse, they may even tell others about your business, but not in the way that you want them to. Before you know it, you’ll have former customers telling their contacts all of the ugly details about their experience with your business, data breaches notwithstanding.

In other words, not only does a data breach represent a loss of revenue, but also a loss of potential resources that could be utilized to further advance your business in the future.

Thus, a relatively small issue could transform into a major problem that puts the future of your business in jeopardy. Cisco also found that the following problems were concerning for organizations that experienced a data breach:

  • Cyber threats in 2016 increased in power and sophistication.
  • Cybersecurity efforts by organizations aren’t able to investigate all of the alerts they get in a single day (56 percent is the average).
  • However, despite cyber attacks growing in complexity, hackers still utilized “classic attack methods seen in 2010.”

Cyber threats continue to evolve into bigger, more dangerous threats that are harder to counter and prepare for. Despite this fact, it’s still your responsibility to make sure that any potential data breach doesn’t spell the end for your enterprise. It’s clear that, in order to guarantee the success of your business’s future, you need to implement powerful and focused security solutions designed to prevent breaches in the first place.

COMPANYNAME can help your business implement technology solutions designed to limit breaches and manage risk more effectively. With a Unified Threat Management device and remote monitoring and management service, you will have little to fear. To learn more, reach out to us at PHONENUMBER.

Categories
Security

Tip of the Week: Stuck Using a Public PC? Be Sure to Follow These 2 Privacy Tips

b2ap3_thumbnail_public_computers_are_dangerous_400.jpg Full disclosure: we don’t recommend doing anything important, or really anything at all, on a public computer. However, we understand that sometimes life works out in an unideal fashion, and sometimes you can be stuck doing something you shouldn’t, and otherwise wouldn’t. Even in these cases, there are steps you can take to preserve your security.

Despite the explosion in mobile device connectivity, the use of public computers is still remarkably common. Unfortunately, the same remarks can’t be said about their relative security. These open devices tend to have few solutions in place–if any–especially when compared to the average privately-held device.

However, as we go through the steps you need to take while using a public computer, we will also go through some alternatives that you really should consider implementing before you find yourself in this risky situation.

Use a Private Browser
The default settings for most web browsers are designed, more or less, for a single user’s exclusive use. This is why your browser collects data like your history, what you’ve downloaded, and account credentials. It’s all done to make the user’s experience simpler–which, on a private machine, isn’t necessarily a bad thing.

However, these capabilities don’t just go away because more than one person uses the computer, and so if you enter some sensitive credentials, the next user may be able to access and utilize them as well. Using a private browser prevents you from leaving those digital footprints on the machine by having it “forget” what you were just using it to access.

Keep in mind, private browsers aren’t a cure-all when it comes to your online security. Even though the computer itself won’t have a record of your browsing, it doesn’t mean that private browsers wipe your trail from the Internet as well. In order to do that, there are other measures you’ll have to take.

Use a Virtual Private Network
Virtual Private Networks, or VPNs, are a step up from a private browser. Once a user logs in to their VPN, their IP address is effectively shielded from view, and their activity is processed through an encrypted virtual tunnel. Using proxy servers that span across the globe, your identity and location are shielded enough that you will never be the target of an opportunistic attack.

As far as price is concerned with a VPN, there are free options out there, as well as many very reasonably priced, paid varieties. Your VPN would need to be set up on your office network before you plan on using it from an outside location.

When it comes to doing business while travelling, it’s only natural that the urge is there to use whatever is available. However, if you must decide between productivity and security, it is much more prudent to prioritize security. After all, without your security, you may just find that your finished product has been tampered with or stolen.

On the topic of security, it cannot be said enough that using a public computer in any professional capacity is simply not a risk that is worth taking. There is simply no way that you may be sure that your data is absolutely safe.

COMPANYNAME can help you maintain your security in situations like these. Give us a call at PHONENUMBER to learn more.

Categories
Security

Rootkit Hacks are Nasty, But Preventable

b2ap3_thumbnail_rootkits_good_or_bad_400.jpg The challenge for business owners is that there are so many different types of online threats, it borders on impossible to protect themselves from all of them. All of these threats hold limitless possibility to ruin your organization’s operations, either short-term or long-term. One of the most common threats out there is called a rootkit hack, and it’s one that you certainly don’t want to mess around with.

Defining a Rootkit Hack
Rootkits are malware that sit on a device for extended periods of time, often undetected for weeks, months, or even years. In this sense, they are very similar to trojans, which hide on networks and are capable of dodging security tools like antivirus and firewalls. Rootkits, however, aren’t designed to allow for backdoor access at a later date (though they certainly could be capable of doing so). Instead, a rootkit focuses on giving hackers administrator permissions so they can access systems in a pseudo-”legitimate” manner. The unfortunate side-effect for the user is that everything they are using the infected computer to do is being intercepted and controlled by someone else, placing them at the mercy of the hacker.

What’s even more confusing is that not all rootkits place your business at risk. In fact, many organizations that provide technical support for IT assets use rootkits for remote access and maintenance. The problem is that rootkits allow hackers to steal information, which can lead to a disaster.

How a Rootkit Works
The first step in a rootkit’s exploitation is seizing administrator control. Once the hacker has done so, their options are limitless. They can perform tasks such as deleting important files, installing software (like spyware), changing programs, recording keystrokes, and so much more. Hackers could steal vital information like credentials, access logs, or other important data. Furthermore, rootkits are usually software-based, though hardware-based rootkits accomplish a similar role and are arguably easier to identify. Just look for any piece of technology that looks like it doesn’t belong.

How to Prevent Rootkit Hacks
Protecting yourself from hacking attacks doesn’t have to be hard, but the sheer amount of possibility involved with them can be daunting. Rootkits can make their way into your network through the use of infected downloads, phishing scams, malicious URLs, and countless other ways. Always check to ensure the authenticity of what you’re downloading, and make sure to stay away from potential outlets of malware or other sketchy websites known for spreading malicious software.

By keeping these security discrepancies in mind, and by maximizing your use of best practices, you can effectively keep exposure to threats at a minimum. An enterprise-level security solution also goes a long way toward keeping your business safe, along with a firewall, antivirus tool, web content filter, and spam blocker. These solutions all take preventative measures to limit exposure to threats, taking some of the difficulty out of managing network security.

What To Do
If something seems out of place with your computer, disconnect your PC from the Internet and all internal networks immediately. This prevents remote access control and data leakage from rootkit hacks, but most importantly, you isolate the problem so that it can’t spread. If you don’t know how to get rid of the problem, professional technicians like those at COMPANYNAME have your back.

To get to the root of all manners of cyber threats, reach out to us at PHONENUMBER.

Categories
Security

The “S” in HTTPS is More Important Than You May Think

b2ap3_thumbnail_secure_web_browsing_400.jpg It would be an understatement to say that security, particularly encryption, is important while browsing the web. Though it was only recently that encryption became a major pain point for government regulation, encryption has been around for a very long time. The average user can get a taste of online encryption through the average website security certificate.

Hypertext Transfer Protocol, with an S on the end for “security,” is designed to protect a website visitor’s privacy by encrypting information sent from the website to a receiving server. Ordinarily, the connection wouldn’t be private, so data can be accessed while it’s in transit. This is why HTTPS is commonly used on pages that require sensitive credentials, like passwords, usernames, credit card numbers, Social Security numbers, and so on. For example, banking institutions and other accounts that are linked to financial credentials (like any payment pages on websites) need to be using a security certificate to guarantee the user’s security.

One good way of describing online encryption is like a pipe. A normal HTTP connection is like a transparent pipe that you can see through. Hackers can collect data while it’s in transit because the pipe is see-through. Now, imagine the same pipe, only with an opaque hue to it. You can still see the insides, but they’re hidden and jumbled to the point where you can’t get a clear image. This is what it’s like for hackers to see encrypted data; they may have stolen it, but it’s locked down and indecipherable, making it essentially worthless.

The main thing that the average business owner must understand about HTTPS and online encryption is that you need to drill best practices of handling data into your employees as early and as often as possible. Before entering sensitive information into any website, be sure to look for the following abnormalities:

  • A lack of a security certificate: Before you enter any information into a website, make sure that it’s protected by a security certificate. You can verify that a website is secure by clicking on the green padlock icon next to the URL’s name in the address bar. It’s important to keep in mind that, while SSL and TLS might largely seem like the same thing, SSL is an antiquated security protocol that, thanks to vulnerabilities like POODLE (a man-in-the-middle exploit), could be dangerous.
  • Suspicious URLs or domain names: Sometimes hackers will create a site that looks exactly like a banking institution’s website, and use it to steal credentials. They will use sneaky tactics to make you think that what you’re looking at is the real deal, but look for out-of-place letters, numbers, or symbols in the domain before thinking you’re in the clear. Basically, the site that you’re on should be the institution’s official site. If something looks out of the ordinary, contact the organization through the information that you have on file.

For more great tips and tricks on how to stay safe online, be sure to contact COMPANYNAME at PHONENUMBER.