People are busy, working fast, tired, and overly trusting. Cyber crooks are targeting people's preoccupation and fears around the coronavirus. IT can do its best, but one bad click can breach a system. Learn about current COVID-19 related IT threats in our latest ebook.
7 Things You Need to Know About Ransomware
Ransomware is a well-named type of cyberattack. Cybercriminals taking this approach kidnap your data. After accessing your network, they encrypt files and demand payment for the passcode. Here are the top seven things you need to know about this business threat.
#1 It Can Happen to You
Cybercriminals rely on your false confidence. Don’t think “it won’t happen to me.” Attacks on government, education, healthcare, or financial institutions get publicity. Yet organizations of all types and sizes are targeted.
#2 Ransomware Spreads Fast
Ransomware is malware, malicious software that can reach throughout a network. So, if Jane from accounting opens a ransomware file, every single computer on your business network could be infected. The virus can spread between businesses, too. Consider the debilitating WannaCry ransomware attack of 2017. Within four days of its first detection in Europe, the strain had spread to 116 countries.
#3 Ransomware Targets People
A common method to send out phishing emails in the hope of having people enter their access credentials. Targeted business communication emails work, too. The attacker gets to know your business first. Then they send an email impersonating a colleague, supplier, or customer asking you to take action or update contact details by clicking on the link or downloading a file.
#4 Ransomware is Costly
Once the ransomware is installed on your system, it locks down your files. To regain access to the files, you need the password or decryption key the attacker supplies when you pay up; that’s if they keep their end of the bargain once you pay the ransom. These are crooks you’re dealing with after all!
In Coveware’s analysis of Q3 2019, the average ransom payment increased by 13% to $41,198 as compared to $36,295 in Q2 of 2019. And that’s just the cost of the ransom. Indirect costs include the cost of downtime, lost revenue, and long-term brand damage. There’s also the expense of removing the ransomware, forensic analysis, and rebuilding systems.
The average ransomware attack in Q3 2019 resulted in 12.1 days of downtime. – Coveware
#5 Ransom Requires Cryptocurrency
Ransom payment is usually made by bitcoin or another cryptocurrency. Your business needs to buy cryptocurrency with actual cash, then transmit the ransom. They choose cryptocurrency because it’s very difficult to trace. It doesn’t help you that bitcoin is not something you can charge back like a credit card.
#6 A Recovery Plan Helps
Planning in advance can help you respond more reasonably. Document plans to disconnect infected computers from the network as soon as possible. Also, power down any machines that could be vulnerable to avoid spreading contagion.
You should also discuss in advance whether or not your business will pay a ransom. Weighing the costs and benefits without a deadline on the decision can help you react more strategically.
#7 You Can Take Action
You don’t have to sit around worrying and waiting for a ransomware attack. There are many things you can do to help prevent this type of attack:
- Filter traffic, preventing it from coming into your network in the first place.
- Scan inbound emails for known threats, and block certain attachment types.
- Use antivirus and anti-spam solutions and regularly upgrade and patch vulnerable software.
- Educate all users about social engineering.
- Allow remote access to your network only from secure virtual private networks.
- Back up your data to more than one location so that you can restore any impacted files from a known source.
Ransomware is a lucrative, relatively easy mode of attack for cybercriminals. They could target your business. Contact us today for help implementing the best protection practices to keep your data safe. Call us at 432-279-0671
LetMeIn101: How the Bad Guys Get Your Password
Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.
Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.
Tip: Avoid obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.
Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.
Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.
If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.
Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it’s unique to you.
The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.
Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.
Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.
Tip: Be cautious about your online activity on computers or networks you don’t trust.
Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.
Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.
These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?
N-Line Technologies has been helping small businesses just like yours in Midland, Odessa, and across the Permian Basin keep the bad guys out. We can help.
Contact us today! Call us at 432-279-0671
The Dark Web and Its Impact on Your Business
Business owners today know the internet is not only a force for good. Some people exploit the Web for ill intent. They congregate on the Dark Web, and small businesses need to understand the risks.
What is the Dark Web?
You and your employees spend time daily on the Web. They’re researching clients, checking out competitors, and searching for information. They are not accessing the Dark Web. The Dark Web houses dangerous, often illegal activity. This includes black-market drug sales, illegal firearm sales, and illicit pornography.
The Dark Web’s collection of websites is inaccessible using standard search engines or browsers. Users employ a Tor or I2P encryption tool to hide their identity and activity, and they spoof IP addresses.
To go into the Dark Web, you also need to be using the Tor or I2P service. Plus, you’d need to know where to find the site you are looking for. There are Dark Web directories, but they are unreliable. The people on the Dark Web don’t want their victims to find them. Ultimately, it’s not somewhere you or your employees need to be.
So, why do you need to know about it? Because Dark Web users can buy:
- usernames and passwords
- counterfeit money
- stolen credit card numbers or subscription credentials
- software to break into people’s computers
- operational, financial, or customer data
- intellectual property or trade secrets
The Dark Web is also where someone can hire a hacker to attack your computers.
The Dark Web business risk
The Dark Web itself isn’t illegal, and not all its traffic is criminal. It is also visited by journalists and law enforcement agencies, and it’s used in countries prohibiting open communication.
Yet the number of Dark Web listings that could harm your business is growing. A 2019 research study found that 60% of all listings could harm enterprises, and the number of those Dark Web listings has risen by 20% since 2016.
Business risks from these Dark Web listings include:
- undermining brand reputation
- loss of competitive advantage
- denial-of-service attack or malware disruption
- IP theft
- fraudulent activity
With media attention on data breaches impacting millions, it’s easy to think a small business is not at risk. However, bad actors don’t target a business for its size; they look for ease of access.
Dark Web information is up to twenty times more likely to come from an unreported breach. Privacy specialists told a Federal Trade Commission Conference victims included medical practices, retailers, school districts, restaurant chains, and other small businesses.
Reduce your risk
If your information ends up on the Dark Web, there’s little you can do about it. The bright side, at least, is that you would know that your business security has been compromised. Be proactive instead. Keep your security protections current, and install security patches regularly.
Consider a unified threat management (UTM) device, or UTM appliance. The UTM plugs into your network to serve as a gateway and protect your business from malware, illicit access, and other security risks.
Your UTM security appliance can provide:
- application control
- anti-malware scanning
- URL and content filtering
- data loss prevention
- email security
- wireless and remote access management
Or let a managed services provider (MSP), like N-Line Technologies, take care of all aspects of protecting your business. Pay a consistent monthly fee for us to handle all your technology, patching, monitoring, and assessment needs.
Let us help you stay on top of the latest cybersecurity threats with managed services from N-Line! We have been protecting businesses in Midland, Odessa, and the Permian Basin from the dangers of the Dark Web since 2001.
Click HERE or Call us today at 442-279-0671!
Has Your Email Been Hijacked?
A common complaint by many users in recent months has been spam emails appearing to come from their own accounts. Despite not knowing why, reports of friends, family, and contacts receiving spam email that appears to come from them has worried many people.
Some have had their accounts suspended or shut down by their service providers as a result. For many, this experience can be highly disruptive. It’s a problem that can cause many issues in both your professional and personal life.
The key to defense is learning how these attacks happen, and figuring out what you can do to protect yourself and your contacts against them.
Hackers Using Your Email Against You
Scammers that send out spam messages are continually looking for ways to make the process faster, cheaper, and more efficient. It’s the best way in which they can make more money every day by scamming unsuspecting victims for even more cash.
One of the most efficient ways they do this is by hijacking ready-made trusted email accounts like your own. Hackers have several tools at their disposal to attempt to hijack your accounts.
Some of the principles which make email fast and easy to use means that details, such as those in the ‘from’ field, are easy to fake. A hacker might change the information supplied to make it appear as if the email comes from anyone.
There’s not much you can do to defend your email against such an attack. However, you can work to verify that an email, even one you expect to receive, does come from the person you believe it to be. If your email provider flags up an incoming email as ‘suspicious’, or ‘untrustworthy’, it may well be. A good spam filter service like our N-Line Spam Control can filter out many fake emails before they get to your inbox.
Stolen Credentials
Hackers often buy large bundles of email addresses and passwords from the dark web. Leaked emails are often put up for sale following hacks of major companies and service providers.
The value of these details comes from passwords being unlikely to have been changed, the details attached to them are trusted, and often give hackers access to additional services too.
How To Detect an Email Intrusion
It can take a long time before you’re aware that malicious hackers are using your details. You might even be the last person in your contacts to know.
The first sign to look out for is a large number of unexpected emails in your inbox. These are likely replies to emails you never sent in the first place. Out of office, automatic responses, people complaining about spam, and people responding to the email as if it were genuine may all come to you first.
Keep a close eye on unexpected emails appearing suddenly in either your inbox or outbox. A hacker may be spear-phishing someone that you do business with or trust. By acting as you, using your address and details, they may be able to divert payments or confidential information to their accounts instead.
Protecting Yourself Against Hackers, Attackers, And Hijackers
Sometimes your computer might have been compromised to give hackers access to your services. Malicious software may have infected your machine to steal data and infect your contacts.
Take extra care to change your passwords if you believe your email has been accessed by a hacker. Use a different, more secure password for your email than you do for every other service. Your email account is often the key to accessing many of the services you use most.
Run a virus scan and maintain security updates if you think your computer could have been infected. Have your machine and services looked at by a professional if you believe there is a risk your data is being used?
N-Line Technologies is here to help you protect your email with business-grade email solutions from Microsoft Office 365. If you think your email could have been hijacked, or your details used elsewhere, click HERE give us a call at 432-279-0671 to clean up today.
We have been serving Midland, Odessa, and the Permian Basin since 2001!
5 Tech Travel Tips You Can Use
It’s Summer Time and that means you’ll probably be going on vacation soon. Traveling with family and friends to some nice beach or mountain getaway far far away from the oil patch. For most people, this also means making sure your tech is packed and ready for the adventure. Smartphones, ebook readers, tablets, laptops, and smartwatches are now so light and portable that you’d never think of leaving them behind, plus they can add a ton of value your experience.
At N-Line we know having tech issues on vacation is a serious downer so here are a few tips to consider before you hit the road.
1. Backup to the cloud
While you’re jet setting around, relaxing on a beach or hiking your way to freedom, your tech is always going to be exposed to a level of risk. This might range from accidentally leaving your laptop at a cafe to having it stolen from your bag, but either way, the problem is the same – your data is now gone. If you’ve backed up your devices to the cloud (eg Evernote, Microsoft OneNote or Google Drive) you’ll be able to access your files easily and securely from anywhere.
Hot tip: Scan or save important documents like itineraries and passports to the cloud.
2. Pack the right cables
Begging random strangers for a loan of their cable isn’t much fun, so remember to bring the exact cables and chargers you’ll need. Most smartphones and tablets use universal plugs like Micro USB, USB C or Apple Lightning, so you can get away with only packing one cable. Many locations now offer powered USB ports, but be sure to also pack the right charger as well, it’s a convenience you’ll appreciate. If you’re traveling overseas and the socket is different, remember to pack a plug converter, and depending on your destination, you might even find the voltage is different. It’s a good idea to check whether you also need a voltage converter before you try and charge.
3. Download offline data
It’s no secret that global roaming can give nasty bill shocks. The easy access data you normally use over Wi-Fi or get included in your cell plan has us all accustomed to being connected. While traveling, you might find yourself in a location where data costs a fortune or it’s not available at all. Download any files you might need, including important documents like itineraries and bookings, so that you can access them even without a connection.
4. Update and scan
Just like you’d make sure you’ve got the right vaccinations and travel gear, make sure your tech is ready to travel too. Set aside a few minutes to run updates for your operating systems and apps, as well as your anti-virus. Go one step further and run a manual anti-virus scan too. The last thing you want to deal with one your trip is a cyber attack! While you’re doing your pro-active thing, turn on password protection for all devices so that only you can unlock them.
Hot tip: Use a complex password that is hard for thieves to guess.
5. Mark your territory
Almost exactly the way it sounds, let everyone know this tech belongs to you. Write your cell number on portable devices in case you get separated so whoever finds it can give you a quick call and save the day. Don’t want to use permanent marker on your shiny tech? Grab some sticky labels you can peel off when you get home.
You can also get little Bluetooth tracking tags to stick to your gear, so that if you ever lose something you can chase it down. Similarly, you might like to consider enabling the Find My iPhone feature on Apple devices or Find My Device for Google. Having this feature switched on also means you can disable your device remotely, an excellent security option if it’s been stolen.
Need help preparing your tech for travel?
Click HERE or Give us a call at 432-279-0671
Don’t Get Hooked by Spear-Phishing Attacks
Phishing attacks have been around for a long time in IT. Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective. Today, a more modern and more effective version of the same attack is commonly used.
A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users. The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.
By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts. Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack. It’s typically targeted at businesses and their staff.
A Convincing, Dangerous Attack
While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise. The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.
The attacker focuses on building a relationship and establishing trust with the target. By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.
They do this by carefully researching your company and its key officers. Often using Google, Facebook, LinkedIn, and other online sources of information so that they can successfully imitate someone you or your employees will trust such a key vendor or business partner, or even a fellow employee.
Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.
A Trusted E-mail
The malicious email can appear to come from a vendor you deal with regularly. It may even look like an invoice you are expecting to receive. Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.
Such an attack is very difficult to detect. It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected. Even a single small mistake by an unaware member of staff can compromise your business accounts.
Defending Your Business
The key to stopping a spear phishing attack is education. Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.
Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding. Are you expecting this email? Is the vendor attempting to rush you into a quick decision or transaction? Have you checked all the details are correct and as you expected? Sometimes a simple query to the vendor can protect you against worst-case scenarios.
In many cases, a phishing attack can be halted in its tracks with a strong IT security package. Web and spam filtering can prevent malicious emails and links from entering the network, shutting attacks down before any damage can be done.
Good Security Practice
As with many types of IT threats, good security practices help mitigate damage. Locking down security to ensure employees only access the systems they need helps to prevent damage from spreading across the network.
Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised. Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.
N-Line Technologies has the tools and know how to help protect your company from sophisticated Spear-Phishing attacks.
Don’t wait until they attack.
Contact us today at 432-279-0671 to audit your security practices.
Protecting Your Customers and Your Business Too
Security and privacy are at the very top of our priorities when considering business IT needs. Major data leaks are in mainstream news on a near-daily basis and hundreds of thousands, if not millions, of customers, are impacted every time they happen. Our number one goal is to make sure our businesses are kept out of danger.
Major institutions, such as multi-national banks and credit card companies, are expected to handle your data well. Unfortunately, less secured businesses require access to our data too.
Even just booking into a hotel often requires you to leave your name, address, date of birth, passport number, and credit card details. These few pieces of information are more than enough to steal your identity, start a line of credit, and access many of your vital services. You can often only hope your chosen hotel handles your information as well as your bank does.
Securing Your Business with Smarter Thinking
There is no way to change how your favorite hotel service operates, but you can affect your own business to improve its security for your customers.
You don’t need the manpower or funding of a major banking chain to handle data securely. With simple tweaks and powerful changes, you can minimize the chances of your business suffering a data breach big enough close your doors for good.
By stepping up IT security to meet modern threats, you can help to limit your liability, put customer’s minds at ease and give your firm a competitive advantage. Should hackers attack, the work you do today will limit the damage and help you to weather the storm.
Limit Your Data Collection
The single most important thing to consider when securing your business is how much data do you really need to hold anyway? Carefully consider the value of every piece of personal information you collect in any given transaction. Do you have a use for everything you ask for?
Emails, addresses, and contact numbers are useful for receipts and marketing, but additional data many firms collect is often useless and wasteful. Each piece of unnecessary data you hold represents additional value to hackers and thieves. While you may be unable to use your own stored data, hackers will find great value in gathering more personal information. This increases your liability without adding any extra value.
Consider Your Access Requirements
Think carefully about who has access to the information within your business and precisely why they need to access it. Often security problems begin when employees have blanket privileges to access everything within the firm.
Access restrictions should be specific to the company structure. Low-level employees should be limited to only what is strictly required for their role. Managers, for example, are likely to need systems that their junior staff cannot access.
Physical access restrictions are critical too. Unattended computers and mobile devices should require a password or identity verification to log on.
Treating Data with Care
The way you treat your data in day-to-day business reflects the impact hackers or IT disaster will have on your business when it is lost. Do you know where your backups are, and when they were last tested? Firms often first know they are in trouble when they realize all their data is stored on a business laptop or device that could be easily lost or stolen. Some firms maintain backups on USB drives or shuttle a portable hard drive between home and work.
These solutions should have no place in a professional business environment. Proper data care means regular, tested backups that are secure against fire, theft, or online hacks. Data on laptops and cell phones should be encrypted that way if lost or stolen the thieves can’t get at the data. Protecting your customers and your business is all about the smart application of IT knowledge in a cost-effective and efficient way.
N-Line Technologies has been helping businesses in Midland, Odessa, and the Permian Basin since 2001.
We can help you to lock down your business to protect the most valuable assets your business owns, data.
Click HERE or Call us at 432-279-0671
Are you putting your business at risk in 2020?
You may not think so. But you could be if you're using Microsoft products reaching the end of support next year.
Microsoft won't provide security updates for popular business tools after January 2020.
This affects you if you're using Windows 7 as your laptop or desktop operating system.
Or you're relying on 2010 Microsoft Office for Word, Excel or PowerPoint.
Maybe your business server is running Windows Server 2008R2 or Small Business Server 2011.
Perhaps Exchange 2010 controls your email and calendars.
If so, this news is a big deal.
It's like pest control. Microsoft was helping your IT team keep cybercriminals at bay. In 2020, they're going to stop trying to identify and fix any vulnerabilities.
You might want to take your chances and stick with the Microsoft products you already have. If you do, you'll run the risk of a costly data breach, malware infection, or other cyber threats.
Instead, think of this as an opportunity to do business even better. Upgrading your Windows products means working with faster tools offering improved functionality.
Like the cloud-based Office 365 which lets users access email, calendar sharing, and files in real time from any device, wherever they are.
Don't wait to secure your PCs from cyber creepy crawlies. Our latest ebook explains what's happening and what your business can do to stay safe in 2020.
Fill out the form below and get your
FREE eBOOK right now!
Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.
Your Data is Safe with Office 365
In this video, N-Line Technologies explores how Office 365 works overtime to safeguard the business data of entrepreneurs like Bryce McDonald, owner/operator of Day1 Wake, a company that makes wakesurf boards for customers around the world. While giving Bryce unprecedented freedom and flexibility, Office 365 provides multiple layers of security, which Microsoft monitors 24/7. Contact us to learn how Office 365 can do the same for you. 432-279-0671