N-Line Technologies takes a probing look at how Microsoft Office 365 addresses the cyber-security concerns of small business owners like Bryce McDonald, whose company, Day1 Wake, delivers wakesurf boards to customers across the country. Bryce knows that, wherever he goes, Office 365 multi-layer security is working 24/7 to safeguard the integrity of his business data. Contact us–we’d love to show you how Office 365 can do the same for businesses in Midland, Odessa, and the Permian Basin.
Let’s face it getting hit with a ransomware attack just plain sucks, your files get encrypted by cybercriminals and are held hostage. You are then left having to decide: should we pay to get them back? Sadly, this is a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone. Here’s what you should consider if you’re ever in this situation.
Do you trust them?
We have all seen the TV shows where the rich guy’s son or daughter is kidnapped and when they pay the ransom the kidnappers take the money and kill the kid. This situation is no different. The cold fact is that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key after you pay up? Most attackers demand you send the payment via untraceable Bitcoin, so you can do nothing if they take the money and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want the embarrassment of a breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.
Can you manage the impact?
In the best-case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like “KillDisk” which can permanently wipe your entire hard drive or even your entire network.
How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.
Are your backups good?
Many businesses are discovering too late that their backup systems aren’t good enough to withstand this kind of attack. Often the backups themselves become infected too, they weren’t up-to-date or they backed up the wrong data. OUCH. It’s worth doing some quick checks on your backup processes because even if you must shut down the system for a day so you can recover, you’re still light years ahead of those without them.
What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop this chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.
Stay safe in the first place
Ransomware is just plain evil and it is showing no signs of slowing down. There is just too much easy money for the crooks. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters, such as our excellent “N-Line Spam Control” Product, to catch these types of emails before they land in your employee inboxes. You want that ransomware attack be something that happens to other businesses, not yours.
N-Line Technologies can help you secure your data systems now!
Call us at 432-279-0671
We proudly service Midland and Odessa Texas and the Permian Basin area.
Contact us today!
There are the normal costs everyone associates with a breach, like getting your own server and computers fixed up, with maybe a little downtime. But really, most businesses view the possibility of getting hacked as more of an inconvenience than a bottom-line cost. For those who’ve come out the other side though, it’s a very different story. They know the hidden and ongoing costs of a data breach can be crippling, and that IT security exists to protect your business on multiple levels. All those surprise costs that spiral out of control are why most businesses close after a cyber-attack. Here are a few of the hard, but common realities of life after a hack.
Raiding the budget to reduce downtime
From the moment a cyber-attack gets into your system, things get expensive, and the longer the attack goes, the more it costs. Latest stats reveal most breaches aren’t identified for around 191 days, then it can take on average another 66 days to contain the damage. During this time you’re cleaning PCs, mobile devices, laptops, servers and even entire networks. Add to this the fee for experts to fix everything up, all the new tools and software they insist you have, and all the hours/days/weeks when your business is struggling with downtime, you’ll exhaust your emergency funds very quickly.
The long arm of the law
Depending on what data was stolen and how you handled the situation, you could be liable for fines into the millions. Having any medical data or legal files leak is a particularly messy scenario with fines coming from multiple sources. In any case, new privacy laws mean businesses are liable for massive fines if they don’t disclose a data breach, even if only email addresses were stolen. Where this gets even trickier is that the burden is on your business to know exactly what data has been stolen/illegally accessed, so you can report it before the fines stack up. This means that even if you were able to fix up the systems yourself, you still need to hire an expert who can identify exactly what the hackers took, from where and when.
Customer retention measures
In a double-down crush to your bottom line, not only does your business have to bear the cost of the hack, your future income takes a hit as customers lose trust and leave. To offset this, many businesses need to engage PR experts, spend more on advertising, and go all out to ensure they survive to fight another day. Even so, your breach disclosure will still come up in search results for many years. The more negative publicity your breach attracts, the more you’ll need to spend on customer retention.
All your secrets exposed
While you may not have Pentagon level secrets to protect, your business does have information that you’d like to keep to yourself. Hackers love going after those juicy tidbits, and the more closely you guard them, the more attractive they are. Think Coca Cola recipe, Big Mac Secret Sauce or 11 Herbs & Spices…While those corporations would be big enough to keep their competitive edge after the breach, your business success relies on at least some information staying secret. It may not be a secret recipe, but your proprietary methods and databases have a black-market value all of their own.
But simply avoiding a breach doesn’t cost much at all…
The thing is, it’s not expensive to stay on top of it all and keep your business protected. For a low monthly fee, we can reverse the entire scenario and secure your systems against the unknown. That means no need to raid other department budgets in a panic, pay crippling fines, make embarrassing public announcements, or fight to retain your competitive edge.
We can help with making sure your systems have the latest security patches and your anti-virus knows the latest tricks to watch for. Our technicians can build a virtual fortress around your business that keeps the bad guys out while letting you thrive and even monitor security with early warning systems. Whatever your needs are, both now and moving ahead, we’re here to help keep you safe while keeping your IT costs low.
Ready to secure your business against breaches?
Give us a call today on 432-279-0671 and ask about our
Free Risk Intelligence Scan.
Schedule your Free Scan today.
Limited slots open.
Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.
Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:
The Payment Redirect
This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.
The Malware Click – Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks or Xero, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.
How to Stay Safe
Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments. Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.
We can help increase your security, talk to us today. Call us at 432-279-0671
Severe design flaws in modern CPUs were recently discovered and made public. These flaws put users and businesses alike at risk of attacks known as Spectre and Meltdown, where private data can be called up and stolen. Chip manufacturers including Intel and ARM have responded by working with software developers to correct the flaws, however, these fixes are affecting computer performance.
In this whitepaper, you will discover exactly how this vulnerability works, how you’ll be impacted, and what you can do to protect your systems
Get our free whitepaper and learn what your risks are.
In our FREE whitepaper you will:
- Discover how this vulnerability works
- How you'll be impacted
- What you can do to protect your systems
Subscribe to our Newsletter and get your Free Whitepaper!
If your typical New Year’s resolutions lasted about 30 seconds, you’re not alone. Pledges to eat better, start running and learn how to juggle can be rebooted again next year easy enough.
This year, we challenge you to think about your tech health with some resolutions you’ll want to keep.
- No More Junk Mail
Whether you checked a box agreeing to get newsletters, or you have no idea how you got on that list, it’s time to say goodbye. Start by emptying your mailbox to zero unread messages – no you don’t have to read all that spam – you have permission to delete it unread. Let’s face it, if you were going to read it, you would have done so already. Away it goes.
Now that you’re starting with a clean slate and a huge feeling of accomplishment, resolve this: Each day, unsubscribe from 5-10 lists. Keep an eagle eye out for that gorgeous ‘unsubscribe’ link and click it with confidence. You don’t even need to give a reason if it redirects to a survey page. Before too long, your inbox will be a refreshing place filled only with people and businesses you look forward to hearing from.
- Go Password Pro
With all these password leaks from LinkedIn, Myspace, and goodness knows who hasn’t come forward, now’s the time to get smart with your passwords. Because most people use the same passwords on every site, a single breach can be the hack that keeps on giving. You know how important it is to use different passwords for each site, but let’s be real, that’s a LOT of passwords to remember!
Instead of writing them down, we recommend using a password manager like LastPass. It remembers all your various passwords for you, so all you need to know is the super-protected master password. Master passwords are kept encrypted on your system, not theirs, and 2-factor authentication checks with you via text for all big changes.
- Backup. No Really, Backup.
I’ve been meaning to backup is the cry of someone who just lost all their photos. Good intentions don’t count AT ALL in data security because once the data is gone, it’s gone. With new cloud backup options, there’s no reason to put this off, because backup apps are now easier and more accessible than ever before. You can also backup to local drives, but this will take a little extra remembering on your part, as you’ll want to have at least one drive that stays disconnected in case of viruses.
There you have it. Three New Year’s resolutions you can easily keep, and that will make a real difference to your year. Opening your email will be a pleasure, you’ll be a spectator only in any future password leaks, and your precious files will be safe against all manner of disaster. Feels better than any diet, doesn’t it?
Stuck with any of this? Let us help by calling us at 432-279-0671
You can have top-notch security in place but there is still one danger: social engineering. It’s the old kid on the block, but most of us have never heard of it. Perhaps the more familiar term is ‘con’: the art of manipulating people to take certain actions or divulge private information. Social engineers are a special type of hacker who skip the hassle of writing code and go straight to the weakest link in your security defenses – your employees. A phone call, a cheap disguise or casual email may be all it takes to gain access, despite having solid tech protections in place.
Here are just a few examples of how social engineers work:
Email: Pretending to be a co-worker or customer who ‘just quickly’ needs a certain piece of information. It could be a shipping address, login, contact or personal detail that they pretend they already know, but simply don’t have in front of them. The email may even tell you where to get the data from. The hacker may also create a sense of urgency or indicate the fear that they’ll get in trouble without this information. Your employee is naturally inclined to help and quickly sends a reply.
Phone: Posing as IT support, government official or customer, the hacker quickly manipulates your employee into changing a password or giving out information. These attacks are harder to identify and the hacker can be very persuasive, even using background sound effects like a crying baby or call-center noise to trigger empathy or trust.
In person: A delivery man uniform gets past most people without question, as does a repairman. The social engineer can quickly then move into sensitive areas of your business. Once inside, they essentially become invisible, free to install network listening devices, read a Post-it note with a password on it, or tamper with your business in other ways.
It’s impossible to predict when and where (or how) a social engineer will strike. The above attacks aren’t particularly sophisticated, but they are extremely effective. Your staff has been trained to be helpful, but this can also be a weakness. So what can you do to protect your business? First, recognize that not all of your employees have the same level of interaction with people, the front desk clerk taking calls all day would be at higher risk than the factory worker, for example. We recommend cyber-security training for each level of risk identified, focusing on responding to the types of scenarios they might find themselves in. Social engineering is too dangerous to take lightly, and far too common for comfort.
Talk to us about your cyber security options today.
Contact us here or Call us at 432-279-0671
We all love our Google, quickly finding everything we need on the Internet. It’s replaced dictionaries, encyclopedias, instruction manuals, newspapers and in many cases, even doctors. However, sometimes your search results aren’t the real thing and can be downright malicious. Here’s how to search safely:
Pay attention to the URL in Google
Below every result title, there’s a URL in green. No matter what the title says, this URL is where your click will take you. Unfortunately, cyber-criminals will often list their site with a familiar and trusted title but link you to their scam/malware pages.
For example, the title could be your bank name (eg, Example Bank), which seems legitimate, but the URL could be www.baabpjhg.com which is obviously not your bank. Sometimes they’ll attempt to trick you by putting the real site into the link too, eg www.baabpjhg.com/examplebank.com which makes it even more likely to catch you when skimming through results quickly. When you visit the page, it might look exactly like your bank’s site and ask for your login details, which are then harvested for the attack. While jibberish in the link is pretty easy to spot, sometimes they’ll take advantage of a small typo that you can easily miss. For example, www.exampebank.com (missing the letter L).
Notice Google search results vs paid ads
Google does a pretty good job at making sure the most relevant and legitimate sites are at the top of the list. However, paid ads will usually appear above them. Most of the time, these paid ads are also legitimate (and you can quickly check the URL to verify), but occasionally cybercriminals are able to promote their malicious site to the top and catch thousands of victims before being removed.
Believe Google’s malicious site alerts
Sometimes Google knows when something is wrong with a site. It could be a legitimate site that was recently hacked, a security setting that’s malfunctioned, or the site was reported to them as compromised. When this happens, Google stops you clicking through with a message saying “this website may be harmful” or “this site may harm your computer”. Stop immediately, and trust that Google has detected something you don’t want in your house.
Turn on safe search
You can filter out explicit results by turning on Google Safe Search. While not strictly a cyber-security issue, it can still provide a safer Google experience. Safe Search is normally suggested as a way to protect browsing children, but it also helps adults who aren’t interested in having their search results cluttered with inappropriate links, many of which lead to high-risk sites. Switch Safe Search on/off by clicking Settings > Safe Search.
Need some help securing your system? Give us a call at 432-279-0671
The online con artists and hackers will be lining up in droves for this one. And hitting your email mailbox hard.
On Thursday the Credit Reporting Bureau, Equifax reported that they have suffered a massive data breach in which 143 million Americans have had their credit data stolen. This information includes Social Security Numbers, Drivers License numbers and most of your basic account information on file with the credit bureau. The potential for abuse should be obvious. Crooks can take this information and steal your identity to create credit card accounts run up massive debts and vanish leaving you with a major mess to clean up.
As this is major news the hackers will, of course, use your fear of credit fraud to trick you into opening virus laden emails in hopes of capturing passwords.
What to do about it?
- Check with Equifax and see if your information is part of the data breach. You can do so at https://www.equifaxsecurity2017.com/
- Don’t open emails that are warning about Equifax. If you have an account with Equifax use the link above to check your status. NEVER CLICK ON LINKS in an email.
- Update your antivirus. If you don’t have an antivirus get one now.
- Get a good spam filter. We have several spam solutions for your business such as Office 365. Switching your business to Office 365 for email can dramatically reduce your spam and virus risk with the built in protection from Microsoft.
- Use a good ad block program in your web browser. At N-Line we recommend Ublock Origin for Google Chrome.
N-Line Computers can provide full protection for your business with our Managed Services Plans
Contact us today at 432-279-0671 and let us help protect your business.
The message is clear: email is king. Many clients and customers choose to communicate primarily by email and as you know, it gives a fantastic ROI in your marketing strategy…unless you’re using a free email like Hotmail, Gmail, or even your internet provider. If that’s the case, you’re losing business each and every day.
It looks unprofessional: Imagine if banks used free email accounts – you’d never feel comfortable giving them your personal details let alone any money. How people perceive your business is what makes your business. Without that professional touch, you’ll appear temporary and fly-by-night. It puts your credibility into question and sends the message that you’re not serious about doing business – or worse – that you’re prepared to cut corners.
It erases your experience: Newer, fledgling businesses often start out with a free email address. The address clearly communicates that they are new and have little experience, and are perhaps testing the waters in a new direction. They’re not even remotely proven yet and are firmly within the hobby-zone. Continuing to use the free address once your business moves into the professional arena means you’ll struggle to build momentum and any experience will be negated.
It’s forgettable or inappropriate: Your business success hinges on being memorable enough to gain referral custom and results from your advertising. Unfortunately, free email addresses are by default filled with hard to remember clutter, for example – email@example.com or firstname.lastname@example.org.
Neither of these roll off the tongue, is appropriate for business, or can be remembered without a high likelihood of typos and bounce back. Branded email addresses such as email@example.com make running a profitable, scalable business much easier.
It’s not permanent or safe: When you use a free email address you are at the mercy of the email provider. They may close down operations or cancel your account for any reason. These types of accounts are also often hacked and leaked on a global scale. When a better internet or email deal comes along, you’re still stuck using the old address because it’s printed on your business cards, car lettering, and flyers.
Some will agree to keep the address open for a fee, but you’ll lose the control and flexibility you need to grow your business. With your own domain name, you own it and can move it to a new business-grade email service easily. You’ll also have complete master control over the addresses within your domain, resetting passwords and creating/closing accounts at will.