10 Scary Tech Support Lessons Sure to Spook This Year

/in /by

We take pride in continuing to educate our clients on the trials and tribulations seen in business technology today. The following images aren’t from our clients, but they are real-world examples of the tech support challenges many businesses face today, some completely unknowingly. No matter the issue, we always go to bat for our clients, focusing on correcting any technical support issues we uncover, and sometimes that includes educating businesses and solving their problems

Sometimes, there are problems so bad, you wouldn’t want to deal with them. So, instead of filling your inboxes with ghosts, ghouls, or pumpkins, we’ve rounded up 10 examples from the r/techsupportgore subreddit that is sure to send a painful wince or a shiver down your spine:

1. Enjoy this ‘updated’ network diagram!

Read more

Cybersecurity: 99% of Email Attacks Rely on Victims Clicking Links

/in /by

While a tiny fraction of attacks relies on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run.

Sometimes it seems easy to blame users for falling victim to phishing attacks, but campaigns are becoming increasingly sophisticated. It’s often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss.

Social engineering is the key element in mimicking your routines as a business and ensuring their best-chances of success. If a user might be suspicious of ANY email, claiming to be from a colleague arriving at 10:00 PM your time, instead your working hours are when these campaigns hit, creating spoofs of legitimate emails, from well-known brands with the hopes of you interacting with it, and set off an attack.

No Geek Speak

Let’s get real for a moment here – phishing is one of the cheapest, easiest cyberattacks for criminals to learn, buy, and deploy. Just a few weeks ago, the FBI noted that Business Email Compromises are the leading attack vectors. The reason it continues to remain at the height of its potential is due to the large volume of interaction they receive. Put simply, phishing works and it can be difficult for many to implore the proper expertise when securing email systems and policies.

Although many attacks are designed to look legit, there are still ways to identify what could be a malware attack, just under your nose. If in doubt, contact the “supposed” sender of the sender to test its legitimacy. It’s worth noting that cloud providers like Microsoft, Amazon, and Google won’t ask you to click through weird looking links/URLs that ask for credentials. If one of your colleagues or yourself find something that appears suspicious, just close the email and go directly to a browser. Make sure you go directly to their website and login to check any alerts or notifications in online portals, not through email links.

Phishing by the Numbers

  • 74% of respondents say email attacks are having a major impact on their businesses. The most common effects cited were loss of employee productivity, downtime and business disruption, and damage to the reputation of the IT team.
  • 78% of organizations say the cost of email breaches is increasing.
  • Spear phishing is becoming more widespread: 43% of organizations have been the victim of a spear-phishing attack in the past 12 months.
  • More than three-quarters of organizations say their employees aren’t good at spotting suspicious emails.
  • 66% claimed that cyber-attacks have had a direct monetary cost on their organization in the past year. Nearly a quarter of respondents advised that attacks have cost their organization $100,000 or more.
  • 92% of Office 365 users have security concerns.
  • 79% of IT professionals said they are worried about attacks and breaches stemming from inside the organization.
  • 94% of organizations say employees are reporting suspicious emails to IT on a daily basis, but 58% say most emails reported to IT aren’t fraudulent.

It’s our responsibility, as the Bay Area’s #1 Managed Service Provider, that we ensure software updates, and security patches are applied regularly, in the case of someone clicking a link, malware can’t rely on any known vulnerabilities. Cybersecurity and technology are going to continue leading the changes, found in today’s business climate. Talk to a Clare Computer Solutions, expert today for a no-obligation meeting, to find out where you stand in today’s cyber-climate.

 

 

4 Proactive Steps to Prepare Networks for Ultimate Agility

/in /by

Growing in rapid popularity, networking professionals identified improving network agility as a top business goal for the year. Considered the future of networking and business computing, “Network Agility” itself has become a popular buzzword. With everyone talking about it, no one seems to agree on one definition or the next.

So what does network agility actually mean? We reached out to some of the most well-known brands in information technology, to gather and break down a jargon-free explanation. Hopefully, this will provide you some insight on network agility and answer any questions you may have.
Network Agility, So what is it?

To build agility in someone’s network, you need the ability to respond to network changes in real-time, while keeping pace with the evolving needs of your business. Agile Networking adapts to changes – like a rise in traffic, or newly-deployed devices as they happen, remaining flexible, secure, and easier to manage.

For a network looking to become more “agile,” it will need these three characteristics:

    • Scale Quickly: In standard network designs, the rules and configurations demanded to expand a network are coded by hand. In agile networking, scaling becomes a more hands-off process with network templates being deployed to address the reconfiguration of existing devices, with a more logical layout.
    • Total Visibility into the Network: In your current network, data is everything to you. All data from an endpoint, network devices, including performance data, alerts and more; must be collected and stored somewhere. This data is analyzed by machine learning and artificial intelligence in the background to work out maintenance and troubleshooting.
    • No Strings Attached: Using data collected, an agile network will discover root-causes behind specific alerts and notifications, with emphasis on the appropriate steps to troubleshoot issues. Trying each step until successful, agile networks further refine and focus their abilities in fixing problems. Eventually, leaving the entire network to find and fix issues on its own, without any interruption from the added workloads or constant human intervention.

Unless your 100% certain your network was built using modern architectures and technology, then there is likely a mismatch of different devices, spanning across many vendors.

If this sounds familiar, then achieving network agility, let alone a stable network will require modification. That doesn’t have to be done in one go, in fact, we break this process into 4 proactive steps to prepare networks:

    1. Standardization sounds scary, but limiting a network with fewer than 5 vendors is easier to monitor, and more simple to manage as a network grows diverse over time. The challenge for most businesses is the cost and time, but with a strong focus on expertise, a plan is key to avoid tossing more money at drowning technology.
    2. Become strategic when growing your network, with any modifications it’s important to make sure this is a logical extension of your network, not a cobbled-together hack. The question we always ask our clients is, “Does this position the network for success in the future?” You should be moving forward with resounding decisions, for further improving the automation and less in the difficulty in managing technology every day.
    3. Document Everything: Networks change, and having the ability to review items like topology maps, device inventory, alerts, troubleshooting efforts trending becomes easier, and a managed service provider like Clare Computer Solutions documents these changes progressively, giving access to internal teams or leadership to assist in decision making analytics. These are key when proactively, managing your network infrastructure.
    4. Tight-knit Processes are based on the documentation gained and held to create your helpful process for your internal employees, while we do the heavy lifting. When our alerts trigger, your internal teams will know exactly what is going on and know that it’s being fixed.

The fact is many businesses have already begun taking steps we’ve outlined to prepare their networks for the future. If you don’t start now, then you’ll be scrambling to modify your networks, which is a big task that requires a lot of your internal manpower, where using Clare Computer Solutions we can focus your resources, for next-level efficiency. What are you waiting forTalk to the network experts today!

Phishing: Even Without a Click, Your Employees Can Assist the Bad Guys

/in /by

Employees can still assist the bad guys in compromising the overall safety of your organization. Over the years, we’ve reinforced these security ideas in our blogs and social media with the idea that clicking or interacting with these criminals only continues to broaden your vulnerability, making your risk of attack that much greater. These criminals are constantly adapting with every failed attempt. The criminals appear to have wised up again, as they have begun focusing more on getting employees to reply.

By drawing people into some form of back and forth email exchanges, employees begin unwittingly training these criminals, through what warrants a potential reply. One of the ways they learn to phish companies is by learning how your employees work. Read more

MFA multifactor authentication for SMB business bay area SFIllistraition_Final

Back 2 Basics: Prevent Data Breaches with Stronger Authentication

/1 Comment/in /by

Identity security is one of the most significant challenges that IT organizations face. An identity compromise can ruin an organization, and it is the number one attack vector for hackers. Your traditional, not so secure way to log in, consists of entering your username, and that familiar password. You know, the one you probably use […]

Read more
operating system security updates baseline

July Patch Updates: Correcting the Windows 10 Operating System’s Baseline Security

/in , /by

One of the focuses of the Windows 10 operating system was its improved security overall. While it does still dwarf it’s older versions in comparison; one aspect even your Operating System can’t fix by itself is – user behavior.

That’s right, your operating system, can only assist, guide, or require you to change your password, never focusing on its complexity. Microsoft has long stood-by their policies, that passwords should expire after so many days, to prevent compromised credentials. Having done numerous studies, when push comes to shove in most cases employees are forced to change passwords, they make a small alteration to the existing password and hit save. For many, this includes symbols and numbers tagged to the beginning or end of our credentials, to fulfill this task, before beginning our work.

In Microsoft’s latest release Feature Update #1809, they’ve updated password policies in the operating system’s including many changes to native application’s security baseline, making ALL passwords expire by force. Although this doesn’t impact password length, history, or complexity we’re moving towards much more secure environments. As many of these vulnerabilities, 77 in total related to business-line products used in our everyday working life. These won’t be the only changes, those utilizing the following Microsoft Solutions will receive security updates for two zero-day events: Internet Explorer, Microsoft Edge, Microsoft Office, Azure DevOps, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.

Business’ and their employees should always focus on having a security-focused mindset, whether from Security Awareness Training, or just knowing what role passwords play in an attack. To sufficiently secure your data, organizations seek updated security tools to address their concerns and look towards in-house experts and close working relationships to build the latest guidance for securing employees and business data.

  • Banned Passwords
    Built to battle simple passwords, sticking with default passwords, makes it much less frustrating to hackers. By stopping employees who are using passwords like “123456” and “1Password!!” your organization can block the use of these commonly stolen credentials, making it more secure for the employees.
  • Multi-Factor Authentication
    Known by many as “MFA,” it’s grown common practice for most industries to require every employee within the organization to utilize more than one path for authentication. This company stance should be leveraged across your entire business, even if they ONLY have access to email.

By employing the use of these alternative controls, businesses can begin leveraging employees as their first line-of-defense. Begin to offset the potential for increased security vulnerabilities and risks, commonly seen today, educating your employees on proper password hygiene, length, and complexity, your business can easily meet the security needs of your customers and your employees.

Want the experts to educate your staff and assist your network hygiene efforts – give us a call today!

Close operating system exploits and vulnerabilities

Microsoft Patching Addresses 88 Vulnerabilities & Risks Found in Systems Today

/in /by

Patching can prevent many of the most-used exploits, risks, and vulnerabilities are seen in major applications, software, and even operating systems. These patches typically contain updates to your current software suite. In recent years, Microsoft has transitioned they focus from new features and updates to focusing on the vulnerability of business’ and employees utilizing the Windows Operating System.

Microsoft releases updates to address and fix 88 security risks and vulnerabilities in it’s Windows Operating Systems, specifically relating to software and applications. The most lethal of these include 4 vulnerabilities, that exploit code has already been created and distributed on the Dark Web. It’s these bugs that can affect ALL versions of Microsoft Office and trigger malicious links, including what feels like too many, as a customary security update for Adobe’s Flash Player.

Read more

Flipboard News gets hit by data breach in IT Support Blog Clare Computer Solutions

Read Between the Lines: What Your Business Could Learn from Flipboard’s Recent Data-Breach

/in , , /by

According to Flipboard, hackers were able to tap directly into the databases where the app-company housed customer information. The information stolen, including customer names, user names, hashed passwords, emails, and digital tokens or API tokens for your favorite social media apps. Although Flipboard does not know how many accounts hackers infiltrated, nor have they fully-assessed the damage, one thing is for sure: It’s time for many companies to begin reading between the lines. While data that was stolen is serious, it’s the number of time hackers were able to go undetected that is cause for concern. Companies need to focus on Endpoint Protection. Read more

SF Bay Area Law Firms hit by ransomware and hackers

Phishing Attacks Begin Leveraging Legal Threats From Local Law Firms

/in , /by

By far the most convincing email phishing and malware attacks come disguised as your “typical nastygram” from local businesses. These emails have grown in popularity with cyber-criminals. By making minor customizations to these campaigns, these phishing attacks are now being spoofed as though, local organizations are the culprits! These emails notify recipients that he/she is being sued and instructs them to review the following attached files, with a directive to respond within a specific time frame, or penalties will occur… Here’s a look at a recent phishing campaign that peppered more than 100,000 business executives. With the goal of phishing for employee personal information and exploiting data systems, by utilizing a local law firm’s system to send infected data to partners.

In May, two well-known anti-virus firms began detecting compromised files, specifically within Microsoft Word. Emails with attachments were sent with a simple variation of the message below. This exact kit is now being traded alongside others on the “dark web,” therefore we have numerous business names outlined in brackets below.

Read more

Windows Server 2008 End-Of-Life Support Begins Looming as Business Scramble to Act

/1 Comment/in /by

It seems like we just went through this with Windows Server 2003, but we’ll soon be losing yet another Microsoft flagship product. Windows Server 2008 R2 and Exchange 2010, reached it’s “end-of-mainstream support” on January 13th, 2015 but the final blow will come January 14th, 2020. The exact same date for the end-of-support for Windows 7 Operating Systems. Microsoft will officially end its support for Windows Server 2008 and the 2008 R2 editions. It’s a sad beginning but read on and I will point you towards a few transformative paths for on-site, or cloud use.

Although 2020 seems like its lightyears away, update in an IT Infrastructure is a large task, one that will be here before you know it. So, if you’re still running Hyper-V on a Windows Server R2 platform, or worse your still running Windows Server 2003, then you need to start strategizing now, to ensure your company is protected and infrastructure is secure while moving forward.

0Weeks0Days0Hours0Minutes0Seconds

Extended Support Dates in Effect

Windows Server 2008 and SQL Server 2008 and 2008 R2 variants are already on their extended support phase now. As of July 8th, 2019, will be the final date for SQL Server 2008, while January 14th, 2020 will come shortly after. Once these dates hit, you will be running machines at your own risk in this saturated age of cyber-attacks. The good news is the fate of these dinosaur systems isn’t as bad as it would appear. It’s true this date cannot be moved, changed or deflected, but Microsoft has opened several more, cost-effective paths for businesses to begin their infrastructure evolution.

0Weeks0Days0Hours0Minutes0Seconds

Little-to-No Support Leaves Your Operating System Vulnerable

You can continue to use Windows Server 2008 R2 safely in your environments, at least until the expiration date. By doing so, you stand the risk of missing out of several new features being introduced to the Hyper-V family on any Server 2012 operating systems. These features alone warrant an upgrade to your infrastructure prior to the end-of-life support dates.

Remember that once a product reaches its end-of-life, no new features, fixes, or updates will occur. While Microsoft continues to provide what little help for customers with Server 2008 through extending support agreements, they too will no longer be able to receive any form of support from Microsoft come January 14, 2020. Leaving many business systems open and exposed to outside infiltration. All three Windows Server 2008, 2008 R2 (Datacenter, Enterprise, and Standard) will be affected, also including the Hyper-V role.

Post-Upgrade Solutions for Managing Your Old Servers 

  • Path #1:  Seen by many as the traditional evolutionary path, upgrading to a newer version of Windows Server, and SQL Server. This is where you get the most updated features in today’s security landscape. The latest version of Windows Server 2019, and SQL Server 2017.With the only caveat being to host on-premises versions or move to the cloud.
  • Path #2:  Not interested in upgrading to the latest server versions for some reason? We’ve got you covered, with a few options for those who wish to continue using Windows Server 2008 and 2008 R2. To save you money, you could move these workloads into the Azure cloud, using Azure’s Hybrid Use Benefits. The only cost incurred is the computing instance and infrastructure. With the use of Azure Reserved Virtual Machine Instances for Windows Server, you can save further on computing costs.
  • Path #3:  The last path is the most grim for many, it’s the choice to not evolve at all. This leaves many servers including file, or database to receive the updating needed to stop cyber-attackers. For business’ that have already purchased “Software Assurance or Enterprise Subscription,” will receive security updates for a prolonged period of time. We should note, Microsoft has discontinued its assurance agreements, but with more than 90% of affected business’ operating under a “Standard License,” this path doesn’t work for the vast majority of businesses. Once again leaving many without a clear-cut choice.

This is still YOUR Choice

We hope all the information from Clare Computer Solutions, will assist in making sense of the dynamic landscape in technology. If your business wants a second opinion or just a helping hand, any of our team members would be happy to assist you with making your transition as smooth as possible. Reach out today to begin discussing your options in greater detail today.