Can You Spot a Scam When You See One?

Can You Spot a Scam When You See One? – Learn How to Recognize Suspicious Texts and Emails!

As we are all getting used to the new normal, people continuing to work from home or staff returning to work, there continues to be a lot of change and unrest. Users are frustrated, concerned, overwhelmed, hurried and uncomfortable. As such they may forget to follow due diligence recommendations. Additionally, our hackers just keep getting more creative and continue to hunt for opportunities.

Keeping your business and information safe is critically important to us. Whether these attacks are directed at the business or the home, your users are exposed. Therefore, we continue to identify new threats and help you stay in front of the latest business scams and hacking attempts.

Read more

6 Important OS Hardening Steps to Protect Your Data and End Users

Are your systems protected? Is your IT Team overwhelmed or your current IT Partner leaving your business vulnerable? According to the Duo Trusted Access Report, only 53% of Mac OS users are running either the fully patched, latest version of OS X, or the previous version, compared to 35% of Windows users on Windows 10 and 8.1. That means most of these operating systems are outdated, unpatched or unsecured – leaving your business vulnerable to compromises and extended downtime.

While proper patch management is critical to protecting business data and employee up-time, it is only one of many security considerations. Ransomware-as-a-Service continues to grow, it’s just as important, we are seeing a rise in popularity of Operating System (OS) Exploit Kits.

When attempting to compromise a device or network, malicious actors look for any way in. Many businesses are unaware that operating system vulnerabilities provide an easy access. With Clare’s NetCentral managed Services we can assure you peace of mind while helping you to safeguard sensitive information and your systems. This is not an exhaustive list of the services we include but here are six things all companies should be thinking about to assure their systems are hardened and minimize your risk of suffering a cyber-attack:

  1. Program Clean-Up – Remove any unnecessary programs. Many systems come installed with apps that never get used or updated. If the program isn’t something your business has vetted and locked down, it shouldn’t be used on your network. Without the needed attention and maintenance of these programs, attackers can utilize them as a backdoor when attempting to compromise your network.
  2. Use of Service Packs – Keep updated with the latest versions to further ensure the prevention of zero-day attacks. This easy rule can prevent a bad situation, from getting worse.
  3. Patches & Patch Management – Plan, test, implement and audit your current patch management strategy. OS patching and updates (as well as applications) should become part of your regular security regimen.
  4. Configuration Baselines – Begin base-lining the process of measuring changes in hardware, software, and networking. Start with a baseline and begin measuring its performance for a consistent period.
  5. Security Templates – Create and review basic Security policies regularly. Assure procedures can be followed and enforced.
  6. Group Policies – Define employee groups based on the needed access levels and maintain the rules. Often cyber-attacks occur through simple user error. Begin to establish, and update user policies and ensure users are aware and follow these procedures. A common example would be implementing strong passwords, securing those credentials and enforce that they change them on a regular interval.

There’s no end to how much you can protect your business environments. This list should help you to get started and on the right track. Sometimes the little changes can make the biggest difference in securing technology. As you begin returning to work, Clare Computer Support is here to help and readily available to assist if you’re concerned about the status of your technology or IT Support.

We are happy to answer any questions or address any concerns you may have. Keeping systems up to date is the first step to gaining a peace of mind. Leaving the support to us will allow you to focus on Your Business.

Returning to the Office: A Checklist for Your Businesses

As many counties ease lockdown restrictions, businesses around the Bay Area will slowly begin to reopen their doors. As some look forward to getting back into the office, other will continue to feel wary. One thing is for certain – the workplace is going to look very different for many of us.

How can you best prepare your team for the ‘new normal’? What should you take into consideration to ensure a successful return to the workplace, especially when it comes to employees, office space, and technology? While it is not an exhaustive list, our Returning to the Office: A Checklist for Your Businesses covers the items to consider as your office begins to reopen. Read more

Generating Your Security Mindset During These Times

Here we are, months later, still dealing with the changes this pandemic has created. Most changes haven’t been fun, but it’s made for very interesting times. Many businesses are focused on balancing between more or (for some) less work, figuring out how to maintain staff, motivate existing staff remotely, determining how to keep staff busy and preparing for what tomorrow will bring as we slowly start to come out of the COVID-19 quarantine. Now, more than ever, is the time to re-evaluate your businesses Security Posture and implement solutions you may have been hesitant to consider previously. It’s predicted that by 2021, cyber crime will cost the world $6 trillion annually. Even more frightening is the fact that on average, there is a hacker attack every 39 seconds Read more

Insider Threats, What’s the True Cost to Your Organization

Insider threats cost companies millions. According to the Ponemon Institute’s recently released study ”2020 Cost of Internal Threats.”  In the last two years we have seen a 31% increase in threats emerging from inside an organization. Costs range from $756K to $871K per incident, depending on the type of breach.

There are three types of Insider Threats:
  • Careless, Negligent Employee or Contractor– These are well-intentioned employees or other users who accidentally harm the enterprise. These incidents happen all the time, but  a lot of people don’t think about this threat. Employees constantly make mistakes that put company data at risk — whether that’s because they’re careless, taking shortcuts, or simply uneducated in security. These mistakes add to the challenges faced by IT Teams daily. Ransomware, for example, is often put on a computer because of an employee’s careless browsing or download habits. Phishing attacks are another great example.
  • Malicious Insider – This is the disgruntled employee who sabotages company data as revenge. This could be the employee  who steals proprietary data to take to their new firm or the customer service rep who copies credit card data to sell online or the sales rep sharing competitive information. It’s anyone who intentionally harms their employer, whether for revenge, personal gain, or any other reason. These guys know exactly what they’re doing.
  • Credential Thief – These are outside hackers who steal credentials to gain inside access to your system. Once an outsider gains access to your system, they are effectively acting as an insider. The methods that you need to detect and stop them are the same as any other rogue employee. While many don’t think about these guys as “insider threats”, they’re a huge danger operating from within your environment, so they are very much an insider threat. These guys damage brand, reputation and generally wreak havoc, often looking for personal financial gain.

Of note, the negligent insider has been identified as the root cause of most incidents (with average costs of $756K), while the malicious insider risk is the most costly (with average costs of $871K). And the longer it takes to identify the breach, the more costlier it gets. With the average incident taking 77 days to contact this adds up to a costly amount!

The data shows that most organizations need to be more vigilant about insider threat incidents, which often fly under the radar until it’s too late. Many organizations believe that they can address insider threats with their existing, externally-focused security solutions, when a dedicated insider threat management strategy may be a better overall approach. Here are a few tips Clare Computer Solutions Recommends:

  1. Implement an Endpoint security solution, backed by a Secure Operations Center, that can quickly identify insider threats and provide immediate support.
  2. Limit access to non-essential data or limit the duration of time users can access the information needed for a task.
  3. Use AI solutions to Identify behavioral indicators of potentially malicious insider threats
  4. Periodically evaluate the organization’s risks through dark web monitoring for credential leaks.
  5. Establish consistent, repeatable processes that educate all employees through Security Awareness Training.
  6. Begin considering the impact an insider threat could have on reputation and brand, in addition to the financial costs

Contact Clare Computer Solutions to discuss your organization’s security posture and how our team can protect your business from insider threats.

Average Ransomware Payment Rises Again

COVID-19 continues to create opportunities for the “bad actors” to wreak havoc. In this week’s blog we discuss the latest security concerns created by the COVID-19 pandemic, specifically around Ransomware. This quarter saw a 33% increase in ransom from Q1 2020, with average payment requirement of $111K! It’s the seventh straight quarter that system hijackers have reaped more money and shows that this security breach continues to grow. Compare this to the previous numbers we shared in which the average ransom in Q4 2019 had increased from $84,116 reflecting a staggering increase from $41,198 in Q4 2018.

2020 Findings for Quarter #1 (Q1):

Ransomware Attack Vectors:

  1. RDP Compromise remains at 60%
  2. Email Phishing rose to 26%
  3. Software Vulnerability dipped to 10%.
    **Poorly secured Remote Desktop Protocol (RDP) access points continued to be the most common attack vector in the last two quarters.

Targeted Companies/Industries:

  1. Companies in the Professional Services Industries are the most commonly targeted
  2. Healthcare Companies
  3. Public Sector entities – schools, government
  4. Software Services Companies

Average Size of Companies Targeted by ransomware:

  1. The median company size victimized was 62 employees for Q1, 2020, a 2.5% rise from Q4, 2019.

Average Downtime From Ransomware Attack:

  1. The average downtime for a business compromised was 15 Days

In addition, Cybercriminals are now weaponizing sensitive data to increase pressure on their ransomware victims. More than just asking for a ransom to gain access to your data, they are now threatening to sell your data. Of note is that 99% of ransomware attackers demanded their ransom be paid in Bitcoin; the remaining 1% asked to be paid in Dash or other privacy coins. This has created even more issues and downtime for many companies as they had to scramble to set up BitCoin accounts. (Typical time to set up a BitCoin account is 2-days)

If You Haven’t Done so Previously, Now Is the Time to Evaluate Your Security Risk

Ransomware attacks are becoming more sophisticated and cybersecurity professionals are taking action. With the right tools, you can prevent, detect and respond quickly to ransomware attacks threatening your organization. Clare Computer Solutions offers a suite of security solutions to mitigate your risks. Cyber-extortionists will stop at nothing to steal your business data. Companies victimized by phishing emails and ransomware seek immediate assistance. Talk to your Account Manager or Virtual CIO to discuss your options for a greater security posture.

We Are Here, Open for Business and Ready to Support You

We at Clare Computer Solutions, first and foremost, hope that wherever you are that you are staying healthy and safe during this unprecedented and challenging time. These are difficult and admittedly uncertain times for all of us.

Clare Computer Solutions continues to provide service with integrity during this shelter at home order supporting our clients, community and employees to the best of our ability. As an essential business supporting other essential businesses, we’re committed to being a reliable partner to our clients and their end-users in difficult times – just as we are in good times. We remain open and available to provide you with the latest, most current information and technologies you need to keep your businesses running and are committed to doing our best to complete all active projects. We are available to assist any new clients with their design, implementation and support needs during these challenging times proving remote and onsite assistance.

We Are Here, Open for Business and Ready to Support You.

We appreciate your support and want you to feel confident that the Clare Team remains available to help guide you through your IT Technology goals and IT Support needs, in spite of the rapidly changing environment.

If we can be of any assistance to you or your firm please call us directly at (925) 277-0690 or email us at or contact your dedicated Account Manager.

Business Email Compromise: How-To Avoid Joining Those Already Impacted

Business Email Compromise (BEC) now encompasses the largest threat to business. Designed to evade traditional email security, Business including gateways and spam filters, spear-phishing attacks are often sent from high-reputation domains or compromised email accounts. Attacks typically use spoofing techniques and include “zero-day” links, unlikely to be blocked by URL-protection technologies.

Better enforcing your ability to curve attacks and avoid these scams. A lot of the time, attackers impersonate the HR, IT or Finance Teams, instead of an individual. Often, requests appear from a senior executive or trusted colleague. Read more

Clare Computer Solutions Windows 7 Extended Support Update

Stop Dreading the Update: Windows 7 Extended Support Update Relief

On January 14th, 2020 Windows 7 will be reaching its end of supportable life. This means any business using Windows 7 on employee PCs, or Windows Server 2008 will no longer receive the security and bug patching needed when computing in today’s connected age. Rejoice in knowing Microsoft, and Clare Computer Solutions have implemented what is known as Windows 7 Extended Support Update (ESU) for several systems.

Read more

Lessons in Network Lock-down: Focusing on Business Backups First

When you’re considering the prevention of modern attacks, it’s become pretty obvious that all businesses need a strong lineup of cyber-defense tools, not just a bare bones firewall and old-fashion anti-virus. You need to protect the business first, to do this you need a solution that can withstand the continued onslaught of modern malware.

For many businesses, it’s grown crucial to remember as technology needs begin shifting, so should your cyber security around  how to lessen the risk involved in your day-to-day operations. By following the recommendations of an experienced and trusted provider, you can effectively protect your business, ensuring you stay secure.

Embrace Automated Threat Detection & Response

While being around for nearly a decade, the term ‘anti-virus’ really belongs in the consumer space. When we talk business-grade protection we utilize solutions that stop threats immediately, with automated remediation systems, so you don’t have to spend time and resources cleaning viruses or restoring data.

You need a solution that doesn’t just stop threats, but works to put time back in your day.

Read more