Business Email Compromise: How-To Avoid Joining Those Already Impacted

/in /by

Business Email Compromise (BEC) now encompasses the largest threat to business. Designed to evade traditional email security, Business including gateways and spam filters, spear-phishing attacks are often sent from high-reputation domains or compromised email accounts. Attacks typically use spoofing techniques and include “zero-day” links, unlikely to be blocked by URL-protection technologies.

Better enforcing your ability to curve attacks and avoid these scams. A lot of the time, attackers impersonate the HR, IT or Finance Teams, instead of an individual. Often, requests appear from a senior executive or trusted colleague. Read more

Clare Computer Solutions Windows 7 Extended Support Update

Stop Dreading the Update: Windows 7 Extended Support Update Relief

/in /by

On January 14th, 2020 Windows 7 will be reaching its end of supportable life. This means any business using Windows 7 on employee PCs, or Windows Server 2008 will no longer receive the security and bug patching needed when computing in today’s connected age. Rejoice in knowing Microsoft, and Clare Computer Solutions have implemented what is known as Windows 7 Extended Support Update (ESU) for several systems.

Read more

Lessons in Network Lock-down: Focusing on Business Backups First

/in , /by

When you’re considering the prevention of modern attacks, it’s become pretty obvious that all businesses need a strong lineup of cyber-defense tools, not just a bare bones firewall and old-fashion anti-virus. You need to protect the business first, to do this you need a solution that can withstand the continued onslaught of modern malware.

For many businesses, it’s grown crucial to remember as technology needs begin shifting, so should your cyber security around  how to lessen the risk involved in your day-to-day operations. By following the recommendations of an experienced and trusted provider, you can effectively protect your business, ensuring you stay secure.

Embrace Automated Threat Detection & Response

While being around for nearly a decade, the term ‘anti-virus’ really belongs in the consumer space. When we talk business-grade protection we utilize solutions that stop threats immediately, with automated remediation systems, so you don’t have to spend time and resources cleaning viruses or restoring data.

You need a solution that doesn’t just stop threats, but works to put time back in your day.

Read more

10 Scary Tech Support Lessons Sure to Spook This Year

/in /by

We take pride in continuing to educate our clients on the trials and tribulations seen in business technology today. The following images aren’t from our clients, but they are real-world examples of the tech support challenges many businesses face today, some completely unknowingly. No matter the issue, we always go to bat for our clients, focusing on correcting any technical support issues we uncover, and sometimes that includes educating businesses and solving their problems

Sometimes, there are problems so bad, you wouldn’t want to deal with them. So, instead of filling your inboxes with ghosts, ghouls, or pumpkins, we’ve rounded up 10 examples from the r/techsupportgore subreddit that is sure to send a painful wince or a shiver down your spine:

1. Enjoy this ‘updated’ network diagram!

Read more

Cybersecurity: 99% of Email Attacks Rely on Victims Clicking Links

/1 Comment/in /by

While a tiny fraction of attacks relies on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run.

Sometimes it seems easy to blame users for falling victim to phishing attacks, but campaigns are becoming increasingly sophisticated. It’s often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss.

Social engineering is the key element in mimicking your routines as a business and ensuring their best-chances of success. If a user might be suspicious of ANY email, claiming to be from a colleague arriving at 10:00 PM your time, instead your working hours are when these campaigns hit, creating spoofs of legitimate emails, from well-known brands with the hopes of you interacting with it, and set off an attack.

No Geek Speak

Let’s get real for a moment here – phishing is one of the cheapest, easiest cyberattacks for criminals to learn, buy, and deploy. Just a few weeks ago, the FBI noted that Business Email Compromises are the leading attack vectors. The reason it continues to remain at the height of its potential is due to the large volume of interaction they receive. Put simply, phishing works and it can be difficult for many to implore the proper expertise when securing email systems and policies.

Although many attacks are designed to look legit, there are still ways to identify what could be a malware attack, just under your nose. If in doubt, contact the “supposed” sender of the sender to test its legitimacy. It’s worth noting that cloud providers like Microsoft, Amazon, and Google won’t ask you to click through weird looking links/URLs that ask for credentials. If one of your colleagues or yourself find something that appears suspicious, just close the email and go directly to a browser. Make sure you go directly to their website and login to check any alerts or notifications in online portals, not through email links.

Phishing by the Numbers

  • 74% of respondents say email attacks are having a major impact on their businesses. The most common effects cited were loss of employee productivity, downtime and business disruption, and damage to the reputation of the IT team.
  • 78% of organizations say the cost of email breaches is increasing.
  • Spear phishing is becoming more widespread: 43% of organizations have been the victim of a spear-phishing attack in the past 12 months.
  • More than three-quarters of organizations say their employees aren’t good at spotting suspicious emails.
  • 66% claimed that cyber-attacks have had a direct monetary cost on their organization in the past year. Nearly a quarter of respondents advised that attacks have cost their organization $100,000 or more.
  • 92% of Office 365 users have security concerns.
  • 79% of IT professionals said they are worried about attacks and breaches stemming from inside the organization.
  • 94% of organizations say employees are reporting suspicious emails to IT on a daily basis, but 58% say most emails reported to IT aren’t fraudulent.

It’s our responsibility, as the Bay Area’s #1 Managed Service Provider, that we ensure software updates, and security patches are applied regularly, in the case of someone clicking a link, malware can’t rely on any known vulnerabilities. Cybersecurity and technology are going to continue leading the changes, found in today’s business climate. Talk to a Clare Computer Solutions, expert today for a no-obligation meeting, to find out where you stand in today’s cyber-climate.

 

 

4 Proactive Steps to Prepare Networks for Ultimate Agility

/in /by

Growing in rapid popularity, networking professionals identified improving network agility as a top business goal for the year. Considered the future of networking and business computing, “Network Agility” itself has become a popular buzzword. With everyone talking about it, no one seems to agree on one definition or the next.

So what does network agility actually mean? We reached out to some of the most well-known brands in information technology, to gather and break down a jargon-free explanation. Hopefully, this will provide you some insight on network agility and answer any questions you may have.
Network Agility, So what is it?

To build agility in someone’s network, you need the ability to respond to network changes in real-time, while keeping pace with the evolving needs of your business. Agile Networking adapts to changes – like a rise in traffic, or newly-deployed devices as they happen, remaining flexible, secure, and easier to manage.

For a network looking to become more “agile,” it will need these three characteristics:

    • Scale Quickly: In standard network designs, the rules and configurations demanded to expand a network are coded by hand. In agile networking, scaling becomes a more hands-off process with network templates being deployed to address the reconfiguration of existing devices, with a more logical layout.
    • Total Visibility into the Network: In your current network, data is everything to you. All data from an endpoint, network devices, including performance data, alerts and more; must be collected and stored somewhere. This data is analyzed by machine learning and artificial intelligence in the background to work out maintenance and troubleshooting.
    • No Strings Attached: Using data collected, an agile network will discover root-causes behind specific alerts and notifications, with emphasis on the appropriate steps to troubleshoot issues. Trying each step until successful, agile networks further refine and focus their abilities in fixing problems. Eventually, leaving the entire network to find and fix issues on its own, without any interruption from the added workloads or constant human intervention.

Unless your 100% certain your network was built using modern architectures and technology, then there is likely a mismatch of different devices, spanning across many vendors.

If this sounds familiar, then achieving network agility, let alone a stable network will require modification. That doesn’t have to be done in one go, in fact, we break this process into 4 proactive steps to prepare networks:

    1. Standardization sounds scary, but limiting a network with fewer than 5 vendors is easier to monitor, and more simple to manage as a network grows diverse over time. The challenge for most businesses is the cost and time, but with a strong focus on expertise, a plan is key to avoid tossing more money at drowning technology.
    2. Become strategic when growing your network, with any modifications it’s important to make sure this is a logical extension of your network, not a cobbled-together hack. The question we always ask our clients is, “Does this position the network for success in the future?” You should be moving forward with resounding decisions, for further improving the automation and less in the difficulty in managing technology every day.
    3. Document Everything: Networks change, and having the ability to review items like topology maps, device inventory, alerts, troubleshooting efforts trending becomes easier, and a managed service provider like Clare Computer Solutions documents these changes progressively, giving access to internal teams or leadership to assist in decision making analytics. These are key when proactively, managing your network infrastructure.
    4. Tight-knit Processes are based on the documentation gained and held to create your helpful process for your internal employees, while we do the heavy lifting. When our alerts trigger, your internal teams will know exactly what is going on and know that it’s being fixed.

The fact is many businesses have already begun taking steps we’ve outlined to prepare their networks for the future. If you don’t start now, then you’ll be scrambling to modify your networks, which is a big task that requires a lot of your internal manpower, where using Clare Computer Solutions we can focus your resources, for next-level efficiency. What are you waiting forTalk to the network experts today!

Phishing: Even Without a Click, Your Employees Can Assist the Bad Guys

/in /by

Employees can still assist the bad guys in compromising the overall safety of your organization. Over the years, we’ve reinforced these security ideas in our blogs and social media with the idea that clicking or interacting with these criminals only continues to broaden your vulnerability, making your risk of attack that much greater. These criminals are constantly adapting with every failed attempt. The criminals appear to have wised up again, as they have begun focusing more on getting employees to reply.

By drawing people into some form of back and forth email exchanges, employees begin unwittingly training these criminals, through what warrants a potential reply. One of the ways they learn to phish companies is by learning how your employees work. Read more

MFA multifactor authentication for SMB business bay area SFIllistraition_Final

Back 2 Basics: Prevent Data Breaches with Stronger Authentication

/1 Comment/in /by

Identity security is one of the most significant challenges that IT organizations face. An identity compromise can ruin an organization, and it is the number one attack vector for hackers. Your traditional, not so secure way to log in, consists of entering your username, and that familiar password. You know, the one you probably use […]

Read more
operating system security updates baseline

July Patch Updates: Correcting the Windows 10 Operating System’s Baseline Security

/in , /by

One of the focuses of the Windows 10 operating system was its improved security overall. While it does still dwarf it’s older versions in comparison; one aspect even your Operating System can’t fix by itself is – user behavior.

That’s right, your operating system, can only assist, guide, or require you to change your password, never focusing on its complexity. Microsoft has long stood-by their policies, that passwords should expire after so many days, to prevent compromised credentials. Having done numerous studies, when push comes to shove in most cases employees are forced to change passwords, they make a small alteration to the existing password and hit save. For many, this includes symbols and numbers tagged to the beginning or end of our credentials, to fulfill this task, before beginning our work.

In Microsoft’s latest release Feature Update #1809, they’ve updated password policies in the operating system’s including many changes to native application’s security baseline, making ALL passwords expire by force. Although this doesn’t impact password length, history, or complexity we’re moving towards much more secure environments. As many of these vulnerabilities, 77 in total related to business-line products used in our everyday working life. These won’t be the only changes, those utilizing the following Microsoft Solutions will receive security updates for two zero-day events: Internet Explorer, Microsoft Edge, Microsoft Office, Azure DevOps, .NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Microsoft Exchange Server.

Business’ and their employees should always focus on having a security-focused mindset, whether from Security Awareness Training, or just knowing what role passwords play in an attack. To sufficiently secure your data, organizations seek updated security tools to address their concerns and look towards in-house experts and close working relationships to build the latest guidance for securing employees and business data.

  • Banned Passwords
    Built to battle simple passwords, sticking with default passwords, makes it much less frustrating to hackers. By stopping employees who are using passwords like “123456” and “1Password!!” your organization can block the use of these commonly stolen credentials, making it more secure for the employees.
  • Multi-Factor Authentication
    Known by many as “MFA,” it’s grown common practice for most industries to require every employee within the organization to utilize more than one path for authentication. This company stance should be leveraged across your entire business, even if they ONLY have access to email.

By employing the use of these alternative controls, businesses can begin leveraging employees as their first line-of-defense. Begin to offset the potential for increased security vulnerabilities and risks, commonly seen today, educating your employees on proper password hygiene, length, and complexity, your business can easily meet the security needs of your customers and your employees.

Want the experts to educate your staff and assist your network hygiene efforts – give us a call today!

Close operating system exploits and vulnerabilities

Microsoft Patching Addresses 88 Vulnerabilities & Risks Found in Systems Today

/in /by

Patching can prevent many of the most-used exploits, risks, and vulnerabilities are seen in major applications, software, and even operating systems. These patches typically contain updates to your current software suite. In recent years, Microsoft has transitioned they focus from new features and updates to focusing on the vulnerability of business’ and employees utilizing the Windows Operating System.

Microsoft releases updates to address and fix 88 security risks and vulnerabilities in it’s Windows Operating Systems, specifically relating to software and applications. The most lethal of these include 4 vulnerabilities, that exploit code has already been created and distributed on the Dark Web. It’s these bugs that can affect ALL versions of Microsoft Office and trigger malicious links, including what feels like too many, as a customary security update for Adobe’s Flash Player.

Read more