How to Protect Your Business From the Dark Web

With flu season wrapping up, and the corona virus a real threat to many businesses here in the SF Bay Area, remote work could quickly become the norm. Regardless of policy, this opens many businesses up for credential stealing hackers to strike. With many workers out this time of year, business’ find themselves wondering how they can prevent cyber attacks, and infiltration as credential stealing becomes more popular than ever before.

Being a Small business used to be known, as a hacker deterrent; unfortunately that is no longer the case. Business owners have taken notice, and many have already began enhancing their security. For many SMBs, the dark web isn’t on their radar but it should be. Read more

Business Email Compromise: How-To Avoid Joining Those Already Impacted

Business Email Compromise (BEC) now encompasses the largest threat to business. Designed to evade traditional email security, Business including gateways and spam filters, spear-phishing attacks are often sent from high-reputation domains or compromised email accounts. Attacks typically use spoofing techniques and include “zero-day” links, unlikely to be blocked by URL-protection technologies.

Better enforcing your ability to curve attacks and avoid these scams. A lot of the time, attackers impersonate the HR, IT or Finance Teams, instead of an individual. Often, requests appear from a senior executive or trusted colleague. Read more

clare computer solutions Office 365 cloud migration

Reasons Why You Should Have Already Migrated to Office 365

Enterprise IT has remained much the same although with incredible innovation, and invention, to improve on what has been made readily available to smaller organizations. Sadly, lots continue using outdated technology, underpinning the platforms and solutions that have been implemented to improve your experiences with technology. Businesses presume current platforms are good enough, staff must know how to accomplish their work. Although clunky at times, businesses no longer feel the need to change if it isn’t broken. One of the largest misconceptions is that, migrations will always be a struggle – but we both know that’s not the case.

In some cases, sticking with legacy platforms mean you’ll receive less and less support over time, eventually having to play catch-up with technology at some point. Nowadays experts like us provide businesses more productivity than ever. Utilizing the common business applications, your team has grown to love.

Office 365 has more teamwork and collaboration environments, changing the way businesses work. We’ve put together a list of top reasons moving to Office 365 for collaboration and teamwork will supercharge your teams.

Read more

Clare Computer Solutions Windows 7 Extended Support Update

Stop Dreading the Update: Windows 7 Extended Support Update Relief

On January 14th, 2020 Windows 7 will be reaching its end of supportable life. This means any business using Windows 7 on employee PCs, or Windows Server 2008 will no longer receive the security and bug patching needed when computing in today’s connected age. Rejoice in knowing Microsoft, and Clare Computer Solutions have implemented what is known as Windows 7 Extended Support Update (ESU) for several systems.

Read more

cloud computing

A Look Back in Time: The Cloud in Review

For years you’ve heard how the cloud is coming to save you, and how the landscape is demanding hybrid & private clouds more than ever. It’s time we take another look at cloud computing for businesses, and where the landscape is in comparison to when I originally published this article in 2017. See how private […]

IT Consulting made easy with Clare Computer Solutions leader in Bay Area IT Consulting

3 New Year’s Resolutions for Technology Minded Business in 2020

There is something special about flipping the calendar over to the peak of a new year. For many personally this means new years resolutions, for businesses it means fresh opportunity – a change to complete the things you missed in 2018! Like many, we’ve found businesses have a hard time considering what information technology goals they should have for the new year. Take this kick-starter for 3 New Year’s resolutions for your business to consider in the coming year. Read more

Lessons in Network Lock-down: Focusing on Business Backups First

When you’re considering the prevention of modern attacks, it’s become pretty obvious that all businesses need a strong lineup of cyber-defense tools, not just a bare bones firewall and old-fashion anti-virus. You need to protect the business first, to do this you need a solution that can withstand the continued onslaught of modern malware.

For many businesses, it’s grown crucial to remember as technology needs begin shifting, so should your cyber security around  how to lessen the risk involved in your day-to-day operations. By following the recommendations of an experienced and trusted provider, you can effectively protect your business, ensuring you stay secure.

Embrace Automated Threat Detection & Response

While being around for nearly a decade, the term ‘anti-virus’ really belongs in the consumer space. When we talk business-grade protection we utilize solutions that stop threats immediately, with automated remediation systems, so you don’t have to spend time and resources cleaning viruses or restoring data.

You need a solution that doesn’t just stop threats, but works to put time back in your day.

Read more

cloud computing

Don’t Be Left Battling Phishing Alone: Layering Your Security Approach

It’s time we admit it to ourselves, that the bad guys who draft up phishing emails to capture logins are getting much more thrifty. They have become so crafty in fact that even I could be fooled by these increasingly clever email attacks, one of them almost got me.

The Email That Almost Had Me Fooled

This email appeared from a trusted client, who we worked with for several years. The message read, that this client sent me a private message that was ready for me to read. Included was a link for me to click to take me to the message, or so one would think. The scary part of this is, it’s not unusual behavior at all. This fits the normal back and forth style of communication we have used in the past. In this instance, I didn’t check the email tool-tips, as I always recommend for people to do. Instead, I went ahead and clicked the link, opening what read as “Encrypted by Microsoft Office 365.” Asking me immediately to verify my identity by inputting my email and password. It was just about this time, I decided to review the URL and to my surprise, it was filled with an unpronounceable assortment of random numbers and letters. It was at this point, I realized this was not a Microsoft page. I stopped right then, in a moment of over-reaction, I unplug my internet connection, and run my anti-virus; they didn’t get me.

This example shows just how far employee training can go, showcasing how internal training and vigilance has been and continues to be, the foundation layer of every IT Security Strategy.

Lay & Wait Phishing

Another example I’ve seen countless times, something so subtle your anti-virus and SPAM tool wouldn’t have seen it coming. I received an email, from what appears to be a legitimate domain, asking to confirm the information on a business card they received, as their call didn’t go through. Once again, this is typical communication we all see and hear every day. What caught me off guard, is I never send anyone a digital business card, so why would they be referring to a link? I quickly hovered over to find a fishy address, one correlated to another message in my SPAM folder. The first message, from a different sender, included an email attachment asking why they are receiving the following bill.

When it comes to these phishing scenarios, a cool head, and proper training can combat the ever-evolving phishing techniques used by many today, adding further protection to improve the margin for error at your business.

3 Layers of Protection That Should Be Part of YOUR Security Strategy

Given the reality, nearly security-minded people can be fooled by these scams, employee training should always be backed by multiple layers of security, so you can ensure client data is safe.

Consider the costly ramifications and damages when a business fails regulatory compliance, letting in ransomware and losing customer trust.

  1. When I was moments away from handing over credentials to a scammer, I can still take comfort in knowing I had 2-Factor Authentication (2FA), adding a required code to my login process. For the bad guys, they would have had to gain access to my phone, the moment the key was sent to me, otherwise logging in is useless. I prefer the functionality of Duo 2FA, it’s simple for users, making it an easy to use app, for employees or clients to login. Providing a barrier that can defend against the vast majority of attacks.

  2. Demonstrable protection for device security is essential for protecting and securing your business data. If data remains and attacks that infiltrate systems can still be thwarted, and breaches averted. Showcasing things like forensics on how, and where the attack started. How they were able to penetrate your other defenses, through recording of log files we shorten the time it would take to restore all data.

  3. Finally, the most important of the three layers. We need something with the ability to endure successful attacks and recover quickly from such a disaster. This means having a data backup system in place that’s both robust, 100% trustworthy, designed to specifically maintain your business continuity. For your data backup to have value, data should be restorable with minimal downtime, with the ability to isolate and immune other devices from falling prey to these attacks. In those worst-case scenarios, where production data is corrupted or systems are locked by ransomware, the ability to simply replace data from a backup, empowers you to take victory over the attackers. We’ve found immense reliability, and when these scenarios occur you will want a backup solution to simply work, it might not make you 100 percent bulletproof, but your ability to recover data with haste will be.

While we understand the reality, mistakes will happen, click on phishing emails or compromising security can leave you, and your customers scrambling and outraged. Take a stance against cyber-attacks, knowing your Managed IT Support has your back, with layers of security to ensure no harm can be done.

Call us today to begin talking about what approach to security, would be the best fit for your business.

Purelocker

Built to Dodge Your Detection: Could This Be the First ‘Smart Malware’

Cybercriminals have done it again, they’ve developed ransomware that can now be ported to ALL MAJOR operating systems including, Windows, Linux, and MacOS. These attacks come targeted against your data servers. The name for this is PureLocker, a snaky nod to the programming language it’s been written in Pure Basic.

Carefully designed to evade detection, hiding malicious behavior in sandbox environments, using only functions seen in music playback. Reports have flown in that this malware can check if it’s in a ‘debugger’ environment, it will exit immediately deleting and hiding the payload from execution.

This has enabled PureLocker malware to stay hidden from many of the industry’s leading detection devices for up to several months. Many attacks will be launched on servers, laying aim to holding you hostage and only returning full-operation, after the ransom has been paid. Typically, these are seen by many as ‘high-value assets’ making these payment demands, suddenly sky-rocket. It should be noted, several of these examples had code to remove ALL DATA if the ransom was not paid within 7 days.

After doing some internet sleuthing, we uncovered several of these ransomware campaigns on the Dark Web, being offered to many as ‘Attacks-as-a- Service.’ Although cybercriminal operations and groups are on the rise, this bespoke attack is now being poised for use in phishing emails.

Don’t Be Fooled

These attacks mean business and are designed for criminals who know exactly how to hit organizations where it can hurt. Although uncertain how exactly its payload is delivered to businesses at this time, we know it operates with multi-staged attacks, further muddying the ability to rollback servers and systems from a single recovery point.

Those infected with the malware will see the normal signs of an attack, a ransom note with an email to begin communicating the negotiation of a fee to decrypt your files. BE WARNED: you will only have 7 days to pay the ransom, or all files will become uncoverable.

Concerned About the Health of Your Security Infrastructure?
We can help, with experts looking to provide your business, and employees with peace-of-mind knowing your data, and company reputation is protected. Bring constant visibility and threat reporting to your team, with NetCentral Secure from Clare Computer Solutions – Call us today to begin discussing your options.

10 Scary Tech Support Lessons Sure to Spook This Year

We take pride in continuing to educate our clients on the trials and tribulations seen in business technology today. The following images aren’t from our clients, but they are real-world examples of the tech support challenges many businesses face today, some completely unknowingly. No matter the issue, we always go to bat for our clients, focusing on correcting any technical support issues we uncover, and sometimes that includes educating businesses and solving their problems

Sometimes, there are problems so bad, you wouldn’t want to deal with them. So, instead of filling your inboxes with ghosts, ghouls, or pumpkins, we’ve rounded up 10 examples from the r/techsupportgore subreddit that is sure to send a painful wince or a shiver down your spine:

1. Enjoy this ‘updated’ network diagram!

Read more