On January 14th, 2020 Windows 7 will be reaching its end of supportable life. This means any business using Windows 7 on employee PCs, or Windows Server 2008 will no longer receive the security and bug patching needed when computing in today’s connected age. Rejoice in knowing Microsoft, and Clare Computer Solutions have implemented what is known as Windows 7 Extended Support Update (ESU) for several systems.
Enterprise IT has remained much the same although with incredible innovation, and invention, to improve on what has been made readily available to smaller organizations. Sadly, lots continue using outdated technology, underpinning the platforms and solutions that have been implemented to improve your experiences with technology. Businesses presume current platforms are good enough, staff must know how to accomplish their work. Although clunky at times, businesses no longer feel the need to change if it isn’t broken. One of the largest misconceptions is that, migrations will always be a struggle – but we both know that’s not the case.
Although understandable, sticking with legacy platforms mean you’ll receive less and less support over time, eventually having to catch up anyway with technology. Nowadays experts like us provide businesses more productivity then ever. Discover how Clare Computer Solutions can make your migration a breeze. Read more
For years you’ve heard how the cloud is coming to save you, and how the landscape is demanding hybrid & private clouds more than ever. It’s time we take another look at cloud computing for businesses, and where the landscape is in comparison to when I originally published this article in 2017. See how private […]
There is something special about flipping the calendar over to the peak of a new year. For many personally this means new years resolutions, for businesses it means fresh opportunity – a change to complete the things you missed in 2018! Like many, we’ve found businesses have a hard time considering what information technology goals they should have for the new year. Take this kick-starter for 3 New Year’s resolutions for your business to consider in the coming year. Read more
When you’re considering the prevention of modern attacks, it’s become pretty obvious that all businesses need a strong lineup of cyber-defense tools, not just a bare bones firewall and old-fashion anti-virus. You need to protect the business first, to do this you need a solution that can withstand the continued onslaught of modern malware.
For many businesses, it’s grown crucial to remember as technology needs begin shifting, so should your cyber security around how to lessen the risk involved in your day-to-day operations. By following the recommendations of an experienced and trusted provider, you can effectively protect your business, ensuring you stay secure.
Embrace Automated Threat Detection & Response
While being around for nearly a decade, the term ‘anti-virus’ really belongs in the consumer space. When we talk business-grade protection we utilize solutions that stop threats immediately, with automated remediation systems, so you don’t have to spend time and resources cleaning viruses or restoring data.
You need a solution that doesn’t just stop threats, but works to put time back in your day.
It’s time we admit it to ourselves, that the bad guys who draft up phishing emails to capture logins are getting much more thrifty. They have become so crafty in fact that even I could be fooled by these increasingly clever email attacks, one of them almost got me.
The Email That Almost Had Me Fooled
This email appeared from a trusted client, who we worked with for several years. The message read, that this client sent me a private message that was ready for me to read. Included was a link for me to click to take me to the message, or so one would think. The scary part of this is, it’s not unusual behavior at all. This fits the normal back and forth style of communication we have used in the past. In this instance, I didn’t check the email tool-tips, as I always recommend for people to do. Instead, I went ahead and clicked the link, opening what read as “Encrypted by Microsoft Office 365.” Asking me immediately to verify my identity by inputting my email and password. It was just about this time, I decided to review the URL and to my surprise, it was filled with an unpronounceable assortment of random numbers and letters. It was at this point, I realized this was not a Microsoft page. I stopped right then, in a moment of over-reaction, I unplug my internet connection, and run my anti-virus; they didn’t get me.
This example shows just how far employee training can go, showcasing how internal training and vigilance has been and continues to be, the foundation layer of every IT Security Strategy.
Lay & Wait Phishing
Another example I’ve seen countless times, something so subtle your anti-virus and SPAM tool wouldn’t have seen it coming. I received an email, from what appears to be a legitimate domain, asking to confirm the information on a business card they received, as their call didn’t go through. Once again, this is typical communication we all see and hear every day. What caught me off guard, is I never send anyone a digital business card, so why would they be referring to a link? I quickly hovered over to find a fishy address, one correlated to another message in my SPAM folder. The first message, from a different sender, included an email attachment asking why they are receiving the following bill.
When it comes to these phishing scenarios, a cool head, and proper training can combat the ever-evolving phishing techniques used by many today, adding further protection to improve the margin for error at your business.
3 Layers of Protection That Should Be Part of YOUR Security Strategy
Given the reality, nearly security-minded people can be fooled by these scams, employee training should always be backed by multiple layers of security, so you can ensure client data is safe.
Consider the costly ramifications and damages when a business fails regulatory compliance, letting in ransomware and losing customer trust.
- When I was moments away from handing over credentials to a scammer, I can still take comfort in knowing I had 2-Factor Authentication (2FA), adding a required code to my login process. For the bad guys, they would have had to gain access to my phone, the moment the key was sent to me, otherwise logging in is useless. I prefer the functionality of Duo 2FA, it’s simple for users, making it an easy to use app, for employees or clients to login. Providing a barrier that can defend against the vast majority of attacks.
- Demonstrable protection for device security is essential for protecting and securing your business data. If data remains and attacks that infiltrate systems can still be thwarted, and breaches averted. Showcasing things like forensics on how, and where the attack started. How they were able to penetrate your other defenses, through recording of log files we shorten the time it would take to restore all data.
- Finally, the most important of the three layers. We need something with the ability to endure successful attacks and recover quickly from such a disaster. This means having a data backup system in place that’s both robust, 100% trustworthy, designed to specifically maintain your business continuity. For your data backup to have value, data should be restorable with minimal downtime, with the ability to isolate and immune other devices from falling prey to these attacks. In those worst-case scenarios, where production data is corrupted or systems are locked by ransomware, the ability to simply replace data from a backup, empowers you to take victory over the attackers. We’ve found immense reliability, and when these scenarios occur you will want a backup solution to simply work, it might not make you 100 percent bulletproof, but your ability to recover data with haste will be.
While we understand the reality, mistakes will happen, click on phishing emails or compromising security can leave you, and your customers scrambling and outraged. Take a stance against cyber-attacks, knowing your Managed IT Support has your back, with layers of security to ensure no harm can be done.
Call us today to begin talking about what approach to security, would be the best fit for your business.
Cybercriminals have done it again, they’ve developed ransomware that can now be ported to ALL MAJOR operating systems including, Windows, Linux, and MacOS. These attacks come targeted against your data servers. The name for this is PureLocker, a snaky nod to the programming language it’s been written in Pure Basic.
Carefully designed to evade detection, hiding malicious behavior in sandbox environments, using only functions seen in music playback. Reports have flown in that this malware can check if it’s in a ‘debugger’ environment, it will exit immediately deleting and hiding the payload from execution.
This has enabled PureLocker malware to stay hidden from many of the industry’s leading detection devices for up to several months. Many attacks will be launched on servers, laying aim to holding you hostage and only returning full-operation, after the ransom has been paid. Typically, these are seen by many as ‘high-value assets’ making these payment demands, suddenly sky-rocket. It should be noted, several of these examples had code to remove ALL DATA if the ransom was not paid within 7 days.
After doing some internet sleuthing, we uncovered several of these ransomware campaigns on the Dark Web, being offered to many as ‘Attacks-as-a- Service.’ Although cybercriminal operations and groups are on the rise, this bespoke attack is now being poised for use in phishing emails.
Don’t Be Fooled
These attacks mean business and are designed for criminals who know exactly how to hit organizations where it can hurt. Although uncertain how exactly its payload is delivered to businesses at this time, we know it operates with multi-staged attacks, further muddying the ability to rollback servers and systems from a single recovery point.
Those infected with the malware will see the normal signs of an attack, a ransom note with an email to begin communicating the negotiation of a fee to decrypt your files. BE WARNED: you will only have 7 days to pay the ransom, or all files will become uncoverable.
Concerned About the Health of Your Security Infrastructure?
We can help, with experts looking to provide your business, and employees with peace-of-mind knowing your data, and company reputation is protected. Bring constant visibility and threat reporting to your team, with NetCentral Secure from Clare Computer Solutions – Call us today to begin discussing your options.
We take pride in continuing to educate our clients on the trials and tribulations seen in business technology today. The following images aren’t from our clients, but they are real-world examples of the tech support challenges many businesses face today, some completely unknowingly. No matter the issue, we always go to bat for our clients, focusing on correcting any technical support issues we uncover, and sometimes that includes educating businesses and solving their problems
Sometimes, there are problems so bad, you wouldn’t want to deal with them. So, instead of filling your inboxes with ghosts, ghouls, or pumpkins, we’ve rounded up 10 examples from the r/techsupportgore subreddit that is sure to send a painful wince or a shiver down your spine:
1. Enjoy this ‘updated’ network diagram!
While a tiny fraction of attacks relies on exploit kits and known software vulnerabilities to compromise systems, the vast majority of campaigns, 99%, require some level of human input to execute. These interactions can also enable macros, so malicious code can be run.
Sometimes it seems easy to blame users for falling victim to phishing attacks, but campaigns are becoming increasingly sophisticated. It’s often difficult to distinguish a malicious email from a regular one because attackers will tailor attacks to look as if they come from a trusted source, such as cloud service providers like Microsoft or Google, colleagues, or even the boss.
Social engineering is the key element in mimicking your routines as a business and ensuring their best-chances of success. If a user might be suspicious of ANY email, claiming to be from a colleague arriving at 10:00 PM your time, instead your working hours are when these campaigns hit, creating spoofs of legitimate emails, from well-known brands with the hopes of you interacting with it, and set off an attack.
No Geek Speak
Let’s get real for a moment here – phishing is one of the cheapest, easiest cyberattacks for criminals to learn, buy, and deploy. Just a few weeks ago, the FBI noted that Business Email Compromises are the leading attack vectors. The reason it continues to remain at the height of its potential is due to the large volume of interaction they receive. Put simply, phishing works and it can be difficult for many to implore the proper expertise when securing email systems and policies.
Although many attacks are designed to look legit, there are still ways to identify what could be a malware attack, just under your nose. If in doubt, contact the “supposed” sender of the sender to test its legitimacy. It’s worth noting that cloud providers like Microsoft, Amazon, and Google won’t ask you to click through weird looking links/URLs that ask for credentials. If one of your colleagues or yourself find something that appears suspicious, just close the email and go directly to a browser. Make sure you go directly to their website and login to check any alerts or notifications in online portals, not through email links.
Phishing by the Numbers
- 74% of respondents say email attacks are having a major impact on their businesses. The most common effects cited were loss of employee productivity, downtime and business disruption, and damage to the reputation of the IT team.
- 78% of organizations say the cost of email breaches is increasing.
- Spear phishing is becoming more widespread: 43% of organizations have been the victim of a spear-phishing attack in the past 12 months.
- More than three-quarters of organizations say their employees aren’t good at spotting suspicious emails.
- 66% claimed that cyber-attacks have had a direct monetary cost on their organization in the past year. Nearly a quarter of respondents advised that attacks have cost their organization $100,000 or more.
- 92% of Office 365 users have security concerns.
- 79% of IT professionals said they are worried about attacks and breaches stemming from inside the organization.
- 94% of organizations say employees are reporting suspicious emails to IT on a daily basis, but 58% say most emails reported to IT aren’t fraudulent.
It’s our responsibility, as the Bay Area’s #1 Managed Service Provider, that we ensure software updates, and security patches are applied regularly, in the case of someone clicking a link, malware can’t rely on any known vulnerabilities. Cybersecurity and technology are going to continue leading the changes, found in today’s business climate. Talk to a Clare Computer Solutions, expert today for a no-obligation meeting, to find out where you stand in today’s cyber-climate.
In 2000, the FBI created the IC3, known as the Internet Crime Complaint Center was first developed to handle singular fraud cases, until 2003 when the expansion of this department became unignorable. As of late, the cyber climate began growing at a rapid pace, so to aid in safer business computing, the FBI utilizes this division to receive complaints regarding any cybercrimes or fraud dealing with intellectual property, business data, client information, or employee contact information.
FBI’s Internet Crime Complaint (IC3) reports updated numbers, with Business Email Compromise(BEC) scams, known for CEO fraud are continuing to grow year over year. With over 100% increase in identifiable losses between May 2018 and July 2019. Since releasing their last report in June 2016, the IC3 received complaints regarding 166,349 domestic or international incidents – that is too many people falling for CEO fraud. It gets worse, with a total of $26 billion being stolen from 2016 – 2019. These findings are starting for any growing business, as criminals prey on Personal Identifiable Information or Wage & Tax Statements.
What’s the scam behind the Billions lost?
Although business email compromise scams have grown, there is a heightened awareness regarding this style of fraud schemes. Making this scam the most reported scheme from victims all over the world, making up the estimated $26 billion loss. Obviously, the U.S. is hit hard, but so are 177 other countries, across 140 banking institutions. Forcing small business owners, to begin acting on proactive methods of protection, and reactive measures for employees and technology.
Defensive Measures Against Business Email Compromises:
- Use two-factor authentication or multi-factor Authentication to verify requests regarding changes in account information.
- Always check URLs in email links, to double-check the business is who it claims to be.
- Be aware of purposefully misspelled links to suspicious domain names.
- Do NOT supply logins or Personal Identification Information through email.
- Monitor your personal accounts on a regular basis, like a missing scheduled deposit.
- Keep software patches on ALL systems, applying any possible feature updates.
- Always check the sender’s email address to the company, they claim to be from. In most cases, domains should be the same.
- Ensure email extension settings are setup, according to your company policy, to address the 2nd largest attack vector.
To make sure your employees don’t fall victim to Business Email Compromises, many businesses have implemented more strict processes to double-check/authenticate information regarding payment processing, HR, or Tax Information. using familiar methods. Not sure where you Stand? Need more direction? Cyber Security is a multi-layered approach, designed to uniquely target threat-vectors in a proactive attempt to shore-up any defenses that could easily be breached.
Leave Worrying About Hackers to the Experts
Clare Computer Solutions has provided clients with IT consulting, and Managed Services in the Bay Area since 1990. Security isn’t a one-and-done approach – get the right fit security for your business.
Our support is available 24x7: (925) 277 0690
- Monday-Friday: 8 AM to 5 PM
- Saturday-Sunday: After-hours Support