Category: Security

Did You Lock the Door?

10/19/2019

LOCK YOUR DOOR.
LOCK YOUR COMPUTER.
LOCK YOUR ACCOUNTS WITH SECURE PASSWORDS.

Locking the door to our homes when we leave is something most do on autopilot. If you drive to work, you automatically lock your vehicle after arriving to your destination (I listen for the beep, and sometimes have to walk back to the car at my wife's disgust to hit that lock button one last time). Checking the physical locks in our life is easy, we don’t even think twice. But what about the digital locks, did you lock them too? Does it matter? Most definitely.

Trust me, you are not alone in the never ending frustration of trying to remember your latest passwords. Even those of us who spend our careers in the IT industry can get a bit tired of it. Which is why many people (even though they know better) often use weak passwords. We have all been guilty at one time or another. But, here is the thing: the small inconvenience of selecting secure passwords and updating them frequently is much easier to handle than a data breach. In a sobering reality check, the 2017 Verizon Data Breach Investigations Report found that 81 percent of data breaches were caused by a password hack.
Think of your passwords like a flood wall made up of sandbags. In one section the sandbags are eight feet tall and four feet deep. Yet, in another section, the wall is only five feet tall and two feet deep. Now, picture flood waters pushing with millions of pounds of pressure on the wall. Maybe the taller and thicker section holds, but then the waters find a weakness in the shorter and more narrow section. Within minutes, the sandbags are pushed aside by the raging waters and the whole neighborhood is buried in damaging flood waters. Like the weaker section of the flood wall, in your organization if even one member of your staff uses a weak password, it exposes the entire business to the risk of a data breach.
This month is National Cybersecurity Awareness Month (NCSAM), at IT Protectorate we encourage you to use this month as an opportunity to remind your team of the importance of selecting strong passwords and updating them frequently. #SecureIT and keep your company’s data safe.

TIPS FOR CREATING A STRONG PASSWORD

Avoid common passwords. Do not use "password," "qwerty," "111111," "12345678," "abc123," "password1," or any other easily guessed words/phrases for your password.
Use different character types. Most systems and applications these days require or encourage using upper and lowercase characters, numbers and symbols to create a strong password. Even if your systems don’t (we can help enhance your security settings), it is still a best practice to select a password that follows these guidelines.
Keep it unique. What happens if one app you use personally gets hacked and you used that same password on other systems, including your work accounts? I’ll give you a hint, it’s not good. Be sure to use a different password for each site and application that you use. You can record the passwords in a physical notepad if needed to remember them, but be sure to store the notepad securely and away from your computer. Seriously, if you write it down somewhere—lock it up in a safe and don’t make it obvious what the passwords are for. If someone were to find your notepad, at least send them on a fishing expedition!
Don’t make it personal. Include things like your name, birthday, child's name or other personal information in a password makes it that much easier to get hacked. These are all things hackers can find without much difficulty. Instead opt for unique words and characters that appear to be completely random.

Selecting a strong password is an important piece of your data security shield. In addition, utilizing other tools like multi-factor authentication, using secure networks and practicing privacy precautions on other connected systems (social media especially) are critical to keeping your data safe. The world of technology never stops changing, if you need some advice or want an evaluation on the security of your company, give us a call. #BeCyberSmart and protect your data.

cybersecurity_infographic.pdf
File Size:	193 kb
File Type:	pdf

Download File

BlueKeep Vulnerability, Security Measures

6/6/2019

0 Comments

At IT Protectorate, our clients’ security comes first. Security researchers have now successfully weaponized BlueKeep (CVE-2019-0708), a name for a vulnerability Microsoft Remote Desktop. We expect hackers to start launching attacks on this vulnerability soon, if they haven’t already.

Do I need more Security Measures in place?
Yes and no. Most businesses (even home users) think they are too small to be noticed. However, hackers do not discriminate. On one hand, they may target a large business with the goal of a large payout in mind. On the other, they may target thousands, even millions of PCs across the internet in an effort to use them as part of their attack vector.

So, what are some recommendations?
First and foremost, IT Protectorate recommends protecting your connection to the internet with a Next-Generation firewall. A firewall will scan and block malicious traffic before it gets to your network (or leaves it!). These are not the firewalls that you can buy at Target or Walmart, mind you.
Second, protect your servers and workstations with Antivirus. We make sure our clients under Maintenance Programs are covered with managed AV, which we monitor for alerts and keep updated.
Third, consider cyber-security awareness training. IT Protectorate offers programs purposefully designed to trick your users into giving their credentials away to would-be hackers. Once identified, training programs are provided to give end users knowledge of key indicators which help them identify malicious emails, as well as general recommended practices to avoid data breaches, loss of funds due to falsified emails requesting payments and/or banking transfers.

Finally, know your data.

What is it worth to your family or business?
Where is it stored?
How often is it backed up?
Is it backed up to more than one location?

Without the answers to these questions, it is often complicated to perceive value from the products and service you implement to keep your data safe.

Do you offer more advanced security systems?
Security software and services is a huge focus after the last several years have seen the hacking of millions of cyber-citizens’ personal and business data breached and sold on the dark web. Contact us today and we’ll assess your network and provide recommendations according to your budget. A technology road-map is helpful as it allows you to plan and budget for your technology as well as recognize the value it provides your business and its’ customers.
Shameless plug: Here are some ideas and topics you may have come across that we offer or can simply answer questions about.

Darkweb Scanning
Advanced AV and Malware Detection
- This deserves a blog post on it’s own—think beyond Antivirus, diagrams of the path malware traveled and files it, or the hacker accessed, stole, encrypted. This is full all-in-one prevention, detection, and resolution response.
Security Assessments
Next-Gen Firewalls
Secured Wireless with IPS/IDS
Security Awareness Training
Consulting time to put your mind at ease by simply answering questions or providing a small workshop over coffee.

0 Comments

Fraud Prevention Checklist

5/6/2019

0 Comments

We’re keeping it simple today. We’d like to offer a checklist that covers simple tasks or things to keep in mind that will prevent fraud at work and your home.

Use strong, unique passwords; we recommend a minimum of 8 characters. If the account has any kind of administrative, remote access, or access to secure or critical data—we recommend a minimum of 12 characters.
Use Two-factor authentication whenever possible. It’s one more step for you, but it is one of the better barriers against your account getting hacked.
Make sure your account information and profiles are up to date. This is critical as you’ll be notified at your active email or phone number when someone is attempting to reset your password.
Keep an eye on your credit reports, look for suspicious activities that weren’t initiated by you.
Be wary of clicking links from unknown sources. This includes email, all messaging apps, or even someone trying to help you (always verify the sources identity).

0 Comments

Identifying & Preventing Scam Emails

9/11/2018

Have you or a colleague become the victim of a scam email? This tactic commonly employs fishing (in IT-speak, phishing) where the end user is enticed by some reward such as the “you have an e-card from a friend,” or someone posing as your boss or CEO, even a user from another company. Often, we think that will never happen to us—but what if you are the source?

In the same manner that hackers pose as someone you know, they can also pretend to be you. Sometimes they’re able to hack into someone’s email account and wait for the right moment, such as when a transaction is about to take place. Next, they will “spoof” your email address and change the payment method. Before you know it, another user fell for a fake email from someone pretending to be you, and instead of you receiving payment—the user was directed to pay via some other method and the money ended up in the hacker’s pocket.

There are two scenarios which require multiple solutions:

You are a scam/phishing victim.
Someone is pretending to be you.

We first recommend awareness training, whereby IT Protectorate is able to simulate such emails and send them to your users. This identifies those who need training, and sometimes we are able to identify what types of tricks your users are falling for. It may be as simple as recognizing a change in the way someone speaks/types; instead of making that questionable payment, they call you or their superior first to confirm—thereby identifying the attempted attack and hopefully avoiding a loss to the business.

We are also able to check and add configuration to your email environment that reduce hacker’s ability to pretend to be you or one of your users. This prevents embarrassment and a ding to your reputation.

Finally, we want to make sure your email service provides good spam protection. Not only does this reduce the risk of your business from being a victim of phishing scams, most spam filters also prevent viruses and other malware from entering your system. Another benefit that is often are the reduced junk emails that users receive and open; with a quality spam filter, these emails never make it to the inbox, never get read, and keep you from wasting time opening or deleting it—increasing user productivity.

Did You Lock the Door?

Let's Talk Security!

BlueKeep Vulnerability, Security Measures

Fraud Prevention Checklist

Identifying & Preventing Scam Emails

Elroy

Archives

Categories