The Scary Interwebs: Top Cyber Security Threats in 2019

Big plans for Halloween this year?

The October 31st holiday is an annual pilgrimage to the Altar of the Sweet Tooth for the kids. For adults, on the other hand, the celebration is closer to a fetishization of all things horrifyingly scary.

If you’re a small business owner, or an executive tasked with keeping your company’s digital infrastructure and business data safe, however, you might be forgiven for wanting to skip the terror-fest this year. Why? Because the number and variety of cyber threats just keeps increasing exponentially, year after year, making every day Halloween.

A few obligatory frightful statistics to ponder:

  • A hacker attack on an internet-connected computer or device occurs every 39 seconds.
  • Depending on who you ask, anywhere between 43% and 50% of cyber attacks target small businesses specifically. Oh, and small business typically invest less than $500 on cyber security.
  • Despite the prevalence of cyber crimes and the attention they receive, only about 10% are actually reported – meaning that the statistics above and below may represent the low end of the possible threat spectrum.
  • Some off-the-shelf hacking tool kits are available for purchase for as little as $1.
  • Roughly three out of four organizations lack even a basic cyber security incident response plan.
  • A data breach can often go nearly six months before being detected – and this is true for your financial institutions (Capital One), credit monitoring agencies (Equifax) and even the big boys in tech (Facebook).

What new and potentially devastating cyber threat trends emerged in 2019? Let’s take a look.

Cloud Computing Infrastructure Exploitation

Over the last several years, cloud data storage has become big business, and a popular method of managing your company data. However, non-secure sign-up processes, ease of use and low costs make cloud providers targets for all sorts of nefarious actors.

“Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers.” – TechGenix

Mobile Fraud

As more and more financial transactions are being initiated on mobile devices, cybercriminals have shifted their exploits to the apps supporting e-commerce.

“Today, mobile fraud is outpacing web fraud. More than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.” – RSA White Paper

Blockchain Privacy Poisoning

Just last year, blockchain technology was being hailed as the most secure method of encryption. How quickly things change.

Hackers have found a way to turn legislation aimed at protecting online consumers – GDPR – into an exploitation through what’s now being called “privacy poisoning.”

“The term […] refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR). According to the GDPR, all individuals have ‘the right to be forgotten,’ so you can immediately see why blockchain technology represents such a problem: by their very nature, blockchains are meant to be completely unchangeable and immutable. So this naturally creates a paradox for organizations: you have personal data ‘on chain’ that cannot be altered, and you simultaneously have the right of individuals to change, alter or delete their data at any time. Personal information cannot be deleted without compromising the chain.” – CPO Magazine

Software Supply Chain Attacks

Not only are hackers targeting cloud networks and mobile banking apps, they’re also going after the source code via software supply chain attacks.

“Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.” – Microsoft 

DDoS

Distributed denial of service (DDoS) attacks – flooding a targeted website with an overwhelming amount of traffic – are nothing new. In fact, it’s one of the oldest methods of carrying out cyber warfare.

DDoS attacks were on the decline as recently as 2018. But that trend appears to be over, as Kaspersky Lab notes:

“Last year the number of DDoS attacks was constantly falling, leading Kaspersky Lab experts to assume that cybercriminals who had been conducting DDoS attacks for financial gain had shifted their attention to other sources of income (such as crypto-mining). However, statistics for Q1 2019 contradict this trend and show that the number of DDoS attacks blocked by Kaspersky DDoS Protection has actually grown by a staggering 84%, when compared to Q4 2018. This figure could indicate that such attacks were still in demand, despite being inaccessible when popular DDoS marketplaces were taken down. Once new DDoS-for-Hire websites launched, the number of attacks grew exponentially as a result.”

Beacon Knows Cyber Security

Want to make sure your business is protected from the latest hacker exploits? Beacon is here to help. Give us a call today.

By | 2019-10-24T08:43:03+00:00 October 24th, 2019|Computer Related, IT Services|

Client Spotlight: Graham Personnel Services

How do BITS customers really feel about the job we do for them? We’re sure that almost every business asks itself a variation of the same question. After all, being successful is all about maintaining relationships.

Here, at BITS, we really wanted to know the answer. So, we decided to take the radical step of, you know, actually talking to our clients about how our services impact them.

Inaugural Client Spotlight

This month, we had the pleasure of speaking with Dace Hennessee, General Manager of Graham Personnel Services. Dace was extremely welcoming and forthcoming about his company’s reliance on the IT expertise provided by BITS.

So, what stands out about BITS services to Dace?

“Beacon is a local company. Graham Personnel is a local company. I think that’s a good match. We like to support locally owned Triad companies.”

That answer is more than just a preference for doing business with a neighbor, however. It’s about quality and reliability. And, knowing that if the owner’s computer is experiencing an issue, it will be fixed as fast as humanly possible. (In this case, we did our thing and it was back to normal within the hour.)

In managed IT services, the speed with which a glitch is resolved can mean a difference of thousands of dollars. After all, if his computers are down, Dace isn’t placing too many people on work assignments.

And that can be a major concern if, let’s say, you’re moving your entire operation to a new location.

“The Move” 

One of the biggest projects BITS managed for Graham Personnel Services was transitioning the company’s IT infrastructure to new offices on Gallimore Diary Road. In addition to it’s 30+ employees, GPS also houses multiple classrooms with dozens of computer stations where applicants are screened for various skills.

“Two years ago, we switched everything from one location to another location. I think we were down for 30 minutes,” says Dace. “We were up and functional by 8:30 [a.m.]”

The BITS team handled all the planning, logistics and execution for the job, seamlessly transitioning employee work stations, classroom computers, company servers and presentation equipment to their new homes.

“A lot of that was planning. It was getting involved early,” observes Kevin Lackey, BITS Account Executive who was involved in the project. “Having that vision on the front side, knowing what the expectation was, and being involved so early really helped us. Because we knew: this is what he’s asking.”

What Else Does BITS do for GPS?

In addition to helping with the occasional monumental move, BITS provides all end-user support for GPS’ employee work stations. In plain language, we are Graham Personnel’s external IT team. Everything from managing software updates to helping recover lost passwords is managed by the BITS help desk.

We also help Dace keep an eye on equipment performance, recommending updates when necessary and managing the procurement process.

Last, but definitely not least, BITS also manages firewall and backup functions for the GPS website, keeping digital assets secure and functioning at 100%.

About Graham Personnel Services

Graham Personnel Services has a 50-year history of successfully placing job seekers in the Triad area with businesses, large or small, in the distribution, manufacturing, professional and healthcare sectors. Over the years, the company has developed expertise and earned recognition in helping Fortune 500 companies and small businesses in Greensboro and the surrounding communities fulfill their staffing needs.

During any given week, there are anywhere between 700 and 1,200 associates placed on assignments with Graham Personnel clients. The firm takes pride in its commitment to customer satisfaction and strives to be the local leader in recruiting.

Client Profile

Name: Graham Personnel Services

Size: 30+ employees

Industry: Staffing

Location: Greensboro, NC

BITS Services: end-user support (managed IT), firewall, backup

By | 2019-06-26T07:46:42+00:00 June 25th, 2019|System Administration, Computer Related, IT Services|

Employee Security Training: Your IT New Year Resolution

Happy New Year! What are you looking to do better in 2019?

The turn of the calendar tends to bring with it thoughts of personal growth and improvement.  But, for many business owners – their identity being tied directly to their enterprises – New Year’s resolutions often translate to things they can do better for their companies.

So, let’s restate the above question: What are you looking to do better for your business in 2019?

If you’re open to it, allow us to offer a suggestion: if you haven’t made cyber security a part of your company culture, make cyber security training for your employees a priority this year. Why? Because you’ll be shoring up the weakest part of your network defenses.

The Case for Initiating Security Training for Your Employees

It’s not a secret that employees are the weakest link in any organization’s security efforts. That doesn’t mean that your staff is going out of their way to jeopardize your network. They’re just either unaware of which actions leave the company vulnerable, unsure of what to do if they do encounter a potentially threatening situation, or simply don’t assign a great deal of importance to security concerns (this is sometimes called the “it’s the IT guy’s problem” syndrome).

In most cases, though, you really can’t blame the rank-and-file. Think about this:

  • 65% of companies have over 500 employees who are never prompted to change their passwords
  • 52% of business leaders don’t know what to do if cyber security is breached
  • 45% of employees don’t receive cyber security training at all
  • Microsoft Office applications (Word, Excel, etc) account for 38% of malicious file extensions
  • 91% of cyber attacks begin with a phishing email

What are these statistics telling us? First, that workers are routinely targeted – and via the communication methods (email) and business applications they rely on the most (Microsoft Office). Secondly, if/when things go wrong, management typically doesn’t empower employees to help in warding off the threats, and often has no plan of action.

Let’s take a look at a few more statistics:

  • cyber crime is expected to cause $6 trillion in damages by 2021
  • 61% of breach victims in 2017 were companies with less than 1,000 employees
  • average cost of malware attack is $2.4 million

If you’re a small business, a multi-million dollar mistake is hard to recover from. Encouraging your team to become more discerning digital users and an active part of your data security efforts is, simply put, the smart move. The best way to do that is with an active cyber security training program.

What Does Security Training Entail?

Education can cure a lot of ills. This is absolutely the case with cyber security concerns. But before you can teach, you much know where your subjects stand.

As such, the first part of training focuses on identifying what your trainees know and don’t know. At Beacon, we initiate our cyber security training program with real-world examples of cyber exploits. This is accomplished with a computerized test, where employees are asked to complete a few simple tasks, such as opening an email with an attachment.

The test serves two purposes. First, it exposes people to real life attack methods that they are likely to encounter. Secondly, it identifies the types of exploits to which your team is most vulnerable.

Once you know which types of tricks are most likely to work on your team members, you can arm them with the skills to shore up their vulnerabilities. That’s the second part of the training – teaching how to recognize when something is amiss and how to counter a suspected attack.

The training portion should be tailored to each employee, based on the results of their assessments. Focus on what they don’t know. You don’t want to waste anybody’s time going over concepts they already know well. Your team is more likely to retain information they find valuable and/or interesting – so, teaching them stuff they know is counterproductive. Each employee’s training should cover the exploits they did not handle well during the assessment.

At the end of training, be sure to remind your team of how valuable their contributions to network security are.

Beacon Knows Security Training

Want some professional help with your employee security training? BITS is here to help. We’re more than happy to get your team up to speed on the latest cyber threats.

By | 2019-03-19T11:58:00+00:00 January 28th, 2019|Computer Related, BITS News, IT Services|

What is Blockchain… And So What?

Let’s be honest… blockchain is a confusing concept. Even for people who understand exactly how blockchain technology works, providing an easy to understand explanation is challenging.

There are a couple of reasons for this. First, blockchain is relatively new tech, and new tech always takes a little while to sink into the public consciousness. We didn’t really know what the internet was for, or how transformative of a force it could be, back in the 90s. Mostly, because we didn’t understand how it could be applied.

Secondly, the technology itself – blockchain – is closely associated with its application – a cryptocurrency called Bitcoin. But they are not the same thing. The sometimes-negative association with Bitcoin specifically, or cryptocurrencies generally, tends to muddy the waters for many.

Before we confuse you further and tell you more about what blockchain isn’t, let’s outline what it actually is. There are three important elements of blockchain technology:

  1. large, peer-to-peer network of computers dedicated to processing and recording digital activity
  2. decentralized database of all recorded activity called a Distributed Ledger (there are several key aspects to this, including “decentralized” and “all recorded activity”)
  3. encryption

It’s definitely more complicated than that. There’s a lot that’s packed into the application of these three concepts. But, boiled down, blockchain combines these elements to provide a secure platform that allows any two parties to engage on the web without the need for a third-party authenticator. Blockchain cuts out the need for a middleman in any digital interaction (including financial transactions) by providing a peer-to-peer network that’s safe, trusted and transparent.

The first intended application of blockchain technology – Bitcoin – was financial in nature. The creator/creators set out to develop an entirely new currency – one that is not reliant on or backed by any government. But, it’s the system that was developed to enable a digitally-based currency that may be end up being much more transformative.

“The blockchain is an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value,” say Don and Alex Tapscott, authors of the 2016 book Blockchain Revolution.

If it sounds like there could be thousands of applications for blockchain technology, you (and a few dozen million people) are probably on to something.

Blockchain Application in IT & Data Security

So, can blockchain disrupt the IT and data security industries? It sure seems to have the potential to do so. In fact, it may already be doing so.

The following attributes and capabilities make the blockchain particularly appealing to data security professionals:

  • Decentralized and unhackable
  • Encryption and validation
  • Public or private

The data that’s stored on a blockchain doesn’t reside on any one computer (or, node) – it is distributed across all the nodes on a blockchain network. Once a record is added to a blockchain database, it is encrypted and cannot be accessed or altered unless the user provides the correct access key. This makes a blockchain pretty much impervious to hacking.

Because there’s no centralized location for the data, hackers would need to gain access to more than 50% of the network nodes in order to access or overwrite a saved record. Depending on the size of the network, that proposition falls somewhere between extremely unlikely to darn-near impossible.

Further, while blockchain was initially created to enable anonymity in a very public setting, a private blockchain network that restricts access to just a few users can easily be created.

All of this means that blockchain technology is highly amenable to the data security needs of businesses, large and small.

Beacon Knows Data Security

Not sure if you’re doing enough to protect your sensitive business data? BITS can help. A free audit of your network by our security experts can help put your mind at ease. Request one today.

For a deeper understanding of blockchain technology, check out additional information here, here and here.

By | 2018-11-29T09:21:50+00:00 November 27th, 2018|Computer Related, IT Services|

How Often Should Your Company Replace Its Computers

To say technology is a critical component in any small business today would be an understatement. However, there is an age-old question, “When should my company update its computer systems?” We all know the struggles we face using a computer that just isn’t quite up to snuff. We are all painfully aware of the early warning signs when a computer is on its way out. There is trouble running our favorite web browser, web pages load a bit slower and excel documents freeze up and crash altogether. We understand that as a small business you need to strike a balance between productivity while maintaining a budget. So, how can you tell when your company should look into replacing its computers?

First, let’s take a glance at the average lifespan of a computer.

It is important to draw a distinction between Business PCs and Consumer PCs. Consumer computers are built to be specifically priced for consumer outlets and use. The inner workings that make up the Consumer PCs are usually purchased from the lowest priced supplier with little to no emphasis on quality or reliability. Cheaper components cause instability, reliability concerns, and overall poor performance. Depending on the strain and demands on your Consumer grade PCs you can expect roughly a 2-3 year life expectancy.

Key takeaway: If your company is using Consumer grade PCs then you can expect around a 2-3 year life expectancy with a 1-year warranty on average.

Now let’s talk about Business Class. In general, these Business Class PCs are built to order. However, there are pre-built models that make use of common configurations. These types of computers have reliable components that are built to perform better and handle common business tasks. In addition, these types of computers have a more extensive warranty that ensures parts are quickly and easily replaced.

Key takeaway: Business class computers also outperform Consumer PCs and have a longer life expectancy. These computers have an average life span of 3-5 years with a much longer warranty on average.

Depending on the class of computer your company has will determine when you will need to replace your computers.

Early Warning Signs a Computer Is Failing

• Performance tapers off as new software or apps are added – all functions begin to slow down

• Issues with updating or installing the latest operating system

• Trouble or issues with running needed software apps

Generally, as computers age and as new software is installed on the systems it will gradually require more resources to run it properly. This will begin to have an impact on overall PC performance and slow down other various functions as well.

So to bring it around when do you purchase new computers for your company? If you have Business Class PCs you will want to replace them every 3 – 5 years as a rule of thumb. Additionally, we recommend reviewing program requirements to balance both productivity and costs. At a minimum when it comes to purchasing a new Business Class PC we recommend these basic specs:

• Intel i5

• 8G Ram

• Solid State hybrid or Solid State Drive

The Bottom Line When It Comes To Replacing Computers

Whether hardware failure or software obsolescence, eventually you will have to replace your company’s computers. Computer upgrades and improvements mean people in your company will spend less time doing more mundane tasks and more time on important activities. If your computer systems are currently 5 years or older it’s time for an upgrade.

By | 2017-05-30T10:59:59+00:00 April 4th, 2017|Computer Related|

BITS Blog – A Technical Blog for the Non-Technical

Welcome to the Beacon IT Services (BITS) blog.  My name is Ryan Bowles, Account Executive for BITS. This blog is intended to be a resource for small/medium sized businesses to help better take control of their IT.  You will notice that my title does not include any words like Network, Systems, Engineer, or Administrator (even though we have plenty of people here that do!). Although I do consider myself an IT Professional, my expertise comes from understanding how IT relates to a business and what can be done to ensure that technology is an asset to a business and not a burden.  This blog won’t be about speeds, feeds, and technical specs (although we will sprinkle in some technical “how to” blogs by the above mentioned specialists from time to time).  Rather, the majority of posts here will be directed towards the small business owners and managers. The goal being to help you better understand technology and how it relates to your business by answering questions that most companies have (or should have) about what to do with their IT.  Ever wonder when you should upgrade your PCs? How about determining if you should replace your old server or move to the cloud?  What is a firewall and do I need one?  These are the types of questions I will be helping to answer.  So as we move forward please share this post and continue to check back to catch up on all the Tips, Tricks, and How To’s of small business technology.

BITS is an IT services company located in Greensboro NC, dedicated to helping our clients improve business productivity.  We do this by offering a range of IT services, leveraging a team of experts to proactively manage our clients IT and ensure that technology is a consistent and reliable asset to their business.

 

By | 2017-03-21T13:43:56+00:00 February 29th, 2016|Computer Related, BITS News, IT Services|

3 reasons to give Microsoft’s newest browser more than just a second look…

EdgeIf you’re one of the many people that’s already made the switch to Windows 10, you’ve probably already gotten over your initial curiosity of Microsoft’s newest operating system. You might have even double clicked on the iconic blue E, surfed the web for a bit and then went back to your browser of choice. But what most people haven’t noticed is that blue e may not stand for Internet Explorer. It could be Microsoft’s new browser, Edge. It definitely deserves a second look and here are the 3 reasons why…

1. It will have Extensions

Although delayed from its original release in November, this overdue feature will help close the gap with Chrome and Firefox. It is definitely something to look forward to in 2016.

2. It’s fast

Compared to versions of IE, Edge is unrecognizable. And although back and forth testing with chrome hasn’t yielded a final winner just yet, the fact that a Microsoft browser is even in the running for the top spot is enough to make you do a double take.

3. It’s clean

Internet Explorer has been known for its clutter from the tool bar to seemingly every available option staring you in the face. Edge has changed all that with a clean but functional toolbar that hides all the controls and settings that distracted you from what’s most important, the page itself.

There are many more exciting features built into Edge such as Cortana, an integrated digital assistant, Reading List and Reading View which lets you read articles without the distractions of ads. It also features Tab Preview which drops down a small preview window of the tab when the mouse cursor is hovered over it.

It’s always exciting to see a software company like Microsoft listening to its customers and with its new Browser. It’s off to a great start with the updates coming in 2016 and should make the choice of a preferred browser that much harder.

 

By | 2017-03-21T13:46:43+00:00 February 3rd, 2016|Computer Related|