Don’t Take the Bait: Tell-Tale Signs of Phishing Email Scams

illustration of fish and hook

We’ve all gotten those emails. They’ll come from a company you’ve done business with, or from someone you know. A boss maybe. The wording is odd sometimes—there are always phrases that seem a little off, like “I’m stuck on a conference”—but the tone is usually urgent. Some action or information is needed. A cell phone number. Or credit card or social security data. Or maybe just clicking a quick link.

They are phishing emails: a scam in which a hacker or cyber-criminal sends their target a message intended to trick the target into revealing sensitive information. They are a common security threat, but with their frequently outlandish requests (who knew there were so many Nigerian princes that need our help?), it’s easy enough to view phishing emails as an irritant at worst and comical at best.

However, cyber scammers have gotten considerably more sophisticated in their methods. It’s no wonder that in May of 2021 there was a 440% increase in phishing attacks.

The truth is, it just takes one mistake—whether that’s a gullible employee or a distracted click on a questionable link—to open your business up to a major security breach. That’s why it’s more important than ever to make sure that you and your employees know some of the common signs of spam emails, so they can send these nefarious missives to the trash bin on sight.

Here are three common signs to look out for:

1. Requests for Sensitive Info

Maybe a package you ordered is stuck in transit somewhere, and your credit card information is needed to expedite shipping. Maybe your account with an online shopping service has been suspended, and you need to answer some security questions to log back in. Or maybe an acquaintance is in a jam, and they need your bank account number to wire the cash they need to get home.spam email

Don’t believe it, and don’t share anything: the most tell-tale sign of a scam email is a request for some sensitive information. Simply put, no legitimate company or organization is going to ask for your social security number, tax info, credit card info, or similarly sensitive information over email, especially not an unsolicited email. Your friends and co-workers don’t need that information either. (Unless your friends and co-workers are, in fact, phishing scammers. In which case, get some new friends!)

Of course, some scammers won’t request info but instead will send a link to click or attachment to download. Typically, taking any action can lead to your system and network being invaded by a virus or ransomware. These types of phishing emails can be tougher to detect, so before you take any kind of action, check for other signs that the email may not be legit.

2. Suspicious Email Addresses

When you open your email box, you’re used to seeing new messages from friends or co-workers, as well as promotions from favorite companies. But if you click into one of those emails and something seems off, check the email address of the sender. Is it different from what you might expect in some way?suspicious email addressScammers are now able to make it appear as though their messages are coming from your contacts or businesses you trust, but the truth lies in the actual domain email address. If it’s from a business, does it have extra numbers? A spelling mistake? Does it seem to have no connection at all to the business it’s purportedly from? Then chances are it’s a scam.

Emails from contacts can be spoofed, too. But you know your friend’s email addresses (or should be familiar at least) – is this email from a different address than normal? Or if it’s from a co-worker, is the email coming from their typical work email, or is the owner of your company suddenly emailing you from a Hotmail account? If anything seems off, it’s best to proceed with extreme caution.

3. Awkward Language and Spelling Errors

phishing email languageWe know that writing can be tough (not everyone can write IT company blogs, cough cough), but when you see an email with numerous spelling mistakes, missing words, and odd phrases, it’s fair to assume that something might be awry. Though scammers are getting better at writing convincing emails (or utilizing increasingly sophisticated AIs), phishing emails are typically full of obvious errors.

After all, a major corporation will likely ensure that its email correspondence is clean and typo-free. And while your acquaintances or co-workers may not have the luxury of copy editors checking their work, if their email is filled with phrases or language they don’t typically use, you can rightly suspect it may not be their words.

Get Extra Phishing Protection from BITS

It’s true that some of these signs may seem obvious. But with the amount of correspondence we tend to get each day, it’s easy to let your guard down and click a link or download an attachment from a scammer. It can, and does, happen.

One thing that can help is a service called KnowBe4. It can send out emails designed to resemble standard phishing scams, meant to tempt employees to click. If they do, they can receive training from KnowBe4’s experts to help them recognize scams.

Even with that extra layer of protection though, the worst can occur. Fortunately, even if it does, you don’t have to be on your own. With cybersecurity from Beacon IT Services (BITS), you’ll have safeguards and firewalls set up to prevent scammers from causing too much damage. In addition, our data recovery services can help you get you back on your feet after an attack with minimal downtime for your business.

Contact us today to get started on securing your network. After all, you never know what’s lurking in your email inbox.

(Oh look! An email from Amazan.com. My package shipped but they need me to click a link to confirm my address… oh, wait a minute… something’s not right here…)

By | 2021-08-27T06:36:35+00:00 August 27th, 2021|Cyber Security, IT Services, phishing email|

Cyber Insurance: Why You Need It and How Beacon Helps You Save

person at computer

Bear with us here, because we’re going to take a moment to talk about a subject that isn’t particularly fun.

Insurance.

Ugggghhhh, right? Unless you are in the insurance business (in which case, sorry), there is nothing particularly enjoyable about insurance. It costs money, and if you ever use it, it means something bad has happened. Nope, no fun at all.

Insurance IS important though, and it can provide some peace of mind that if the worst does occur, you won’t be financially ruined. Chances are you already have a lot of insurance in your personal and professional life: auto, health, life, liability, the list goes on. But now it’s getting increasingly important to add cyber insurance to that list.

Here’s what you need to know about this new and evolving area of the insurance industry.

What is cyber insurance?

Sometimes also called cyber liability insurance, this type of insurance covers or mitigates the costs for a business that has been the victim of a cyber attack, whether it’s ransomware, a phishing scam, a virus, or some other form of hack.

Man with computer and phoneDo I need cyber insurance?

If you store important or sensitive data on your network, a hard drive, or in the cloud, then the short answer is, yes, you probably do. Or if a cyber attack on your business could lead to a significant loss in productivity and income, then the answer, again, is yes.

Though there might be some basic cyber coverage in your liability insurance, cyber insurance will offer you much more protection. It’s especially important if you store any personally identifiable information about your employees or customers, such as names, social security numbers, credit card or bank data, email addresses, or birthdays. Any of that data could be used by a hacker to target an individual, who could in turn sue you for the security breach. Many cyber insurance policies can help cover the costs of settling that litigation.

What does cyber insurance cover?

Even if you aren’t targeted by a lawsuit, you’ll still have extensive costs in the wake of a hack. Cyber insurance covers a variety of these, including:

  • The recovery of your system or data;
  • Notification of customers or clients of the security breach that may affect them;
  • The costs of business loss due to downtime or suspended operations;
  • A forensic investigation into your hack to prevent future attacks.

All of these costs, and others, are typically covered by a cyber insurance policy.

tiny cart of cash next to computerOkay, sounds like I need cyber insurance. What’s it gonna cost me?

Costs vary depending on the size of your business—and the size of your policy. Some policies may cost as little as a few hundred dollars a year, while others are in the tens of thousands.

Aside from your business’s size and coverage needs, your costs can be affected by some other factors. One is location. If, for example, you store your data on a European server, it may be subject to foreign laws regarding data security and insurance, such as the recently passed EU Cybersecurity Act. So, it’s important that you have a full understanding of your network and data storage setup before you begin exploring your cyber insurance options.

Another key factor in your insurance costs is your cyber security. Just as many health insurance policies go up in cost if you have too many risk factors, your cyber insurance costs will increase astronomically if you don’t have proper security measures in place. If, on the other hand, you have robust security—including precautions like multi-factor login credentials, antivirus software, firewalls, and VPN usage for remote access—your premiums will likely be much lower.

Furthermore, if you fail to take preventative measures to protect your network and data, your cyber insurance claim—no matter how much you pay for it—may well be denied. Some cyber insurance providers won’t even offer you a policy if you don’t have proper security in place.

Yikes! I guess I need to beef up my cyber security, too.

You sure do. Fortunately, that’s where Beacon IT Services (BITS) comes in.

We offer extensive cyber security and threat protection services to our clients in addition to cloud integrations, data backup, and other key managed services.

Contact us today to begin exploring how we can make your business more secure. Because after all, an insurance policy is the last line of defense for protecting your business, and with BITS providing security, you reduce the potential of having to put it to use.

By | 2021-07-23T07:31:05+00:00 July 23rd, 2021|Computer Related, Cyber Security, IT Services|

How To Protect Your Business From Costly Ransomware Attacks

It’s never good news when cybersecurity is in the news. Unfortunately, that’s certainly been the case this year, as story after story has emerged of cyber attacks and hacks crippling major corporations and utilities. The ransomware attack that halted Colonial Pipeline, hiking prices and causing gas shortages on the East Coast, was one of the most well-known recent incidents, but certainly not the only one: hackers also targeted food suppliers, insurance companies, communication companies, and many more. Indeed, one prediction from Cybersecurity Ventures predicts that businesses will be attacked by ransomware every 11 seconds by the end of 2021.

Though that particular estimate is on the higher (and more alarming) end, there’s no question that cybersecurity is an absolutely essential part of any responsible business’s IT agenda. If you run or work for a small business, you may not be a target of the multi-million dollar schemes affecting some of the major, international corporations, but you are still at risk. There’s no need for panic though. With a few precautions, you can make sure your business is protected.

Why Ransomware Attacks Are So Common Now

To begin understanding how you can protect your network, employees, and business, it’s important to understand what exactly is happening.

hacked laptopTo start, let’s look at exactly what a ransomware attack is. Essentially, ransomware is malicious software (or malware) that infects a computer or network, taking control and restricting access to files and programs. The only way for the system’s owner to regain control and keep their data from being destroyed or publicly leaked is to pay a ransom to the malware’s creators.

Lately, attacks like this gotten more frequent. Many exporters and observers agree that this is most likely a side effect of the COVID-19 pandemic.

Why? Due to the pandemic, many workers transitioned from working in offices every day to working from home. Unfortunately, many also began using unsecured remote networks to do their work, opening themselves up to attack.

At the same time, hackers took advantage of the fear and uncertainty bred by the pandemic to start sending out targeted phishing emails. Using subject lines with topics related to coronavirus prevention and safety measures, these emails, often falsely attributed to reputable sources like the World Health Organization or the Center for Disease Control, tried to dupe worried readers into surrendering important data and credentials. Sometimes it worked.

How You Can Keep Your Network Safe

Even as we better learn to battle COVID-19 and life returns to something closer to normal, the threat of ransomware attacks persists. Fortunately, protecting against them is not as difficult or complicated as it may seem.

Here are three steps to take:

icon of virus-free smartphone

1. Enlist the aid of managed services pros

To start, one of the key things to remember is that you don’t have to fight this by yourself. Partnering with a trustworthy and proven network management team like the experts at Beacon IT Services (BITS) can go a long way towards securing your network and your data. (Not to mention all of the other benefits of our services, including cloud migration, data recovery, and general systems maintenance.)

2. Set up a VPN

Next, your BITS team will work on securing your remote network. In most cases, that will mean setting up a virtual private network (VPN) for you and your team to work on. VPNs offer the security and function of a traditional, hardwired private network while still allowing users to access it remotely. BITS partners with SonicWall to offer a variety of secure and reliable VPNs that will secure your network.

3. Prepare your team to spot scams

You also must train your employees to recognize the signs of potential phishing emails. From keeping an eye out for suspicious and overly complex email addresses to unusual requests for social security numbers, credit card info, and other sensitive data, there are some simple things employees should always watch out for. Your IT expert can provide info on essential best practices and can offer recommendations on valuable services like KnowBe4 if more in-depth anti-phishing measures are required.

BITS will also install powerful firewalls and anti-virus software on your network to keep it safe from other threats. Our 24/7 network monitoring also allows us to identify any issues as they arise—before they become a problem for you and your business.

Don’t Fall Victim to Ransomware: Contact BITS Today

Don’t waste time: contact us now to get to work on securing your network.

If you already partner with us, don’t hesitate to reach out if you have concerns about your security. We’ll work with you to make sure everything is secure and that you have the best protection possible.

By | 2021-07-23T07:32:09+00:00 June 24th, 2021|System Administration, Cyber Security, IT Services|

Business on Top, PJs on the Bottom: Optimize Your Remote Office To Keep Working For You

woman working at home in business jacket and pajama pants “Are you working from home?”

It’s become a common question this past year as the COVID-19 pandemic upended our lives. When it was suddenly unsafe to work in the offices we’d spent years commuting to every day, we adapted fast: spare rooms were transformed into makeshift offices, old chairs were drafted into service as desk chairs, and our home wireless routers were pushed to their limits handling the new wave of traffic from video calls, file transfers, and Slack conversations.

We figured out how to use Zoom and GoToMeeting. More importantly, we discovered very fast that, angled correctly, our computer cameras would only capture the top half of our bodies, so we could throw on a respectable shirt and still maintain weekend-level comfort in pajama pants and slippers.

Yes, with the easier dress code, homemade coffee, and no time spent commuting, working from home definitely had its perks, even if what led us to that situation was tragic. But now, there are some encouraging signs that things may be improving, even if we’re not out of the woods totally yet.

Moreover, even as things return to something like “normal,” going to the office every may be a thing of the past. As more companies permanently move to offer remote work models, it seems increasingly likely that successful businesses looking to attract the best talent will need to take a hybridized approach, where employees can fluidly move from working at home to working at the office and back again.

The key to a set-up, like that, though, is ensuring that your business is optimized for remote work. If it is, you and/or your employees will be able to seamlessly transition back and forth between the home office and the traditional office as changing times and situations demand. If you’re not optimized, you may run into serious hurdles that impact your work.

Take a moment and ask yourself a few questions about your home office set-up, and determine if it’s working for you as well as it should.

coffee and computer at workstationAre you optimized for efficiency?

Because the pandemic hit so quickly, many were forced to scramble to set-up remote work solutions. Things simply needed to get done. But when it comes to ensuring that you can connect with your company servers and databases and collaborate effectively while remote, the quick solution may not be the best one.

Indeed, there’s no one-size-fits-all approach to remote work. Every business has different needs, and finding a remote work solution that best meets those needs is crucial. For many companies, a virtual private network (VPN) will offer the speed and reliability they need. Other companies may find that they also need a remote desktop set-up, so they can access programs they don’t have on their laptops.

Either way, choosing the option that works best for your company will allow your business to run smoothly no matter where you and your team are working from.

Is your network secure?

It’s unavoidable. Working with remote networks opens you and your business up to a variety of cyber-security risks. From viruses and hacks accessing open networks to data and records being stolen from Zoom, the systems and processes that allow for working outside the office allow numerous opportunities for hackers and others to compromise your security.

Does this mean that remote work should be avoided? Not at all. But a bit more diligence is required to stay safe. There a few simple solutions that can make a major difference.

For example, it’s invaluable to train and regularly update your team on best practices for spotting phishing scams and other potential attacks. It’s also important to password protect all valuable data and servers, with multifactor authentication.

One of the most important things you can do is set up a secure shared drive on the Cloud. Not only will this allow multiple people to work on the same file at the same time, it also offers protection through encryption.

man working at computer, smiling

Do you have the tech support you need?

As a beloved band of paranormal exterminators once asked, “who you gonna call?”

In a typical office, when something goes wrong, like a network outage, you know to contact your office IT pro for assistance. But working from home, an outage can make you feel completely cut off. It’s essential to have processes in place to address issues as they arise.

Even better, though, is having a dedicated IT team who monitors your network and can solve problems before they arise and cut you off. Even beyond maintenance like that, a dedicated and professional IT team can troubleshoot bigger picture issue’s with your company’s remote working set-up, and propose solutions and fixes that will prevent any issues from occurring.

We can help you find a remote office solution that really works.

Determining what home office setups work best for you and your team—now and in the long term—can be a daunting task, as can enabling all the protocols and protections you’ll need for cybersecurity. There are so many elements to consider, and there may even be technology and hardware issues you aren’t aware of.

Fortunately, you don’t have to figure it all out yourself. Your Beacon IT Services (BITS) team is ready to work with you to create a remote working solution that will deliver for your business and monitor your network. From selecting the best solutions to getting your network set up to being on-hand to make any changes that you need or address any issues that may arise, BITS will have your back every step of the way as you navigate the best ways to work in this changed (and changing) world. We’re just a click away.

So don’t trade in the sweatpants and slippers for slacks and loafers just yet. (Or ever). Contact us today and we’ll make your home office work as well for you as the real one, for as long as you need it to.

By | 2021-03-24T07:28:46+00:00 March 24th, 2021|System Administration, Cyber Security, IT Services|

What’s Hot in IT? New Programs to Keep Your Data Cool

hot day on the road

 

Whew! It’s the height of summer and it is HOT. Take your breath away hot. Cook an egg on the hood of your car hot. Don’t go outside unless you can jump in a pool hot (or at least dip your toes into a kiddie pool in your backyard).

In other words, it’s a good time to stay inside. And while your inside, cooling off with a glass of something cold and refreshing, you can think about a different kind of heat, like what’s generating interest and excitement in the world of information technology services.

So what is hot in IT these days? Cyber security is always a major trend. And as COVID-19 continues to move more business online, anything that can keep your business and your data safe are a high priority.

Beacon IT Services (BITS) is always on the lookout for new programs and innovations that can help protect our clients. “Security is still the name of the game in managed services,” says BITS account executive Kevin Lackey. “We continually research new security services / security stacks for our clients to ensure we can stay in front of any potential issues or threats. There are literally hundreds of options, but we try to tailor which offerings are 1) beneficial to our specific set of clients and 2) can be incorporated with our systems.”

Lately, two new products that will help our clients improve their security have got us particularly excited. Here’s a look:

Auvik: Network Monitoring

Auvik is a networking monitoring solution that allows managed service providers (MSPs) to monitor entire network infrastructures, including data centers, workstations, physical servers, and more. With it, administrators can manage multiple clients from a single parent account. From that parent account, they can then add two-factor authentication for all accounts, allowing for an ample security upgrade.

Auvik also provides a dashboard for administrators with a centralized view of overall network performance for enhanced maintenance and can detect connected devices within the network and establish a secure inter-network connection. This allows for easier and more efficient troubleshooting. Plus, it easily integrates with variety of workflow and business tools like Microsoft Office.

All in all, Auvik ensures that managed service providers like BITS can effectively monitor their client networks and keep them running with maximum efficiency.

Huntress: Intrusion Detection

Keeping networks secure from hackers requires constant vigilance, but Huntress software is valuable tool for keeping them out – and getting rid of any who may have found a way in.

While many hackers use their own knowledge of antivirus and preventive security systems to get past firewalls and establish a foothold in a network. They can implement hard-to-detect malware that only runs when a user logs in or even only the user executes specific processes.

Huntress is specifically designed to seek out those footholds and provide a means to correct them. It integrates with existing security measures, and gives managed service providers like BITS detailed reports on security compromises it finds along with detailed instructions for fixing the issue.

The result is a significantly more secure network without significant extra costs: a win-win for managed service providers and their clients.

BITS Will Connect You with the Best and the Latest in IT

Of course, knowing what’s hot in IT is only helpful if you’ve got a partner to implement it. BITS can be that partner for you and will implement the IT innovations that make sense for your business and its needs. From hot new programs like Auvik and Huntress to other established programs like Proofpoint, IronScales, and KnowBe4, we are poised to offer and deliver the solutions that make a difference.

Contact us today to discuss how we can help you, or request a free audit. No need to step outside: our remote IT will help keep your online business running and secure, no matter how hot it is outside. Cool.

Top Security Breaches of 2018

Some of the biggest companies in the world were hit by some of the biggest cyber security breaches in 2018. Of the 24 largest breaches of all time on the USA Today list, three of the top 10 occurred last year – Marriott, Under Armour and Quora.

But it’s not just the digital novices who are vulnerable. Cyber breaches were also a problem for tech-giants, like Google, Facebook and Twitter last year. If Google isn’t safe, what chance do small and medium-size business have of keeping their digital infrastructure secure?

A snapshot of the digital security landscape, afforded by a peek at some of the biggest breaches of last year, can at least give us an idea of what private business owners could be up against. That broad look should also provide the ammunition to assess what solutions need to be applied.

The Breaches

  1. Marriott: 500 million customers
    • What was stolen: names, addresses, email addresses, phone numbers, dates of birth, passport numbers, credit card and additional personal information
    • What happened: Reports of the breach alleged the company was hacked by foreign intelligence operatives. The vulnerability came via Marriott’s Starwood booking system, which the company purchased in 2016. Investigation revealed that the Starwood system was compromised since 2014.
  2. Under Armour (MyFitnessPal): 150 million customers
    • What was stolen: names, email addresses, encrypted passwords
    • What happened: The company discovered unauthorized third-party access to some of its customer data, but reported that its security measures kept the intruders from more sensitive information, such as GPS location, eating habits, credit card and Social Security numbers.                                                                     
  3. Google Plus: 52.5 million customers
    • What was stolen: names, email addresses, dates of birth, personal Google + session information
    • What happened: A security audit discovered that outside app developers could have had access to personal information of Google Plus users b/w 2015 and 2018. The company announced a breach affecting 500 thousand users in October (the breach occurred several months earlier). In December, Google revealed a second, bigger breach of 52.5 million users. Google is ending the Google Plus platform, and the breaches have helped to expedite its demise.
  4. Panera Bread: 37 million customers
    • What was stolen: names, addresses, email addresses, dates of birth and last four digits of customer credit cards
    • What happened: Panera was tipped to a database leak in August of 2017, but ignored warnings of security experts. The company failed to take action for eight months.

What Does This Tell Us?

It’s not every day that you’ll find yourself the target of government-sponsored hackers. Or is it? Reports have circulated for years about foreign hacking of corporate, government and infrastructure targets in the US.

Putting aside the fact that Marriott was potentially the target of international espionage, the company acknowledged a sub-optimal investment in cyber security. While internal security protocols did signal an unauthorized access to the system, they were not sufficient enough to detect the vulnerability during the acquisition of the system two years earlier. Marriott has since hired a new chief information security officer and began reporting on cyber risks to the company board.

Marriott, like Under Armour, was at least partially positioned to withstand cyber attacks. Both companies responded by studying their vulnerabilities and applying fixes in short order. Notably, they went to outside experts who could provide an honest, objective assessment of threats and recommend the right fix.

Google decided to keep the initial breach in-house – because they’re Google – and was burned by another, much bigger breach less than 10 months later.

Panera, on the other hand, mishandled everything – from the initial vulnerability, to the flagging of the issue by an outside security researcher. Eight months passed between when Panera was notified to when a fix was applied. And in the process, the company ignored a credible tip and efforts of an informed individual trying to help.

Hubris and presumptive arrogance on one end… insufficient deployment of security resources on the other. Despite the size of these companies, when it comes to cyber security, the execs of international corporations face the same type of problems and decision-making concerns as small business owners.

So, What Can Business Owners Do?

Well, the first thing to do is to acknowledge that cyber security is not your area of expertise. Guard against that hubris and arrogance by staying humble in your attempts to address this need. It’s ok to acknowledge that you’ll need the help of a trusted cyber security expert.

That said, the scale of the threats you’ll face is probably different than that of Marriott and Google. It’s unlikely you’ll face government-sponsored espionage. Small and medium-sized business are more likely to fall victim to ransomware attacks. As such, you’ll need backup and firewall services tailored to exploits favored by ransomware attackers.

At Beacon, we lean on the SonicWall Capture Advanced Threat Protection service to keep our clients free from ransonware and subsequent critical failures. The SonicWall platform is designed to discover and defeat zero-day (brand new) threats, and is set up to provide automated remediation – meaning you don’t have to lift a finger.

Beacon Knows IT Security

If you’re ready to take your IT security to the level it needs to be, give BITS a call. We’ll be happy to talk through the needs of your business.

By | 2020-09-22T12:27:04+00:00 February 26th, 2019|IT Services|

Employee Security Training: Your IT New Year Resolution

Happy New Year! What are you looking to do better in 2019?

The turn of the calendar tends to bring with it thoughts of personal growth and improvement.  But, for many business owners – their identity being tied directly to their enterprises – New Year’s resolutions often translate to things they can do better for their companies.

So, let’s restate the above question: What are you looking to do better for your business in 2019?

If you’re open to it, allow us to offer a suggestion: if you haven’t made cyber security a part of your company culture, make cyber security training for your employees a priority this year. Why? Because you’ll be shoring up the weakest part of your network defenses.

The Case for Initiating Security Training for Your Employees

It’s not a secret that employees are the weakest link in any organization’s security efforts. That doesn’t mean that your staff is going out of their way to jeopardize your network. They’re just either unaware of which actions leave the company vulnerable, unsure of what to do if they do encounter a potentially threatening situation, or simply don’t assign a great deal of importance to security concerns (this is sometimes called the “it’s the IT guy’s problem” syndrome).

In most cases, though, you really can’t blame the rank-and-file. Think about this:

  • 65% of companies have over 500 employees who are never prompted to change their passwords
  • 52% of business leaders don’t know what to do if cyber security is breached
  • 45% of employees don’t receive cyber security training at all
  • Microsoft Office applications (Word, Excel, etc) account for 38% of malicious file extensions
  • 91% of cyber attacks begin with a phishing email

What are these statistics telling us? First, that workers are routinely targeted – and via the communication methods (email) and business applications they rely on the most (Microsoft Office). Secondly, if/when things go wrong, management typically doesn’t empower employees to help in warding off the threats, and often has no plan of action.

Let’s take a look at a few more statistics:

  • cyber crime is expected to cause $6 trillion in damages by 2021
  • 61% of breach victims in 2017 were companies with less than 1,000 employees
  • average cost of malware attack is $2.4 million

If you’re a small business, a multi-million dollar mistake is hard to recover from. Encouraging your team to become more discerning digital users and an active part of your data security efforts is, simply put, the smart move. The best way to do that is with an active cyber security training program.

What Does Security Training Entail?

Education can cure a lot of ills. This is absolutely the case with cyber security concerns. But before you can teach, you much know where your subjects stand.

As such, the first part of training focuses on identifying what your trainees know and don’t know. At Beacon, we initiate our cyber security training program with real-world examples of cyber exploits. This is accomplished with a computerized test, where employees are asked to complete a few simple tasks, such as opening an email with an attachment.

The test serves two purposes. First, it exposes people to real life attack methods that they are likely to encounter. Secondly, it identifies the types of exploits to which your team is most vulnerable.

Once you know which types of tricks are most likely to work on your team members, you can arm them with the skills to shore up their vulnerabilities. That’s the second part of the training – teaching how to recognize when something is amiss and how to counter a suspected attack.

The training portion should be tailored to each employee, based on the results of their assessments. Focus on what they don’t know. You don’t want to waste anybody’s time going over concepts they already know well. Your team is more likely to retain information they find valuable and/or interesting – so, teaching them stuff they know is counterproductive. Each employee’s training should cover the exploits they did not handle well during the assessment.

At the end of training, be sure to remind your team of how valuable their contributions to network security are.

Beacon Knows Security Training

Want some professional help with your employee security training? BITS is here to help. We’re more than happy to get your team up to speed on the latest cyber threats.

By | 2020-09-22T12:27:04+00:00 January 28th, 2019|Computer Related, BITS News, IT Services|

Why Cheap Threat Protection Isn’t Saving You Money

Today’s digital landscape is fraught with security pitfalls. In the pioneer days of the internet, hackers mostly went after digital conquests to gain notoriety or for the thrill of getting past the most advanced security setups of that early digital period. In 2018, however, that hacker mentality has long been replaced by a different ethos.

Cyber criminals now are less likely to take pleasure in simply penetrating your digital security perimeter and taking a look around. If your organization suffers a breach, the consequences are much more dire.

Whether you work for a large, multinational corporation, or run a small business, once a security vulnerability is exploited on your network, all of your data, operations and business processes are at risk for exploitation — be it out-right theft, blackmail, sabotage, etc.

There are some stark numbers out there when it comes to cyber security:

  • 61% of organizations worldwide have been impacted by ransomware
  • 1 in 6 businesses lose more than 25 man hours following a security breach
  • 6 out of 10 small businesses that suffer a cyber attack close their doors within 6 months

Here are a couple more startling statistics: 65% of consumers lose trust in an organization following a security breach, and 31% cut off their relationship with the brand entirely.

Despite the growth in the sophistication and complexity of cyber exploits, and the threat to consumers, many organizations still operate under a “if it ain’t broke…” mentality. If they haven’t been hit with an attack recently, many are happy to roll with the same cyber security protocols they’ve been using for years.

Some may rely on security features embedded in their preferred browsers — Windows Defender, for example — or place their trust in the security features of trusted applications, like WordPress.

To be sure, the less-is-more approach does not work for cyber security. In fact, it’s a good way to lose your customers.

Windows Defender

Microsoft, like a number of other providers, offers a complimentary anti-virus, security software. The free Windows Defender is billed as “comprehensive, built-in and ongoing security protection.” However, Microsoft supplements the free version with the more robust Windows Defender Advanced Threat Protection (ATP) that consumers have to pay for.

On its own, Windows Defender can stop most viruses and digital threats (it does have to be updated fairly regularly). However, ATP offers “a unified platform for preventative protection, post-breach detection, automated investigation, and response.”

The advanced version of the software speaks to a more sophisticated threat landscape and the need for strategic planning and professional protection.

WordPress Vulnerabilities

Many businesses turn to the WordPress platform to build and host their websites — one of the draws being affordability. Of course, the site provides security for their customers, including encryption, firewalls, security monitoring and data backup and recovery. WP also has a team of cyber security professionals on staff “to address potential security risks.”

Nonetheless, the site acknowledges that no means of data exchange is perfectly safe, and that it “can’t guarantee absolute security of your site.”

Indeed, security of WordPress sites is a muchdiscussed topic — both because nearly 25% of websites run on the open-source platform and due to the prevalence of attacks. In fact, some of the vulnerability of WP is due to its popularity. While the WP security team does all it can to protect users, users themselves (especially those not well-versed in cyber security protocols) are security vulnerabilities as they can (sometimes easily) be targeted for exploitation. A good chunk of WP vulnerabilities are exploited through third-party plug-ins and themes that customers download themselves, a consequence of open-source coding.

For this reason, Beacon offers SITEXPRESS, our own, closed-source website platform.

BITS: Professional Approach to Data Security

It is certainly possible to create and execute an in-house digital threat prevention program on your own. However, if you are short on time, staff, or the required level of expertise, it’s best to trust your data security to a dedicated and professional team. For guidance on your threat prevention efforts, give the experts at BITS a call at 336.365.7703.

 

By | 2018-09-25T04:57:59+00:00 September 24th, 2018|IT Services|

Managed IT Services

Disaster Response Time

If you’ve ever been in the unfavorable position of seeing your business IT infrastructure compromised, you understand the necessity of an expedient response from your IT vendor. If you haven’t, thank goodness. Unfortunately, the rise in the number of successful web-based attacks increases the odds of you facing this situation sometime in the future.

Successful businesses protect themselves against known risks. So, how do you best prepare for the eventuality of your company network being attacked? Another way to ask this questions is: What are the elements of a good disaster preparedness plan that ensure the fastest response time?

At Beacon, we hang our hat on two essential elements when working with clients to secure their IT infrastructure: experienced live technicians, and a properly-configured remote tool kit.

Live Technicians Make All the Difference

It’s natural and easy to become reliant on technology. Humans have done this at every stage of our evolution. An appropriate present day example is the societal discussion taking place around automation. It’s true – robots and artificial intelligence may very well be the components that someday revolutionize the workplace.

But, even the smartest tech leaders of the most forward-looking companies are re-learning the value of human capital. As Elon Musk, the CEO of the upstart carmaker Tesla, recently acknowledged, there is such a thing as over-automation. It turns out that the key to ramping up the production of Tesla’s highly-anticipated Model 3 is not more robots, but more people.

We’ve always placed a high value on highly personal customer service. In fact, the calling card of Beacon’s IT services is the ability of clients to receive live assistance immediately.

If you’re faced with a cyber attack that took down your network, you don’t want to be reduced to leaving voice mails to your IT vendor. Or worse, relying on a corrupted or compromised network to figure out what’s what. You want to be speaking with a real expert right away, not three hours from now. It is this step that’s going to be the difference between restoring your network in minutes, rather than days.

Remote Tools Help Your Network Recover Quickly

Hopefully, your firewall solution is good enough to keep out any unsavory characters. But, if we’ve learned anything about IT security in the last few years, it’s that breaches can – and do – happen despite the most robust security setups.

If your defenses have been penetrated, what helps you get your systems back online the fastest is a responsive data backup system (that you had the foresight to install prior to the attack). There are two setups that yield the best results: local virtualization and cloud backup. Both can get you back online within hours, if not minutes.

Local virtualization relies upon an on-site device that’s connected to your network. In case of a breach, the device is automatically quarantined. It is then used to restore access to your data by transferring the data to a “clean” server, or by acting as a server itself.

The second method is similar to the first. The difference is in the way the backed up data is stored and accessed. In local virtualization, the backup data can be accessed locally, on the backup device.

With the cloud backup, your data is sent to the cloud at selected time intervals – could be as often as once an hour. The task can be scheduled for non-business hours or overnight, so it does not interrupt normal business operations. If the need arises, you can access the saved data from a cloud portal – a secure, dedicated web page. In this manner, you’re able to restore individual files; or, in a disaster recovery scenario, activate servers in the cloud to replicate the compromised servers on site. In some scenarios, cloud servers can even be set up to mimic the function of your on-site servers, allowing authorized users to access the data the way they normally would.

Is Your Network Protected From Today Exploits? 

If you’re not sure, give BITS a call at 336.546.6660. We’ll be happy to talk to you about your IT security concerns. Our team is experienced in crafting customized solutions for the most stringent requirements.

By | 2018-05-15T11:49:08+00:00 May 15th, 2018|BITS Team, IT Services|

Lessons in Cyber Security & Threat Prevention

Atlanta Ransomware Attack

The ransomware attack that took hostage a number of vital computer systems in Atlanta last month wreaked havoc on residents and sent the city’s administration scrambling. What can we learn from the situation?

Considering that city officials were aware as early as last summer that “severe and critical vulnerabilities” existed within the municipality’s computer network, the biggest takeaway is: DON’T WAIT to shore up your cyber security.

We’re not in the business of beating dead horses. And, surely, Atlanta officials have their hands full orchestrating the recovery from the attack and trying to return vital operations back to normal. Nonetheless, the fact that a 2017 internal city audit revealed an utter lack of preparedness to manage any sort of cyber threat should not go unmentioned.

What that means is the March 22 attack wasn’t a technology problem. As with most hacking efforts, it’s not the code that sinks you – it’s the human element that’s exploited for criminal gain. In this case, the human element was the inability of city administrators to respond to known threats. Not only was the city not equipped to handle an attack on its networks, it also didn’t have a proper response plan ready.

The number of ransomware attacks spiked sharply in the last year. So, if you don’t have an updated plan for your organization’s network security, you may very well be the next target of SamSam – the group responsible for the Atlanta situation – or another criminal outfit.

The good news is that there’s an army of cyber security professionals who are very skilled at crafting customized solutions. We, at Beacon, have been good at it for quite a while.

Protection Through Prevention

The best way to avoid a ransomware attack is to make sure that your network has a sufficiently strong firewall in place. A firewall identifies incoming web traffic and filters any suspicious or unapproved activity. The effectiveness of any firewall depends on how well it is configured. Typically, large networks require complex firewall configurations and a team of IT specialists for maintenance and monitoring.

Firewalls are great at protecting against known threats. However, new hacking techniques are developed every day. To defend against these zero-day exploits and other sophisticated attacks, IT pros deploy advanced automated audits that boot the threat off the targeted network. About 80% of current Beacon clients rely on this type of advanced protection. And, ideally, that number would be 100%.

Of course, even the most well-designed security setups can be breached. Criminal hackers know that people are the weakest link in network security and design attacks to take advantage of unwitting networks users. (There’s that human element again.) However, the odds of such attacks succeeding are low if your organization takes security awareness training seriously. Security seminars should be made available to every person on staff, and be repeated at least once every three years.

Recovery: It’s Good to Have a Back-Up Plan

Let’s be honest – sometimes hackers succeed even when you’ve done everything right. If that happens, you don’t want to find yourself in the same position as the folks in Atlanta. Backing up your network will protect you in case of a catastrophe.

While the concept is simple, data backup is actually a fairly complex process that takes considerable forethought. You’ll need to decide how often your network needs to be backed up (hourly, daily, weekly, etc). You’ll also have to examine how long your organization can go without access to your data.

A busy medical center, for example, would need to have its data backed up hourly to capture changing patient statuses, doctor’s orders, prescriptions, etc. With lives at stake, it would also be imperative to restore access to that data as quickly as possible.

Organizations that don’t deal with life and death issues would probably have less stringent requirements for their data protection plan.

We’re Here to Help

Have questions about your company’s cyber security? Give BITS a call at 336.546.6660, and we’ll be happy to talk to you about your concerns and data protection needs.

By | 2018-04-12T11:22:11+00:00 April 12th, 2018|IT Services|
Load More Posts