Cyber Tricks to Watch out for!

/in , , , , , /by

It’s fitting that Halloween falls during Cyber Awareness Month. That’s because cyber criminals and hackers love to dress up in costumes to try and lure us into online scams or to steal our passwords and sensitive data. This year’s most popular costumes are sure to include the usual suspects: IRS employees, friends and family members in need of cash, and the timeless classic–wealthy Nigerian princes and princesses.

But cyber criminals are also now wearing more sophisticated disguises that are becoming harder for us to identify who they really are. It’s up to us to stay on top of the latest cyber trends and be proactive when it comes to protecting our personal and business information from a devastating cyber trick.

Below are 4 current Cyber “Tricks” to look out for:

1 Malware & Ransomware

What’s scarier than werewolves? How about someone holding your computer files hostage while demanding a large sum for you to get them back! This year alone, ransomware attacks are estimated to cost businesses and individuals close to $12 billion in damages!

How to prevent Malware & Ransomware attacks? There are many things you can do to prevent becoming a victim of a malware or ransomware attack, which can be a devastating cyber trick. You can start by changing your passwords regularly, using multifactor authentication, not using public or unsecured WIFI, installing proper firewalls and antivirus software, as well as following these IT Best Practices.

Cyber trick

2 Social Media Scams

Hackers love to dress up as old high school friends or relatives trying to connect on Facebook and Linkedin, only to take advantage of your trust by asking you to click a corrupt link, viewing your private data, or even stealing your identity.

How to prevent Social Media Scams? Don’t post anything on social media that you wouldn’t want a stranger to know or see. In addition, be careful using apps that log you in through third-party sites; exercise caution when accepting friend requests; and never click on suspicious links or send money to someone asking for cash online (even if it is grandma)!

3 Corrupt Email Attachments and Downloads

Phishing scams are becoming harder and harder to detect. They may appear in the form of normal looking, everyday emails from trusted senders asking you to download a corrupt attachment or click on a corrupt link (often the source of a ransomware attack).

Also, as we discussed in the Cyber Crimes article: Case #104: The Heavy Machinery Hacker, some hackers are so bold that they impersonate vendors or trusted company employees and then ask for money to be wired for business-related purchases or expenses.

How to prevent online phishing scams? First, stay up-to-date on the latest phishing scams and educate yourself on what to look out for. Second, don’t click on any links or attachments without being 100% sure they are from a trusted source. Third, if anyone asks you to send money or for your private information, such as a credit card number, reach out to them by phone to verify that the transaction is in fact authentic.

4 Attacks on Service Providers

Is your IT company the weak link in your company’s online security? How about your cloud computing service provider? It’s becoming more and more common for hackers to go after vendors rather than individual companies.

Why? First off, there are no regulations in the IT Industry. That means your IT provider—the same company who has access to many of your passwords and sensitive company data—may not be practicing the high level of cyber security they preach, and thus are an easy target for hackers. In addition, IT companies work with multiple clients. So when a hacker infiltrates their network they gain information to all of their customer’s data.

It’s like leaving a candy jar out on the porch and letting anyone grab what they like.

How can you prevent a 3rd party vendor from being your weakest link? Only work with trusted service providers. You can start by making sure the vendors you work with have been thorough vetted by an independent auditing firm and are SOC certified.

For more cyber security tips to prevent a cyber trick, follow PCR Business Systems on Linkedin and Facebook.

Cybersecurity Awareness Month: How to Prevent Cyberattaks

/in /by

Did you know that October is National Cybersecurity Awareness Month (NCSAM)? NCSAM was created as a collaborative effort by the government and IT industry to bring awareness to the importance of taking proactive steps to protect yourself online. This goes for both home and the workplace. In honor of NCSAM, let’s talk about cyberattacks and how to keep your company from becoming the victim of a data breach.

Protecting Your Business From Cyberattacks

Companies are often the target of cyberattacks committed by cybercriminals in an attempt to gain personal or sensitive information. Many business owners who are in charge of smaller sized companies mistakenly think cybercriminals only focus on the bigger entities. 

However, small to medium-sized companies are often at even greater risk than their bigger counterparts. That’s why it’s important to review your cybersecurity measures, regardless of the size of your organization, to ensure your business isn’t vulnerable to an attack. 

Here are a few steps you can take to improve your business’s cybersecurity.

Secure Your Hardware

The first mistake many business owners make when addressing cybersecurity is focusing solely on the software side of things. They often end up overlooking the importance of securing the hardware itself. Many data breaches occur because of stolen equipment, so your cybersecurity strategy should start off with safeguarding company hardware.

Use Robust Passwords

Creating strong passwords can be a hassle, but it’s necessary for the protection of the various accounts you work with throughout the day. Too often, employees rely on weak or reused passwords because they’re easy to remember. However, weak or reused passwords are easy for hackers to crack. A good solution to this would be to invest in a password management tool. These tools take the hassle out of password creation by creating strong passwords for you and storing them.  

Perform Regular Updates

Your operating system (OS) works hard to fend off would-be attacks, but the effectiveness of that software decreases over time. This is because cyberattacks are a constantly evolving threat. That’s why companies such as Windows and Apple push out new updates for their OSs.  Keeping your OS updated with the latest security patches is a crucial step in staying secure.

Speak With an Expert

If the pipes in your building sprung a serious leak, you wouldn’t try to fix them yourself, would you? No, you would likely hire an expert to deal with the problem because they have the knowledge to fix it right the first time. The same thought process should be used for your cybersecurity. 

Managed IT providers like PCR Business Systems specialize in cybersecurity solutions and can provide the advice you need to enhance your protection. In addition to consultation, these providers can offer comprehensive services specifically geared toward proactively fighting against security breaches.

Educate Your Staff

You could have the best cybersecurity protection on Earth, but that won’t mean a thing if your employees are unknowingly creating a pathway for malware to invade your system. Most cyberattacks are socially engineered to trick people into inviting malware into your network. So while your staff may not be trying to compromise your network, their lack of knowledge could cause problems down the road. That’s why employees are often considered the biggest vulnerability to cybersecurity efforts. Properly educating your team on how to stay secure will dramatically improve your overall security.  

Stay Secure With PCR Business Systems

At PCR Business Systems, we’re dedicated to the protection of your company’s sensitive information. Our highly trained team of experts will work with you to build a comprehensive cybersecurity strategy. We’ll also provide security solutions so you can rest easy knowing your network is safe. For more tips on how to stay protected from cyberattacks or to learn about what PCR Business Systems can do to keep your important data secure, contact us today!

What We Can Learn From One Of The Largest Cyberattacks In History.

/in , , /by

It started with a single computer—one of tens of thousands from over 130 countries that were connected to the Maersk Network. It ended with the Danish shipping giant losing an estimated $300 million in a matter of days.

In the summer of 2017, in an office in Odessa, Ukraine, a port city on the Black Sea, a Maersk executive asked a member of his IT team to install the accounting software M.E.Doc (Ukraine’s version of TurboTax) on his office computer. Within seconds, NotPetya, one of the most costly and crippling cyberattacks in history began its reign of terror over Maersk—instantly turning computer screens black and completely shutting down the company’s network.

As the chaos quickly escalated, Maersk operations were halted throughout the world. Ships went dead in the water and tons of precious cargo (much of which was perishable) was stuck in shipping containers with nowhere to go.

But Maersk was only one of a number of companies and individuals who were devastated by the Russian-developed malware that was initially created to be used as a cyber weapon against Ukraine. Pharmaceutical giant Merck was believed to lose over $800 million, FedEx $400 million, and parts of Ukraine went weeks without power, food, or a working infrastructure—all as a result of NotPetya.

So what went so terribly wrong, and could companies have been able to prevent the NotPetya attack from occurring in the first place? To find an answer we must look at how NotPetya operated and how it was able to infiltrate computers in the first place.

It all began when Russian hackers hijacked the servers of a Ukrainian software firm that was in charge of providing updates for the M.E.Doc program. Going unnoticed, the hackers gained access into the update servers and thus also into the backdoors of all computers that had M.E.Doc installed. Once the malware was released, it was able to pull passwords and hack into other machines and applications using those same credentials, as well as spread throughout any company computer connected on a multi-network server. Once NotPetya infiltrated an operating system there was nothing the user could do. NotPetya was designed for one purpose only—to destroy everything in its path.

But what could Maersk and others have done to prevent the attack, and what can we do to protect ourselves from becoming victims of cybercrimes?

1- Multi-Factor Authentication: By now you should be familiar with and using Multi-factor authentication on all your connected devices. If you are not, Multi-factor authentication simply means that you must present multiple credentials (in addition to just a single password) in order to gain access to a machine, account, transaction, application, etc. 

By requiring all users to provide Multi-factor authentication you help safeguard your business against the leading cause of data security breaches- stolen credentials. In the case of Maersk, if employees were using Multi-factor authentication, NotPetya would likely not have been able to simply use passwords stored in each computer’s RAM to spread to other applications and computers.

Multi-factor authentication may seem like a time-consuming step, but trust us, a few seconds of added security could be the difference between being protected and becoming a victim. Just ask the executives at Maersk.

2. Timely updates, patches & upgrades: It is believed that many Maersk computers were still operating obsolete system software at the time of the cyberattack. A common misconception is that with how rapidly technology is changing you don’t need the “latest and greatest” software. As far as network security goes, this is a huge mistake.

As we wrote about in our piece “End of the Road for Windows 7 and Windows Server 2008 and 2008 R2,” once a software manufacturer ends support it doesn’t just mean you don’t have anyone to call if you run into a problem. You are also no longer provided with regular security updates or patches, leaving your IT vulnerable and unprotected.

Because Maersk was using an outdated operating system on some of their machines, those machines were never updated with the necessary security patches that could have protected them from NotPetya.

It is imperative that you stay up-to-date with all of  your software and program updates, not just with your operating system patches. Once a critical piece of your network loses support–whether it be Windows or any other application vital to your business–you must upgrade. There is no other choice.

3. Employee Best Practices: It’s extremely important to provide your staff with user-awareness training to mitigate the risk of a member of your team accidentally providing hackers with a backdoor into your system. Know your risks and review your security practices at least once a year to remind employees on what they need to be doing. Schedule periodic reviews of accounts, permissions and don’t allow access if it is not needed.

In addition, one of the key data breach vulnerabilities we come across is when companies allow users admin rights. Do not allow admin access where it is not absolutely necessary. With Maersk, all it took was a single employee in the finance department at one of Maersk’s hundreds of offices asking to download the M.E.Doc software. You must have the proper restrictions in place to prevent your employees from downloading software to their work computers that is not essential to your business and has not been reviewed by a credible IT firm or IT administrator.

Read more about Data Security Best Practices here.

4. Trusted IT Provider: There has been an increasing and alarming trend in which cyber criminals are shifting their focus away from individual companies and going after their IT Providers. The reason? IT Service firms hold the keys to the castle. In other words, they have access to your company’s and your client’s most sensitive data. This is a dangerous combination if your IT Firm or in-house IT team doesn’t have the ability or knowledge to provide your business with the level of service and security you require. 

Less than two months ago, Wipro, one of the largest information technology providers in the world was hacked. After being hacked Wipro’s systems were then used to target at least a dozen of their clients!

You need to have a conversation with your IT Service Provider or IT manager to make sure they are not your weakest link when it comes to cyber security.  Ask them questions like: are you truly maintaining critical security updates for your IT systems? Are my backups configured properly to keep downtime to a minimum? Do you have the resources to keep up with the growing IT demands of my business?

Keep in mind, the IT industry is highly unregulated. You must do your homework before hiring an outside IT firm or in-house IT manager.

5. Don’t think it can’t happen to you: The story of Maersk and NotPetya should serve as a reminder that all it takes is one corrupt file or program to allow hackers access to your network and to possibly bring down your entire company–no matter how large or small your business is. Don’t think for one moment that you are not a target because of the industry your work in or the size of your payroll.

Furthermore, one of the scariest things about NotPetya is the intent behind the attack, and the growing trend of cyber-warfare and cyber-terrorism– where the goal isn’t to collect a ransom  or steal data or blueprints on product design, but to simply destroy. It doesn’t matter who you are or what you do. We are all targets. We all must fight to stay ahead of hackers and keep from becoming victims.

In business since 2004, PCR Business Systems is the leading IT Service Provider in Northeast Ohio- and one of (if not the only) to be SOC 2 certified. That means we have been audited to ensure that we provide the highest level of service and security for our clients.