Monday, June 29, 2020

4 Major Cybersecurity Threats In 2020


XG Firewall v18
In this 30 minute webinar learn how Enhanced visibility, protection, and performance.
June 30  2:00 EST
Register Here


Businesses around the globe need to watch out for four major cybersecurity threats. These are bad passwords, phishing campaigns, accidental insider threats, as well as mismanaged account access. These threats are not new but the methods used by hackers have evolved.

Bad Passwords

The first place that hackers target is the password. People create passwords and they are easier to hack than security measures that are done by technology. If you know something about the person, you can easily guess their passwords. People commonly use passwords that mean something to them. Today, countless people are sharing too much information about themselves in social media. A smart hacker may easily figure out what your password is if you are an oversharer and you’re using common and weak passwords.

Fortunately, there are things you can do to fix the problem of bad passwords. You should create longer passwords, at least 14 characters. Don’t forget to add in capitals and symbols but it’s almost always the length of the password that makes the life of a hacker difficult. A program created by hackers need to make more combination to guess a long and strong password. This fix may not be fool proof but it can definitely delay an attack. So, use a long password that doesn’t have anything to do you with yourself. It’s also a good idea to use multifactor authentication for an additional layer of protection.

Phishing Attacks

Phishing schemes are not new. They have become sophisticated and are changing into true social engineering schemes. Hackers can now use tools to create a legitimate looking email. The logos, words, punctuation marks, spelling, and even the spaces look exactly the same as the original email that the hacker is spoofing. Phishingemails will lead you to log into a fake site, download a file, or click on an infected link. These could lead to huge problems if you are using the same sign-on information or if you are recycling passwords. You are giving hackers the key to your company’s large security digital footprint.

To avoid this, you should never click any unsolicited email. If you think it’s from a trusted website, you always have the option to reach out with them firms to verify if they did send an email to you. You should also get in touch with the company involved and verify if they sent the email.

Incorrectly Managed Account Access

Only a few of your employees need access to all systems in your business. Companies create new accounts for new employees. However, giving them access to everything is a risk that you don’t have to take. When you create new accounts, you can set in up in a way that they only have limited account access until they have been fully trained to use all necessary systems. Plus, only give them access to programs, information, and apps that are relevant to the work that they’re hired to do.

Accidental Insider Threats

You will have an accidental insider threat when one of your employees who’ve been given access to important systems failed to secure their access or credentials properly. This particular threat could create damaging exposures since the people you often trust have access to more of the information of your company. These kinds of exposure may lead to instant abuse on the dark web since hackers are always looking for these accidents.

Accidental insider threats is among the most difficult cyber threats to protect your company from. The best thing you can do is to train your staff regarding the security risks. Your employees need to know that if this happens, they have to report it to your IT department right away.

Call SpartanTec, Inc. now and let our team of ITexperts help you protect your business from these major cybersecurity threats.


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Wednesday, June 24, 2020

How To Stay Safe From Cybersecurity Threats


Protect Your Company Data Webinar

June 25  1:00 EST

Register Here


Cyberattacks has become a growing threat for small firms as well as the U.S. economy. The FBI’s Internet Crime Report revealed that in 2018, the cost of cybercrimes reached a whopping $2.7 billion. Cybercriminals target small businesses because they have the information they need and in most cases, they don’t have the security infrastructure that’s commonly found in larger businesses.

A recent survey conducted by SBA, showed that 88% of the owners of small businesses believed that their business may be at risk of a cyberattack. However, many of them cannot afford to pay for professional IT services. They also don’t have much time to spend on cybersecurity or they have no idea where to start.

Begin by learning about the most common cyberthreats, figuring out where your company is vulnerable, and setting up measures to improve your firm’s cybersecurity.
What Are The Common Cybersecurity Threats?

Cyberattacks have evolved throughout the years however, business owners must be aware of the most common threats that their company may be facing.

Malware

Malicious software or malware is an umbrella term that used for a software that is made to cause extensive damage to a server, client, computer, or a computer network. Ransomware and viruses are some examples of malware.

Viruses

Viruses are programs that are harmful to your business. They intend to spread from one computer to another as well as other devices that are connected to the infected system. Viruses have a tendency to give hackers access to your system.

Ransomware

It is a specific kind of malware that will infect as well as restrict access to your computer until you pay the ransom. Ransomware is commonly delivered through phishing campaigns. It will exploit vulnerabilities in your software that you forgot or neglected to patch.

Phishing

Phishing is a kind of cyberattack that use a malicious website or email to infect your system with a malware or gather your confidential information. Phishing emails tend to appear as if they have been sent by a legitimate company or a well known individual. These emails commonly encourage users to open an attachment or click on a link that contains a malicious code. Once the code is run, your system will become infected with the malware.

Evaluate The Risk Of Your Business

When it comes to improving your cybersecurity, the first thing you need to do is know your risk of an attack and in what areas can significant improvements be made. Through a cybersecurity risk assessment, you will determine if your business is vulnerable and it will also help you in creating an appropriate plan of action. This should include assistance when getting email platforms, user training, and recommendation on how to protect the information assets of your business.

Planning and Assessment Tools

Having a dedicated IT support, whether an external IT consultant or an IT employee, is the best solution. However, companies with limited resources can still take some measures to strengthen their cybersecurity.

FCC Planning Tool

The FCC or FederalCommunications Commission provides a cybersecurity planning tool to assist you in building a strategy that is based on your unique business requirements.

Cyber Resilience Review

DHS or the Department of Homeland Security is non-technical evaluation to assess operational resilience as well as overall cybersecurity practices. You could either perform the assessment yourself or ask for a facilitated assessment by the DHS cybersecurity expert.

Cyber Hygiene Vulnerability Scanning

DHS also provided a free cyber hygiene vulnerability scanning for smaller firms. This particular service could help protect your internet-facing units from common vulnerabilities and weak configuration. You will get a report for your action on a weekly basis.

Best Cybersecurity Practices

You should train your employees. Your workers and emails are the main cause of data breaches and hacks for small businesses since they are a direct method into your company’s systems. Training employees about the fundamentals of internet best practices could go a long way when it comes to the prevention of cyberattacks.

It is important to maintain a good cyber hygiene. You should install and update your antivirus and antispyware software. You can get them from different vendors. You should install updates and patches regularly to fix security problems and boost its functionality. You can set the updates to be installed automatically.

Securing your network is also crucial. You can do this by using a firewall. Secure and hide your Wi-Fi network. Your wireless access point or router must be set up in a way that it won’t broadcast its network name, also known as service set identifier or SSID.

You should also use strong passwords and use different ones for your accounts. Your passwords should include at least 10 characters, at least one uppercase letters, lower case letters, number, and special character. Use multifactor authentication and back up your data on all of your computers.  

Call SpartanTec, Inc. now and let us help keep your business safe from today’s cybersecurity threats.


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto


Monday, June 22, 2020

Cybercriminals Are Targeting Your Business And Your Employees Are In Cahoots With Them

Protect Your Company Data
Webinar June 25 1:00 EST
Register Here



Once you receive a ransomware email, this could spell disaster for your business. Do you believe this won’t happen to you? You should think again!

Cybersecurity measures projected cybercrime to cost the world around $6 trillion by 2021. Additionally, cybercriminals have a special target in mind – small businesses.

About 58% of the victims of cyberattacks were small businesses according to the 2018 Verizon DataBreach Investigations Report. This might appear counterintuitive for two main reasons. First of all, the huge payoff will appear to be had by targeting large organizations. Secondly, the news has been filled with headlines regarding cyberattacks on huge companies, not the smaller ones. One good example is the hack at Target wherein credit card details of millions of people have been stolen. But, here’s something that most people don’t know about it. The hackers managed to get access to the network of Target by infiltrating a small HVAC firm. Then they stole the company’s credentials to the network of Target.

A cyberattack can easily put out of businesses due to what you need to pay to clean up after the breach. As a matter of fact, Malwarebytes, which is the provider of malware remediation and prevention solutions, said that ransomware attacks has caused almost a quarter of small and medium sized companies hit by them back in 2017 to totally halt their operations. Recent figures show that about 60% of SMBs were forced to stop their operations after a cyberattack and they never reopened their business. The lost in revenue due to the downtime, the money spent trying to remediate the breach and the damage to their reputation could really add up.

Despite all these, many small business owners are not prepared to detect, prevent, or respond to any cyberattack. So how are your workers in cahoots with these hackers? 

Because the most common way cybercriminals get access to the network of small businesses is when somebody on that network clicks on an attachment or a link in an infected email. When they get inside your network, the hackers will do things like encrypt or steal your data.

Small businesses make the mistake of assuming that they won’t be targeted by hackers. They don’t give any cybersecurity training to their employees.

Cybersecurity Tips For Small Business Owners


1.    Change the culture and the mindset of the organization. Always assume that you can be a target.

2.    Provide training to your employees to boost their level of awareness and vigilance against potential threats and risks that exist.

3.    In case you don’t have the tech resources, hire a managed IT service provider that could help you with the risk assessment, identification of cyberthreats to your company, developing an incident response plan, and the implementation of countermeasures to eliminate high probability threats.

Make cybersecurity planning a crucial part of your business planning. If you fail to do this, your business may face an existential threat one day, something that you could have prevented.

Call SpartanTec, Inc. now and let our IT team help you set up the most effective cybersecurity measures that will protect your small business from hackers.


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Tuesday, June 9, 2020

New Data Breach Affected Some Bank Of America Loan Applicants

Protect Your Company Data Webinar

In this 30 minute webinar learn how to protect your company from phishing attacks.


If you're like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic.

If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data.

The breached data included, but was not limited to:
  • Your business' name and physical address
  • Designated company contact officials
  • Your firm's Tax Identification Number
  • The name of the company owner
  • The Social Security Number of the company owner, as well as the owner's email address, phone number and citizenship
Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem.

Per a company spokesman, "...this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process."

The company's official words on the matter makes the issue seem rather insignificant, but there's more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just 'authorized lenders' may have seen the details of your loan application.

The investigation is still ongoing, and so far, Bank of America has declined to comment on the growing number of reports described above, or offered any additional information. If you submitted your application to the PPP loan program by way of Bank of America, just be advised that for a brief period of time, others may have gained access to your application details, and that the problem that caused it has now been solved.

Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.

SpartanTec, Inc. is a local BullPhish agent. Contact us today for details.


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Thursday, June 4, 2020

Spear Phishing: Best Protection and Practices

Better Email Security


Organizations need an email security solution that automatically detects and blocks advanced targeted spear phishing campaigns. AppRiver’s Advanced Email Security delivers a unique email security solution that is more effective than standard solutions, and which proactively protects organizations from email-based cybercrime by merging advanced big data security, dynamic rules and security analystexpertise in order to anticipate the next wave of spear phishing techniques. It is imperative for full content inspection to be implemented and that every aspect of the email be evaluated using a multitude of techniques.

Multi-layered Security


Securing a network with a multi-layered approach is a best practice. Your organization should protect all security fronts by combining email and web security solutions with an endpoint AV protection layer. Web security platforms, such as AppRiver’s Web Protection, will complement email security and AV endpoints by not only blocking malware at the source, but also by scanning networks in search of resident malware that went untraced in the past that could potentially be calling home under the right circumstances.

By deploying the right combination of email protection, endpoint AV and web security, your business can close the security gaps present in each network and gain inbound and outbound traffic monitoring.

Audit your Security


Every business, including yours, has valuable IT assets such as computers, networks, and data. Providing adequate and effective protection of those assets requires that companies of all sizes conduct IT security audits to get a clear picture of the status of their network, become aware of the security holes they face and learn how to best deal with those threats. Contact us for a tailored security audit and threat analysis report that will provide you with critical information on the health of your email or network and also provide our recommendations on the best ways you can plug any identified security holes.

Limit User Rights


Some malware can be installed unknowingly by employees at the same time as other programs are downloaded. This may include software from third-party websites or files shared through peer-to-peer networks. Therefore, it is important to limit user rights as they pertain to the installation of software.

Security Tips for employees


With the popularity of spear phishing on the rise, it is always good advice to provide some tips and best practices to keep your employees aware of security threats.

Password complexity


Never stick to one single password for all your services! Instead, use different combinations for each service, use passwords with at least 8 characters, although 12 or more is recommended. Passwords should also be a random combination of uppercase and lowercase letters, numbers and symbols. A password manager can also help by managing multiple accounts and suggest strong password options.

Stay alert for suspicious links


Only click web links within emails you know to be authentic. If an organization, such as your bank, asks you to perform any activity that involves clicking links and entering credentials, either launch your browser and go directly to the bank’s site or just call them up to double check on it. Hovering your mouse over a link will always give some insight on whether the link could be spoofed and be fraudulent. However, some attackers try to obfuscate link destinations by using anchor text trying to look as a legitimate URL or URL shorteners to disguise the ultimate link destination. It’s best to always assume the worst when it comes to following links.

Employee Training Programs


Implement a course on security awareness and social engineering techniques that will help your users make better judgments about the content they download from the internet, receive through communications and access through the Web.

Security awareness training will also help users to be more careful about what they view, what they open and the links on which they click. While training by itself will not completely solve an organization’s security-related problems, it adds to the overall defense strategy by increasing the layers of security for the weakest element – humans. It will bolster the ability for users – the LAST (not first) line of defense in any security infrastructure to be more aware of malicious attacks against themselves and the organization.

Search yourself online


Be extra cautious when sharing data on social networks and limit what types of personal information you post on the internet: Review your online profiles and ask yourself how much personal information is available for cyber criminals to view? If there is anything that you do not want a potential scammer to see, do not post it – you should also consider reviewing your privacy settings on sites such as Facebook and Twitter to limit what information is left open for others to see.



Read and download the original article here.






Call SpartanTec, Inc. now and let our team of IT experts help protect your company from spear phishing. 


SpartanTec, Inc.
Fayetteville, NC 28304
(910) 745-7776
http://manageditservicesfayetteville.com

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto

Cities Served:
Fayetteville, Spring Lake, Hope Mills, Dunn, Aberdeen, Southern Pines, Pinehurst, Sanford, Clinto