The Technology Blog

What is a Social Engineering Attack?

By | Business Network Security, Cyber Security, Email | No Comments

What is Social Engineering?

In a social engineering attack, a cyber-criminal uses human interaction (social skills) in email messages, phone calls, or unannounced personal visits. This cyber attacker may be respectful and seem to be perfectly legitimate but will use psychological manipulation to trick victims into making security mistakes or giving away confidential information. He or she might claim to be an employee, repair person, researcher, or sales representative, and may even offer credentials. Regardless of how they contact you or who they pretend to be, this type of cyber-criminal has one goal: to obtain or compromise sensitive information about your organization or its computer systems.

Social Engineering Attacks Leverage Human Error

Social engineering attacks are especially dangerous because they rely on human error, not vulnerabilities in operating systems or software programs. By asking what may seem to be innocent questions, the cyber-criminal may be able to piece together enough information to infiltrate your organization’s network. The attacker will be persistent! If unable to gather enough information from the first source, he or she may contact another source within your organization, then use information obtained from the first source to bolster his or her credibility and build trust.

Social Engineering Attacks leverage human error to gain access to sensitive company information | Pros 4 Technology Blog

Social engineering attacks leverage human error to gain access to sensitive company information.

Social Engineering Attacks – Do’s and Don’ts

To avoid being the victim of a social engineering attack:

  • DO be suspicious of unsolicited email messages, phone calls, or visits from individuals asking about employees or other internal information.
  • DO try to verify the identity of an unknown individual. Directly contact the company the individual supposedly represents using a phone number or email address you know to be valid.
  • DO install and maintain anti-virus software, firewalls, and email filters to cut down on questionable traffic.
  • DO take advantage of anti-phishing features offered by your email server and web browser.
  • DO pay attention to website URLs. Though a malicious website may look identical to a legitimate site, the URL may use a variation in spelling or a different domain.

If anything at all about individuals or their questions seems suspicious:

  • DON’T respond to requests for personal or financial information.
  • DON’T click on links in email messages.
  • DON’T use contact information that’s provided on a website connected to the request.
  • DON’T send sensitive information over the internet before checking a website’s security.

Find more information on how to avoid being a victim of a social engineering attack on the U.S. Homeland Security Website.

I Think I’m the Victim of a Social Engineering Attack – What Should I do?

If you think you have revealed sensitive information about your organization:

  • Report it to network administrators and other appropriate personnel so they can be alert for suspicious or unusual activity.
  • Contact financial institutions immediately if you think accounts may have been compromised.
  • Promptly change any passwords you may have revealed. If you used the same password for multiple accounts, change it for each account. Don’t use that password in the future.
  • Close any accounts that may have been compromised.
  • Watch for unexplainable charges to accounts.
  • Report the attack to the police or government agency responsible for cyber-crimes, such as:

USB Drives & SD Cards Are a Security Threat

By | Business Network Security, Cyber Security | No Comments

Take Precautions With USB Drives and SD Cards

USB Drives and SD Cards: Small, quick, easy to use, AND RISKY!

The convenience of USB drives and SD cards makes them increasingly popular for transferring data from one computer to another. However, they can just as easily be lost, stolen, or infected with viruses or malware. Sadly, anyone can lose personal or otherwise sensitive information if they don’t take precautions when using these convenient devices.

A USB Drive Can Easily Infect Your Computer

USB Drives and SD Cards can infect computers by using malicious code (malware) which detects when a USB drive is being used. Once the infected drive is in use, the malware goes to work, and it’s likely you won’t even realize your computer has been infected. The stealthy malware runs behind the scenes while you use your computer, harvesting sensitive data such as passwords, encryption keys, and other information stored on your computer’s memory.

USB drives and SD cards are a security threat to your computer Pros 4 Technology Blog

USB drives and SD cards can infect your computer with viruses or malware.

How can I protect my data from an infected USB drive?

The good news is, there are many precautions you can take to make your computer less vulnerable to attacks.

  • Never use a USB drive you did not purchase yourself, especially on a computer containing private or sensitive data, and any machine you use for work.
  • Use a password or encryption on your USB drive as soon as you purchase it.
  • Keep personal and business USB drives separate.
    • Don’t use personal USB drives on computers owned by your organization.
    • Don’t plug USB drives containing corporate information into your personal computer.
  • Use a firewall!
  • Be sure to use and maintain security software and keep it up to date.
  • Use anti-virus and anti-spyware software and keep virus definitions up to date.
  • Disable auto run, which allows removable media (CDs, DVDs and USB drives) to run instantly when inserted into a drive. Disabling this feature can prevent malware on an infected device from opening automatically.

These precautions can go a long way in protecting your sensitive data while allowing you to benefit from the convenience USB drives provide.

Not All Cyber Security Threats Are Online

By | Cyber Security | No Comments

Common Physical Security Threats to Smartphones, Tablets and Laptops

  1. Theft/Loss: Be vigilant! Don’t let professional and personal information on your mobile devices and laptops fall into the wrong hands.
  2. Shoulder Surfers: Be alert to these “social engineers” who will be happy to peek over your shoulder while you access sensitive data in public places.
  3. Eavesdropping: Never discuss sensitive information where you might be overheard. Remember the old wartime mantra “Loose lips sink ships,” and make important phone calls only when you have adequate privacy.
Be alert to physical security threats to smartphones and laptops

Theft, shoulder surfing, and eavesdropping are common physical security threats to smartphones, tablets and laptops.

Protect Yourself by Following These Common Sense Mobile Security Practices

  • Never leave your mobile devices unattended, and don’t trust a stranger to watch them.
  • Use a privacy filter. It’s an effective way to prevent shoulder surfers from seeing what’s on your device. (Dimming your screen also helps.)
  • Use your own data connection or hotspot, not WiFI, when connecting in a public place. Avoid accessing sensitive data in public places.
  • Personalize your devices. Apply unique stickers or decorative cases on your personal devices to deter thieves who hope to steal them. (Verify company policy before you decorate business-owned devices.)
  • Use a sturdy case to protect your phone or laptop from accidents that could render them inoperable.
  • Seek privacy while you’re in airports, cafés, and other public places. Look for a spot where nobody can peer over your shoulder or listen to your private conversations.
  • Password-protect all your devices.
  • Program your devices to automatically lock after short periods of non-use.
  • Use lock screens to provide an extra layer of security.

Remember, both the security of your items and your personal security benefit from situational awareness. Stay alert when using your device in a public place.

Can You Recognize a Scam Email?

By | Cyber Security, Email | No Comments

Scam Email: Can You Recognize One?

You check your email and there’s a message in your inbox from a well-known company, possibly one you’ve done business with in the past, so it doesn’t seem particularly suspicious. You’re told your order is on hold due to an issue with the company’s credit-card processing system, requiring a wire transfer if it’s to arrive on time. Should you be suspicious? Yes! Scam email is one of the the fastest growing methods used by cyber criminals to steal from you.

Don’t Fall for Email Scams

Keep in mind, often emails that appear to be legitimate are used by cyber crooks as tools to trick you into sending them money. Don’t be fooled! It’s best to use caution because chances are, if you wire money to a scammer, you’ll never see that money again. Protect yourself!Scam Email - Can you Recognize One? Cyber Security Blog from Pros 4 Technology serving Sheboygan and surrounding counties

Suspicion: Your Friend, the Email Scammer’s Enemy

Approach any request for a wire transfer, whether by phone or email, with caution. Know that truly reputable companies will not reach out asking for a wire transfer; instead you should expect to pay a reputable company via your credit card (which often provides added consumer protections) or a service like PayPal. Without a doubt, it’s better to be suspicious than to fall prey to an email scam.

I think I’ve received a scam email. What should I do?

If you get an email that makes you even slightly suspicious:

  • Contact the company through a phone number or email address you can verify is real.
  • Don’t use any of the phone numbers or links contained in the email.

It’s best not to open an email attachment, even if it’s sent from someone you know, unless the sender has told you to expect it. Opening email attachments can put malware on your computer.

I Think I’ve Sent Money to an Email Scammer. What Should I do?

Act quickly!

  • If you wired money through your bank, contact the bank immediately and request a wire recall.
  • If you used the services of a money transfer company like Western Union or MoneyGram, call their complaint line immediately.

Report the details to:

How Safe is Public Wi-Fi?

By | Cyber Security | No Comments

Public Wi-Fi and Personal Information – Not a Good Combination.

Everyone knows – or should know – that using public Wi-Fi networks puts private information at risk. But let’s face it, we love the convenience it provides. While waiting for a delayed flight, it’s nice to check your e-mail, maybe get some work done, and Facebook is a pleasant distraction when your lunch date is running late. Nobody wants to use their expensive data plan when they don’t have to. But does the convenience of public Wi-Fi outweigh the risk to your privacy?

Convenience Has its Price: Public Wi-Fi and Cybercrime Go Hand in Hand.

Exactly what are you risking when you connect to public hotspots? That depends on who is snooping around and their level of sophistication. A quick look at the network might tell a snooper if you’re using an iPhone, laptop computer or other device. It doesn’t take much effort for that snooper to get more information using readily available software programs like Firesheep or Wireshark. Publicly accessible files like shared documents, photos and music can be easily accessed by others. Worse yet, cybercriminals have the latest tools to easily access far more, such as e-mails, passwords, data and other sensitive history on your device.

Man on laptop using public wi-fi that is not secure | Pros 4 Technology Technology Blog

Public Wi-Fi is neither secure nor safe and should be avoided.

Shop Safely Online…on a Secure Wi-Fi or Wired Connection.

Protect yourself from cybercrime. Never shop online, enter a credit card number or access financial information on a public Wi-Fi connection. Only type in usernames and passwords when you can do so from a secure connection.

Outsmart the Cybercriminals by Shunning Public Wi-Fi.

Your safest bet is to avoid public “open” Wi-Fi entirely by using your own data plan. Make sure your mobile devices are not set to connect automatically to available Wi-Fi. If you’re on a laptop, use your own hotspot from your smartphone or a mobile router like MiFi.

Look for public networks that are secured – ask for the passkey or other login credentials. Be sure the hotspot you’re connecting to is the right one – hackers often set up hotspots with names very similar to legitimate ones, hoping they can trick you into connecting to the wrong one.

The bottom line is that public Wi-Fi is not secure or safe, and should be avoided for pretty much everything but casual web browsing. Don’t make it easy for cybercriminals to access your personal information through a wireless connection that isn’t secure.

Cyber Security – 4 Common Small Business Network Security Mistakes

By | Business Network Security, Cyber Security | No Comments

4 Cyber Security Mistakes Commonly Made by Small Businesses

Bad habits can be hard to break, and that’s especially true when it comes to small businesses and cyber security. After all, it’s easy to think “that will never happen to me,” and let things slide that end up creating real security concerns.

Here are a few common business cyber security errors you should avoid:

1. The Post-It notes full of passwords.

Take a walk around the office. Most likely, you’ll find at least a few desks with Post-It notes full of passwords stuck to the bottom of a computer monitor. Yes, it’s convenient, but it also provides easy access to sensitive information to people who shouldn’t have it—like disgruntled employees or a thief during a break-in.

The Fix: Explain to your employees why this is a bad idea, and give them some ideas on how manage passwords safely.

Post-it notes full of passwords are one of the four most common cyber security mistakes made by small businesses

2. Out-dated operating systems.

Technology is an important part of every small business, but it’s often not a priority. That’s how things like updating operating systems slip through the cracks or get ignored until they become a serious cyber security threat. For example, do you still have systems running on Windows XP or Windows Server 2003? If you do, that creates a serious security vulnerability.

The Fix: If you’re running outdated operating systems, it’s time to transition to something more secure. As a managed IT service provider, Pros 4 Technology can help you execute a migration like this, and you can also have us take care of updates and patches going forward so you can make sure it gets done. We can identify outdated software and systems, as well as many other potential security threats during a no-cost audit of your business network.

3. Security software that never gets updated.

Do you think your business is secure because you invested in a firewall or installed antivirus software on your machines? That’s a great start, but if you didn’t take the next step and pay for subscriptions or updates to go with it, you aren’t nearly as secure as you think.

The Fix: Find out if you have the subscriptions and updates you need to keep your firewall and antivirus software as secure as possible. If you don’t, you need to get those in place as soon as possible. Consider signing on for managed IT services that include overseeing these types of updates going forward.

4. Old employees still have access.

Lax password policies and passwords that don’t expire create another security concern for SMBs. If you don’t set passwords to expire regularly, there’s a good chance a number of former employees still have access to your system. That doesn’t necessarily mean any of them will do something malicious, but why take the risk?

The Fix: Set up a solid password policy, and have passwords expire every 90 days. Yes, employees might think it’s a hassle at first, but the improved security will be worth it. While you’re at it, teach your employees the best practices for choosing a strong password that’s easy to remember but hard to guess.

Password Pitfalls

Using strong passwords is one of the easiest things you can do to help keep your data secure. While choosing an obvious phrase makes it easy to remember, it also makes it easier to guess. And there’s nothing easy about regaining control over compromised data.

Here are a few key tips on what to avoid when choosing a password:

  • Avoid a sequence such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or “1qaz2wsx,” which comprises the first two ‘columns’ of numbers and letters on a keyboard.
  • Don’t use a favorite sport or sports team as your password.
  • Don’t use your birthday or especially just your birth year. You should also avoid passwords that are just numbers.
  • Avoid using first names as passwords. Names of friends and family are particularly vulnerable.
  • Stay away from swear words and phrases, hobbies, famous athletes, car brands, and film names, which are all widely used passwords as well.
  • Avoid password reuse. If a hacker gains access to one of your accounts and all (or most) of them use the same password, you’re in trouble.

What if the worst does happen, and you experience a network security breach? With an automated, scheduled system backup you can ensure that you never lose your data. We can help you identify the source of the breach and prevent it from happening again.

Don’t leave your business wide open to hackers and other security breaches. Pros 4 Technology can help. Contact us today to schedule your No-Cost Network Audit and begin protecting your business!

Source: Intronis Industry and Tech Blog, April 22, 2015. Reprinted with permission.

Ransomeware: Small Business Network Security Threat

By | Business Network Security, Cyber Security | No Comments

Small businesses are being targeted with Ransomware as often as big companies.

It’s Monday morning: you pour your coffee and sit down at your computer. A message pops up on your screen: your files have been encrypted and you can’t access them, unless you pay a ransom in untraceable bitcoin to a faceless criminal over the internet. Your computer has been infected with a Ransomware virus.

Shock. Panic. Confusion. Your business comes to a screeching halt.

Ransomware is a specialized kind of malware virus used for cyber-crime. This particular virus has become a huge threat for small businesses, where network security is typically far more lax than larger corporations, and data backups may not be available. Ransomware viruses work by encrypting files on the compromised computer. They start slowly… locking up files that you may not use all the time. Maybe you try to open one and get a message that says the file is corrupt, but you shrug it off. Eventually, the ransomware encrypts all the files on your computer, making them inaccessible.

When the dirty work is complete, a message pops up on your screen that says something like “Your important files were encrypted with CryptoLocker virus. The only way to get your files back is to buy our decryption software.” If you pay the ransom, you are given a decryption key. If you don’t, you may lose your files forever. If you try to remove the malware, there is no way to retrieve them. If the infected computer has network access, ransomware can infect your entire network, and the ransom amount typically goes up with the number of files that are encrypted.

CryptoLocker warning message Pros 4 Technology Plymouth Wisconsin

Many people we talk to have no idea that this type of computer virus is out there, or that it could happen to them. Cybersecurity and network security deficiencies that can expose your data to cyberattack by Ransomware and other viruses are some of the most important things we uncover with our No-Cost Network Audit for new clients. Current Pros 4 Technology clients with Managed IT Services rely on constant network monitoring to identify issues and threats early, before they can devastate their business.

Common network security vulnerabilities we identify include:

  • Firewall problems: sometimes there is no firewall. More often, a firewall has been installed properly, but it has actually been turned off by a frustrated user in an attempt to make some piece of software work.
  • Anti-virus issues: Most businesses have an anti-virus program installed, but you wouldn’t believe how often we discover that no updates have been installed. The bad guys are always coming up with new ways to break into your computers, and the anti-virus software developers are constantly updating their programs to find the new cyberattack threats. If you don’t install the updates, there is no way to find and remove those new viruses.
  • Risky employee practices: We want to trust our employees, but the fact remains that human error is the single biggest cause of computer virus infection. Sometimes it is as innocent as employees being gullible enough to open a suspicious email attachment, or click a link in a spam email. Visiting inappropriate websites can be a source of exposure as well.

Would you believe that our team fields calls about ransomware 2-3 times per week?

Imagine if ALL your business data was locked up. All your emails. All your invoices. All your client files. Would you pay the ransom? Would you have a choice?

Pros 4 Technology clients DO have a choice. We make sure that every client’s anti-virus protection, firewall, and network security is fully updated and functioning to prevent exposure to cyber-attack from malware and viruses, including CryptoLocker and other ransomware. Our Managed IT Services include constant monitoring of client networks that allows us to identify and address problems and threats early, before they can devastate a company.

Despite these precautions, sometimes ransomware still finds its way on to workstations. Employees can expose their work computers by opening an email with a malicious attachment or even by visiting certain websites. The mechanisms for infection are constantly changing. It’s critical to design employee network accessibility to minimize the potential for infection of your entire network by a single workstation.

The good news – Pros 4 Technology clients don’t have to pay the ransom.

  • We are constantly looking for suspicious activity through remote monitoring of our clients’ networs. If something isn’t right, we’re notified, day or night. If one of your employees is leaving you open to cyber-attack, we can find that, too.
  • We minimize the risk to your business from any malware attack by making sure that network settings are appropriate, so one infected computer can’t bring down your entire server.
  • We make sure all of our clients are protected with updated anti-virus protection and security software.

But suppose the worst does happen, and one of our clients is greeted with an ominous ransomware message some Monday morning… what then? Our automated, scheduled system backups ensure that our clients never lose their data. By having a clean, verified backup of your files standing by, we can have you up and running in hours, without paying the bad guys.

Don’t leave your business open to this kind of extortion. Pros 4 Technology can help. Contact us today to schedule your No-Cost Network Audit and begin protecting your business!