31
Oct, 2022
telltaleHDD_400.jpg

The Tell-Tale HDD

telltaleHDD_400.jpg

If Edgar Allan Poe worked in an office, here’s what one of his works would sound like:

True!—nervous—very, very dreadfully nervous I have been and am, but why will you say that I am mad? The office had sharpened my senses—not destroyed—not dulled them. Above all was my sense of hearing. I heard all things in heaven and on earth and many things in…the other place. So, how then am I mad, especially when I can so healthily and calmly tell you this story?

It’s impossible to say how the idea first entered my brain, but once conceived, I couldn’t get it out of my head. There was no reason for it, there was no feeling behind it. I really liked my boss. He had never wronged me, he had always respected me. I wasn’t even that jealous of his money. I think it was his eye…yes, it was this. Whenever we were working in the office, his gaze would fall upon us and my blood would run cold. After a while, very gradually, I determined that I needed to take my leave of the company, and rid myself of his critical gaze. 

To do so, I would take the company’s data along with me to make me more valuable to the next company I found.

Now, this is the point, and why you probably think I’m nuts. Here’s the thing, though…would a crazy person so carefully and cautiously make such a plan as I had? I was the ideal employee for the boss. Every day, after the boss had left, I would copy a bit of the company’s data onto a hard disk drive I kept hidden in my desk. I did this for an entire week, adding a little more data to my drive each time. Every morning, when work began, I would stride in confidently and greet the boss, asking him how his evening was. So, he would need to be very quick to suspect that I was siphoning away some of his data after he left.

On the eighth night, I set up my hard drive to copy more data than ever, and I felt more accomplished than any night prior to this one. There was so much data that I now had to offer a new employer. To think I had managed to collect so much valuable data, little by little, and for the boss to have no idea. I couldn’t help but chuckle to myself. The boss heard me, and he came out of his office quite suddenly. You’d think that I’d be concerned—but no. The office was dark, with most workstations asleep, and the door could only be opened from the inside. I knew that I was hidden from his sight, so I continued my work.

Suddenly, my workstation beeped, and the boss turned to my direction, crying out—”Who’s there?”

I stayed very still at my desk. For a whole hour I didn’t move a muscle, and he didn’t close his door after he returned to his office. He was waiting there, listening, just as I had done each night of the preceding week.

After a moment, he groaned, and I knew he was scared. This wasn’t a groan of pain or grief—oh, no—it was the sound that comes when someone is stifling back deep terror from their soul. I knew it well, because the same feeling would hit me in the late hours of the night, and would make a similar sound myself. I knew how my boss felt, and almost pitied him. Almost. I could hear him muttering to himself, trying to explain away his nerves. He quickly gathered his things, continuing to explain away his nerves to himself, and promptly left—still never discovering me at my workstation.

I waited a long time, listening for the elevator doors, the sound of his car driving away, before I resumed my work. The glow of my display illuminated my hands as I copied file after file to my hard drive. With quiet determination, I took a copy of every file, my hidden hard drive whirring away as data was added to its stores.

Suddenly, I hear it—a rhythmic, quiet clicking, emerging from the drawer containing my hard drive, punctuated by high-pitched squeals. Panicking, I turned off my workstation, killing power to the drive, and swiftly left the office and made my way home. In my haste, the drive was left in the drawer. Returning home, I slept a fitful and restless sleep.

When morning came, I returned to the office filled with confidence, yet tired from my restless night. As such, I was on edge. I sat at my desk, with little patience for the droll chatter that my coworkers were sharing around me. I booted up my workstation, smiling despite myself, knowing that in the desk I sat at laid the proof of my triumph. I smiled, greeting my coworkers politely, keeping up the ruse to avoid any suspicion.

My coworkers suspected nothing, my cheerful demeanor and casual spirit giving them no reason for concern. Before very long, however, I grew more tired and my head began to ache. Meanwhile, I began to hear a quiet screeching which grew louder and louder as the day passed. I continued talking to try and drown out the sound, but it wasn’t long before I realized that the sound wasn’t just in my head.

I felt myself grow pale, although I continued to confer with my teammates to try and drown out the sound. Yet the sound continued to grow. I spoke louder, more animatedly, but the sound still grew louder. I continued to speak, more and more aggressively, but the noise still grew more and more pronounced. How could my coworkers not hear the clicking and squealing coming from my drawer? I kicked my feet against the side of the desk where the hard drive was kept, but the noise was still drowned out by the squealing and clicking. Yet my coworkers still chatted pleasantly and cordially. Could they really not hear it? No, that was impossible. They knew—and not only that, they were mocking my attempts to hide it.

I couldn’t take it any longer. Louder, louder, and louder the clicks and screeches grew, and I could no longer stand to look at their calm faces, hear their trifling conversations. I needed to scream, or I would explode. Louder, and louder, and louder, again and again and again—

“FINE,” I screamed. “I can’t take it anymore! I admit it, I was stealing data! Here, look in my desk—here, here it is—the clicking and squealing of the horrible hard drive I used!”

We understand how scary the thought of an insider threat can be, nevermind the idea that it could be your business’ equipment that fails in such a spectacular fashion. We’re here to help protect you against these circumstances and many, many more. Give us a call at 810.230.9455 to learn more about what we can do for you.

Happy Halloween!

28
Oct, 2022
support_331015767_400.jpg

IT Consulting Brings Loads of Benefits to Your Business

support_331015767_400.jpg

IT consulting is one of the most valuable skills you can bring into the fold for your business. Yet, many business owners are not privy to the details of how it works and why. Simply the act of talking to a professional about something can save you countless headaches along the way. Let’s discuss some of the ways your business benefits from a consultant.

Providing Information

A consulting service’s primary purpose is to provide you with expert information. To provide the best input possible, you will have to trust some organizational data to the consultant. Consultants will generally conduct surveys and ask you many questions in order to give you the most informed feedback they can. You can then use their external perspectives to make any adjustments to your infrastructure.

Solving Problems

If you’ve had your eye on the same problem for long enough, even an internal team can get flustered and give up if the solution isn’t found after so much of an investment. A fresh pair of knowledgeable eyes can work wonders to look at problems from a different perspective and, therefore, discover solutions that you least expect. Plus, if the problem is being caused by another problem, they can help to find that, too.

Diagnosing Inconsistencies

Businesses are notorious for not operating as effectively as they could be all the time, leading to operational inconsistencies which can hold them back. A consultant can help to identify what’s causing these inconsistencies and suggest ways to address them, like implementing a new technology solution or service.

Building Consensus

Your business has many employees, all of whom need to be on the same page about certain issues and policies. Technology can be a huge boon to address the above challenges, but only if it’s implemented appropriately and used by a team that is willing to learn how to use it. The kind of end-to-end continuity your business needs can be achieved through the advice of an IT consultant.

Working with technology is already stressful enough without an IT consultant on your side. Let us take care of the heavy lifting for you! To learn more about how our consultants and technicians can make working with technology as easy as can be, reach out to us at 810.230.9455.

26
Oct, 2022
keyboardShortcuts_474696794_400.jpg

Tip of the Week: Useful Google Chrome Shortcuts

keyboardShortcuts_474696794_400.jpg

We know that time is of the essence, especially in today’s fast-paced work environment. To help you fully leverage the technology at your disposal, we recommend that you read through this list of Google Chrome keyboard shortcuts and take them to heart. You never know when they might come in handy.

Handy Google Chrome Keyboard Shortcuts

We thought today we could use this blog to show off a handful of helpful Google Chrome keyboard shortcuts that you might find useful as you navigate the workday.

  • Ctrl + Shift + B: Show or hide the bookmark bar
  • Ctrl + Shift + O: Open your bookmarks manager:
  • Ctrl + Shift + T: Reopen a closed tab: 
  • Ctrl + Shift + W: Reopen a closed window
  • Ctrl + Click: Open a link in a new tab 
  • Ctrl + D: Bookmark your current tab
  • Ctrl + J: Open the downloads manager
  • Ctrl + T: Open a new tab
  • Ctrl + H: Open your History
  • Ctrl + Shift + Del: Delete your History
  • Ctrl + Shift + N: Open Incognito Mode

Of course, there are the standard keyboard shortcuts as well in addition to the above, but if you would like a comprehensive list of shortcuts, Google has compiled their own list here.

Did we forget any that you find particularly useful? Be sure to share them with us in the comments, and make sure you subscribe.

24
Oct, 2022
2023trendDigital_538611465_400.jpg

Let’s Take a Look at 2023’s Business Trends

2023trendDigital_538611465_400.jpg

With 2023 sneaking up on us, you’ll need to consider the many challenges that businesses will face as we move into the new year. Many of these challenges can be remedied simply by implementing the right technology solutions, too!

Inflation and Supply Chain Issues Will Linger

COVID-19 has impacted the global economy on a scale which will continue to impact businesses well into the new year. Many of these issues will be worsened by the ongoing conflict between Ukraine and Russia. Businesses will need to take inflation and supply chain issues into account when implementing new technology, but how can you do this effectively?

Whenever a certain level of risk is involved with your business, you need to be able to conduct an examination of how likely the risk is to impact your operations. By performing these tests, you’ll be able to mitigate risk more effectively.

Customer Experience and Sustainability Take Front and Center

While customer experience and sustainability have always been important, 2023 will see them become a major priority for businesses. More focus is being placed on social and environmental issues than ever before, and this trend will continue to influence policies and procedures within your organization. This is especially important for your business’ relationship with external groups and even amongst your technology providers.

Similarly, your customers, clients, and prospects all want to know that you are operating with the environment in mind, all while ensuring that they receive an impressive customer experience. This will require that your business invests in the right technology solutions to streamline workflows. Automation, for example, can be used to free up employees to focus on these critical elements of business.

You’ll Need to Invest in Employee Retention

The pandemic has brought many issues with the workplace that have hidden just below the surface for too long, like burnout and other mental health problems that the workplace can create or exacerbate. Whether it’s combating “the Great Resignation” or “quiet quitting,” it’s up to you to ensure that your team is satisfied enough to stick around and perform their duties the way you expect them to.

In other words, you need to make an effort to provide your team with meaningful and fulfilling work. A hybrid workplace can go a long way toward making this happen, but upward mobility and better pay or benefits can also be a good incentive.

Let Us Help You With These Issues

No matter what the next year brings, NuTech Services can help your business with whatever technology it needs to overcome the challenges presented. To learn more, reach out to us at 810.230.9455.

21
Oct, 2022
securityQuestions_504396769_400.jpg

Why Security Questions are Terrible for Security

securityQuestions_504396769_400.jpg

What is your mother’s maiden name? What street did you grow up on? What is your favorite movie?

How about: What good do you really think these questions are going to do to help keep your accounts any more secure?

Seriously, there are a few big problems with the security questions that a lot of businesses, websites, and other accounts rely on. Let’s discuss why these security questions don’t work, and what some alternatives might be.

So, What’s So Bad About These Security Questions?

Let’s walk through an example to illustrate just that!

So, let’s say I was a mean little cybercriminal, and I wanted to help myself to the contents of your bank account. So, I go to your bank’s website, which I confirmed by sending you a phishing message. I also happened to confirm your username (and why I didn’t just take your password along with it, the world may never know) which I can then input into the bank’s website.

Oh darn, I still need that password…or, I can click the handy little Forgot password? link next to the entry field. I’m presented with a few options for your security question, and I have an easy enough way to potentially deduce any of them.

What was your mother’s maiden name? Off to Facebook, for which you either haven’t set your privacy settings or an update reset them without your knowledge. From your profile, I can easily go through and find who your mother is, who just so happens to use her maiden name in her profile so old friends can find her. Security question answered.

What is your favorite book/movie/etc.? Again, Facebook can come in handy here, as it’s somewhat likely you set up your bank account’s web credentials at around the same time as your Facebook. Facebook lists out the books and movies and shows and general interests that people have, and these pages are never as popular as when a Facebook account is first created.

Otherwise, a little bit of perusing through your photos might tip me off, especially if I find countless pictures of you wearing Twilight merch in the early days of you having Facebook, or see lots of John Grisham novels in the background.

What was the name of your first pet? Once more, Facebook is a handy resource. All I’d have to do is search a profile for any mention of a pet and I’ve got a pretty good chance of finding the answer.

Once I’ve completed my bit of Facebook snooping, I can simply give the bank the answers they need for their “security” questions, and I now have total access to your finances.

Keep in mind that Facebook is just one social media platform, too. By posting our entire lives on the platform, we’re putting a lot of trust in their security and in our own capabilities not to overshare or create secure passwords.

It Gets Worse, Too

While it’s getting to be a little old at this point, a study conducted by Google back in 2015 found that many of these security questions have horrifyingly predictable answers.

For instance, the study found that an attacker had a 19.7% chance of correctly answering, “What is your favorite food?” if they only had one guess and knew that the user spoke English. If a user spoke Arabic and the attacker had ten guesses, they had a 24% chance of correctly answering “What was your first teacher’s name?” If the targeted user spoke Korean, ten guesses gave the attacker a 43% chance of answering “What is your favorite food?”

That’s not even mentioning how the cultural differences between the person writing the questions and the person using them to secure their account can pigeonhole the user into selecting a more-easily-guessed answer because these cultural differences make for different experiences. Maiden names aren’t a globally-accepted tradition, after all.

Finally, if the attacker has a bit of technical skill, they can always try a brute-force attack against the recovery question—which, without the complexity requirements that passwords are subject to, is likely to take much less time.

So, If Not Security Questions, What Can We Use to Secure Accounts?

There are a few measures that can be taken to improve security safeguards. For instance, multi-factor authentication and biometrics can make it easier to access your accounts, without making it easier for attackers to do so.

Reach out to us today to learn more about the different authentication and security measures that we can help you implement. Give us a call at 810.230.9455 today!

Oh, and go check that your social media accounts have the right privacy settings.

19
Oct, 2022
patch_62255343_400.jpg

Everything You Need to Know About Patch Tuesday

patch_62255343_400.jpg

In the technology news sector, you’ve probably noticed a trend where Patch Tuesday makes headlines at least once a month. This is generally the day when Microsoft issues patches and security updates for its many different technologies, and it’s important for your IT department to know when Patch Tuesday falls each month.

Patch Tuesday Explained

Microsoft is perhaps the most high-profile software developer in the world, and with that kind of reputation comes many different technologies that must be maintained for countless people and organizations all over the world. However, no matter how big a deal Microsoft is, there will always be oversights and mistakes made, especially with complicated technology front and center.

This is why Patch Tuesday exists; it gives Microsoft one day a month dedicated to address performance issues and security risks associated with their products. Every month, the Microsoft Security Response Center issues information and updates using the Common Vulnerabilities and Exposures numbers on their website. These updates typically cover all current Windows operating systems and products which have not yet met their end-of-life or those that are on an extended support contract.

Patch Tuesday is the second Tuesday of each month. Patches and updates are issued at 5:00 p.m. (UTC).

Why Is It Important?

When they are addressed in a routine fashion like this, IT workers for businesses that use Microsoft products can prepare to deploy these patches and updates accordingly. IT workers need to prepare blanket installations to the entire infrastructure, so an official date makes this much easier to pull off.

Hackers also find Patch Tuesday to be helpful, as they can look through Microsoft’s patches and updates for code that might give away hints about other potential vulnerabilities. In other words, they reverse-engineer patches to target individuals who have not yet implemented the patches and updates, thereby punishing them for not understanding the importance of them.

Why Should You Implement Patches and Updates?

Patches and updates are issued so regularly because your business has so much to lose if you don’t implement them. Patches and updates clean up potential security concerns with your software that could give hackers access to your infrastructure, and with how crafty hackers are these days, new vulnerabilities and bugs are found all the time.

Even Patch Tuesday is not an infallible solution, though, as there are often vulnerabilities that can go months or even years without being detected, simply because nobody is actively exploiting them. In cases like this, security researchers happen upon the bug or vulnerability and address it in the next updates. However, if they find one that is being actively exploited, you can safely bet that Microsoft will issue patches or updates more expediently.

Does patching your technology give you some anxiety? NuTech Services can help out with these tasks. To learn more about how we can help keep your technology safe and updated, reach out to us at 810.230.9455.

17
Oct, 2022
malware_159695428_400.jpg

These Are the Ways You Get Malware

malware_159695428_400.jpg

Malware has been a problem for people that rely on technology for decades. Like the security that is designed to mitigate the effect of malware, the malware itself has grown in potency and frequency and is a major problem for businesses. Today, we will take a look at a few ways you can get malware. 

Spear Phishing

One of the most common attack vectors for cybercriminals, spear phishing is the act of people disguising themselves as common entities to get their targets to provide their login credentials. These attacks can come in from all different directions: phone calls, email, messaging, social media, and even snail mail. Once a cybercriminal gains access to an account they can infect your network with malware, including ransomware. 

Malvertising

Unfortunately, as the Internet grows, you can get malware on your computer by simply surfing the web. This happens through what is called malvertising. This is when malware is injecting malicious code into advertisements that are used on legitimate websites. Some can simply slow down your computer while some can hijack your browser controls and continuously direct them to pages full of ads. 

Trojan Downloads

Trojans are strains of malware that have been around for decades. Today, users can acquire them through legitimate pieces of ancillary software from the Internet and email. While the initial download is legitimate, over time the software can be exploited to create malware. When a user installs any third-party software, the built-in security protections of the app store are circumvented. 

Infected Documents

Documents such as .txt, .pdf, and others are all over the Internet. That’s why when users download them, they don’t think there is a problem. Unfortunately, it doesn’t take much for one of these documents to contain malicious code and end up infecting your computer and network. Every time developers attempt to fix this issue, hackers find ways around it. 

Imposter Sites

Cybercriminals will now set up sites that look legitimate to get people to interact with them and provide them with the data they need to get access to networks. This happens in multiple ways that are designed to pull the wool over users’ eyes, such as changing a single letter in a URL or simply copying the design of a website but adding malicious links. 

Fraudulent Mobile Apps

With so many people and organizations using smartphones for business purposes, there are apps out there that can turn into malware, much like the ancillary software you find with browsers and websites. Fortunately, the Google Play Store and the Apple App Store both have protections that keep malware from being a problem. Software updates can change apps and create problems for users. 

If you are having trouble with malware, or think you do and are not sure, reach out to the IT professionals at NuTech Services. Our technicians can help you navigate today’s dangerous computing situations and keep malware from being a problem for your business. Give us a call at 810.230.9455 to learn more. 

14
Oct, 2022
paymentFraud_263064520_400.jpg

A Few Useful Insights into Online Payment Fraud

paymentFraud_263064520_400.jpg

Financially-focused cyberthreats are no joke, especially considering how digital payments now make up 41.8% of all payments made worldwide. Let’s consider a few statistics that highlight how important it is to ensure that the payment card data your business collects is sufficiently protected.

Digital Payments are Twice as Common as Credit Card Payments

On a global scale, mobile wallets are used at just about double the rate as card payments are today—and while this means that a vast number of people have already embraced the benefits of these modernized payment options, this by no means is to say that it is a flawless system. 

In fact, keeping pace with the adoption of digital payments has been the number of data compromises, with the victim’s full name, Social Security number, and date of birth being the most commonly breached personally identifiable information. Others follow closely behind, like the victim’s current home address, medical history, and driver’s license coming next.

According to the Data, the Usual Cybercrime Suspects are On the Rise

With a few exceptions, most forms of cyberattacks and vulnerabilities have either remained constant or have actually decreased in the past few years, save for the big three cyberattack vectors: phishing, ransomware, and malware. Between 2019 and 2021, all three of these attack vectors saw large upticks in their use.

Again, most (not all, but most) other attack vectors either remained somewhat constant or actually decreased in use during the same period of time, according to the Identity Theft Resource Center.

Meanwhile—and this may be the most concerning statistic for your customers—the most commonly stolen information in 2021 was apparently someone’s full name (in 1,803 breaches and exposures), their full Social Security number (in 1,136), and their date of birth (688). That’s the identity theft trifecta right there—and again, it isn’t as though other forms of PII were that far behind.

Data is a Precious Resource—Let Us Help You Protect It

Your business really does live and die by its data, in all its types and forms. We’re here to help you keep it safe so your operations can continue unhindered by issues of any kind. Give us a call to learn more about our managed services and our security services today at 810.230.9455.

12
Oct, 2022
questions_317299662_400.jpg

When Talking to an IT Service Provider, Ask These 3 Questions

questions_317299662_400.jpg

There is an inherent value associated with outsourcing the management of your technology to a managed service provider, or MSP. With your team taking a more hands-off approach to technology, they can instead focus on being more productive. If you’re still on the fence about this approach to technology and business, then we have some questions you should consider asking if you are thinking about learning more about MSPs and what they do.

What Services Does Your MSP Offer?

It is important to know what services your MSP offers and what they do not offer. This helps you while you are making the decision about who to go with for your support needs. It can also help influence your decision down the road, as your business might grow and evolve over time to encompass goods or services which you might not see at the moment. For example, a growing business will likely want to take advantage of a cloud platform, including hosting and migration.

How Experienced Are Your MSP’s Technicians?

The level of expertise of your MSP’s staff will also factor into your decision-making. You want a team of seasoned and well-practiced technicians on your side, which will affect your company’s ability to resolve problems, streamline processes, and ensure optimal operations. Furthermore, you want MSPs who can take complex problems and distill them into easier-to-understand statements and language that you can share with management or your staff. When everyone can understand the problems and challenges at hand, they are more likely to be patient and resolve them effectively.

What is Your MSP’s Service Level Agreement?

An SLA is essentially what you can expect to receive from your managed service provider for their goods and services in exchange for your payment. It might include information on how much you pay them, what services they offer, and what kind of turnaround time you can expect for requests. It establishes the expectations you have for each other, in the most basic terms possible.

We Can Help You Today!

If you’re unsure if managed services are for you, then let NuTech Services help you make the choice. We can resolve any shortcomings in technology management that your company suffers from with our team of dedicated technicians.

If you do have an internal IT staff, they can benefit from you outsourcing some of their tasks to a managed service provider. This will help them stay on top of their workload and it can improve your operations.

To learn more about what NuTech Services and our managed services can do for your business, call us today at 810.230.9455.

10
Oct, 2022
videoConferencing_402800437_400.jpg

4 Useful Video Conferencing Etiquette Tips

videoConferencing_402800437_400.jpg

For the remote worker, video conferencing is an essential tool. Regardless if you are a veteran of using video conferencing or if you are a new remote worker, there are some tips that can help you be a more effective member of a remote team. Let’s go through four today.

Test Your Connection and Hardware Before You Meet

Nothing is more annoying than being in a virtual meeting only to have one of your team members constantly cutting out and dropping their connection. Not only is it annoying, but it can easily cause severe miscommunications or hold up the meeting as people are asked to repeat themselves over and over again. Taking a few brief moments to test your equipment and the stability of your connection will help make your meeting significantly more productive.

Stay on Topic

If there’s been an agenda shared for the meeting (which is something we recommend), do everything you can to stick to it. If something mentioned reminds you of something off-topic that needs to be addressed, make a note of it and follow up afterward.

The same goes if someone happens to join the meeting late. Instead of spending time circling back to bring them up to speed, make sure that someone is prepared to fill them in on what they missed afterward—if it’s something that pertains to them at all. You only have so long to meet, don’t spend that time reiterating what you’ve already covered.

Mute Yourself Unless You’re Speaking

This one is just about being polite, but even if you’re not intentionally making any noise, a live mic can pick up more than you’d expect. Clearing your throat, sneezing, background noise…all of it can distract from the topic at hand, and most of it can be pretty gross to hear if we’re being honest. Why allow the chance of interrupting the meeting when you can eliminate it by muting yourself? Your teammates would much rather have to remind you that you’re muted than listen to the potential alternative.

That being said, you’re still on video, so try and minimize visual distractions as well. If you have a coughing fit, for instance, politely cover your mouth, or even kill your video feed until the moment has passed. Your team would much rather you vanish for a moment than watch you blow your nose, trust us.

Take Notes

Whether or not someone is delegated the responsibility of taking notes during your conference, it is always a good idea to take notes for yourself, as well. This will help you keep track of whatever responsibilities were assigned to you specifically while also giving greater context to what has been discussed.

We Hope This Helps You Make the Most of Your Video Conferences

Reach out for more assistance, including a network audit to ensure that you have what you need to support successful conferencing. Give us a call at 810.230.9455 to get started!

7
Oct, 2022
MFA_483702607_400.jpg

Multi-Factor Authentication isn’t Infallible, But It Shouldn’t Be Abandoned

MFA_483702607_400.jpg

We haven’t been shy about pushing for multi-factor authentication, AKA MFA, and there’s a reason for that: if implemented correctly, it can help prevent many cyberthreats. Having said that, cybercriminals have managed to find a way to undermine MFA. Let’s consider how they’ve managed to do this.

First, let’s examine why we’ve trusted MFA up to this point:

What Makes Multi-Factor Authentication as Effective as It Is?

Phishing—or the act of manipulating the user, instead of the computer system, in order to gain access to data—has become a hugely common tactic, mainly because it works. Hackers are also still able to guess weak passwords and gain access. MFA adds an additional layer of security by requiring an additional proof of identity. Without this credential—typically something other than a password that’s harder to replicate—a hacker theoretically can’t get in.

Unfortunately, this is no longer always the case.

Hackers Have Figured Out Ways to Work Around MFA

Microsoft has observed a few recent attacks that demonstrate that hackers can in fact bypass MFA protocols that businesses put in place. The term bypass is important. It isn’t that hackers have cracked MFA, they’ve just figured out how to get around it.

It’s like driving through a city to find that your normal route is under construction, so traffic has slowed to a crawl. Sure, you could simply wait it out and hope to get through in a reasonable amount of time, or you could find another route.

Most hackers use something called an adversary-in-the-middle attack. The hacker sets up a proxy server between their target and the service they want the credentials for. By phishing their target, the hacker is able to steal both their password and the session cookie. This way, the user accesses their account as normal, with no knowledge that it’s been undermined, while the hacker gets what they want.

Hackers Have Used Other Methods, Too

MFA can be worked around in other ways, as well. MFA systems that rely on text messages or emails with single-use codes have little defense against a user being convinced to provide these codes as they are generated. Trojans can be used to spy on users, while other means can take over the devices used to actually authenticate the involved systems. Like many other forms of cybersecurity, it really comes down to how vigilant the user is.

So, How Do You Keep Your Business Systems Secure?

In our humble (expert, but still humble) opinion, the best cybersecurity strategy is one that relies on both the right technical security system and the capabilities of the people using it, working in tandem to better secure the protected assets. This is why we still recommend, even encourage, businesses to implement MFA despite these security hiccups. Our one caveat is that these businesses also need to educate their teams as to their importance.

We can help you do both, implementing enterprise-grade security while also providing comprehensive cybersecurity training and testing to ensure your business is as prepared as possible. Reach out to us today to learn more about how we can assist your business by calling 810.230.9455.

5
Oct, 2022
emailInboxSettings_396050678_400.jpg

Tip of the Week: Turning Off Focused Inbox

emailInboxSettings_396050678_400.jpg

For Microsoft Outlook users, you’ll notice that there is a feature called Focused Inbox which groups together all of the important messages you receive while placing all of the less important ones in the Other inbox. If you don’t like this feature and want to change it, we have just the tip for you.

Turning Off Microsoft Outlook’s Focused Inbox

Today, we’re going to give three tips in one blog! We’re going to cover not one, not two, but three different ways you can turn off your Focused inbox.

On Your Desktop

First, open up your Outlook app from your desktop. Select the View tab from the ribbon at the top of the screen, then look for the option for Show Focused Inbox. You can click on this same button whether you want to enable it or disable it.

On Your Web-Based App

This option is a little more confusing, but still not terribly difficult. Open up your web browser, then navigate to the Outlook inbox from the web portal. You should see a gear-like icon at the top of the screen in the right corner. Click this Settings icon.

From here, you’ll see the slider for Focused Inbox. Click it to enable or disable your focused inbox.

On Your Mobile Device

Finally, let’s look at the mobile app. First, launch Outlook on your mobile device. Next, tap on your profile icon in the top left corner. You’ll see a menu open. Tap the gear icon for your Settings, then scroll to your Focused Inbox.

In the end, the feature works just about the same, no matter how you choose to enable or disable it. Just turn it on when you want it on or turn it off when you want it off.

That’s all there is to it! What are some other tips or tricks you want to see from us? Let us know and subscribe so you don’t miss out on them.

3
Oct, 2022
hacker_151190102_400.jpg

Who’s Sitting at the Other Keyboard While You’re Being Attacked?

hacker_151190102_400.jpg

It can be too easy to think about hackers and cybercriminals in an almost abstract way, diminishing them to little more than a faceless entity at a keyboard. Naturally, this is far from the truth. Let’s examine the reality of the cybercrime industry, which actually does as much harm to the perpetrators as it does to the people they scam…if not more.

How is this possible? Well, all one has to do is look at an ad that was up on the White Shark Channel of the Telegram messaging service:

“Selling a Chinese man in Sihanoukville just smuggled from China. 22 years old with an ID card, typing very slow.”

That ad, listing the sale of a human being, offered a price of about $10,000.

Many of the People Actively Operating These Scams Have Been Defrauded and Enslaved

Imagine that you were offered an employment opportunity that had a good enough offer that you agreed to travel to their location, only to be held there against your will and forced to work, under threat of physical beatings, torture, and starvation.

This is the reality for tens of thousands of people from China, Taiwan, Thailand, and Vietnam. Promising employment opportunities, victims are lured in and forced to work defrauding people online, all around the world. These victims are held captive, forced to engage in fraud until their negligible wages allow them to pay the fee to leave.

The thing is, these victims are regularly moved or sold to other organizations, with the price of freedom rising by a few thousand dollars each time.

These people are then forced to engage in “pig butchering” scams, where the scammer metaphorically fattens up their target before going in for the kill. Essentially, the scammer—pretending to form a friendship or even a romantic relationship—draws as much money from their target into an investment platform, but once the target is out of cash, the scammer cuts them off and makes off with the funds. Naturally, this kind of fraud isn’t reported very often, largely because of the shame associated with being bamboozled and betrayed in such a fashion.

These operations have this process down, to the point where documentation is provided to their enslaved workforce. They are encouraged to create social media accounts for their fraudulent personas, with photos available from specialized websites for this specific use. These profiles are then populated with photos and interests that communicate affluence, like those of luxury cars or posts about investing. They are even encouraged in one example of the scammer’s documentation to focus on family values, as this sort of belief helps encourage trust from others.

Once these profiles are created, these trafficking victims are then expected to reach out to their prospective victims. One forced scammer reported working on a team of eight such scammers, organized under a leader, and provided with 10 phones each to use as they reached out to a list of names in an attempt to draw them into these scams. From there, the scammers take note of any promising information that those who respond reveal, to see if there are any “pain points” to take advantage of. This “customer mapping” gives the attackers the opportunity to gauge how promising of a mark an individual may be.

Meanwhile, all of this is done behind bars, with barbed wire fences. Calling the police isn’t really an option for victims, either, as they will be harshly punished for doing so and likely sold to another operation…ultimately increasing the price for their freedom further. In addition, they are also coerced into making statements that absolve the company of any misdeeds.

Is What Forced Scammers Do Bad? Absolutely…But For Many, It Isn’t Their Choice

Don’t get us wrong: we are in no way apologizing for what hackers and scammers do. We just want to point out that, in many cases, the person actually taking advantage of you is just as much a victim as you are (and arguably, more so).

It’s also worth understanding that criminals treat cybersecurity like a business, albeit they are doing a wide range of horrifying and abhorrent things to accomplish their goals, it’s organized and optimized like a business that’s designed to cause harm.

Regardless, it is important that you and your team are able to identify and mitigate as many of any scammers’ attempts as possible. We’re here to help you do that, amongst our other services. Give us a call at 810.230.9455 to find out more about how we can help protect you.