13
Jul, 2020
355152474_network_security_400.jpg

Four Cybersecurity Tools Your Business Needs

355152474_network_security_400.jpg

In 2020, conducting business has been hard enough to have to constantly worry that your business is going to be the victim of a cyberattack. Unfortunately, it is an issue that isn’t going away, and can be a truly devastating experience. 

Today, it’s not enough to have an antivirus or firewall. You need solutions designed to actively protect your network and data from those that are actively trying to gain access to them. So while it may not be enough, making sure that your firewall and antivirus software are updated with the latest threat definitions, and that your other solutions like spam blocking and virtual private networks are being utilized properly, can set you up for success. Let’s look at four additional strategies that extend traditional cybersecurity into the modern age. 

Network Monitoring

Network monitoring is a solid strategy that will allow you to keep tabs on what is happening on your network. Today, there are remote monitoring tools that feature cutting-edge automated features designed to ensure that if something is funky on your network, or with your infrastructure, that you know about it before it becomes a major problem. Your IT support team should be outfitted with these tools as active monitoring may be the only strategy that can truly keep your network and infrastructure secure. 

Mobile Device and Endpoint Management

More businesses were relying on remote workers anyway, but with the COVID-19 pandemic that number has risen by several hundred percent. Mobile device management allows an organization to control the access each mobile user has to company resources, which applications employees can access on the network, while also providing control over the flow of mobile data. Securing endpoint access can go a long way toward protecting organizational computing resources from possible threats that users may have on their remote computers.

Security Training and Management

Today’s biggest threats often come into a network from user mistakes or negligence. In order to mitigate these instances, ensuring that your staff is properly trained is more important than ever. Not only will you want to provide them with the information needed to secure your network, you will also want to test them to ensure they are capable and willing to follow the company-outlined protocol on how to deal with threats. 

Threat Management and Detection

Despite your increased reliance on your staff to ensure that nefarious people don’t gain access to your network, there are still tools designed to identify threats and mitigate their existence. From firewalls to antivirus to powerful new threat management tools, if protecting your network from outside threats is a priority, making investments in solutions designed to eliminate threats is prudent. 

NuTech Services is the Michigan experts in IT security. Call our expert technicians today at 810.230.9455 to learn more about what you should be doing to secure your network and infrastructure.

1
Jun, 2020
246442495_cybersecurity_400.jpg

Is Your Business Being Attacked From the Inside?

246442495_cybersecurity_400.jpg

With cyberthreats the way that they are, a lot of industry professionals go on and on about the importance of deploying technologies designed to reduce the potential threats that a business has to confront. This technology isn’t cheap and while they absolutely do help you protect your technology and data; today’s hackers know that. Unfortunately for small business owners, that shift has left your staff on the front lines of cybersecurity; a place they really shouldn’t be. Let’s discuss cybersecurity from an employer’s perspective.

Today, there are literally billions of phishing emails sent each day. Inevitably, you are going to confront this problem, and depending on your staff’s preparedness (or intentions), you will either deal with them or they will likely deal with you. 

The first thing that you should know is that you have to train up your staff about phishing and other issues surrounding your organization’s security. They have to understand social engineering tactics used by scammers to infiltrate networks, steal data, and deliver malware. If they are left in the dark about these issues, you will likely see a plethora of cybersecurity problems in your immediate future. It’s good to be lucky, but you’d rather be good.

Once you’ve committed to a cybersecurity training regimen for your staff, you then have to understand that there are three manners of attack that come from inside your network. Let’s take a look at them:

Mistakes 

The first type of attack is brought on by mistakes. Those are instances where you have trained your people and they are committed to help you protect your business’ IT but made a mistake and it has caused problems. Most mistakes are only a mouse click made in error. Mistakes do happen and since there is absolutely no malice behind it, harsh reprimand of that employee, while probably warranted, will surely bring out the water works. You don’t want to alienate your staff (or your entire workforce) so if someone makes a cybersecurity mistake, and it is remediated quickly, there’s no real harm done. You will want to re-train this person and test them, so you know they understand what your policies are. 

Negligence

An employee that continues to make mistakes isn’t just a doofus, they are neglecting their responsibilities. Negligent behavior is at the center of a large percentage of the security breaches seen in business today. It can be characterized by an ambivalence to your business’ stated goals that is shown by repeat offenses that put your network and data in jeopardy. It may start with a simple mistake, but if an employee continues to make careless mistakes, it could really put the business behind the eight ball. Cybersecurity negligence is just like negligence in other aspects of the business and can’t be allowed to continue.

Sabotage

The employer-employee relationship isn’t always easy. In many businesses, there is a direct conflict of interest. Employers are known to overstep boundaries in the name of productivity and employees are known to get fed up with it. People get disgruntled, people are fired, people quit. There are rare occurrences where the relationship gets so bad that current or former employees will use their access to your company’s systems to try and sabotage an element of it, or the entire thing. In the rare cases where this does happen, it can lead to complete destruction of a business. If you have had to let someone go, or they have quit, you will want to immediately remove any and all of their credentials so that they have absolutely no access to your business’ digital resources. If the saboteur still works for you however, there may not be much you can do until their dastardly plan unfolds. It’s important, then, to treat your employees with the same respect as you expect from them. A fair employer won’t run into sabotage very often.

Keeping your technology systems running and working for your company is imperative for today’s businesses. If you would like help with security strategy or with deploying tools call the IT professionals at NuTech Services today at 810.230.9455.

25
May, 2020
198032116_business_security_400.jpg

Three Facets of Security to Focus On

198032116_business_security_400.jpg

When it comes to a business’ cybersecurity, there is no magic bullet to solve every problem. No miracle cure, no panacea, no Staples “that was easy” button. Instead, you need to deploy various means of protecting your operations. Let’s discuss how your business’ security needs to be shaped in three different environments: your physical infrastructure, your cybersecurity solutions, and your employees’ security habits.

Physical Security

First on our list is the oldest kind of business security, the (sometimes literal) gun behind the counter that helps to dissuade potential attacks. It is only too easy to overlook the fact that data theft can be as simple as someone taking a hard drive, rather than hacking into it. Of course, we aren’t suggesting that all businesses should have an arsenal at the ready. Instead, technology provides assorted alternatives that should be implemented to deter attempted intrusion.

Maintaining your access controls, installing surveillance, and otherwise keeping a closer account of who is present in your business can all be considered ways to improve this security. This not only helps to keep sensitive materials safe from unauthorized access within your business, it will also help protect your investments and assets if your business is vacant for any length of time.

Cybersecurity

Of course, we can’t neglect to mention your business’ cybersecurity protections. With over one billion malicious programs out there (as of this writing) poised to attack, there are far more threats than you could handle without technological assistance. Make sure that you have this assistance protecting every aspect of your business’ technology:

  • Updates and patches serve to resolve security issues inherent in your software solutions.
  • Spam blockers help to filter incoming messages to stop threats from exploiting your email.
  • Firewalls allow you to secure your Internet connections, and web filters prevent your users from accessing risky or time-wasting websites.
  • Password requirements and multi-factor authentication enable you to keep access to various accounts secure against various threats and social engineering efforts.
  • If work is to be done outside of the office, a virtual private network can help protect your data as you communicate with the office outside of the defenses installed in the workplace’s infrastructure.
  • Turn to an external resource to perform a comprehensive security audit. Not only will they be able to determine your weaknesses, they can help you implement the tools to remediate them.

Security Awareness

Finally, it is extremely important to remember that your biggest vulnerability can easily be your employees themselves, as human beings are the most prone to mistakes and are the easiest to fool out of your business’ operational resources. Make sure that you are training your entire team on the security practices and awareness that everyone involved needs to maintain, continuing via evaluations and repeated education as needed.

Emphasize the importance of certain concerns, like:

  • Password Hygiene
  • Data Security Practices
  • Secure Processes
  • Access Control Standards
  • Social Media Use
  • Conformity to Policies

For assistance with all of this, turn to NuTech Services. We have the solutions to support your security efforts, as well as the rest of your operations. To learn more—or to get started—reach out to our team by calling 810.230.9455.

29
Apr, 2020
200059364_IT_Monitoring_400.jpg

Tip of the Week: Keep an Eye on Your IT While You Aren’t There

200059364_IT_Monitoring_400.jpg

As the workers that power many businesses are remaining at home, remote solutions have proven to be a significant tool in keeping productivity moving. However, with nobody going into the office, monitoring your IT environment is necessary to make sure that the infrastructure you depend on is still in the right conditions. For this week’s tip, we’ll discuss some best practices to help you do so.

First, we’ll define what “infrastructure monitoring” refers to:

Understanding IT Infrastructure Monitoring

Infrastructure monitoring covers a few different considerations, all critically important to the continued productivity of your business. These considerations include things like the physical condition of your infrastructure’s hardware, how your operating systems are being utilized, how much of your network’s bandwidth is being consumed and how many errors are occurring, or the performance and availability of your applications.

Naturally, hardware failures are a considerably sizable issue, even among the issues that infrastructure monitoring can help detect. This is especially the case when you consider that your remote workers will be especially reliant on your hardware to deliver the solutions they need. This means that you need to be particularly concerned about the possibility of issues happening within your server room and impacting your physical infrastructure itself.

In order to avoid the disastrous results this could have upon your data, productivity, budget, and business continuity, it is important that you have the proper infrastructure monitoring in place. Considering all that is going on now with a largely absent workforce, you especially need to abide by a few best practices considering your infrastructure monitoring solutions.

How to Make the Most of Infrastructure Monitoring

Here, we’ve assembled a few of the most important considerations you need to take into account–especially if your team is operating remotely.

Identify your most critical pieces of infrastructure for remote work capabilities.

While the entirety of your infrastructure is important, there are bound to be some components that a remote team is going to rely on more frequently. Regardless, since your business likely relies on each piece of equipment in your setup to some degree, you will want to make sure that the conditions are ideal for them all to operate. Consider adding backups of your climate control systems to take over if your primary ones should fail, and devices that allow for unresponsive components to be rebooted remotely to ensure that your in-house tools are available to your remote team.

Make sure your alert settings are up-to-date.

It’s one thing to have alerts set up for detected issues… it’s quite another to have alerts set up to inform the right people about these detected issues. If James needs to know about something, it doesn’t make much sense to alert Sarah. As the balance of your team shifts and responsibilities move around to new people, you need to make sure that your alerts are shifted accordingly. 

Confirm your system is in working order.

If a technician ever must go into the office to attend to something, have them check around your infrastructure for issues with your monitoring system. After all, it won’t do you any good if it isn’t functional itself and something were to happen. Have them check connections and ensure that the sensors are clean.

While we all try to keep ourselves safe, we must remember to do something to keep our business technology operational. Monitoring its environment is a great way to accomplish this.

To learn more about implementing the tools that protect your business during a wide array of circumstances, reach out to the team at NuTech Services today by calling 810.230.9455, and subscribe to our blog for more IT information and updates.

10
Feb, 2020
303805582_social_engineering_400.jpg

Social Engineering Isn’t Going Away

303805582_social_engineering_400.jpg

When someone starts talking about social engineering, people often get confused. They think we’re talking about cloning. While having two of something you love may not be terrible, the social engineering we routinely cite is much, much worse. Social engineering is the act of using social interactions to get people to make cybersecurity mistakes. Today, we’ll take a look at social engineering and how it can have a negative effect on your business. 

What is Social Engineering?

Think of it like this: online, you have some type of social currency. Your personal information, your data, your interactions, your profiles, they all add up to your online life. If someone were to use that information to trick you into providing them access to your secure online accounts, you would be the victim of a social engineering attack. 

Basically, a hacker uses what amounts to the fundamentals of human psychology to gain unauthorized access to an account. Rather than exploiting a vulnerability within a system’s technology, a social engineer will take advantage of the human resources to gain access through relatively simple psychology.

Successful social engineering can be the result of many different actions. Some include: carelessness by an individual, perceived kindness, reaction to fear, and business as usual. Let’s take a look at these actions and how social engineering schemes work as a result.

Individual Carelessness

When there is a lack of diligence carried out by an individual, there are openings for a social engineering attack. This includes trash thrown out with information on it, keeping login credentials out in the open, and other careless actions. It’s important that you and your staff understand that the best practices of password protection, such as using a password manager, are crucial to maintaining the integrity of your company’s network and infrastructure.

Perceived Kindness

Many people won’t think twice about helping someone that asks for help. Social engineering attackers take advantage of the better angels of our nature, by using people’s helpfulness to gain access to secure computing resources. Any person can fall for this type of attack. This is why we stress that in order to keep your digital and physical resources secure, a critical eye for potential intrusion works. That doesn’t mean you have to be a jerk, but if a situation is presented to you that’s out of the ordinary, take anyone’s helplessness with a grain of salt.

Business as Usual

When we picture a hacker, we all tend to think about them the same way. They are brooding people sitting in a dark room typing away at a computer. In social engineering attacks, this couldn’t be further from the truth. A popular social engineering tactic is to gain physical access to a large business–where there are often a lot of moving parts–and then spend time at the business looking for ways into secure digital environments. This could also include straight hatchet jobs, where your employees would help people outside of your business sabotage your access control systems. 

Reaction to Fear

Finally, fear is one of the best motivators. By striking fast and threatening all types of negative consequences if a worker doesn’t help them get into a secure computing system, this kind of cyberattack can be a major problem. 

NuTech Services Can Help Protect Your Business

If you are looking to secure your network from cyberattacks, including social engineering, the IT professionals at NuTech Services can help. Call us today at 810.230.9455 to learn more about how we can help you with the training you need to keep social engineering from causing problems for you.

14
Oct, 2019
history_249687757_400.jpg

Cybersecurity: An Origin Story

history_249687757_400.jpg

The way a business handles network security is directly related to what problems will arise from their use of information systems. Cybersecurity has become a major part of all businesses, of all geographic locations, and all sizes. Because the better your cybersecurity is, the less problems your business will have to overcome, cybersecurity has grown into a multi-hundred-billion dollar a year industry. Cybersecurity hasn’t always been a concern for businesses. After all, the internet hasn’t been around for THAT long. However, the history of cybersecurity has a fascinating story behind it, and today we’d like to share it with you. 

Let’s start with where we are now. History is best told on a timeline, so let’s start from the present. Cybercrime today is profiting over $1.5 trillion each year, and that figure continues to climb. Some have predicted that this figure will nearly quadruple by 2021. Security breaches are up by 67 percent over just the past five years.  

How is this figure climbing so quickly? Well, let’s examine the most popular form of cybercrime: phishing. The method that cybercriminals are using are able to deploy all types of malware, yet also has data-stealing abilities. Whether that data is your sensitive personal information, or login credentials to your bank account, phishing gives a cybercriminal direct access. The worst part for people who have fallen victim, is until something dramatic happens, they are clueless that they have even become a victim. Phishing attacks have led to billions of records being exposed, stolen, or corrupted each year.

Cybercrime has become a real concern for all business owners. So how did all of this start?

The Beginning 

This information NuTech Services is about to reveal may be hard to believe, but cybercrime was Bob’s fault. This trillion-dollar criminal trend is the result of a research project held by a man named Bob Thomas. Bob Thomas made the observation that a program is able to move across a computer network, leaving a trail behind. He then proceeded to write a code that was named “Creeper”. This code resulted in a program that was designed to travel between Tenex terminals on the ARPANET. The message that came across? “I’M THE CREEPER : CATCH ME IF YOU CAN”. 

The research project sparked the attention of email inventor Ray Tomlinson. Tomlinson altered this program into a self-replicating one. This resulted in the first computer worm. Immediately after this discovery, he wrote an additional code which was titled “Reaper”. This chased down the Creeper code, and deleted it; which resulted in what was effectively the first antivirus software. 

So how did Bob’s experiment start all of this? Well, in the 1980s Soviet hackers considered the applications of this experiment. Academics designed applications that could be used to infiltrate other networks. This ideology quickly spread, and in 1986 German hacker Marcus Hess hacked into an internet gateway which was hosted at the University of California at Berkeley. This hacked connection was then used to piggyback onto the ARPANET. He hacked into a total of 400 computers, including mainframes hosted at the pentagon. 

How did this turn into such a profitable “business”? Hess planned on selling the secrets found on these computers to the Soviet KGB. Before he was able to do so, he was caught by the group effort put forth by the FBI and the West German government. His conviction was the first of its kind — cybercriminal activity sentencing. The abnormality of the case resulted in a 20-month suspended sentence. 

At the same time as this was occurring, computer viruses started to become a serious threat. With the exponential growth of the internet, there were more connections that viruses could infect. The virus started to become a real problem.

The Middle

In 1988, Robert Morris woke up and decided he wanted to see just how big the internet had become. Morris, a software engineering student at Cornell University, wrote a program designed to spread across various networks, work themselves into Unix terminals, and begin replicating. The software replicated so quickly that it actually slowed down the early Internet, which caused major carnage. This carnage become known as “the Morris Worm”. Morris’ worm resulted in the formation of the Computer Emergency Response Team, known as US-CERT today. Morris was the first person convicted under the Computer Fraud and Abuse Act (CFAA). This act was introduced with the intentions to protect against unauthorized access. 

After Morris’ worm was handled, viruses began being developed at an absurd rate. The antivirus industry, which started in 1987, began to grow as a result. By the time the Internet was an accessible user-product in the 1990s, dozens of solutions were available to prevent devices from being infected. These solutions scanned the binaries on a computer, and tested them against a database of known virus-code. There were major problems with this protection method, such as the abundance of false positives. They also had a tendency to use a lot of the systems’ resources to scan for these viruses. Remember how slow dial-up used to feel? Your anti-virus could have been the culprit. 

The mid-90’s to late-2000’s were a prospering time for the world of viruses. While the figure was estimated to be a few thousand known viruses in the mid 90’s, that figure was estimated to be around five million by 2007. These different malware strains were either worms, viruses, trojan horses, or other forms. By 2014, 500,000 different types of strains were being created daily. This time truly was the malware boom. 

Who was stopping this boom? Well, nobody. Cybersecurity professionals needed to make an effort. Antivirus solutions simply couldn’t keep up, and while they might detect malware, they had a hard time preventing it. Innovations in cybersecurity developed quickly. First, endpoint protection platforms (EPP) that didn’t just scan for known code, they also scanned for code similarities. This meant that unknown viruses could be detected.

The End?

With advanced malware defeating endpoint protection regularly, it was time to further innovate cybersecurity measures. The timeline innovators had was cut short with the deployment of WannaCry. WannaCry was, at this point, the most devastating piece of malware that existed. WannaCry even shook the world of the most capable security professionals. It encrypted the data on a computer and forced the computer owner to pay in Bitcoin to regain access to these files. This deployment sparked an explosive increase in the cybersecurity industry. It was time for cybersecurity to surpass the capabilities of cybercriminals, instead of being constantly behind.

The only way anyone was able to determine if they were being infiltrated was to have a transparent network. Administrators began using endpoint threat detection and response (EDR) services to monitor their networks. This solution is still cutting edge by today’s standards. While this isn’t the end for cybersecurity, EDR services are extremely capable of keeping malware out of your network. 

If you would like to learn more about cybersecurity, or are interested in keeping your business’ data safe, call NuTech Services today. Our professionals can be reached by calling 810.230.9455.

25
Sep, 2019
Network_115172954_400.jpg

Essential Network Security Best Practices

Network_115172954_400.jpg

Too frequently, we hear stories about cyberattacks, software vulnerabilities turned tragic, and other pretty terrible situations for businesses. In an effort to help fight this, we’ve put together a list of handy tips for you so that you can be prepared to ward off threats.

Leverage Authentication Measures

One of the first steps to securing your network against threats is to create strong authentication procedures. Most of the devices with permission to access your network will already have an authentication system in place, based on a password. If the passwords used are strong enough, this can actually mitigate most threats – but you still have to worry about the ones that this doesn’t discourage. Leveraging something called multi-factor, or two-factor, authentication can help minimize the chance of something slipping past your security.

Two-factor authentication works in a relatively straightforward way. As with most login systems, a username and password are entered – but instead of being granted access, the user is asked for another credential. This is usually a randomly-generated code that a specialized authentication app will generate. Mobile devices are popular to use with 2FA, as their convenient nature makes them more likely to be available when needed. In order for a user to leverage their mobile device, the 2FA system administrator has to authorize it.

Tip: Make sure that you don’t let your password best practices slip, even if leveraging 2FA. Your passwords still need to be sufficiently complex. If you are one of those who find remembering different passwords difficult, consider using a password management system in conjunction with your 2FA. 

Protecting Your Business’ Computing Environment

Whether you use a Local Area Network or a Wide Area Network, the security practices that you need to deploy are fairly predictable. Once you’ve seen to your authentication needs, you need to combine three approaches to security into one all-encompassing strategy: your software-based security, your physical security measures, and your security awareness and best practice training.

Software-Based Security

There are many examples of how software can help keep your business’ network secure. From firewalls to content filtering to antivirus to spam detection, each of these tools protect your business data from a different kind of threat. You may even want to consider adding encryption to your email solution to make it a lot less likely that the contents of your messages will be intercepted.

Tip: If you aren’t sure which solutions are the right ones to implement, think about how your data moves about your business. The more insight you have into how your data operates, the more effectively you will be able to plan its protections.

Physical Security Measures

Somewhat ironically, we seem to have become so focused on our digital security that it can sometimes seem like we forget that there are very real reasons to protect our physical locations and infrastructure, as well. Consider the damage a bitter ex-employee could do in moments, should they manage to get into your server room. It has become fashionable to leverage biometric authorization measures to protect your server room – and there’s a lot to be said about a good, old-fashioned surveillance system, complete with alarms and cameras (as well as some updates to make this system considerably less old-fashioned).

Tip: Bring in a consulting professional to help you determine your physical security needs. Not only does this save you time by eliminating work you would otherwise have to do for yourself, it ensures that your system will be designed by an experienced professional that knows what will work best in different situations.

Security Awareness and Best Practice Training

Would you be surprised to hear that your employees are likely your biggest vulnerability? Of all of the pieces that make up your network security, the people who use your technology are the leading cause of security issues. With the number of ways that your business could be attacked, your staff needs to be educated on how to identify them and avoid them.

Tip: Both businesses and individuals have experienced difficulties with phishing and it adversely affecting them, so it makes sense to begin your training there. Not only is it a common issue, it is conceptually very simple to grasp, so it is a good starting point before moving on to increasingly complex concerns. The more your staff knows about how they can resist attacks, the more likely they’ll be able to do so if the needs arises.

Remote Solutions Via the Cloud

Modern organizations need to contend with potential threats to their network infrastructures, as businesses always have in some form. The difference is that issues can now come in on the mobile devices owned by their staff, and company resources can be routinely accessed from outside the business’ area network.

This has helped contribute greatly to the growth of cloud computing technologies – although the relative cost savings don’t hurt either. Using the cloud, your staff can access their work data and applications from a remote location, while the resources stored in the cloud are kept secure by the platform’s baked-in security and privacy.

Mobile devices have also been a disruptor to business-as-usual, which means that businesses need to plan on leveraging them if they don’t want them becoming a distraction. Designing a Bring Your Own Device policy and enforcing it through mobile device management solutions is an effective and secure way of reaching a compromise and minimizing the time wasted by mobile devices in the workplace.

Tip: Remember that cloud services are inherently scalable, so you don’t need to worry about overreaching your capabilities. However, you also don’t want to waste capital that doesn’t need to be spent. Auditing your resources is an effective way to identify and eliminate redundant costs leeching from your budget.

Network security can be complicated, but it is an absolutely crucial element to your technology strategy if you want to have any success. NuTech Services can help take care of the technical side of things for you, and help teach better habits to your staff. To learn more, keep reading our tips, and reach out to us at 810.230.9455.

12
Aug, 2019
170245913_phishing_400.jpg

Think Before You Click: Spotting a Phishing Attempt

170245913_phishing_400.jpg

We’ve all caught the obvious spam email, like the message that is clearly bogus, or the offer that is definitely too good to be true.

We’re going to confidently assume none of our readers are getting tricked by Nigerian Princes or getting roped into order virility drugs from an unsolicited email. The real threat comes from the more clever phishing attacks. Let’s take a look.

Give Me the Short Answer – What’s Phishing?

Phishing is where you get an email that looks like an actual legit email. The goal that a cybercriminal has is to trick you into giving them a password or access to an account (like to PayPal, Facebook, or your bank) or to get you to download malware.

The problem with phishing emails is how real they can seem. A phishing attempt for your PayPal information can look just like an everyday email from PayPal.

Even worse, often phishing emails try to sound urgent. They make you feel like you have to take action quickly, or that a bill is overdue, or that your password has been stolen. This can lower the user’s guard, and force them into a sticky situation.

How to Spot a Phishing Attack

Like I said, it’s not always going to be obvious when you get phished. Even careful, security-minded, technical people can fall victim because phishing is just as much of a psychological attack as it is a technical one.

Still, there are some practices you and your staff should use:

Always Use Strong, Unique Passwords

This can solve a lot of problems from the get-go. If your PayPal account gets hacked, and it uses the same password as your email or your bank account, then you may as well assume that your email and bank account are infiltrated too. Never use the same password across multiple sites.

Check the From Email Address in the Header

You’d expect emails from Facebook to come from something@facebook.com, right? Well, if you get an email about your password or telling you to log into your account and it’s from something@faecbook.com, you’ll know something is up.

Cybercriminals will try to make it subtle. Amazon emails might come from something@amazn.com or emails from PayPal might come from something@paypalsupport.com. It’s going to pay off to be skeptical, especially if the email is trying to get you to go somewhere and sign in, or submit sensitive information.

Don’t Just Open Attachments

This is nothing new, but most malware found on business networks still comes from email attachments, so it’s still a huge problem. If you didn’t request or expect an email attachment, don’t click on it. Scrutinize the email, or even reach out to the recipient to confirm that it is safe. I know it sounds silly, but being security-minded might build security-mindfulness habits in others too, so you could inadvertently save them from an issue if they follow your lead!

Look Before You Click

If the email has a link in it, hover your mouse over it to see where it is leading. Don’t click on it right away.

For example, if the email is about your PayPal account, check the domain for any obvious signs of danger. Here are some examples:

  • Paypal.com – This is safe. That’s PayPal’s domain name.
  • Paypal.com/activatecard – This is safe. It’s just a subpage on PayPal’s site.
  • Business.paypal.com – This is safe. A website can put letters and numbers before a dot in their domain name to lead to a specific area of their site. This is called a subdomain.
  • Business.paypal.com/retail – This is safe. This is a subpage on PayPal’s subdomain.
  • Paypal.com.activecard.net – Uh oh, this is sketchy. Notice the dot after the .com in PayPal’s domain? That means this domain is actually activecard.net, and it has the subdomain paypal.com. They are trying to trick you.
  • Paypal.com.activecardsecure.net/secure – This is still sketchy. The domain name is activecardsecure.net, and like the above example, they are trying to trick you because they made a subdomain called paypal.com. They are just driving you to a subpage that they called secure. This is pretty suspicious.
  • Paypal.com/activatecard.tinyurl.com/retail – This is really tricky! The hacker is using a URL shortening service called TinyURL. Notice how there is a .com later in the URL after PayPal’s domain? That means it’s not PayPal. Tread carefully!

Keep in mind, everyone handles their domains a little differently, but you can use this as a general rule of thumb. Don’t trust dots after the domain that you expect the link to be.

Training and Testing Go a Long Way!

Want help teaching your staff how to spot phishing emails? Be sure to reach out to the IT security experts at NuTech Services. We can help equip your company with solutions to mitigate and decrease phishing attempts, and help educate and test your employees to prepare them for when they are threatened by cybercriminals.

14
Jun, 2019
7WZL3KH_staff_400.jpg

Staff Education Goes a Long Way in Preventing Security Issues

7WZL3KH_staff_400.jpg

In a perfect world, keeping your antivirus updated and having a good firewall in place would be enough to protect your business from cybersecurity threats.

Unfortunately, most attacks still come in through email, and can slip by your users. Even the most complex cybersecurity platforms used by massive corporations and governments can be foiled by a simple phishing attack, and your end-users are your last line of defense.

How Can an Employee Fall Victim?

Phishing attacks are designed to look real. An email might come in looking like a valid message from Paypal, a bank, a vendor, or even from another employee or client. Hackers use several tricks to make the email look real, such as spoofing the address or designing the content of the email to look legitimate.

Unfortunately, if the user clicks on the link in the email or downloads the attachment, they could open themselves and your company up to whatever threats contained within.

Commonly, this leads to stolen sensitive information, or installs malware on the device, or grants the hacker the ability to log into the user’s bank account.

While having strong IT security can reduce the amount of these phishing attacks that come in, a percentage can be tricky enough to bypass your firewalls and content filters, exposing your staff to situations that could your whole endeavor in

Educate Your Employees

It’s important to teach employees how to catch a phishing attack. We recommend sharing the following steps with your staff, or even printing them out and posting them around the office:

  1. Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from Paypal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between ‘paypal’ and the ‘.com’ then something is suspicious. There should also be a forward slash (/) after the .com.   If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:
    1. paypal.com – Safe
    2. paypal.com/activatecard – Safe
    3. business.paypal.com – Safe
    4. business.paypal.com/retail – Safe
    5. paypal.com.activatecard.net – Suspicious! (notice the dot immediately after Paypal’s domain name)
    6. paypal.com.activatecard.net/secure – Suspicious!
    7. paypal.com/activatecard/tinyurl.com/retail – Suspicious! Don’t trust dots after the domain!
  2. Check the email in the header. An email from Amazon wouldn’t come in as noreply@amazn.com. Do a quick Google search for the email address to see if it is legitimate.
  3. Always be careful opening attachments. If there is an attachment or link on the email, be extra cautious.
  4. Be skeptical of password alerts. If the email mentions passwords, such as “your password has been stolen,” be suspicious.

Phishing Simulation

Another great tactic is to have regular phishing simulations. This is where we create a series of fake phishing emails (don’t worry, it’s safe), and randomly send it to your staff. When someone falls for the attack, we send them educational information to help them prevent being tricked by a real one.

We’ve found this to be very effective, without taking a lot of time out of an employees already busy day.

Are you interested in helping to protect your staff from falling victim to phishing attacks? Give us a call at 810.230.9455.

1
Apr, 2019
248960278_college_400.jpg

Colleges Have a Lot of Data to Protect

248960278_college_400.jpg

Colleges and universities are part-time homes to more than 16 million people, and employ over 1.5 million more. Most of them utilize the networks set up by the college’s bevy of IT administrators. If you consider that most people have difficulty keeping viruses and other malware off of their personal computers, opening up networks that facilitate this kind of user demand can be tricky. Today, we ask: can a campus’ network every truly be secure?

Birth of the Internet

The first Internet was born on college campuses. It was built by intellectuals, for academics, without the massive list of considerations that now accompany software development. It spread quickly, of course, and somewhere, pretty early on, it was decided that by being able to support commerce, the Internet could become one of the west’s greatest inventions.

This came to fruition in 1984 when the first catalogue was launched on the Internet. This was followed by the first e-store (at books.com) in 1992, and the first software to be sold online (Ipswitch IMail Server) in 1994. Amazon and eBay launched the following year and the Internet has never been the same.

By then, the academic uses for the Internet had multiplied, as well. By the time Amazon launched, many colleges and universities were offering students access to the Internet as an important part of their continuing education. Boy, was it ever.

Today, you’ll be hard pressed to find a classroom (outside of the poorest school districts in the country) where every classroom isn’t Internet-ready.

College Internet Needs and Cybersecurity

This stands true in university and college circles, as well. Campuses today are almost completely connected. You’ll be hard pressed to find a place on a modern campus that, as long as you have security credentials to do so, you can’t gain access to an Internet connection. In a lot of ways, it is the demand for access that makes network security a major pain point for the modern college. Firstly, having to protect computing networks from a continuously variable amount of mobile devices is difficult. Secondly, the same attacks that plague businesses, are also hindering IT administrator efforts at colleges.

Colleges themselves aren’t doing anyone any favors. According to a 2018 report, none of the top 10 computer science degrees in the United States require a cybersecurity course to graduate. Of the top 50 computer science programs listed by Business Insider only three require some type of cybersecurity course. Moreover, only one school out of 122 reviewed by Business Insider requires the completion of three or more cybersecurity courses, the University of Alabama. Regardless of the metric, it’s clear that learning cybersecurity is not a priority for any school.

Are There Cybersecurity Problems Specific to Colleges?

The short answer is no. That’s why it’s so important to get people thinking about cybersecurity any way they can. No industry can afford to have the skills gap between people that hack and the people looking to stop them grow any wider. This is why, no matter what you do (or plan on doing) for a living it’s important to understand what your responsibilities are and how to get them into a place that can help your organization ward off these threats from outside (and sometimes inside) your network.

Many colleges have turned to companies like Cyber Degrees to help them not only educate the people utilizing the college’s networks to why cybersecurity awareness is important, but also help people understand that with the rise of cybercrime and hacking-induced malware, that cybersecurity has become a major growth industry with many facets. In 2015, the Bureau of Labor Statistics found there were more than 200,000 unfilled cybersecurity jobs in the U.S. With curriculums not prioritizing cybersecurity, and with threats growing rapidly, imagine how many are unfilled today. As demand rises for competent individuals to fill a multitude of jobs in the computer-security industry, colleges need to do a better job prioritizing cybersecurity training.

For the business looking into protecting itself, look no further than the cybersecurity professionals at NuTech Services. Our knowledgeable technicians work with today’s business technology day-in and day-out and know all the industry’s best practices on how to keep you and your staff working productively, while limiting your exposure to risk. Call us today at 810.230.9455 to learn more.

21
Jan, 2019
top_cybersecurity_threats_400.jpg

Top Cybersecurity Threats Right Now

top_cybersecurity_threats_400.jpg

Bar none, cybersecurity has to be a major consideration for every business owner or manager in business today. The prevalence of people looking to rip your company off has never been higher; and that is the truth for nearly every company that uses the Internet for anything. Today, we take a look at some of the most serious cybersecurity threats that everyone should be cognizant of right now.

Shadow IT
In a lot of ways, productivity is a lot like the thing it produces, money. People will do anything to get more of it. Businesses, have a plan; and, while they also want to maximize productivity and money, they typically don’t put their whole enterprise in jeopardy to get a little bit more of it. Shadow IT is the process in which an employee will download and use a piece of software that hasn’t been tested or passed by a company’s IT administrator to try and get a little more done.

Often times, the employee is just showing initiative, with no real knowledge that by downloading and utilizing a certain off-brand software that they have just put their whole business in danger. This wouldn’t be such a major deal if it was an isolated incident, but studies show that nearly 80 percent of all employees admit to utilizing software that wasn’t selected, tested, and released for use by their IT administrator. These apps may have vulnerabilities that would-be infiltrators can take advantage of. That is why it is important to utilize the software that has been vetted by the company, even if that means losing out on a bit of productivity.

Cryptojacking
There are well over 1,500 different cryptocurrencies, and in 2018 crytojacking, the strategy of using malware to use a target computer’s resources to mine for cryptocurrency was a major problem for businesses. Since this is a computationally complex task, it significantly reduces the computer’s effectiveness and longevity. As a result, cryptojacking has become en vogue for hackers and others looking to mine cryptocurrency without the investment necessary to do it.

Most studies show that the effect of cryptojacking could get way worse in 2019 since the value of cryptocurrency has fallen significantly over the past year. This means more machines mining for crypto are necessary, and thus more attacks. Users are just learning how these attacks are carried out and how to protect their business against them.

Ransomware
While there was a reported reduction in the number of ransomware cases in 2018, it still remains a major concern for any business looking to build a comprehensive network security strategy. Ransomware, of course, is a strain of malware that encrypts parts of or entire computing systems and then demands payment in cryptocurrency in a set amount of time for safe return of the files/access.

Hackers using ransomware have taken to targeting healthcare organizations’ networks for the breadth of the sensitive data they hold on them. They’ve also began to target operational technology systems, since, as with healthcare, costs of restoration of these systems (rather than payment) are prohibitive. This produces a little more urgency to get the problem resolved.

Unsecured Internet of Things
The Internet of Things keeps expanding, but so does the security threats to networks as a result of security-light devices. With more and more devices presenting security problems for businesses and individuals alike, it becomes important to ascertain exactly what devices are present on your network at any given time. Remember, even if a security-less IoT device is connected to a network-attached smartphone, it still offers up a major vulnerability.

While this is a major threat, there has been a push to improve the security of IoT devices as of late. With more security-minded companies developing useful smart products, these concerns will begin to take a back seat. But until that shift has been well documented, you’ll want to be diligent in the manner in which you utilize IoT devices.

Phishing
No business goes very long without getting some type of phishing email. In fact, it is estimated that 156 million phishing emails are sent every day, making it the most used practice by hackers everywhere. The way it works is that since most accounts are secure enough not to be guessed outright, hackers search for ways for people to help them gain access to the accounts they want to get in to. Nearly every successful cyber attack begins with a successful phishing scheme.

A specific example called business email compromise (BEC) which targets specific members of an organization is responsible for over $12 billion in losses across the globe. Once thought to be an email scam that could be mitigated with strong spam filters, today’s phishing scam is taking on a new shape by utilizing text messaging, instant messaging, phone calls, and even the seemingly-benign social media quiz to gain access to business networks.

2019 is lining up to be another stellar year for business technology, and as more tech is used, more threats come with them. If you would like any more information about how to prioritize network security, give our IT experts a call at 810.230.9455 today.

24
Sep, 2018
bad_hack_2018_400.jpg

The Most Devastating Hacks of 2018… So Far

bad_hack_2018_400.jpg

Network security is a crucial consideration for every contemporary business owner, as there are just too many threats that originate from an Internet connection to be overlooked. One only has to look at what businesses of all sizes have dealt with, even within this calendar year, to gain an appreciation for how crucial it is that every business owner consider their cybersecurity.

Here, we’ve assembled a few statistics and examples to illustrate just how serious the threat of cyberattack can be, hopefully inspiring you to prioritize your company’s network security. Consider these cybersecurity figures:

  • In 2017 over 130 large-scale breaches were reported, a 27 percent increase over 2016.
  • Nearly 1-in-3 organization have experienced some sort of cyberattack in the past.
  • Cryptojacking (stealing cryptocurrency) increased 8,500 percent in 2017.
  • 100,000 organizations were infected with the WannaCry ransomware (400,000 machines).
  • 5.4 billion WannaCry attacks were blocked in 2017.
  • The average monetary cost of a malware attack is $2.4 million.
  • The average time cost of a malware is 50 days.
  • Ransomware cost organization’s over $5 billion in 2017.
  • 20 percent of cyberattacks come from China, 11 percent from the United States, and six percent from the Russian Federation.
  • Phone numbers are the most leaked information.
  • 21 percent of files are completely unprotected.
  • 41 percent of companies have over 1,000 sensitive files left unprotected.
  • Ransomware is growing at 350 percent annually.
  • IoT-based attacks are growing at about 500 percent per year.
  • Ransomware attacks are expected to quadruple by 2020.
  • 7.7 percent of web requests lead to malware.
  • There were 54 percent more types of malware in 2017 than there were in 2016.
  • The cybersecurity market will be worth over $1 trillion by 2025.

If that wasn’t convincing enough, what follows is just an assortment of the attacks that 2018 has seen (as of July). To simplify things, we’ve organized them by the intended targets: public (like individuals and government bodies) and private (such as businesses):

Public
January

  • The Department of Homeland Security was affected by a data breach that exposed information about 247,167 current and former employees.

March

  • Atlanta, Georgia was targeted by a ransomware attack called SamSam. This resulted in a massive problem for their municipal infrastructure. The ransom price given was $51,000, but Atlanta’s leadership refused to meet these demands. Overall, the numbers show that Atlanta has spent more than 10 times that number in the fallout of the attack. Some estimates place the actual cost of this event at nearly $20 million.
  • India’s national ID database, Aadhaar, leaked data of over a billion people. This is one of the largest data breaches in history. A user could pay 500 rupees, equal to about $7, to get the login credentials that allowed anyone to enter a person’s 12-digit code for their personal information. For 300 rupees, or about $4.20, users could also access software that could print an ID card for anyone associated with the database.
  • Cambridge Analytica, a data analytics company that U.S. President Donald Trump used to help his campaign, harvested personal information from over 50 million Facebook users without asking for their permission. Facebook hasn’t called this a data breach, but Cambridge Analytica has since been banned from using the service thanks to this event.

June

  • A hack of a U.S. Government-funded active shooter training center exposed the personal data of thousands of U.S. law enforcement officials. This also exposed which police departments aren’t able to respond to an active shooter situation.

Private
January

  • 280,000 Medicaid records were exposed when a hacker attacked the Oklahoma State University Center for Health Sciences. Among the information exposed were patient names, provider names, and full names for affected individuals.

February

  • An unsecured server owned by Bongo International, a company acquired by FedEx, leaked over a hundred-thousand files of FedEx customers. Some of the information leaked included names, drivers’ licenses, national ID cards, voting cards, and utility bills.

March

  • Orbitz, a travel booking site, fell victim to a security vulnerability that exposed 880,000 customers’ payment card information. There was also about two whole years of customer data stolen from their server.
  • French news site L’Express left a database that wasn’t password-protected up for weeks, despite being warned about the security issues regarding this.
  • 134,512 records regarding patients and financial records at the St. Peter’s Surgery and Endoscopy Center in Albany, NY were accessed by hackers.
  • MyFitnessPal, an application used by Under Armor, exposed about 150 million people’s personal information to threats.
  • The WannaCry ransomware claimed another victim in Boeing, which stated that “a few machines” were protected by Microsoft’s 2017 patch.

May

  • Thanks to Twitter storing user passwords in a plaintext file that may have been exposed by internal company staff, the social media titan had to force hundreds of millions of users to change their password.
  • An unauthenticated API found on T-Mobile’s website exposed the personal information of all their customers simply through the use of their cell phone number. The following information was made available: full name, address, account numbers, and tax IDs.
  • A bug found in Atlassian development software titles Jira and Confluence paved the way for hackers to sneak into IT infrastructure of several companies and one U.S. government agency.
  • Rail Europe, a popular server used by American travelers to acquire rail tickets, experienced a three-month data breach that exposed credit card information to hackers.

June

  • A marketing company named Exactis had 340 million records stolen from it, but what’s most shocking about this is that they had accumulated information about nearly every American out there. In response to the breach, there was a class action lawsuit made against the company.
  • Adidas’s website was hacked, resulting in a loss of a few million users’ personal and credit card information.
  • A hacker collective called Magecart initiated a campaign to skim at least 800 e-commerce sites, including Ticketmaster, for sensitive information.

Clearly, if these lists are any indication, companies of all sizes need to commit to maintaining their network security, holding it to a higher standard. For assistance in doing so, you can rely on the professionals at NuTech Services. We can design and implement security solutions to protect you from threats like these, and others that may rear their ugly heads. Give us a call at 810.230.9455 to get started.

7
Sep, 2018
sport_events_hack_400.jpg

Hackers Target Major Sporting Events

sport_events_hack_400.jpg

There are literally billions of sports fans in the world, and the popularity of these events brings in big money; and big money typically attracts hackers. Using all types of methods, there has been a history of hacking in almost every sport. Today, we take a look at some of the most famous hacks that have shaken up the sports world.

The World Cup
The FIFA World Cup is one of the, if not the, most popular sporting events in the world. Held once every four years, it attracts the attention of billions of people. Since the event is held every four years, it gives the host city a lot of time to get ready for possible hacker attacks. In fact, each new venue spends years and tens of millions of dollars ramping up on their cyber security.

The 2018 event held in Russia proved to be one of the most successful insofar as there wasn’t a major hack of the tournament in any way. It’s not a coincidence that typically state-sponsored Russian hackers are well known to be at the forefront of a lot of the major international sporting hacks. Fans that visited Russia from abroad during the World Cup were warned (mostly by their own governments) that they needed to be diligent not to fall into any tourist traps that would leave their cyber welfare in the hands of the thriving ecosystem of hackers that call Russia home.

Previously, in the 2014 World Cup in Brazil, the World Cup website was taken down by a distributed denial of service (DDoS) attack and thousands of visitors had their data breached through sophisticated phishing attacks. Each World Cup, especially the next one that will be held in the Middle East (Qatar) for the first time, is a goldmine for hackers.

The Olympic Games
International competitions like the Winter and Summer Olympic Games grab the eye of world for a couple of weeks. Unfortunately for athletes, coaches, and fans from all over the world, they also catch the eyes of hackers. Again, since these events are held every four years there is a long time for administrators to get ready, but that doesn’t stop those inside the host cities (or often outside of them) from trying to get over on the hundreds of thousands of people that show up to watch the events.

At the past Winter Olympics, held in Pyongyang, South Korea, the opening ceremonies were hacked by what turned out to be a Russian hacking collective. The hack caused delays in the festivities and infiltrated the games’ website, so administrators, fearing significant data loss, took down the website. Initially they had masked the attack as coming from North Korea, but it didn’t take long for professionals to ascertain that the hacks were retribution for Russia’s prohibition from the games as a result of a decade-long antidoping policy that found state-sponsored use of performance enhancing drugs; a revelation that many had suspected for decades.

While local hackers spoofed Wi-Fi and targeted athletes and guests during the 2016 Summer Olympics held in Rio De Janeiro, Brazil, Russian hackers from “Tsar Team” and “Fancy Bear” were busy hacking into the Olympic databases to gain access to athletes’ personal information. They subsequently have released some of that information, including information about gold medal gymnast Simone Biles, and tennis legend Venus Williams.

NFL
In the United States, it doesn’t get much bigger than the National Football League. In fact, one study showed that about one-third of all church-going males don’t go to church from Labor Day to New Years. Nearly 30 million people tune in to watch the NFL each Sunday. With this popularity comes attention; and hackers have used this popularity to their advantage.

In 2016 NFL commissioner Roger Goodell’s Twitter feed was hacked with a message that announced that he had passed away. The perpetrator happened to be a teenager from Singapore. In February 2017, 1,135 NFL players had their personal information stolen by hackers when the NFL’s union, the NFLPA, was hacked. Hackers made off with 1,262 people’s personal information, their financial data, their home phone numbers, their addresses and more.

In 2009, a man named Frank Tanori Gonzalez was given an extremely lenient sentence for hacking into the standard-definition communications feed at Super Bowl XLIII with a clip from an adult film that aired unedited throughout the greater Tucson area (the game was held in Tampa, FL).

MLB
Major League Baseball makes over $10 billion a year, and they do a phenomenal job of protecting their brand online. MLB makes a lot of their money in media and has made it a point to prioritize cyber security for league business. With individual teams handling their own cyber security, there have been small hacking cases, but unlike most other sports the biggest hacking scandal in baseball history was carried out by a team executive.

From 2013 to 2014, St. Louis Cardinals’ former scouting director, Chris Correa, repeatedly accessed the internal communications server of former division foe Houston Astros. The Astros had moved to the American League from the National League after the 2012 season, and they had hired former statistician Sig Mejdal from the Cardinals. When Mejdal left St. Louis he turned in his laptop. Using the information he got off this laptop, Correa figured out Mejdal’s new password and started entering the Astros network. For his indiscretions Correa got 46 months in federal prison.

NBA
The most famous hack in NBA history is hack-a-Shaq, which was a strategy used to limit Shaquille O’Neal’s effectiveness by making him shoot free throws (with which he struggled mightily), but there have been a few other hacks that have affected NBA players. The most notable, was NBA player Ty Lawson having his computer hacked and held his personal data for ransom in 2016.

Another situation was what is called a catfishing scam that involved NBA forward Chris Andersen and model Paris Dylan. A woman named Shelly Chartier had used multiple people’s online messaging accounts to manipulate Anderson and Dylan into bad situations. Andersen ended up being raided by the Douglas County sheriff’s department because Dylan was 17 at the time and any digital possession of lewd material would be legally considered child pornography. After investigators uncovered the scheme, Chartier was arrested and sentenced to 18 months in prison. Anderson continued his NBA career and Dylan was able to put the situation behind her and is now is an Internet model.

PGA
Recently, the PGA of America held the 100th PGA Championship at Bellerive Country Club just outside of St. Louis, Missouri. As the golfers were navigating their first rounds, the PGA was under attack by hackers. A message was sent to administrators that read, “Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorthym[sic].” The hackers also sent a Bitcoin wallet number with instructions on how to deposit money.

The PGA of America immediately hired a third-party IT security firm to solve the problem. Since security professionals from all over the world consider these extortion attempts to be futile against the diligence and expertise of security professionals, the line is usually to not pay and hope that the data can be recovered without the encryption key. Only time will tell how the situation is resolved.

Other sports leagues and athletes have had to deal with major problems from hackers over the years, including the English national rugby team’s website being hacked by the Islamic State in Syria (ISIS), and four-time Tour De France champion Chris Froome’s performance data was hacked as a rival team was convinced he was using performance enhancing drugs.

There are dozens of ways that you can fall victim to hackers. If your business isn’t already doing all it can to protect your digital assets, the time is now. Reach out to the IT professionals at NuTech Services for more information on the best way to protect your business from outside (and inside) threats at 810.230.9455.

27
Aug, 2018
utm_is_strong_400.jpg

UTM is a Strong Solution to Ward Off Hackers

utm_is_strong_400.jpg

When your employees think about hackers and network security, do they picture some cloaked or hooded figure in a dark room typing away at a keyboard? Do they see a recluse living in their mother’s basement? Popular culture has given many users a false sense of reality regarding hacking attacks and the culture surrounding them, and it can come at the detriment of your business.

While there are, of course, amateur hackers who aren’t necessarily well-versed in how to do it, there are other, more professional hackers who “know their stuff,” so to speak. This is similar to just about any kind of profession or industry. You have the hackers who have no idea what they’re talking about, and you have the seasoned professionals who know the ins and outs of how to infiltrate a network. Unlike other industries, however, the cybercrime industry is effective regardless of the proficiency of those involved with it.

If you think about it, this makes sense. It doesn’t matter what kind of threat is installed on your computer. A virus is a virus, and malware is malware. It’s troublesome at best and dangerous or downright threatening at worst. Therefore, if you don’t take network security seriously, you could put the future of your business at risk.

Traditional Hacking Attacks
Many users might look at hacking attacks and think about the more traditional threats. This includes the typical viruses and malware that users associate with suspicious online activity. These threats can have varying effects, but they generally make life difficult for businesses and individuals alike. This is about the extent of the average user’s knowledge regarding hacking attacks. They know they are bad, but they might not know the real ramifications of such attacks.

Emerging Threats
Nowadays, security threats are much more advanced and dangerous, capable of crippling entire networks. Some examples are dedicated spear phishing attacks in which hackers take on the identity of someone close to your organization, tricking users into downloading the wrong email attachments or sending a wire transfer to an offshore bank account. Other times, it’s installing a backdoor on a network that lets hackers access a network at their leisure. The most dangerous of all–ransomware–literally locks down your business’ files and demands a ransom for their safe return, putting businesses between a rock and a hard place. Suffice to say, these advanced threats aren’t always identifiable by the average user, and some can’t be identified until it’s far too late and damage has already been done.

Don’t let your business remain in harm’s way any longer. NuTech Services can equip your business with solutions that can both prevent hacking attacks and respond to them quickly and efficiently. We do this through the use of a Unified Threat Management (UTM) tool that combines enterprise-level firewalls, antivirus, security blockers, and content filters together to create a comprehensive, preventative, and proactive way to keep your network safe. It’s the best way to approach network security, hands-down.

To learn more about how you can get started with a UTM, give us a call at 810.230.9455.

9
Apr, 2018
security_needed_even_more_400.jpg

Cybersecurity Requires Flexibility to Changes

security_needed_even_more_400.jpg

Security is always changing due to the volatility of online threats and vulnerabilities. Things have changed so much over the past decade that solutions that worked back then are so outdated that they put your business at risk today. This brings into question what you should expect in the years to come. What are some of the threats that your business can expect to face in the future?

For reference, this information is from a study performed by Cisco. The study references the findings of 3,600 data security professionals from organizations such as Talos and others from all over the world.

Malware Has Grown More Autonomous
Early types of malware relied heavily on the user actually clicking on a link or downloading an attachment to install itself on their computer. Nowadays, malware doesn’t take the risk that the victim will know better than to click on a link or download something bad. Instead, a ransomware might be more network-based, meaning that all it takes is a simple mistake to spread to your entire infrastructure. Cisco suspects that this type of threat could potentially grow so widespread that it could take over the Internet.

Ransomware Is About More Than Just Money
Ransomware used to be all about making money and disrupting operations. It was a way to make money to fund further hacking attacks against even more victims. People would pay up because they were too scared to imagine losing their data. Trends are showing that hackers are increasingly more interested not in the financial side of ransomware, but with the destruction of businesses. Ransomware is being actively used by criminals to put an end to any business unfortunate enough to be hit by it.

Threats Are Avoiding Detection More Effectively
Ultimately, any online threat’s level of danger is equivalent to how easy it is to hide. The easier it hides, the more dangerous it can be. Ransomware can now hide in encrypted traffic to make itself much harder to detect. It can even use cloud-based applications and services to implement a command and control attack, all hidden within normal traffic.

Watch Out for Internet of Things Devices
The Internet of Things–a large collection of connected devices that all perform various functions–has grown at a considerable rate. Since Internet of Things devices are difficult to patch properly, they can provide backdoor access to an infrastructure. Since many IoT endpoints aren’t secured properly, your company network could potentially be opened up to all kinds of threats.

Security changes every day, but the one thing that never changes is that NuTech Services can help your business secure its infrastructure. To learn more, reach out to us at 810.230.9455.

6
Apr, 2018
security_three_steps_400.jpg

Three Give-Aways that Your Security Approach Needs a Change

security_three_steps_400.jpg

It only makes sense that you would want only the best security for your organization. It’s natural to want to eliminate risk entirely. However, this simply is not a realistic viewpoint to take where your security is concerned, and it can even contribute to greater security issues as a company holds out for the best solution.

This is no way to do business, but it can be hard to identify if you, yourself, are actually trying to bite off more than you can chew. To help, here are three signs that you are actually hurting your company and its security by trying too much and focusing on the wrong things.

1. Setting Standards Too High
Of course there needs to be organizational standards where security is concerned. However, it is important to recognize that ‘perfection’ simply isn’t going to be attainable. Many companies will be committed to their ideal vision of a solution to the point that, until that golden standard is found in reality, they won’t implement what is seen as an inferior option, leaving themselves completely vulnerable. What’s worse, some of these companies will actively find issues with an entirely workable solution, prolonging the process.

This can have the added ill effect of creating organizational paralysis among the workforce. Operational paralysis is simply the lack of movement toward change, improvement, and advancement in a business, due to an impression among the staff that any action will ultimately fail. This makes it particularly difficult to enact any change, whether it’s to your security or otherwise, as your staff will not be motivated to stick to it.

2. Waiting For The Perfect Storm
Many business owners have the tendency to find any reason to wait before starting a project of any kind, including a security initiative. They might want more data to support their proposed strategy, or want another project to be wrapped and put to bed, or want more money or time to commit to it. Any of these reasons may keep them from acting, or from even entertaining an idea.

The thing is, there will never be the perfect time to start a project, and something or other will always be there to get in the way and create friction. However, when it concerns something as important as security, you need to get something workable in place before the worst happens. After all, you can always continue to improve upon things.

3. Lack of Priorities
Again, it is only natural to want to be prepared for everything, but this too often translates into a company spreading themselves thin and not really being prepared for anything. Furthermore, there may just not be the resources available to reinforce a company against all threats at once. In cases like these, it is only too easy to overestimate the risk of some events. To counter this, there needs to be a frank and pragmatic look at your particular situation.

For example, a business located in a dry, arid area is far more likely to experience a fire than they are a flood. Therefore, it statistically makes more sense to prepare for a fire first, and wait until a little later to make the preparations for the flood. Weighing your security risks should follow the same process, which requires a resistance to the knee-jerk reaction to fix everything immediately.

While maintaining your IT security is obviously an important task, it is equally important to strategize your approach to this maintenance. NuTech Services can help you handle it. Call 810.230.9455 for more information today.

19
Feb, 2018
internet_of_thing_blue_400.jpg

The IoT Can Be Very Useful, but Also Risky

internet_of_thing_blue_400.jpg

You might be surprised to hear how the scope of the Internet of Things has increased over the past few years. These connected devices are all over the place. In order to ensure that your business isn’t affected in a negative way by these IoT devices, you’ll need to consider the many risks and how you will respond to them.

What is an IoT Device?
Essentially, any device that connects directly to the Internet or sends data to and from the Internet through another device is considered an IoT device. A smartwatch that connects to Wi-Fi, or a fitness tracker that shares data fall into this realm. From smart appliances, like Amazon’s Alexa and Google Home, to Internet-connected coffee machines are all Internet of Things devices. While the data they share might not always be extremely sensitive, they could open up other ways for your sensitive data to be reached.

Ask yourself – does this device connect to the Internet or network in some way? If so, it doesn’t mean it is a risk, but it does need attention.

What are You Risking?
When you’re putting together your business’ policies regarding the IoT, you should consider what assets you’re willing to leave vulnerable. It essentially boils down to what you’re willing to let your employees access. If your employees have access to a lot of data, you’re increasing the risk involved with IoT devices in the office. In much the same way, you can control how much data is at risk by limiting which employees can access it. It’s a great way to ensure that the Internet of Things poses a minimal threat to your business and its data.

On the other hand, it’s important to remember that IoT devices will still pose a threat in some way, simply due to the amount of them. There will always be too many factors to take into account to guarantee safety from any and all devices. Therefore, you should consider as many as feasibly possible. The data’s sensitivity is chief among these considerations, as well as the employee’s particular role within your organization. If they are mostly separated from confidential or sensitive data, then perhaps they can use basic IoT capabilities with little consequence. Granted, this assumption varies between industries, so be sure to make it clear what you expect from your staff in your employee handbook.

Train and Prepare Your Staff
Security isn’t something that can only come from one employee–rather, it “takes a village,” so to speak, and everyone must be mindful of security practices. This is incredibly important for the Internet of Things, but everyone needs to be on board–not just management or leadership. All employees need to be aware of the cybersecurity policies used by your company, as well as the various risks associated with the Internet of Things. Plus, it never hurts to be aware of even the most benign warning signs of common security threats.

Lead by Example
If you want your employees to prioritize security for your workplace, start by taking the first steps yourself. After all, you can’t expect your employees to do something that you yourself don’t do. Management should be able to set an example for their workforce, and this is how the IoT is prepared for most effectively.

Is your business utilizing any IoT devices? NuTech Services can help your business prepare for this connected technology revolution. To learn more, reach out to us at 810.230.9455.

1
Jan, 2018
two_factor_authentication_400.jpg

Do You Use 2FA? If So, You’re in the Minority

two_factor_authentication_400.jpg

Two-factor authentication, also known as 2FA, is a very beneficial addition to consider for your cybersecurity. However, a research study unearthed a few surprising takeaways that indicate that 2FA may not be adopted as much as one might expect it to be.

Researchers at Duo Labs, using data compiled by Survey Sampling International, designed a survey that would mimic the patterns that could potentially be seen in different regions concerning the adoption rate of 2FA. The results of this survey were striking, as they revealed that only 28% of those surveyed–designed to match up to the entirety of the US population–had adopted 2FA. Over half of the participants had never even heard of 2FA before the survey was administered.

The researchers were also surprised to find that, of those who knew about 2FA, 54% were voluntary adopters, and only 20.8% had been introduced to 2FA in their work environments. However, reflecting upon the number of applications and services that now prompt users to set up some form of 2FA, this is hardly surprising. Yet despite the relatively high number of voluntary adopters, less than half of these respondents used 2FA wherever they could.

However, there were a few results that showed a bit more hope for the utilization of 2FA. First of all, an analysis of the state of 2FA that compares the authentication options in 2010 to those in 2017, shows that more people are relying on more secure methods. For instance, the use of hard tokens (or a physical device used to confirm the bearer’s identity) decreased by half in the span of time the analysis covered. This indicates an increased awareness in the potential security risks that a hard token presents–all it would take is for one of these tokens to be lost or stolen to render 2FA ineffective.

The real takeaway from the results of this research is an insight into user behavior. Namely, convenience and simplicity were important factors when a user formed an opinion of the different approaches to authentication. This helped to contribute to security tokens being ranked as the most trustworthy form of 2FA by 84% of respondents. While there was an awareness that these tokens had their issues (including the risk of losing them, as referenced above) there was still a demonstrated trust in their reliability.

Despite all this, the sad truth persists that too few people are utilizing 2FA to secure their personal and business devices. With any luck, this will change in the near future, as network security has been thrust further into the public consciousness due to the repeated breaches and attacks that have made headlines as businesses rely more heavily on computing resources.

Do you have 2FA in place to protect your business resources? For help implementing it and other crucial security measures, reach out to NuTech Services at 810.230.9455.

2
Oct, 2017
noc_monitor_remotely400.jpg

How Remote Monitoring and Management Can Help Your Business

noc_monitor_remotely400.jpg

As a small business, your assets are limited more than you’d like them to be. You have a budget that yearns for more flexibility, and there are only so many hours in the day to accomplish all of your goals. Thankfully, in an era that’s more connected than any that came before, modern technology provides solutions to businesses that need to get a little more value out of their budgets. One of these solutions is called remote monitoring and management.

Imagine having a persistent computer problem that you don’t know how to solve. It’s been bugging you for a while now, but you don’t have an in-house IT department to fix the problem. Imagine having the ability to log into a service portal and put in a ticket explaining what the problem is. A technician will see this ticket, send you a quick reply, and arrange for a time to remote into your computer to solve the issue for you. Imagine how convenient this would be!

Remote monitoring and management is a great tool that allows your business to take advantage of the many wonders of the connected world, all for the sake of keeping your business running as smoothly as possible. We’ll give you a few examples of how your organization can take full advantage of remote monitoring solutions.

Update and Patch Implementation
Have you ever had to install patches and security updates on every single computer in your office? It can be a frustrating and time-consuming task, especially considering how often these updates need to be implemented. Remote monitoring and maintenance allows our technicians to remote into your computers and deploy the patches and updates all at once, without an on-site visit.

Security Monitoring
Have you ever been concerned with network security? You’re probably wondering how you can keep threats out of your infrastructure when you don’t know they exist. One of the best ways you can do so is by having technicians remotely monitor your network for security troubles. It’s not even limited to just threats, either. We can remotely monitor your network for any troublesome developments, like signs of hardware failure, that could create large issues down the line.

Quick and Easy Service
Waiting around for someone to fix your computer wastes time that could be better spent on other tasks. You can take back this time by having a technician remote into your devices in order to resolve issues, rather than waiting for a technician to arrive on-site to resolve them. Sure, there are more pressing issues that require on-site assistance, but most issues can actually be solved remotely.

Could your business use remote assistance from time to time? NuTech Services can help with that. To learn more, reach out to us at 810.230.9455.

7
Apr, 2017
business_ramifications_400.jpg

Your Business Should Be in the Headlines for the Right Reasons, Not for a Cyber Attack

business_ramifications_400.jpg

Today’s headlines are peppered with stories of major companies and institutions falling victim to a cyberattack. As a business owner, what’s your response to these gut-wrenching stories? If you write them off as fear mongering and believe that these attacks can never happen to your SMB, well, you’re wrong. They can and it’s up to you to prevent such a disaster.

One reason why it’s so important to shore up your company’s network security is because the ramifications of a breach extend well beyond the sensationalism surrounding a news story. Take for example one of the biggest stories of hacking in recent memory; the revelation made public last December that Yahoo had more than one billion of its accounts compromised, dating all the way back to 2013. While the headlines focused on the plight of Yahoo and the negative effect this would have on the tech company’s value, what didn’t get reported is how millions of Yahoo users were negatively affected by having their sensitive information exposed to hackers.

In the same way, seeing to your company’s network security goes beyond protecting your corporate image from a negative headline. It’s also about protecting all of those who have entrusted you with their sensitive data. This includes customers and vendors that have provided your business with their financial information, as well as employees that each have a wealth of their personal information connected to your HR department.

We’ve established that there’s a lot riding on your network security and that it’s your job to make sure this is taken care of. If you don’t currently have a security plan in place protecting your company from a data breach, then where do you even begin? Fortunately, you don’t need to be an IT security expert or have a computer science degree to implement adequate security measures. As is the case with many vital responsibilities connected to your business, you can outsource the protection of your network to the professionals, such as the IT technicians at NuTech Services.

That said, IT security is such an important and comprehensive matter that it’s not something that you should outsource and then disregard. In fact, IT security works best when everybody in the company understands that they have an active role in its upkeep. Yes, everybody. We’re talking from the C-level executives down to the cleaning lady who connects her smartphone to Wi-Fi. If everyone in your company understands how to avoid the snares laid by hackers, then the cake that is your network security measures will be topped with the icing of best practices.

Remember, securing your network from cyberattacks isn’t something that you have to do on your own. NuTech Services is here to help, and we can do so by implementing proven and comprehensive network security solutions like our Unified Threat Management tool, as well as remote monitoring and maintenance in order to detect and take care of any threats that may breach your defenses. We’re also available to equip your staff with the means and know-how to better understand cybersecurity.

For assistance in all of these areas of security and more, give us a call today at 810.230.9455.