Cybercrime is on the rise, and its perpetrators are growing bolder and more savvy. The rate of incidents such as ransomware infections and data breaches continues to climb, with devastating consequences. The resulting downtime and loss of profits can seriously hurt your business, and the damage to your reputation can be difficult to overcome. When sensitive data is compromised by a cyber attack, your business could face fines or even lawsuits. These threats are not something you can afford to take lightly. The more you know about the risks of cybercrime, the better protected your business will be. Having the right IT security precautions in place is crucial. Hammett Technologies President Charles Hammett will be hosting a FREE networking event to discuss these concerns with local business owners, and offer valuable information to help your business stay a step ahead of cyber threats. Join us on Wednesday, November 16th at 7:30AM at the Sparrows Point Country Club – 919 Wise Ave., Baltimore. If you’d like to take advantage of this amazing opportunity, register here by Sunday, November 13th. You can get in touch with us at {email} or {phone} with any questions you have about this event. We hope to see you there!

With the huge proliferation of cyber threats out there, cyber safety and security are at the top of anyone’s list who regularly use PCs or are part of (or who run) a computer network. The PricewaterhouseCoopers 2016 Global State of Information Security Survey revealed a 38 percent increase in the number of security incidents in 2015 over the previous year. That figure will likely climb for next year’s survey, which is why many companies are in a rush to implement iron-clad cybersecurity policies and technology. It’s all because of one thing – the safekeeping of data, which is the backbone of any business entity or organization. And, along with adopting better cybersecurity standards, more and more companies are opting for cyber insurance as part of their cyber defense strategies. Although a relatively new phenomenon on the computer networking scene, cyber insurance can offer an additional layer of protection between unethical hackers and end-users, filling the gap where traditional business insurance may fall short. Cyber insurance, however, definitely has its perks and drawbacks, so you will want to be fully aware of what you’re getting when you opt-in. What is Cyber Insurance? It works exactly like any insurance policy would, covering the financial losses that would occur due to a cyberattack, breach, or cyber-related data theft. The worth of cyber insurance policies generally run well into the millions, in order to be able to cover insureds from the often costly fines stemming from compliance violations. There is as of yet no policy exceeding $100 million, but it is possible to structure “towers” of coverage with multiple cyber insurance policies for added indemnification strength for business organizations with overall worth in the hundreds of millions or even billions. Who Needs Cyber Insurance? A good way to determine if your organization needs cyber insurance is to evaluate your ongoing cyberattack risk level, and ask yourself these questions: What type of information does my organization hold? What are the potential consequences if this information is stolen and/or exposed? What are our current cybersecurity policies? Does our current business insurance policy cover any type of cybersecurity related risk? The answers to those key questions will help you get closer to what kind of cyber insurance policy you’ll need, if any. Some other helpful resources are available at the National Institute of Standards and Technology (NIST) Cybersecurity Framework (resources) and the Federal Financial Institutions Examination Council Cybersecurity assessment tool. How Do I Get Cyber Insurance? Once you are ready to acquire a cyber insurance policy, you’ll want to first identify the gaps in your existing business insurance policy first, as being fully cognizant of what your traditional policy covers is the first step to understanding what type of additional coverage is needed. Coverage can be widely divergent in exactly what is provided for in the case of a cyber breach, e.g. business disruption and downtime, extraneous expenses, event response costs, litigation defense fees and/or settlement costs in the case of a compliance violation fine, and appertaining lawsuit. Having a checklist prior to approaching an insurance broker will help you be prepared for an interview, wherein you can comprehensively convey all aspects of your business model, operations requirements, and also be able to formulate the right questions to them on the types of policies on offer. Shop Around and Be Prepared Don’t just go for the first cyber insurance carrier out of the gate, and be sure as well that you understand all of a given policy’s set guidelines that govern things like when the policy is triggered, what exactly it covers, and any major exclusions in the policy. This will help to eliminate any confusion in the event of a cyberattack or breach. Remember also that cyber insurance should never serve as the single line of cyber defense, as it’s designed to work as part of a greater overall cybersecurity plan. Here’s another great resource (especially for those entities operating in the financial sector) to aid you in your search for the right cyber insurance policy – The Purchaser’s Guide to Cyber Insurance Products from the Financial Services Sector Coordinating Council. Ask a Cybersecurity Pro You can also speak to an IT specialist at {company}, which is a proven leader in providing IT consulting and cybersecurity in {city}, about how to find the right cyber insurance policy. Contact an IT expert at {phone} or send us an email at {email} today, and we can help you with all your questions or needs.

It happened on March 19 of this year – campaign chairman for Hillary Clinton John Podesta unwittingly clicked on a link in an email he thought was from Google corporate. It wasn’t from Google, but rather from a group of phishing hackers the US government has since linked to Russia. Podesta wasn’t aware the link was malicious at the time he clicked on it, but doing that gave the hackers access to his entire email account. Fast-forward to October 9, when WikiLeaks began publishing thousands of Podesta’s emails, the motive seen by many as the desire to influence the US Presidential election by exposing Clinton camp improprieties. Now there is evidence that it may have been the same hacker group that targeted the Democratic National Committee. Both hacking incidents were done using the same malicious short URLs that are routinely hidden in fake Gmail messages by black hat hackers. Those URLs were created with a Bit.ly account linked to a domain controlled by a hacker named Fancy Bear, one of the identified Russian hackers. Data also shows a “clear thread” between allegedly separate and independent leaks that have shown up on a site called DC Leaks which included some of both Colin Powell’s and John Podesta’s emails. Fancy Bear and Political Hacks Hidden in the Bit.ly link was a longer URL that included a 30-character string that actually contained the encoded Gmail address of John Podesta. The link was clicked on twice in March, acts which opened up Hillary Clinton’s campaign manager’s email account to exploitation and revelation on a major scale. The link was just one of thousands created by Fancy Bear which were used to target nearly 4,000 persons between October 2015 and May 2016. The Fancy Bear hacker group used two Bit.ly accounts to create the malicious links, but forgot to set those accounts to private, allowing “good guy” hackers like security firm SecureWorks to track their use through command and control domains and servers. Fancy Bear used 213 shortened links targeting fully 108 email addresses on the HillaryClinton.com domain, as reported by SecureWorks and in BuzzFeed earlier in October. Using Bit.ly “allowed third parties to see their entire campaign, including all their targets— something you’d want to keep secret,” said Tom Finney, a researcher at SecureWorks. According to Thomas Rid, professor at King’s College, it was “one of Fancy Bear’s gravest mistakes,” explaining that it gave researchers unparalleled visibility into the hacker group’s activities, which resulted in investigators being able to link different, supposedly disparate parts of its larger campaign together. Using the encoded strings, embedded inside the shortened links, and which targeted numerous political figureheads like Podesta, Powell, and Clinton staffer William Reinhart, effectively revealed their targets for any and all eyes to see. No Smoking Gun Although the evidence is clear and profound, it doesn’t constitute any kind of smoking gun that can unequivocally link the phishing attacks to the Russian hackers, in early October the US government publicly accused the Russian government of not only sponsoring but directing the attacks. And as Motherboard put it in their piece entitled, “How Hackers Broke into John Podesta and Colin Powell’s Gmail Accounts,” “The intelligence community declined to explain how they reached their conclusion, and it’s fair to assume they have data no one else can see.” Need Cybersecurity Advice? If you need advice about cyberattack preparedness, cyber safety awareness and security, {company} is a proven leader in providing IT consulting and cybersecurity in {city}. Contact one of our IT experts at {phone} or send us an email at {email} today, and we can help you with all your questions or needs.

The use of only passwords – even well-encrypted ones – for login permission is not enough, it seems, to stem the tide serious problem of black hat hacking and unauthorized access. Across the cybersphere, it seems the more frequently a given company or individual updates their passwords that just as fast there is a “cracker” ready to decrypt them in order to gain unauthorized access. Amidst all of this is the recent statistical revelation that employees are the biggest cyber threat in the workplace. It seems that the only thing agreed-upon in the Admin vs. User game is that passwords alone are not enough to guarantee secure login and access control. They are a distinct problem, in fact, which multi-factor authentication enabling can remedy. Valid Alternatives With passwords presenting such a problem globally, the search for valid and viable alternatives is fast becoming essential for any venture. PIN (Personal Identification Numbers) work out to be simply numerical and shorter forms of passwords, though in certain cases PINs can provide greater levels of security, due to being tied to a specific device. Multi-Factor Authentication (AKA MFA, or Two-Factor Authentication, Two-Step Authentication, or TFA), then, presents itself as the best and most valid alternative to passwords in the battle for ultimate security in login access. Why? Because MFA provides a step-by-step, real-time process of validating a user’s identity, the steps for which must happen in a given order if entry is granted. MFA has three essential tiers of authentication, which include: Knowledge, in the form of something only the valid user knows, such as a PIN. Possession, defined by a thing which only that user possesses such as smartcards, hardware/software tokens, soft tokens, or a registered phone number. Inherence, in the form of something only the valid user is, verified through biometric information. The Case for Multi-Factor Authentication Multi-Factor Authentication makes the most sense for any business venture or organization that is required to take electronic communication security seriously. Because MFA is tied to users’ identity in a strict way, it largely obviates the most popular form of cyberattacks and threats – leveraging stolen passwords. As a result, MFA provides the highest measure of security assurance for organizations of all types. And, because MFA can also pinpoint and track user identity in such an exacting manner, enterprises can better track on a use-by-use basis exactly who is accessing their databases, along with when, where, and how. For a long time, SMBs and even corporate structures overlooked the importance of having MFA as part of their IT security, because it was seen as too costly. Now, with the rise of ransomware hacks and other costly cyberthreats, MFA in 2016 is altering the security paradigm through being both easier to implement and use, as well as more affordable. Many platforms, such as Microsoft, Amazon and Google, now allow you to set up multi-factor authentication for your online accounts. The first factor of which is the traditional user name and password (or PIN), while the second is either a phone call that you answer to obtain a verification code, or a phone app notification in which you enter your pre-determined PIN code. Microsoft recently released a new version of their Microsoft Authenticator app for Android and iOS that lets you perform MFA for both your Azure business account and your Microsoft accounts – both personal and business. Heads in the Cloud Any technology solution needs to balance sharp-eyed security against the user adoptability quotient. Cloud applications, for one, weren’t designed to work in tandem with legacy MFA capabilities.  Those legacy solutions were strictly built for on-premises resources, long before “cloud” or “mobile” meant anything in the world of IT.  Recently-generated MFA methods, however, can make strong authentication an easy, convenient, and secure option for virtual and cloud-accessing networks. Have Questions About Implementing MFA for Your Network? If you have questions or concerns about multi-factor authentication, {company} is the leader in providing cybersecurity and IT consulting in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email}, and we will be happy to help you attain better security verification methods for your business network.

We’ve all had some experience in Microsoft Word, perhaps the most popular program in the Office Suite (many would argue). But many still don’t realize that there are quite a few hidden features in Word that, when learned, will help make you into a master of the globally-instituted document composition platform. Here are 10 key ways to master your use of Microsoft Word and make your working life that much more enjoyable. Enjoy the use of more of Word’s symbols as you type. Normally, when you are typing in a Word doc you see a lot of empty space between the words and lines, but there is a lot more going on than what is visible. If you want to see what you’re missing in terms of helpful formatting symbols, Go to File, Options, then Display, then Always Show These Formatting Marks on the Screen. Under that heading, you will see a list of options that will allow things like paragraph signs and dots marking the amount of space between words to become visible: How many ways can you format a paragraph? The answer is: There are many ways to format paragraphs, and you can easily master this and take your Word authorship to a new level. By allowing the paragraph symbol to be shown (as in step 1), this will allow you to copy over the formatting along with the text to wherever you want to next paste that text. Know Thy Word sections. Learn to organize your Word docs better by utilizing the different breaks found in the use of sections. Access the Breaks portion on the Page Layout menu, and see your document as Microsoft Office sees it. By setting up your Word doc in sections, you can independently format each section and attain a level of mastery over your document not otherwise found. Master the use of Styles. You can create style templates in Word which can be used again and again for future documents. For example, if you write a lot of memos, you can create a style template for memos, and so on. You can go to Design >> Themes for some good style ideas. Format your document prior to writing. Formatting your doc prior to beginning the writing of it is a good idea, so you can get a well-formed idea of the format before commencing the actual writing part. Many of us have experienced the frustration of wording a document only to have to format and perhaps reformat it in a different setting because we didn’t establish (and save) the formatting from the get-go. Customize your paste options. You can control how MS Office pastes your text by clicking on the Office logo (the button at the top left of the screen), going to Word Options, then to Advanced. You should then see a Cut, Copy, and Paste option that lets you configure customized options. This will do things like disable hyperlinking when pasting, along with other handy things to make your use of Word more enjoyable. Use fully justified formatting. This is perhaps one of the better-known Word formatting options – fully justified formatting will give you equally-aligned margins without the ragged edge on the right side that’s so commonplace in writing. It appeals to those who want a tidy, clean, and perhaps more professional look to their text, though “there’s no arguing taste” but with the beholder (or writer) in this case. Nevertheless, if you want to access this option, click the Office logo >> Word Options >> Advanced, then expand the Layout Options and set fully justified formatting there. Hide the Ribbon. This is another common option used by Word aficionados. For those who get a bit too distracted by the visual busy-ness of their ribbon toolbar, there is a shortcut to hiding it: Click CTRL+F1. Do it again to make it reappear. Clear all formatting. Here’s one many may not know of: The Clear All Formatting option, which does exactly what it says. This will give you a chance to clear the formatting slate and start over again. Select however much text you want to clear, and click the button that looks like the letter A holding an eraser right beneath References on the main ribbon interface. Spike your copy and pasting. Here’s a special way to copy and paste that allows you to copy from different places in a document and then paste them all together elsewhere. The CTRL+F3 command will allow you to cherry-pick the various places in your doc and put them all together in another area, or new document. The spike-pasted text will also display where the original cuts were, for comprehensive editing purposes. Talk to a Software and Office Specialist If you need further help with Microsoft Office programs like Word, you can speak to a specialist at {company}, which is a proven leader in providing IT consulting and software support in {city}. Contact us at {phone} or send us an email at {email} today, and we can help you with all your questions or needs.  

It used to be that you could safely backup data by taking copies of all of it at regular intervals and putting it on a local backup server, which would then write the data to tape replication which could then be couriered offsite. Or, you could send that backup copy of all your data out on the Internet to a service provider for safekeeping. A local copy of your entire data network assures fast recovery in any event that doesn’t involve a site outage. Accidentally deleted files don’t require hauling information backups across the Internet, and there’s always the bonus of having the ability to clone out copies of your data backup for development and testing – free of negatively impacting workloads. Ransomware Changed Everything Ransomware has changed the entire data recovery and backup game, and it’s done it in a number of different ways. And, ransomware variants appear to be getting more and more able to corrupt wider swaths of networks and at a faster rate, too. Most ransomware variants corrupt not only the data on a single PC or server, they can compromise backup servers as well. There are three main reasons this can happen: The backup servers have their shares available The ransomware jumped from the primary infection point to infecting the backup server The ransomware is exploiting a vulnerability in the OS or data protection software, allowing it to corrupt backups directly Data Protection Insights As mentioned above, ransomware can expropriate a whole network’s cache of data quite rapidly. It can spread like a virus, traveling from system to system and increasing the speed with which it can infect, as well as the number of files per second it can corrupt. Thus, data protection systems get overwhelmed, with even Continuous Data Protection, or CDP types of data protection systems simply failing at the outset of an attack. Ransomware variants can be so subtle as to slip right under the radar of PC users, morphing for days or weeks within a given database and altering files before alerting the recipient of the attack to its presence. This is all to the advantage of the creators of ransomware, who benefit by having that payload leaving behind no single uncorrupted file, making data protection a non-issue and forcing the target to pay the ransom. The Nature of Malware Top-end malware programs can parse the backup server configuration, identifying where it’s sending disaster recovery copies. It can then go infect those servers, and destroy all data caches, which wipes out the entire organization. Here’s an IT insider tip: Never browse the Web as the domain administrator for any reason whatsoever. Public cloud computing, for one, is becoming more vulnerable to malware infection by the day, due to cleverer variants that can follow and mimic administrators’ credentials, or quickly discern them, then use scripts to delete primary data and backups. The Lesson of Data Bilocation To quote a “full-time nerd” writing in Virtualization Review, “If your data doesn’t exist in two places, then it simply doesn’t exist!” Following this line of thinking, and where cloud computing is concerned, you’ll want to make a backup copy of your data and copy it to an entirely different account with separate credentials within the same public cloud services provider, or take the more preferable path of copying it somewhere entirely removed from the primary data source. That can be a separate cloud services company, or a more traditional hosting provider, or to an on-premise storage device. The more backup copies the better, and the more locations the better. Get Expert Advice on Ransomware Protection Ultimately, ransomware can’t beat being knowledgeable and proactive. If you need further advice about ransomware prevention, data protection, and security, {company} is a proven leader in providing IT consulting and cybersecurity in {city}. Contact a friendly, knowledgeable expert at {phone} or send us an email at {email} today, and we can help you with any of your questions or needs.

If the hack of Yahoo corporate and compromise of hundreds of millions of account users’ data wasn’t enough of a reason to delete your Yahoo account and never look back, how about the fact that former Yahoo CEO Marissa Mayer gave a thumbs-up to the U.S. Government’s request to be able to search each and every email in her company’s database? Not that anyone worth their salt uses Yahoo for anything but an occasional news feed, or getting information from Yahoo Answers, but if you’re still naively or archaically using Yahoo to send and receive emails that have any kind of personally-identifiable or sensitive information in them at all, this post is for you. The plain fact of the matter is that if you are still using Yahoo to regularly send and receive emails, you are engaging in a platform that has opted-in to NSA spying in the biggest way (literally). To illustrate how badly compromised, spied-on, and hacked-into Yahoo.com is, Alex Stamos, the new head of security at fellow spy tool Facebook resigned in protest at the blasé disregard of his former CEO for her colleagues’ input on green-lighting NSA spying throughout her company’s platform. To wit, Facebook can now look at Yahoo and say, “Wow, they are a government spy’s dream come true.” How to Permanently Delete Your Yahoo Account Ironically, the top-rated answer on Google for “how to delete yahoo account” lands you on a Yahoo Answers page! To close your Yahoo account permanently, go to this link: https://edit.yahoo.com/config/delete_user, where you will be asked to sign in. If it’s been a while since you’ve logged into your account (since the hacking occurred) you will be asked to change your password. After doing this, you will be taken to a page that explains the implications of deleting your account, will be prompted to re-enter your new password – plus a captcha – and then you can click on a button that says “close my account,” or something to that effect. It will then tell you that “Your account is scheduled for deletion in 90 days. This is to ensure that no illegal third-party activity occurs using it.” Yeah, like the NSA yard sale Marissa Mayer had with her users’ email account data? And, the subsequent hacking of hundreds of millions of accounts – all of which didn’t put a dent in the ex-Yahoo CEO’s nearly half a billion-dollar net worth? You mean that kind of illegal third-party activity, Yahoo? Thanks for your conscientiousness. Cyber Safety and Security from IT Experts If you need further help with cyber safety awareness and security, {company} is a proven leader in providing IT consulting and cybersecurity in {city}. Contact one of our expert IT staff at {phone} or send us an email at {email} today, and we can help you with all of your cyber safety, defense, and security questions or needs.