It started with personal computers and then morphed to attack business data. The “it” is ransomware, and it is the latest way that black hat hackers have caused concern for individuals and businesses alike. Ransomware is when an outsider gains control of your computer from an email you opened or a file you downloaded. The hacker criminal gains control of your computer and locks you out. He or she now has complete control of your computer and offers to unlock it for a fee. In legal terms, the criminal is extorting you for money in exchange for data that is already yours. Ransomware has proven to be very lucrative for hackers; the very existence of ransomware on a computer instills panic and fear into the victims in that the hackers have control of your data. If your system is infected with ransomware, messages you see may include: “Your computer has been infected with a virus. Click here to resolve the issue.” “Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.” “All files on your computer have been encrypted. You must pay this ransom within 72 hours to regain access to your data.” Yet, paying the ransom offers no guarantee that the hacker will release your files. Protecting against ransomware isn’t hard, yet most businesses pay the ransom without protecting themselves from another attack. Steps to Take to Decrease Vulnerability to Ransomware Backup — You may already back up your data to the cloud where it remains secure. But, if your computer is locked, migrating the data from an online source back to your computer system can be a convoluted process. So, in addition to your cloud backup and the backup to your hard drive, make a third backup that you store offsite. You only need to incrementally add to your offsite backup to keep it current. Automatic software available is that marks files for backup as you create them. Don’t open that! — The same people who kidnap your data are hackers who use phishing techniques. Usually, they spam you with email in the hopes you will open an infected file or download. If you don’t know the sender of an email, or if the email looks suspicious to you, DO NOT OPEN IT. This is the most effective and cheapest way to protect yourself and your company from ransomware. Educate users — Chris Doggett, senior vice president at Carbonite, which provides cloud backup services for individuals and small businesses, said: “I see far too many people who don’t know the security 101 basics or simply don’t choose to follow them. So the IT department or security folks have a very significant role to play [to educate users].” Patch when received — This sounds simple, but in reality, company policies and protocols may delay security and maintenance patches from being applied in a timely manner. Have your IT department review patch protocols and policies and recommend changes if they are in the way of applying them within 24 hours of receipt. Additionally, make sure you are running the latest versions of all your software and keeping it updated. Pull the plugs at the first sign of ransomware — If one part of your system is infected with ransomware, isolate it from the rest of your system. You want to do more than disconnect from the corporate network; you should disconnect your Wi-Fi and Bluetooth on all machines to prevent the infection from spreading. You will have little, if any, expense in protecting your data from being victimized by ransomware. Take the needed steps now by contacting us. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

There’s little doubt that Facebook collects plenty of information about most Internet users. It employs activity logs, cookies and “Like” buttons to monitor both members and non-members. This helps the social network sell highly targeted advertising. Some recent rumors suggest it even uses smartphone microphones to spy on people. Claims Many Facebook members became especially concerned after viewing or hearing about a TV news report from Florida. It showed a communications professor demonstrate how Facebook appears to customize ads based on the words she speaks into the microphone. Nevertheless, she admitted that it may just happen coincidentally. Denial The top social network responded by denying it uses microphones to spy on users. It explained that the company only accesses this equipment when members specifically give it permission. Furthermore, Facebook claims the audio is solely used to automatically identify songs or TV shows for members. It offers an app that performs these tasks. Should we believe this denial? The Washington Post has expressed skepticism about the microphone-based spying theory and noted that little evidence exists. Nonetheless, the newspaper highlighted Facebook’s sophisticated tracking methods and stated, “You should definitely worry about your online privacy.” Hacking While Facebook may not actually spy on your conversations, no one disputes that it’s possible. Numerous hackers have succeeded in gaining access to microphones and cameras on victims’ devices. For example, the media recently reported on a new security exploit called “Metaphor.” It enables hackers to monitor smartphones and track their locations with GPS. As a director at Symantec told NBC News, “A mobile phone is the perfect spying device.” He warned that hackers can read users’ text messages in addition to watching and listening. One way to avoid espionage is to surf the Web and read email cautiously; malicious links help distribute malware that aids criminals. Prevention Many hackers use websites to give away free versions of well-known commercial apps. Such software may look and work the same as the original programs, but it contains hidden spyware that allows criminals to monitor your phone. For better security, only download software from Microsoft, Google or Apple websites. Examine app permissions Check phone bills carefully Avoid unnecessary apps Watch out for wireless networks that don’t require passwords. An unsecured connection makes it easier for hackers to attack your smartphone. When a suspicious app download fee appears on your monthly cell phone bill, it could mean the phone has been compromised. Don’t forget to install anti-virus software on your smartphone and any phones you supply to employees. This doesn’t have to cost a lot of money. Many reputable companies compete to offer inexpensive security apps for Android and iOS. Use caution when you download such programs; some hackers disguise malware as anti-virus utilities. You can also maximize security by keeping your smartphone in a signal-blocking case or pouch when you aren’t using it. This prevents the phone from transmitting your location and live audio or video. However, it also stops incoming calls from reaching you. Keep in mind that anyone who uses your smartphone could easily install spyware on it. A suspicious spouse or malevolent co-worker might even do this. Be sure to choose a hard-to-guess password, avoid leaving the phone unattended and think twice before letting anyone borrow it. Consider storing the device in a compartment or drawer with a lock. Smartphone spying has become a serious concern, regardless of whether it’s committed by Facebook, a distant hacker or someone you know. Remember to make security a high priority. Business owners trust {company} to keep them up-to-date on today’s IT news and tips. Please call {phone} or send messages to {email} for additional information.

Do you back up everything each hour when your system is busy, and at least once a day, if it is not? Do you disconnect your backup devices from your system when they are not actually backing up? You may have answered the first question affirmatively. However, if you answered the second, “No, I always keep my backup devices running,” you could be vulnerable to a phishing attack. Yes, your firewalls are secure, and Kaspersky or some other top antivirus software is watching your back. But you have another exposure that can open your front door to attacks. Here’s how phishing works: Your employee (or maybe your own child) receives this friendly looking (albeit bogus) email from someone they know or some organization they consider benign. The email has text to the effect “Wow! We really loved this picture of (insert entertainer’s name) at the last concert. Open the attachment (or click this innocent looking link) and see if you agree!” Whether the email has an attachment or link, two alternative bad things can happen: 1. The disguised .jpg attachment Everyone knows that a .jpg image is harmless, right? Wrong. Say the title of the image attachment is titled concert.jpg. What scammers actually do is bank on the fact that most computers hide extensions. The actual file extension is either .exe or .zip. So the file’s name is concert.jpg.zip. The zip (or .exe) gets hidden, but click on it and it goes to work. The work can be anything from spraying hostile code to inserting bots that take over your computer and also after your contact list to propagate outward. 2. The little link that could do damage Click on that link lure and you’ll be taken to a hostile site. The site is waiting to download the equivalent of digital landmines into your system. Or it could be a connection to the Darknet where this guy with a Russian-sounding name is waiting to kidnap your system through the pernicious ransomware attack. And now, the double ransomware whammy… Ransomware is not a new threat, having been around for several years. But as potential victims have grown wary of malware, and spam email is increasingly shunted to the junk box, crooks have adapted. Email phishing attachments might go beyond the social and look like an authentic invoice or electronic fax. According to the FBI, ransomware attacks “are not only proliferating, they’re becoming more sophisticated.” Where they were once just delivered through spam emails, now unwary web surfers can trip over legitimate websites with malicious programming, which takes advantage of unprotected end-user portals. The ransomware, once introduced, encrypts files on local drives, including anything else hooked up to the system–including backup systems and devices. A semi-final word about backing up If, despite all your precautions, a phishing attack is successful and you see that scary ransomware message on your computer monitor, you’ll have but two options: 1) pay the ransom, or 2) restore your system from an uninfected backup source. Paying the ransom brings no guarantee that whoever is holding your system for ransom will send the decryption code. They might, but they are just as likely to further infect your system with additional malware. However, if you followed the advice to run frequent backups on devices only connected to your system during the backup operation, you can recover. You will only lose data entered or changed after the last backup. Finally, the importance of a business continuity plan Nothing will cripple your business like shutting down access to your financial and other proprietary data. The lost revenues and extra expenses can cut deeply into a business’s bottom line, and business disruption insurance won’t cover the intangibles like loss of customer confidence. So a well-designed backup protocol is just one element of an agile business continuity plan. In the meantime, beware of bogus emails bearing dangerous attachments and links. Even if you know the originator, you can’t be sure they are not sending you a bomb disguised as a smooch. {company} is the trusted choice when it comes to staying ahead of the latest information on security threats, technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

What the PCI Requirement 12.4 means for you and your business. Changes to the PCI Requirement 12.4 were released in April 2016 and raised an endless amount of questions. Thankfully, we’re going to explain some of the changes and what they mean for third party service providers and merchants. With this being said, here’s a look at what the PCI Requirement 12.4 means for you and your business. Why Updates Were Made Updates to the PCI Requirement were made simply because of the consistently rising rates of data breaches. In 2015 alone, there was 3,930 breaches that exposed over 736 million records (according to a report by Cyber Risk Analytics). With 288 breaches being incidents involving third parties and 64.6% of the breaches from hacking, updates had to be made to protect customers and ownership of their private information. Although the security market has dramatically changed over the past decade, the collateral damage associated with a data breach has only gotten worse. PCI has been very forceful in regards to the needs of contractual language between service providers, vendors, and third parties so that data is protected within their guidelines. PCI Requirement 12.4: What’s New? Such new requirements added to the PCI Requirement 12.4 are: For your information security policy, define the executive’s role and how it is related to the data security as a whole. For assessors, a requirement of the audit cycle is see how well Executive Leadership is disseminated and ingrained into everyday operations. If a customer can reach customer service and receive a consistent/concise response, the requirement has been met. For merchants, third parties, and service providers, each party needs to state their role and what they’re doing to ensure data security on their end. This means that each party needs to state specific responsibilities, service lines, groups, and divisions within their organization to meet the new requirements of PCI Requirement 12.4. Lastly, assessors are searching for organizations that effectively communicate how important security is for their organization and make it part of the company’s culture. Explaining how the organization is held accountable, designed, and structured in regards to client data is needed as part of the requirements (which is in addition to previous PCI requirements). So in consideration of the information above, it’s important to see where your business stands in regards to the PCI Requirement 12.4. Thankfully, {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks, and news. Contact us at {phone} or send us an email at {email} for more information.

Where ransomware currently stands in the world of technology. Ransomware has been running rampant throughout 2016, leaving victims stuck paying the cybercriminals’ demands or losing all their data. It has even gotten to the point that the FBI is warning individuals, businesses, police departments, government agencies, schools and hospitals of the increase in ransomware attacks. We will explain what ransomware is, how it has evolved, and how to protect yourself from these types of attacks. Find out about ransomware and where it stands in the world of technology. Early Ransomware Attacks Early ransomware attacks simply locked a person’s computer with an error message that stated: “Your Computer Is Infected” and provided a phone number for you to call. Calling the number directed you to a cybercriminal who would use social engineering, intimidation and threats to convince you into paying a fine. At the time, this wasn’t a practical approach since it required an individual to be available to answer the calls. Later versions utilized online payment features that removed the need for the cybercriminal to pick up the phone. CryptoLocker: Evil Evolved CryptoLocker was written by someone with a strict plan and an agenda to extort without compromise. When a computer was served with a CryptoLocker, it didn’t just send a block and a contact number. It encrypted files, photos and documents from the computer (without their knowledge) and made them inaccessible to the computer user. Word quickly spread as to the devastation CryptoLocker caused, which inspired copycat ransomware versions such as CryptoDefense and Cryptowall. Ransomware & The Future Ransonware encryption has evolved, and today, it can spread to an entire network of devices (instead of targeting one individual). This means that if one person clicks on a malicious link through an email, their entire network can be affected. Ransomware’s longevity is due to organizations not keeping backups and the willingness of users to pay ransoms for their own information. A few solutions, however, can render a malicious attack completely useless. Ransomware Prevention The most important factor to remember about ransomware and cybercriminals: A backup system can restore a system to what it was before the infection took place. Therefore, the Ransomware can be removed without making a payment to the cybercriminals. When cybercriminals can’t receive the ransom in question, their business model inevitably collapses. So when you’re trying to prevent cybercriminals from accessing your computer, it’s important to: Install layered security on all fronts (emails, etc.). Educate your staff about phishing campaigns. Keep your systems and software updated. Back up your information. In consideration of this information, it’s important to protect yourself from ransomware. Thankfully, {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

In June, 2016, Apple introduced iOS 10, complete with upgrades to iOS 9, as well as a few fantastic secret features that the industry was expecting any minute. However, as with any great product, there are usually a few downfalls — and Apple products are no different. Several flaws and detractors exist in this latest relatively moderate upgrade to iOS 9: 1. Still No Sign of Dark Mode — Unless You’re Looking for tvOS Like Android, dark mode has been a high-demand, high-request feature for a while — and once again, Apple didn’t come through. It’s all the more glaring that Apple didn’t bring dark mode on board for iOS 10, since they used the same launch event to announce a new dark mode for the tvOS, which has only been around since late 2015. 2. Location of Widgets Leaves Much to Be Desired One of the biggest changes made in iOS 10 is Apple’s addition of widget support to the lock screen and certain app icons for 3D Touch capable devices, such as iPhone 6S and iPhone 6S Plus. But since they weren’t added to the home screen, they aren’t as easily accessible as they could be. Android’s flexibility with respect to widgets far outweighs Apples in this regard. Undoubtedly, users are getting a bit tired of the timeworn checkerboard design of the icons, and a change in this area would have been welcome and refreshing. 3. Basic Keyboard Omissions Mean Unnecessary Annoyance While Apple has made some huge gains in the design of stock iOS 10 keyboards, the original long-term plan was to make them more intelligent with respect to anticipating words and key strike analysis. Unfortunately, Apple has a long way to go on this development — its keyboard offering simply doesn’t keep pace with third-party keyboards such as Swiftkey and Google. More importantly, the Apple keyboard misses the mark on an even more important feature: One-handed and swipe-type mode are still not part of the picture. Rival keyboards have had this functionality for years. Even iPads got split keyboard typing a few years back, but for some reason, keyboard improvements just don’t seem in the cards anytime soon for dedicated iPhone users. A Few More Points of Contention With iOS 10: iMessage is still exclusive. Apple had the opportunity to integrate iMessage with Android, but it chose not to. File manager is nowhere to be found, but it should be part of the functionality since iPad is trying to take the place of laptops among users dedicated to the platform. Industry experts think this feature is a must-have for the iPhone to remain competitive as a file accessibility tool. Notifications remain a bit behind the times. While notifications have improved in the lock screen, this area remains a weak link in terms of Android functionality. Industry experts expect that this area won’t see any improvement this time around, or at least in the next year or so. Even though iOS 10 was officially unveiled, the platform remains in beta — and Apple has plenty of time to tweak and improve these shortcomings. The iPhone 7 and iPhone 7 Plus/Pro are not due out for at least three months, so Apple devotees can hang on to a bit of hope for some new, improved developments — at least for a little while. If you’re looking for an IT servicer that specializes in the latest Mac technology, {company} can help. Contact us at {phone} or send us an email at {email} for more information.

For a prime example of why companies need high-end security, take a look at how a bank thwarted a 5-year-long $25 million heist. If your business happens to work with highly sensitive data, it’s incredibly important that you have the best security systems available on the market. An excellent example of the type of protection a security system can provide occurred when a gang tried to hack $25 million from a bank, and the bank solved the problem. Here’s a look at how this heist was stopped in its tracks. How They Did It Since 2011, a group of financial hackers were allegedly stealing from bank accounts using a trojan called Lurk. Lurk operates via a form of steganography; whereas, a file is hidden away on a computer as something completely different. For example, a Lurk could pose as a video, audio or image file stored on a computer. In the bank heist, one of the victims found the Lurk in a pizza order. The cybercrime gang utilized Lurk and created a botnet of infected computers so they could launch attacks against media companies, businesses and Russian banks. They attacked large Russian organizations, such as Regnum, Metropol, Russian International Bank and Metallinvestbank. In Metallinvestbank’s case, the hackers gained remote access to their systems and transferred funds to accounts under their control. In total, the hackers seized $10.2 million from Metallinvestbank. How They Got Caught Sberbank (another one of the victimized banks) worked with the Federal Security Service and the Russian Interior Ministry on a mission to catch the hackers. This resulted in the Russian police getting involved to stop more fake money transactions that were running up to an estimated $30 million, which led to 50 people being detained in what was regarded as the country’s biggest bust of financial hackers. It was discovered that simply visiting a hacker’s rigged/copied site was all that was necessary for the cybercrime gang’s Lurk to infect the system. From there, the Lurk downloaded additional modules to steal passwords and login names for bank accounts. Therefore, it’s very important to stay one step ahead of hackers by implementing top-tier security. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

European social network VK.com has been making headlines since becoming the victim of a major hack. The platform, based in St. Petersburg, is known as “Russian Facebook” since the two sites are similar in many ways. VK, previously known as Vkontakte, has 300 million registered users and about 100 million active ones. How Big Was the Attack? ThreatPost asserts that 100 million user credentials are on sale on an underground marketplace called TheRealDeal. That accounts for 33 percent of the site’s total userbase and its entire active userbase — it’s an enormous attack. It is unclear how long this data was collected or by what means, but the login credentials in question are likely those that were in use between the years 2011 and 2013. According to VK.com, the data is too old to be of value since the credentials likely have been changed. It is unclear, however, how users who did not change their passwords or login credentials during that time period are affected. High-Profile Breaches Are Becoming Common Having access to 100 million VK.com users is one thing, but cybercriminals have been busy in 2016: Myspace, Tumblr and LinkedIn have all been the victims of major hacks, leading to a leak of information of as many as 500 million combined users. What Does This Mean for the Rest of the Internet? That VK.com was hacked shows the importance of cybersecurity even when dealing with large, trustworthy platforms. VK claims it has used, “secure encrypted storage,” “password hashes” and two-factor authentication since 2012. Security factors such as two-factor authentication need to be activated by the user to be useful, however. One of the main things that internet users should take away from this high-profile hack is that extra authentication steps are worth the time and energy they require. Additionally, using the same login and password credentials across multiple sites is a dangerous gambit. Despite this, more than half of internet users still copy their passwords between different sites and platforms. Not every site can guarantee their users’ security completely, and cyberattacks can compromise even the best-protected information, making it critical that users have systems in place for protecting their own security should the need arise. For IT companies and other businesses in the tech sector, this emphasizes the importance of secure data handling and encryption. Even if the end user is not concerned about the security of their data at first, they will be after they’re victimized by an attack of this sort. Businesses in this sector will have to implement stricter security protocols to protect themselves and their users. {company} is the trusted choice when it comes to staying ahead of the latest information technology tips, tricks and news. Contact us at {phone} or send us an email at {email} for more information.

As internet technology broadens in scope and offers increasing convenience, web users become increasingly reluctant to use traditional login and password credentials to sign up for new services. While the password, when used correctly, is a very reliable method of ensuring account security, it gets less effective as the user in question is tasked with remembering more and more combinations in order to gain access to different services. Many users simply skip this problem by using the same login and password across multiple sites and accounts. This is a dangerous bet, however, since having one account compromised immediately means that the user’s entire online identity is at risk. New advances in cybersecurity seek to bypass this issue by introducing new methods of verifying user credentials without relying on complicated passwords. Shared Authentication Offers Ultimate Convenience If you’ve tried signing on to a new service recently, chances are you’ve seen the option to use your Facebook or Google credentials to do so, effectively bypassing the need to fill out a form and create a new password set. This is by far the most convenient method for user authentication on the market at the moment, and it will continue to be relevant for years to come. What shared authentication offers in convenience, it lacks in absolute security, since anyone who compromises your Facebook account, for instance, will easily gain access to any other accounts you authenticated using Facebook. Multifactor Authentication Increases Security Another new technology that is helping ease the password’s retirement is multifactor authentication. By requiring several different types of information that only the user would know, it is possible to reliable verify that user’s identity without having to resort to password memorization. This technology is not foolproof, since any attacker who learns the secret information connected to a user’s account can then access that account. Mobile Biometric Authentification Moves Forward With Apple unveiling Touch ID technology with its fifth-generation line of iPhones and iPads, a new form of user identification and verification was made available. Research has found that users find biometric identification much more secure than traditional passwords, and furthermore, that more than 50 percent of consumers are willing to choose any authentication method other than the login/password combination when signing up for new services. This means that we will see a continued push towards mobile biometric authentication in the future. Web services such as PayPal already take full advantage of biometric Touch ID technology in their iOS applications. It is only a matter of time before this technology makes its way to traditional banking systems, corporate ID credentials and more. A longtime staple of science fiction, biometric authentication allows the secure transmission of information to and from an individual without requiring them to remember to input anything; their fingerprint is typically enough to securely identify them. This offers a level of security that passwords simply cannot match. What the Future Holds for Identity Security While the login/password credentialing system has its merits and will surely be an option for years to come, it is gradually becoming obsolete. New technology is guaranteed to overtake this system, and will most likely consist of a combination between biometric and shared authentication methods. Additional multifactor authentication may be involved, or be used in cases of possible identity theft, in order to produce multiple layers of security that are both secure against attack and convenient for the user to access.

{company} is excited to present for the American Subcontractor Association. Titled  “10 Critical IT Security Protections Every Business Must Have in Place NOW To Avoid Cyber Attacks, Data Breach Lawsuits, Bank Fraud, and Compliance Penalties.” Our team works hard around-the-clock to ensure our clients are protected against the wide range of threats facing modern businesses. With this presentation, we discuss the strategies and solutions needed to effectively combat the adverse effects of cyber attacks and data breaches. When:  Thursday, June 30, 2016. Where: The Seasoned Mariner, 601 Wise Avenue, Dundalk, MD. The American Subcontractor Association is non-profit trade association focused on advocacy, leadership, networking and education for construction subcontractors and suppliers. They are recognized as the united voice dedicated to improving the business environment in the construction industry. The ASA identifies their ideal beliefs as ethical and equitable business practices, quality construction, a safe and healthy work environment, integrity and membership diversity. {company} is proud to have been asked to take part in this event, and we hope you’ll join us to learn the most effective ways to protect your operations and avoid crippling attacks. Sign up for this critical event HERE. You can also find more information by following THIS link. To learn more about our presentation and how {company} will help to keep your business safe from cyber attacks and other online threats, reach out to our team of IT experts at {email} or {phone}.