Spam From the Cloud I hate spam. I really do. And if you’re like me, you hate spam, too. Possibly something even worse are those robocallers, but you can probably figure them out pretty quickly. The problem is that now telemarketers have a new way to get into our faces — and it’s cheap. It’s as cheap or cheaper than sending an email. When the Robocallers Get Sneaky It goes something like this: You get a phone call, and you check your caller ID. It’s a local number, but you don’t immediately recognize it. Maybe your significant other has car problems and is at a mechanic shop. Maybe it’s a new customer or client who wants to talk with you, and you just don’t have their cellphone number yet. Maybe it’s your kid, and he forgot to charge his cellphone. So you answer it. Little do you know that the “person” on the other end is actually a robocaller. At this point, you’re thinking it’s obviously a robocaller and not a person, but don’t be so sure. The programmers have gotten cagey, and you may hear someone on the end say “hi!” If you reply — like most normal people — the robocaller may introduce itself by a first name and even give you a fake title and company they’re “calling” from. If you ask the robocaller if it is a computer, it will deny it vehemently. But, you’re talking with anything but a human being. Interactive Voice Response Programs in the Cloud You have to give these scam artists an “A” for ingenuity. The robocallers come from the cloud and not necessarily a central location. The outbound interactive voice response programs or outbound IVR can be sent in Voice-over-IP, or VoIP, lines that will hide where the actual phone call is being made from. Numerous companies have sprouted up offering these interactive systems, including Nuance, PlumVoice and CallFire. If this behavior seems familiar, you’ll recognize it as the driving force behind Siri, Cortana, Echo and other voice-driven interactive systems. You can thank AT&T for this little bit of innovative technology, who patented the technology back in 2006. While many legitimate companies use these robocallers, they’ve become so cheap that less-scrupulous companies are using them for various scams. CallFire, for example, allows developers to interface with its application to build their own apps, which can perform outbound IVR from just about anywhere. The U.S. District Court for the Western District of Washington ruled CallFire to be a common carrier, which protects the service from litigation when it delivers an unwanted spam message. Why Telemarketers Like These Robocallers Telemarketers, as one would expect, love this technology. The scammers can easily choose from a host of VoIP numbers that are local to you to make the call. It doesn’t matter whether they are in the next town or on the other side of the globe. By using the cloud, they can cheaply and easily deploy their robocallers and deal with unsuspecting targets who may not even know they are talking with a machine. What’s more, once they have you, they can then forward you to a real-life person who can finalize the deal. Again, you don’t know whom you are talking to or where this person is. Obviously, the cloud has opened up a Pandora’s box of mischief. So the next time you get a phone call from a local number you don’t recognize, don’t be surprised if you get someone on the end who sounds like they might be human — but aren’t.

A disturbing new trend is emerging in the world of cyber attacks on businesses, and it could mean bad news for organizations across the board. In the past, companies may have been hacked and had data compromised or stolen. Or, perhaps their networks were infiltrated by a virus, and data loss and system downtime temporarily put a halt to operations. The latest evolution in attacks involves a slightly evolved bit of programming called ransomware, and it’s holding businesses ‒ and their data ‒ hostage. What Is Ransomware? In much the same way that users can unknowingly contract a more traditional virus on their computer ‒ from email attachments or unsafe downloads, for example ‒ ransomware is a tiny program that gains access to a computer or network by exploiting security weaknesses in the software. Rather than scanning and collecting information such as credit card information and social security numbers, ransomware locks down files and makes them completely inaccessible to users. The only way for users or businesses to regain access to their own files is to pay a ransom ‒ usually in the form of bitcoins ‒ to the person or group holding the files hostage. The use of bitcoins is an essential part of the equation since bitcoin wallets are completely anonymous, and there is currently no way to trace a bitcoin wallet to a real-life individual. This keeps the attackers hidden, and it prevents them from potentially exposing themselves by trying to use a stolen credit card number or other personal information. Where Are the Authorities? When a person or business is being held hostage, the usual response is to involve the authorities rather than simply paying the ransom. The problem with ransomware, however, is that it is exceedingly difficult, if not impossible, to trace the attack to an individual. Plus, many businesses are worried about exacerbating the situation or sending a beacon to other attackers, letting them know that they’ve been compromised. In some cases, businesses simply do not want the attention that comes with an investigation and do not want their clients and associates to know they’ve been compromised. For now, the authorities are spending most of their time investigating ransomware as a whole, while anti-virus and protection companies work hard to eliminate the weaknesses that are being exploited that make ransomware possible. What Does This Mean for Businesses? It is obvious that even the smallest business should take these threats seriously. Even a ransom of a single bitcoin ‒ about $426 ‒ can take a bite out of the books of a small business and make it worth it for attackers to target them. For most small- and medium-sized businesses, it’s simpler and easier to just pay the ransom than undertake the lengthy and expensive task of rebuilding systems. Updated software and protection systems are essential, but this is not news. What may be the key to keeping attacks like these at bay is changing the mindset of business owners, from the sole proprietor to the CEO of a multi-national corporation. They must start making security part of the everyday conversation and keeping it part of the continual operation of the business rather than waiting to deal with it after an event happens. In the same way that businesses with valuable inventories lock up their warehouses, make use of monitoring equipment, and employ security firms rather than leaving the door open and relying on insurance to cover the cost of theft, today’s businesses must do the same with their data and networks to stop the evolution and escalation of ransomware.

In a stunning, daring and lucrative — at least for the thief! — heist, a woman walked into the Buckhead branch of Wells Fargo in Atlanta on February 13, 2016, and brazenly drained a customer’s three savings accounts for a total of $32,000 in cash. While police are still looking for the woman, whose image was captured on the bank’s surveillance video, she didn’t raise the suspicions of bank personnel during the initial incident. This is because the woman not only provided bank employees with the account holder’s name and two valid forms of identification to make the large cash withdrawal, she also offered the right social security number as well. Routine Online Check Nets Surprising Discovery The crime was not discovered until a later date when the account holder went online to check her bank balances. It was then that she discovered that not only was her personal savings account completely drained and left with a zero balances, both of her children’s accounts were subjected to the same treatment as well. At that point, it became clear that the victim’s identity had been stolen and that the bold thief had made off with her life savings, as well as that of her children’s. Atlanta’s Record on Crime According to a study by CreditDonkey, Atlanta ranks number two — behind only Orlando — as being a hotbed for crime. The credit card comparison website looked at a range of statistics, but concentrated on three primary ones: ID theft, violent crimes and fraud. While the city’s rates for violent crimes trailed behind other cities that showed up on the survey, Atlanta’s rates of internet crime, ID theft complaints and fraud complaints make it one of the most dangerous when it comes to its overall crime score. How Banks Can Protect Their Customers It is clear that the current strategies that Wells Fargo has in place are not sufficient enough to protect its customers. This crime underscores the fact that banks must revamp their approach to data security in order to avoid these types of issues from occurring in the future. Even banks that have an in-house IT team can use the objectivity and experience of an outside firm to provide them with valuable security strategies. Looking for a reliable IT support partner in {city} that will protect your business against the devastating effects of identity theft? We can help! Give {company} a call at {phone} or drop us an email at {email}.

Today, most business require multiple facets of modern technology for the day-to-day operation of their business. Almost every aspect of our daily lives, both personal and business, are touched by technology every single day. It seems like every week a new business is getting hit by cyberattacks. In almost every story, you read the attack could have been completely avoided if the proper cybersecurity measures had been put in place. But, if you will notice, you never hear when a small business is attacked. You know why? The loss is not significant enough to make the news, but it’s a fact that small businesses are easy targets. Most of them share the same perception about being too small for cybercriminals to care about them. This is far from the truth; instead, you are the easiest target to hit. Take a second and think about the impact to your business if your IT systems were breached and your data was lost or stolen. Depending on the severity of the breach, you could be faced with fines, legal action and loss of customer respect and business. In addition, insurance companies will not cover cyber negligence. Who wants to be the person calling a customer to let them know someone has stolen their personal information or data? And don’t forget that you may be footing the bill to repair the damage. Relationships are the key to good business. Hammett Technologies is a company that builds strong and lasting relationships with our clients. Unlike our competitors who focus mainly on just supporting your technology, we focus on securing it too! I want to let you in on a little secret in our industry. Most IT support companies want you to get hit with viruses. They want your computers to break down. They only make money based on the time they spend fixing problems that could have been avoided completely. Our solutions are designed to provide budget-friendly enterprise-level security, management and support at a monthly all-inclusive flat rate. We know our proven enterprise strategy will keep you up, running ‒ and secure. One last thing! Do you know what the biggest threat to every business is today? It’s your employees! Everyone knows how to use a computer, they have personal email accounts on google, Outlook or yahoo. They have access to social media such as Facebook, twitter and Instagram. Employees get targeted on personal accounts just as often as businesses do! You should ask yourself: Are your employees misusing company assets to access personal accounts during business hours? Not only are they providing an unfiltered entry point into your network, think about the loss in productivity that may be occurring. You should put a stop to this type of behavior right away. Do your employees have access to file-share services like dropbox, onedrive or google drive? What are you doing to stop your proprietary business and customer data from being copied out to those locations and shared? These are a few questions a security-focused IT partner should be asking when helping to keep you safe. Should you have any questions about Hammett Technologies, please contact me directly. I look forward to the opportunity of building our relationship. Ultimately, what you do is dependent on your data – and our specialty is helping our clients Design, Deploy, Connect, Managed and Protect that data.

In today’s world, small- and medium-sized companies — and even large corporations — are losing literally billions of dollars because of Internet scammers. The U.S. Federal Bureau of Investigation states that more than $2.3 billion has been stolen from businesses in less than three years. Scammers often impersonate one of the executives at a company to send an email prompting employees to transfer money out of the company — and directly into the scammer’s hands. These email scams are becoming more and more sophisticated, and they have fooled countless unsuspecting employees. Business Email Compromise These types of scams are referred to as “business email compromise.” The problem has become so prevalent that the FBI issued a formal alert to businesses in February of 2016. Occurrences of cybercrime in the form of business email compromise are reported from all over the world, with more than 79 different countries impacted. While cybercrimes like these were known to be on the rise, that they have now reached a multi-billion dollar industry for scammers is new information — and unquestionably a frightening revelation for business owners. Scammer Success = Industry Growth Experts in the fields of cyber security and cybercrime report that because of the high success level of the scammers and the relatively easy methods involved in achieving the crimes, it is very likely that this type of cybercrime will only continue to grow. Even more businesses are going to fall victim to these scams. The only way to avoid these increasingly clever scammers is education coupled with an expert IT team. Signs It’s a Scam These email scams are successful because the criminals behind them spend considerable time and effort making them look as legitimate as possible. However, a few signs signal it may be a scam email, including: A request for immediate wire transfer. The wrong name on an email. For example, the email may be signed by a company’s CEO rather than the lower-ranked person from whom it would logically come. Unusual wording in the email message. While companies can keep an eye out for signs like these, it is possible that an email will be so sophisticated and well-researched that no clear signs will indicate it’s fake. The scammers may go to great pains to research the company they’re dealing with, the individuals they’re writing to, and the finances of the company. This may allow them to create extremely convincing emails that will put a company’s well-being at stake unless the correspondence is immediately discovered to be a fraud. Preparing Your Company to Outwit the Scammers Want to be sure that your company is fully protected from Internet scammers? It is completely possible, but you need the right guidance to do so. Our IT experts are here to help. To get more info, give {company} in {city} a call at {phone}, or send an email to {email} today.

In the interest of staying abreast of the latest technological trends, learning how to properly navigate on the Cloud is an imperative lesson for virtually anyone who uses the Internet in this age. While many believe the Cloud to be a much safer place than it is, there is actually a plethora of traps and pitfalls that can be highly detrimental to one’s life. The following is an overview of the top three ways to stay safe and secure on the Cloud. 1. Be Smart About Passwords First and foremost, it is important to carefully select your passwords. This means, choosing something memorable, but not so easy that others can guess it. In addition to that, try not to recycle the same password over and over because if someone happens to hack one of your accounts, they will have the password to all of them. Moreover, be sure to create a stronger password by using a mix of upper and lowercase letters, as well as symbols in order to make it more difficult to guess. Lastly, keep it simple. You definitely need to use a password that you can remember. A password is useless if you have to keep it somewhere written down in order to remember it. 2. Pay Attention to Your Network In addition to that, the average person has become quite accustomed to using public WiFi as a means of executing a number of online tasks. While public WiFi networks are certainly convenient, they are often far from secure. Be mindful of your location and the things you view when operating on a public WiFi network. Checking your Twitter page might be totally fine, but you may want to think twice before checking your bank balance or completing a financial transaction. 3. Keep in Contact with IT Lastly, one of the best ways to stay secure on the Cloud is by regularly consulting with your IT provider. They can tell you things, such as the best places to access important data, teach you about backing up your data, as well as ways your data can be encrypted. This is the best way to stay safe and secure on the web over time. Overall, staying secure on the Cloud is not as difficult as it seems. By simply following these tips and remaining vigilant while operating in the cyber realm, you will save yourself a world of turmoil and trouble.

Today a new type of malware is currently making the rounds that may be worse than anything we have ever dealt with before. It is called ransomware and it is a type of malware that not only hijacks your desktop, but also holds it ransom. Not only is ransomware scary for individuals who manage their lives almost entirely on laptops and smart phones, it is even more frightening for small- to mid-sized businesses that depend on the viability of their IT systems for their success. What is Ransomware? Ransomware is a type of malware that not only holds your vital data files hostage, but also seeks to extort money from you for their return. How does ransomware actually work? In a typical attack, the ransomware takes control of your desktop, displaying a pop-up that your computer is infected and you must purchase a software product to take care of the problem. In early versions of ransomware you could simply reinstall windows and the problem would go away. Today, however, ransomware developers have become increasingly sophisticated. The latest forms of ransomware will actually begin to encrypt your vital personal and business files, displaying a message that you will not receive the encryption key until you have paid a particular sum, often as much as $300. The ironic thing is that some of these programs actually treat extorting money as though it were an e-commerce shopping cart, happily guiding you through the checkout process by offering you a variety of payment options. Once they have extorted several hundred dollars from you they will give you the key to retrieve and restore your files, but can you really trust them to live up to their end of the deal? What Ransomware Can Do to Your Business While the effects of ransomware on individuals may be bad enough, a ransomware attack can cripple a small- to mid-sized business. Since 2014 the frequency and severity of ransomware attacks on small businesses have increased a great deal. Small and medium sized businesses are particularly vulnerable to cyber attack because they do not have the financial resources to invest in IT management and security services. Because they have limited staff resources, many small businesses are not always able to implement IT best practices. In the event of a ransomware attack, even if the company actually does pay the ransom and receives a retrieval key, there is no guarantee that the files will not be damaged. For this reason it is important for businesses to avoid ransomware and protect themselves from ransomware attacks. Avoiding Ransomware The best way to avoid ransomware is to follow IT best practices including: Never download any suspicious files. Ransomware may appear as an .exe file attached to an email. Do not open or run any of these suspicious files without scanning them first. This is especially true if do not know the sender and were not expecting anyone to send you any attached files. Keep your anti-virus program up to date. As noted earlier, ransomware is a new type of malware. This means that, if your anti-virus is old, it might not be able to detect certain kinds of ransomware. For this reason, ensure that you have the latest version of anti-virus software protecting your system. Keep your browser and operating system updated. Those who develop malware understand that older versions of web browsers and operating systems are sure to have certain security loop-holes that brand new malware, like ransomware, can penetrate. By keeping your system up to date, you effectively avoid this risk. Protecting Your Business Against Ransomware Attacks The best way to protect yourself and your business from a ransomware attack is to take the danger of losing access to your most important files away by taking backup and business continuity measures. This is done by moving important files to a location where they cannot be written over, encrypted or erased on either an external hard drive or a remote server. If you store your files on an internal hard drive the ransomware could conceivably gain write access to them, making your important files vulnerable to ransomware attack. While this may sound like a lot of work, it is actually a standard part of most managed IT security packages. IT security services routinely back up your company’s files on remote servers, keeping them safe from threats like ransomware. Through a multi-step process, including risk assessment, backup and business continuity measures, email protection and 24 hour network monitoring, an IT security service will also keep your systems up to date, so you are always ready to avoid or deal with the latest cyber threats.

For companies that need to bring in an employee with an IT background to offer IT support for specific projects. There are many ways to go about bringing in IT talent for your company. However, there are many other options that can save your company money and one of those is the Virtual CIO, or VCIO. A Virtual CIO is a great way to get things done while saving money. Issue With Using A Consulting Model Many companies turn to the IT consulting model where they contract a firm for their IT needs. The problem with this is that the IT consulting firm will only be around for that specific project and then they are gone. They are only contracted for that specific project which means that they will stay around to ensure the job is done. This means they may only stay a few months or a year, but when they are done with the job they will no longer be there. Managed Service Provider Options A Managed Service Provider for IT support works very differently. Usually they are hired full time to assist with existing IT staff in your company, or to act as the IT department for the company. Additionally, they also offer services where they provide Virtual Chief Information Officers, also known as VCIOs. These VCIOs serve to improve a company’s IT operations and assist with executing IT strategies. What Exactly is a VCIO? VCIOs are experienced IT advisors that are employed by the Managed Service Provider. The VCIO comes to other companies to serve as an advisor and collaborates with a company’s management team. As a virtual CIO, they serve the same purpose as an in-house CIO and do things such as plan IT budgets, execute IT strategies, improve overall efficiency by researching and implementing new technologies for the company, and managing the IT infrastructure of the company. The major difference is that the VCIO is not based in the office. However, they do visit regularly despite being based out of the Managed Service Provider’s office. What are the Major Benefits of Using a VCIO? There are two major benefits of using a VCIO: executive level support and access to a large knowledge bank. Not only do companies get executive level IT support, they get it without having to pay the cost of high level executive. Companies do not have to pay for the salary of an executive employee to get all of the benefits. A VCIO offers things like strategic planning, providing guidance for IT projects, budgeting, and essentially giving the company a competitive edge by way of the IT infrastructure. Instead of paying for the salary, the company only pays for the monthly service through their managed IT plan with the Managed Service Provider. The second major advantage is that the company can get well seasoned virtual “staff” with years of experience and a great range of expertise and skills. In addition to that, they also have access to a knowledge bank from the Managed Service Provider which can be helpful with getting even the most difficult of projects done. One employee may have a lot of experience in one area of IT but a problem can occur when they are faced with an issue they have not dealt with. With a VCIO, there is always someone that they can turn to in their team to get the job done. This allows a VCIO to provide the most well-rounded service to each of their clients. As you can see, there are many benefits of a VCIO, which makes it a viable option for many companies that want executive level IT support, a vast wealth of knowledge whenever needed, and to save money in the process.

A number of organizations are on track to review privileged online activity with reviews due for completion in the next two years. These reviews are expected to cut down on data theft and leakage by around one-third. In the meantime, there are a few things your IT department can do to manage privileged accounts and ensure data security within your organization. 1. Inventory Accounts and Account Holders This tip is simple and should already be done. Each account holder should be fully vetted when you bring them on board in your organization. However, sometimes daily operations become overwhelming and account information and user data can become outdated. Your organization should do a full audit of all privileged accounts and ensure that these accounts are only being accessed by the proper account holder. Accounts that are no longer used or those that are assigned to employees that are gone should be closed or reassigned as necessary. 2. Password Security When you brief new team members on their privileged accounts, you are likely careful to inform them that passwords should never be shared with other individuals, whether inside the company or outside vendors and service providers. However, in a time crunch or when one team member is out on vacation or home sick, employees may share passwords, so those in the office can access to information and accomplish tasks in the absence of the missing employee. Ensure that no passwords have been shared, and if they have, reset the password and offer re-education to employees on password security. 3. Minimize the Number of Accounts with Access to Privileged Information Clean up the list of users with access to privileged data. It’s likely that some users don’t need privileged access. This not only helps to ensure data security, it also makes life easier for your IT department. Your information security team will have less work to do when the amount of privileged accounts is reduced. Monitoring those that remain will take up less time during the workday and allow other tasks to be done that may have taken a backseat due to time constraints. 4. Tighten Controls on Privileged Account Use The activity and access of all privileged accounts should be monitored, no matter the level of the user in the organization. Upper-level executives and lower-level team members should all be monitored the same way, to ensure the greatest information security. Establish processes to monitor accounts that are currently in use. Review the process for assigning privileged access to account holders, and tighten up the process, if necessary. You should also review the records you keep on privileged account holders and ensure these records are complete and up to date, so you know exactly what information is being shared and who is sharing it with whom. 5. Use Temporary Privileges Instead of Allowing Unfettered Access When a user needs to access privileged information the easiest way to do this is to apply permanent access privileges to the account. This takes less time for the IT department and keeps the user from constantly requesting access to data. However, this is a great way to cause a data breach or mishap that can damage your company’s reputation. Consider allowing temporary access to privileged information for some employees to help tighten down on the potential for data compromise. Remember to keep records on which employees have been given temporary access to privileged information, and when access was granted and removed. Data management is important for several reasons. Establishing proper controls and procedures to maintain limited access to this sensitive information protects your employees and clients. Ensuring the security of your company’s data will also save money and time, and keep your reputation intact while other companies are being blasted in the media for allowing data to be leaked outside secure servers. Conducting regular audits and keeping a tight rein on your data takes surprisingly little investment of time and money, and ensures the security of information both within your company walls and outside your organization.

Nowadays both at home and at work, everyone is pretty much joined at the hip with an email account. Marketers, junk mailers, and spammers clog our in boxes to where, according to one USA Today article, people can spend nearly 30 percent of each work week just managing and triaging their email. With so much of it flying around, email continues to be a convenient vector for crooks to transmit Trojans and other insidious malware targeting our personal and company’s data. Just when we thought that experts like Norton and McAfee were holding the line against those attacks, up pops a particularly nasty variety known called ransomware. Clicking on an email attachment isn’t the only way you can unknowingly download ransomware. Following a link to a hacked web site will also do the dirty trick. In any case, once the ransomware enters your system, you must remove it to regain access to your computer or smartphone. Or you can pay what the culprits’ demand, with no guarantee they will send you the decryption key. Weird emails are showing up According to a piece by Brett M. Christensen at Hoax Slayer.com, emails with no body text and subject lines that have a group of letters, numbers and a .jpg file extension have hit some in boxes. At the bottom of the aforementioned email is an attachment, which has the same labeling as the subject line. If you click on the attachment, you will open a JavaScript (.js) file, which does the rest: The rest is called Locky ransomware, which scrambles all your computer files. The JavaScript connects our computer to a remote server, which downloads and installs the Locky ransomware. Once it’s there, you get a heart-stopping popup window demanding payment, typically in Bitcoin. Note: Data files will not carry a virus, since the virus must have executable code. File extensions .txt, .csv, .gif. jpg, .mp3, and .wav, do not have executable code. If you receive a Microsoft Word document with a .doc extension, and you are asked to enable Word macros, don’t do it. It’s a ruse to get the document to load the ransomware. An ounce of prevention avoids a ton of headaches Once your system is locked, you cannot access it. There is no quick way to cleanse your system from ransomware, but you can protect your system in a number of ways: 1. Keep an entire system backup either off-site or on a device disconnected from your computer when you are not actually backing up. Ransomware looks for all connected drives and encrypts everything. You can use your full, uninfected backup for a complete system restore, but you will lose any data you entered from the time of the last backup. 2. Invest in anti-virus/malware software products, which keep up with the threat and protect your system. According to one recentTechTarget piece, ransomware creators are constantly on the alert to circumvent detection. how to 3. Watch what you open, and never click on suspicious URLs or file attachments. If you set your file viewing system to show all file extensions, the innocent looking image file (.jpg, etc.) will have an additional extension like .zip or .rar. More emails to watch out for Finally, be on the lookout for emails in the following categories, which have been known to carry Locky ransomware: “Payment Declined” — A bogus sales manager asks you to click on and double check an “invoice,” which is an attached booby-trapped file. “Payment Accepted” — A fake financial manager asks you to check a “payment confirmation” by opening a file. You know the rest. “Order Status” — You receive a thank-you for your recent order and an invitation to review the details by opening an attached .zip file that explodes in your face. “Received Documents From Your Bank” — Who wouldn’t be tempted to open an attachment like this? Well, don’t do it. Call your bank instead.