A huge number of small and medium-sized businesses would consider using pirated software to try and save money. A new study has revealed a surprising number of businesses willing to break the law to save costs. Our advice? Think twice before you walk the plank.

Right now, the most popular types of pirated software are project management tools, and marketing and sales software. But a huge 56% of business owners said they’d even think about using illegal cyber security software in an effort to cut costs.

Don’t do it.

Not only is pirated software unsupported – so if you have a problem with it (which you probably will) there’s no help available to rectify the issue – but it can open your business up to bigger problems too.

It’s common for cyber criminals to use pirated software to distribute malware. Some of this is designed to evade firewalls, which means once installed, it can spread malicious files beyond your device to your entire network. That can lead to your sensitive data being compromised or stolen.

The cost of putting things right after this kind of cyber attack can end up costing a fortune, and the pirated software can damage your devices by causing them to slow down or overheat.

We advise our clients to always use genuine software from a reputable source. If the cost of the software seems too good to be true… it probably is.

But there’s more you can do. You should prevent unauthorized employees from downloading software that could be harmful by managing admin rights properly. And you should ensure your whole team has regular cyber security awareness training to make everyone aware of the risks to your business data.

If you’d like help finding genuine software for your business, or creating a cyber security plan, just get in touch.  

Published with permission from Your Tech Updates.

As you may know by now, Facebook announced a massive data breach today affecting at least 50 million (yup you read that right) users. 

It seems that a vulnerability in Facebook’s code for the “ViewAs” feature was exploited allowing the attackers to compromise access tokens which are digital unique identifiers of you and your account and prevents you from having to re-enter your password multiple times which would drive you crazy if you had to.

Facebook states that “there’s no need for anyone to change their passwords” however are you willing to trust your privacy to Facebook? Can those two words even be in the same sentence? Probably not. Be proactive and change your password which will regenerate the access tokens associated to your account assuring your account is safe.

It seems like the vulnerability has been there since July of 2017 and was just recently identified and corrected. So this “leak” has been there for a while.

Here are several links with more technical details on the Facebook breach, should you be interested:

• Facebook breach put data of 50 million users at risk
• Zuckerberg says Facebook working with FBI to investigate
• Everything We Know About Facebook’s Massive Security Breach

So the reality is Facebook and most reputable technology firms go to great legnths to get coding right and keep it secure but it is not uncommon that future modifications of existing code cause changes and vulnerabilities not perceived by the developer making the change. Organizations that have developers working with this kind of code typically have Change Management in place which primary purpose is understanding what effect a change in older code will make. Honestly, it is impossible to cover all scenarios but exposing 50 Million customers private data is not acceptable!

In today’s environment of constant data breaches and privacy compromises you shouldn’t be surprised but at the same time, you should become numb to this issue and protecting your privacy and data should stay high on your priority list. However, it will not protect itself and it has become painfully obvious you can’t rely on the “big players’ either. Be proactive!

What Can I Do Besides Change My Password?

Use Common Sense – First and foremost (and I’m sure you’ve heard if before) common sense should be in play. Be extremely cautious of what you post to social media. Yeah its great to share pics with friends and other interesting items but telling everyone in the world you are on vacation in another country (and that your home is currently empty) is probably not the smartest thing to do. Posting pics is great but consider whats in the picture frame before you take the shot. Are your vehicle tags in the frame? It is way too common to see pics posted on social media that contain things allowing someone to determine locations and identities. Facebook’s face recognition should scare you all by itself and especially your kids.Think ahead.

Use 2-Factor Authentication (also known as 2FA) – 2FA is where you have set up to send an authentication code to mobile devices verifying you are the owner of an account or password. Sure it can be a pain in the butt if you don’t have your phone with you but there are usually ways to do 2FA without your phone. This prevents unauthorized access to your accounts should your password be compromised. Use 2FA when possible!

Use Private Browsing – While certainly not full proof using your browser “private browsing” function, which is not on by default, helps protect the data stream between your computer and the websites you visit.

Use Complex Password – It baffles us how often we see 5-letter super simple passwords that are super simple to compromise. Start using sentences as passwords instead of one word. Most systems limit the minimum number of characters but not the maximum. Recently had a customer whose passwords were her pets name and her account was recently compromised. She couldn’t figure out what happened until we showed her the pics she posted all over Facebook of the pet WITH the pet’s name. Social engineering at its best! Also, we find customers using sentences as passwords are less likely to forget them which is a bonus.

How Do I Keep Up With All These Passwords? – Well, the answer certainly isn’t having everything with the same password! You are making it too easy to compromise. If you find you have too many passwords to track, use a password manager. Not only will it store and auto-enter your passwords, but you can also let it generate a complex password that you don’t have to recall. We highly recommend #LastPass. Shring has done very intensive testing of various password managers and LastPass is the winner. Check it out here.

What’s this all about and why should I be worried about it?

Phishing has become the current choice of attacks that hackers use to gain entry to restricted networks. Most common today is fake emails with malicious links in them that, when clicked, execute some form of malware on your device whether it be Windows Desktop, Mac or Mobile Devices. Read More »

Heads up .. this is important! We are sending this alert to all our customers reminding you to be extremely diligent when receiving this warning.

We all know that historically ZIP files are the attachments to be super suspicious of. Well, now its PDFs as well. We all use PDFs and that’s what makes it easy to embed malicious code and get past our own diligence in an email.

Be advised, we are seeing a huge influx of fake Dropbox notifications with malicious PDFs attached.

Remember:

• If it is not from noreply@dropbox.com, it is likely not legit.
• Do NOT open a PDF attachment from any email address you do not know. Dropbox or not!
• Dropbox shares do NOT attach a file to an email. Only link back to Dropbox will be provided. (see below)

Below are examples of legit and fake Dropbox notifications:

Legit Dropbox Notification:

Fake Malicious Dropbox Email:

After seeing a legit Dropbox email .. the above screams malicious. However, we get busy and often don’t take the time to actually look at the details. It is now imperative that you scrutinize ANY and ALL emails with attachments. No technology will prevent human overt-rides. I.E. you click on the link and open the PDF .. it is too late!

Be wary of any attachment from an email you are not familiar with.

Stay Diligent! Shring Support Services

A newly detected drive-by attack encrypts files and documents then demands payment to decrypt data.

PDF-based malware being found embedded in legit PDF files. Meaning they have been modified after they were created.

Read More »

Heads Up! Google Docs Phishing Scam Making It’s Way Around

We are seeing a large amount of malicious Google Docs emails being recieved.This is not coming from Google but others attempting to either infect your workstation with malware or to gain access to your Google account. Be cautious and skeptical of any GOogle Docs, DropBox or other file sharing invitation email.

Read More »

No … this is not a legit FireFox update!

Recently we have run into quit a few customers who use Mozilla Fiefox as their primary browser. While definitely not new, seems that we are seeing this pop-up more frequently again.

While its easy to not pay attention to this when presented with it … if you knowe what to look for … you will several blaring obvious signs it is malicious … Read More »