Is this the end of passwords… forever?

No one likes passwords. Creating them. Remembering them. Typing them in.

Your whole mood can change when an application you’re using suddenly logs you out, and you have to go through login all over again. It’s frustrating for all of us. The use of a secure password manager helps but you still have to deal with passwords.

So, we have some welcome news, courtesy of Microsoft, Apple, and Google. The tech giants have joined forces to kill off the password for good.

During the next year, there is a plan to roll out no-password logins across their platforms, using a standard tech by the FIDO (Fast Identification Online) Alliance. This organization sets the standards for passwordless authentication.

Sure thats a bit of a mouthful … so some people call this a passkey. Much easier to remember.

A passkey works in a similar way to multi-factor authentication (where you use a separate code generated by your device to prove it’s really you), also know as Two-Factor Authentication but with less effort required.

It’s pretty simple but secure. To login to your device, you’ll use your phone to prove it’s really you. Your computer will use Bluetooth to verify you’re nearby. Because Bluetooth only works a short distance, this should stop many phishing scams. Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN. And that’s it. You’re logged in.

Passkeys rely on something called public key cryptography. When you register with an application or website a key pair is made between the website and your device. These are a sequence of ong numbers that are connected in some way. But you’ll never see them, and you certainly don’t have to remember them. Your phone verifies the pair when you unlock it in the normal way.

In addition, you don’t have to worry about losing your device. It’s not enough to just have your device … someone has to be able to unlock it as well. Your passkeys will be backed up automatically, so transferring data to a new device is easy. Similarly to the same way it’s now easy to set up a new phone to be just like your old device.

These passkeys are not only simpler for you but will keep your data safer. There is no password for criminals to steal. And your phone needs to be close to your computer to login. Sp physical location is important to security. While you should not consider it completely foolproof, it is more secure than saved passwords.

Any version of authentication has some weaknesses. Whether it is passwords, biometrics, faceID and so on … each has its pros and cons. However, the biggest strength in Passkeys is a physical location and requires two separate devices, one of which, you likely don’t get far from, must be in physical location near to each other.

If you would like to learn more about this technology, check out this link.

Digital Transformation and how it can help your business grow

We have all seen a LOT of change over the past couple of years. You’ve changed the way your business operates, including how we interact with others.

How has your business changed? What change do you need to make in the years ahead? And how does your technology help to power that?

We’ve written a new guide about something called Digital IT transformation. It’s how you use current technology to bring on a revolution within your business.

It’s what Netflix and Lego did… and Kodak famously didn’t. Download our case study about this, and learn how digital IT transformation affects businesses of every size, in our new guide.

Download our new guide here

Are your remote employees using faulty equipment?

A new report has discovered that 67% of remote workers are using faulty tech when they are working remotely. Often that’s because they’ve accidentally damaged the tech themselves they don’t want to admit it to their boss in case they get into trouble.

A survey of 2,500 remote workers found that laptops were most likely to be broken, followed by keyboards, monitors, and PCs.
Most of the time the damage was done by spilled food and drink. Other causes of damage included other people in the house such as a partner or housemates – and of course, pets.

We’ve all watched in horror as a cat brushes up against a full glass of water next to a laptop. While more than half of people try to fix the damage, and 81% of people continue to use their faulty devices with limited features, a third of workers switch to their personal devices instead.
As well as this causing a loss of productivity, it could also be a huge data security risk for your business. It’s possible, even likely, their personal laptop doesn’t have proactively monitored security protection as their work laptop does, including:

- - Security software
  - Data encryption
  - Multi-factor authentication

When an attacker gains access to an unmanaged device, if it’s connected to your network, it also can give them unmonitored access to your infrastructure and all of your business’s data.

This can result in your data being stolen and sold. Or worse, your data is encrypted and held for ransom. However, you already have a plan for that … right? No? Ransomware is the most common cyber security threat to your business right now.
It’s not just access to your data that’s the problem. After a ransomware attack, there is a huge time and financial cost involved in making sure your network is clean, protected and secured … if you aren’t prepared.

Shring’s recommendation is to start with evaluating your employee’s Security Awareness. This includes helping them understand the risks associated with using personal devices, whether they work remotely or not. Some will say “Just block any non-business managed device from accessing your infrastructure”. And honestly, that would be ideal however this is not practical with many organizations.

We can help evaluate your current exposures and assist you in choosing the right security approach for your organization, or implementing new policies to help your staff protect your critical business data, give us a call.

Resource – Protect yourself from phishing

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information — such as credit card numbers, bank information, or passwords — on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.

You’ve all heard of the “big name” phishing/ransomware attacks that have had widespread affect on us all. Know that all of the organizations had high-dollar, cutting edge technology in front of their networks to help mitigate these attacks however these events prove that technology alone, cannot prevent your organization from being a victim of a phishing attacks. And unfortunately they are becoming the norm.

One person accidently clicking on a malformed url/link in a email is all it takes. So it is important to educate yourself, your peers, your family how to identify and protect yourself from these vicious attacks.

We encourage you to take about 10 minutes to review this highly informational article/video by Microsoft focusing on how to protect yourself and your organization from phishing and ransomware. We are confident you will learn something.

Learn how to protect yourself
from phishing attacks here

Link to Microsoft article

PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

THIS IS AN IMPORTANT ALERT FROM THE SHRING SUPPORT SERVICES TEAM

We have seen a huge uptick in spear-phishing attack attempts globally. Some group(s) are mounting large-volume attacks utilizing phishing emails in an attempt to catch folks working from home off guard. They are banking you not having the typical protection you would in the office.

Shring has a very robust email protection platform that utilizes multiple technologies to determine the legitimacy of inbound emails. You … as the recipient are the last line of defense for your organization. Whether we host your email or not .. it is imperative that you up your skepticism on inbound emails you may receive. This not only applies to work email but your personal email as well. There seems to be a focus on GMail, Hotmail and Microsoft hosted email domains.

With that being said, it is super important that you be diligent in reviewing emails before taking any type of action if they include links. DO NOT CLICK ON ANY LINKS OR ATTACHMENTS in an external email body unless you are 1000% sure that it is legit. Yup … you’ve been hearing this from us for years but it is another reminder of the potentially severe consequences that can result from just a single click.

If you receive an email and are unsure about its legitimacy, please do not hesitate to forward us for review. We will get back to you within a few minutes during normal business hours of 8AM to 8PM EST. However please do not forward any emails that may contain Personally Identifiable Information (PII) such a Social #s, Account numbers, TaxIDs, etc. Call us and we can work with you on these without compromising data security.

It is unfortunate, with everything else we are having to deal with in our world right now, this being a concern but it is. Remember all the malware protection tech in the world will not work if you overrule it. Should you be working remotely and get a popup message from a threat prevention tool .. don’t ignore it! Read it so that you understand what it just did and why?

As always our sole focus is protecting your organization’s mission-critical data and your privacy.

Shring Support Services

PHISHING? What the?

What’s this all about and why should I be worried about it?

Phishing has become the current choice of attacks that hackers use to gain entry to restricted networks. Most common today is fake emails with malicious links in them that, when clicked, execute some form of malware on your device whether it be Windows Desktop, Mac or Mobile Devices. Read More »

Scam Alert – Malicious DropBox Emails

Heads up .. this is important! We are sending this alert to all our customers reminding you to be extremely diligent when receiving this warning.

We all know that historically ZIP files are the attachments to be super suspicious of. Well, now its PDFs as well. We all use PDFs and that’s what makes it easy to embed malicious code and get past our own diligence in an email.

Be advised, we are seeing a huge influx of fake Dropbox notifications with malicious PDFs attached.

Remember:

If it is not from noreply@dropbox.com, it is likely not legit.
Do NOT open a PDF attachment from any email address you do not know. Dropbox or not!
Dropbox shares do NOT attach a file to an email. Only link back to Dropbox will be provided. (see below)

Below are examples of legit and fake Dropbox notifications:

Legit Dropbox Notification:

Fake Malicious Dropbox Email:

After seeing a legit Dropbox email .. the above screams malicious. However, we get busy and often don’t take the time to actually look at the details. It is now imperative that you scrutinize ANY and ALL emails with attachments. No technology will prevent human overt-rides. I.E. you click on the link and open the PDF .. it is too late!

Be wary of any attachment from an email you are not familiar with.

Stay Diligent! Shring Support Services

Alert – Comcast/Xfinity Phishing Email Scam

Heads Up!

We are seeing a scary email attempting to pass through our ShringMail platform that is malicious and we wanted you to be aware of it as it is passing its way through the “interwebs”. It is being sent to both existing customers and others who are not even Comcast customers.

The email looks like this (more below image):

comcast scam1

Looks legit right? However if you place your mouse over the link (DO NOT CLICK ON IT) you will see the actual URL you would be taken to. Obviously this is NOT a valid Comcast or Xfinity email address as shown below:

comcast scam2

Do not click on ANY links in the email. Delete it! Yes this is serious so an extreme awareness of this situation is critical.

If you have been caught by this scam and have not taken action to remediate this issue, please do not hesitate to contact the Shring Team as would be happy to assist in helping address the issue before major damage is done.

Contact Us Now

Digital “Spring Cleaning” Checklist

As Spring approaches, it’s time to take a few minutes and cleanup your “digital self” a good cleaning as well. While it certainly would be nice for this to be a once-a-year process, today your constant attention to what actions you take on the web. However, it is extremely important to take some time to “clean up” your devices and your approach to security.

Below you will find a list of things that will, not only keep your devices running smoothly, but also make great strides in helping protect your security and identity. While it’s probably not realistic to think you can do them all in one setting, we suspect you will find tasks listed here you never thought about.

CLEAN UP YOUR DEVICES

Make sure that all web-connected devices are squeaky clean.

Update software on all internet-connected devices to reduce risks from malware and infections.
Clean up your mobile life by deleting unused apps, keeping others current and reviewing app permissions.
Clear save browser cache from all browsers including Chrome, Firefox, Internet Explorer, MS Edge and even Opera.
Use third-party threat protection including on your mobile devices.

STEP UP YOUR SECURITY PRACTICES

Reviewing the security of your online accounts is a must and a fast, simple way to be safer online.

Lock down your login: Your usernames and passphrases are no longer enough to protect key accounts like email, banking and social media. Strengthen online accounts and use strong authentication tools whenever offered.
Consider using “2FA” security – Two-Factor Authentication requires a second form of authorization and makes your account as secure as possible.
Secure your home router by making sure it has a strong passphrase and does not broadcast obvious identity information. And for god’s sake, update your router firmware. This is the #1 most common weakness in home networks.
Start using passphrases not passwords as we commonly know that the longer a password is, the harder it is exponentially to compromise. Use sentences easy for you to remember but aren’t obvious that are at least 12 characters long. Focus on positive phrases that you like to think about and are easy to remember.
Make unique passphrases for important accounts like email, finance and healthcare. You don’t use the same password/passphrase for everything do you? Of course not … no one would … right? SMH! (if you don’t know what SMH means, Google it!)
Step up security on your tablets and phones using at minimum a PIN lock but with biometrics becoming the norm on newer phones, you should be using finger-print, retina or facial recognition. Takes a little bit to get used to but will quickly become part of your process and protect the data on your mobile from access by “anyone”.
Use a password manager to manage the hoard of passwords and accounts we have today. We prefer LastPass.

DIGITAL FILE PURGE AND PROTECTION

Backups, Backups, Backups are obviously important but also remove, delete or purge old copies of backups that are no longer valid/current.
Clean out your old email and empty deleted folders (permanent). If you need to keep old messages, move them to an archive file. This will also greatly improve the performance of your email client.
Unsubscribe to newsletters, email alerts and updates you no longer read. This will help you identify malicious email from legit.
Update online relationships by reviewing friends on social networks and all contacts lists to make sure everyone still belongs. Pay attention to new friends and profiles you may not recall.
Revisit what you shared online to remove things that may not be current or appropriate to where you are in life. Of course, as the saying goes, “once it’s out there it’s OUT there”, it’s still appropriate to remove unwanted postings.
Copy/download important data to multiple secure locations/media and keep in a fire-protected safe where it can be safely stored.
Password protect back-up drives and keep them in a different location off the network.
Encrypt laptop hard drives to ensure your data is safe should your laptop be lost or stolen. All operating systems now include some form of drive encryption such as Windows BitDefender, for example.
Be sure to properly dispose of sensitive materials – such as hard drives and memory cards, The trach can is no place for this type of media. Well not without a hammer taken to them. The more responsible handling includes having a 3^rdparty destruction service handle it. But the hammer is much more fun. Wear safety glasses!

CLEAN UP YOUR ONLINE REPUTATION

Own your online presence by reviewing the privacy and security settings on social networks you use being sure they are set at your comfort level for sharing. Enlight of the news we are smothered with about lack of privacy, you will be surprised what privacy settings your social network now offers.
Clean up your social media presence by deleting old photos, etc. that no longer represent who you are.
Update your “personal information” by reviewing your personal information and updating it where needed. Make sure your online reputation shines.
Consider using a separate email account for online/social accounts. This will help with spam and unwanted emails as well.

MITIGATE THE DAMAGE

Has your info been part of a major data breach? It is likely! Check for compromised accounts

Visit HaveIBeenPwned to check whether any of your personal accounts have been included in the major data breaches.

CryptoWall Infection via PDFs

A newly detected drive-by attack encrypts files and documents then demands payment to decrypt data.

PDF-based malware being found embedded in legit PDF files. Meaning they have been modified after they were created.

Blog

THIS IS AN IMPORTANT ALERT FROM THE SHRING SUPPORT SERVICES TEAM

What’s this all about and why should I be worried about it?

A newly detected drive-by attack encrypts files and documents then demands payment to decrypt data.