Are you making these cyber security mistakes?

It feels like every day we’re being warned about a new threat to our cyber security, doesn’t it?

That’s for good reason. Last year, ransomware attacks alone affected 81% of US businesses. And the cost of cybercrime is estimated to hit $10.5 trillion by 2025, according to the ‘2022 Cybersecurity Almanac’. But we’re still seeing far too many businesses that aren’t taking this threat seriously.

It’s not only your data that you could lose if your company falls victim to a cyber-attack. The cost of remediation or mitigation can run into tens of thousands of $$$. And at the same time, you’ll suffer an average of 21 days of downtime after a cyber-attack. Imagine… 21 days without being able to use all your business technology as normal. It doesn’t bear thinking about. That’s not to mention the loss of trust your clients have in you, which could lead to you losing their customers.

It’s really important that your business is taking appropriate steps to keep your data safe and secure. That most likely means a layered approach to your security. This is where several solutions are used, which work together to give you a level of protection appropriate to your business. This reduces your risk of being attacked. And makes recovery easier should you fall victim.

It’s worth pointing out that you will never be able to keep your business 100% protected from cyber-attacks. Not without totally locking down every system, to the point where it would be very difficult to do business (and your staff would constantly be looking for ways around the enhanced security).

No, the key to excellent cyber security is striking the right balance between protection and usability.

There are three mistakes that are most commonly made by businesses – and they’re also some of the most dangerous mistakes to make. Is your business making any of these?

Mistake 1) Not restricting access

Different employees will have different needs when accessing company files and applications. If you allow everyone access to everything it opens up your entire network to criminals. You should also make sure to change access rights when someone changes roles, and revoke them when they leave.

Mistake 2) Allowing lateral movement

If cyber criminals gain access to a computer used by a member of your admin team, that in itself might not be a disaster. But what if they could move from your admin system to your invoicing system… and from there to your CRM… and then into someone’s email account? This is known as lateral movement. The criminals gain access to one system and work their way into more sensitive systems. If they can get into the email of someone who has admin rights to other systems or even the company bank account, they can start resetting passwords and locking out other people.

Scary stuff.

One strategy against this is called air gapping. It means that there’s no direct access from one part of your network to another.

Mistake 3) Not planning and protecting

Businesses that work closely with their IT partner to prepare and protect are less likely to be attacked in the first place. And will be back on their feet faster if the worst does happen. You should also have an up-to-date plan in place that details what to do, should an attack happen. This will significantly shorten the amount of time it takes to respond to an attack. That means you’ll limit your data loss and the cost of putting things right again.

If you know you’re making one (two, or even three) of these mistakes in your business, you need to act quickly. We can help.

The importance of keeping your devices updated

The importance of keeping your devices updated

Hate those annoying update notifications? We all do. First you need to determine whether the notification is legit or not. Assuming it is, then having to go through the process of updating annoys most people when you get one of those alerts that your device needs to be updated.

And they’re so easy to ignore. “Leave it for a few weeks… it’ll be OK…” Right?  Wrong!

There are many reasons why you should always keep your devices fully updated, and why we do this for our clients, so they don’t have to think about it.

Here are the main reasons.

The Sharing Team is experienced in determining what updates you need to stay on top of and help you determine when to safely apply security updates without concern.Let us help.

Is this the end of passwords… forever?

Is this the end of passwords… forever?

No one likes passwords. Creating them. Remembering them. Typing them in.

Your whole mood can change when an application you’re using suddenly logs you out, and you have to go through login all over again. It’s frustrating for all of us. The use of a secure password manager helps but you still have to deal with passwords.

So, we have some welcome news, courtesy of Microsoft, Apple, and Google. The tech giants have joined forces to kill off the password for good.

During the next year, there is a plan to roll out no-password logins across their platforms, using a standard tech by the FIDO (Fast Identification Online) Alliance. This organization sets the standards for passwordless authentication.

Sure thats a bit of a mouthful … so some people call this a passkey. Much easier to remember.

A passkey works in a similar way to multi-factor authentication (where you use a separate code generated by your device to prove it’s really you), also know as Two-Factor Authentication but with less effort required.

It’s pretty simple but secure. To login to your device, you’ll use your phone to prove it’s really you. Your computer will use Bluetooth to verify you’re nearby. Because Bluetooth only works a short distance, this should stop many phishing scams. Then it’ll send a verification message to your phone. You’ll unlock your phone in the usual way, with your face, fingerprint, or PIN. And that’s it. You’re logged in.

Passkeys rely on something called public key cryptography. When you register with an application or website a key pair is made between the website and your device. These are a sequence of ong numbers that are connected in some way. But you’ll never see them, and you certainly don’t have to remember them. Your phone verifies the pair when you unlock it in the normal way.

In addition, you don’t have to worry about losing your device. It’s not enough to just have your device … someone has to be able to unlock it as well. Your passkeys will be backed up automatically, so transferring data to a new device is easy. Similarly to the same way it’s now easy to set up a new phone to be just like your old device.

These passkeys are not only simpler for you but will keep your data safer. There is no password for criminals to steal. And your phone needs to be close to your computer to login. Sp physical location is important to security. While you should not consider it completely foolproof, it is more secure than saved passwords.

Any version of authentication has some weaknesses. Whether it is passwords, biometrics, faceID and so on … each has its pros and cons. However, the biggest strength in Passkeys is a physical location and requires two separate devices, one of which, you likely don’t get far from, must be in physical location near to each other.

If you would like to learn more about this technology, check out this link.

 

Digital Transformation and how it can help your business grow

Digital Transformation and how it can help your business grow

We have all seen a LOT of change over the past couple of years. You’ve changed the way your business operates, including how we interact with others.

How has your business changed? What change do you need to make in the years ahead? And how does your technology help to power that?

We’ve written a new guide about something called Digital IT transformation. It’s how you use current technology to bring on a revolution within your business.

It’s what Netflix and Lego did… and Kodak famously didn’t. Download our case study about this, and learn how digital IT transformation affects businesses of every size, in our new guide.

Three ways to keep your phone protected

Three ways to keep your phone protected

We rely on our phones for EVERYTHING these days. Especially running our businesses and doing work efficiently.

If you do any work at all on your phone, this is a must-watch video.

It’s the 3 things we recommend to keep your business’s data safe, no matter what happens to your phone.

The Sharing Team is experienced in determining what updates you need to stay on top of and help you determine when to safely apply security updates without concern.Let us help.

Are your remote employees using faulty equipment?

Are your remote employees using faulty equipment?

A new report has discovered that 67% of remote workers are using faulty tech when they are working remotely. Often that’s because they’ve accidentally damaged the tech themselves they don’t want to admit it to their boss in case they get into trouble.

A survey of 2,500 remote workers found that laptops were most likely to be broken, followed by keyboards, monitors, and PCs.
Most of the time the damage was done by spilled food and drink. Other causes of damage included other people in the house such as a partner or housemates – and of course, pets.

We’ve all watched in horror as a cat brushes up against a full glass of water next to a laptop. While more than half of people try to fix the damage, and 81% of people continue to use their faulty devices with limited features, a third of workers switch to their personal devices instead.
As well as this causing a loss of productivity, it could also be a huge data security risk for your business. It’s possible, even likely, their personal laptop doesn’t have proactively monitored security protection as their work laptop does, including:

      • Security software
      • Data encryption
      • Multi-factor authentication

When an attacker gains access to an unmanaged device, if it’s connected to your network, it also can give them unmonitored access to your infrastructure and all of your business’s data.

This can result in your data being stolen and sold. Or worse, your data is encrypted and held for ransom. However, you already have a plan for that … right? No? Ransomware is the most common cyber security threat to your business right now.
It’s not just access to your data that’s the problem. After a ransomware attack, there is a huge time and financial cost involved in making sure your network is clean, protected and secured … if you aren’t prepared.

Shring’s recommendation is to start with evaluating your employee’s Security Awareness. This includes helping them understand the risks associated with using personal devices, whether they work remotely or not. Some will say “Just block any non-business managed device from accessing your infrastructure”. And honestly, that would be ideal however this is not practical with many organizations.

We can help evaluate your current exposures and assist you in choosing the right security approach for your organization, or implementing new policies to help your staff protect your critical business data, give us a call.

Resource – Protect yourself from phishing

Resource – Protect yourself from phishing

Phishing (pronounced: fishing) is an attack that attempts to steal your money, or your identity, by getting you to reveal personal information — such as credit card numbers, bank information, or passwords — on websites that pretend to be legitimate. Cybercriminals typically pretend to be reputable companies, friends, or acquaintances in a fake message, which contains a link to a phishing website.

You’ve all heard of the “big name” phishing/ransomware attacks that have had widespread affect on us all. Know that all of the organizations had high-dollar, cutting edge technology in front of their networks to help mitigate these attacks however these events prove that technology alone, cannot prevent your organization from being a victim of a phishing attacks. And unfortunately they are becoming the norm.

One person accidently clicking on a malformed url/link in a email is all it takes. So it is important to educate yourself, your peers, your family how to identify and protect yourself from these vicious attacks.

We encourage you to take about 10 minutes to review this highly informational article/video by Microsoft focusing on how to protect yourself and your organization from phishing and ransomware. We are confident you will learn something. 

 

PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

PHISHING ATTACKS SUBSTANTIALLY INCREASE ALMOST OVERNIGHT

THIS IS AN IMPORTANT ALERT FROM THE SHRING SUPPORT SERVICES TEAM

We have seen a huge uptick in spear-phishing attack attempts globally. Some group(s) are mounting large-volume attacks utilizing phishing emails in an attempt to catch folks working from home off guard. They are banking you not having the typical protection you would in the office.

Shring has a very robust email protection platform that utilizes multiple technologies to determine the legitimacy of inbound emails. You … as the recipient are the last line of defense for your organization. Whether we host your email or not .. it is imperative that you up your skepticism on inbound emails you may receive. This not only applies to work email but your personal email as well. There seems to be a focus on GMail, Hotmail and Microsoft hosted email domains.

With that being said, it is super important that you be diligent in reviewing emails before taking any type of action if they include links. DO NOT CLICK ON ANY LINKS OR ATTACHMENTS in an external email body unless you are 1000% sure that it is legit.  Yup … you’ve been hearing this from us for years but it is another reminder of the potentially severe consequences that can result from just a single click.

If you receive an email and are unsure about its legitimacy, please do not hesitate to forward us for review. We will get back to you within a few minutes during normal business hours of 8AM to 8PM EST. However please do not forward any emails that may contain Personally Identifiable Information (PII) such a Social #s, Account numbers, TaxIDs, etc. Call us and we can work with you on these without compromising data security.

It is unfortunate, with everything else we are having to deal with in our world right now, this being a concern but it is. Remember all the malware protection tech in the world will not work if you overrule it. Should you be working remotely and get a popup message from a threat prevention tool .. don’t ignore it! Read it so that you understand what it just did and why?

As always our sole focus is protecting your organization’s mission-critical data and your privacy.

Shring Support Services

PHISHING? What the?

PHISHING? What the?

What’s this all about and why should I be worried about it?

Phishing has become the current choice of attacks that hackers use to gain entry to restricted networks. Most common today is fake emails with malicious links in them that, when clicked, execute some form of malware on your device whether it be Windows Desktop, Mac or Mobile Devices. Read More »

Scam Alert – Malicious DropBox Emails

Scam Alert – Malicious DropBox Emails

Heads up .. this is important! We are sending this alert to all our customers reminding you to be extremely diligent when receiving this warning.

We all know that historically ZIP files are the attachments to be super suspicious of. Well, now its PDFs as well. We all use PDFs and that’s what makes it easy to embed malicious code and get past our own diligence in an email.

Be advised, we are seeing a huge influx of fake Dropbox notifications with malicious PDFs attached.

Remember:

  • If it is not from noreply@dropbox.com, it is likely not legit.
  • Do NOT open a PDF attachment from any email address you do not know. Dropbox or not!
  • Dropbox shares do NOT attach a file to an email. Only link back to Dropbox will be provided. (see below)

Below are examples of legit and fake Dropbox notifications:

Legit Dropbox Notification:

Fake Malicious Dropbox Email:

After seeing a legit Dropbox email .. the above screams malicious. However, we get busy and often don’t take the time to actually look at the details. It is now imperative that you scrutinize ANY and ALL emails with attachments. No technology will prevent human overt-rides. I.E. you click on the link and open the PDF .. it is too late!

Be wary of any attachment from an email you are not familiar with.

Stay Diligent! Shring Support Services