How Multifactor Authentication Keeps your SMB’s Valuable Data 99.9% Secure

Multifactor Authentication (MFA) is a security process that requires two or more authentication steps to verify the user’s identity. The most common validators used are: 

Memorized or Stored Information
Username, password, pin, and or security questions. 

One-time Security Token
Sent to your mobile device, a key fob, or your employee ID card.

High-tech Scanners
Technology that can scan and recognize your eyes, fingerprints, face, or voice.

You are only granted access after successfully presenting two or more of the above pieces of evidence to validate identity. This adds to the time it takes you to gain access to sites, but it is one of the most reliable ways to protect your accounts from being hacked. 

Using multifactor authentication with your email service is a smart way to keep cybercriminals out. When employees log in to their email site and enter their username and password, a code is sent to their mobile device by text or an authentication app. When they enter that code, they can access their email. Unless they have their mobile device, it is 99.9% impossible to access the account. 

Integrinet IT can set up multifactor authentication seamlessly in any of your organization’s  workflow or applications – both internal network applications and external internet applications.  MFA is a valuable part of your shield against threat actors especially if you have employees accessing your network remotely. 

Business Email Compromise (BEC)

One of the most sneaky and costly cyberattacks is CEO Fraud, also known as Business Email Compromise (BEC). Either through Spearphishing Attacks, malware, or by gaining access to your cloud-based business email accounts, scammers collect data to obtain essential information such as who you pay and how.

With this information in hand, they attempt to trick your company into wiring money to an account they set up, which cannot be traced. Exploitations like these have been around for more than five years, but BEC activity has doubled in the past year. 

This is how they do it:

  1. Scammers pick a target. They search through the directories of social media websites such as LinkedIn or they go to the company’s website and look for the names of people who work there. They are especially looking for executives who have authorization to transfer money. It is not hard for them to find most of the company’s corporate officers and personnel through these channels.
    1. Scammers groom the target(s) they pick. They send emails to the target or call them on the phone to invite him/her to begin a correspondence with them. This is called spoofing. If the target responds, the scammers can view his/her email address and signature.
    2. The scammers then may set up fake email addresses and URLs by adding an extra character to make them look similar to the target’s at a glance.
    3. Other times they may just copy the name and attach another email address to it. Since some email applications only show the name, the false address behind it can be hidden.
    4. Sometimes scammers create a full email server that looks like the target’s server with a change of one character. E.g., mary.smith@companyllc.com vs. mary.smith@companylllc.com. If the coworkers at the target company just glance at this email address (as we all usually do), they most likely will miss the extra l.
  2. Once the scammers engage the target in a fictitious company project or transaction, they give instructions to wire the money to their account. Other times they act as a vendor giving new wiring instructions with the scammers account information. They might also impersonate the CEO and give instruction to the CFO to wire money to an account. The target believes they are working with a partner company or a supervisor who is giving them these instructions.
  3. The target wires the money to the untraceable account and the company never sees it again.

BEC scams may seem unlikely, but it actually happened to the Puerto Rican government which lost $2.6M and to a Tech Manufacturing company which lost $47M.

Puerto Rico government loses $2.6M in phishing scam

Ubiquiti Networks Says It Was Victim of $47 Million Cyber Scam

Between January 2014 and October 2019, the Internet Crime Complaint Center received complaints totaling more than $2.1 Billion in actual losses from BEC Scams.

FBI Public Service Announcement on April 6, 2020

Every one of your employees should be on the alert for spoofed emails. One of the most effective practices to avoid BEC scams is to train your workforce to voice-verify before transferring funds. If there are any account changes, especially new place-to-route payments, they should be approved verbally by one or two people up the corporate chain and by one or two people at the receiving company.

Another way to fight BEC is to use Multifactor Authentication (MFA) to protect your email accounts. Weak passwords are chinks in your company’s cyber armor.

Learn how MFA works.

Read the full article on email scams on the FBI’s webpage: Business Email Compromise on the Rise

SonicWall

Integrinet IT partners with SonicWall to bring you the best in Cybersecurity. Here you will find the latest articles on real-world threat intelligence and news from experts who keep your SMB safe from cybercriminals.

Bitdefender

Integrinet IT partners with Bitdefender to provide you with the best Cybersecurity for your SMB. Keep up to date with the latest security threats by reading the articles posted in their blog. Bitdefender specializes in Anti-Malware Research. Keep informed here.

Why Enable Multifactor Authentication (MFA)?

I admit it. I hate passwords. I had been using the same variant of one password since 2002. If you’re like me, you find passwords annoying. You might not like Multi-factor Authentication (MFA) either, also called 2 factor authentication (2FA). I hate using it, as it adds precious seconds to complete logging into my daily work applications. 

But something happened recently that caused me to change my tune and banished my beloved go-to p@ssw0rD. I had my personal email hacked and multiple accounts compromised. It was a Nightmare Scenario. After dozens of calls and wasted hours on the phone with banks, merchant services, and other financial institutions, I can almost laugh about it now.

Here’s my confession: I spend my working life preaching about Security, Firewalls, AV, Ransomware etc., but I don’t practice what I preach. I’m hoping to pass on to you the reality of my personal experience: hackers are out there and waiting to take advantage of your business and personal accounts. I encourage you change your passwords and enable MFA. Using MFA Blocks 99.9% of account hacks. And by the way, it won’t cost you a cent to do it, just your time.

Microsoft Article: Using MFA Blocks 99.9% of account hacks

How Multifactor Authentication Keeps your SMB’s Valuable Data 99.9% Secure

What Are Malware and Ransomware and How Can They Hurt Your Small Business?

Malware is short for malicious software. It’s a general term that refers to software designed to cause damage to your network, server, computers, or client applications. Viruses and ransomware can enter into your computer system via malware.

Malware breaches your system through insecure emails or websites. This is a technique that cybercriminals use and is called phishing. These emails look like they are sent from a legitimate organization or from someone you know. When you click on a link in the email or open an attachment, the code activates and does its dirty work.

Ransomware is also usually transmitted through phishing emails. It is a type of malware that prevents you from accessing your computer until you pay the cybercriminal. It targets software that has not been maintained or kept up to date.

Why would keeping your software updated matter?

Software degrades over time as the operating system, other software applications, and the computer hardware that interact with it are updated.

Patching is a term IT nerds use that refers to updating, fixing, or improving your software and programs. They know how to spot bugs and the security vulnerabilities we’ve been talking about here.

What is a software bug?

A software bug is an error or flaw in a software application, which causes it to do weird things or create incorrect or random results.

Thus, it seriously is a good idea to keep all components of your IT system updated and compatible.

Integrinet IT offers a free assessment of your IT infrastructure. Our consultants can help you identify components that are incompatible or troubleshoot the reason they are going haywire. Our service engineers are specialists in managing the process of patching and updating your systems.

What’re the Differences between Antivirus Software, Antispyware, and Firewalls?

Antivirus Software is also known as anti-malware. Malware is software designed to cause damage to your IT infrastructure (your servers, desktops, laptops, and software apps). So, antivirus software makers are the good guys, and malware makers are the bad guys.

Antivirus (AV) software is designed to prevent, detect, and remove malware that has broken into your system. These AV applications also keep you protected when you’re surfing the net. There are all kinds of hijackers and malicious kits and tools created to take your computer and its components down when you’re on the internet. These superhero AV software packages work to keep your systems safe.

Antispyware is usually included in AV software packages and has been developed to specifically stop spyware. Spyware is a type of malware that attempts to gather info about you and your organization without you knowing it. Cybercriminals can secretly observe your business activities on your devices and the internet. They sell this information and your tracking info to marketers to make a quick buck.

Antispyware, like AV software, detects, prevents, and removes spyware from your devices. The software scans emails, websites, and downloads for any potential threats. It searches for any changes in records and if it finds one, it disables the data and alerts you. It can provide you with all the details about the spyware, which gives you the power to destroy it.

Spyware and malware programmers know their wares are being detected and removed. They are continuously working on evolving their programs to create something that the good-guy software apps will miss.

A firewall is another type of security device. It can be a piece of hardware connected to your system or a software application. It operates as a network security system that monitors and controls incoming and outgoing network traffic. It blocks unauthorized access to your business’ data by creating a virtual wall between your internal network and the crazy cyber world out there. You can go out into that cyber world, aka the internet, and come back in but the bad stuff out there can’t get through. It’s like airport security, but a firewall tracks traffic going both ways.

A million vendors sell these products. It’s important to shop around for the best. Here at Integrinet IT, we’re professional software vendor shoppers. We buy and install the best for our clients. Give us a call, and we’ll make sure nobody is breaking into your system, hijacking your stuff, or spying on your activities. We will set up a powerful firewall that protects your confidential data, private documents, and secret sauce from cyber crooks.

Quick Tips to Increase Cybersecurity for your Small Business

According to the Small Business Association (SBA), 88% of small business owners believe they are vulnerable to cyberattacks. Their fears are justified because hackers target smaller businesses knowing they don’t have the tight security that larger enterprises do. Most have limited funds and time to dedicate to ensuring their IT systems are protected. And the majority don’t know where to start.

Even though technology threats are continuously changing, there are some things you can do to protect your business.

The number one way cyber attackers break into your system is through email and untrained employees. Learning a little bit more about the best cybersecurity practices is something you can do right now to lower your risk. Here are some quick tips that you probably already know about but don’t realize just how valuable they are.

Passwords

We know this is a pain, but create a different password for each of your accounts and change them regularly. Don’t use something easy to remember. Create strong passwords that contain:

10+ characters

1+ uppercase letter

1+ lowercase letter

1+ number

1+ special character

Another option is to purchase an app that keeps your login info secure for all of your cloud apps that you access from different devices while you only have to remember one single password.

Multifactor Authentication

When a website or vendor on the internet prompts you to have them send a security code to your phone, as you’re attempting to log in, this is multifactor authentication. It is somewhat frustrating, especially when your phone doesn’t get the code, but usually having them resend it works. Just remember, dealing with these few extra steps seriously increases your security.

Backups

Backups are the Gold Standard in the IT world.  It is super important that you get into the habit of saving your data on all your computers once a week. If you can, set up automated backups. The copied data should be stored on the cloud or offsite. If anything happens to your hardware or your physical office space, your data will be safe.

There are software services that use encryption to protect your sensitive data. You know what that data is, but in general, it might include your documents, spreadsheets, databases, financial files, human resource files, and accounts receivable/payable files.

Keeping on top of your businesses’ cybersecurity can be difficult. If you’re in Utah or Idaho and need some help, don’t hesitate to contact us at info@integrinetit.com or (844) 400-0616.

Powered by Integrinet IT | © Integrinet IT 1998 - 2020
error

Enjoy our articles? Please spread the word :)