A Firewall Is Critical for Business Security

Having a reliable firewall is extremely important in today’s environment. In the first half of 2019, 59% of MSPs reported Ransomware attacks on the companies they managed, according to a recent Datto Survey. The average ransom is $5,700. That is up 37% from the year before. You can see how essential it is to protect your server.  

You must keep your guard up to keep nefarious actors out of your network. Your guard is your firewall. It protects your servers and infrastructure. There are many on the market and most are pretty good. Some last for years. 

Keep Your Firewall Up to Date 

Keeping up with the latest technology is the best way to know which firewall to choose for your company. When researching, it’s important to know what you are doing because it can get pretty technical. Read the reviews and shop according to your budget. You should consider not only the purchase price but also the yearly services and support costs. Some businesses like the DIY option, but others prefer consulting with an IT Service company. 

Fight Viruses & Hacking Exploits Floating Around in the Wild 

Maintaining a service subscription for your firewall will keep it up to date, which keeps your business safe from viruses and hacking exploits floating around in the wild. When you keep your subscription current, it will update your firewall with the latest version of firmware. Firmware is the software that runs the components in the firewall device and the software that runs it. 

Prevent Business Operations Disruptions 

Support for your firewall allows you to call the manufacturer and talk to them about setup and repairs. If it has issues and you don’t have anyone who can log in and repair it, your Internet will go down. That disrupts your business operations, whether you’re working in the office or from home. This is happening more often than it should these days.  

When Your Firewall Gets Too Old 

Your firewall is a critical piece of equipment. Keeping its support up to date is very important. Firewall companies only offer support for a certain period of time. After that period ends, you need to renew it. When the device gets too old, the manufacturer will no longer sell support for it. Once it fails, you will need to purchase a new one.  

Without A Firewall for 30 Minutes – 699 Attacks 

Shipping times for new firewalls vary. You might have to wait for up to 3 days. That is a long time to go unprotected. We once tested what would happen to an Exchange server on the internet.  It was password protected but had no firewall guard. Within 30 minutes, it was attacked 699 times by someone who was trying to hack through the passwords.  

Understanding the importance of a firewall is paramount for a small business. If managed right, it will keep your confidential data safe from harm. We’re here to help you with that. Please give us a call to assess the state of your firewall. (844) 400-0616

Learn more about the Cybersecurity we offer!

Datto’s Global State of the Channel Ransomware Report 

Network Protection Best Practices – Maximize Your Value

Many small businesses don’t need an expensive complex data center to run their operations. But even with a small system, it is important to know about network protection best practices to maximize the value of your equipment.

Your network is composed of the interconnected computers, machines, and operations you use in your business processes to provide your clients with products and services. It includes hardware like your: 

  • Workstations 
  • Servers 
  • Switches 
  • Phones 
  • Access points 
  • Printers 
  • Firewall 
  • Routers 

There are some best practices you need to keep in mind to protect your company’s network and stored data. 

1. Create secure and clean spaces for network protection

Keep your server(s), switches, phone system, firewall, router in either a locked room or in a locked cabinet. Keeping them away from accidental bumps, knock-overs, or spills is just as important as protecting them from a breach. I have seen people knock over server racks that were not secure. I have seen people store cleaning products over servers that eventually spilled on them. No one needs these kinds of expenses when they can easily be avoided.  

2. Make sure these network spaces are well ventilated  

Choose spaces for your workstations, servers, and other network devices that are well ventilated. Heat is very hard on electronics, especially IT hardware. If you use enclosures, make sure they are well ventilated. Use containers with security screens, not those with sheer metal or wooden sides.  

3. Protect your network: connect it to an Uninterruptible Power Supply (UPS) 

Have a good business-type battery backup/Uninterruptible Power Supply (UPS). A basic home PC-type battery backup is not what you should be using on your server. Look for a Pure Sine Wave Device. Choose one that levels out the power as well as protects from surges. Dirty power that fluctuates constantly can be as hard on your equipment as power surges.  

4. Use Image-based backups for network protection 

Use an image-based backup, not just a data backup. An image-based backup will not only backup your data but also backup the operating system and its settings. If you have an image of the server, you can restore it much faster than if you only had a data backup. We are talking hours to restore, instead of days or weeks. If you are hit with ransomware which encrypts your data, you can wipe the server and restore the image quickly.  

5. Backup your network locally and offsite to reduce rebuild time 

Store backups locally and then offsite. If you only stream data to an online storage service, you can only retrieve it at the speed of the combined internet connections between their side and yours. I was working with a technician on a project once and he only backed up the data online and no image locally. They had a slow internet connection and only a data backup. It took about 2 days to rebuild the server internally with all the settings but then took over three weeks to stream the data from the storage service.  

6. Properly install firewalls to keep bad actors out without slowing business processes 

Use a firewall. They are not overly expensive to own. They keep bad actors out of your network. Have a professional install it so it doesn’t end up slowing down your business processes. You don’t want your firewall to get in the way of where you need to go. Most have content filters to keep your employees from going where they shouldn’t, which optimizes your productivity. 

These are some basic and best practices you should strive to engage in as a small business owner for network protection. None of them will break the bank. But neglecting them can eventually wreck you financially.  

Think ahead. Protect your network. The business you save will be your own. Schedule a free consultation with Joe if you’re in Utah or Fred if you’re in Idaho.

Cyberjacking – Security Alert

Cyberjacking has become a major problem for networks around the world. It is currently one of the top cybersecurity problems existing today. The term cyberjacking means hackers access your servers or workstations like parasites. They use your processing power to mine cryptocurrency. This exploit can be detrimental to your network and production. Because it uses your processing power, it slows down your network. A slow network decreases your productivity.  

This hack is difficult to detect and even more difficult to eradicate. It rewrites your server software and deeply embeds itself into your network. The best way to combat this type of malware is to wipe your server clean and restore from your image backups. That takes time and money.  

In one instance, I saw this attack come in through an email inside a PDF-looking document. When we investigated, the software was embedded inside a font. When an employee clicked and opened the file, the malware downloaded to the company’s network. Once running inside their system, it used the processor as part of their bitcoin mining operation. Servers keep logs of incoming and outgoing traffic. The cyberjacking malware erased these logs every minute to cover its tracks. It took over 2 ½ days to stop the attack and mitigate the damage. 

Protect your business from cyberjacking

It is important to protect your business from these kinds of parasitic attacks.

  1. Keep your firewall up to date with the latest virus and malware signatures.  
  1. Protect your email with filters either in Microsoft 365 or with another filtering service before it hits your onsite exchange.  
  1. Train your employees not to click on items originating from an unknown source. 
  1. Train them to validate even a trusted source to make sure requests for financial or confidential data transfers are genuine. 

Your due diligence is what keeps you safe. Give us a call for a network security checkup. Our service engineers are well versed on keeping your network secure.

This article on achieving PCI Compliance is also about increasing your cybersecurity in general: So You Want To Achieve PCI Compliance? Shields Up!

So You Want To Achieve PCI Compliance? Shields Up!

If your company accepts credit card payments, you know about PCI Compliance. Your network and system shields need to be up and secure when you handle your clients’ credit card information. Cybercriminals are always looking for ways to get past your shields.

The COVID-19 pandemic has pushed many businesses into increasing online and over-the-phone payment systems. While the virus is infiltrating our physical shields, criminals are seeking to infiltrate our digital shields. The pandemic has triggered the largest cybersecurity threat that we have ever experienced.*

When Shields Are Compromised

475%

Increase in malicious reports of cyberattacks related to the virus at the onset of the pandemic.*

41%

Of small businesses that have been breached paid more than $50,000 for resolution.*

60%

Of SMBs that suffer a data breach go out of business within six months.*

Just like we’re all putting our shields up by wearing masks and trying to social distance, we need to make sure we are shielding our systems and valuable data from the 4.57 billion people on the Internet (statista.com). (Can you see how this makes doing business with each other so difficult?)

These stats show why it is important to make sure your business is cyber-safe. Here are a few PCI DSS (Payment Card Industry Data Security Standards) tips to strengthen your shields and business continuity.

Achieve PCI Compliance by using strong passwords

Just like we have locks and keys to our homes, we need to have locks and keys on our network and systems. Create longer passwords with a mix of letters, numbers, and other characters (%$*&!@(). And change them often.

Read more about passwords and MFA

Patch your software

Make sure your IT service company keeps your software patched and up to date. Patching is fixing, improving, or updating a program with bugs or other security issues. Just like we strengthen our bodies with eating and exercise to prevent disease, your IT company strengthens your software applications with patches to prevent data breaches.

Encrypt all payment card data

Encryption creates another type of shield between the billions of people on the Internet and our data. Digitally scrambling data creates barriers that cannot be penetrated unless a user has the key. Selective shields, boundaries, locked doors, barriers, and walls are good. Sometimes they are a pain, but they are needed to sustain our physical and digital lives. And they are needed for PCI Compliance.

Remote access to your systems should be secure

Shields up! Our bodies stay healthy by having selective boundaries that keep some things out but allow other things in. Similarly, your business needs boundaries around your network. You want your vendors, employees, and customers to access your system from their businesses, homes, and mobile devices. Viruses and cybercriminals target these access points. Your IT service company should make sure your associates are using strong passwords and multi-factor authentication before your system lets them in.

Firewalls Are A Big Part of PCI Compliance

Shields up! Make sure your IT company has a firewall shielding your network from the Internet. This is like a cell wall that monitors all incoming and outgoing substances. Many of these substances have to have special keys to get in. A competent IT company will configure a strong firewall for your business among multiple other layers of shields.

Beware of phishing email

True to viruses in nature, hackers are evolving. Their attacks are more deceptive. They send emails that appear completely legit. If you haven’t expected a request for confidential data or information, don’t hand it over until you call and verify first. Your ability to differentiate is another layer of security.

For Compliance, Your partners should also be secure

We all know how easily the COVID-19 virus has spread. The same thing is true of digital viruses. If they are hacked, you could be too. The hackers can get into your system via the same portal your partners entered it.

Cybercriminals are always looking for ways to get past your shields. If you work with e-commerce, your shields need to be strong and secure to achieve PCI Compliance. But whatever your business, let’s work together to keep our clients, partners, and businesses safe.

Schedule a free security risk assessment with either Joe Nice in Utah or Fred Bauerfeld in Idaho

*Stats from: PCI Security Standards Council & U.S. Security, Exchange Commission, and Panda Security

Managed Services Provider: Choosing Reliable IT Services

As a Managed Services Provider, we know that your business runs on information. We also know that you need top-notch cybersecurity to protect it. While you’re busy growing your business, you need someone to manage your technology. And you’ve got a lot to manage – cloud services, software applications, vendors, network, multiple computing devices, servers, switches, and storage. Without someone keeping a 24/7 watch on these assets, your business is vulnerable to security breaches.

The following image is a screenshot of the SonicWall Security Center. This website monitors real-time cyberattacks. Click on the link to see how many attacks are happening right now. Security breaches are constantly bombarding organizations like yours. Bad actors are always searching for a chink in your armor.

A Reliable Managed Services Provider’s (MSP’s) goal is to keep your business and data secure while maintaining an efficient technology environment. MSPs do this by managing your cloud services and overseeing your daily IT needs. They provide you with the technical support and security you rely on to keep up with the fast-paced, automated business world.

IT Management is a full-time job

You may have a difficult time effectively managing your business IT operations and cloud services on your own. Computer technology is an industry that is constantly iterating to increase speed and safety while minimizing cost. Consequently, many companies hire a variety of third-party services to run their business operations. These services should work together compatibly, but that’s hard to accomplish when they are constantly evolving.

A Managed IT Services Provider manages your interconnected web of services for you. Certified technicians work full-time overseeing your IT ecosystem to ensure it runs optimally. They free you up to focus on what you do best. An optimized technology environment maintains the highest degree of protection against security breaches.

If you are thinking about hiring an MSP, consider how the following benefits increase your cybersecurity:

1. A Managed Services Provider reduces costs & prevents security breaches

For small- to medium-sized businesses, it is less expensive to hire an MSP than staff a full-time IT department. When your IT services are affordable, you can maintain the network optimization required for cybersecurity.

2. A Managed Services Provider offers predictable, recurring monthly costs

An MSP has the flexibility to adapt their services to your business needs. You don’t pay for more or less than you need. Once the right fit is found, you pay a consistent monthly bill. When you know how much to budget for, your IT services are a no brainer. You don’t have to constantly worry about a new and unexpected bill when something happens. With consistent service, your productivity and cybersecurity remain optimal.

3. Choosing an MSP maximizes hardware & software life

MSPs work to keep your technology current. They monitor the age of your computer devices and software applications. Most of us don’t like having to pay for new equipment when what we have is still perfectly functional. But when our computers and software cross into the land of the dinosaurs, they become inefficient. Outdated machines and software are a security risk.

A trustworthy MSP knows when to patch and maintain what you already have, and when it’s time to upgrade. Keeping your technology up to date keeps your defenses strong against cyberattacks.

As a Managed Services Provider, we know that you primarily need us to keep your network securely running at peak efficiency. Lagging computer and internet speeds are your nemesis. Our goal is to maximize your cybersecurity while increasing your productivity. We strive to do that at reasonable costs. Schedule a free consultation with Joe if you’re in Utah or Fred if you’re in Idaho.

Curiosity Killed the Network

One of a technician’s biggest fears is user Curiosity. Curiosity has been the culprit of a number of major successful cyberattacks on unsuspecting companies. It is the reason you might click on a link in an email sent from an unknown source. It’s the reason you might follow a rabbit hole of links to unsafe sites on the internet. Curiosity is also the reason you might click on a random link at the bottom of an unfamiliar website.

In order to keep your company’s network and confidential data secure, you and your employees should be aware that cybercriminals attempt to trick you by applying to your Curiosity. One of their little-known tricks is scattering USB drives in conspicuous places such as the parking lots of targeted companies.

Curiosity May Increase Your Organization’s Security Risk

Researchers performed the following experiment to test how risky yielding to our Curiosity can be.

A few major organizations got together to conduct a study:

  • The University of Illinois
  • Urban-Champaign, Google
  • The University of Michigan

In the study, they tested how the Curiosity factor can affect a company’s cybersecurity. They scattered 297 USB drives around the Urban-Champaign campus. On the drives, they installed software that mimicked malware. When some Curious soul opened one of the files on the drive, it didn’t infect the computer with a virus. But it alerted the researchers that it had been opened and then sent them the location of the computer.

48% of the drives were plugged into computers!

Read the whole story here: Story of the USB Drive Study

The DOD Infiltrated Via Thumb Drive

If you think that’s crazy, listen to this: One of the worst cyber-attacks on the U.S. military in history occurred in 2008-09. It happened at one of the Department of Defense’s (DOD’s) Middle East bases. Someone inserted a thumb drive they found in a parking lot into a computer. It was like a worm that infected the entire network and went without detection.

“Once in place, the malicious code began to ‘beacon’ out to its creator, letting whoever created it know that it was in place and ready for further instructions. That’s the only way analysts from the NSA’s Advanced Networks Operations team noticed it was there.” – Blake Stilwell, We Are the Mighty, The worst cyber attack in DoD history came from a USB drive found in a parking lot

14 Months to Wipe It Out of Their Network

It took them 14 months to wipe it out of their network. When they realized what had infected their systems, one of their first responses was to ban thumb drives. They gathered thumb drives from military personnel and found they were all infected. As of the date of this article, no one has ever found out the identity of the hackers or how much information they stole.

“The effort was so intense and deliberate that it led to the creation of the 11th military unified command – The U.S. Cyber Command.” -ibid

If your Curiosity peeks when your online, reading an email, find a thumb drive, or even receive an email or phone call from a known source, err on the side of caution. Choose to be more Curious about cybersecurity. The network it saves might be your own.

Call us to and talk to Fred (Idaho) or Joe (Utah) to set up a free security assessment (844) 400-0616.

Cybersecurity and Cloud Storage

I was managing a company’s network as their Managed Service Provider when we received a call that a folder with many of their files was missing in their online Microsoft 365 SharePoint. We investigated the issue and found that none of their files had been nefariously deleted. We also determined there hadn’t been anyone trying to hack into the system and steal their data. Yet, it remained a fact that their files were missing.

We continued our detective work, checking if any credentials had been changed, but everything seemed in order. No one from outside had accessed their network.

Accidentally Deleted or Moved

Finally, one of our technicians had a hunch that a current employee might have accidentally deleted or moved the file. After a little more investigation, we indeed found that had occurred. When an employee was moving his mouse across the screen, he had accidentally grabbed a file folder and dropped it into another folder. It had been difficult to solve this case, but with some very good detective work, we were able to restore the file folder to its original location.

Data Security & The Human Component

After this experience, I started thinking more about data security in the cloud. Even though large file service companies like Microsoft 365 have very secure cloud storage, what about the end-user – the human component? What happens when someone deletes the wrong file by mistake? How often does this happen? While most of these cases are accidental, what happens when an unhappy employee, who thinks they have nothing to lose, decides to take out her company’s file repository? Could they recover the data – their forms, spreadsheets, and intellectual property?

Data Retention & Backup

Fortunately, Microsoft 365 has a retention policy that your company can use. It is good for up to 93 days. That’s a really good start, but in some cases, it may not be enough. Your MSP should have a service to back up to your Microsoft 365 OneDrive and SharePoint. This is a great way to ensure you never lose your data, either to a mistake or to a disgruntled employee. The backup service your IT company can set up for you is automatic. It’s one of those “set it and forget it” programs, although it should be tested periodically. If you have Microsoft 365 or a similar service for storing documents in the cloud, consider incorporating this service into your network. It just might save the day for your business down the road.

For help with cybersecurity and data backup, scheduled a free consultation with Integrinet IT

Are You HIPAA IT Compliant?

Did you know that on the Dark Web, medical records sell for more than credit card data?

If you are a health services organization, you know your biggest cybersecurity worry is to keep your ePHI secure. Most breaches happen because the devices you use have not been encrypted, one of your employees clicks on a nefarious link in an email, or someone inadvertently downloads malware into your systems.

Encryption Is the New Standard

HIPAA IT standards are the gold standard of cybersecurity in the health service industry. As your organization strives to be in compliance, start with encrypting as much of your data as possible. At the very least, make sure you have passwords on all your computers and mobile devices. Implement Multifactor Authentication to protect your users’ login credentials.

The encryption process converts your data to an unreadable and unstable state. If unauthorized users broke into your network, your email, or your devices, they would not be able to make any sense of it. The only way the encrypted data can be read is with a security key. With this key, the computer will convert the data back into a readable and stable state.

All emails containing ePHI that are sent outside of your firewall need to be encrypted. Additionally, they should be saved in a secure and encrypted archive for at least six years.

Web Content Filter

It’s important to have your managed services provider install a web content filter, which blocks inappropriate and dangerous content as well as cyber criminals who are waiting to steal passwords to your records and databases.

Automatic Log-off

Your service engineer should also help you set up automatic log-off of your PCs and mobile devices. When your authorized personnel have stopped using their computers for a specific amount of time, the computers automatically log out. It is so easy to forget to log out when stepping away from the workstation. This program is a smart and easy backup to use to increase your cybersecurity.

HIPAA Checklist

Your medical office has to be aware of the IT portion of the HIPAA checklist. You need to make sure you can check every box. Your managed services provider should perform regular assessments that identify the risks in all systems your business uses to “touch” your ePHI. This includes your:

  • Network
  • Servers
  • Switches
  • Computers
  • Mobile Devices
  • Software
  • Phone Systems
  • Cloud Accounts (Email, Storage, etc…)

24/7 Remote Monitoring

To be HIPAA IT compliant, your IT company must be remotely monitoring your systems 24/7. They should be analyzing your logs regularly. They should be able to detect unauthorized access by existing employees.

A good managed services provider should know what it means to be HIPAA IT compliant. It should actively monitor your firewall ports and know which ones are usually attacked. If you have employees working from home, your service engineers should ensure that your VPN tunnel is set up and secure. They should have the ability to sniff out all the security issues your specific practice faces.

Due Diligence

If your healthcare organization is in the middle of striving for due diligence to the HIPAA standards and needs an IT company that knows how to help you reach compliance, schedule a free consultation with Joe Nice (Utah) or Fred Bauerfeld (Idaho) at Integrinet IT.

Call (844)400-0616

Choose “Sales” from the menu to talk to Joe or Fred.

Read more about HIPAA Compliance:

HIPAA Compliance Checklist

Summary of the HIPAA Privacy Rules by the United States Department of Health & Human Services

Ransomware Hacker Strikes Sports Software Company & Steals Hundreds of Thousands of People’s Confidential Info

Ransomware is one of the vilest ways bad actors are taking advantage of good honest companies. It’s one of those crimes that businesses, both large and small, are powerless to defend themselves against once it occurs. It is so utterly galling to have to pay exorbitant amounts of hard-earned cash to creepy dishonest hackers to regain access to their own systems and confidential data.

The Story

According to an article posted in the Tech Times on September 22, 2020, a major software company was recently hacked. The attackers held the company’s confidential data hostage until the owners paid up. The data included information about 540,000 users. They swiped their names, passwords, usernames, birthdays, addresses, email addresses, and Social Security numbers.

ArbiterSports, the victim-company, supplies the NCAA and other sports leagues with a software application that manages referees and other game officials. Like most other companies that are hacked, they had no choice but to pay the ransom. But when you work with thieves, you never know if they will actually keep their side of the agreement to delete the stolen copy of confidential data.

The Reality for Your Business

If you don’t think your smaller-sized company is in danger of being hacked like this, think again. In our day bad actors are just as likely to shut down or disrupt small businesses as they are large. They can steal your data and hold it for ransom.

The most common way ransomware enters your network is through phishing emails. Integrinet IT builds a labyrinth of layers to defend your company against email infiltration.

1st Layer of Defense
A cloud email filter, which identifies spam emails before they even enter your firewall.

2nd Layer of Defense
Your Firewall.

3rd Layer of Defense
Your network server credentials.

4th Layer of Defense
Antivirus software with malware protection that is installed on your server, individual computers, and other end-point devices.

How Backups Save Your Company’s Life

Additionally, we configure a backup system that runs multiple times a day. If your company is hacked, we can wipe your server completely clean and then reinstall your system exactly as it was before the attack. Contact us today at (844) 400-0616 to set up your defensive position that will protect the business you have worked long and hard to build from the ground up.

Read the full article here: Hacker Breached 540,000 referees, league officials, and school representatives for Ransom and won

How Multifactor Authentication Keeps your SMB’s Valuable Data 99.9% Secure

Multifactor Authentication (MFA) is a security process that requires two or more authentication steps to verify the user’s identity. The most common validators used are: 

Memorized or Stored Information
Username, password, pin, and or security questions. 

One-time Security Token
Sent to your mobile device, a key fob, or your employee ID card.

High-tech Scanners
Technology that can scan and recognize your eyes, fingerprints, face, or voice.

You are only granted access after successfully presenting two or more of the above pieces of evidence to validate identity. This adds to the time it takes you to gain access to sites, but it is one of the most reliable ways to protect your accounts from being hacked. 

Using multifactor authentication with your email service is a smart way to keep cybercriminals out. When employees log in to their email site and enter their username and password, a code is sent to their mobile device by text or an authentication app. When they enter that code, they can access their email. Unless they have their mobile device, it is 99.9% impossible to access the account. 

Integrinet IT can set up multifactor authentication seamlessly in any of your organization’s  workflow or applications – both internal network applications and external internet applications.  MFA is a valuable part of your shield against threat actors especially if you have employees accessing your network remotely. 

Business Email Compromise (BEC)

One of the most sneaky and costly cyberattacks is CEO Fraud, also known as Business Email Compromise (BEC). Either through Spearphishing Attacks, malware, or by gaining access to your cloud-based business email accounts, scammers collect data to obtain essential information such as who you pay and how.

With this information in hand, they attempt to trick your company into wiring money to an account they set up, which cannot be traced. Exploitations like these have been around for more than five years, but BEC activity has doubled in the past year. 

This is how they do it:

  1. Scammers pick a target. They search through the directories of social media websites such as LinkedIn or they go to the company’s website and look for the names of people who work there. They are especially looking for executives who have authorization to transfer money. It is not hard for them to find most of the company’s corporate officers and personnel through these channels.
    1. Scammers groom the target(s) they pick. They send emails to the target or call them on the phone to invite him/her to begin a correspondence with them. This is called spoofing. If the target responds, the scammers can view his/her email address and signature.
    2. The scammers then may set up fake email addresses and URLs by adding an extra character to make them look similar to the target’s at a glance.
    3. Other times they may just copy the name and attach another email address to it. Since some email applications only show the name, the false address behind it can be hidden.
    4. Sometimes scammers create a full email server that looks like the target’s server with a change of one character. E.g., mary.smith@companyllc.com vs. mary.smith@companylllc.com. If the coworkers at the target company just glance at this email address (as we all usually do), they most likely will miss the extra l.
  2. Once the scammers engage the target in a fictitious company project or transaction, they give instructions to wire the money to their account. Other times they act as a vendor giving new wiring instructions with the scammers account information. They might also impersonate the CEO and give instruction to the CFO to wire money to an account. The target believes they are working with a partner company or a supervisor who is giving them these instructions.
  3. The target wires the money to the untraceable account and the company never sees it again.

BEC scams may seem unlikely, but it actually happened to the Puerto Rican government which lost $2.6M and to a Tech Manufacturing company which lost $47M.

Puerto Rico government loses $2.6M in phishing scam

Ubiquiti Networks Says It Was Victim of $47 Million Cyber Scam

Between January 2014 and October 2019, the Internet Crime Complaint Center received complaints totaling more than $2.1 Billion in actual losses from BEC Scams.

FBI Public Service Announcement on April 6, 2020

Every one of your employees should be on the alert for spoofed emails. One of the most effective practices to avoid BEC scams is to train your workforce to voice-verify before transferring funds. If there are any account changes, especially new place-to-route payments, they should be approved verbally by one or two people up the corporate chain and by one or two people at the receiving company.

Another way to fight BEC is to use Multifactor Authentication (MFA) to protect your email accounts. Weak passwords are chinks in your company’s cyber armor.

Learn how MFA works.

Read the full article on email scams on the FBI’s webpage: Business Email Compromise on the Rise

SonicWall

Integrinet IT partners with SonicWall to bring you the best in Cybersecurity. Here you will find the latest articles on real-world threat intelligence and news from experts who keep your SMB safe from cybercriminals.

Bitdefender

Integrinet IT partners with Bitdefender to provide you with the best Cybersecurity for your SMB. Keep up to date with the latest security threats by reading the articles posted in their blog. Bitdefender specializes in Anti-Malware Research. Keep informed here.

Why Enable Multifactor Authentication (MFA)?

I admit it. I hate passwords. I had been using the same variant of one password since 2002. If you’re like me, you find passwords annoying. You might not like Multi-factor Authentication (MFA) either, also called 2 factor authentication (2FA). I hate using it, as it adds precious seconds to complete logging into my daily work applications. 

But something happened recently that caused me to change my tune and banished my beloved go-to p@ssw0rD. I had my personal email hacked and multiple accounts compromised. It was a Nightmare Scenario. After dozens of calls and wasted hours on the phone with banks, merchant services, and other financial institutions, I can almost laugh about it now.

Here’s my confession: I spend my working life preaching about Security, Firewalls, AV, Ransomware etc., but I don’t practice what I preach. I’m hoping to pass on to you the reality of my personal experience: hackers are out there and waiting to take advantage of your business and personal accounts. I encourage you change your passwords and enable MFA. Using MFA Blocks 99.9% of account hacks. And by the way, it won’t cost you a cent to do it, just your time.

Microsoft Article: Using MFA Blocks 99.9% of account hacks

How Multifactor Authentication Keeps your SMB’s Valuable Data 99.9% Secure

What Are Malware and Ransomware and How Can They Hurt Your Small Business?

Malware is short for malicious software. It’s a general term that refers to software designed to cause damage to your network, server, computers, or client applications. Viruses and ransomware can enter into your computer system via malware.

Malware breaches your system through insecure emails or websites. This is a technique that cybercriminals use and is called phishing. These emails look like they are sent from a legitimate organization or from someone you know. When you click on a link in the email or open an attachment, the code activates and does its dirty work.

Ransomware is also usually transmitted through phishing emails. It is a type of malware that prevents you from accessing your computer until you pay the cybercriminal. It targets software that has not been maintained or kept up to date.

Why would keeping your software updated matter?

Software degrades over time as the operating system, other software applications, and the computer hardware that interact with it are updated.

Patching is a term IT nerds use that refers to updating, fixing, or improving your software and programs. They know how to spot bugs and the security vulnerabilities we’ve been talking about here.

What is a software bug?

A software bug is an error or flaw in a software application, which causes it to do weird things or create incorrect or random results.

Thus, it seriously is a good idea to keep all components of your IT system updated and compatible.

Integrinet IT offers a free assessment of your IT infrastructure. Our consultants can help you identify components that are incompatible or troubleshoot the reason they are going haywire. Our service engineers are specialists in managing the process of patching and updating your systems.

What’re the Differences between Antivirus Software, Antispyware, and Firewalls?

Antivirus Software is also known as anti-malware. Malware is software designed to cause damage to your IT infrastructure (your servers, desktops, laptops, and software apps). So, antivirus software makers are the good guys, and malware makers are the bad guys.

Antivirus (AV) software is designed to prevent, detect, and remove malware that has broken into your system. These AV applications also keep you protected when you’re surfing the net. There are all kinds of hijackers and malicious kits and tools created to take your computer and its components down when you’re on the internet. These superhero AV software packages work to keep your systems safe.

Antispyware is usually included in AV software packages and has been developed to specifically stop spyware. Spyware is a type of malware that attempts to gather info about you and your organization without you knowing it. Cybercriminals can secretly observe your business activities on your devices and the internet. They sell this information and your tracking info to marketers to make a quick buck.

Antispyware, like AV software, detects, prevents, and removes spyware from your devices. The software scans emails, websites, and downloads for any potential threats. It searches for any changes in records and if it finds one, it disables the data and alerts you. It can provide you with all the details about the spyware, which gives you the power to destroy it.

Spyware and malware programmers know their wares are being detected and removed. They are continuously working on evolving their programs to create something that the good-guy software apps will miss.

A firewall is another type of security device. It can be a piece of hardware connected to your system or a software application. It operates as a network security system that monitors and controls incoming and outgoing network traffic. It blocks unauthorized access to your business’ data by creating a virtual wall between your internal network and the crazy cyber world out there. You can go out into that cyber world, aka the internet, and come back in but the bad stuff out there can’t get through. It’s like airport security, but a firewall tracks traffic going both ways.

A million vendors sell these products. It’s important to shop around for the best. Here at Integrinet IT, we’re professional software vendor shoppers. We buy and install the best for our clients. Give us a call, and we’ll make sure nobody is breaking into your system, hijacking your stuff, or spying on your activities. We will set up a powerful firewall that protects your confidential data, private documents, and secret sauce from cyber crooks.

Quick Tips to Increase Cybersecurity for your Small Business

According to the Small Business Association (SBA), 88% of small business owners believe they are vulnerable to cyberattacks. Their fears are justified because hackers target smaller businesses knowing they don’t have the tight security that larger enterprises do. Most have limited funds and time to dedicate to ensuring their IT systems are protected. And the majority don’t know where to start.

Even though technology threats are continuously changing, there are some things you can do to protect your business.

The number one way cyber attackers break into your system is through email and untrained employees. Learning a little bit more about the best cybersecurity practices is something you can do right now to lower your risk. Here are some quick tips that you probably already know about but don’t realize just how valuable they are.

Passwords

We know this is a pain, but create a different password for each of your accounts and change them regularly. Don’t use something easy to remember. Create strong passwords that contain:

10+ characters

1+ uppercase letter

1+ lowercase letter

1+ number

1+ special character

Another option is to purchase an app that keeps your login info secure for all of your cloud apps that you access from different devices while you only have to remember one single password.

Multifactor Authentication

When a website or vendor on the internet prompts you to have them send a security code to your phone, as you’re attempting to log in, this is multifactor authentication. It is somewhat frustrating, especially when your phone doesn’t get the code, but usually having them resend it works. Just remember, dealing with these few extra steps seriously increases your security.

Backups

Backups are the Gold Standard in the IT world.  It is super important that you get into the habit of saving your data on all your computers once a week. If you can, set up automated backups. The copied data should be stored on the cloud or offsite. If anything happens to your hardware or your physical office space, your data will be safe.

There are software services that use encryption to protect your sensitive data. You know what that data is, but in general, it might include your documents, spreadsheets, databases, financial files, human resource files, and accounts receivable/payable files.

Keeping on top of your businesses’ cybersecurity can be difficult. If you’re in Utah or Idaho and need some help, don’t hesitate to contact us at info@integrinetit.com or (844) 400-0616.

Powered by Integrinet IT | © Integrinet IT 1998 - 2020
error

Enjoy our articles? Please spread the word :)