malware_data_risk_security

Unfortunately, malware is a hot topic these days. SMBs are a target for the bad guys, and your data could be at risk.

So let’s make sure we know what malware is, what forms it can take, and how to mitigate these risks.

malware

Malware is a piece of software designed to cause damage to a computer, server, or network of computers – this is the umbrella term for malicious software.

Virus

A computer virus modifies the system files of the host computer to execute malicious code and infect other files. This is the only form of malware that modifies other files on a computer. Viruses can be attached to emails and then downloaded by the end user.

Ransomware

This type of malware encrypts data in an information system and demands payment in exchange for regaining access. These types of attacks have increased drastically during the COVID-19 pandemic, think 72% or more. However, many ransomware variants refuse to unencrypt data and some even delete the files after ransom is paid. Ransomware is often spread through spam emails.

Trojans

This malicious software looks and behaves like legitimate software but contains malicious code. The most common entry point of a trojan is from pop-up banners on websites that indicate that the user’s computer is infected with viruses and needs antivirus software to clean it up. The “antivirus software” user download contains malicious code designed to gain backdoor access to systems, steal sensitive data, or spy on user or network activities. The important thing to remember about trojans is that the user must take some action for this to take root in the computer.

Spyware

Spyware tracks the activities of the user on the infected computer including keystrokes, passwords, pin codes, payment-related information, personal messages, and other identifiable information. This can come in the form of adware – a malicious advertisement designed to force clicks from users – spoofing emails, and freeware – bundled with other software. Spyware can infect a device when a user agrees to the terms and conditions of a legitimate software program – so always read the fine print!

Worms

Worms are able to replicate themselves in different computers in the same network as the infected computer. Software backdoors, vulnerabilities in operating systems, and flash drives all provide opportunities for worms to gain access. Once a worm has gained access, it will replicate itself, spreading from device to device, with no action from the end user. These worms can then be used to initiate a DDoS attack, steal data, or give attackers control over the system.

Bots

Bots are hybrid forms of malware, often originating in spam messages, than can execute automated tasks through remote instruction. Many bots are used for legitimate purposes, but can also be appropriated for nefarious actions. A large set of these bots creates a botnet, a swarm of bots, attacking a number of systems in sync, making them capable of large-scale attacks.

 

Now what

  • Understand the risks
  • Educate yourself and employees on malware and prevention strategies
  • Build your security stack
  • Stay up to date on cyber criminal’s attack methods
  • Contact PremierePC today

Ever experience a client call running over and you need to get on the road?

Have you taken a call in your car on the way to work and need to transfer to your desk phone when you get there?

GoTo offers three ways to answer any call: the desktop app, mobile app, and the physical desk phone. This can be extremely convenient for you if you move around the office, take calls on the road, work remotely, etc. A useful feature many users are unaware of is the ability to switch active calls between devices.

Calls can be flipped that are active, waiting in queue, in the process of being transferred, or even calls that have not yet been answered.

Currently, there are no permission checks. Keep in mind if there are multiple active calls, you can’t pick which one flips.

Follow these steps to flip a call:

GoToConnect Desktop

  1. While on an active call on another device, open GoToConnect desktop or web.
  2. Hover over Your active call on another device in the left sidebar and then click to complete the switch to the desktop app.
    • The call will be automatically ended on the original device. This change will be transparent to the other party.

GoToConnect Mobile

  1. While on an active call on another device, open GoToConnect mobile.
  2. Tap Active Call at the top of your screen.
  3. Tap Take the call to complete the switch to the mobile app.

Desk phone

  1. While on an active call, dial *77 from the desk phone.
    • The call will automatically end on the original device. This change will be transparent to the other party.

Want another pro tip? When a colleague’s phone is ringing, you can pick up the call by dialing *97 from your phone then entering the colleague’s extension.

Interested in VOIP phones? Contact PremierePC today.

Introducing Google Workspace

Google Workspace, formerly known as G Suite, encompasses Gmail, Docs, Meet, Sheets, and Calendar.

Some new features will include:

  • Google has added a new “Business Plus” level with more device management features.
  • A Chat window can spawn a new document for everybody in the group without needing a new tab.
  • In Google Docs, you can immediately start a video call in the same window for everyone who is active in the document.
  • Google Workspace apps will let users bring up small previews of other documents embedded in the thing they’re working on.
  • Google will expand the use of smart chips, little contact cards that can pop up when you @-mention somebody in a document.
  • Create a doc directly from a chat window.
  • Start a video call from within a presentation.

Some of these changes will begin rolling out immediately, others coming in the next few months. 

Click here and access the Google Workspace Admin help center to learn more.

phishing

71% of ransomware attacks target small-to-medium sized businesses.

Average ransom demand: $116,324

How would this affect your business?

So… what is ransomware?

Ransomware is a form of malware that encrypts a victim’s files.

At the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker.

The attacker then demands a ransom to release access to this data back to the victim.

And why are SMBs targeted?

Typically, these companies spend much less on securing their computing systems and information than larger firms.

This makes it easier for malicious actors to compromise their systems.

Attackers will also use extortion campaigns, duping victims to download ransomware malware or droppers that will infect the compromised machine with ransomware.

The top three vertical markets that are targeted include: healthcare, professional services, and financial institutions.

Got it. But how does PremierePC mitigate these risks?

PremierePC handles all IT related matters; think of us as your personal IT department.

We are well versed in how to educate clients, mitigate risks, and stay up to date on the latest developments in IT, including ransomware attacks.

We make sure there are no open RDP ports for brute force attacks.

We also keep your data backed up in the cloud. In the event of an attack, we can potentially access your data in the cloud without having to pay the ransom.

Contact PremierePC today to better understand your environment and increase your security stack.

New year, new you.

You may be asking, “What’s the secret to protecting my business against cybercrime?”

The answer: a layered approach incorporating security software, a security driven IT support staff, and employee training.

PremierePC can check each of those boxes.

First, let’s take a deeper look into cybercrime.

Cybercrime uses impersonation, fear, threats, lies, and other manipulation tactics to gain a victim’s trust or trick them to sharing sensitive data.

Impersonation in cybercrime is especially dangerous due to cybercriminals’ expert ability to hide in plain site and create legitimate-looking websites and emails.

Cybercriminals are also able to host malicious content on legitimate sites.

Phishing attempts are also able to, at times, slip through DNS and endpoint protection. This is where employee training is your last defense. Humans are consistently the weakest link in the cybersecurity chain of defense. Therefore, social engineering risks are far greater without a security driven IT support staff willing and able to train your employees.

Everyone, from receptionists to executives, are potential victims of an impersonator. In fact, help desk and call center employees are especially vulnerable because they are trained to be forthcoming with information.

Action items:

  1. Instruct employees to delete any requests for financial information or passwords. When in doubt, call the person who “sent” the request and conduct these transactions in person or over the phone.
  2. Use cybersecurity software with real-time anti-phishing services. If you’re suspicious of any links or emails, don’t click! Contact your IT provider first.
  3. Follow IT security best practices by patching software and securing email servers.
  4. Regularly participate in up-to-date Security Awareness Training and phishing simulations for employees.

Sound like too much? Contact PremierePC and we will be happy to walk with you through every step.

Eager to clean out your inbox but don’t want an influx of replies right before your week ends?

Microsoft Outlook offers delayed and scheduled email sending!

Delays can be applied to single messages or you can create rules to delay the delivery of all messages.

Delay the delivery of a single message in the Outlook desktop app

  1. While composing a message, select the More options arrow from the Tags group in the Ribbon.
    Select More Options to set a delivery delay.

  2. Under Delivery options, select the Do not deliver before check box, and then click the delivery date and time you want.
    Set a date and time to deliver your message.
  3. Click Close.
  4. When you’re done composing your email message, select Send.

After you click Send, the message remains in the Outbox folder until the delivery time.

If you decide later that you want to send the message immediately, do the following:

  1. Switch to the Outbox folder.
  2. Open the delayed message.
  3. Select the More options arrow from the Tags group in the Ribbon.

    Select More Options to set a delivery delay.

  4. Under Delivery options, clear the Do not deliver before check box.

  5. Click Close and send.

Note: Outlook must be online and connected for this feature to work.

Delay the delivery of a single message in the Outlook web app

  1. While composing a message, select the arrow next to the Send button.
  2. Select Send Later
  3. Set the desired date and time for the email to be sent.
  4. Select Send. Your message will now be held in drafts until the selected time and date.

Contact PremierePC today to maximize your potential through technology.

We love this time of year. It’s filled with fun, family, fellowship, food, and unfortunately phishing…

Scammers love this time of year too. The holiday shopping frenzy makes for easy phishing attack and hacking victims. PremierePC is here to help you learn how to protect yourself so you can have a great holiday season.

Do not click on links in emails.

If you’re not sure of the sender, or you didn’t request the email, do not click on any links or open any attachments. Instead, contact the company via their website or phone and ask for more information.

Beware of urgency.

Scammers will play on the fear of missing out on something, like a big holiday sale or a deadline for a bill. Resist any pressure to “act now.”

Watch for emails asking for private information.

Legitimate organizations will never request personal information via email. Do not email information such as passwords, credit card numbers, social security numbers, etc.

Research the website.

Scammers are getting better at creating fake websites that look real. Do your research before submitting payment to any sites.

Know your Wi-Fi.

Using public Wi-Fi creates many potential areas for hackers to breach and grab your data or sensitive information. Do not make purchases using public Wi-Fi networks like coffee shops, libraries, hotels, etc.

Keep track of orders.

Scammers will send fake delivery failure notices or package tracking emails to sway you into clicking a link or submitting personal information. Always keep track of what you’ve ordered and who will be delivering it. If you receive one of these emails, call the delivery service or as your post office.

Some of the best ways to avoid scams is continued education and a comprehensive security plan for your business. Contact PremierePC today to see how your security stacks up.

PremierePC - Managed IT

1. Over 6,000 new computer viruses are created and released every month. 90% of emails contain some form of malware!

2. The Firefox logo isn’t a fox… it’s a red panda!

3. Samsung is 38 years and 1 month older than Apple.

4. One Petabyte (PB) = 1024 (TB). To put this in perspective, a 50PB hard drive could hold the entire written works of mankind from the beginning of recorded history in all languages.

5. Alexa is always listening to your conversations. Alexa stores all of your dialogue history in the cloud to improve the Alexa experience.

6. On average, people read 10% slower from a screen than from paper.

7. The first computer mouse was made in 1964 by Doug Engelbart. It was rectangular and made from wood!

8. On average, there is only one reply per 12 million spam emails sent.

9. Surgeons that grew up playing video games more than three hours per week make 37% fewer errors and have a 42% faster completion rate when performing laparoscopic surgery and suturing.

10. NASA’s internet speed is 91 GB per second.

11. Until 2010, carrier pigeons were faster than the internet.

12. In 1971, the first ever computer virus was developed. Named Creeper, it was made as an experiment just to see how it spread between computers. The virus simply displayed the message: “I’m the creeper, catch me if you can!”

how can i reopen my business safely?

2020 brought many surprises and changes. One of which shifted many in-office employees to start unexpectedly working from home.

In 2020, 88% of the organizations, worldwide, made it mandatory or encouraged their employees to work from home after COVID-19 was declared a pandemic.

This flexibility is great to continue business operations. However, it brings about serious holes in security unless you are fully prepared.

So what can an MSP like PremierePC do to help boost security and mitigate threats for work from home employees?

  1. Secure VPNs – this can ensure employees are utilizing the same security tools that are available in the office, mitigating cybersecurity threats and data breaches.
  2. Network segmentation for home networks –  this allows for multiple individual networks under a single network, simplifying security policies if done correctly.
  3. Remote endpoint incident management – this allows technicians to access remote laptops and deploy patches remotely.
  4. Maintain the latest software updates – software vulnerabilities, security loopholes found in programs and operating systems, are typically revealed as they are solved in the latest version. If not updated, programs and operating systems are easy targets for the bad guys.
  5. Educate on phishing attempts – hackers are always looking for vulnerabilities and weak points to take advantage of. An MSP like PremierePC can provide continuing education and phishing training to employees to mitigate these threats.

We know this can be very overwhelming for someone who is trying to focus on actually running their business. PremierePC is here to help! Contact us today.

MFA, Multi-Factor Authentication, is a security enhancement that requires two or more different forms of authentication to gain access to an account. These forms can be something you know (your password or pin), something you have (a smart card or key), or something you are (your fingerprint or eye scan).

MFA is a hot topic these days in the IT world. With hacking attempts consistently on the rise, it is becoming increasingly more important to secure online accounts and data as much as possible.

Last year, internal Microsoft users who enabled MFA blocked around 99.9% of automated attacks against their Microsoft account.

So we know MFA is important and effective, but what do the experts say about how to use MFA?

Microsoft is urging users to stop using SMS text and voice calls for MFA.

Experts know that telephone networks are prone to security issues:

  • SMS and voice calls are transmitted in cleartext and can easily be intercepted by the bad guys.
  • There are also readily available phishing tools that can quickly grab SMS-based one-time codes.
  • Phone network employees can also be tricked into transferring phone numbers to a bad guy’s SIM card, called SIM swapping, allowing attackers to receive the MFA codes on behalf of their victims.

A more secure option includes app-based MFA, like Microsoft’s Authenticator app.

The most secure option includes hardware security keys.

But always keep in mind, some type of MFA is better than no MFA.