Tech Support Scams and what to watch out for!

Don’t Get Fooled by Tech Support Scams

 

Are your employees trained to recognize tech support scams? These nefarious phishing attacks attempt to play on the trust you have established for reputable companies and scare you into giving up sensitive information.

 

Tech support scams are extremely common. Do you know how to recognize the signs?

 

It usually starts with an unexpected phone call. The caller claims to be from the tech support department of a well-known company you trust – typically Apple or Microsoft. Inciting a sense of urgency, this person informs you that your device is infected with a virus, throwing in many technical terms in order to confuse you. “You need to take immediate action,” they say. That’s when they ask for remote access to your device to perform a security scan.

 

Many people panic, and that’s what the hackers are counting on. These calls are designed to catch you off guard and scare you. Panic makes users less likely to second-guess the story they are being told, and more likely to grant the hackers the access they want.

 

This exchange may not always begin over the phone. Hackers also use pop-ups. You are familiar with pop-ups from your operating system that remind you to perform a software update, or notifications from your antivirus provider. A tech support scam pop-up is designed to look more alarming than these routine notifications, and will often provide a phone number for you to call – something you will never see from the legitimate sources mentioned above. Once you call the number, they will work to convince you they need sensitive information, like credit card details for anti-virus software, or remote access to your device to find and purge the virus.

 

The hacker’s goals are usually to:

 

  • Change the computer settings to make the device more vulnerable
  • Collect credit card information to charge the user for fake cybersecurity services
  • Collect personal information like the user’s social security number and date of birth that can help them hack additional accounts

 

Like many types of phishing attacks, in tech support scams, the hackers rely on user error in order to infiltrate your network. That means that well-trained employees are your best line of defense. If you or one of your employees sees a pop-up or get a phone call like this, don’t panic. Instead, hang up, or say you will call them back, and ask to take down their phone number. Then, call a trusted Managed Service Provider like Net Works. We can walk you through the steps to identify if your device is really at risk, or if this is an attempted phishing attack. It is always safer to contact a trusted Managed Service Provider instead of dialing a phone number from a pop- up or granting remote access to an unexpected caller. When it comes to network security, you can never be too cautious.

 

Even with training, mistakes happen, and you will need a backup plan. You will want to have a protocol in place in case your network is exposed. Managed Service Providers like Net Works can help you shore up your defenses. We help you and your employees recognize common hacking tactics, and we can monitor your network so that attacks are caught as soon as possible.

 

Hackers want to take advantage of you and your employees, but you don’t have to let them exploit you or your team. Contact Net Works to defend your business.

Are Mobile Devices Putting Your Company at Risk?

Are Mobile Devices Putting Your Company at Risk?

 

Did you know that mobile malware attacks are on the rise? According to Symantec, mobile malware variants have increased by 54% in just the first four months of 2018.

 

As their screen size, speed and performance have increased, smartphones have begun to replace devices like laptops and desktop computers. Hackers have caught on, and your business cannot afford to put mobile security on the back burner. In 2018, mobile security must be a key element of your cyber-security plan.

 

Cyber criminals are a practical bunch; as more and more users install banking, credit card, and corporate apps onto their mobile devices, these thieves are simply following the money. It is expected, as we move forward in 2018, that more malware will begin targeting banking and other financial apps through mobile devices.

 

Your employees may have learned to recognize suspicious emails, and you may have implemented requirements that have them your team changing their passwords at regular intervals. Yet, as business technology evolves, so do cyber-security best practices. Do you have a plan in place to handle the risks mobile devices pose to your business? If not, it is time to find a partner to help you craft one. Mobile device users are now more vulnerable to phishing attacks than desktop users, and that vulnerability leaves your network exposed.

 

Given the trends in today’s workforce, you can depend on your employees accessing your network from a variety of devices. It is safe to say that most mobile device users are not as vigilant about ransomware or phishing attacks as they would be when working on a desktop.

 

We can help your team stay protected in the face of mobile attacks.

 

Here are four cybersecurity steps your workforce can take today:

 

  1. Make sure employees working remotely are connecting through a Virtual Private Network (VPN). Do not connect to public Wi-Fi networks on a company device.

 

  1. Require regular software updates so that devices have the latest security patches.

 

  1. Lock devices with strong PINs and/or Touch ID. Just as we all know not to use “password” as the password for our bank account, we need to take the same care with locking our mobile devices in case they fall into the wrong hands.

 

  1. Update your apps. Just as you need to update your operating system to take advantage of security patches, users must do the same with their apps so that hackers cannot exploit known flaws that a patch would have fixed.

 

These are only the first steps. Don’t overlook mobile security. Contact Net Works today to protect your network.

Should You Outsource Your Business IT Needs?

Should You Outsource Your Business IT Needs?

 

National Small Business Week begins on April 25! Today’s businesses run on technology, so this is a great time to take stock of your business IT.

 

Your days are filled with making decisions that will guide your company into the future. With all of the other items on your agenda, putting your IT considerations on the back-burner is easy, even understandable, particularly if your system seems to be running smoothly. But your entire operation can grind to a halt due to one computer snag, one phishing attack, or one data loss disaster, costing you productivity and even creating the potential for lost clients.

 

Today’s information technology environment is endlessly complex. Maybe a major firewall breach threatens your data, your VPN is failing to connect, or your VOIP is not allowing outgoing calls. These are just a few among many technology problems that could disrupt your work day. Who would you call to solve these problems?

 

Some organizations choose to hire in-house IT staff, but this can be a major expense for a small or medium-sized business. At the very least, a help desk employee and a systems administrator would be required. The average combined salary of these positions is $90,000 to $120,000 annually, as well as the costs of keeping their training and certifications up to date. Is this the best option for your business?

 

What if you could get more IT experts in your corner, with more combined experience and at a lower cost? By partnering with a Managed Service Provider like us, you can have all of these benefits without any of the downsides.

 

Outsourcing your IT needs to Net Works is the best way to ensure that your business technology is running smoothly and can scale with your business. We have the Enterprise level software applications to support your business, and the wealth of knowledge of multiple IT experts at your immediate disposal. Our vast experience working with different businesses means that we have already seen most of the IT issues that you will face, and we know exactly what is needed to resolve them in a timely manner.

 

Net Works can help you with every IT problem that may arise. With leaner overhead, bulk purchasing and leasing options for hardware and software, and assured compliance with government regulations, outsourcing your IT maintenance and special projects with us can lead to major cost savings. Even if you already have IT professionals on-staff, you may benefit from outsourcing specific tasks to us in order to alleviate pressure from your staff and create efficiencies.

 

You and your staff want to focus on your core competencies. Let Net Works handle the complex world of business technology for you. We stay up to date on all the latest best practices, understand how to fix common problems that disrupt productivity, and know how to prepare you for and protect you from hackers and their tactics. Partner with us instead of having one or two overwhelmed in-house IT staff. You will have a team of experts ready to respond to your technology needs. Contact us today to discuss how we can support your technology needs.

How Hackers Steal Your Business Data

How Hackers Steal Your Business Data

 

World Backup Day is March 31, so this is a perfect time to examine your cybersecurity strategy. What makes your business vulnerable? Hackers have many tactics they can use to infiltrate your network, and small to medium-sized companies are often the easiest to hack. Here are four ways hackers steal data:

 

1) The Guessing Game: Passwords and PINs

Passwords and PINs are meant to protect you, but could they actually be putting you at risk? We all know that we need to change our passwords frequently, and avoid using common or obvious phrases and keywords. Today, features like Touch ID and facial recognition are useful because the user does not have to remember a complex password, and the hacker has greater difficulty stealing that complex data. Many of our passwords are simply too easy to guess. Some of the contents of our most common passwords, like a maiden name or birthday, are easily exposed during data breaches. Other hints can be found on our public social media profiles. For example, does your employee’s Instagram account have a picture of his or her dog with the name mentioned in the caption? Now the hacker knows to try different variations of the pet’s name. Complex passwords and two-factor authentication are good defenses against these guessing games, but are no guarantee.

 

2) The Digital Disguise: Phishing Attacks

In phishing and spear phishing attacks, users in your network receive communications like emails or page redirects, which are designed to look like trusted organizations. These methods are known for tricking users into giving up sensitive information like credit card details or social security numbers. Hackers even create falsified login pages that look like banking institutions or other trusted organizations. Once a user has inputted a password into one of these false login pages, other accounts may become vulnerable because of the tendency to reuse passwords. These attacks typically rely on creating a sense of urgency, oftentimes by tricking victims into thinking an account has been compromised and immediate action must be taken, In order to recover the account.

 

3) Imposter Syndrome: Social Engineering

Hackers are using social engineering tactics to further exploit the tried and true human error. Have you ever heard of the Tech Support Scam? This is a common attack in which a caller poses as someone from Microsoft Tech Support and convinces the recipient to grant remote access to their device. Posing as someone from a trusted organization, the caller acts concerned and sympathetic about the user’s cybersecurity issues, building on the false trust they gained through name recognition to infiltrate their device or network. Social engineering tactics are not limited to remote attacks; they can even include a physical infiltration of an organization’s IT infrastructure. In this scenario, someone may come to the office and pose as an external IT partner there to perform maintenance.

 

4) Personal Problems: Human Error

The overarching theme of each hacking tactic outlined here is a strong reliance on human error. Even with well-trained and well-meaning staff, mistakes are inevitable. These days, as your employees get smarter, unfortunately so do the hackers. The hacking arsenal continues to grow more sophisticated, and it can be challenging to keep up with the latest tricks. That’s where Managed Services Providers, or MSPs, come in.

 

Outsourcing your cybersecurity operation to an MSP makes great business sense. While most small organizations do not have the resources to build sophisticated IT security systems, Net Works has the scale and expertise to protect your operations and sensitive data. We also offer best-in-class cybersecurity protection because your IT infrastructure is too important to settle for less. By partnering with us, you will have trusted experts in your corner if disaster strikes. Contact Net Works today and be ready for whatever hacking tactics come your way.

Phishing……Tricky Tricky

Spear Phishing Gets More Sophisticated

Elon Musk’s Tesla roadster is currently floating through space, most of us have a virtual personal assistant that lives in our pockets, and we’re having lengthy customer service conversations with chat bots. Technology has gotten more sophisticated in every way (aside from that printer that never seems to work). In this climate of innovation, hackers have learned a few lessons, too. Spear phishing attacks have become so complex that they have the power to trick even the most savvy user. Is your business ready?

 

What is Spear Phishing?

 

A study released by the Better Business Bureau in October 2017 revealed that 90 percent of cyberattacks on businesses come through phishing emails. All phishing attacks rely on trust. Hackers design fraudulent emails that create a sense of urgency, inciting panic and causing people to give up sensitive information before thinking of possible risks. These messages are disguised to look like critical security alerts or important work-related information. There are many giveaways that help employees recognize these attacks, from too many typos to generic greetings like, “Dear Customer.” In a spear phishing attack, hackers target specific users, tailoring their messages with personal information to make their requests seem legitimate. Recently, they’ve taken these tactics to the next level.

 

Three Spear Phishing Trends

 

  • Playing the long game

Hackers can be very patient. They may obtain one employee’s login information, then monitor their emails to learn about your organization. They will determine who the decision makers are at your business and learn what types of attachments employees tend to send and receive so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.

 

  • Hijacking email threads
    Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.

 

  • Bypassing your spam filters

Don’t depend on your email filters to catch spear phishing attempts. Hackers have figured out how to bypass those filters and end up in your main inbox. They have done this by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems like Gmail and Office365 into thinking the links are coming from their own products. In this environment, how can you know the difference between a trusted communication and a spear phishing attack? Partner with an MSP like Net Works. We can help you identify suspicious communications. If you’re ever unsure, it’s always a good idea to check in with your trusted IT experts.

 

Spear Phishing in the News

 

In February 2018, hackers targeted Netflix subscribers, sending emails saying the user’s accounts had been deactivated because the billing information could not be validated. The emails greeted the recipient by name, and the message instructed them to click on a link to reactivate the account. The link took them to a fake Netflix login page. After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. Because people often recycle passwords, or use very similar passwords with slight variations, the hackers could use those login credentials to gain access to the user’s other accounts. Imagine if this happened to one of your employees using their work email for their Netflix account.

 

We Can Help You Protect Your Business

 

Spear phishing attacks are frequent and they are getting harder to recognize. You don’t have to face these attacks alone. We are here to help you protect your business. Contact Net Works today.

Early WARNING Signs

Five Signs That You’ve Been Hacked

January 28 is Data Privacy Day, and the New Year is the right time for implementing resolutions and fresh starts. Have you resolved to be more vigilant in 2018? Your small business cannot afford to overlook the dangers posed by hackers who are getting more sophisticated every year. But how do you know if you’ve been hacked?

Here are five tell-tale giveaways that your device has been compromised.

  1. Spam emails are being sent from your company computers and email accounts.

Spam emails look legitimate because they are coming from your trusted email address.  Many of your customers may open them, annoying your subscribers and possibly leaving them open to security threats of their own. Monitor your sent folder as much as you monitor your inbox to be sure all outgoing communications are actually from you.

  1. Slow internet connection.

When hackers gain access to your network they begin using your bandwidth for themselves.

  1. Unauthorized programs have been installed on your network.

If you notice an unfamiliar program that was not authorized, documented, or installed by anyone within your organization, don’t brush this off as something an employee must have done. While there may be an innocent explanation, this can also be a sign that a hacker has invaded your network. If you don’t recognize a program, you should not click on it without checking with Net Works first. You will never regret caution.

  1. Unfamiliar programs are requesting access to your network, or your Firewalls or other security programs have been uninstalled.

If your security systems are dismantled or missing, unfettered access to your systems may be allowed to wreak havoc in your network.

  1. Visitors to your home page are redirected to another site or antivirus solutions are flagging your site.

An internet search for your site results in error messages that warn the searcher that malware has been detected on your site.  This warning means that hackers have certainly uploaded some sort of malicious software to your system.

What can you do if you have noticed these signs? Contact Net Works. We are your cyber-security experts and we will perform a full security audit on your entire system. We keep up with the latest strategies used by hackers to steal your data so you don’t have to. Don’t risk downtime, loss of data or taking a financial hit due to hackers. Contact Net Works today, or celebrate Data Privacy Day by resolving to give us a call on January 28!

BYOD…. it’s what is standing between you and your network security

Is a Bring Your Own Device (BYOD) Policy Right for Your Business in 2018?

 

As 2017 winds down, it is time to forecast the workplace technology trends for 2018 and anticipate how these trends can impact your small business. We are in the business of making sure you are prepared for what the changing technology environment will throw your way.

 

One of the biggest trends is Bring Your Own Device, or BYOD. These policies allow employees to use their own laptops, tablets and smartphones for work, accessing shared files through the cloud.

 

What are the benefits of this kind of system for your business?

 

Your team may not be in the office from 9-5 Monday-Friday (remote work and telecommuting is another big 2018 workplace trend).

 

There are many benefits to BYOD policies. Switching between devices leaves additional room for errors and inconveniences that could result in lost productivity, such as leaving an important document saved on the office desktop and being unable to access it over the weekend. When your employees are using their own devices, instead of switching from one device for work and using another at home, it is less likely they will be able to access the files when they need them, increasing their ability to be productive.

 

There is also cost saving element associated with this type of policy as your company does not have to shoulder the burden of purchasing hardware. Employees may even like being allowed to use their own preferred devices. After all, as so many people already own a smartphone, providing a company cell phone may be unnecessary, even cumbersome as users need to switch between their work and personal mobile devices. Instead of buying a laptop when you onboard a new employee, you may only need to purchase supplemental software like Photoshop and antivirus solutions. Having company-purchased software like the Adobe Creative Suite that they may not otherwise access can be an additional perk of the job, improving your relationship with your employees. They also get to use the devices with which they are most comfortable or familiar, instead of being a Mac user at home who must adjust to a PC at the office, or vice versa. In many ways, the policy seems like a win for everyone involved, but BYOD workplaces also have their share of risks.

 

What are the risks?

 

Your employees are not all going to be IT professionals, and that means that BYOD policies leave more room for user error and security risks than if every worker is using devices selected and maintained by your IT department. You will need to set specific security policies, and look at providing a secure network for your employees to access from home, rather than accessing unsecured WIFI networks. When you implement a BYOD policy, you necessarily give up a level of control. When an employee leaves that device goes with them, and with it, potentially sensitive information like company passwords.

 

 

There are many reasons that BYOD policies are becoming more and more common, but is it right for your company? We have outlined some of the general productivity, cost and convenience considerations. We can also help you assess the costs and benefits of a BYOD policy for your unique business, and create a cybersecurity strategy for you. Don’t worry about figuring it out on your own; contact Net Works today!

Where is your data?

Shadow IT – The Risk Lurking in Your Company’s Devices

 

Do you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT team. There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed.

 

In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are becoming more and more tech savvy, and it is less likely that every portion of IT in use has gone through a thorough IT department vetting process.

 

At this point, it is difficult to imagine an organization that is not implementing Shadow IT. Managers and employees are now selecting their own IT services independently. In many ways, this allows employees to be more agile and productive. There are countless tools employees and departments may innocently implement without thinking they need to involve IT.

 

With file sharing solutions like Dropbox and Hightail, to free project management platforms like Asana, employees are constantly finding new ways to efficiently collaborate and share data from wherever they happen to be. They no longer need to be in the office to check the status of a project or access sensitive documents. In fact, Shadow IT also includes hardware, like personal laptops your employees might use to accomplish business-related tasks over the weekend. These devices may not be as secure as what they use in the office, and could expose your files to greater risks.

 

Certainly, no one wants to discourage employees from creating efficiencies. However, as a business owner, you should always balance risk and reward. The cost of increased employee productivity may be security. Not all employees understand when they are sharing sensitive business data in insecure ways. Employees are looking for ways to hit and exceed their goals, not necessarily thinking about cyber security. They are likely to choose programs for ease of use and convenience without noticing a lack of important security features like two-factor authorization or encryption.

 

In addition to an increased risk of data breaches or attacks by hackers, there are also many other hidden monetary costs associated with Shadow IT. Dozens of employees may be using the same application, but all are paying for it individually instead of benefiting from a volume-based discount. Costs like this add up and impact your business.

 

As a Small Business Owner, you don’t have the time to check every device for Shadow IT, or find out about every digital tool your employees are implementing. Your trusted Managed Service Provider has the knowledge to assess your organization’s Shadow IT usage. Sometimes, a gap in your existing, approved IT systems could cause employees to seek outside technology resources. Other times, one or two employees have found a tool that, if implemented correctly and with all proper security procedures, could improve productivity for employees across your business. We’ll bring your company’s Shadow IT into the light. We will help you evaluate the risks and benefits of the Shadow IT in place at your business, and work with you to determine the next steps. Don’t let Shadow IT go unchecked. Contact Net Works today!

 

Spear Phishing – Avoiding the Trap

Phishing is an attack designed to trick Internet users into giving away confidential information, typically by sending an e-mail posing as a legitimate organization (like a financial institution) and linking to a website disguised as one associated with that institution. Spear phishing is a more sophisticated version of phishing that takes these attacks to the next level. Instead of sending mass communications to a large group of people, spear phishing specifically targets individuals using personal information such as geographic location, recent purchases, or a list of friends to make their requests seem more believable.

 

Why Spear Phishing?

Spear phishing is becoming increasingly more common because they are harder to identify than traditional phishing attacks. The e-mails and phone calls are more personalized therefore, many people fall into the trap.

 

What do these attacks look like? As an example, you may be a Mac user who gets a call from an individual claiming to be an Apple representative, requesting remote access to your computer to fix a bug.  Consequently, if you are a Windows user who gets a phone call from someone claiming to be from Microsoft. More likely, it is probable that this is an attack especially if you have not submitted any type of service request – if the communication is unsolicited, be very wary.

 

Social Media

Your social media profiles are an asset to spear phishing attackers. The more personal information that you make publicly available, the more these attackers can personalize their communications to you and pose as a reputable contact. In today’s world, we give away so much information through social media posts, we don’t always stop to think of how that information may be used against us. Maybe we use Twitter to contact a company regarding a customer service complaint- now an attacker knows that we might expect a communication from that company. Our digital footprints are easier to track than ever.  While that doesn’t mean we need to stop communicating with companies through social media, it does mean we need to be vigilant.

 

Signs of Spear Phishing

We will continue with the examples used above. Let’s say you tweet about a specific brand with a customer service complaint. Shortly thereafter, you receive an e-mail from that company apologizing and offering a coupon code for you to use online or in one of their brick and mortar stores. Is there a reason to be suspicious?  In this case, you have reached out to the brand. They may have been able to find your e-mail address if it was on your social media account, or by searching your name and location in their customer database if you have a history of communicating with them. The company is offering you a coupon as compensation, but is not requesting any further information from you to access the discount. Any links in this e-mail go to their official website, not version with a slightly modified name. This is likely to be a communication you can trust.

 

Now, imagine getting a different e-mail. In this message, the company reaches out to you with a letter of apology. They tell you they would like to compensate you, but will need personal information from you to process your gift, like banking details, date of birth, and social security number. The website where you would enter this information may be a somewhat modified version of the company’s official website, (e.g. instead of examplecompany.com you will be sent to examplecompany-gift.com). This email raises red flags!  In this case, we strongly caution you against entering your information, as once collected may be used to access many of your other accounts.

 

What to do if you’ve been attacked 

Spear phishing attacks continue to get more sophisticated, and mistakes can happen. If you are caught in an attack, what can you do to mitigate the damage? The first step is to contact a dependable and qualified managed service provider.  At Net Works, we are your trusted technology resource.  We will help figure out exactly what was stolen by the hackers and help to unwind the damage that was done.  Don’t face the underbelly of the internet all on your own! Get Net Works on your side, contact us today!

Ransomware…..right in your backyard

Ransomware attacks continue to make headlines therefore, being proactive is critical. Hospitals, universities, SMBs and even government offices have found themselves a victims of these attacks. You must take every precaution against Ransomware attacks, especially as they become more and more frequent. In this climate of threats, it is necessary to add as many layers of protection as possible. That’s where File Folder Sharing (FFS) comes into play.

 

FFS is the practice of sharing or offering access to digital information or resources, including documents, multimedia (audio/video), graphics, computer programs, images and e-books. It is the private or public distribution of data or resources in a network with different levels of sharing privileges.

 

FFS is convenient, and allow your team members to work on projects and collaborate no matter where they are; it also gives you the added layer of protection necessary in today’s world. Securing backups in the cloud can save files that would have been compromised. Your device may be infected, but with files backed up in the cloud, you can restore them quickly and thwart the attack.

 

At first glance, FFS products may appear to be identical. But the features they offer vary, and certain systems offer more protection than others.

 

How do you know which FFS option is right for your business? Should you make choices based on cost or are there certain “must have” features? Is a popular, well-known and widely used product best, or does it simply have the best name recognition? Is it worth spending more for a product that offers end-to-end encryption to avoid higher costs in the event of an attack?

 

To answer these questions accurately and assess which FFS product is right for you takes time, research, and expertise. Do not try to make this important decision on your own!  You need a specialist to guide your choice.

 

At Net Works —we are experts who stay knowledgeable on both current cybersecurity best practices and the tools available in the market today.

 

The right FFS product can make a critical difference for you if a Ransomware attack strikes. Differentiate yourself from your competitors who are not investing in security.  Avoid the pitfalls of Ransomware attacks by talking to Net Works to determine the best strategies and products to meet your security needs. Don’t be caught off guard if an attacker strikes.