Phishing……Tricky Tricky

Spear Phishing Gets More Sophisticated

Elon Musk’s Tesla roadster is currently floating through space, most of us have a virtual personal assistant that lives in our pockets, and we’re having lengthy customer service conversations with chat bots. Technology has gotten more sophisticated in every way (aside from that printer that never seems to work). In this climate of innovation, hackers have learned a few lessons, too. Spear phishing attacks have become so complex that they have the power to trick even the most savvy user. Is your business ready?

 

What is Spear Phishing?

 

A study released by the Better Business Bureau in October 2017 revealed that 90 percent of cyberattacks on businesses come through phishing emails. All phishing attacks rely on trust. Hackers design fraudulent emails that create a sense of urgency, inciting panic and causing people to give up sensitive information before thinking of possible risks. These messages are disguised to look like critical security alerts or important work-related information. There are many giveaways that help employees recognize these attacks, from too many typos to generic greetings like, “Dear Customer.” In a spear phishing attack, hackers target specific users, tailoring their messages with personal information to make their requests seem legitimate. Recently, they’ve taken these tactics to the next level.

 

Three Spear Phishing Trends

 

  • Playing the long game

Hackers can be very patient. They may obtain one employee’s login information, then monitor their emails to learn about your organization. They will determine who the decision makers are at your business and learn what types of attachments employees tend to send and receive so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.

 

  • Hijacking email threads
    Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.

 

  • Bypassing your spam filters

Don’t depend on your email filters to catch spear phishing attempts. Hackers have figured out how to bypass those filters and end up in your main inbox. They have done this by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems like Gmail and Office365 into thinking the links are coming from their own products. In this environment, how can you know the difference between a trusted communication and a spear phishing attack? Partner with an MSP like Net Works. We can help you identify suspicious communications. If you’re ever unsure, it’s always a good idea to check in with your trusted IT experts.

 

Spear Phishing in the News

 

In February 2018, hackers targeted Netflix subscribers, sending emails saying the user’s accounts had been deactivated because the billing information could not be validated. The emails greeted the recipient by name, and the message instructed them to click on a link to reactivate the account. The link took them to a fake Netflix login page. After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. Because people often recycle passwords, or use very similar passwords with slight variations, the hackers could use those login credentials to gain access to the user’s other accounts. Imagine if this happened to one of your employees using their work email for their Netflix account.

 

We Can Help You Protect Your Business

 

Spear phishing attacks are frequent and they are getting harder to recognize. You don’t have to face these attacks alone. We are here to help you protect your business. Contact Net Works today.

Early WARNING Signs

Five Signs That You’ve Been Hacked

January 28 is Data Privacy Day, and the New Year is the right time for implementing resolutions and fresh starts. Have you resolved to be more vigilant in 2018? Your small business cannot afford to overlook the dangers posed by hackers who are getting more sophisticated every year. But how do you know if you’ve been hacked?

Here are five tell-tale giveaways that your device has been compromised.

  1. Spam emails are being sent from your company computers and email accounts.

Spam emails look legitimate because they are coming from your trusted email address.  Many of your customers may open them, annoying your subscribers and possibly leaving them open to security threats of their own. Monitor your sent folder as much as you monitor your inbox to be sure all outgoing communications are actually from you.

  1. Slow internet connection.

When hackers gain access to your network they begin using your bandwidth for themselves.

  1. Unauthorized programs have been installed on your network.

If you notice an unfamiliar program that was not authorized, documented, or installed by anyone within your organization, don’t brush this off as something an employee must have done. While there may be an innocent explanation, this can also be a sign that a hacker has invaded your network. If you don’t recognize a program, you should not click on it without checking with Net Works first. You will never regret caution.

  1. Unfamiliar programs are requesting access to your network, or your Firewalls or other security programs have been uninstalled.

If your security systems are dismantled or missing, unfettered access to your systems may be allowed to wreak havoc in your network.

  1. Visitors to your home page are redirected to another site or antivirus solutions are flagging your site.

An internet search for your site results in error messages that warn the searcher that malware has been detected on your site.  This warning means that hackers have certainly uploaded some sort of malicious software to your system.

What can you do if you have noticed these signs? Contact Net Works. We are your cyber-security experts and we will perform a full security audit on your entire system. We keep up with the latest strategies used by hackers to steal your data so you don’t have to. Don’t risk downtime, loss of data or taking a financial hit due to hackers. Contact Net Works today, or celebrate Data Privacy Day by resolving to give us a call on January 28!

BYOD…. it’s what is standing between you and your network security

Is a Bring Your Own Device (BYOD) Policy Right for Your Business in 2018?

 

As 2017 winds down, it is time to forecast the workplace technology trends for 2018 and anticipate how these trends can impact your small business. We are in the business of making sure you are prepared for what the changing technology environment will throw your way.

 

One of the biggest trends is Bring Your Own Device, or BYOD. These policies allow employees to use their own laptops, tablets and smartphones for work, accessing shared files through the cloud.

 

What are the benefits of this kind of system for your business?

 

Your team may not be in the office from 9-5 Monday-Friday (remote work and telecommuting is another big 2018 workplace trend).

 

There are many benefits to BYOD policies. Switching between devices leaves additional room for errors and inconveniences that could result in lost productivity, such as leaving an important document saved on the office desktop and being unable to access it over the weekend. When your employees are using their own devices, instead of switching from one device for work and using another at home, it is less likely they will be able to access the files when they need them, increasing their ability to be productive.

 

There is also cost saving element associated with this type of policy as your company does not have to shoulder the burden of purchasing hardware. Employees may even like being allowed to use their own preferred devices. After all, as so many people already own a smartphone, providing a company cell phone may be unnecessary, even cumbersome as users need to switch between their work and personal mobile devices. Instead of buying a laptop when you onboard a new employee, you may only need to purchase supplemental software like Photoshop and antivirus solutions. Having company-purchased software like the Adobe Creative Suite that they may not otherwise access can be an additional perk of the job, improving your relationship with your employees. They also get to use the devices with which they are most comfortable or familiar, instead of being a Mac user at home who must adjust to a PC at the office, or vice versa. In many ways, the policy seems like a win for everyone involved, but BYOD workplaces also have their share of risks.

 

What are the risks?

 

Your employees are not all going to be IT professionals, and that means that BYOD policies leave more room for user error and security risks than if every worker is using devices selected and maintained by your IT department. You will need to set specific security policies, and look at providing a secure network for your employees to access from home, rather than accessing unsecured WIFI networks. When you implement a BYOD policy, you necessarily give up a level of control. When an employee leaves that device goes with them, and with it, potentially sensitive information like company passwords.

 

 

There are many reasons that BYOD policies are becoming more and more common, but is it right for your company? We have outlined some of the general productivity, cost and convenience considerations. We can also help you assess the costs and benefits of a BYOD policy for your unique business, and create a cybersecurity strategy for you. Don’t worry about figuring it out on your own; contact Net Works today!

Where is your data?

Shadow IT – The Risk Lurking in Your Company’s Devices

 

Do you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT team. There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed.

 

In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are becoming more and more tech savvy, and it is less likely that every portion of IT in use has gone through a thorough IT department vetting process.

 

At this point, it is difficult to imagine an organization that is not implementing Shadow IT. Managers and employees are now selecting their own IT services independently. In many ways, this allows employees to be more agile and productive. There are countless tools employees and departments may innocently implement without thinking they need to involve IT.

 

With file sharing solutions like Dropbox and Hightail, to free project management platforms like Asana, employees are constantly finding new ways to efficiently collaborate and share data from wherever they happen to be. They no longer need to be in the office to check the status of a project or access sensitive documents. In fact, Shadow IT also includes hardware, like personal laptops your employees might use to accomplish business-related tasks over the weekend. These devices may not be as secure as what they use in the office, and could expose your files to greater risks.

 

Certainly, no one wants to discourage employees from creating efficiencies. However, as a business owner, you should always balance risk and reward. The cost of increased employee productivity may be security. Not all employees understand when they are sharing sensitive business data in insecure ways. Employees are looking for ways to hit and exceed their goals, not necessarily thinking about cyber security. They are likely to choose programs for ease of use and convenience without noticing a lack of important security features like two-factor authorization or encryption.

 

In addition to an increased risk of data breaches or attacks by hackers, there are also many other hidden monetary costs associated with Shadow IT. Dozens of employees may be using the same application, but all are paying for it individually instead of benefiting from a volume-based discount. Costs like this add up and impact your business.

 

As a Small Business Owner, you don’t have the time to check every device for Shadow IT, or find out about every digital tool your employees are implementing. Your trusted Managed Service Provider has the knowledge to assess your organization’s Shadow IT usage. Sometimes, a gap in your existing, approved IT systems could cause employees to seek outside technology resources. Other times, one or two employees have found a tool that, if implemented correctly and with all proper security procedures, could improve productivity for employees across your business. We’ll bring your company’s Shadow IT into the light. We will help you evaluate the risks and benefits of the Shadow IT in place at your business, and work with you to determine the next steps. Don’t let Shadow IT go unchecked. Contact Net Works today!

 

Spear Phishing – Avoiding the Trap

Phishing is an attack designed to trick Internet users into giving away confidential information, typically by sending an e-mail posing as a legitimate organization (like a financial institution) and linking to a website disguised as one associated with that institution. Spear phishing is a more sophisticated version of phishing that takes these attacks to the next level. Instead of sending mass communications to a large group of people, spear phishing specifically targets individuals using personal information such as geographic location, recent purchases, or a list of friends to make their requests seem more believable.

 

Why Spear Phishing?

Spear phishing is becoming increasingly more common because they are harder to identify than traditional phishing attacks. The e-mails and phone calls are more personalized therefore, many people fall into the trap.

 

What do these attacks look like? As an example, you may be a Mac user who gets a call from an individual claiming to be an Apple representative, requesting remote access to your computer to fix a bug.  Consequently, if you are a Windows user who gets a phone call from someone claiming to be from Microsoft. More likely, it is probable that this is an attack especially if you have not submitted any type of service request – if the communication is unsolicited, be very wary.

 

Social Media

Your social media profiles are an asset to spear phishing attackers. The more personal information that you make publicly available, the more these attackers can personalize their communications to you and pose as a reputable contact. In today’s world, we give away so much information through social media posts, we don’t always stop to think of how that information may be used against us. Maybe we use Twitter to contact a company regarding a customer service complaint- now an attacker knows that we might expect a communication from that company. Our digital footprints are easier to track than ever.  While that doesn’t mean we need to stop communicating with companies through social media, it does mean we need to be vigilant.

 

Signs of Spear Phishing

We will continue with the examples used above. Let’s say you tweet about a specific brand with a customer service complaint. Shortly thereafter, you receive an e-mail from that company apologizing and offering a coupon code for you to use online or in one of their brick and mortar stores. Is there a reason to be suspicious?  In this case, you have reached out to the brand. They may have been able to find your e-mail address if it was on your social media account, or by searching your name and location in their customer database if you have a history of communicating with them. The company is offering you a coupon as compensation, but is not requesting any further information from you to access the discount. Any links in this e-mail go to their official website, not version with a slightly modified name. This is likely to be a communication you can trust.

 

Now, imagine getting a different e-mail. In this message, the company reaches out to you with a letter of apology. They tell you they would like to compensate you, but will need personal information from you to process your gift, like banking details, date of birth, and social security number. The website where you would enter this information may be a somewhat modified version of the company’s official website, (e.g. instead of examplecompany.com you will be sent to examplecompany-gift.com). This email raises red flags!  In this case, we strongly caution you against entering your information, as once collected may be used to access many of your other accounts.

 

What to do if you’ve been attacked 

Spear phishing attacks continue to get more sophisticated, and mistakes can happen. If you are caught in an attack, what can you do to mitigate the damage? The first step is to contact a dependable and qualified managed service provider.  At Net Works, we are your trusted technology resource.  We will help figure out exactly what was stolen by the hackers and help to unwind the damage that was done.  Don’t face the underbelly of the internet all on your own! Get Net Works on your side, contact us today!

Ransomware…..right in your backyard

Ransomware attacks continue to make headlines therefore, being proactive is critical. Hospitals, universities, SMBs and even government offices have found themselves a victims of these attacks. You must take every precaution against Ransomware attacks, especially as they become more and more frequent. In this climate of threats, it is necessary to add as many layers of protection as possible. That’s where File Folder Sharing (FFS) comes into play.

 

FFS is the practice of sharing or offering access to digital information or resources, including documents, multimedia (audio/video), graphics, computer programs, images and e-books. It is the private or public distribution of data or resources in a network with different levels of sharing privileges.

 

FFS is convenient, and allow your team members to work on projects and collaborate no matter where they are; it also gives you the added layer of protection necessary in today’s world. Securing backups in the cloud can save files that would have been compromised. Your device may be infected, but with files backed up in the cloud, you can restore them quickly and thwart the attack.

 

At first glance, FFS products may appear to be identical. But the features they offer vary, and certain systems offer more protection than others.

 

How do you know which FFS option is right for your business? Should you make choices based on cost or are there certain “must have” features? Is a popular, well-known and widely used product best, or does it simply have the best name recognition? Is it worth spending more for a product that offers end-to-end encryption to avoid higher costs in the event of an attack?

 

To answer these questions accurately and assess which FFS product is right for you takes time, research, and expertise. Do not try to make this important decision on your own!  You need a specialist to guide your choice.

 

At Net Works —we are experts who stay knowledgeable on both current cybersecurity best practices and the tools available in the market today.

 

The right FFS product can make a critical difference for you if a Ransomware attack strikes. Differentiate yourself from your competitors who are not investing in security.  Avoid the pitfalls of Ransomware attacks by talking to Net Works to determine the best strategies and products to meet your security needs. Don’t be caught off guard if an attacker strikes.

School’s Back!!! Want us to grade your Network?

Keeping your organization running smoothly and moving forward can sometimes feel like a juggling act.  Personnel issues, supply chain snags, and long term planning; your days can just fly by.  It is tempting to just put your IT network in the back of your mind and only deal with it when problems arise.  However, unless you have performed a full Network Assessment you could be heading for trouble.

 

A Network Assessment is a complete review of all your organization’s existing IT infrastructure, security protocols, management, and performance.  Once you have a comprehensive view of the state of your IT, you will be able to identify areas of improvement and make strategic business decisions.  Don’t wait until you are contemplating a big project or until your organization has grown to the point that you aren’t quite sure of exactly what is going on throughout your network; by being proactive, problems will be caught early, solutions found, and your network’s performance can be tracked over time.

The four main areas a Network Assessment will help identify: 

Weaknesses in your cyber security protocols that need immediate attention to avoid any adverse impacts to your operations and networks.

Overused or underused technology resources. The technology needs of your teammates can differ widely and some departments may require more network resources than others.  By looking at your entire system you will be able to optimize your resources.

Bandwidth bottlenecks.  As more and more organizations move their operations into the cloud, more bandwidth is oftentimes required.  Streaming videos, running programs, and downloading files can all slow down your network.

Advantages and potential problems of rolling out new technologies.  A full Network Assessment will allow you to plan for your future technology needs by identifying how any changes will fit into your current framework.  What should the timeline for any improvement be?  What integration points do you need to keep in mind or prepare for?  With a full Network Assessment, you can employ a strategic approach to your technology plans rather than just keeping up with your organization’s needs.

 

A full Network Assessment is key to any comprehensive technology strategy.  Don’t drop the ball when it comes to your IT.  Your technology is too important for you to ignore.  Get Net Works, as your IT partner.  We will perform a Network Assessment across your entire IT environment.  Together, we will map out a course that will continue to move your organization forward.  Stop trying to juggle your IT needs!  Contact Net Works Today!

We’ll help to keep you organized and efficient so you can do what you do best!

As a business owner, you have enough on your plate keeping your organization moving forward and getting ready to face new challenges.  You need to be prepared to take advantage of new opportunities when they come your way.  Are you losing sleep over IT worries?  How can you ensure that you are moving in the right direction when most of your time is consumed with figuring out IT issues?  Even more, are you ignoring your IT and hoping for smooth sailing?  That is the surest way to end up in the middle of an IT disaster!  This 4th of July as we celebrate our nation’s independence, declare your independence from IT worry!  With Net Works, you can rest easy knowing that we have your back and are working in your best interests.

 

Never again will you have to waste valuable time ensuring your hardware is running properly or fixing any issues that come up.  At Net Works, our technicians hold the most up to date certifications and are there to handle any issues you have.

 

Never again will you have to worry if all your software is up to date or if you are vulnerable to malware because of a missed patch install.  At Net Works, we handle all of your updates and security protocols.  If you ever face a disaster natural or otherwise, you can rest easy knowing that your data will be safe in our data center.  Ensuring that your office can continue to function even if your physical location is compromised.

 

Never again will you have to deal with a blown IT budget because of unexpected problems.  At Net Works, we partner with all of our clients to map out a comprehensive plan for their technology infrastructure.  With a plan in place you will know that any of your future technological needs will be met without any surprise costs.

 

Never again will you have to wonder if your organization is falling behind the technological curve.  At Net Works, we have the knowledge and the resources to allow you to exploit the newest technological advances quickly.  You will always be one step ahead of your competitors’.

 

At Net Works, we are information technology experts.  We will handle all of your technology needs so you can get back to focusing on your business.  Declare your freedom from IT worries Get Net Works, on your team.  Contact us today!

 

 

 

Find Time and Outlook Add-Ons

Any SMB owner knows that time is money.  At Net Works, we are always looking for ways that you can maximize your and your team’s productivity.  In our collaborative work environments, meetings are essential to hold, but also can be a nightmare to schedule.  Team members can be working remotely, members outside your organization can be on the road based in any region of the country, or even around the world; making scheduling a meeting a challenge.   Fortunately, Microsoft has a solution to ease this burden.  Find Time is a free add-on to their nearly ubiquitous Outlook email program.  It is simple to use and very convenient.  Once the add-on is installed, you will see a button in the upper right hand bar of your Outlook dashboard.  Once you click  the button, the steps to scheduling a meeting are easy!

  • Choose the attendees you wish to invite
  • Propose a few different days and times to meet
  • Let people vote on the time that works best for them.
  • Once a consensus is reached the meeting invites are automatically sent out.

There are a couple of other great features in Find Time.  You can alert people to your preferred meeting time; allowing your invitees to see if they can make that time work.  You can see the time most people within your organization are available; allowing you to see if you can move things around to meet with people at their most convenient day and time.  With Find Time you can spend your time meeting rather than sending out numerous emails and making phone calls trying to find a time to meet.  At Net Works, we work to stay abreast of all new developments that will help you to increase your productivity.  Net Works is your IT department.  We stay current, and alert you to all recent upgrades in the tech world so you don’t have to.  When it comes to serving your business I.T. needs, we’re IT!  Contact us today.