Security - Machado Consulting's News You Can Use | Worcester, Massachusetts | Machado Consulting

Login

Machado Consulting's News You Can Use

Welcome to our blog where you can find everything from tech-tips to keeping your data secure. Have any questions? We'd love to hear from you!

Business Ransomware Increases by 500%. 5 Tips to Make Sure You Aren’t Next.

Business Ransomware Increases by 500%. 5 Tips to Make Sure You Aren’t Next.

Originally published as "Tip of the Week: Ransomware is Exploding, is Your Business Ready for the Blast?"

When it comes to internet threats, ransomware is the one that causes the most fear, especially for small and medium-sized businesses, and the fear is based in reality.  According to the Malwarebytes 2019 Cybercrime Tactic’s and Techniques report, in comparison to last year, the rise of business ransomware has increased over 500%. It’s time to make sure that you’re doing what you can to stop your business from becoming another ransomware statistic. Here are five good tips that will help you avoid becoming a victim of the next big ransomware attack.

 

1. Get Smart: You and your employees are the first line of defense against ransomware - and all malware. You need to invest time to educate yourself and your employees about the dangers and consequences of an attack, and best practices to protect yourself, your data and your network from a cyber threat. Keep yourself apprised of the best ways to prevent victimization.
2. Back It Up: Regularly backing up data is the most effective way to prevent losing your data from ransomware. If a ransomware attack does find its way onto your network, you have a copy of that network and data backed up in its entirety from just a few minutes before. 96% of companies with a trusted backup and disaster recovery plan were able to survive ransomware attacks. The copy of your backup shouldn’t be stored on the infected network.
3. Keep Security Software and Patches Up-to-Date: New ransomware is always being introduced. New variants of malware are always being created, which threaten your network. Luckily, your operating system and software are always working overtime to come up with ways to keep your data and network security. Updating your security software and paying attention to patches is a great way to make sure that you’re protected when ransomware strikes.
4. Beware of Email: One of the primary methods of ransomware transmission and infection is email. According to Proofpoint researchers, nearly 30% of the most targeted malware and phishing attacks were directed at generic email accounts, like . Users should be cautious of any email that is unsolicited or unexpected, particularly if there is a link or attachment.
5. DON’T PAY THE RANSOM: Paying ransom is no guarantee that you’re going to get your data back. The first payment is often a gateway to increasing demands and your data is still gone. Don’t Pay the Ransom! Instead of paying the criminals who have hijacked your data - contact your IT service provider and let them know what is going on.

That is just for starters - for those of you who want to make sure they’re doing everything possible to reduce their chance of contracting ransomware, reach out to our security experts today at (508) 453-4700.

It’s estimated that ransomware attacks will reach 11.5 billion annually by 2019, and that number only includes those who pay the ransom. Imagine if everyone who was attacked paid their ransom. Are you familiar with these five ransomware tips? Is there anything else you have found to be effective? Let us know in the comments below.

Continue reading
0 Comments

The Endless Line of Costs from a Data Breach

The Endless Line of Costs from a Data Breach

Picture this… In your office you have a bag filled with thousands of envelopes. In each envelope there is $242 in cash. Unbeknownst to you, a thief has gained access to your office, but you don’t realize this until 279 days later. How much is this going to cost your business?

Continue reading
0 Comments

Access Management Failings Keep Businesses Targeted

Access Management Failings Keep Businesses Targeted

Your business’ data is precious, and it goes without saying that there are plenty of entities out there that want to get their grubby little fingers all over it. This is especially the case these days, when credentials and remote access tools can be purchased on the black market and leveraged against organizations of all sizes. If you don’t take action to keep your data secure from unauthorized access, you could face steep fines from compliance issues, not to mention the embarrassment of not being able to protect your organization’s data.

Continue reading
0 Comments

Are You a Security Threat?

Are You a Security Threat?

Just like you can form habits to be more productive, you can also form habits that expose your organization to risky situations, namely security problems. Your employees in particular are likely to have picked up a couple of nasty habits over time, so it’s up to you to address them and keep them from becoming an issue in the long term.

Continue reading
0 Comments

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

What do you do when one of your well-performing employees routinely falls for phishing attacks? On the whole, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize staff training regarding phishing attacks, and they aren't following protocol, do you replace the employee? 

Continue reading
0 Comments

How to Properly Train Your Staff to Avoid Phishing Attacks

How to Properly Train Your Staff to Avoid Phishing Attacks

In the late 1970s and early 1980s, Bell telephone companies were making a mint off of offering the ability to call your friends and family that lived outside your predefined region, charging up to $2 per minute (during peak hours) for long-distance calls. The problem for many people was that these regions kept shrinking. Some people decided to combat this costly system by reverse-engineering the system of tones used to route long-distance calls, thus routing their calls without the massive per-minute charges demanded by long-distance providers. These people were called Phreakers, and they were, in effect, the first hackers.

Cut to the modern-day, most domestic long-distance telephone calls are free relegating Phreakers to the annals of history. Hackers today thrive in digital environments, using tools and strategies that the average person has no idea about to get access to data. Why would they want data?

What Motivates Hackers?

Of course, the motivation varies from hacker to hacker, but there are only a few things they can come away with. They can come out of a successful hack with leverage over a computing system in multiple ways, they occasionally can steal money, but most of today’s hackers are looking for data to mine. This is because the insatiable need (and abundance) of data can fetch a savvy hacker a pretty penny on the dark web.

No matter what their motivation is, to successfully hack a computing system, they need access. The network security tools that most businesses have in place, if properly updated, is typically enough to keep hackers out of your network. This reality has spiked the popularity of social engineering attacks such as phishing. If they can’t get into your network and infrastructure though software or through straight network hacks, they need to gain access through deception. 

What Exactly is Phishing?

Phishing is exactly what the name implies. You bait a hook (of sorts) by way of messages directly to end-users. This can be through any communications method available. Email phishing is the most prevalent for businesses, but phishing attempts through the telephone, social media accounts, and even instant messaging services have grown in popularity. 

The phishing message will either lead you to a fake page that will collect personal information, or in the form of an attachment that will download malware on a system. Once the malware is in, it will immediately find credentials and other noteworthy data, and in a couple mouse clicks, your company’s network and infrastructure are exposed.

Some real nasty strains of malware (called ransomware) will encrypt your system files and then provide you with a message effectively holding your system’s (or worse yet, your business’) data for ransom. Failure to pay in the time provided will erase all the data and cause irreparable harm to your business.

Training Your Employees

Kaspersky Lab said that they detected 482.5 million phishing redirects in total in 2018, effectively doubling the amount found in 2017. That’s a dubious trend that doesn’t seem to be altering course any time soon. As a result, training your employees in how phishing attacks are successful is imperative. How you go about successfully doing that, and how you keep them up to date on what threats are currently making problems for people can be difficult.

Some suggest that embedded training, that is the training done in the normal course of business, is completely ineffective at mitigating phishing attacks. While it is our position that any training is better than no training, we suggest that the best type of training for your employees isn’t by looking to see how they would react, but proactive training. That is heightening their awareness to the threats that are out there. Phishing, in particular, is a hack that many people are exposed to daily, so there are some very specific things that they should get to understand to be better prepared if they do encounter a phishing attack. They include:

  1. What Phishing Is- Clearly define what phishing is and what forms of phishing they will likely come across. 
  2. What Email Address Spoofing Is- The way we like to explain it is it’s like robocalls that look like they are coming from a local number, but when you answer it is a party on the other end just spoofing local numbers. It’s easy to spoof email addresses in the same way.
  3. Phishing Subject Lines are Typically Aggressive- Whether they are enticing or threatening, phishing email subject lines almost always stand out. Once opened they typically continue that tone, manipulating users into making mistakes. 
  4. Phishing Isn’t Always Obvious- Today, there are spear-phishing tactics that use publicly-available information to target individuals within your company, such as making the email seem like it’s from your boss. 
  5. Phishing Uses Links and Attachments- Typically, just opening a phishing email won’t hurt you. It’s when you click on a link inside the phishing email/message or go to download an attachment from the email that you are in serious trouble. Teaching your staff to be wary of any attachment or link that they don’t know is important.

These are just the basics. Phishing can completely devastate your business, so if you are looking to put together a comprehensive training plan for your staff, reach out to the IT professionals at Machado Consulting. We can help you come up with a plan to get your staff the knowledge they need to keep your business safe and running efficiently. To learn more call us today at (508) 453-4700.

Continue reading
0 Comments

Network Security is Crucial for Every Organization

Network Security is Crucial for Every Organization

Avoiding risk is important for every business and with technology being omnipresent in most businesses, technology-based risks have grown in concert. As a result, the modern business owner and IT administrators need to understand the new risks and how to proactively work toward avoiding them.

Continue reading
0 Comments

European Union’s GDPR: One Year Later

European Union’s GDPR: One Year Later

2018 will be remembered as the year where data privacy was altered forever. From Facebook’s many problems to the launch of the European Union’s General Data Protection Regulation, data privacy has never been a bigger issue than it is today. Let’s take a look at how the GDPR has affected the computing world in 2018-19 and how the past year’s events have created new considerations in individual data privacy.

Continue reading
0 Comments

Using the Private Cloud Adds Security to Your Databases

Using the Private Cloud Adds Security to Your Databases

Cloud-based databases are valuable for businesses on plenty of levels, but when you consider how much risk you expose your organization to by using a public cloud over a private solution, you suddenly start to realize that the ramifications could be far beyond repair. Compared to the public cloud, a private solution presents a greater opportunity for security, flexibility, and customization.

Continue reading
0 Comments

Learn to Spot Phishing Attacks Beating Two-Factor Authentication

Learn to Spot Phishing Attacks Beating Two-Factor Authentication

Unfortunately, one of the most effective defenses against phishing attacks has suddenly become a lot less dependable. This means that you and your users must be ready to catch these attempts instead. Here, we’ll review a few new attacks that can be included in a phishing attempt, and how you and your users can better identify them for yourselves.

Continue reading
0 Comments

ALERT: Over a Million Asus Laptops Could Have Been Hacked

ALERT: Over a Million Asus Laptops Could Have Been Hacked

If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.

Continue reading
0 Comments

What is Encryption, and Why Do We Need It?

What is Encryption, and Why Do We Need It?

When encryption is discussed, one of its high points that business professionals try to hammer home is that it’s more secure. But what does encryption really mean for businesses? Does it adequately protect data and devices? We’ll walk you through a brief rundown of how encryption works and the role it plays in keeping your business secure.

Continue reading
0 Comments
Featured

Google Knows Where You Are: Here’s How to Stop Them

Google Knows Where You Are: Here’s How to Stop Them

Late in the summer 2018, there were several articles written about how Google would continue to track the location of a person’s smartphone after they had chosen to turn their location settings off. A Princeton researcher corroborated those claims for the Associated Press, traveling through New York and New Jersey with locations services off only to be tracked the entire way. Today, we will discuss this issue, and tell you what you need to know to keep Google from tracking you wherever you go.

Continue reading
0 Comments

Learn to Use Email Safely

Learn to Use Email Safely

Email is a core component of any business. 124.5 billion business emails are sent and received each day. That's a massive amount of communication and can be a wide-open door to security threats. Are the emails that are coming and going from your business secure?  In order to keep your email security at a premium, we have outlined the following tips:

Continue reading
0 Comments

Tip of the Week: Here Are a Few of Our Favorite Security Practices

Tip of the Week: Here Are a Few of Our Favorite Security Practices

There will never be a time that we are not committed to improving the security of businesses. To continue striving for this goal, we’re dedicating this week’s tip to describing some solutions that can assist in locking a business and its data down.

Continue reading
0 Comments

Don't Forget Physical Security Options

Don't Forget Physical Security Options

Data security isn’t the easiest thing in the world to plan for, especially if your organization doesn’t have any dedicated security professionals on-hand. While protecting your data with traditional methods, like passwords, firewalls, and antivirus, is important, what measures are you taking to make sure a thief or hacker isn’t just walking into your office and making off with your technology?

Continue reading
0 Comments

Prioritize the Protection of Your Google Account

Prioritize the Protection of Your Google Account

Chances are you have a Google account, whether it’s for business or personal use. It’s more accessible today than ever before and provides a solid way to gain access to several important features and accounts. Considering how much can be done with a Google account, users forget that they can put their security and personal data at risk. Here are some ways that your Google account is at risk, as well as what you can do to fix it.

Continue reading
0 Comments

Tip of the Week: Watch Out for Scammers During the Holidays

Tip of the Week: Watch Out for Scammers During the Holidays

Scammers find the holidays to be a wonderful time for stealing from unsuspecting victims. They know that the gift-giving season inspires others to spend a lot of money, which means that sensitive information, like credit card numbers, is up for grabs in bulk. As a consumer yourself, you’ll have to keep an eye out for these scams to make sure that you’re staying as safe as possible this holiday season.

Continue reading
0 Comments

During the Holidays, Cybersecurity Matters at Work and Home

During the Holidays, Cybersecurity Matters at Work and Home

We’re right in the thick of the holiday season, which means two things: one, there’s a lot of data being exchanged between businesses and consumers, and (on a related note) two: there’s ample opportunities for cybercrime, targeting business and consumer both. Whichever side of the coin you are on at any moment, you need to be aware of the risks, and how to mitigate them.

Continue reading
0 Comments

Tip of the Week: Visiting Useful Windows 10 Features

Tip of the Week: Visiting Useful Windows 10 Features

Windows 10 isn’t just a great operating system for getting things done--it’s also jam-packed with features that you might not even have known about. This week’s tip is all about some of the handy features that Windows 10 can provide for your office.

Continue reading
0 Comments

Search Blog

Subscribe to Our Blog