508-909-5961 [email protected]

The time to increase cyber situational awareness and establish better security strategies has never been more opportune. Since 2015, the number of attacks on the financial services sector has increased and shows no signs of letting up. Whether it be extortion or credential-stealing malware, different tactics are utilized to target desired areas. To optimize safety, […]

2015Feb29_Security_BThe time to increase cyber situational awareness and establish better security strategies has never been more opportune. Since 2015, the number of attacks on the financial services sector has increased and shows no signs of letting up. Whether it be extortion or credential-stealing malware, different tactics are utilized to target desired areas. To optimize safety, security professionals should get up-to-date with the latest treats. Here are seven to look out for:

Extortion

The cyber criminal Armada Collective gained notoriety for being the first to utilize distributed denial-of-service (DDoS) attacks. This occurs when multiple systems flood a targeted system to temporarily or completely disrupt service. They evolved the idea further and started to extort Bitcoins from victims who were initially notified of their vulnerability. If they didn’t comply with the ransom demands of the criminals, they would flood their systems until the victim's network would shut down completely.

Social media attacks

This involved criminals using fake profiles to gather information for social engineering purposes. Fortunately, both Facebook and Twitter began to proactively monitoring for suspicious activity and started notifying users if they had been targeted by the end of 2015. However, you should still have your guard up when someone you don’t know, or even a friend or colleague, starts asking you suspicious questions.

Spear phishing

Phishers thrive off familiarity. They send out emails that seem to come from a business or someone that you know asking for credit card/bank account numbers. In 2015, phishers went to the next level and began whaling. This normally involved spoofing executives’ emails (often CEO’s) to dupe the finance departments to transfer large sums of money to fraudulent accounts.

Point-of-sale malware

POS malware is written to steal customer payment (especially credit card) data from retail checkout systems. They are a type of memory scraper that operates by instantly detecting unencrypted type 2 credit card data and is then sent to the attacker’s computer to be sold on underground sites.

ATM malware

GreenDispenser is an ATM-specific malware that infects ATM’s and allows criminals to extract large sums of money while avoiding detection. Recently reverse ATM attacks have also emerged, this is when compromised POS terminals and money mules to reverse transactions after money being withdrawn or sent to another bank account.

Credential theft

Dridex, a well known credential-stealing software, is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language files to infect systems. The goal is to infect computers, steal credentials, and obtain money from victims’ bank accounts. It operates primarily as a banking Trojan where it is generally distributed through phishing email messages.

Other sophisticated threats

Various TTP’s can be combined to extracted data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATM’s of cash.

The creation of defensive measures requires extensive knowledge of the lurking threats and our team of experts is up-to-date on the latest security information. If you have any questions, feel free to contact us to find out more about TTP’s and other weapons in the hacker’s toolbox.

Published with permission from TechAdvisory.org. Source.

Read More

When you first purchased Office 365, you were likely hyped about the productivity gains it can produce. But if your business has yet to realize them, you may be feeling a bit miffed or agitated that the service didn’t deliver on its promise. However, it’s wise to remember that in order to get the most […]

2016Feb24_Office365_BWhen you first purchased Office 365, you were likely hyped about the productivity gains it can produce. But if your business has yet to realize them, you may be feeling a bit miffed or agitated that the service didn’t deliver on its promise. However, it’s wise to remember that in order to get the most out of a service, regardless of what it is, you need to know how to utilize it properly. Here are a few ways your business can do that with Office 365.

Get all staff onboard

To maximize your company’s productivity on Office 365, every employee that uses a computer needs to utilize it. While this may sound easier said than done, you can encourage company-wide use by getting the leaders of your company to use it first. When your executives, managers and top employees are all using and promoting Office 365, it sets a good example that will help persuade all employees to fall in line.

Train employees

If your employees don’t know how to use Office 365, you will see little gains in productivity, and the cloud service becomes a wasted investment. This is why training is absolutely vital. Teach your staff all the ins and outs of the platform, so they can take full advantage of it.

One way to efficiently train your staff is to create or gather a series of short training videos, only a few minute in length. Shorter videos are easy to digest for your employees and help them retain the info. Best of all, they can be reviewed again and again, and used for all employees. This saves time for management, who is often responsible for employee training.

Utilize core tools

When you first implemented Office 365, what sold you on it? Likely it was the fact that it increases staff productivity by allowing them to work and collaborate from anywhere. So if you’re not yet utilizing the tools that enables them to do that, there’s no better time than now to get started.

Some of the core tools that enable you and your staff to become more productive and work from anywhere are OneDrive for Business (OD4B), SharePoint and Skype for Business. OD4B and SharePoint enable your staff to upload and save documents to a virtual drive, share that document with another group or user, and then edit it at the same time. This gives you and your employees the ability to access that document from anywhere, and essentially work from anywhere. Skype for Business also enhances productivity by creating a more flexible communication channel. Employees, colleagues and customers, can communicate easily wherever they may be in the world. From online meetings, to conference calls, video calls and instant messaging, you have a wealth of options for instant communication.

Don’t forget security

Not only can a security breach cost you money, but it can also destroy your employees productivity. While Office 365 already has security built in with Azure Active Directory, you should still be cautious of what files you add and share on the service. If you do upload files with sensitive company information to the platform, it’s wise to keep them under you or your executives direct control.

These four productivity tips should help your business make the most out of Office 365. If you’d like more ideas on how to better utilize the platform, make it more secure or need additional training, give us a call. We are happy to share our expertise for your maximum gain.

Published with permission from TechAdvisory.org. Source.

Read More

Privacy is a luxury that few can afford to be without. However, private information can be easily compromised by hackers, scorned lovers and even operating systems themselves. Rumors run rampant concerning the data collection Windows 10 subjects its users to, so don’t wait to secure your business information. Here are some tips on how to […]

2016Feb18_MicrosoftWindowsNewsAndTips_BPrivacy is a luxury that few can afford to be without. However, private information can be easily compromised by hackers, scorned lovers and even operating systems themselves. Rumors run rampant concerning the data collection Windows 10 subjects its users to, so don’t wait to secure your business information. Here are some tips on how to improve privacy protection.

Say goodbye to ad tracking

Every time you log on to surf the net, you are leaving a trail of breadcrumbs that lead directly to your online profile. This problem is easily solved by deactivating ad tracking. With Windows 10, however, it goes a tad further by using an advertising ID. They not only gather information based on web browsing but also when you use Windows 10 apps.

If you find this bothersome, launch the Settings app, go to General, and look for “Change privacy options”. You then move the slider from on to off, but if you want to make absolutely sure you have no virtual stalkers, head to choice.microsoft.com/en-us/opt-out and disable the “Personalized ads whenever I use my Microsoft account” tab.

Slip off the grid

Thanks to location tracking, nearby restaurants and future weather predictions are at your fingertips. While some might not mind this feature, there are others who wish to enjoy some privacy from their smartphones every once in awhile. To do so, launch the Settings app, then Privacy, and disable the Location tab.

But if you wish to share your location with certain apps, scroll down and activate the ‘Choose apps that can use your location’ tab, and choose your desired apps. Also, regularly clearing your location history doesn’t hurt either.

Cortana, why so clingy?

Albeit a very helpful digital assistant, Cortana requires access to your personal information. Turning it off completely just stops some of her data-collection, since whatever data she already knows, is stored in the cloud. So to break up for good, log into your Microsoft account and then clear all the information Cortana and other Microsoft services (ex. Bing maps) have gathered.

Other measures include clearing the information in your interests section or heading over to the “interest manager” tab and edit which interests you wish Cortana to track.

Disable Wi-Fi Sense?

This feature is designed to let you easily share Wi-Fi connections, but some have misunderstood it to be an opportunity to log onto your network and be naughty. Wi-Fi Sense allows you to share your network’s bandwidth with specific people while ensuring they can’t access your entire network. Vice versa, it lets you connect to Wi-Fi networks your friends share with you.

If it still worries you, launch the Setting app, go to Network & Internet > Wi-Fi > and click on Wi-Fi Sense. From there, deactivate two bars: “Connect to suggested open hotspots” and “Connect to networks shared my contacts”.

Prioritize privacy

All of the aforementioned tips should take about five to ten minutes to implement, but if you’d like to take it one step further, launch the Settings app, go to Privacy, and look on the left-hand side. Here, you will find various settings that allow you to make very detailed adjustments to your privacy. Enjoy!

We hope you find these five privacy protection tips helpful. If you need more help protecting your information or securing your network, give us a call.

Published with permission from TechAdvisory.org. Source.

Read More

When it comes to Internet security, a reported 87% of small businesses have no security policies in place at at all. And considering that employee error is one of the most common causes of an online security breach, it makes sense to have rules in place that your staff need to follow. So to help […]

2016Feb9_Security_BWhen it comes to Internet security, a reported 87% of small businesses have no security policies in place at at all. And considering that employee error is one of the most common causes of an online security breach, it makes sense to have rules in place that your staff need to follow. So to help you create some security policies of your own, we’ve outlined four important areas to cover.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:
  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.
These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with permission from TechAdvisory.org. Source.

Read More