Be careful with social engineering scams that install malware

Reduce Malware Infections in 7 Steps

7 IT Solutions To Reduce the Risk Of Malware Infections

Friday, June 26 2020 The University of California at San Francisco School of Medicine paid over $1 million to regain access to data after hackers encrypted it with malware.

Situations like this happen all the time. Unfortunately, businesses and institutions across the world have failed to properly prepare for cyberattacks. In many cases it’s a matter of outdated infrastructure and insufficient funding. In other cases, it’s neglect or improper training.

Because of the fact that if your system is infected, you likely won’t be getting your files back unless you pay the ransom, you likely don’t want this to infect your work systems. One of the ways to limit the possibility of this is to educate your employees on how to minimize the chances their systems will be infected. Here are seven practical IT solutions to reduce the risk of malware infections.

1) Watch out For Vulnerabilities

Cyber attackers are using all kinds of technology to exploit networks and systems. One piece of malicious tech they use are exploit kits. Exploit kit, also exploit packs, are programs used to deliver malware to a vulnerable network.

What do I mean by vulnerable? A vulnerability in software is a mistake, or error, in the code. The hacker manipulates the user into visiting a malicious website and if any errors exist in the code of the system, the exploit can be implemented.

Furthermore, exploit kits function in the background making it difficult to determine when you’re experiencing an attack.

Update your operating system, browsers, and plugins. If there’s an update to your computer waiting on queue, don’t let it linger.  Additionally, updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered.

You can protect yourself from these types of attacks by avoiding links and remembering to update your software. Many of us have the nasty habit of putting off systems updates. The little icon in the corner that reminds us of a new update is often seen as a bother. However, consider the alternative.

These systems updates fix any security vulnerabilities the developers and programmers uncover. There is actually a type of vulnerability called a Zero-Day vulnerability and it happens when hackers exploit undiscovered or unintended vulnerabilities. The malware is actually called zero-day exploits.

This applies to mobile phones as well. Software updates on your phone are meant to strengthen the software and patch any flaws the programmers missed when releasing the software. Software is constantly improving because code is constantly improving.

This explanation in many ways oversimplifies the process but it works for our purposes.

2) Remove Software and Files From your Systems You aren’t using

We’ve all heard of spring cleaning. We look through all the things we have and toss out what we don’t use. If we let things accumulate they create clutter and can create big problems. Well, the same thing applies to software on your devices.

You have to periodically look through all the software on your devices and determine which ones are outdated and which ones are worth keeping. For example, Microsoft no longer releases software updates for Windows 7 and Windows XP. Furthermore, using these applications without support or patch updates puts you in a position to get hacked.

How old are the applications you use? When did you last update them?

Do your homework and find out or someone else will.

3) Be aware of Social Engineering

Cybercriminals spread malware into your systems through social engineering tactics like phishing. There are older, less commons ways too that are worth going over. In some cases, a hacker will place an unlabeled USB in a public place or an office. The idea is that an unsuspecting victim will pick it up, consider it harmless and claim it as their own. This is also a form of social engineering because it still manipulates users into executing a certain action.

There are anti phishing tools you can use like Retruster that protect against fraudulent emails, phishing and ransomware. There are also many plug ins available for free that help users identify malicious links by creating a “safe to click” marker on them.

4) Inspect your Inbox Like Your business depended on it: Because it does.

Understand that the biggest vulnerability your business has walks on two feet. It doesn’t matter how many tools, tips and software updates you have if you fall for a social engineering scam. And it doesn’t just happen to small companies either.

Facebook and Google put together were victim to a payment scam of over $100 million. Between 2013 and 2015 a Lithuanian hacker managed to send each company fake invoices while pretending to be an Asian manufacturer they were in business with.

This is an example of Vishing, a.k.a. voice phishing. Leading to the next point:

5) Always Verify credentials with Cold Callers

Vishing is a bit more difficult to pull off on companies. However, when done correctly it can generate a huge amount of profit for the scammer like I mentioned with Facebook and Google.

Depending on the company you might get a call from someone pretending to be Microsoft. In other cases it’ll be a vendor or a bank checking in. It’s difficult to say in what form these scams will come because the scammers tailor them specifically for a business.

In the case of Facebook and Google, for example, the scammers had to know they two companies were working with that specific vendor.

For your company it will be different according to your specific circumstances. If it isn’t believable then the victim won’t fall for it.

6) Make sure You have a Secure Connection

Whether you’re working in the office or remotely, you need to ensure your connection is secure. If you’re working from home, perhaps you’ll need a VPN to protect your Wi-Fi connection. Additionally, when you’re browsing on the web make sure the website is secure.

7) Use strong passwords with Multi-layer authentication

A large percentage of people reuse the same passwords for the personal and professional logins. It’s time to change that habit. Companies like Google and Apple created password generators that create strong, complex passwords. However, don’t leave it up to google.

If your business doesn’t use multi-layer authentication for access to important documents, files or websites, you’re living in the past. Nerds Support uses multi factor password authentication to ensure whoever is logging in can only do so if they are the right person.

Our systems require a mobile phone confirmation, email confirmation and password confirmation in order to provide access to our systems. That way, if a device gets stolen or a hacker gains access to a password, neither will be enough to access files alone.

Conclusion

Malware attacks are growing. Now that businesses are moving towards remote work, protecting against these types of attacks are more important than ever. Cyber security is not just about the technologies that protect your important data. It’s also about what you are doing to protect your business. It is the first and the last line of defense.

Nerds Support Contact Us Leaderboard

A flat lay consisting of a notebook, laptop, watch, notebook, and coffee

Miami Cloud Solutions Assessment For Business Owners

Get Your Free Report Today

Before Migrating Your IT to the Cloud, Be Sure to Read These Five Important Facts First!

With so many cloud computing solutions out there, how do you know which one is right for your business, and when the right time to make the switch is? This absolutely free report will give you the insight and information you need to make the right decision about migrating your business technology to the cloud, so you don’t end up spending time and money on a solution that’s not right for your unique needs.

Find out the answers to these common questions and more:

  • What exactly is cloud computing, and how can it save my business money over my current server-based network?
  • What are my choices when it comes to cloud computing, and which solution is right for me?
  • How much money can I expect to save by switching to the cloud?
  • What are the most important questions I should ask my computer technician before getting started?
  • What are the critical facts I should know about data hosting and the security of sensitive information?
  • What’s in the fine print when it comes to migrating my technology to the cloud?

Testimonial

testimonial“Working with Nerds Support and Scott has been fantastic! With their proactive approach to IT we rarely have network or PC problems. Any little problem is fixed immediately and this keeps productivity high. Any organization, no matter how many work stations, will benefit greatly from Nerds Support services.”

Nerds Support provides experience and award winning Miami IT Services across South Florida.

Miami Cyber Attacks Happen: Build Resilient Systems

You can’t stop all attacks or build the perfect defense system. The higher-level objective is resilience.

Every week, billions of cyber-events batter government networks. Millions of these attacks hit at network speed, and thousands succeed, as reported by the Homeland Security Department’s US Computer Emergency Readiness Team. The US Navy alone was attacked more than 1 billion times in 2016. Although security analysts strain to counter these breaches, mostly with manual processes, it’s likely terabytes of data are stolen.

Given this dynamic landscape, you might think federal CIOs are getting more resources to defend against mounting cyberthreats. They’re not. Money and security expertise are in short supply, meaning agencies need to innovate. First and foremost, they can no longer take a piecemeal approach to information security. A holistic strategy that incorporates real-time risk management and continuous monitoring is the only way to go.

To help companies build these more-resilient systems, the National Institute of Standards and Technology, in collaboration with the Defense and Homeland Security departments and private sector intelligence communities, has come up with security controls that focus on mobile and cloud computing, application security, the insider threat, supply chain security, and advanced persistent threats.

So it comes as no surprise that more than half of the respondents to Information eek’s 2014 Federal Government IT Priorities Survey say cybersecurity/security is the top priority in their agencies. Seventy percent rate security as “extremely important,” with another 16% viewing cyber-security/security as “very important.”

Federal managers want to know “how to stop the bleeding,” says Ronald Ross, project leader of NIST’s FISMA Implementation Project and Joint Task Force Transformation Initiative. You can’t stop all attacks or build the perfect defense system. The higher-level objective is resilience. “What does it mean to have an adequate degree of resilience in a modern information system that supports critical missions?” Ross asks, in a question that’s neither rhetorical nor unique to federal agencies. State and local governments as well as private sector companies are struggling, too — anyone with valuable information and using very complex high-end technology is subject to the same types of threats.

Resiliency means “becoming healthy after something bad happens,” says Bret Hartman, VP and CTO of Cisco’s security business group. “That is a good way to think of security because it’s impossible to stay healthy all the time.” Agencies should consider the attack continuum and which technologies they need in place before an attack occurs, during an attack, and after the attack to do systems remediation. This last area is still maturing and is where the biggest challenge lies today, Hartman says.

Time for better cyber “hygiene” in Miami 

To address resiliency in Miami, South Florida, federal government, NIST and its partner agencies are focusing on two tracks: improving “cyber hygiene,” and designing IT system architectures that can bounce back from damage and contain attacks. A good way to view cyber-security, says Ross, is to have a way to address areas “above the water line,” such as known patching and maintenance, and those below the water line — problems you can’t see that could cause trouble and inflict serious damage without warning.

Cyber hygiene focuses on tasks that security administrators deal with daily, such as promptly updating operating systems and applications with the latest security patches or making sure all operating systems and network devices are configured properly to close down attack vectors that could be exploited. IT must also assemble and maintain a complete inventory of everything on the agency’s network and the information it has to protect.

With NIST 800-53 R4, the government is starting to address security below the water level, too. Specifically, we’re talking about contingency-planning types of controls, which allow agencies to define alternate processing capabilities, storage sites, and communications plans in case of a natural disaster, like a hurricane, or a cyber-attack. “We have contingency plans in place and run those exercises as frequently as we need to, so when the event happens, we can move smoothly into that backup scenario,” Ross says.

Secure Your Miami Business in Five Ways

Most computer users, including business owners and managers, know that while computers are incredibly useful, they can pose a security risk. While a security breach for personal users can be serious, it is potentially even more so for businesses. This is why, when it comes to company use, those in charge want to make sure that their systems are secure. The problem is that this is seen to be not only expensive but a drain on time and other valuable resources. In truth though it doesn’t have to be.

Here are five low-cost things you can do to ensure that your business is secure.

1. Communication is key
Many companies take adequate steps to ensure that their systems are adequately protected. The thing is, many security breaches come from within the company. If your employees keep passwords written on pieces of paper that they leave lying around their desks, this is a security issue. It is a good idea to agree with employees where to keep important information and ensure they follow these rules.

Beyond that, if you implement security changes or new systems e.g., new virus scanning software, it is important that you talk to your staff to ensure they know how the system works and how they can use it. You would be surprised at how much effective communication can help to minimize security issues, and best of all? It’s free!

2. Educate your staff
One of the more common security issues comes from spam and malware found in emails. It is a good idea to educate your staff on how to spot these different types of emails and other malicious websites, as well as how to avoid them.

It is worthwhile ensuring that your employees know their roles when it comes to security too. If you have a secretary who you believe is responsible for ensuring the office is locked at the end of the night, take steps to ensure that this person understands their responsibilities. The same goes for computers your staff use: If they are responsible for conducting security scans let them know this. While this may take some time, the cost is low to free.

3. Keep track of your keys
To ensure the security of your IT systems and your physical office, you should keep control of your keys. That is, both the physical keys and those associated with your software (the codes you enter to verify software and unlock full versions).

Keep track of which staff members have a key to the office and if possible number them. The goal here is to know where your keys are at any given time, and if a staff member changes employers make sure you ask for them back.

Many software keys or licenses are single use only. If you invest in software and an employees steals this along with the key, you will likely have to purchase the software again. A good tip is to keep software keys secure and separate from the software itself. The best part about this step is that the cost of doing this is minimal.

4. Keep your software updated
Hackers can be a lazy bunch. They will often target those with out of date software, because it’s usually easier to hack. To reduce the chance of being hacked, you should take steps to ensure that your software is up-to-date. This includes your virus and malware scanners, as well as browsers and even software you don’t use.

Get your staff to perform a ‘software audit’ on their computers on a regular basis. This means going through their computer and properly uninstalling software that they don’t use, while also taking time to ensure their system is completely updated. This step is easy to implement and will cost you next to nothing.

5. Keep important systems off site
Many small to medium businesses keep their servers on site. While this is convenient as your systems are right there and easily accessible, this could also create a security issue. One way to minimize this is to work with an IT partner who can host your systems or servers off site or in the cloud. While this involves some cost, working with an IT partner could save you profits and productivity in the long run, as good providers will ensure that your systems are secure and working properly.

If you are looking to make your systems more secure, please contact us today. We may have a solution that will work for your business.

Nerds Support employee gets happy after receiving an Instant Messaging message

Instant Messaging for Your Miami Business IT Support

For a business in a competitive industry, effective communication can be the difference between massive success and complete failure. Being able to effectively communicate both inside and outside of the office is a massive asset that shouldn’t be underestimated when building your organization. Video conferencing technology is continually advancing, but in most cases, you can fall back on a classic tool: instant messaging. Originally popularized in the 90s, instant messaging has been a social tool for decades but is just beginning to see real use within organizations as a legitimate communications tool.

Instant messaging in your business is a powerful digital solution that can make life just a little bit easier for you and your employees.

Instant Messaging is a Gateway to Other Digital Solutions for Business IT Support

If your business is in the early stages of going digital, acclimating your employees to communicating through instant messaging is a great way to build a culture that is open to more digital solutions in the future. Instant messaging can make employees more open to video conferencing, file sharing, and integrating their personal devices into their work life.

If your business is split between multiple locations or relies on employees working from home or freelance employees working from out of town, instant messaging is a great way to bring employees closer together without having to cram them in the same physical location or cause unnecessary noise with telephone conversations and physical meetings in the office.

Instant Messaging Creates Organizational Efficiency

Imagine trying to relay information in the office without instant messaging. Unless your desk is in the same room as the person you need to speak with, your options are limited to a phone call, a trek to a different part of the building, or shouting, all of which can be disruptive to you and those around you, and none of which are necessarily clear and concise.

Instant messaging is a simple way to communicate clearly and effectively with employees at your business without disrupting the workplace, and most instant messaging services are native to your desktop and don’t require a glance down at a phone or tablet.

When properly implemented, instant messaging can also facilitate enterprise mobility efforts. When employees can communicate quickly and quietly with those in the office, it becomes feasible to let employees work remotely once or twice a week. Working from home or a local coffee shop can be a relaxing alternative to spending time in the office as long as employees are reminded that time spent working remotely is still a time for work.

When preparing a Miami business for the future and optimizing it for the present, instant messaging is an ideal place to start. At Nerds Support, we’re committed to helping your business run as smoothly and intelligently as possible. If you’re thinking about moving forward with instant messaging or any other digital solution, get in touch! We can’t wait to help you get moving.