Posts

Employee working remotely at home on his laptop securely connected to the cloud.

Top Practices for Businesses Working Remotely

Working remotely, as we have seen in recent times, has become increasingly necessary to maintain a productive and profitable business. It is also an invaluable asset for any business continuity plan. If an unforeseen natural disaster or power outage takes place, organizations need to be prepared to continue operations.

A good example was in spring 2020 when the Securities and Exchange Commission became the first federal agency to encourage remote work for employees.

Although remote work is ideal for some, it can be an adjustment for others. And if you run a business or work for a businesses with sensitive data, how do you ensure your information is safe outside of the office?

Working remotely does not provide the same level of security that an office would. Furthermore, the environment in which you find yourself working might have present challenges to data security.

Here are some rules and policies we suggest when working remotely. Even when working on a cloud  environment, you must practice caution and communicate regularly to maximize the remote experience.

Communications

Periodic Check-ins

Working remotely requires daily and frequent calls with one another. A manager especially must take actions to establish calls with remote workers. Whether they are in the form of on-on-one calls or team call, if they are collaborating on a project.

There is no such thing as over-communication

Periodically notify your superiors of any information you might consider important. If there’s a doubt about the relevance of some information, share that also. In the case of remote work, nothing is too insignificant.

Clarify to your team all expectations moving forward

Communicate priorities and establish metrics for success. Remote work is more efficient when expectations and policies are clear and understood.

It’s also important to let employees know the best way to reach you and at what time. Nothing must be left to the imagination to successfully deploy a remote operation.

If you are off to lunch, notify for how long. When you return, notify your team. It’s crucial that all employees understand what the goals and directives are to avoid repeating efforts.

Track your progress

Keep track of your progress by documenting it and sharing it with relevant personnel. A work long with specific time slots for each task is particularly helpful in this case. It could be done in an excel sheet or a notebook. The medium is less important than the method. So long as it helps keep things organized.

Cloud computing keeps your remote business operations secured & accessible

Security

Stay away from public networks, encrypt your web connection, or use a personal hotpot

A public Wi-fi connection like the ones found in coffee houses and some restaurants create a risk for remote workers. In a public network, a threat actor or hacker can easily make their way into your device without a firewall in place. Moreover, anyone on a public network could easily monitor your traffic as well.

For these reasons it’s crucial that you keep your devices protected and secure.

Personal Hot-Spots

Using a hot spot eliminates the problem of a hacker jumping on the network you’re using. Although your web traffic remains unencrypted, your data stays safe. This will count against your cell phone data but it is worth the extra costs.

Most cell phone carriers there’s a minor fee for using hot spots but the alternative could cost you much more. And with the advent of 4G and 5G networks, hot spots are just as fast as home network connections.

VPN’s

A VPN, or Virtual Private Network, allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more.

VPN’s are another solution if you find yourself working in a public network. A VPN, or Virtual Private Network, enables you to create a secure connection with another network through the internet. These networks are often used to shield browsing activity from anyone snooping around on a public Wi-Fi network.

A VPN connects your device to a server that then connects it directly to the internet. But you must make sure the VPN you utilize is secure because hackers have been known to target unpatched VPN to access the user’s information. They usually do this via phishing scams that users interact with through a fake email.

You can check out this list of the best VPN’s to protect your network.

This leads to the next point:

Encrypt your email and devices

If you have the proper safeguards in place, like email encryption and multifactor authentication then your data will remain secure no matter where you work from.

There are many software companies that provide encryption for email. Retruster, is one such example but there are others. This gives you added protection and peace of mind when working remotely.

Malicious actors often leverage current, events, personal information , or natural disasters to manipulate targets through phishing emails. An example of this was in spring 2020, when there were instances of hackers using the COVID-19 outbreak to send malicious emails to users.

Multi-Factor Authentication for Secure Devices

Multifactor authentication is a security system that requires multiple methods of authentication from independent credentials to verify user identity. In other words, it is a system that requires verification from a cellphone and a computer, for example, to then access data on your devices.

Having these measures in place creates a secure environment that facilitates remote work. None of these measures work in isolation. If communication is not up to par with data security or vice-versa, your operation will be compromised.

In Conclusion

What is most important is ensuring all members of your team are meeting your requirements, communicating effectively with one another and avoiding unnecessary risks like joining insecure networks or leaving devices unattended or unencrypted.

 

Nerds Support Contact Us Leaderboard

Coronavirus Malware Phishing Scams Thumbnail

How Cyber Attackers Use The Coronavirus to Steal Your Data

Coronavirus Email Scams

The recent coronavirus outbreak has motivated cybercriminals to send virus related malware attacks across the world.

Phishing emails claiming to possess information on protecting against the virus have appeared, spreading misinformation and malicious software. These emails encourage victims to open attached documents containing malware that can freeze or completely steal valuable data.

Scammers use fear and uncertainty to manipulate victims into infecting their computer with malware. However, incorporating tragic events, potential pandemics or natural disasters into their attacks is nothing new.

Beware of Phishing After Any Big Event

Attackers customize phishing emails to current or upcoming events like tax season, hurricane season, and holidays. Regardless of the occasion, the goal is the same: to access valuable information. The attacks prey on people’s desperation for answers and suggest that they have can give them to you.

Furthermore, there have been cases of scams emerging in places like Michigan and New York. Officials in these states are warning residents to be vigilant of emails asking for donations or personal payment card information.

Coronavirus scam emails were popping up in early February which prompted Michigan’s Department of Health and Human Services to warn citizens on their dangers.

The Federal Trade Commission even sent out a memorandum advising people on how to spot email scams and stay safe online.

Additionally, the FTC says cyber criminals could be setting up fraudulent websites that sell fake products using illegitimate emails, social media posts and texts to trick people into sending them money or personal information.

An example of a phishing email scam offering fake information about COVID-19.

Common attributes of a fake email are spelling and/or grammar errors.
If you receive a suspicious link, hover your cursor over it to view the destination url.

Protecting Against Coronavirus Phishing Scams

Here are some tips recommended by the FTC to keep safe against scammers:

1) Be suspicious of emails claiming to be from the Center for Disease Control and Prevention (CDC) or anyone purporting to be an “expert” with information on the virus.

2) Avoid emails that allude to any “investment opportunities.” Social scams will promote products claiming they can cure, detect, treat or prevent the disease are fake.

3) If you’re going to donate, do the proper research into the organization and payment method. Don’t be pressured to donate and especially if it’s through an email link.

4) Ignore offers for vaccinations. Ads that say they have the cure or treatment for coronavirus are probably scams. Any medical breakthrough will be announced on mainstream media networks.

5) For up-to-date information on the virus visit the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO)

Don’t Be Misled

These scams will continue to spread and they won’t go away any time in the near future. In fact, scammers will certainly take greater advantage of the misinformation and fear from media coverage.

Moreover, cyber scammers in China were reported sending malicious emails containing malware. It’s difficult to protect yourself from these types of attacks but

Threat actors also targeted users in Japan with a campaign that spread malicious documents with supposed information on the virus.

Unsurprisingly, these social engineers even sent emails impersonating the CDC to lure unsuspecting users into malware traps.

The Coronavirus is a real threat but it’s important to keep a level head and not expose yourself to even greater harm online.

Ultimately, even Facebook has begun planning to ward off misinformation on the virus. Other social media platforms have voiced concern about the spread of false claims on their platforms as well.

The virus has attracted the attention of a global audience but that doesn’t mean you have to fall victim to those looking to profit off of that attention.

Coronavirus Malware Phishing Scams Leaderboard

Top 5 Cloud Computing Misconceptions Thumbnail

9 Most Common Misconceptions About The Cloud

Cloud computing has grown more popular as businesses, end users and customers decide to store their data or share their files. In fact, the worldwide public cloud will have grown from $182.4B in 2018 to $331.2B in 2022 according to Gartner.

Even with this rapid growth, organizations are still learning about the cloud or don’t properly understand its function. As a result, business leaders have developed misconceptions about how to leverage the cloud in their industry.

However, the cloud can be an extremely effective tool and knowledge on its uses, services and functions can save you time, energy and money. With that, here is a list of a few common misconceptions about the cloud.

The Cloud is Unsafe/Risky

A cloud infrastructure not only protects business from cyberattacks and theft, it secures your data against outages, natural disasters and any other unforeseen damage to your physical business. The cloud serves as a massive back-up system using the internet to store critical data. A private cloud, however, offers computing services on a private internal network.

Cloud service providers invest greatly on cybersecurity as a means of guaranteeing the best possible service. In reality, the majority of cyber security breaches on the cloud were caused by user error.

On the cloud, all data is encrypted and backed up as well so users are protected from data theft.

All Cloud Providers Are The Same

There are many different types of cloud providers. It’s important to research which company fits your business needs best. Furthermore, there are different types of cloud services. There is a public cloud, a private cloud and a hybrid cloud which combines elements of the other two. Determining which cloud service suits your goals best is just as important as the service provided.

When You Choose a Cloud Provider, You Indefinitely Commit

As mentioned above, there are many different types of providers, offering a range of services. And some cloud services are better with some providers than with others. There might be certain features of your existing business you don’t wish to migrate with one provider. Cloud services are not an all or nothing affair.

As a result, many organizations are opting to adopt a multi-cloud solution. Multi-cloud solutions offer flexibility in pricing, services and compatibility. Additionally, a multi-cloud strategy reduces the risk of certain cyber attacks and can further prevent data loss.

Cloud Migration means transferring everything to the cloud

When moving to the cloud you can keep certain things in-house as well. What you keep internally and what you transfer over to the cloud all depends on your goals, costs, budgetary constraints and performance. Optimization doesn’t necessarily mean complete cloud migration. For some businesses optimization could be moving certain features and data to the cloud and keeping others on premises.

Cloud computing keeps your remote business operations secured & accessible

It Costs Less Than What I Pay Now

Cutting costs is often touted as one of the biggest benefits of adopting a cloud infrastructure. It’s more complicated than that. The fact of the matter is, businesses focus too much on savings without researching how to implement new cloud technologies once they’ve migrated.

Moreover, businesses fail to calculate costs during busier periods of the year. Reality is more complicated than a selling point and costs could vary.

Cloud Computing Means Giving Up My IT Team

Many business leaders believe that upon adopting cloud services, their existing IT team will become redundant. However, this is not necessarily the case. Nerds Support, for instance, is a Managed Service provider that offers Co-management services. Co-management means our partners keep their existing IT department and we provide additional support when they need it.

This option works best for smaller companies experiencing growth and increased workload. Or alternatively, companies that wish to focus on larger IT projects and need assistance taking care of less essential tasks.

You Can’t Rely On The Cloud

What happens if you experience downtime and lose connection to the cloud? If your office loses power in an electrical storm or through a power outage, the cloud backups allows you to access mission critical data from any device.

Think about it. If a server goes down in your office using an in house network, the entire business stops. Data saved on the cloud takes a matter of minutes to access so you can pick up where you left off.
Automated back-up systems are an inherent part of any good cloud provider.

Migrating Is Too Complicated

How long it takes to move to the cloud depends on the complexity of the network and environment. Assuming it’s a company that requires few services, it takes about ten to 14 days. Cloud providers often migrate businesses that work with third party vendors or have massive networks because of the nature of their business. These can take about six months to complete.

On the other hand,  before moving to the cloud, there are ways you can prepare that could ease the transition towards a cloud infrastructure.

Maintaining compliance will be too difficult

Meeting compliance standards is a big issue for many businesses. Nevertheless, the right cloud provider will guarantee you achieve compliance on the cloud. Cloud compliance helps keep both the cloud provider and the client accountable and there is nothing built into the cloud itself that prevents it.

In fact, cloud vendors have made compliance a main focus since banks, CPA’s and financial advisers began migrating to the cloud. If you’re in a highly regulated industry, there are cloud providers that specialize in specific regulations like SOX, FINRA and SEC compliance to name a few.

The take away here is to do your research. The cloud is an important tool. And like most tools, they are useful only to those who are willing to understand how to use them.

Top 5 Cloud Computing Misconceptions Leaderboard

 

 

Phishing Emails - Don't Get Hooked!

social engineering

Spear Phishing

What is spear phishing?

Spear phishing is an email scam targeting a specific individual, business or organizations. It’s like a standard phishing scam except the emails are personalized to target one group or person.

Cyber criminals use these types of attacks with the intention of accessing and selling confidential data to governments and private organizations.

The cyber criminals use individualized methods of social engineering to create a sense of legitimacy to the email. The objective of social engineering is to get anyone from a company or government agency to open a malicious link or visit a virus ridden website.

At that point the cyber criminals can steal the data they need in order to critically affect the target’s networks.

Spear Phishing Could Cost Millions

The city of Naples, Florida lost $700,000 in a spear phishing attack on Monday, August 5.

The money was sent to a fake bank account provided by an attacker posing as a Wright Construction Group representative contracted to work on an infrastructure project in downtown Naples, according to one of their news releases.

The city manager Charles Chapman said the cyber attack was an isolated incident and did not affect their data systems.

Other cities throughout Florida were also targeted in cyber attacks.

How Spear Phishing Works

Phishing and social engineering in general is increasingly becoming a popular method of hacking for cyber criminals, however spear phishing is particularly difficult to detect because they’re designed to appear legitimate and safe. It’s the same with counterfeit dollar bills. The more advanced the counterfeit is, the harder it is to recognize it as fraudulent or fake.
In a spear phishing attack, the hacker gets specific information about their victim to create a sense of trust and security. Like the cyber criminal in Naples who used the information concerning the contract between the city and Wright construction group to his or her advantage. They usually acquire this information through internet research, a previous phishing attempt, maybe a hacked account from within the organization and even social media.

Typical phishing attempts will ask you give some personal information. Sometimes hackers ask for a phone number, other times a credit card or bank account number. Spear phishing attempts follow a similar strategy only more specific. You might be manipulated to click on a link that downloads malware or led to a site that asks for a password or a social security number.

Whaling

There are other forms of spear phishing called “whaling”. Whaling involves targeting institutions posing as a company executive requesting an employee wire money to an account belonging to the hacker. The Naples attack is a modified version of whaling. Instead of posing as the CEO of Wright Construction Group targeting an employee, the cyber criminal posed as a representative of the company targeting one of its clients.

Like phishing, a successful whaling attempt involves coercing someone with a high profile or reputation. The intention can vary but it’s usually all about money. This could mean initiating a wire transfer as in the Naples case or installing malware that infects company servers and steals sensitive data.

Targets of whaling are executives, department heads, spokespeople. This means that they likely have information available to the public that other targets might not. Having importance within a company or an industry means that person is in the public eye. This might limit the pool of targets, but it also raises the reward.

Threats to Businesses

Because of what we’ve mentioned above, spear phishing is not only among the most common types of cyber-attacks, but probably the most dangerous. Most phishing attacks try to cast a wide net, hoping that a handful of email recipients unknowingly give them access to their business and data. All it takes is one person to click and the entire enterprise is at the mercy of a cyber criminal.

Phishing Email Statistics

The Naples example coupled with these statistics are indicative of how effective phishing scams are. It’s important to be aware of how volatile one of these attacks can be and prepare your business against them.

Red Flags of Phishing

The important thing is to avoid clicking on anything until you know what it is and who it’s from with certainty. If someone you know shares a link or a document with you and it’s out of the ordinary that’s a sign it may be malicious.

If the email has a strange address with too many numbers or letters, it’s probably a phishing scam. Another give-a-way is the vernacular contained in the email.

Here’s an example: Let’s say you live in the US and you receive an email from your boss who also lives in the US and was raised in the US. If the email says something like, “Hey, I need you to run some errands for me this afternoon. Send me your mobile.” Mobile is a phrase commonly used in the UK not in the US and could be an indicator of a fake email. A lot of the time cyber attacks will overlook these small but telling details.

This requires a bit of deduction on your part, but if you’re familiar with the person who allegedly sent the email, then it should use this as a way of catching any abnormalities in their word-usage. A little research goes a long way also. If you’re receiving an email from a company, look it up and message them. If things don’t check out, report it through your email provider like Google or Outlook.

When successfully  identifying an email as a phishing scam, alert anyone and everyone in your department. Raise awareness with as many people you can. This puts people in high alert and makes it less likely they fall for the same trick.

Protect Yourself

Phishing and spear phishing specifically might be difficult to spot, but that doesn’t mean you’re helpless against it.
Training employees and raising awareness is the first line of defense against phishing attacks. And with spear phishing becoming more selective, training should expand to clients, vendors and upper management.

Training

Just as we saw with the Naples attack, cyber-attacks are becoming more ingenious and varied. The city of Naples was a client of a construction company and rather than target the company, they targeted the vulnerable client. While employees might protect themselves from phishing attacks by implementing measures put in place by internal IT or a cloud provider, clients might not have these same advantages.

There needs to be a comprehensive training curriculum focused on educating as many people within an industry. Whether it’s clients of a financial firm or the firm itself, for example, there’s no telling who a hacker will target.

Mock tests

Simulating a phishing attack is a helpful tool to assess how employees behave under those circumstances. This would also help in gauging how aware your employees are of phishing attempts.
Spam filters: Once upon a time, spam was just annoying inconveniences that at worst lowered productivity. Now, spam is a useful tool for cyber attackers to target potential victims. Luckily, most spam filters work, and most companies have one.

Be aware of the kinds of information shared on social media. Useful details like birthdays and favorite activities can be found easily in today’s social media culture. Upcoming events can also be used to make spear phishing emails seem more legitimate. Be weary during a big conference or networking event of any strange requests in your inbox.

The Cloud

Cloud service providers often provide the protection and security to prevent a successful spear phishing attack. Nerds Support, for example, advises all its partners to send in any suspicious emails they receive to be analyzed and verified as safe to open. This is a simple technique that comes a long way in safeguarding against these kinds of attacks.
Going back to two factor authentication for a moment,

If an organization moves to the cloud, phishing risks must also be considered. If your company is using a public cloud, you’re accessing any and all relevant applications through the internet. Phishing is most successful when the apps are exposed to the internet, which is standard for a public cloud.

Private cloud hosted apps, like Nerd Support’s have the added security of a VPN (Virtual Private Network). VPN’s simply allow you to establish a secure connection with another network over the internet. However, hacker can always try and find the URL of a cloud service. That allows them to execute targeted phishing attacks on employees of the company.

Two-Factor Authentication

One of the best ways to fight against phishing attacks is a two-factor authentication. This is when you log in and the app or site requires you to log in through another device or apply another password. People see this usually with social media. Instagram and Facebook sometimes ask you to input a code sent to your phone or email. If a user inside a company is compromised in a phishing attack, the attacker won’t be able to access the organization’s IT if the second factor is constantly changing.

Two-factor authentication isn’t typical of most cloud services. Nerds Support offers this feature when you adopt its cloud system but it’s one of few exceptions. Dropbox is another cloud-based h

osting service that adopted a two-factor authentication.

We’re here to help

At the end of the day, its about adopting culture of verification and caution. Nothing is sacred to cyber attackers. They will exploit personal information that appeals to your emotions or they will use a recent tragedy in the news to increase the chances that you “donate” to their cause.

Calling and investigating the sender before replying, double checking with colleagues, making sure that no one is isolated or left out of the loop are all things that make a huge difference.

Hopefully you’ve learned enough to recognize a potential spear phishing attempt so that Naples story doesn’t turn into your own.

To learn more about cyber attacks, phishing and social engineering visit the Nerds Support website or feel free to call and we’ll be happy to answer any questions. Also, check out our video on tips against phishing right here.

If you need any help making your company  safer, feel free to fill out the form here or call us at 305-551-2009.

A business owner working on her laptop

3 Big Security Lessons for Growing Your Business

Ransomware is rapidly becoming the most pervasive cyber threat in the world today. It’s affected large companies like Arizona Beverages and FedEx to government institutions like police departments and schools across the US.

Although many of these organizations are large is size and scope, you don’t have to be a multinational bank or the National Health Service to become a victim of ransomware and other types of malware. As a matter of fact, small and medium-sized businesses are just as likely, if not more, to be attacked by ransomware because in many cases they’re more vulnerable and less likely to recover.

What is ransomware? Ransomware is a computer program or virus that encrypts and freezes your data files unless you pay the perpetrator a fee. These are some things to consider when navigating a business in today’s world. There are the dangers everyone faces.

3 big security concerns for business owners

1.You’re never too small to get hacked

About 70 percent of ransomware attacks in 2018 target small businesses, according to a March report from Beazley Breach Response Services.

Ransomware finds its way into your system by exploiting flaws in your security perimeter, but, more likely, it gets downloaded by an unsuspecting user through an ostensibly harmless email or file. It can infect not only the machine that opened the corrupted file, but all the programs it shares throughout the network, spreading like a dangerous contagion, encrypting all the files on that network.  If the initially infected machine has access to back-up files, it’ll encrypt them as well.

It’s easy to assume big businesses would be the main targets of something like this, but cyber criminals go after small, lower risk payments instead of one large payment. Smaller attacks are likelier to keep them under the radar. It’s also important to know that one cybercriminal alone can target thousands of businesses with little to no difficulty. They use social engineering to manufacture a huge email list and infect countless links and files before sending them off to as many people as possible. All it would take is one staff member or employee in the office to click on a single link. Some businesses may avoid this kind of attack but it’s a numbers game. All it takes is patience and eventually a cyber-hacker will get what they want.

2. Paying Won’t be Easy

So what if you pay the ransom? That’s always an option.  You can pay, get your files back and move on. Well, not exactly.

Hackers and cybercriminals don’t use traditional bank accounts when conducting “business”. They’ll want to be paid in Bitcoin to an anonymous account on the Dark Web. It’s untraceable and easy to manage for even the most novice of hackers. Adding insult to injury, you’ll have to spend time you may not have trying to get your hands on crypto currency you need to make payments to someone that’s extorting you. Even if you go through this strenuous process and pay the hacker their fee, it’s not a guarantee you’ll get your data back.

3. Hacking is a reality that cannot be avoided

Most businesses and even government institutions haven’t taken cyber security as seriously as they should. 43% of all cyber-attacks are aimed at small businesses, according to cyber defense magazine. Small businesses have minimal security and are therefore easier to breach.

In South Florida, it’s reasonable to assume you’ll experience a hurricane at some point. The environment in which you’re in often produces conditions favorable to those types of storms. In today’s world, with ever increasing reliance on technology and computer software in almost every industry, there will always be those looking to exploit vulnerability for profit. If you want to mitigate risks and continue to operate and grow your business, you’ll need to assume that getting hacked is inevitable. Prepare for the worst and you’ll have nothing to fear.

A Nerds Support partner, for example, has all of their files backed-up daily and monitored by our team of experienced engineers and IT professionals at all times. If there’s a questionable email, we can analyze it to ensure it’s safe and legitimate. Nerds Support has can help its partners establish a continuity plan in the case of an attack and snuff out potential risks before they become large vulnerabilities in your system.

A cloud based-infrastructure offers a level of security that is cost efficient and practical for any business. Contact us Today to Start Securing Your Business!