Posts in Hackers

Does this smell “phishy” to you?

October 17th, 2019 Posted by Best Practices, Hackers, Internet, Networks, Security, Staff 0 thoughts on “Does this smell “phishy” to you?”

Phishing attacks use malicious emails or websites cleverly disguised as legitimate points of contact and business to lure you into giving criminals access to your personal, financial, and business information. Attacks are on the rise, especially for SMB’s. Think was even targeted earlier this year. With the stakes for your business (both for your finances and your reputation) getting higher every year, we’ve prepared some information and security tips to help you deal with the “phishy” stuff that could come up.

 

Phrases to watch out for

Phishing attempts have come a long way from “I’m a Nigerian prince”. Criminals are using the same language that a business associate, bank contact, or client would use to trick you and your employees into giving away valuable information and access. Language like:

“We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”

“We were unable to verify your account. Please click here to update and verify your information.”

“Hey, it’s (your boss’s name). I’m stuck in a meeting, could you pick up some gift cards for me?” (this one made the rounds in Durango via email and text message)

“This is Todd from IT, and I need you to send me your login information so we can do some maintenance on your computer” (sent from what looks like a legitimate company email)

 

What to do

Play hard to get – if anything doesn’t look or feel right, DO NOT click on any links in the email or reply to the email. Contact the company/financial institution/person directly. And DO NOT use any phone numbers given in the email, those are easily faked too.

Take a breath – criminals want you in a hurry and not thinking too hard about what you’re doing, so there is almost always some sense of urgency to a phishing attempt. Take your time and ensure that any information/access you’re giving is going to the right person for the right reasons.

Don’t get too personal – with so much information available online about our jobs and our lives, it can be all too easy for criminals to collect this information and try to use it to manipulate us. Try to avoid putting too many details out there, and remember that it’s not just the people who are close to you who can get access anymore.

Beware the link – hyperlinks in emails are a favorite way for criminals to trick you into downloading malicious software (just takes one click) or enter your information on a website that only LOOKS legitimate. Don’t click anything you aren’t completely confident in, and even then think twice.

Double up – two-factor authentication is an effective and inexpensive security measure that could make all the difference for your company. With two-factor authentication, it’s much more difficult for a criminal to access sensitive information even with a login and password, because they’re still missing a key piece of the puzzle. (To learn more about two-factor authentication visit our blog post here.)

Think passphrase – The longer and more creative your password is, the more difficult it will be to hack or guess. Instead of trying to come up with bizarre spellings for common words, you could try a nonsense phrase. Like: phishingemailsarejustawful! They’re easier to remember and to type.

Bring in security – you don’t have to do this on your own, and you shouldn’t try. There are some amazing anti-virus programs and email filters that will help you protect your company from multiple types of attacks. Your odds of protecting your business, your employees, your customers, and yourself go way up when you’re using the right tools for the job.

Using Cybersecurity as a Differentiator in Your Business

September 23rd, 2019 Posted by Best Practices, Disaster, Hackers, Networks, Security, Staff 0 thoughts on “Using Cybersecurity as a Differentiator in Your Business”

Customers are more aware than ever of how vulnerable their information is, and they depend on you to step up and to keep them safe while providing them with excellent customer service. Here are 5 steps to help your company gain a competitive edge with cybersecurity.

Audit, audit, audit – you can’t fix a hole unless you know where it is, and more than 70% of all cybersecurity incidents today are the result of internal security issues. Frequent and consistent audits of your network will give you the knowledge you need to address any issues before they become a security breach.

Get certified – does your industry have guidelines or standards for compliance in security? If so, make it a point to get very familiar with them and seek out any certifications offered. This will help you better protect your customers and your business, help you avoid costly fines, and it will show your customers that you take your commitment to them seriously.

It’s a culture thing – cybersecurity is all about team work. Every single person in your company is a part of your defense against data breaches and other security threats, and it’s important that they understand how valuable a proactive approach is in protecting your company and your customers. Making security a part of your company culture also communicates your dedication to your customers. The more they feel comfortable and safe doing business with your company, the more they’ll be inclined to recommend you.

Get everyone up to speed – values and culture are important, but your employees need the practical skills to walk their talk. Make sure that you’re taking the time to educate your employees on best practices, current threats, and how to get the most out of the technology and software you provide.

Spread the word – top notch cybersecurity isn’t something you want to keep to yourself. Tell your customers about your commitment to their privacy on your website, in your newsletter, and in ads. Let them know about your certifications, or talk about your employee certifications and trainings on social media. It will help them appreciate your company in a whole new way.

Don’t wait for a breach to take care of your business and your customers, start today. And if you want an expert to help you get everything done right, we have engineers and advisers that are more than happy to help you assess your situation and move forward with a plan that’s tailored to your business. Contact us today to learn more.

Two-Factor Authentication: Secure, Simple, Inexpensive

July 15th, 2019 Posted by Best Practices, Data, Disaster, Hackers, Security, Staff 0 thoughts on “Two-Factor Authentication: Secure, Simple, Inexpensive”

“I don’t believe there is any single item that is more cost effective at improving security for public facing services than two-factor authentication.  This is why most Internet banking and other sensitive websites are requiring this nowadays.” – Darrell Brooks, Director of Infrastructure at Think

Even the strongest password may not be enough to protect your sensitive data. Luckily, two-factor authentication (2FA) is here to help.

Two-factor authentication adds an extra level of security to your basic login process. Think of it like this: Having 2FA required for your account login is like having a deadbolt and a keycode for your front door. That way if you lost your key, you would still be protected by the keycode. Or if someone overheard your keycode, you would still have the deadbolt in place.

Just as you would require both the keycode and the physical key to get into your front door, you would also require two different factors to access an account secured with 2FA.

There are three categories used for two-factor authentication:

  1. A thing you know (like a password or keycode)
  2. A thing you have (like a keycard or a mobile phone)
  3. A thing you are (like a fingerprint)

Your two factors should come from two different categories. This is often a password and an auto-generated PIN number that has been sent to you through a text or an app.

Many (if not most) people are guilty of using weak passwords or duplicating passwords for different accounts. This probably includes your employees. Adding 2FA to your security is a simple, easy, and inexpensive way to tighten security for your business.

Take a look at the different two-factor authentication apps available online, or contact Think to discuss options for your business needs. In the end, the one you will use will depend on the kind of deployment that you desire and the structure of your organization.

Is your business being targeted?

May 8th, 2019 Posted by Best Practices, Hackers, Security 0 thoughts on “Is your business being targeted?”

Two members of our staff and 3 of our clients were targeted by this phishing scam last month. You should know about it.

 

Have you seen the latest email phishing scam?

It looks like a quick email from your boss. They’re in a meeting and can’t talk, but could you stop and pick up some gift cards?

If you reply saying you will get the cards, the next email says to pick up $1,800 of Walmart gift cards and just take a picture of the numbers on the back of the card and email them back.

Which is where they really get you. Once you’ve sent the scammers the numbers on the back of the card, they have access to the money. And you have no way to get it back.

This scam is designed to take advantage of the fast-paced and informal nature of a lot of business communication. As well as the trust we place in our superiors. Two of the employees here at Think were targeted by this phishing attempt. A combination of cybersecurity knowledge and a good email filter helped ensure that neither of them fell for the scam. But others haven’t been so fortunate.

You can protect your business and your employees from phishing attempts with a few simple steps:

  1. Education – talk to your staff about what phishing is and what to watch for.
  2. Awareness – make sure your staff is looking at the sender and the contents of an email closely before clicking on links or replying.
  3. Protection – a good email filter will flag emails from outside senders, helping your employees identify untrustworthy sources more easily.

Phishing is one of the leading cybersecurity vulnerabilities for a business. Take steps to protect your business and don’t get caught!

5 Reasons Your Business Needs a Backup and Recovery Plan

May 6th, 2019 Posted by Best Practices, byod, Cloud, Data, Disaster, Hackers, Security, Staff 0 thoughts on “5 Reasons Your Business Needs a Backup and Recovery Plan”

If you lost all your business data today, how long would it take for your business to recover? What steps would you take to get everything up and running again? How would it impact you financially? Knowing the answers to these questions is all part of being prepared. Just like having a back up and recovery plan. Here is some more compelling evidence that this is a necessary part of any business today:

1. Data is Easy to Lose – not just major events, a lot of it is human error. This is especially true in a BYOD culture where you may have business data being stored on personal laptops or in personal cloud accounts of your employees.

2. Cyber Attacks Keep Coming – the average cost of an attack for a company with 10 – 24 employees is over $38,000, and it just goes up from there. It doesn’t matter what type of business or the size, hackers will target anything they can profit from.

3. Downtime – loss of data can bring your entire business to a grinding halt. And if that data can’t be recovered, it takes even more time to replace (if that’s even an option).

4. Irreplaceable Data – some documents or files are truly invaluable. Everything from client lists and research to files on upcoming projects. If all that disappeared in one day, where would your business be?

5. Reputation – do you hold any sensitive or personal data on for your clients or customers? Or data that your clients will need to access in the future, like health care records or financial information. How would telling them it was all gone impact your relationship with them? Or your reputation in the business community?

A variety of back up and recovery options are available and can be customized to suit your business. Contact one of our engineers today if you would like to learn more about your options or get an expert’s perspective on developing your own backup and recovery plan.

The Inevitable eMail Scam

February 25th, 2019 Posted by Best Practices, Communication, Data, Desktop, Disaster, Hackers, Security, Services 0 thoughts on “The Inevitable eMail Scam”

Some things in life are guaranteed to happen, like death, taxes, and email scams. The email scams get more creative as time goes by.

One of the latest email scams going around has a particularly devious set up.

Targets of this scam receive an email from what looks like their own email address, as if you’d sent an email to yourself. This is strange enough to ring alarm bells, but it gets more alarming when you read the content of the email. The scammer claims to have installed programs on your computer that tracked all your information (including accounts, passwords, and contact lists) as well as recording you via your own webcam. Then the inevitable threat: pay $1,000 in bitcoin to the scammer within 48 hours, or everyone on your contact list will receive compromising personal information and video of you.

The language in the email is much coarser than that, but you get the idea. And it is a scam. This person didn’t send the email from your account, no matter what it looks like. And they don’t have access to your personal information or your webcam. There’s nothing to ransom; they’re just hoping to scare you badly enough to get you to pay them.

What You Can Do

Getting a good filter will help keep a lot of the junk from ever reaching your inbox.

Staying aware of the latest types of scams will help you be aware of what could come your way.

And always, always take a minute to think through and, if necessary, research anything that looks suspicious. A quick Google search can show you if others have encountered a similar situation.

If you want to do more to protect your email but aren’t sure where to start, our engineers would be happy to help. Contact us today to schedule a consultation and learn more about what you can do to protect yourself and your business.

Windows 7 & Windows Server 2008 r2 Are On Their Way Out

February 14th, 2019 Posted by Best Practices, collaboration, Communication, Data, Desktop, Devices, Disaster, Hackers, Managed Service Provider, Security, Services, Windows 7 0 thoughts on “Windows 7 & Windows Server 2008 r2 Are On Their Way Out”

All good things come to an end, and that includes operating systems. This time around it’s Windows 7 and Windows Server 2008 r2. As of January 14, 2020, Microsoft will no longer be providing security updates for these systems. This means that any devices running on these operating systems will become vulnerable to security threats after January 14, 2020.

What You Can Do

We encourage you to begin planning for the upgrade of these devices to a newer, more secure operating system. The sooner you start this process, the easier it will be to ensure that you can:

  1. Have time to determine the most beneficial IT solutions for your business.
  2. Work in the transition period during a more convenient time for you and your staff.
  3. Plan for the expense of the upgrade.

What You Don’t Want to Do

Put it off until the last minute. Something this vital to your business operations and security isn’t something you want to rush or push to the side.

We’re Happy to Help

Here at Think our engineers are ready to help you find the best IT solutions for your business. And with their extensive experience and knowledge, they can help make the transition as smooth and convenient as possible for your business and your staff. To schedule a consultation with a Think engineer, contact us today.

For more information from Microsoft, you can read their information page here.

Secure Shopping

Stay Secure When Shopping Online

November 14th, 2018 Posted by Cloud, Data, Desktop, Hackers, Hosted Services, Managed Service Provider, Security, Services 2 thoughts on “Stay Secure When Shopping Online”

9 Tips for Secure Shopping Online

As we approach the holiday season, we encourage extra mindfulness when it comes to online shopping.

There are some simple precautions that will make your online purchases more secure, including using reputable third-party pay services (like PayPal) whenever possible, always logging out of sites after you’ve completed a purchase and selecting one credit card for all online purchases to limit exposure.

Here are 9 tips for staying safe online, so you can start checking off items on that holiday shopping list:

1. Use familiar/trusted websites – Start at a trusted site rather than shopping with a search engine. Search results lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it’s less likely to be a rip off. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example).

2. Look for the padlock icon – Never buy anything from a site that doesn’t have SSL (secure sockets layer) encryption installed. You’ll know if the site has SSL because the URL for the site will start with “HTTPS” instead of just “HTTP”. An icon of a locked padlock will appear, typically in the status bar at the bottom of your web browser, or right next to the URL in the address bar, depending on your browser. Never give anyone your credit card over email.

3. Don’t provide all of your info– No online shopping store needs your social security number or your birthday to do business. However, combined with your credit card number, your social security number and other identification numbers can do a lot of damage. When possible, default to giving the least amount of information.

4. Check your bank statements – Don’t wait for your bill to come at the end of the month. Go online regularly during the holiday season to review statements for your credit card, debit card, and checking accounts. Make sure you don’t see any fraudulent charges. If you do see something wrong, pick up the phone to address the matter quickly. In the case of credit cards, pay the bill only once you know all your charges are accurate.

5. Protect your devices – You can protect against malware with regular updates to your operating system, browsers and software. Software companies add security updates along with every upgrade released. Installing updates as soon as they are released can help you better protect your devices against malware. You should also run a reputable, anti-virus product on your home PC or laptop. This will help prevent your device from becoming infected with malware.

6. Use strong passwords – It’s always important to utilize strong passwords, but it’s never more important than when banking and shopping online. Make sure your passwords are unique for each website, contain a healthy mix of letters, numbers and symbols when allowed. Passwords should not be easy to guess (like your last name or birthday). Use a password protected spreadsheet or secure app to store your passwords. When possible, set up multi-factor authentication for additional security.

7. Avoid shopping on public devices – It should go without saying that it’s a bad idea to use a public computer to make purchases. If you must, remember to log out every time you use a public computer, even if you were just checking email. Avoid entering your credit card and expiration date on websites in public, even if you’re using your own devices. By doing so you’re giving onlookers the chance to steal your information. At the very least, double check no one is looking and be as discreet as possible.

Additionally, don’t use publicly available charging cords or USB ports to charge your devices. Publicly available power outlets are generally fine, but the cords or ports could be used to deliver malware to your phone.

8. Avoid shopping via public Wi-Fi – Avoid using public Wi-Fi hotspots – like the ones at coffee shops, airports, hotels, etc., for online shopping. If you do use a public Wi-Fi hotspot, be sure to use a Virtual Private Network (VPN) so others cannot intercept your communications. As an alternative, stick to the mobile network and create a personal Wi-Fi hotspot with your phone.

9. Keep an eye out for obvious scams – Stick to the source when you buy gift cards; scammers like to auction off gift cards on sites like eBay with little or no funds on them. Some scams offer of a free product with purchase, like an iPad or even holiday job offers. Many of these “offers” will surface on social media or phishing emails. Be wary if you get a message from friend claiming he or she has been robbed, especially a friend overseas looking for money to be wire transferred, unless you absolutely can confirm it by talking to him or her personally. Skepticism in most cases can go a long way toward saving you from a stolen card number.

Trust Your Judgement

If you’re shopping online and something seems fishy, it probably is. Trust your judgement or ask for a second opinion before submitting your credit card or other personally identifying information online. No purchase, no matter how great of a deal, is worth the risk of identity theft.

While following these guidelines won’t completely eliminate the chance of becoming a victim of cybercrime, they can help you avoid risky situations and protect yourself against identity theft.

Happy Shopping!

 

Sources: PC Mag & ColoradoBiz

Technology News - March 2018

Technology News – March 2018

February 27th, 2018 Posted by Hackers, Internet, Security 0 thoughts on “Technology News – March 2018”

Your Guide to the Most Relevant Technology News

Here’s what we’re reading this month:

Everything you need to know about blockchain, a new technology used for sharing information, and how it will change the business world. Read more here.

The order overturning net neutrality rules was officially published. The Federal Communications Commission’s (FCC) order hands internet service providers the power to control the content consumers can access. Many technology companies are supporting the congressional bid to reverse the net neutrality repeal and protect an open internet. Read more here and here.

Two experimental SpaceX satellites successfully deployed into space at the end of February. The satellites are designed to help lay the foundation for Starlink, a huge network of SpaceX satellites that aims to provide 100% global internet coverage within five years, a crucial leap forward for the billions of people currently without internet access. Read more here.

The latest cyber security tips from Forbes on how you can protect yourself in a world where almost everything has a computer and every computer has the potential to be hacked. Read more here.

WordPress Sites Hacked Due to Exposed Vulnerability

February 8th, 2017 Posted by Best Practices, Hackers, Internet, rest api, Security, wordpress 0 thoughts on “WordPress Sites Hacked Due to Exposed Vulnerability”

WordPress 4.7.2 was released last Thursday, January 26th. If you have not already updated, please do so immediately.

A WordPress bug called REST API Endpoint allowed more than 100,000 websites to be hacked over the past two weeks. According to security firm Sucuri, websites have been hacked solely because the admins did not make an update to their WordPress as advised by the company. The exploit allows hackers to update content published on a WordPress website running with the 4.7.0 or 4.7.1 versions.

The security flaw, a zero-day vulnerability which affects the WordPress REST API, allows attackers to modify the content of posts or pages within a website backed by the WordPress content management system (CMS).

The reason the vulnerability wasn’t made public at the time of WordPress 4.7.2’s release was the real worry that malicious hackers might race to exploit the flaw, attacking millions of blogs and company websites. We have here, but not before a few headlines on Data Center Knowledge were altered to read “Hacked by (insert group name here)”. Sucuri also warned that version 4.7.2 may not automatically update even if that feature is turned on in WordPress.

MuhmadEmad, a Kurdish anti-ISIS hacktivist working for the Kurdlinux team, has hacked thousands of websites, leaving a message praising the Kurdish Peshmerga forces. This is not the first time the Kurdish hacker targeted websites leaving a message saying ‘Long Live the Peshmerga’. On Monday, the National Treasury Management Agency (NTMA) said that its official website was hacked by MuhmadEmad. “The perpetrator also posted a picture of the Kurdish flag, and wrote ‘long live Peshmerga’.”

To avoid your websites from being hacked with this exploit, Cyber Security professionals have requested to update to the latest WordPress version 4.7.2.

Please contact our sales team at sales@thinknettech.com if you have any questions or concerns.

CONTACT US

888.98.THINK
970.247.1885
3067 Main Ave. Durango, CO
101 W. Main St. Farmington, NM
7483 E. Visao Dr. Scottsdale, AZ
5700 Washington St. Denver, CO

JOIN OUR TEAM

Join our team of hard-working, fun-loving, technology experts.

View Careers

© 2018 Think Network Technologies, LLC. All rights reserved.