MSPNetworks Blog

In this blog, we do our best to give people the knowledge they need to protect themselves and their organizations while operating online. With all the digital tools that we all have come to rely on, it’s important to understand the result of a data breach on organizations and their customers. In today’s blog, we go through six of the most devastating data breaches that happened in 2023. 

T-Mobile 

At the very beginning of 2023, telecommunications giant T-Mobile announced that it had suffered what ended up being the most noteworthy data breaches of the entire year. Cybercriminals were able to use the T-Mobile API to steal data…for months. When T-Mobile found out about the attack, more than 37 million customers had their personal data exposed. Unfortunately for the company, they were the victims of a second breach only months later that cost the business more than $100 million to remediate. Overall customer names, billing addresses, phone numbers, and emails were leaked online. 

Mailchimp

Also early in 2023, digital marketing company Mailchimp discovered a data breach that affected user accounts and employee information and credentials. They were the victim of a social engineering attack that was unfortunately successful. Victims had their names, store web addresses and email addresses stolen. 

ChatGPT

One of the major innovators of AI was the victim of a serious cyberattack in March of 2023. The attack exposed the first and last names of users and their email addresses along with access to payment addresses and the last four digits of their credit cards. Open AI, ChatGPT’s parent company, was forced to take the service down briefly to address the breach.

Yum! Brands

The parent company of major fast food chains KFC, Taco Bell, and Pizza Hut was attacked in April of 2023. When it was discovered, the breach was thought to have only affected corporate data, but after careful consideration, it was found that some employee personal data was exposed in the breach. The result was stark as the company was forced to close down hundreds of locations outside of the United States and continues to pay handsomely for the breach.

Activision

One of the largest and most successful video game publishers: Activision found they were hacked in February 2023, a breach that occurred in December of 2022. The company's release schedule was unearthed and so was some employee data. A third-party security contractor found that the breach was the result of an SMS phishing attack.  Employee emails, phone numbers, salary details, and work locations were exposed in the breach.

PharMerica

In the largest data breach of a HIPAA-covered entity in 2023, the pharmacy provider PharMerica reported that 5.8 million individuals’ personal information was exposed in March of 2023. The breach was the result of a sophisticated attack carried out by the ransomware group “Money Message.” Some of the information exposed in the breach includes names, addresses, dates of birth, Social Security numbers, individual prescription information, and health insurance data. 

These are the extreme examples, but your business is just as (or more) susceptible to a data breach than any of them. That’s why you need to take your cybersecurity strategies seriously. If you would like to learn more about what you can do to keep your business as secure as it can be, including strategies for employee training, data, network security, and much more, give us a call today at (516) 403-9001.

Your business’ computing infrastructure is a pretty resilient system. It has all types of tools added on to keep malicious code, bad actors, and even sabotage from ruining the good thing you have. This reliability has led to hackers changing the way that they go about their business. Nowadays, most of the attacks that affect businesses are phishing attacks. In today’s blog we will go through the elements of a phishing attack and how you can protect your business from them.

There are really four things you have to be aware of when you are considering if you’re looking at a phishing email. Let’s go through them now:

There is a Real Sense of Urgency to the Message

While a lot of the messages that we get in business have a demanding tone, there is something extraordinarily panicked about a phishing message. Essentially, phishing messages will urge the reader to take immediate action. This action could be in the form of clicking on links, downloading attachments, or giving over credentials that the scammer will then use to infiltrate organizational computing networks to deploy malware or siphon data.

Poor Grammar and Spelling

Many of these messages are created with the notion that the reader will be fooled by the overall legitimacy of the message. Many times they are subterfuge emails sent from a would-be financial institution or an insurance carrier; some business that has legitimacy. Typically, there are signs within the message itself that are blatant signs of its illegitimacy. Variables like misspelled words, poor use of grammar, and other red flags can tip users that the message is not legitimate. 

The Domain Is Wrong for the Message

When someone sends an official email from a business, typically the domain name of the email address that is sending the email will represent the organization that the message is coming from. If the address doesn’t come from the organization that is sending the message, that is a giant red flag. Most reputable organizations pay good money to host their own domain and if the address you are getting a message from doesn’t represent that, you have to believe that it is a scam. 

Suspicious Tone to the Message

You know the type of messages that you typically get. If a message you receive doesn’t meet the criteria of “normal”, you should immediately look to verify with the presumed sender of the message that it is legitimate. If it feels off, it probably is. Make sure you get this confirmation through a different means of communication.

Phishing attacks are everywhere. If you get messages that don't feel right, don’t interact with them—follow up. For more great tips and tricks return to our blog soon. 

The Internet of Things is everywhere and that means that it’s important to understand how much of a potential security risk these devices can be. From smart speakers to smartphones, it's important that you understand how these devices can create problematic situations. In this week’s blog we will discuss how you can protect yourself against IoT vulnerabilities at home.

Why the IoT Is So Insecure

There are several factors to why the Internet of Things is insecure. The first is that the demand for smart devices has created a situation where manufacturers are trying to get as many devices out on the market as possible and in their haste, they don’t do enough to build secure environments. Another reason is that many people don’t have the security acumen to do the things needed to improve security for a network that features a lot of IoT devices. 

These smart devices are super useful, but if they were to be hacked, it can cause a lot of problems for you. If not secured, hackers can gain access to webcams, access your heating and lighting systems if they are connected to the Internet, gain access to account information—or even financial information, deploy malware, and even turn your smart devices into agents of chaos (also known as a botnet).

How to Secure IoT Devices on Your Network

Obviously, with so much at stake, you will want to know some actions to take to properly secure these devices. Much of what can be done are good strategies to secure your network in general. These actions include:

• Secure your router - Obviously, securing your router has a major effect on your ability to keep your network, and therefore your IoT tools, secure. You will want to change the SSID and password of your wireless network.
• Start a guest network - A great way to ensure that your IoT devices aren’t going to negatively affect your network is to create alternative networks that separate these devices from your core computing infrastructure. 
• Change all individual device passwords - This may take some time, but if security is your aim, you can do worse than actively changing every device’s login credentials and passwords frequently. 
• Use complex and unique passwords - One of the best ways to secure password-protected digital assets is to make sure to build passwords with security in mind. Use all types of different strategies including a combination of upper and lower case letters, numbers, and symbols to give yourself the best chance at maintaining security. 
• Use two-factor authentication - Adding security to your strategy, two-factor authentication can be a really useful tool; especially with IoT devices that often lack the strong security features of more complex computing devices. 

IoT is becoming increasingly important at work and at home, so doing what you can to keep from dealing with attacks and other digital issues is important. If you would like more useful security tips, or you just would like to have a conversation about how to best secure your IoT, give us a call today at (516) 403-9001.

When security breaches and data breaches are mentioned in the same breath so often, it’s easy to look at them as one and the same. However, we want to take a moment to explain the differentiating factors between the two, as it could be all the most important for protecting your business in the future.

Defining the Security Breach

A security breach can be explained as unauthorized access to company-owned accounts. This happens when people, or other machines, gain access to an account without the appropriate authorization. This could include the device, the network, a website, a server, or any other part of your IT infrastructure.

Defining the Data Breach

Compare this to the data breach, which is a specific type of security breach that involves unauthorized access to data, like computer files or documents. This also includes the alteration and destruction of data.

Why Does This Difference Matter?

Data breaches are indeed a security breach, albeit a very specific one. However, it’s important to know the differences between the two because of the semantics involved with regulations and other data protection laws out there. There are specific definitions for what constitutes a data breach. To put this into perspective, consider this scenario; when encrypted data is accessed and stolen, would it be considered a security breach or a data breach?

And now you see where the definitions come into play. We always try to encourage our readers to avoid security breaches at all costs, which is why we recommend software like firewalls and antiviruses that can proactively prevent these types of issues. Furthermore, we also recommend that you implement patch management and routine maintenance into your technology strategy to keep these systems ready to protect your business. Combine all of this with security training and complex passwords or multi-factor authentication, and you have an adequate security system in place that can keep most threats at bay.

MSPNetworks knows and understands your plight, and we would be happy to discuss with you what you can do to better protect your business. To learn more, call us today at (516) 403-9001.

Small businesses have a lot to worry about in terms of technology, but one of the things that often gets overlooked is network security. Some small businesses feel that they are too small to be considered a viable target for hackers, but they are wrong; all businesses have data valuable for hackers in some form.

Imagine for a moment just how much sensitive data your business stores on its network. You have payroll records, including bank account numbers and routing numbers, personally identifiable information, contact information, and all of the details about your relations with your clients, as well. It doesn’t really matter what industry your business is in. All businesses should take security seriously. Here are some reasons why your organization should prioritize security.

Security is Proactive, Not Reactive

Imagine that your workday is disrupted by a security discrepancy that puts your entire infrastructure at risk, all because someone clicked on the wrong link in an email and downloaded an infected attachment. You now have to contend with the countless issues related to that threat. You can dodge these issues by protecting your business ahead of time so that they don’t affect you in the slightest. Imagine that same scenario, but with an adequate spam or phishing blocker. All of a sudden, that security solution paid for itself simply by preventing the downtime that clicking on such a link would cause.

Security Protects Your Business’ Future

If you were in the market for a new good or service, would you want to work with a company that doesn’t take your security and privacy seriously? This is one big reason why you need to protect your infrastructure; it protects the longevity of your organization. Businesses that let security fall to the wayside often lose clients because they don’t want to work with a business that is unreliable. When a business cannot obtain new clients due to word of mouth and online reviews soiling their reputation, that business is doomed to fail.

Security Keeps Your Bottom Line in Check

Businesses that fall victim to security threats or data breaches might become subject to fines as a result of exposing the wrong data to hackers. These fines, put in place by regulatory bodies, are preventative measures to encourage businesses to do the right thing and protect their infrastructures in a way that is consumer-friendly. These fines can be quite expensive, too, depending on the industry and the infraction. Cover all your bases now so you don’t have to pay up later down the road.

MSPNetworks can help your business implement security solutions that work for you. We can help you implement the strategies and tools you can use to keep your business safe both now and well into the future. To learn more, call us today at (516) 403-9001.

Mobile devices demand a special type of attention in order to ensure security. You want to ensure that your devices are protected as well as possible, but you also need to ensure that this does not come at the expense of your employees’ productivity or efficiency. We’ve put together a list of common security issues you might encounter when securing your mobile devices, as well as a couple of practices you can implement to work toward an adequate level of cybersecurity for your mobile infrastructure.

Malicious Applications

Mobile applications will be crucial to productivity with your mobile devices. Just like how laptops and desktops run software and programs, mobile devices require applications for various tasks, including data storage, file access, communication, productivity, and many more. You can usually find these applications on the designated app store for Android or iOS, but you might have to dodge a couple of malicious applications in the process. Make sure you are downloading the appropriate app from a trusted developer rather than a fake, malicious one.

Unsecured Connections

Mobile devices will be connecting to wireless networks in order to dodge the use of mobile data for every little task, but the problem with most public wireless networks is that they are unsecured and susceptible to attacks from all sorts of threats. Even if they are secured, they likely are not secured appropriately, and hackers might be able to intercept or view data traveling to and from your device.

Lost or Stolen Devices

One of the major challenges of mobile devices is the fact that they are… well, mobile, and as such, more likely to be lost compared to your traditional in-house technology solutions. It’s easy enough to misplace a smartphone or laptop, and it’s just as easy for a thief to walk away with it if you take your eyes off of them long enough. 

Security Solutions

To keep your mobile devices from becoming a major pain in the neck from a security standpoint, we recommend that you implement the following solutions and measures. They will go a long way toward keeping your business and its data safe.

• Mobile Device Management: An MDM solution gives your business the power to control app downloads and permissions on devices, all while remotely wiping lost or stolen devices as needed. It makes keeping track of your company’s mobile devices as easy as can be.
• Virtual Private Networks: A VPN is a powerful security tool that gives your mobile devices access to an encrypted connection to your business’ data infrastructure. This means that a hacker won’t simply be able to steal data while it’s in transit, and if they do, they will have to deal with military-grade encryption to make heads or tails of it.

Mobile device security doesn’t have to be difficult; make it easier by contacting MSPNetworks at (516) 403-9001!

With cybersecurity a priority for every business that depends on their IT, there are a lot of different strategies being utilized out there to keep threats off of networks and data safe. One of the most advanced strategies being used today is enlisting a service that runs a Security Operations Center (SOC). Today, we’ll investigate what a SOC is and how it works to keep threats at bay. 

Defining SOC

The Security Operations Center is a lot like the Network Operations Center (NOC), but its whole purpose is to monitor computing networks and devices and eliminate threats to their efficient operation. While that description may seem simple, business computing infrastructures are typically complex with a lot of end users, making network and device security a complicated endeavor. 

Today’s businesses have computing infrastructures and networks that run around the clock, and the SOC is staffed to facilitate that 24/7/365 demand for security monitoring and services. Working hand-in-hand with your NOC (and perhaps other IT administrators depending on the complexity of your business’ IT), the SOC typically handles the overarching cybersecurity strategy. 

Typically, businesses want their IT to align with how they want to run their business and part of that is maintaining uptime and keeping threats off of the endpoints, networks, and the vast amount of infrastructure that makes up the network. After all, all it takes is one vulnerability to be exploited and it can create major problems. The SOC deploys a myriad of tools and strategies all designed to do one thing: stay ahead of threats to the network. 

How the SOC Operates

As we stated previously, the SOC functions much like a NOC in that its main purpose is comprehensive around-the-clock monitoring and notification. If something goes wrong on the network, the SOC will log the issue and do what it can to mitigate the issue. As these things happen it will notify the IT administrator (the NOC) of the issue to keep them in the loop. Let’s take a brief look at some of the services the SOC will provide:

• Complete assessment - The discovery process is a major part of how the SOC can be most effective. In being aware of all the hardware, applications, and other tools on the network(s) your business needs, the SOC can ensure that everything is monitored continuously. 
• Continuous monitoring - Not only will the SOC monitor software and traffic trends, it will also monitor user and system behaviors as a way to identify issues. 
• Thorough logging - Keeping large computing networks secure is a big job, and a lot of your executive and managerial team don’t have the knowledge or the time to stay on top of threats as they come in. Keeping logs of every action the SOC makes, including communications with vendors/employees and steps taken to keep the network and infrastructure free from threats is a great way to provide a layer of oversight to the security process. It’s also an important factor in staying compliant with any regulatory mandates. 
• Comprehensive Incident response and investigation - This is where the SOC really becomes a major benefit for the security of your company's IT. Not only do SOC technicians respond quickly to any incident, they also work fast to investigate what caused the issue in the first place. Going further than your typical IT management, the main benefit of the SOC is the mitigation of efficiency-sapping issues such as malware and other manners of attack. 

If you think your business could use a Security Operations Center service to keep your growing network and infrastructure clean from threats and working for your business, give MSPNetworks a call today at (516) 403-9001.

Penetration testing is a topic that you might often hear and read about on the Internet, but you might not know exactly what it is without having it explained to you by a professional. Today, we want to clear up any misconceptions or ideas you might have about penetration testing and how it relates to your business’ network security, compliance, and regulatory requirements.

What Is Penetration Testing? 

At its core, penetration testing is a strategy used by your IT department to test the security of your systems. Basically, your team will “hack” your systems themselves to see how they might stand up to hypothetical attacks. All your hardware and software will be tested for flaws in their operating systems, applications, and other parts of your computing infrastructure, all to identify the level of risk involved with your company’s network.

The big takeaway here is that penetration testing is responsible for managing risk for your organization. The more digital tools and resources your business utilizes, the more at risk your company becomes. Therefore, you need to take any and all measures to protect your business—penetration testing included. This type of probing can show you where there are holes or flaws in your security that must be patched up. If you fail to address them, you could be staring down data breaches and the costs associated with them in the near future.

We recommend that you perform a penetration test by working with network security professionals, as they know what to look for and how to conduct the procedure. The less risk you take on with your penetration testing, the better.

Compliance Concerns

When figuring out your risk, you’ll have to undergo an extensive analysis of the worst-case scenario if you don’t comply with regulations and other forms of compliance. If you fail to adhere to compliance laws, it could cost you dearly, and not just monetarily. It could end your business’ operations entirely. Sometimes failing to stick to these regulations could mean facing criminal charges.

Penetration testing ensures that you are adequately protecting this important data. This has never been more important, especially with regulatory bodies and legislators keeping close watch on data privacy issues. If anything, we can expect even more legislation to surface, making your job as a business professional even more difficult. Better to just leave securing your infrastructure to the professionals.

Reputation

Security can forge or destroy your reputation with your customers and prospective clients. If you are negligent with your protections, it could have disastrous consequences for your company’s patrons. People want to work with those who take their security seriously, so failing to do so could put your income source on the line.

MSPNetworks can help your business improve its security situation through regular penetration testing. To learn more, reach out to us at (516) 403-9001.

Getting your staff to care about your organizational network and data security may be more difficult than you might think, but it’s not a lost cause. Today, keeping your business’ organizational security strong relies heavily on your staff’s willingness to follow the right practices, so today we thought we’d give you seven tips to get your people to care about security

Be Up Front

One of the main reasons employees don’t often care about cybersecurity is the overt secrecy surrounding it. Today’s organization needs to come clean when it comes to the constant threats that are out there. If you want your people to have a vested interest in keeping your business’ information systems and data secure, you need to level with them. After all, they can’t help if they don’t understand.

Make it a Personal Investment

Your company holds a lot of your employees personal data. Let them know that along with any sensitive and proprietary data that could be lost in a data breach, that their data could also be vulnerable. In order to sufficiently secure your data and theirs, they need to know what’s at stake if they don’t actively follow cybersecurity procedures.

Top Down Security

Every member of your organization needs to understand that they could be targeted by hackers and fall victim to these threats. The more your employees understand that management is actively complying with security policies, the more willing they will be to alter the way they consider cybersecurity.

Gamify Your Process

People tend to be more engaged when there is incentive baked into a policy. Gamification is the strategy of scoring a person based on their efforts. This strategy works wonders for productivity so it stands to reason that it would work for cybersecurity awareness and following any organizational policy that’s in place to keep your systems and data secure. 

Standardize Procedure

One of the most important variables to get your people to follow the rules, is to have them in place to begin with. In cybersecurity, confusion can be a huge albatross, so ensuring that everyone is playing with the same rulebook is a must. This includes building procedures to handle attacks such as phishing as well as password hygiene and many other security-based policies. The more consistent your procedures are, the more likely your staff is to understand and follow them. 

Start from Day One

With all the threats that are out there at the moment, you will want to stress the importance of cybersecurity with current and new employees, alike. If you start hammering home the importance of compliance with security procedures from the day an employee starts at your business, the more likely they will continue to comply with them as they undertake their job; which for most of your staff, isn’t strictly cybersecurity. 

Keep Training

Security training is becoming commonplace at almost every organization, largely because the threats that it faces could have devastating consequences. You will want to invest in comprehensive training and re-training to ensure that your employees understand the importance of your cybersecurity initiatives, and that they are up-to-date on any and all changes to policy or strategy. 

Cybersecurity is a team effort today and if your organization isn’t stressing the importance of it, it’s only a matter of time until it rears its head. If you would like to learn more about training your employees on the best practices of cybersecurity,  creating a cybersecurity policy that works to keep your information systems secure, or if you would just like to talk to one of our IT professionals about cybersecurity best practices and procedures, give us a call today at (516) 403-9001.

There are countless cybersecurity threats out there, many of which wait until very unfortunate times to strike. One such time is over extended weekends or holiday breaks, when many companies shut down operations longer than the usual two-day weekend. In fact, this is such an issue that the Federal Bureau of Investigation and CISA have issued warnings in response to them.

The FBI and CISA issued an advisory in September warning companies to take preemptive actions to ferret out threats on their networks ahead of the Labor Day weekend. This is presumably because threat actors are aware that IT staff will have limited availability when offices are closed for long weekends, but the issue extends not just three-day weekends but also into holiday weekends in general. 

The advisory specifically cited ransomware attacks as potential problems, and looking at the trends from this year, it’s no wonder. A quick look at some of the high-profile hacking attacks over the past year shows a clear trend in these attacks being instigated against companies over holiday weekends. For example, the Colonial Pipeline attack occurred over Mother’s Day weekend, and the attack on JBS took place over Memorial Day weekend. The massive ransomware attack against Kaseya took place over the July 4th weekend.

If you think about it, escalated numbers of cyberattacks over holidays or long weekends make a lot of sense. Many organizations and businesses close their doors and shut down operations for the weekend, meaning that there are fewer people on staff to keep an eye on things. When there are fewer people working, there are more opportunities to sneak in and do some damage. It’s safe to say that while the rest of us are on break or holiday, a hacker’s job is never done, and they do not care for festivities as much as they care about ruining your business.

Therefore, we recommend that you consider the following: remote monitoring services, enhanced security protections, and regular audits of security logs so that you are never caught unawares, even over holiday breaks or long weekends. Through a combination of proactive measures and continuous review of your systems, you should be able to not only identify the potential for threats on your network, but prevent them entirely.

So, how does a business with limited resources still give their employees the time off they deserve while also protecting their network from the myriad of threats found in today’s connected world? We have a solution for you; MSPNetworks wants to help your business successfully navigate the dangerous world of cybersecurity without compromising on quality of protection. If your company struggles with technology management and there is a significant knowledge gap within your organization regarding cybersecurity, we would be happy to help fill that void.

Our systems can automatically monitor your network for suspicious activity and detect problems before they occur. This proactive monitoring can keep your organization from becoming a victim of cybersecurity threats like ransomware and other dangerous types of malware. Trust us when we say that the most effective way to protect your business is to take a hard stance on it before you get infected with some type of threat.

Don’t wait until something horrific happens to your business to take action against the ever-increasing number of cybersecurity threats. Contact us today at (516) 403-9001 and start your journey toward securing your company.

Artificial intelligence, commonly known as AI, is used in several different ways in various industries, but one of the most impactful has been with cybersecurity and its automation. On the other hand, however, are the hackers who use AI in ways that fly in the face of the efforts of these cybersecurity professionals and use AI for cybercrime. What are some ways that AI is used in cybercrime, and why is it so scary for businesses to handle?

Deepfakes

The term “deepfake” stems from the words “deep learning” and “fake media.” Essentially, a deepfake uses false imaging or audio to create something which appears to be authentic when it really isn’t. Used incorrectly, deepfakes can be incredibly harmful in a variety of ways. Imagine reading something on the Internet and having it be accompanied by a fake video or image that skews your perspective and leads you to believe one thing rather than another. AI-generated deepfakes can (and have) been used in this way, and they can even be used in extortion and misinformation schemes.

Deepfakes use AI to generate realistic videos, typically of a famous person with a lot of source material online to pull from. Videos can be generated of a celebrity or government official doing and saying virtually anything, misguiding the viewer and causing confusion. 

AI-Supported Hacking Attacks

AI can also help cybercriminals when they are going about your average hacking attack, like trying to crack passwords or infiltrate a system. For example, hackers can use machine learning and artificial intelligence to analyze and parse password sets; they then use the information gleaned from these password sets to more accurately guess passwords. These systems can even go so far as to learn how people adjust their passwords over time.

Furthermore, there have been instances of hackers using machine learning to inform and automate their hacking practices. Some systems can use machine learning to identify weak points in a system and penetrate them through those weaker links. The systems used can then autonomously improve their operations for greater effectiveness. It is quite concerning to say the least.

Human Impersonation and Social Engineering

AI can also impersonate human beings themselves by imitating their behaviors. Through the use of automated bots, it is possible for hackers to create fake accounts that are capable of performing many of the everyday things your average user might do on social networking sites, like liking posts, sharing things out, and more. These bots can even be used to turn a profit in certain circumstances.

The possibilities for artificial intelligence in a cybercriminal’s toolbox are just as endless as they are for augmenting the operations of businesses, and it is a threat that should be closely monitored both now and in the future.

Don’t let cybercrime of any type complicate your business’ future. To learn more about what we can do for your business to keep it safe and sound from all kinds of threats, reach out to MSPNetworks at (516) 403-9001.

Did you know that the United States is the leader in ransomware payments? According to a survey from Mimecast titled “The State of Ransomware Readiness,” the U.S. has the highest average payment for ransomware out of the entire world at more than $6 million per victim. These shocking numbers likely stem from high-profile ransomware attacks, but they are also indicative of a larger problem, that being people who still pay the ransom.

This study examined 742 cybersecurity professionals and found that 80 percent of them had become victims of ransomware attacks over the past two years. Of that 80 percent, 39 percent paid the ransom, with the average United States victim paying $6,312,190. To put that into context, let’s take a look at other parts of the world.

• Canada: $5,347,508
• United Kingdom: $850,000
• South Africa, Australia, Germany: $250,000

That’s for those who actually paid up, though. Close to 40 percent of victims did not pay the ransomware at all, and some were even able to negotiate a lower ransom. That said, the survey also cites that the primary instigation of these ransomware attacks were phishing attacks and web-based threats, and many victims believed that they needed to improve the security of their data centers.

Perhaps the best tool against ransomware attacks is to have a data backup system in place, but again, the survey claims that less than half of respondents had data backup systems in place. Even with this fact, 83 percent of respondents claim they can get their data back without paying the ransom, and 77 percent believe that they can get their operations back to normal within two days.

If your company were to suffer a ransomware attack, we urge you to think before taking any action to resolve it. First of all, what if you’re not actually infected and just making things worse for yourself by paying up? Second of all, what guarantees do you have that your data will be safe and unencrypted should you decide to pay the ransom? And third, how many other businesses or individuals are going to suffer because you just funded the activities of a cybercriminal? All of these factors influence how successful a ransomware attack is.

One thing you absolutely should do is contact your trusted IT resource to determine the extent of the attack. After this has been determined, you should have an easier time figuring out how to address your predicament. Still, we never recommend you pay the ransom. There are often other options to pursue; you just have to have the gumption to look past the immediate panic and focus on the big picture. Plus, you can also implement security solutions and measures that can deter ransomware later on, like multi-factor authentication, user permissions, and unified threat management.

Don’t let ransomware hold your business back from achieving its full potential. To learn more about how you can secure your company’s future, reach out to us at (516) 403-9001.

What happens when your company configures something on its infrastructure incorrectly? It turns out, according to a recent data leak, that a lot can go wrong, especially in regards to cybersecurity and the privacy of sensitive records. The affected software was not an unknown third-party application, but was actually Microsoft! How did one of the world’s largest software developers put out software that potentially exposed millions of records? Let’s dig into the details.

The data leak in question affected users of Microsoft’s Power Apps, a software that is widely used by many companies and organizations to share data, including such big-name organizations and agencies such as American Airlines, Maryland’s health department, and New York’s Metropolitan Transport Authority. This data leak was discovered by cybersecurity researchers at UpGuard, who promptly notified Microsoft after determining that the data leak was a potential security issue.

The issue has since been resolved, but throughout the duration in which the data leak was still active, information such as names, Social Security numbers, phone numbers, dates of birth, vaccination records, demographic information, and other sensitive information was unsecured and, therefore, could have been stolen or compromised by hackers. While this information was unsecured and could have been accessed at any point during this time, there is no indication that it was accessed in any improper way.

The crazy thing about this whole fiasco is that Microsoft claims that the application was working as intended and that the root of the issue was the way that the software itself defaulted to a setting that allowed for this type of data leak. Microsoft has yet to comment on why the default setting led to such a lack of security, but they have since adjusted the default settings to allow for greater privacy. Still, this does not necessarily excuse the lax privacy settings that the program defaulted to.

It all goes to show that you can never be too sure that your business’ sensitive information is properly secured, as the consequences of having said data leak can be quite devastating. Under ordinary circumstances, a security audit could have been used to identify this risk, but the fact that nobody knew that this was a concern meant that nobody was actively looking for it and, therefore, the security issue flew under the radar for far too long. It’s just one reason why you need to be extraordinarily careful with any sort of configurations your company makes to any tools that are used to store, share, or disseminate information like any records listed above.

MSPNetworks can help your business ensure that all of its system settings are properly configured, as well as work toward properly securing sensitive information of all types. With us on your side, you’ll never need to worry about whether or not you are unknowingly putting information at risk. We can monitor your network, perform security audits, and fulfill just about any other tasks that need to occur to keep your business as secure as possible.

To learn more, contact the cybersecurity experts of MSPNetworks at (516) 403-9001.

Data breaches have become all too common for small businesses over the past several years and when it seems like there is a solution to one problem, something even worse pops up. Part of a comprehensive risk management strategy is identifying problems and doing what you can to keep them from affecting your business. Let’s take a look at the major cybersecurity threats small businesses are facing in 2021 and what you can do to keep them from hurting your business.

Phishing

For the small business, phishing makes up a large percentage of problematic cybersecurity situations. Phishing is more of a scam than a hack, but regardless of how you view it, it is the most dangerous problem businesses have to face when considering cybercrime. A phishing attack can come on any communications medium (including social media) and it only has to work one time for it to become problematic for your business. 

It works like this: A member of your staff, working at their regular breakneck pace, accidentally clicks on an attachment in an email that they think of as something to do with their jobs. Turns out, the email was spoofed and the attachment just deployed malware on your network. This can be trojans, viruses, or something as terrible as ransomware. 

Phishing is not only the most prevalent form of cyberscam, it is also extremely hard to combat. The hackers that use it are getting more sophisticated, and if your business isn’t evolving your strategies to keep up, you have a pretty good chance of being a victim. You need to have a comprehensive training system in place to tell your team about the dangers of phishing and how to spot possible phishing attempts. 

Poor Password Hygiene

Like passing that guy at the gym that always smells like B.O., it’s a sour situation when poor password hygiene is the reason for a data breach or a malware infection. Like phishing strategies, today’s hackers have very sophisticated strategies to guess people’s passwords. Not only that, social engineering can expose poorly made or duplicated passwords pretty easily. 

Passwords are used by almost every organization online and it is important that your employees select passwords that aren’t obvious and aren’t duplicates from other accounts. It is also important that your organization understands how to keep their data safe through the use of password best practices, such as not having employees constantly change their passwords, as they have a tendency to make them simple to remember or they don’t change them much from previous passwords.

Holes in Software

Like most other products, software titles have a support staff attached to them. These teams include development professionals whose job is to keep it secure. These patches are rolled out pretty regularly. If you don’t patch your software, you could have major holes that can be exploited. These vulnerabilities are regularly taken advantage of and are effectively open doors for hackers to get into your network.

The best way to keep these vulnerabilities from appearing is to regularly patch your software with the updates as they come out. Doing so will close the proverbial doors to your network and data and keep your digital resources safe. 

If your business would like to talk to one of our IT experts about getting the cybersecurity protection you need, or if you would learn more about which strategies work the best to keep your business’ network and infrastructure free from threats, give MSPNetworks a call today at (516) 403-9001.

Small businesses often struggle with technology, primarily because they either lack strong IT leadership or they lack the resources to ensure IT maintenance and management happens without a hitch. There are several mistakes that a small business can make when it comes to technology management. Here are four of the biggest and most common that you absolutely cannot afford to make.

Stay Focused

Too many small businesses get caught up in the next big thing, not thinking about whether or not the thing that they are actively implementing is actually needed. The more complicated your network, the more opportunities there are for things to go wrong, be it a security breach, hardware failure, or software complication. And remember, your business should not be implementing a solution that it cannot handle, so ensure that you stay focused on implementing only technology that facilitates your organization’s goals.

Plan for Longevity

Businesses that fail to plan for growth and for the continued success of their organization will inevitably fall behind and fail to sustain continued operations in the long term. Therefore, it makes sense that any technology solution you choose to implement will be scalable to accommodate the future needs of your business. On a similar note, longevity also means planning for the worst-case scenario; you must have solutions like data backup and disaster recovery in place to ensure that your company can complete a speedy recovery when needed. Even if you never need it, it’s better to have it than to regret not having it.

Don’t Skimp on Security

So many small businesses think that they are immune to the dangers that come from cyberthreats. They see the headlines and think, “That’s not me,” or “I’m not a big enough target.” Well, we hate to break it to you, but you are wrong. All businesses have data that is valuable to hackers, be it sensitive personal information, payment credentials, or password credentials. It’s more important than ever to keep your security as optimal as possible; otherwise, you run the risk of crippling security threats compromising your network, interfering with operations, and threatening your organization’s future.

Don’t Wait Until Things Go Wrong

IT maintenance is something that is best kept in a proactive state rather than a reactive one. Many businesses choose to stay with the same old tired strategy of break-fix tech; when technology breaks, they fix it. This is not the correct stance to take in terms of technology maintenance. If you add up the costs of replacing hardware and downtime, you get an astronomical price tag that could easily be mitigated through regular, proactive maintenance. 

Now, we know that not all business owners are technology professionals. We get that, which is why we make it our mission to provide high-quality business technology management solutions that make it easy for you to focus on your day-to-day business operations. By focusing on providing excellence in service, we free up you and your employees to do what they do best. It’s a low-cost, high-reward solution that is sure to bring value to your business.

To learn more about managed IT services, reach out to MSPNetworks at (516) 403-9001.

To say someone is adept at a task is to say that they are a professional, or someone with a considerable amount of knowledge that contributes to their ability to complete a particular task. In cybersecurity, this is extremely important, as the entire concept of cybersecurity is complex by nature. Your business too can improve its cybersecurity practices and shift focus to a more mindful approach to network security.

First, let’s consider some of the challenges that small businesses face related to cybersecurity. Then, let’s talk about what it means to be a security professional and how your organization can use this knowledge to its benefit.

The Challenges of Security for SMBs

Security is a huge problem for small businesses, especially those that don’t take it seriously or think that they are not a target. The truth of the matter is that hackers don’t care how many employees you have or what industry you are a part of. Your business has data that hackers would find valuable, period. While many want to take it seriously, there are barriers that many businesses perceive to be in the way, chief among them a lack of security expertise and a lack of funds to hire top cybersecurity talent.

What Does It Mean to Be a Cybersecurity Professional?

This might seem like an odd question to ask, but we want to make sure that businesses understand what they must look for in a cybersecurity professional. Here are some traits that a security professional will have:

• A focus on proactive, preventative defenses rather than a reactive approach
• A divorce from security biases that prevent one from making objective decisions
• The technical knowledge and expertise necessary to understand cyber threats
• An understanding that security also requires training of staff and higher-level executives
• The flexibility to adapt to new threats and learn from them

Ultimately, whoever is at the helm of your cybersecurity strategy must possess these personal and professional traits. Failing to do so puts your organization at risk.

How to Become a Cybersecurity Adept Yourself

We won’t beat around the bush with this one; you are not going to become a cybersecurity professional overnight. Technicians have to undergo extensive training that involves meticulous attention to detail and a thorough understanding of the countless threats out there, as well as knowledge on how to respond to each of them. Suffice to say there is a reason why so many businesses choose to outsource this responsibility.

In a sense, trusting your organization’s security to outsourced professionals does make you a cybersecurity adept. Not only do you acknowledge that there are professionals whose jobs are specifically to handle this responsibility, but you also understand that security is nothing to mess around with. It’s a win-win scenario. MSPNetworks can be the professionals you trust your organization to. To learn more, reach out to us at (516) 403-9001.

Almost daily there is another data breach reported that exposes data for hundreds of thousands or millions of people. This is a troubling trend. One of the most troubling events happened recently as 700 million profiles from the social media network LinkedIn were found for sale on a popular hackers forum. What’s worse is that the company isn’t admitting that it had been breached recently. Let’s take a brief look at this situation and try to unpack what is going on with LinkedIn.

LinkedIn’s Sketchy Security History

Most people know all about LinkedIn. It is a social media site where professionals can network with other professionals. For all the good the social network tries to do, they’ve also been a major target for hackers. Back in 2012 they had 6.5 million accounts stolen by a Russian hacker and had nearly 100 million email addresses and passwords exposed. A year later there was more controversy as LinkedIn used man-in-the-middle attacks to intercept user emails and move them to LinkedIn servers. Finally, in 2018, after Microsoft’s acquisition of the company, LinkedIn users began to start getting extortion emails from account information that had been for sale on the Dark Web.

On top of those big hacks, LinkedIn has been connected to several other security breaches and failures, including the repeated use of fake LinkedIn accounts to facilitate data theft and unauthorized access to third-party networks. 

2021 Issues

In April, 500 million LinkedIn user accounts were put up for sale on a popular hacker forum. A new posting was not the result of a data breach. This information was scraped, but still included full names, email addresses, phone numbers, workplace information, and much more. With a user base of about 740 million users, this represented a large amount of the people that use LinkedIn. 

If this wasn’t troublesome enough, there have been reports that LinkedIn is removing access to scholars and other active individuals inside China without any explanation by the company. This has some intellectuals and other active users of the platform concerned over the way the company is censoring information to operate in the Chinese market, which is known to suppress the availability of information to their nearly two billion constituents.

Just recently, it was reported that a data breach occurred that allowed hackers to make information available from over 700 million records from LinkedIn, over 92 percent of the user base. LinkedIn, not addressing the fact that most of the personal information they have been tasked with keeping secure is now available for purchase, defiantly put out the following statement: 

• Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed. Our initial investigation has found that this data was scraped from LinkedIn and other various websites and includes the same data reported earlier this year in our April 2021 scraping update.
  
  
• Members trust LinkedIn with their data, and any misuse of our members’ data, such as scraping, violates LinkedIn terms of service. When anyone tries to take member data and use it for purposes LinkedIn and our members haven’t agreed to, we work to stop them and hold them accountable.
  
  
• For additional information about our policies and how we protect member data from misuse:
  https://www.linkedin.com/help/linkedin/answer/56347/prohibited-software-and-extensions

What is Scraping?

Scraping, in this context, is short for a method of data harvesting called web scraping, or web harvesting. It is the act of using software to effectively copy material from websites using the website’s code. It is a method hackers use to gain invaluable information from websites without going through the original channels. In the case of many business websites that get scraped and have data stolen, the hackers actually don’t need to do as much as you’d think. Many utilize the relatively open nature of a business’ API (application programming interface), giving them direct access to the data they are looking to take. 

We all trust these major corporations to do what they can to keep our sensitive data safe, but as they generally use it to maximize their ability to create revenue, it becomes difficult to trust them to keep your best interest in mind. 

Keeping your data safe has become more difficult, and more important, than ever. To learn how we can help your business secure your data, give us a call today at (516) 403-9001.

For all the attention that we (and many others) give to cybercrime, people are still falling victim to hacks and scams every day. With most businesses operating more in the digital sphere than ever before, it stands to reason that they need to do more to keep from being a victim of a data breach or worse. Here are six things your business should do to keep from being a victim of a cyberattack.

#1 - Train Your Staff

You will want to establish basic security practices that make sense. You will want to go through how to identify a phishing attack and what to do if they come across one. You will want to explain what good password hygiene is and what benefits it offers both for your business and for them, individually. You will also need to go through the best practices of handling customer, vendor, and their contemporaries’ sensitive information. 

#2 - Patch and Manage

You will want to keep your business’ infrastructure updated and managed. This includes all machines and endpoints, web browsers, software; any part of your IT infrastructure that, if it were to be breached, could have a huge negative effect on your ability to continue business.

#3 - Security Solutions

Make sure that your firewall, antivirus, and any other security solution you have in place to protect your business is updated with the latest threat definitions. This includes setting up firewalls or a VPN for every member of your staff that is working remotely. 

#4 - Backup Your Data

In order to protect your data, regularly backing it up and storing it multiple places is suggested. That way you have copies of your data to restore from if something was to be corrupted, some IT were to fail, or there was some type of user error; and, also if some disaster were to compromise your data at your place of business.

#5 - Secure Wireless Networks

You will want to secure your Wi-Fi network(s). It should be hidden from view and encrypted to give your business the best chance at mitigating potential hacks aimed at accessing your wireless network. 

#6 -  Promote Sound Password Hygiene

Ensuring that your staff understands the best practices of using passwords and multi-factor authentication can go a long way toward protecting your business from outside threats. Passwords should be complex, but also easily remembered and use multiple characters.

If you are going to keep your data and infrastructure free from threats, these six steps are the bare minimum. If you would like to discuss additional steps you can take to protect your business’ most important assets, give our IT experts a call at (516) 403-9001 today.

Phishing emails are a real problem for today’s businesses, which makes it critically important that you and your team can identify them as they come in. Let’s touch on a few reliable indicators that a message isn’t a legitimate one.

What Makes Phishing Attacks So Bad?

One of the largest threats inherent in a phishing scam is that there is a relatively low barrier for entry. There’s a tendency to romanticize hackers somewhat, picturing them in dark rooms lit only by an array of computer monitors as their fingers dance across their keyboard. While cinematic, this imagery is grossly inaccurate. In truth, hacking has trended more towards the psychological, focusing on user manipulation over fancy programming skills.

Which sounds easier to you, learning how to pick a lock, or asking someone for their keys?

Phishing attacks are not only easier on the cybercriminal, they’re also effective. It’s easy to be fooled by a legitimate-looking email or website, especially when you aren’t anticipating being scammed.

Let’s say someone poses as your bank. At first glance, there may be every indication that the email they send is legitimate. A quick look at the sender’s address may pass muster, the bank’s logo and contact information may be present, even any filters you have set up to organize your emails may work.

At a glance, all may be in order… which is exactly how many phishing emails will get you.

While phishing emails themselves aren’t usually dangerous, they contain links to risky and insecure websites or have nefarious files attached to them. Generally, these elements are where the danger lies.

Spotting a Phishing Attack

Let’s go through a step-by-step process to check any email that you may receive. The first sign of phishing can be found in its tone: if it has a too-good-to-be-true offer, is overly urgent, or is requesting information about one of your accounts unprompted, you’re right to be suspicious.

Check all links to confirm they direct to a legitimate URL. DON’T CLICK THEM. For example, if the email were from Amazon, links would most likely lead back to amazon-dot-com. However, anything added between “amazon” and “dot-com” is a sign of trouble. Furthermore, the dot-com should be immediately followed by a forward slash (/).

Let’s go through a few examples to demonstrate how important the little details of a URL can be, using PayPal as our subject.

• paypal.com - Safe
• paypal.com/activatecard - Safe
• business.paypal.com - Safe
• business.paypal.com/retail - Safe
• paypal.com.activatecard.net - Suspicious! (notice the dot immediately after PayPal’s domain name)
• paypal.com.activatecard.net/secure - Suspicious!
• paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

Check how the email address appears in the header. If you ever receive an email from Google, the address isn’t going to be “gooogle@gmail-dot-com”. If you’re unsure, throw any email addresses into a quick search for legitimacy.

Be wary of any attachments. As we mentioned above, most email-borne threats are going to be transmitted as an infected attachment, or as a link to a malicious website. If an incoming email has either a link or an attachment, exercise caution.

Don’t take password alerts at face value. Some scammers will use phishing emails to steal your credentials. Stating that your password has been stolen or some similar breach has occurred, the email will prompt you to supply your password—springing the trap.

If all this sounds like we’re telling you to wonder if any of your emails are legitimate, it’s because we are, in a way. With a healthy sense of skepticism, email and email correspondence can be very useful business tools. Many phishing attempts can also be weeded through with a reliable spam-blocker as well.

Want us to assist you with your email security? Call up our team of professionals by dialing (516) 403-9001.

COVID-19 has changed the way that most business owners look at a dollar. For months, businesses have been making strategic budget cuts to try to stay afloat. Cybersecurity has been the ultimate growth industry over the past several years, but in the face of the pandemic, the market for these products and services is seeing substantial retraction. In fact, Gartner estimates that in 2020, the cybersecurity industry will shrink by almost $7 billion. Today, we’ll take a look at the cybersecurity market and why it is important not to slow your cybersecurity spending if you can help it.

The Cybersecurity Market

As more people lean on technology, the cybersecurity industry has been a major beneficiary. The cybersecurity market was estimated to hit $170 billion in 2020 with the United States and Europe making up for nearly 70 percent of all spending in the area. The areas that have seen the most growth recently are the SIEM/security analytics market, threat intelligence, mobile security, and cloud security. In fact, cloud security has seen a 50 percent increase since 2016. 

Why is all this necessary? Simple. Cyberattacks evolve as fast as (or faster than) the security systems in place to thwart them. This has led to massive growth for the better part of the past decade. Since cyberattacks cost businesses nearly $500 billion a year, the large market growth is justified. New sectors like FinTech have pushed cybersecurity companies to innovate faster than ever.  

The COVID-19 Effect

The era of ridiculous cybersecurity spending was on its way out already with business owners and decision makers finding that the return on their security investments weren’t strong enough to facilitate limitless spending initiatives. What nobody who works in cybersecurity saw coming was a global pandemic that would force CIOs to cut into their cybersecurity budgets. 

That’s not to say that businesses weren’t heavily investing in cybersecurity. They absolutely were, and are, but with the only metric to compare it against is a full-fledged data breach, notoriously optimistic executives see the value in spending that money on other things; and; make no mistake about it, until something terrible happens, they will look correct in appropriating those funds from cybersecurity to some other use.

Cybersecurity is the Last Technology You Should Cut

Without strong cybersecurity protections, your business has an even smaller chance to survive an already risky situation. It doesn’t take much for an attack or breach to put a healthy business out of commission, cause layoffs, or at the very least, put financial strain on an organization. If it were to happen now, it will sting even more.

Let’s talk about your cybersecurity, and how to get the most protection for what you have. Give us a call at (516) 403-9001.