MSPNetworks Blog

The Internet of Things is everywhere and that means that it’s important to understand how much of a potential security risk these devices can be. From smart speakers to smartphones, it's important that you understand how these devices can create problematic situations. In this week’s blog we will discuss how you can protect yourself against IoT vulnerabilities at home.

Why the IoT Is So Insecure

There are several factors to why the Internet of Things is insecure. The first is that the demand for smart devices has created a situation where manufacturers are trying to get as many devices out on the market as possible and in their haste, they don’t do enough to build secure environments. Another reason is that many people don’t have the security acumen to do the things needed to improve security for a network that features a lot of IoT devices. 

These smart devices are super useful, but if they were to be hacked, it can cause a lot of problems for you. If not secured, hackers can gain access to webcams, access your heating and lighting systems if they are connected to the Internet, gain access to account information—or even financial information, deploy malware, and even turn your smart devices into agents of chaos (also known as a botnet).

How to Secure IoT Devices on Your Network

Obviously, with so much at stake, you will want to know some actions to take to properly secure these devices. Much of what can be done are good strategies to secure your network in general. These actions include:

• Secure your router - Obviously, securing your router has a major effect on your ability to keep your network, and therefore your IoT tools, secure. You will want to change the SSID and password of your wireless network.
• Start a guest network - A great way to ensure that your IoT devices aren’t going to negatively affect your network is to create alternative networks that separate these devices from your core computing infrastructure. 
• Change all individual device passwords - This may take some time, but if security is your aim, you can do worse than actively changing every device’s login credentials and passwords frequently. 
• Use complex and unique passwords - One of the best ways to secure password-protected digital assets is to make sure to build passwords with security in mind. Use all types of different strategies including a combination of upper and lower case letters, numbers, and symbols to give yourself the best chance at maintaining security. 
• Use two-factor authentication - Adding security to your strategy, two-factor authentication can be a really useful tool; especially with IoT devices that often lack the strong security features of more complex computing devices. 

IoT is becoming increasingly important at work and at home, so doing what you can to keep from dealing with attacks and other digital issues is important. If you would like more useful security tips, or you just would like to have a conversation about how to best secure your IoT, give us a call today at (516) 403-9001.

Most organizations are trying to figure out how to secure their IT against the constant flood of threats out there. Unfortunately, the biggest threat out there isn’t something that you can actively protect against. Can you guess what it is?

Unfortunately, it’s your employees, and their potentially lax password practices—and while you can’t really protect yourself against insecure passwords, you can minimize the likelihood that they’ll be used.

A Password Manager is a Great Security Asset

A password manager is a great little program, as it allows you to store all of the credentials that you would otherwise be tasked with remembering.

But wait, I can hear you saying, aren’t you not supposed to write down your passwords?

Usually, yes! However, reputable password management solutions give you a place to store these passwords that’s heavily fortified through encryption. That’s the key difference between the password manager and a little notebook that you keep around.to scribble credentials in…only one of these options features the security that encryption provides (and it isn’t the little notebook).

Considering that the average user needs to remember dozens of passwords, having a safe place to store them is a huge benefit.

This is just the start of the benefits that a password manager provides. In addition to the secure convenience, a quality password manager will allow you to generate more secure passwords to use…all accessible to you behind a single master password.

With all of the credentials you may need easily accessible, either through a browser plugin or dedicated desktop/mobile applications, you can rest easy knowing that you and your team members won’t be locked out of a necessary solution at an inopportune moment.

Speaking of your team, a password manager makes it far easier for them to share the credentials that they’ll need to use amongst one another. You can share access to them as needed, making it easier to endorse productivity.

So, to sum up, a password manager:

• Helps you to use sufficiently secure passwords
• Assists you in creating passwords that are more secure
• Enables your entire organization to access shared resources easily

We Can Get Your Business Set Up With a Password Manager

Turn to us to ensure you select a reputable and reliable password management solution, and any other tools or resources your business would utilize. Give us a call at (516) 403-9001 to start a conversation about it.

Remote work has seen unprecedented adoption in the past few years. While we’re all for the benefits that this trend brings, it is critical that any business that embraces remote or hybrid work does so securely.

Let’s discuss a few measures that your business can and should implement to achieve this security.

How to Secure Your Remote Operations

Let’s review some of the most key safeguards that anyone working remotely should have in place.

Use a Virtual Private Network

Which sounds like the more secure option to you: your organization’s protected and monitored network infrastructure, or your second-favorite coffee shop’s GENERIC-5G network, with password coffeebeans247 scrawled on a chalkboard for its patrons to use?

If you answered the latter, please give us a call right now, because we need to have a serious talk about cybersecurity. 

Of course a properly maintained network is going to be more secure, but what happens if you need to get some work done while you’re waiting on and/or sipping your macchiato? The smart answer is to use a VPN, which encrypts your connection and shields its contents from spying eyes, while allowing your team members to safely access the materials you’ve saved on your network.

The use of a VPN should be enforced wherever a remote worker happens to be operating from, whether that’s at home, away on a business trip, or if taking a working lunch at a cafe.

Only Use Approved, Secure Devices and Software

On a related note, it is important that wherever your team members might be operating from, they are using the right tools to do so. Unapproved technology being used for business purposes without IT’s knowledge or approval—given the ominous designation of shadow IT—brings a variety of issues with it. Not only do you not have any form of control over the device or the data stored on it, there are compliance issues to be considered. 

The same goes for software. If your team members aren’t using the software that you’ve designated they use, instead seeking out alternatives online and downloading potentially dangerous data packets, you are vulnerable to some serious issues and compliance concerns.

This makes it paramount that you provide your team with access and support for the exact tools you want them to use.

Maintain Your Equipment and Software

It’s also critical that the tools your team members are using are kept in proper working order, as this will not only make them more efficient, but more secure as well.

Your remote workers will need to have devices that are remotely monitored for threats and other issues, helping ensure that they remain secure even while they aren’t in the office under your watchful eye. The same goes for the software that gives these devices some direction—threats are actively being developed to undermine it, so it is important that you are just as diligent in keeping these devices up to date. We can use the same remote monitoring and maintenance software we use to manage your in-office devices to ensure your remote team is properly equipped.

Establish Basic Security Standards

We’ll never stop talking about how important it is for businesses to maintain their cybersecurity protections, and this importance is in no way diminished by remote work practices. More than ever, you need to ensure that your team is maintaining the cybersecurity standards you expect them to. Reinforce that they’re to abide by best practices—keeping an eye out for phishing, using secure passwords with multi-factor authentication, and others—and hold them to that expectation.

We’re Here to Help Businesses Operate Effectively and Securely, Regardless of Where Their Team Members are Working.

Give us a call at (516) 403-9001 to learn more about how we can assist you in making the most of your business’ technology.

It doesn’t take much to get us to start ranting about the dangers of phishing, and it’s a topic that we won’t stop talking about for some time. Unfortunately, phishing comes in enough forms that it isn’t always so simple to spot. For this week’s tip, we just wanted to run through the different formats phishing can take, focusing on how to identify each type.

First, let’s briefly review what phishing is.

Phishing is a Form of Social Engineering, Plain and Simple

To sum up phishing, it’s effectively the attacker trying to hack the user, instead of the network. This approach just makes sense. Let’s say you were trying to illegitimately access a business’ network—does it sound more challenging to develop the technical skills and know-how to break past today’s cyberdefenses, or to fool someone into giving you the keys to the castle?

Exactly.

So, attackers come up with phishing schemes, either targeting people on a wide scale or crafting specific attacks with a certain target in mind, and share them through various means of communication. Let’s go over these methods, and the warning signs you need to look out for.

Email Phishing

By sending an email that is purportedly from a trustworthy source or authority, phishers are able to extract sensitive information from their targets. As such, phishing emails currently feature a few hallmarks:

• Attachments—An unexpected attachment in an email can easily be used as a vehicle for malware and other attacks. These can be either individual documents, or in the form of a ZIP file.
• Spoofed Links and Senders—Many phishing emails will appear to come from certain senders or websites, trying to take advantage of the inherent trust that these senders or websites have in the public. Paying close attention to these links and senders will help you catch these efforts.
• Misspellings and Grammatical Errors—Most professional communications are (or should be) proofread fairly extensively before being sent. Therefore, an email that presents a lot of these issues is somewhat likely to be a phishing scam.

Smishing

Smishing is a form of phishing that is sent via text message, and as such, offers its own warning signs. For instance:

• Messages from Odd Numbers—Messages that come from non-cell numbers can be a sign of a scammer using an email-to-text service.
• Unsolicited Messages—If a message purports to come from an organization and you didn’t prompt any communication with them, take it with a grain of salt and reach out to that organization through another means.
• Personal Details—If there are personal details shared in the message itself, it could very well be a phishing scam, as scammers will try to add pressure on their victims.

Vishing

Vishing is a form of phishing where a scammer will call their intended victim directly, seeking to extract personal details from the call’s recipient. Watch out for these red flags:

• Too-Good Offers—Phishers will often place phone calls promising rewards or perks that are unrealistically appealing.
• Calls from Authorities—If you receive a call from some organization or higher authority, don’t be afraid to question its validity…particularly if they start pressuring you and/or trying to scare you.
• Excessive Personal Details—A lot of your information can be found online, if an attacker so wishes, so if a caller has more information than they should, that’s a red flag.

Social Media Phishing

Phishers will also utilize social media to their advantage, hijacking accounts and again, stealing personal information. To avoid this, keep an eye out for:

• Duplicated Accounts—Some phishers will find someone, make a copy of their profile, and start sending that person’s contacts invitations to connect. This is another time you should separately confirm that someone is who they claim to be.
• Bogus Links—Social media platforms offer phishers with a very convenient means to share out links to fraudulent websites, where personal details can be harvested from unwitting visitors.
• Integrated Phishing—Sometimes, phishers will use the messaging functions of these social media platforms to pose as authorities and extract key account information, like access credentials.

Hopefully, this will help you better spot phishing attacks in the future. For more assistance with your business’ IT and cybersecurity, give us a call at (516) 403-9001.

This past January, the Federal Bureau of Investigation issued an announcement that they had targeted and taken down the servers for a Dark Web organization responsible for the Hive ransomware group. While there is certainly cause for celebration here, one major statistic is enough reason to continue being concerned.

Only About 20% of Hive’s Victims Reported Their Problems to Law Enforcement

That’s over seven months, too. This is nowhere near enough, and even worse is the fact that law enforcement officials are under the impression that this number is high. There are several reasons why this might be the case, however. Some of them include:

• Federal investigators would be just another distraction to internal IT teams and complicate the process of data recovery efforts.
• Businesses might just not think to report it in the highly-stressful circumstances following a ransomware attack.
• Some organizations might believe that involving authorities would only escalate the attacks or get in the way of their own investigations.

However, the FBI’s goal is to identify those responsible for a given attack and to recover the data and/or funds, working discreetly to lend its aid to those impacted.

The FBI is putting forth effort to improve relationships with businesses so that proactive measures can be taken, in the event incidents occur. These resolutions can occur much more quickly if the organization has a good relationship with impacted businesses.

If You Work with Us, You Can Bet on the FBI’s Support

Considering the plethora of resources at the government’s disposal, it would be foolish not to involve the FBI in any ransomware attack. Furthermore, information from your attack could prove useful in finding and eliminating threat actors so that others don’t have to suffer the same fate as you—a worthy cause to say the least.

We’ll still work to prevent attacks whenever possible—after all, that is the best way to respond to attacks of any kind, to prevent them rather than deal with them as they happen—but that’s a different story. To get started, give us a call at (516) 403-9001.

Phishing is a remarkably dangerous tactic used by hackers to take advantage of those who might not be quite as in-the-know about security practices. Phishing attacks can be carried out against both businesses and individuals alike, and due to the many different forms these attacks can take—including email, text message, and even fraudulent websites—they can be quite problematic.

Let’s go over how you can train your team to avoid phishing attacks and how to appropriately respond to them when they are inevitably encountered.

Be Wary of Unsolicited and Suspicious Emails

Have you ever received an unsolicited email asking you to perform specific tasks, like filling out a form or downloading an attachment? Oftentimes hackers will use these methods to get the user to download a file or perform an action under the guise of someone else. If you think anything sounds suspicious within the email, then there probably is something suspicious with the email. Look for typos, misspelled words, poor grammar, and otherwise dead giveaways that the sender is not legitimate, especially in the professional environment.

Don’t Click on Links—Especially When the Sender is Unknown

The old phishing link is one of the oldest tricks in the book. The attacker might include the link to something supposedly innocent or important in the body of an email or a text message, only to hide something far more sinister on the other side. You should be cautious of any suspicious links you receive in an email or text message, as it is very easy to hide malware, phishing forms, or other types of attacks within a malicious link.

Also, be very careful of the links and the characters they use in general. It’s easy to substitute the character in a link with one that might look in place, but is really not, like a zero instead of an O or something similar.

Verify the Sender for Yourself When Possible

The types of phishing attacks you might receive will come from routes where it will be difficult to verify the identity of the person on the other side of the line. This is intentional; hackers don’t want you to be able to thwart their efforts easily. Whenever possible, you should try to get in touch with the sender through alternative means, like walking to their office or contacting them on the phone or social media. This can help you determine if the user is really who they say they are.

The best way to protect your business from phishing attacks is to implement a comprehensive network security plan, including spam blocking and content filtering, as well as training your team on the best practices for how to detect and avoid attacks. To get started with either of these, contact MSPNetworks at (516) 403-9001.

Phishing is a common issue that businesses of all kinds can experience, whether they are a small startup or a large corporation. Hackers are always trying to extol information from your employees, including account credentials, remote access to your systems, and in some cases, funds directly from a bank account. It’s up to you to teach them how to identify and respond to phishing attacks.

Here are some strategies you can teach them for how to address phishing attacks against your infrastructure.

Be Wary of Unsolicited Requests—Especially Suspicious Ones

Chances are you’ve seen the messages you get in your inbox about confirming special offers or doing certain tasks, like clicking on a link or downloading an email attachment. More often than not, these types of unsolicited emails are phishing attempts designed to get you to act in a specific way. If you think a message looks suspicious, then it probably is, and you should flag the message as such so your IT can handle it. You might look for unprofessional language, misspelled words, or other similar telltale signs when you are making your decision.

Be Especially Careful with Phishing Links

Although they are not necessarily anything new, phishing links are still quite dangerous because they take almost no time at all to put together. A phishing link can come in the form of an email, social media message, or even a text message. Hackers will use every trick they can think of to get you to click on the link, and if you’re not careful, you might actually do it. Links can look legitimate even if they are not; for example, a zero could easily be slotted in the place of a capital “o.”

Use Alternative Methods of Identity Confirmation

Let’s say you get a message that you are truly 50-50 on. It could be real, or it could be a scam. If there is even a shadow of a doubt as to the authenticity of the message, you should consider reaching out to the other party through an alternative means, just to confirm that the sender is who they claim to be. For example, if it’s GoDaddy support, contact GoDaddy support through the phone number on their actual website rather than the one in the email message. If it’s an internal message, like one from your supervisor or your IT department, reach out to them with the contact information you have on-hand to verify their identity. In all cases, it’s better to be safe than sorry.

You can help your business stay protected against phishing attacks by working with MSPNetworks. We can equip your organization with the tools to protect itself and the support your team needs to identify such messages. To learn more, call us at (516) 403-9001.

It’s the holiday season, and you know what that means: lots of gift-giving and online shopping. Regardless of what you and your family celebrate this holiday season, you should be prepared to handle the influx of phishing attacks which always surface around this time every year, including both the usual methods and the more sophisticated ones.

Here are three strategies you can use to avoid phishing attacks and effectively navigate the holiday season without putting your financial or personal information at risk.

Check With the Online Retailer About Orders

Sometimes you might receive an email claiming that there is something wrong with an order. Maybe it’s your financial information, or maybe it’s your shipping information. In any case, these kinds of phishing tricks are using the commercialization of the holiday season to convince you to hand over your sensitive information.

If you receive an email or a text about an order that needs to be updated, then we recommend you go directly to the website in question and log in through their official login portal—especially not through any links contained in emails or text messages.

Don’t Click on Links in Emails (or Texts)

The same advice that works for untrusted links also applies during the holiday season, when emails and texts are being received by the dozens to ensure that orders are confirmed, payments are processed, and shipments are arriving. Don’t get so caught up in receiving these notifications in your email and on your smartphone that you forget to keep security in mind, though. It’s easy to send a text that looks like it is from some random retailer asking you to plug in your payment information again or to confirm a shipping address, only the message isn’t from a retailer and it’s instead coming from a hacker or other cybercriminal to either infect your system with malware or steal credentials from you.

Again, when in doubt, check your order information on the retailer’s official website, not from a link received in an email or to your smartphone.

Only Do Business with Trusted Retailers

This tip is more of just a “be careful of where you shop” caution. During the course of the holidays, people are browsing the Internet all over to find the perfect gifts for their loved ones. Sometimes this search might take them to corners of the Internet they didn’t know existed, where niche online shops thrive. While we are all for supporting small businesses, we just want to raise awareness of how you go about choosing who to trust for online purchases.

The basic premise of it is to only plug your card information into secured portals hosted by trusted retailers. Look at the company’s history, location information, support and other contact numbers, and so on to ensure they are an authentic and trustworthy person to purchase gifts through.

Stay safe this holiday season, and MSPNetworks hopes you enjoy the time spent with your friends and family!

There is a scam going around that convinces organizations to pay for their Google Business Profile, and if you paid for this free service, you’ve fallen for the trick. Google is taking legal action against the scammers who have dragged their name through the mud, using Google’s notoriety to defraud businesses who just want to look competitive.

Let’s look at the announcement to determine what your business should keep in mind regarding these scammers.

Google Wants Consequences for the Scammers Who Charge Businesses for Business Profiles

The first thing you need to understand is that a Google Business Profile is free for business owners to claim and use to share information about their business with the public. This means that anyone who calls you to tell you to pay up for the profile is straight-up lying to you and attempting to scam you.

The problem has escalated to the point where Google needs to take action against these scams. The idea is that taking public legal action against the scammers will keep would-be scammers from acting while also increasing public awareness of these issues. Google’s blog post claims they were able to stop 12 million scammers from creating fake Business Profiles, and that there were 8 million attempts to fraudulently claim Business Profiles.

Again, Google charges nothing for Business Profiles. Such accounts are mutually beneficial; they give you a platform to show off information about your business, and Google can make their search engine better as a result. If you ever receive a phone call from someone claiming to be Google to sell you a profile, then you can rest assured it is most definitely a scam.

How You Can Identify Phishing Scams

Phishing scams can be tricky to identify, but with a little knowledge and training, you and your staff can be well-prepared to deal with any scams that might come your way.

• Look for urgency: Most scams will operate with a sense of urgency to get you to act before you have had a chance to think things through. Don’t fall for it; nothing is so important that it can’t wait 10 minutes while you verify the request.
• The devil is in the details: If you receive a call from someone who claims to be from Google, for example, you can always check the Google Business Profile page to view details on account creation. In this case, the page confirms that it is free, so you know you’re the target of a scam.
• Don’t take any risks: If you have reason to believe that a call or a message is a scam, don’t give yourself any room to make a mistake; just hang up or ignore the message until you can confirm that the message is legitimate or fake. If it’s not, then the person on the other end will surely have to respect your caution.

Let’s Make Your Business Security a Top Priority

If you are ready to take scams and cybersecurity seriously, MSPNetworks can support you throughout the process. To learn more, contact us today at (516) 403-9001.

While security researchers do their best to find security vulnerabilities in software and systems before they are actively exploited by attackers, they can’t be successful all the time. There are too many threats and too many variables to consider, and zero-day exploits are often discovered well after they are actively being exploited by threats. How can you keep zero-day exploits from impacting your business?

What Exactly Is a Zero-Day Exploit?

To put it simply, zero-day exploits are flaws in systems that are discovered only after they have been targeted by a threat. The severity of the attacks can vary wildly, ranging from discrete and covert hacks that go undetected for some time, to in-your-face hacks that don’t care about being discovered by the user. In the case of the former, zero-day exploits can go undocumented for so long that it becomes an even greater threat and logistical nightmare for security researchers and developers.

Why Are They So Dangerous?

The main reason why zero-day exploits are so devastating is that they are undocumented and therefore hard to predict or take action to prevent. This unknown factor means that people often don’t know they exist until the flaw is being leveraged by hackers, making it even more crucial that developers act with haste to patch the flaw.

The problem here is that issuing patches to these types of issues takes time—time which is of the essence. As long as the threat is actively being exploited, users remain at risk until the patch has been issued, and after the lid has been blown off the vulnerability, you can bet that hackers will do all they can to take advantage of the exploit before it is fixed.

What Can You Do About Them?

Zero-day flaws are inherently dangerous because security researchers and professionals have precious little time to address them. That said, you do have some options available to you to protect your infrastructure as best you can, at least until the patch has been issued.

First, you want to consider a comprehensive security solution designed specifically for enterprise-grade security. MSPNetworks can help you implement such a system to mitigate most security threats. At the same time, you’ll want to ensure your team has the training they need to identify potential threats and the reporting structure for how they can let IT know if something is amiss. We also recommend that you actively monitor your systems to detect abnormalities before they cause irreparable damage. All in all, you want a proactive strategy rather than a reactive strategy for your IT.

MSPNetworks can help you put this plan into practice. To learn more about what we can do for your organization, call us today at (516) 403-9001.

iPhone users should be aware that, should you encounter a pop-up that reads “Your Apple iPhone is severely damaged”, you don’t need to be concerned—beyond the concern you’d have for any other threat, that is. This pop-up is just a recent iteration of a common phishing scam that aims to fool people into downloading apps that enable hackers to access personal information.

When you think about it, this is kind of a brilliant strategy for a hacker to use. People tend to panic when they see a message like that…and that panic creates an opportunity for the hacker to embrace. What’s your response when your phone has an issue? Almost certainly negative, and more than likely, somewhat thoughtless, and this is what an attacker is counting on as they do it.

Fortunately, avoiding this threat is as simple as closing the pop-up immediately, avoiding the provided link. This link would only initiate the download of malicious software and applications, or bring the user to a form meant to harvest personal information.

This scam has quite the reach, for one specific reason: iPhones are very popular.

iOS, the operating system that powers Apple’s mobile devices, is widely known as being the most secure of the major mobile operating systems out there. This is largely due to the marketing efforts of Apple, and has become less and less true with more people actively targeting iOS with their code. Overall, however, iPhones have retained their reputation for top-notch security.

This scam leans into this reputation, as it effectively phishes the device’s user, generating fear and urgency that can be leveraged to manipulate the user into acting rashly. As a result, the attacker’s motivations can be accomplished.

Fortunately, simply closing Safari without interacting with the ad prevents this threat from doing any damage. After all, you are also avoiding the risk of accidentally downloading unwanted and malicious applications that could bring operational problems with them.

So, if you use an iPhone as millions of people do, make sure you keep an eye out for these kinds of scams. Mobile devices are hugely popular, so attacks against them are bound to only become more common.

Here at MSPNetworks, we’re committed to helping you and your business become more secure through both education and proactive services. Find out more by calling us at (516) 403-9001.

Simple passwords are just not an effective security practice, so if you’re still using credentials like Password, 123456, Guest, or Qwerty, listen up. You need better password hygiene practices before you suffer from a data breach. Here are some ways you can make a better password to protect your business from threats.

For passwords, it also helps to know what is ineffective in addition to what is effective.

What Does a Bad Password Look Like?

A bad password is, to an extent, always going to be a bad password because passwords are not generally good for account security. While they are certainly better than nothing, they are far from the best way to protect an account, despite being the most popular and most common methods of doing so.

It’s remarkably easy to create a bad password, as well as have bad password practices. Whether it’s a case of the password not being complex enough or too easy to guess, or if it’s used for more than one account, they repeatedly hold businesses and individuals back from achieving the level of cybersecurity they need and deserve.

To help you better leverage good passwords, we’ve put together a list of things you’ll want to do to make them better and stronger.

What Does a Good Password Look Like?

Here are some best practices for password use and creation.

Don’t Repeat Your Passwords
If you use your password for multiple accounts, then all it takes is one of them falling victim to a data breach or phishing attack for all of them to be exposed in the same way. You should be using different, complex passwords for each of your accounts with no repeating passwords.

Always Make Them Complex
Complex passwords are easy to remember, but difficult to guess, which is easier in theory than it is in practice. You can make it much easier through the use of a passphrase rather than a password. Your passphrase should be a random string of words that utilize upper and lower-case letters, numbers, and symbols.

Don’t Use Personal Details
Personal details have no place in passwords for two main reasons: it makes them easier to guess for hackers, if the information is something that they can find publicly on the Internet or on social media, and it places more danger on you in the event that the password is compromised.

Use a Password Manager
To remember all of your complex passwords is impossible, so we recommend using a password manager to help secure them all. A password manager uses one master password to call upon a secure vault of passwords when they are needed. It’s the best way to use passwords without putting yourself at risk.

How are Your Password and Cybersecurity Practices?

If you could use a hand crafting better passwords or protecting your infrastructure, MSPNetworks has got you covered. To learn more, call us at (516) 403-9001.

When security breaches and data breaches are mentioned in the same breath so often, it’s easy to look at them as one and the same. However, we want to take a moment to explain the differentiating factors between the two, as it could be all the most important for protecting your business in the future.

Defining the Security Breach

A security breach can be explained as unauthorized access to company-owned accounts. This happens when people, or other machines, gain access to an account without the appropriate authorization. This could include the device, the network, a website, a server, or any other part of your IT infrastructure.

Defining the Data Breach

Compare this to the data breach, which is a specific type of security breach that involves unauthorized access to data, like computer files or documents. This also includes the alteration and destruction of data.

Why Does This Difference Matter?

Data breaches are indeed a security breach, albeit a very specific one. However, it’s important to know the differences between the two because of the semantics involved with regulations and other data protection laws out there. There are specific definitions for what constitutes a data breach. To put this into perspective, consider this scenario; when encrypted data is accessed and stolen, would it be considered a security breach or a data breach?

And now you see where the definitions come into play. We always try to encourage our readers to avoid security breaches at all costs, which is why we recommend software like firewalls and antiviruses that can proactively prevent these types of issues. Furthermore, we also recommend that you implement patch management and routine maintenance into your technology strategy to keep these systems ready to protect your business. Combine all of this with security training and complex passwords or multi-factor authentication, and you have an adequate security system in place that can keep most threats at bay.

MSPNetworks knows and understands your plight, and we would be happy to discuss with you what you can do to better protect your business. To learn more, call us today at (516) 403-9001.

Small businesses have a lot to worry about in terms of technology, but one of the things that often gets overlooked is network security. Some small businesses feel that they are too small to be considered a viable target for hackers, but they are wrong; all businesses have data valuable for hackers in some form.

Imagine for a moment just how much sensitive data your business stores on its network. You have payroll records, including bank account numbers and routing numbers, personally identifiable information, contact information, and all of the details about your relations with your clients, as well. It doesn’t really matter what industry your business is in. All businesses should take security seriously. Here are some reasons why your organization should prioritize security.

Security is Proactive, Not Reactive

Imagine that your workday is disrupted by a security discrepancy that puts your entire infrastructure at risk, all because someone clicked on the wrong link in an email and downloaded an infected attachment. You now have to contend with the countless issues related to that threat. You can dodge these issues by protecting your business ahead of time so that they don’t affect you in the slightest. Imagine that same scenario, but with an adequate spam or phishing blocker. All of a sudden, that security solution paid for itself simply by preventing the downtime that clicking on such a link would cause.

Security Protects Your Business’ Future

If you were in the market for a new good or service, would you want to work with a company that doesn’t take your security and privacy seriously? This is one big reason why you need to protect your infrastructure; it protects the longevity of your organization. Businesses that let security fall to the wayside often lose clients because they don’t want to work with a business that is unreliable. When a business cannot obtain new clients due to word of mouth and online reviews soiling their reputation, that business is doomed to fail.

Security Keeps Your Bottom Line in Check

Businesses that fall victim to security threats or data breaches might become subject to fines as a result of exposing the wrong data to hackers. These fines, put in place by regulatory bodies, are preventative measures to encourage businesses to do the right thing and protect their infrastructures in a way that is consumer-friendly. These fines can be quite expensive, too, depending on the industry and the infraction. Cover all your bases now so you don’t have to pay up later down the road.

MSPNetworks can help your business implement security solutions that work for you. We can help you implement the strategies and tools you can use to keep your business safe both now and well into the future. To learn more, call us today at (516) 403-9001.

We often talk about scams and cyberthreats, and lately our advice for dealing with a potential phishing threat is to simply avoid it altogether.

That is, when you get any kind of email or text message with a link you weren’t expecting, whether it’s from someone you know or from your bank, just don’t click it. Instead, log into the account in question the way you normally would, and verify the information there, or confirm with the sender through some other means to make sure what they are sending is valid. While this is still a good practice, sometimes you need to click on a link. Here are a few tools you can use to check if a link is safe, before you click.

Why Would a Link Be Dangerous?

First of all, why wouldn’t you want to trust a link that someone you trust sends you?

There are a lot of reasons. Even if it looks like a video message from your dear sweet Nana, or a virtual Christmas card from your youngest niece, there is a chance that the sender has been compromised and is trying to spoof their contacts. 

You want to know when it’s probably not a scam or a threat? When your dear sweet Nana or your niece calls you up on the phone and asks you to look at it.

That simple two-step confirmation makes all the difference in the world. Otherwise, you should consider the risks that maybe, just maybe, the sender was compromised and that the link you are being sent is malicious.

The same goes for the business end of things. 

Your coworker, business partner, vendor, or client might have no reason to do anything malevolent to you. If they fall for a trick themselves, though, a part of that trick might include spreading to all of their contacts.

A malicious link could contain malware that infects your computer, tries to steal your data or access your online accounts, and also spreads itself as quickly as possible to anyone in your contacts list. Not only will you be the victim, but your friends, family, and colleagues will be YOUR victim, and so-forth.

How to Safely Identify and Copy a Link

Before we get into the tools, let’s quickly run through what we mean by a link.

Basically, any text or graphic that is clickable and takes you to another page in your browser is a link. Sometimes, that link will be written out, with the https:// and the full URL. 

For example, if it is a link to PayPal, it might look something like this: https://www.paypal.com/us/smarthelp/PAYPAL_HELP_GUIDE/getting-started-with-paypal-icf29 

Links could also just be text that is clickable. So instead of writing out the URL, the link might be something like this: Get Started with PayPal

Now here’s the thing. If you’ve been paying attention, we’ve already proven to you just how easy it is to trick a user into thinking they are going to one website, and taking them somewhere totally different. Both of the links above don’t actually go to PayPal. We assure you that they are safe, but they are taking you to goofy fake mustache glasses on Amazon.

Sometimes, links are graphics, like buttons, icons, pictures, or virtually anything else. If you can click or tap it and have it take you somewhere, it’s a link, and any links can be spoofed very easily.

If you want to tell where a link is going to take you, you need to copy the actual link:

 On a Desktop or Laptop:
-Hover the mouse over the link.
-Right-click on the link.
-Select “Copy Link” or “Copy Link Address” or “Copy Hyperlink”

Now you have the link copied, and you can paste it into one of the following tools with CTRL+V (or right-click and select Paste)

On a Tablet or Smartphone:
-Be careful not to accidentally just tap the link to open it!
-Hold your finger over the link for a few seconds to pop up the context menu.
-Select “Copy Link” or “Copy link address” or “Copy Hyperlink”

Now that you have the link copied, you can paste it into one of the following tools by holding your finger down over the URL field within the tool and selecting Paste.

Safely Check a Link Before You Click it with These Tools

You can use the following tools to check the safety and legitimacy of a link. Keep in mind, this won’t protect you from one hundred percent of all scams, as these tools can only check for known threats. It’s also a good idea to use multiple tools to cross reference, in case some of the tools just haven’t been made aware of the link you received.

Use Norton Safe Web to Check a Link
Norton Safe Web is a free online tool that lets you paste a link to check to see if it’s safe.

It will give you a quick rating on the link. If the link is untested in Norton, it’s a good idea to try a few of the other tools. If Norton states the link is dangerous, it’s a pretty safe bet you should avoid it.

https://safeweb.norton.com/

Check the Link With PhishTank
The cleverly named PhishTank site will tell you if a link you received has been reported as a phishing scam. Phishing links tend to look pretty similar to legitimate web pages. For instance, a phishing link for PayPal might look almost exactly like the regular login page for PayPal. The problem is that it won’t log you into PayPal, but it will send your PayPal credentials to someone else.

https://www.phishtank.com/

Google’s Transparency Report Might Tell You If a Link is Unsafe
Google’s search engine works by crawling the Internet and indexing everything it finds. Sometimes, it might run across dangerous content such as malware or phishing risks. Google’s Transparency Report tool will tell you if a link you’ve been sent is found in their massive database of unsafe content.

https://transparencyreport.google.com/safe-browsing/search

Scan the Link with VirusTotal
Finally, there’s VirusTotal. This tool takes a little longer to give you an answer, but it can be a little more thorough than the others. This is a good last-ditch effort if you aren’t happy with the results from the other tools. 

https://www.virustotal.com/gui/home/url

It’s important to keep in mind that a phishing scam or malware attack could still sneak through these tools, especially if the URL was just generated and you are among the first people to get it. These tools are designed to spot known phishing attacks and malware that has already been reported. With that in mind, it’s still a good idea to err on the side of caution.

If you feel like you’ve received a suspicious email, text message, or other correspondence, and you would like us to take a look for you, don’t hesitate to reach out to us at (516) 403-9001.

For millions of people, the rubber ducky is a benign reminder of childhood. Depending on when you were a child, the rendition of Sesame Street’s Ernie singing “Rubber Duckie, you’re the one,” is ingrained in your mind every time you hear the term. Unfortunately, the Rubber Ducky we are going to tell you about today has only fond recollection for people who are looking to breach networks they aren’t authorized to access or deliver malware payloads that are designed to cause havoc. 

What is the Rubber Ducky?

The Rubber Ducky is a device that looks like a regular flash drive that you would use to transfer files from one PC to another. We’ve all used them, and with most of us moving to cloud-based platforms, they don’t seem to be as popular as they once were. Well, despite that notion, the USB flash drive industry is growing at a pretty impressive 7% year-over-year, and is currently a $7+ billion industry. That means there are a lot of USB flash drives being created every year and that means that there are millions of them just floating around. 

The Rubber Ducky is more than your average USB flash drive, however. It looks like one, but when it is plugged into a computer, it is read as a simple accessory like a keyboard. This means that any defensive measure that is set up to thwart potentially dangerous data transmission is already worked around when the device gets plugged in, making it much easier for the device to work for the hacker’s end goals, whatever they are. Any keystroke taken while the device is open, is trusted, making the sky the proverbial limit when it comes to device access. 

What Kind of Threat Is the Modern Rubber Ducky?

Any USB dongle needs to be carefully considered before inserting it into your computer, but the Rubber Ducky is designed to overcome the limitations of previous versions of the hardware. The new version makes a major upgrade in that it runs on the “DuckyScript” programming language that the device will use to create demands on any target machine. Other iterations of the Rubber Ducky were limited to writing what are known as “keystroke sequences”, the new DuckyScript is a feature-rich language, which lets users write functions, store variables, and use logic to make it possible to carry out complex computations. 

Now the Rubber Ducky can determine which operating system is running a machine and deploy code that allows for hackers to get into the appropriate software. It can also mask automated executions by adding a delay between keystrokes to make the computing system think that it is human. Most intrusively, it can steal data from any target by encoding it in binary, giving users the ability to extract critical information (such as saved authentication) with ease.

What You Can Do

The best practice here is to not allow strange USB dongles to be placed in your device’s USB drives. Unless you know exactly where the device has come from and what is on it, avoiding interactions with it is the best way to keep away anything unsavory that happens to be on the device to interact with your computer’s OS, and by extension, your network.

Being wary of hardware is just one part of keeping your business and personal information secure. MSPNetworks can help build a cybersecurity strategy that takes into account all types of malware deployment methodology, keeping you from any problematic experiences with your IT. Give us a call today at (516) 403-9001 to learn more. 

This past year saw a dangerous 86% increase in the most dangerous types of malware out there, so we want to ask you an important question: are you ready to protect your business from the different types of threats you might encounter? We know a technology solution that might help this mission along, and we want to share it with you today: artificial intelligence.

Let’s discuss some ways that AI can assist your organization’s cybersecurity efforts.

Malware is Growing More Dangerous

The biggest notable trend in cybersecurity is the increase in dangerous types of malware, as it has increased by a whopping 86% over the past year alone. These threats are not easy for the average user to spot, either, thanks to phishing, malicious websites, downloads, and other types of attack mediums. They can be difficult to identify and respond to, and businesses that don’t have a plan of action will be in a difficult position.

AI Helps Solve This Problem

AI-powered security tools give businesses the upper hand in identifying threats and protecting their assets.

If you can leverage artificial intelligence and machine learning to your advantage, you’ll be more likely to uncover and stop attacks like ransomware before they occur.

Now, ransomware is pretty scary stuff, we won’t lie to you, and since it is spread primarily through phishing attacks, you need a solution in place that can help to stop these attacks before they have a chance to succeed. These attacks specifically target your users, and they can fool even the most seasoned employee into making a decision that they will come to regret. Naturally, this leads to cybercriminals making phishing attacks difficult to identify and making them as convincing as possible.

You can train employees to identify these attacks, but there will always be a chance that someone slips up. Artificial intelligence can pick up where they fall short, though.

How Does AI Help Your Business?

AI can use predictive tools and analysis to identify threats your organization might face. This has led to many companies adopting it as a security measure, and it can help in several ways. Here are some reasons why businesses might implement AI:

• Spam and phishing protection
• Analyzing DNS data to detect threats
• Identifying problematic data
• Tracking advanced malware

AI has become more accessible than it has ever been, so we think it is worth exploring the concept further.

Let Us Help You Protect Your Business

MSPNetworks can help your business manage its technology and cybersecurity. To learn more, reach out to us at (516) 403-9001.

How often do you get emails from individuals claiming to be working with a business who wants to do business with yours or sell you a product, completely unsolicited and even perhaps a bit suspicious? These types of messages can often land small businesses in hot water, as it only takes one phishing email landing in the wrong inbox at the wrong time to put your business in jeopardy.

The biggest problem with phishing emails is one that you might not expect. It’s certainly problematic enough that phishing scams are increasingly more common, and it’s definitely a challenge to ensure that your infrastructure stays secure under such circumstances. However, you’ll find that the major challenge that cybersecurity professionals face in regard to phishing scams is that hackers are just too crafty with how they continuously adjust their tactics.

Phishing attacks can come in several different manners and tactics, each of them focusing on the fact that the weakest points of your security infrastructure have to do with the human elements of your cybersecurity strategy. They might come in the form of an unsolicited email, or they could come from a phone call asking for sensitive information. No matter what, though, they are going to find ways to circumvent your security protections somehow simply because hackers realize that their best chance of getting through to your organization is through your employees.

And this is not even taking into account the scam emails that are so convincing that even the spam filters cannot capture these potentially dangerous messages. If a hacker takes the time to research your organization and make their message seem like an authentic message, there is a chance that it can bypass your spam filters entirely and become a very real threat to your business. These types of messages can be difficult to identify, especially if your users have not had any formal training about phishing messages.

Simply put, you absolutely cannot rely on your spam filter to keep you safe from the countless threats out there. Messages that don’t automatically get caught by the software’s filters could very well still be phishing emails that have been tailor-made to strike your organization with a social engineering attack.

We always recommend that businesses implement not only enterprise-grade spam filtering to keep the majority of threats out of your employees’ inboxes, but also to train your employees to identify potential threats. This is a type of preventative approach that all businesses should implement, and it’s one that is often overlooked. It’s easy to think that technology can solve all of your problems, and while it’s pretty likely to make improvements to your security infrastructure, it’s only as effective as the people who work for you.

It might be impossible to guarantee that your employees never see a phishing message, but you can optimize the chances that they will act appropriately if you provide them with the correct training and IT resources. MSPNetworks can help fulfill both for your business. We can equip your business with enterprise-grade solutions to keep threats off your network while also providing the training needed to inform your team’s security practices.

To learn more, reach out to us at (516) 403-9001.

At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.

Keep Your Antivirus and Security Tools Updated

What’s better than eliminating a threat from your network? Stopping it from getting that far entirely. With antivirus, firewalls, and other security measures in place, you can keep your business secure from the majority of threats before they even become a problem in the first place.

Use a VPN

In case you or someone else on your team has to travel, or if you have a team that works remotely, a VPN is incredibly valuable. Public Wi-fi is notorious for being quite dangerous, and a virtual private network can offer a safe haven for you to access the Internet without fear of being observed by any onlookers.

Utilize Multi-Factor Authentication

You can take your security practices to the next level through the use of multi-factor authentication. A password can only do so much in today’s threat landscape, so you should back it up with biometrics, generated PINs, and other secondary measures that can make things much more difficult for any would-be hacker.

Use a Password Manager

We know you’ve heard it a thousand times; “always use a different password for each and every one of your accounts to maximize security.” While this should be practiced, it can be difficult to observe if you don’t have a password manager keeping tabs on each of your credentials. Plus, let’s face it, you don’t want to rely on your browser’s password management options if you can help it. 

Avoid Phishing Scams

While it would certainly be amazing to win the lottery, a free vacation, or catch some juicy gossip in your email inbox, the fact of the matter is that phishing emails know that these kinds of temptations make you want to click on links in emails, regardless of how likely you think they might be. Other tactics used include fearmongering and threats, which aren’t nearly as fun to receive, but are equally as effective, if not more so under the right circumstances. Either way, you should use extreme scrutiny when navigating messages from unknown or unsolicited sources—especially if they contain links or attachments.

Let Us Help Your Business Keep Itself Safe

While you can certainly do all of the above on your own, why not work with a managed service provider like MSPNetworks? We can take the stress out of managing your network security. To get started, call us at (516) 403-9001.

We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.

Spoiler alert: it’s really, really important.

Data Shows that Enterprises Suffer from Considerable Vulnerabilities

Compiled by Sevco Security, the State of the Cybersecurity Attack Surface report took data from over 500,000 IT assets. This data, compiled from enterprise-level businesses, revealed that a substantial number of the assets these businesses rely on are missing critical endpoint protections or aren’t being actively patched.

According to Sevco Security’s research, the businesses they surveyed were lacking endpoint protections at a rate of 12%, while 5% of them were lacking enterprise patch management. Compounding these issues, 19% of Windows servers were missing endpoint protections.

Furthermore, “stale” IT—assets that are present in the security control console and register as installed on a device, but haven’t checked back in for a few weeks—is a small but serious issue for these enterprise organizations. 3% of the IT assets have stale endpoint protections, while 1% have stale patch management. However, since they are supposedly accounted for, these risks are harder to spot and more likely to create issues.

Of course, these findings were all based on research into enterprise-level companies, with enterprise-level capabilities. Now, just consider what that suggests about the small or medium-sized businesses and their comparative capabilities.

Trust Us to Help Prevent These Vulnerabilities from Presenting Themselves in Your Business

Part of our proactive remote monitoring and maintenance services is to catch these kinds of issues before they result in larger problems for your business. To learn more about how we accomplish this, give us a call at (516) 403-9001 today.