MSPNetworks Blog

What would you say if we told you that someone could buy access to your organization’s network for a measly $1,000? Well, this is the unfortunate reality that we live in, where hackers have commoditized the hard work you have invested in your organization. A study from KELA shows that the average cost to buy access to a compromised network infrastructure is insignificant at best, which is why it’s more important than ever to protect your business as best you can.

This report, published by KELA, followed Initial Access Brokers, an umbrella term used to describe threat actors that sell access to compromised network infrastructures. As you can imagine, these threats play a major role in online cybersecurity, as they are what facilitates many of the most dangerous threats out there that require access to a network, such as ransomware and other remote access threats. This report looked at one full year of listings by Initial Access Brokers to determine just what this type of network access is worth to other threats out there.

The results might shock you when you see how little value might be placed on access to your network. Out of 1,000 listings, KELA found that the average price of network access credentials was roughly $5,400, while the median price was about $1,000. There are other trends here aside from the average prices of credentials, including information on affected industries and countries. Among the top countries affected were the United States, France, the United Kingdom, Australia, and Canada, and the top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just imagine—a disgruntled former employee or a competitor could potentially cause a lot of expensive harm by simply throwing away a small chunk of cash.

With such a low dollar amount placed on the value of your organization’s credentials, including VPN access, you need to start taking your security seriously before someone decides to purchase access to your network. There are a plethora of things you can do today to improve your organization’s security, including the following:

• Implement comprehensive security measures: We recommend unified threat management, or UTM for short, to deal with the majority of threats your business could run into. This all-in-one solution includes a firewall, antivirus, content filter, and spam blocker to minimize opportunities for your staff to encounter potential threats.
• Monitor your network traffic: If you are tracking who logs into your network and from where, you will have a greater chance of identifying sketchy traffic patterns and address them accordingly.
• Implement multi-factor authentication: Password security is important, but it’s not enough. Multi-factor authentication can ensure that anyone logging into your network is actually who they say they are.
• Take regular backups of your infrastructure: While you certainly don’t want it to come to this, you will want to make sure that you are prepared for the nuclear option on the off-chance that you are unable to regain access to your network.

Don’t get caught unaware by security threats. MSPNetworks can help you implement all of the appropriate measures to ensure that your network is as best protected as it can possibly be. Take proactive action now to prevent them from becoming major problems in the future. To learn more about network security, reach out to us at (516) 403-9001.

We don’t like it any more than you do, but if we have learned anything at all over the past several years, it’s that security absolutely needs to be a priority for all small businesses. In the face of high-profile ransomware attacks that can snuff companies out of existence, what are you doing to keep your own business secure? To put things in perspective, we’ve put together a list of some of the more common threats that all companies should be able to address.

Common Security Threats for Businesses

The following list of threats should give you an idea for how to start securing your business. You can never prepare too much for a potential security breach, so take the time now to get ready for what will inevitably come down the line.

Viruses

Some viruses are little more than an irritation, whereas others are incredibly disruptive to operations. They are basically bits of code that can harm your computer or data. Viruses are known for being able to spread from system to system to corrupt data, destroy files, and other harmful behavior. You can get viruses through downloading files, installing free software or applications, clicking on infected advertisements, clicking on the wrong links, or opening email attachments. Fortunately, modern antivirus software has gotten really good at protecting computers, provided that your software is up-to-date. For businesses, it’s best to have a centralized antivirus on your network that controls and manages all of the antivirus clients on your workstations. 

Malware

Malware is malicious software that performs a specific task. A virus can also be considered a type of malware, albeit more simplistic in nature. Malware comes in various forms according to its purpose, such as spyware for spying on infected machines and adware for displaying ads in extremely intrusive or inconvenient ways. The major takeaway here is that you don’t want to deal with malware in any capacity. It’s often installed on devices under the radar, and unless you are actively looking for it, it’s entirely possible that it can run in the background and cause all kinds of trouble without being detected. You can get malware through the same processes as viruses, and the same antivirus solutions can help you to resolve malware as well.

Phishing Attacks

Phishing attacks are mediums to spread other types of threats rather than actually being threats in and of themselves. Hackers might try to send out spam messages with links or infected attachments aiming to get the user to download them or click on them. When they do, the device is infected. Some phishing attacks are so inconspicuous that they can be hard to identify.

There are other types of phishing attacks as well, some of which try to get the user to share sensitive information or send money to the cybercriminal. Cybercriminals can spoof legitimate-sounding email addresses and use psychological hacks to convince the user to act in a certain way. It’s the most common way that hackers see results, so you should be aware of it.

Ransomware

Ransomware is so dangerous and high-profile that it is deserving of its own section. Ransomware locks down files using encryption and forces the user to pay a ransom in order to unlock them, usually in the form of cryptocurrency. Recent ransomware attacks are also threatening to release encrypted data on the Internet if the ransom is not paid, something which basically forces the user to pay up and gets around the possibility of restoring a backup.

Denial of Service (DDoS)

Denial of Service and Distributed Denial of Service attacks occur when a botnet, or a network of infected computers, repeatedly launches traffic at a server or infrastructure to the point where it just cannot handle the load, effectively disrupting operations and forcing it to shut down. Sometimes this happens with websites or services, so it’s no surprise that businesses can suffer from them, as well.

Trojans

Trojans (also called backdoors) install themselves on devices and work in the background to open up more opportunities for hackers later on. These can be used to steal data, infiltrate networks, or install other threats. Basically, if a hacker installs a backdoor on your network, they can access it whenever they want to; you are essentially at their mercy.

Zero-Day Vulnerabilities

Zero-day vulnerabilities are those that were previously unknown to developers but are currently in use by cybercriminals. These zero-day vulnerabilities are problems because when the developer discovers them and issues a patch, cybercriminals can identify the vulnerability based on the patch, and then exploit users who haven’t installed the patch yet. There is not much to be done besides keeping your software up-to-date, monitoring your networks for issues, and trusting the developers to issue patches as they discover security problems.

User Error

User error is a critical issue for many businesses. Your business is made up of people who perform tasks and work toward objectives. If one of these employees makes a mistake, it could leave your business exposed to threats. Thankfully, a combination of best practices and security solutions should be enough to minimize user error, and with some security training under their belt, your employees should have a good idea of how to handle it.

Get Started with Security Solutions

MSPNetworks can equip your business with the tools you need to be successful when protecting your organization. To learn more, reach out to us at (516) 403-9001.

There are always going to be those who want to use your hard-earned data and assets to turn a profit. One of the emergent methods for hackers to do so is through twisting the “as a service” business model into network security’s worst nightmare. This type of security issue is so serious that Microsoft has declared that Phishing-as-a-Service is a major problem.

Phishing-as-a-Service is not a new concept, and neither is the idea of adopting the “as a service” business model in the context of hacking. The difference between those items and now is that ransomware exists, and it’s one of the more dangerous threats out there to be sure. The biggest challenge that many organizations face, and what makes Phishing-as-a-Service so dangerous, is that it enables even amateur hackers to make money off of someone else’s hard work.

The service entails organizations and groups such as BulletProofLink, a Malaysian phishing service, who sell their clients products like website templates, email delivery, hosting, and credential theft. These services are provided in the form of fully unidentifiable links. The service provider hosts these resources on their servers and works to harvest credentials on behalf of their clients. While the credentials can be stolen—and yes, this is bad—they can also be sold on the Dark Web to others. These other attackers can then use them to launch even more dangerous attacks in the future.

Basically, the one who buys the credentials is not necessarily receiving credentials that are guaranteed to work. They are simply paying for the opportunity to get working credentials.

The aforementioned Phishing-as-a-Service provider, BulletProofLink, provides access to templates for login pages such as Microsoft OneDrive, Google Docs, Dropbox, LinkedIn, Adobe, and more. A different service also uses what is called “double-theft” where the provider steals credentials for one customer and sells them to another. As you can imagine, this affects the ransomware workflow, as attackers can use these credentials to infiltrate networks and encrypt systems, forcing those on the receiving end to pay up.

While the devil is certainly in the details for these threats, we hope that you at least walk away from this article realizing how dangerous and innovative hackers can be. If you underestimate the damage they can do to your business, it might be the last mistake you make.

MSPNetworks can help your business overcome the many challenges that come with cybersecurity. To learn more, reach out to us at (516) 403-9001.

Data breaches have become all too common for small businesses over the past several years and when it seems like there is a solution to one problem, something even worse pops up. Part of a comprehensive risk management strategy is identifying problems and doing what you can to keep them from affecting your business. Let’s take a look at the major cybersecurity threats small businesses are facing in 2021 and what you can do to keep them from hurting your business.

Phishing

For the small business, phishing makes up a large percentage of problematic cybersecurity situations. Phishing is more of a scam than a hack, but regardless of how you view it, it is the most dangerous problem businesses have to face when considering cybercrime. A phishing attack can come on any communications medium (including social media) and it only has to work one time for it to become problematic for your business. 

It works like this: A member of your staff, working at their regular breakneck pace, accidentally clicks on an attachment in an email that they think of as something to do with their jobs. Turns out, the email was spoofed and the attachment just deployed malware on your network. This can be trojans, viruses, or something as terrible as ransomware. 

Phishing is not only the most prevalent form of cyberscam, it is also extremely hard to combat. The hackers that use it are getting more sophisticated, and if your business isn’t evolving your strategies to keep up, you have a pretty good chance of being a victim. You need to have a comprehensive training system in place to tell your team about the dangers of phishing and how to spot possible phishing attempts. 

Poor Password Hygiene

Like passing that guy at the gym that always smells like B.O., it’s a sour situation when poor password hygiene is the reason for a data breach or a malware infection. Like phishing strategies, today’s hackers have very sophisticated strategies to guess people’s passwords. Not only that, social engineering can expose poorly made or duplicated passwords pretty easily. 

Passwords are used by almost every organization online and it is important that your employees select passwords that aren’t obvious and aren’t duplicates from other accounts. It is also important that your organization understands how to keep their data safe through the use of password best practices, such as not having employees constantly change their passwords, as they have a tendency to make them simple to remember or they don’t change them much from previous passwords.

Holes in Software

Like most other products, software titles have a support staff attached to them. These teams include development professionals whose job is to keep it secure. These patches are rolled out pretty regularly. If you don’t patch your software, you could have major holes that can be exploited. These vulnerabilities are regularly taken advantage of and are effectively open doors for hackers to get into your network.

The best way to keep these vulnerabilities from appearing is to regularly patch your software with the updates as they come out. Doing so will close the proverbial doors to your network and data and keep your digital resources safe. 

If your business would like to talk to one of our IT experts about getting the cybersecurity protection you need, or if you would learn more about which strategies work the best to keep your business’ network and infrastructure free from threats, give MSPNetworks a call today at (516) 403-9001.

We believe that at the end of the day, employees want to do the right thing and accomplish their daily tasks without incident. However, technology can often break these plans with unexpected issues that prevent them from doing so. If you don’t take the time to provide the proper IT support when it is needed, you force your employees to either be unproductive or find unconventional (and often unsecure) solutions.

Employees Using Unsecured Devices

Generally speaking, your employees will use their work technology to fulfill their obligations, including their desktops or perhaps a work-issued laptop or mobile device. Unfortunately, depending on how well these devices are maintained, they may be slower than the technology employees use when they are out of the office. This may lead them to using technology that is not governed by your security solutions, such as their personal devices, simply because they work better than their work-issued devices.

Therefore, it is crucial that you manage and maintain your organization’s devices in a way that makes sure they are working optimally. You should follow this up with a comprehensive Bring Your Own Device policy that outlines how employees are allowed to utilize their mobile devices for work purposes. Doing so will save you a lot of grief in the long term.

Unauthorized Software Downloads

There are times when your staff will require specific tools in order to perform a function of their job. If they do not have the appropriate tools to accomplish the task, they may choose to download applications from the Internet that allow them to do so. These applications are often dangerous to utilize, as they are outside the scope of your company’s software infrastructure, and who can really tell if the application used is secure or not?

This is especially problematic for software that requires a software license. Imagine for a moment that one of your employees is going about their daily tasks without any disruptions, only to be brutally severed from the tools needed to perform these duties by an expired software license. In their desperation to keep working and meet required deadlines, they might download some free software or perhaps one with a counterfeit software license. While this solves the short-term problem of getting work done, it could come at a steep cost should your organization become subject to network audits or otherwise.

In the end, being proactive about technology support is the only way you can prevent these issues from breaking your business and budget. While your employees might feel like they are being proactive in finding a solution, you shouldn’t have to rely on them finding the solution for themselves; instead, provide them with a protocol to follow so that you know they will seek the help of experts when it is needed.

MSPNetworks can be those experts. We want to help your employees do their jobs in the most effective way possible, be it through implementing new and innovative solutions or assisting them with their daily duties through comprehensive IT support. Let your team focus on what they know best: their own jobs, not keeping their computers and other technology in proper working order.

To learn more about how we can help your employees stay productive throughout the workday, reach out to us at (516) 403-9001.

To say someone is adept at a task is to say that they are a professional, or someone with a considerable amount of knowledge that contributes to their ability to complete a particular task. In cybersecurity, this is extremely important, as the entire concept of cybersecurity is complex by nature. Your business too can improve its cybersecurity practices and shift focus to a more mindful approach to network security.

First, let’s consider some of the challenges that small businesses face related to cybersecurity. Then, let’s talk about what it means to be a security professional and how your organization can use this knowledge to its benefit.

The Challenges of Security for SMBs

Security is a huge problem for small businesses, especially those that don’t take it seriously or think that they are not a target. The truth of the matter is that hackers don’t care how many employees you have or what industry you are a part of. Your business has data that hackers would find valuable, period. While many want to take it seriously, there are barriers that many businesses perceive to be in the way, chief among them a lack of security expertise and a lack of funds to hire top cybersecurity talent.

What Does It Mean to Be a Cybersecurity Professional?

This might seem like an odd question to ask, but we want to make sure that businesses understand what they must look for in a cybersecurity professional. Here are some traits that a security professional will have:

• A focus on proactive, preventative defenses rather than a reactive approach
• A divorce from security biases that prevent one from making objective decisions
• The technical knowledge and expertise necessary to understand cyber threats
• An understanding that security also requires training of staff and higher-level executives
• The flexibility to adapt to new threats and learn from them

Ultimately, whoever is at the helm of your cybersecurity strategy must possess these personal and professional traits. Failing to do so puts your organization at risk.

How to Become a Cybersecurity Adept Yourself

We won’t beat around the bush with this one; you are not going to become a cybersecurity professional overnight. Technicians have to undergo extensive training that involves meticulous attention to detail and a thorough understanding of the countless threats out there, as well as knowledge on how to respond to each of them. Suffice to say there is a reason why so many businesses choose to outsource this responsibility.

In a sense, trusting your organization’s security to outsourced professionals does make you a cybersecurity adept. Not only do you acknowledge that there are professionals whose jobs are specifically to handle this responsibility, but you also understand that security is nothing to mess around with. It’s a win-win scenario. MSPNetworks can be the professionals you trust your organization to. To learn more, reach out to us at (516) 403-9001.

Phishing attacks are some of the most common threats out there. Hackers will craft messages or web pages designed to harvest information from your employees, be it through suspicious requests for credentials via email or through false websites that look so much like the real thing that it’s no wonder they were tricked. How can you make sure that your employees don’t fall for these dirty tricks? It all starts with comprehensive phishing training.

So, what goes into a successful phishing training program? Let’s take a look.

Phishing training involves exposing your team to simulated real-world scenarios in which they might encounter a phishing scam. It’s worth mentioning here that phishing can potentially involve much more than just a simple email containing requests for sensitive information or forms on websites asking for credentials. Phishing can come in the form of phone calls, text messages, and other communication mediums. Therefore, it becomes of critical importance that your staff have the skills needed to identify these phishing scams in whichever form they take.

As for what this phishing training might look like, it depends on the context. Training might take a more passive approach with videos, but it also takes on more active approaches with interactive workshops and hands-on training exercises.

One of the best ways to get a feel for how well your employees understand phishing attacks is to test them without them knowing it using these simulated attacks to see who takes the bait and who doesn’t. In this way, you can get a sense for how they would react under normal everyday circumstances. This type of threat awareness is important to gauge where your employees are in regards to cybersecurity, and it can give you an idea of which employees need further training.

We want to emphasize that phishing training is not about calling employees out on reckless behavior; rather, it’s about corrective practices that can help your business stay as secure as possible long-term. It is better to find out which of your employees struggle with identifying phishing attacks in simulated situations than when the real deal strikes, after all.

Look, we all want to trust our employees to do the right thing and know better than to click on suspicious links in emails, but at the end of the day, wanting something and actually getting it are two entirely different things. We need to accept reality and admit that hackers can and will succeed in their phishing attempts if we don’t do anything to prevent them. The best way to keep phishing attacks from becoming a nightmare scenario for your business is to implement comprehensive training practices and consistently reinforce them with your staff.

MSPNetworks can give your employees the training they need to keep from falling victim to phishing attacks. After working with our trusted IT professionals, your employees will know how to identify phishing attacks and how to appropriately respond to them without risking your organization’s security. To learn more about our phishing training and other security services, reach out to us at (516) 403-9001.

It’s no surprise that mobile technology has infiltrated the workplace in more ways than one. Many businesses issue company-owned devices to their employees to get work done while out of the office, while others allow employees to bring their own devices, or use their own laptops and smartphones for fulfilling their day-to-day duties. That being said, it’s important to remember that mobile devices need to be managed in a very specific way to maintain security.

Let’s discuss how your business can manage the benefits of mobile devices in the workplace without sacrificing security.

Remote Wiping

Let’s say that one of your employees goes on a business trip and they set their briefcase down for a moment while they order a cup of coffee or some other task. When they return, the briefcase is gone, along with any devices that were in it. Besides scolding the employee for their negligence, your first thought might drift to the question of “What about the data found on that laptop?” What might the thief do with such data? The possibilities should have you concerned. Should you fail to recover the device, you will want the capabilities to remotely wipe the device of any and all sensitive data. This is to ensure that hackers don’t make use of it against your organization and to comply with various data privacy regulations. While it might stink to lose the device and have to replace it, it would stink more to have that data fall into the wrong hands.

Whitelisting and Blacklisting Applications

Some smartphone and desktop applications will be more secure than others, meaning that you will need to be extra cautious in what you allow applications to access on your devices. While we encourage all users to pay attention to what permissions are granted to applications, this is especially important for businesses. You should have the capabilities to whitelist and blacklist applications based on their potential merits or risks, thus keeping your devices (and data) as secure as possible.

Managing and Tracking Devices

Finally, you will want to consider a method for keeping track of any and all devices used to access your organization’s data. This includes any company-issued devices and employee-owned devices used for work purposes. You want to know who has which device at any given time, when that device was issued, what the employee is using the device for, etc. All of this helps you keep track of devices so that you can be sure they are being used effectively and, most important of all, safely.

Implement a Mobile Device Management Policy

If you want a comprehensive all-in-one policy to keep track of your company’s mobile devices, look no further than mobile device management from MSPNetworks. We can help your business stay on top of its mobile devices and reinforce best practices at every turn. To learn more, reach out to us at (516) 403-9001.

Two-factor authentication is commonplace in the office environment, but it’s not commonplace enough, if you ask us. Too many organizations pass on it, placing their security at risk for no good reason. While the methods might vary, the benefits of two-factor authentication are too good to ignore. We’ll walk you through how to set up two-factor authentication for three of the most common accounts in the business environment: Microsoft, Google, and Apple.

But first, let’s discuss what two-factor authentication is and why it’s so beneficial to utilize.

What is Two-Factor Authentication?

It used to be the case that users would only utilize passwords to secure their accounts. However, passwords are easy for hackers to take advantage of on their own. Two-factor authentication uses at least two of the three methods below to secure an account rather than just the password alone, theoretically making it more difficult for a hacker to access an account. Basically, unless two of the three methods are fulfilled, the account will not be accessible. Here they are:

• Something you know (a password)
• Something you have (a secondary device you own)
• Something you are (biometrics, facial recognition, fingerprinting, etc)

Why Is It Important?

Imagine that your online accounts are a house with two doors: one for the mudroom and one for the house proper. If both doors use the same key, a thief only needs to steal one key to gain access to both the mudroom and the house. Now imagine that the mudroom and the house have two different keys. That essentially doubles the effort needed to break into the home.

Simply put, in the same way as the above scenario, it’s much harder for a hacker to access an account that is protected by multiple measures. For example, even if a hacker has your password, if the account is set up to use an external device like a smartphone or biometrics, they still won’t have access to the account. Unless the hacker goes through the trouble of stealing the secondary device or stealing your fingerprints/facial structure (something that is remarkably difficult compared to swiping a password), the account will remain secure.

Setting Up Two-Factor Authentication

Right, let’s get to the bread and butter of this article: how to set up two-factor authentication for the big three accounts: Microsoft, Google, and Apple.

Microsoft

Microsoft recommends that you either have a backup email address, a phone number, or the Microsoft Authenticator application installed on a mobile device before you get started with two-factor authentication for this account. To get started, go to this page and sign in with your Microsoft account. Next, select More security options. Under the option for Two-step verification, select Set up two-step verification. After that, it’s just a matter of following the on-screen instructions.

Google

The first step here is to log into your Google account by going here. Next, in the navigation panel, select Security. Under Signing in to Google, select 2-Step Verification. Finally, click on Get started. You’ll see the directions for the next steps appear on the screen. You can set up your verification step in a variety of ways, including Google Prompts, security keys, Google Authenticator, verification code via text or call, or a backup code. You can also disable this second step on trusted devices, but doesn’t that defeat the purpose?

Apple

To set up two-factor authentication for your Apple ID, go to your account by clicking here. Sign in, answer your security questions, then click Continue. If you see a prompt to upgrade your account security, tap Continue. Click on Upgrade Account Security. You can then add a phone number for which you will receive verification codes via text message or phone call. Click on Continue, enter the verification code, and turn on two-factor authentication.

Want to get started with two-factor authentication for your business? The three accounts outlined above are just the tip of the iceberg. MSPNetworks can help you implement a multi-factor authentication system that secures your data and network. To learn more, reach out to us at (516) 403-9001.

The first half of this year has seen its fair share of ups and downs, especially on a global scale. With a global pandemic still taking the world by storm, it’s despicable that hackers would take advantage of the opportunity to make a quick buck using phishing tactics. Yet, here we are. Let’s take a look at how hackers have turned the world’s great misfortune into a boon, as well as how you can keep a lookout for these threats.

According to reports from SecureList, spam and phishing trends in Q1 of 2021 relied heavily on COVID-19 and the buzz generated by it. Let’s take a look at some of the major threats that took advantage of the pandemic.

Stimulus Payment Scandals

The first couple months of 2021 saw businesses and individuals receiving payments from governments, such as economic impact payments or business bail-outs. Hackers took advantage of this opportunity to try to convince users to hand over their credentials through the use of messages that both looked and sounded professional. As is often the case with phishing messages, some users of specific banks were targeted through the use of near-identical websites designed to steal credentials and fool users. Others tried to convince users to enter information by convincing them that the latest details on the bank’s COVID-19 practices could be found on the other side of links or sensitive information forms.

The Vaccine Race

For a while, the COVID-19 vaccine was a bit tricky to get your hands on. While things have improved significantly in recent months, the initial rush to get vaccinated triggered many would-be hackers to try their hand at vaccination phishing emails that replicated the look and language of communication from health officials. Users would have to click on a link in the message, which would then redirect them to a form for plugging in personal information and, in some cases, banking credentials. Even those who already received vaccinations were not safe, as there were fake surveys circulating urging people to fill them out and claim prizes for doing so.

What You Can Do

Don’t let hackers take advantage of the cracks in your business’ defenses. Phishing attacks can come in countless forms, so it is your responsibility to protect your business from them. Here are some ways that you can make sure your organization is secured from phishing attempts.

• Filter Out Spam: A spam filter can keep the majority of threats out of your inbox, but the unfortunate fact is that most phishing emails are probably going to make it past the spam filter. Therefore, you will want to take more advanced tactics against these threats.
• Train your Employees: Training your employees on how to identify threats gives them the power to avoid threats that do manage to get past your defenses. Teach them what to look for and you’ll be giving yourself a better chance of overcoming them.
• Implement Unified Threat Management: No matter how well trained your employees are, it helps to have just a little bit of reassurance that you have done all you can to secure your business. This is what a UTM does; it’s a single security solution that can optimize your network’s protection.

MSPNetworks can help your business keep itself secure. Not only can we implement great security solutions, but we can also help to train your employees, including regular “tests” where we send out fake phishing emails to see who is and is not paying attention. To learn more about how this can help your organization, reach out to us at (516) 403-9001.

Data privacy is a bit of a hot topic in today’s business environment, especially with high-profile hacks and ransomware attacks emerging and putting organizations at risk. In particular, the emerging concept of “privacy engineering” has a lot of businesses thinking about how they can secure their organization and future-proof their data privacy infrastructures.

Let’s discuss what privacy engineering is, as well as what some big names in the industry have to say about the future of data privacy.

What is Privacy Engineering?

The International Association for Privacy Professionals, or IAPP, defines privacy engineering as “the technical side of the privacy profession,” which can mean any number of things. For some, it is making sure that the processes involved in product design take privacy into consideration. For others, it might mean the technical knowledge required to implement privacy into the products. At the end of the day, it seems there is a general consensus that privacy engineering is the consideration of privacy, from a user’s standpoint, throughout the production process, from conception to deployment.

This is notable for a couple of reasons. Systems and products that take privacy into consideration at every stage of development will be much more consumer-friendly. Users can be more confident that their privacy has been considered through each stage of the process, making them much more likely to buy into the product. When products have this kind of reputation, it would be no surprise to see profits increase.

This sets off a chain reaction for businesses that create these products, increasing their bottom line. When businesses achieve this level of success, the value of the company increases, leading to more investors and the production of similar goods or services. Furthermore, since privacy and security is such an important part of modern computing, these types of investments are relatively safe from a shareholder’s point of view, as organizations that invest in products that meet specific regulations and set these high standards are more likely to persist into the future.

You can see how this all shakes out; in the end, the concept of privacy engineering is beneficial to both the consumer and producer. Therefore, placing your bets on technology that facilitates this is a great way to invest in your own company’s future.

What Does the Future Hold?

Back in 2020, Gartner made some predictions for where the data privacy industry was heading in the years to come. Here are some insights from their report:

• Proactive security and privacy is better: When you take measures to build security and privacy into operations, you are more likely to build trust and adhere to regulations. We preach this all the time; it is easier to prevent issues from emerging than reacting to those that are already here.
• Increased reach of security regulations: According to Gartner, 65% of the world’s population will have their privacy governed by some sort of data privacy legislation or regulations by the year 2023. This is notable, especially with the rise of regulations like GDPR.
• The rise of a privacy officer: By the end of 2022, 1 million organizations will have appointed a data privacy officer. Having someone within your organization whose sole responsibility is to keep you compliant means that you can rest easy knowing that you are doing all you can to make sure it stays that way.

Don’t Wait to Get Started

MSPNetworks can help your business ensure it is implementing adequate data privacy and security standards all across your infrastructure. To get started, reach out to us at (516) 403-9001.

With the onset of the COVID-19 pandemic, many organizations were forced to transition to remote work, even though they would have preferred to keep operations within the office. While the transition was rough at first, these organizations may have found that remote work offers certain flexibilities that were impossible in the traditional office environment. That said, one looming threat was (and still is) a major concern for the remote workplace: security.

One of the major ways that businesses can protect their organization while working remotely is through the use of what’s called a virtual private network, or VPN.

What is a VPN?

When you connect your device to a virtual private network, what exactly is happening to the connection? It’s actually much more simple than it sounds; what it boils down to is that the device connects to an encrypted network over the Internet. This encryption allows for the secure transfer of data to and from the device, preventing onlookers from observing (or stealing) the data.

Think about it like looking at a pipe that is transferring something to and from a location. If the outside of the pipe is solid, onlookers cannot see what is in the pipe. When it is clear, you can see exactly what is inside it. Encryption in this case acts like an opaque pipe, obfuscating contents to the point where they cannot be seen clearly, but you still know that something is there. In VPN terminology, the pipe in the above scenario is referred to as a “tunnel.”

How Does It Help Your Business?

You can see how this would benefit the remote employee. Since the employee is not in-house working on the company network, they do not have access to the in-house security solutions that you may have implemented to keep your data safe. This is why encryption is so necessary; if you fail to protect your company’s assets through unsecured connections to your network, you are unnecessarily risking your company’s future.

Now, think about the possibilities that open up when you don’t have to worry about network security while out of the office. Employees can travel for business trips (when it’s safe to do so, of course) without fear of data being stolen while communicating with your home office. They can perform work from anywhere at any time, allowing for enhanced productivity without sacrificing security. They will not need to rely on public Wi-Fi connections or other unsecured networks to connect to your office.

We don’t want to beat a dead horse, but from a security and longevity standpoint, it just makes sense to implement a VPN.

Get Started with a VPN Today

If you are ready to take the leap and implement a virtual private network for your business, don’t wait any longer. MSPNetworks can help you deploy a solution that is specific to the needs of your organization. We’ll work with you to get the most secure solution at the best price point. To learn more about how a virtual private network can benefit your business, reach out to us at (516) 403-9001.

Data breaches have a tendency to destabilize relationships. With so many data-related problems befalling businesses nowadays, it is important that each side of every data-driven relationship understands their role in the protection of other organizations’ data. Today, we’ll take a look at the issue and how to determine if your partners are putting in the effort required to keep your data secure. 

Are Your Vendors Properly Protecting Your Information?

We’ve seen businesses have a litany of challenges protecting their sensitive data over the past several years, and as threats get more sophisticated it poses more problems. Additionally, many businesses outsource a fair amount of their operational and support efforts and that can have a negative effect on their security. 

So, how do you know that your vendors are protecting your information?

You ask them, of course. 

Before you onboard any new vendor, you should come up with a questionnaire that asks the right questions about how they handle their own cybersecurity, and more specifically (and importantly) how they go about handling your information. 

At MSPNetworks, we do this for all of our clients to ensure that they are partnering with reliable companies that, at the very least, are attempting to do the right things to protect sensitive information. 

Questions You Should Ask Your Vendors

The first thing you should consider when making up some questions to ask your vendors about security is: do you understand the answers? If you don’t know what you are doing, you could just assume any thoughtfully answered response would be sufficient. This is far from true and is a liability, especially in trying to ascertain what risk your business is facing by doing business with a company. We can’t stress enough that if you don’t have someone that knows what they are doing, you need to find someone, as this will serve you much better in times like this.

Let’s go through a couple of important questions you should ask if you do have the competence available to sufficiently measure risk from the answers:

1. Do you collect, store, or transmit personally identifiable information (PII)?
2. If so, do you store your PII onsite or in the cloud?
3. How do you provide users access to the PII you store?
4. Can PII be accessed remotely?
5. Do you constantly monitor all services, systems, and networks?
6. What regulatory bodies does your business operate under? Do you have proof of compliance?
7. What kind of encryption do you use for data-at-rest? Data-in-transit?
8. Do you consistently patch your software? 
9. Do you have mobile device management and IoT management systems?
10. Do you utilize legacy systems that aren’t supported by manufacturers?
11. What cybersecurity tools do you use?
12. Do you have language in your agreements about vendor cybersecurity? 
13. How are your continuity systems?
14. How would you go about the situation in the event of a data breach?
15. What authentication procedures do you use? 
16. Do you train your employees on the best practices of cybersecurity?

There are many more questions you can ask, and you should ask them if you find them necessary. Vetting your vendors is a great way to know if they have your best interests in mind. 

If you would like to partner with a company that not only has your best interests in mind, but also can help you ascertain if your other partners do as well, give MSPNetworks a call at (516) 403-9001 today.

You’ve probably heard by now, a Russia-based hacking collective by the name of DarkSide targeted Colonial Pipeline, a company that supplies nearly 45 percent of the fuel used along the Eastern Seaboard of the United States, with a ransomware attack. Not only does this hack have an effect on fuel prices and availability, it highlights just how vulnerable much of the nation’s energy infrastructure is. Let’s discuss the details of the hack and the raging discussion about cybersecurity that’s happening as a result. 

The Facts Surrounding the Hack

On Friday, May 7, 2020, Colonial Pipeline had to shut down operations after a ransomware attack threatened to spread into critical systems that control the flow of fuel. Almost immediately gas prices started to jump in the region, averaging around six cents per gallon this week. The pipeline, which runs from Texas to New York, transports an estimated 2.5 million barrels of fuel per day. The shutdown has caused some fuel shortages and caused panic buying in some southern U.S. states. Administrators said that the ransomware that caused the precautionary shutdown did not get into core system controls but also mentions that it will take days for the supply chain to get back up and running as usual again. 

Who Is DarkSide?

The hacker group DarkSide is a relatively new player, but it has set its sights high. The group claims to be an apolitical hacking group that is only out to make money.  In fact, they put out the following statement after the FBI started a full-scale investigation of the group:

“Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

DarkSide seems to be a professionally-run organization that deals in ransomware. They follow what is called the Ransomware-as-a-Service model, where hackers develop and sell their ransomware to parties looking to conduct operations like the one that stymied Colonial Pipeline. They also are known for their “double extortion” methodology, where they threaten to take the data they encrypt public if their demands aren’t met. Their ransom demands are paid through cryptocurrency and have only been in the six-to-seven figure range. 

What’s interesting is that the group seems to have its own code of ethics, stating that they will never attack hospitals, schools, non-profits, or government agencies. Either way, their current attempt at extortion has made a mess for millions of Americans. 

Problems Securing Infrastructure

Even before the world completely changed, cybersecurity analysts were recommending that more had to be done to protect aging utility systems around the world. Back in 2015, hackers took down a power grid in Ukraine and left 250,000 people without electricity, and it caused some movement to improve system security, but nowhere near as much as is required. Now, with the push to use renewable energy and more efficient systems of deployment, more technology has been added to these systems than at any time in history. These smart systems, coupled with a resounding lack of security, means that the next cybersecurity catastrophe is just around the corner. 

The pandemic didn’t help matters. Systems that are being updated are increasingly being connected to public and private networks for remote access. All it takes is one vulnerability and hackers can exploit and take control of systems that affect the lives of millions of Americans. Hackers causing a gas shortage is scary, but hackers taking down power grids or other systems that the public depends on to live could be looked at as an act of war.

The scariest part is it seems as though no system is immune to these problems. According to CISA, the Colonial Pipeline hack is the fourth major cyberattack of the past year. You have the Solar Winds breach that allowed Russian Intelligence to infiltrate thousands of corporate and government servers; an attack where Chinese nationals rented servers inside the U.S. to invade a still unnumbered amount of Microsoft Exchange servers; and a still-unknown hacker that hijacked a tool called Codecov to deploy spyware on thousands of systems.

Microsoft is widely renowned as being at the forefront of cybersecurity and Solar Winds is itself a cybersecurity company. This tells you a little bit about where we are about protecting essential systems. It’s not a good situation.

While you can’t always worry about cybersecurity everywhere you are, you have to prioritize it for your business. If you want to talk to one of our security experts about your cybersecurity, give MSPNetworks a call today at (516) 403-9001.

Passwords are probably the most important part of keeping accounts secure. That’s why it is so important to follow industry best practices when creating them. Today, we’ll take a look at the standards outlined by the National Institute of Standards and Technology (NIST) in creating the best and most secure passwords.

What Is NIST?

For years, NIST has been the predominant organization in the establishment of password creation standards. They continuously change their advised practices to meet with the current cybersecurity demands. They recently updated their guidelines so we thought we would go over what strategies they suggest, to give you an idea of what makes a secure password. 

New Guidelines

Many corporations are currently using the NIST guidelines and all Federal agencies are expected to utilize them. Let’s go through their newest password guidelines step by step. 

#1 - Longer Passwords are Better than More Complicated Ones

For years, it was preached that the more complicated the password, the more secure the account. Today’s guidelines refute that notion. NIST suggests that the longer the password, the harder it is to decrypt. What’s more, they suggest that organizations that require new passwords meet a certain criteria of complexity (letters, symbols, changes of case) actually make passwords less secure. 

The reasoning behind this is two-fold. First, most users, in an attempt to complicate their passwords will either make them too complicated (and forget them) or they will take the cursory step of adding a one or an exclamation point to the end of a password, which doesn’t complicate the password as much, if at all. Secondly, the more complex a user makes a password, the more apt they are to use the same password for multiple accounts, which of course, is not a great idea.

#2 - Get Rid of the Resets

Many organizations like to have their staff reset their password every month or few months. This strategy is designed to give them the peace of mind that if a password were compromised that the replacement password would lock unauthorized users out after a defined set of time. What NIST suggests is that it actually works against your authentication security. 

The reason for this is that if people have to set passwords up every few weeks or months, they will take less time and care on creating a password that will work to keep unwanted people out of the business’ network. Moreover, when people do change their password, they typically keep a pattern to help them remember them. If a previous password has been compromised, there is a pretty good chance that the next password will be similar, giving the attacker a solid chance of guessing it quickly. 

#3 - Don’t Hurt Security by Eliminating Ease of Use

One fallacy many network administrators have is that if they remove ease of use options like showing a password while a user types it or allowing for copy and pasting in the password box that it is more likely that the password will be compromised. In fact, the opposite is true. Giving people options that make it easier for them to properly authenticate works to keep unauthorized users out of an account. 

#4 - Stop Using Password Hints

One popular way systems were set up was to allow them to answer questions to get into an account. This very system is a reason why many organizations have been infiltrated. People share more today than ever before and if all a hacker needs to do is know a little personal information about a person to gain access to an account, they can come across that information online; often for free.

#5 - Limit Password Attempts

If you lock users out after numerous attempts of entering the wrong credentials, you are doing yourself a service. Most times people will remember a password, and if they don’t they typically have it stored somewhere. Locking users out of an account, at least for a short period of time is a good deterrent from hackers that use substitution codes to try and guess a user’s credentials. 

#6 - Use Multi-factor Authentication

At MSPNetworks, we urge our clients to use multi-factor or two-factor authentication on every account that allows them to. According to NIST they want users to be able to demonstrate at least two of three authentication measures before a successful login. They are:

1. “Something you know” (like a password)
2. “Something you have” (like a mobile device)
3. “Something you are” (like a face or a fingerprint)

It stands to reason that if you can provide two out of three of those criteria, that you belong accessing the system or data that is password protected. 

Security has to be a priority for your business, and password creation has to be right up there with the skills everyone should have. If you would like to talk to one of our IT experts about password management and how we can help your business improve its authentication security, give us a call today at (516) 403-9001.

Today, employees have to be a major part of every business’ cybersecurity attempts. The reasoning is simple: attacks are more likely to come in the form of end user correspondence than on a direct assault of the network. As a result, it is important that cybersecurity is more than just another line item on a task list, it has to be built into the culture. Let’s discuss a few ways to get your employees to care about cybersecurity.

Why Is Cybersecurity A Nuisance?

This is not a new phenomenon. Your employees want to be productive. In their minds, any extra tasks that are assigned are a hindrance to that aim. Cybersecurity, in today’s businesses, also has a tendency to intrude on their desire to separate their home life from their work life. While this isn’t really the case in most scenarios, there certainly needs to be some cooperation from them to properly secure your network. 

By now your workers understand that security is extremely important. What they don’t understand is how it is their problem. You hire them to do a job, and for most of them, that job isn’t "security guard." That’s why it is important that cybersecurity is something they are confronted with from the beginning of their employment. It is a culture issue, not just an operational one. Let’s go through some ways you can get your staff to care about cybersecurity.

Remove the Red Tape

Today, a well-executed hack or social engineering attempt can completely devastate a business. In some cases, and this is especially true for smaller businesses, a hack can cause the closure of a business. Those types of events affect more than just the business owners or the stakeholders. 

To ensure that your staff gets just how important this issue is, level with them. You don’t need to keep the threats a secret any longer. A unified approach to cybersecurity requires that your employees know how hackers and scammers will go about trying to trick them into handing over access to the company network. This will not only actively remove the indifference most employees have about cybersecurity, but it will also ensure that they realize how important doing the right things are. 

Make Sure Your Staff is Personally Invested

For the average employee, any indifference they have about a business’ cybersecurity efforts comes from the idea that it doesn’t really have any effect on them. This is not true. Hackers don’t just want access to business information, they want access to the network. That means all of the data on that network. 

Making sure that employees understand that it’s just not company information, it is their personal information and that of their contemporaries. Reminding that their data is at stake might just be the thing needed to get them to take security measures seriously. 

Build Solid Training and Literacy Right Into Your Culture

As we mentioned above, one of the best ways to ensure that your staff understands their role in your organization’s cybersecurity plan is to build it into your culture. To do this, it has to be out in front. You need to mention it in your hiring process (interview, any collateral you use to outline employee responsibilities), it needs to be parsed out properly in your organization’s documentation (employee handbook, etc.), and it has to be something that every person in the business knows that they will be confronted with at some point.

Ensuring that your people don’t get complacent is a massive point of emphasis if you want to keep their cybersecurity literacy ongoing. On top of training, you need to keep up some type of consistent reminder that they are important to organizational efforts to keep hackers and other unauthorized entities off of the business’ network. The more time and effort you put into planning out your cybersecurity training, the more that people will get out of it. 

We Can Help!

Keeping your business from falling victim to a cyberattack takes a lot of effort. Our security professionals are constantly readying ourselves to assist our clients in keeping them free of threats and a lot of that is helping them come up with policies, procedures, and strategies to keep their employees engaged in this never-ending fight against hackers. Give us a call at (516) 403-9001 today to learn how we can help you protect your business.

One of the most effective means for a business to shave a few dollars off its budget (and potentially boost employee engagement, for that matter) is to adopt something called a Bring Your Own Device policy—effectively, an agreement that allows their team members to access business-owned documents and files on devices they personally own to get their work done. While these policies have been shown to be very effective, they also need to be carefully considered so they can be adopted appropriately.

Let’s take a few moments to review some practices that are recommended for a secure BYOD implementation.

Determine Acceptable Parameters

Device and OS Requirements

For your productivity to remain intact and for your organizational security to be preserved, the tools your team brings to use need to meet the baselines that you set—otherwise, there is likely to be a shortcoming that leaves an opening. Certain workflows may require a specific operating system to be used, simply for the processes to be compatible. Keeping track of your team’s chosen hardware will help you determine if their devices are eligible to participate.

Accepted Software

On the topic, your business workflows should have defined software solutions identified for your team to use so that processes can flow smoothly. Make sure your team knows that they are expected to use these titles for their work processes and that they are expected to have certain protections in place on their mobile devices before they can use them to work.

Upkeep Policies

When using a personal device to access your business’ network, there needs to be some supported expectation that the user will ensure that the device remains functional and secure. This could mean that only authorized dealers or professionals are authorized to perform basic maintenance tasks and that these tasks are carried out promptly.

Security Preparations

Encryption Policies

In terms of protecting your data from the prying eyes of hackers, you’d be hard-pressed to find a more effective method than encrypting it. Considering this, it is important that you encourage/require encryption to be put in place as a part of any BYOD policies you implement.

Password Standards

We know, we know… the importance of secure passwords is a topic that has been covered frontways, backways, and every which way for a long time. However, once people start to follow these guidelines, we’ll stop bringing it up. When it comes to strong passwords, make sure your team is using them on all their devices, and that these devices are set to lock if an incorrect password is repeatedly entered.

Data Handling Guidelines

Where your data is concerned, you need to also establish the proper means for it to be stored and accessed while an employee is using a personal device. Ideally, your BYOD plan will have the means to block any data transfers to an insecure device as well as establish the proper procedures for accessing this data.

Necessary Prerequisites

Data Removal Circumstances

When an employee’s device has access to your company’s data via a BYOD strategy, it is critical that you retain the means to rescind that access as needed—like if a device is lost or stolen, or if an employee leaves the company. You may also want to include the right to review an employee’s device for company-owned data so that it can be removed if they were to leave so that your data isn’t brought elsewhere or abused.

Lost or Stolen Device Procedures

On the topic, your team needs to have a reporting process to follow should something happen to their device that will help to ensure that mitigating actions can be appropriately taken. Reinforce that these reports need to be promptly submitted to help minimize the potential impact of such occurrences.

Breach of Policy Consequences

Finally, you need to establish how employees will be reprimanded should these policies go unheeded or disregarded. While the loss of BYOD privileges is a common tactic, you should also seriously consider what is acceptable before an employee should be terminated. Once these distinctions have been made, share that information with your team when they opt into your BYOD implementation, so they are aware of the severity of such indiscretions.

A Bring Your Own Device policy is an essential piece of the modern office’s IT considerations and is something that we can help you out within much more detail. Find out what needs to be done by calling (516) 403-9001 today.

2020 was, obviously, a challenging year for healthcare providers. In addition to the obvious issue of the COVID-19 pandemic creating serious operational, financial, and supply chain difficulties, cybersecurity concerns didn’t go away during this time. Let’s consider some of the additional stresses that IT security needs can, will, and have placed on healthcare providers.

The amount that healthcare practices invest in their cybersecurity services has been projected to exceed $65 billion in the span of time from 2017 to this year—but despite this, the industry isn’t improving. In fact, healthcare providers have had to turn away patients for these precise reasons… but the question remains: why?

There Are a Few Reasons that Healthcare Providers Have Had Problems As of Late

IoT Security Issues

Anyone who has been to a hospital in the past decade or so has likely noticed how connected many of these facilities have become. A nurse’s clipboard has been replaced by a laptop that they wheel around to input all information and logs into, while diagnostic equipment itself is now largely computerized.

This means that many of a healthcare provider’s tools can now be classified as Internet of Things devices, and as such, are prone to security inconsistencies and vulnerabilities as a result. Many IoT devices are notorious for iffy-to-non-existent security as it is.

Ransomware

While ransomware can be, and is, an issue in every industry, the healthcare industry is particularly susceptible to its impacts for obvious, life-or-death reasons. Ransomware has been responsible for many organizations actually closing their doors, unable to sustain the damages. This is largely due to the reliance that their organizations have on the data that they need to treat their patients and manage the business—without the support required to properly protect this data.

Insider Threats

Unfortunately, the employees in a healthcare organization are not infallible, which does sometimes lead to insider threats to data. In fact, some professionals have said that insider threats are the biggest challenge for hospitals and such right now.

New Threats May Be On the Horizon

Of course, cybercrime of all kinds constantly advances, and that which targets the healthcare industry is no exception. In healthcare, these threats can be downright frightening.

For example, a research team in Israel managed to develop a proof-of-concept computer virus that could artificially paste tumors into CT and MRI scans so that high-profile patients could be misdiagnosed by their physicians.

With ingenuity like that, it is terrifying to consider what cybercriminals may do moving forward.

Regardless of your industry or the size of your business, cybercrime isn’t something to be taken lightly. MSPNetworks is here to help prepare for it. Give us a call at (516) 403-9001 to learn more about the solutions we have to offer.

As one of the biggest cybersecurity considerations the modern business has to make, how to combat phishing has to be at the top of any business’ cybersecurity strategy. Let’s take a look at phishing and why it’s such a big problem for today’s business. 

You’ve Probably Been Phished

When trying to explain what phishing is to someone who has no idea about it, we typically start with the namesake. Phishing is the same as fishing. A hacker will bait a hook and users will bite on it. It’s that simple. Instead of worms or minnows, a phishing attempt needs some bait that will fool an unsuspecting computer user into providing information that will allow a hacker to access secured networks and steal or corrupt data. 

To say that this method is effective would be an understatement. First of all, the massive breadth of attacks—there are literally millions of these attacks per day—results in high levels (and low percentages) of successful attacks. In fact, 88 percent of organizations that were polled claimed to experience at least one phishing attack in 2019. In 2020, phishing emails were one of every 4,200 emails sent or about 73 million. The pace has actually quickened in 2021.

Successful phishing attacks result in stolen credentials, compromised networks, ransomware and other malware. They all lead to businesses losing money. 

Phishing is More Prevalent Than Ever

Phishing has been an issue for quite a while, but the COVID-19 pandemic and the corresponding jump in remote work provided the perfect opportunity for these scammers to operate. In 2020, 75 percent of worldwide organizations were targeted by phishing attacks, while 74 percent of U.S. businesses were successfully attacked in some way. This often led to massive losses, some $3.92 million on average. That’s an average and takes into account loss of productivity from downtime, data theft, deterioration of consumer confidence, and other factors.

It is therefore important that you do what you can to train your staff about how to recognize and thwart phishing attempts before they have a chance to have a negative effect on your business.

MSPNetworks can help you put together a training strategy, as well as put together tools to help you keep your network and data safe. Call us at (516) 403-9001 to learn more.

Let’s face it, most people are glued to their phones when they have downtime. Many don’t look up to cross the street. With this much dedication to their individual mobile devices you’d think that people would be more careful about what they download.

Apparently, that Instagram feed is just too distracting to worry about individual data security. 

 Researchers from the mobile security firm Zimperium have discovered a malicious app that pretends to update your Android device, but is just spyware that can steal almost all of your data and monitor your search history and your location. Simply called “System Update” it has tricked many unsuspecting Android users as of this writing.

What Can “System Update” Do?

The spyware, or officially Remote Access Trojan (RAT), attached to this malicious download can only be downloaded outside of the Google Play store, which is fortuitous for many would-be victims of a malware attack like this. The spyware can effectively steal messages, contacts, device information, browser bookmarks, user search history, and can gain access to the microphone and the camera.

What’s more, it continuously tracks a user’s location, which can be really dangerous for anyone. The app starts spying everytime the device receives new information, which for any heavy user is constant. After stealing your data, the app will work to erase the evidence of it’s activity, effectively covering its tracks indefinitely.

 All-in-all, it is a pretty tough cookie. 

How Are People Accessing This Malware?

You won’t be surprised to learn that phishing is the number one way people are being exposed to the corrupt “System Update” app. Google continuously warns people to not install apps from outside the Google Play app store, but as people’s devices age, they aren’t always compatible with older operating systems found on these devices and start looking for options outside of the Google Play app store. This can lead to people downloading apps that seem useful, but are completely nefarious. “System Update” seems to be one of those apps.

What You Can Do to Protect Yourself

While there have been nefarious apps found on the Google Play store in the past, the malicious app rate is extraordinarily low when sticking to the official app store. Users should also consider questioning any situation where an app is suggested for you outside of the app store, even if it seems to redirect you to the Google Play apps store. You just never know what you are going to get when you trust third parties on the Internet.

 If you need a comprehensive plan to protect your business data from employee impulse and mobile negligence, give our technicians a call today at (516) 403-9001. We can help you with mobile device management (MDM) and Bring Your Own Device (BYOD) which can have all types of benefits for your business.