MSPNetworks Blog

Hackers are always on the lookout for personally identifiable information, or PII, as it’s an immensely lucrative resource. You’ll need to protect it if you want your business to continue operating safely and efficiently. Let’s go over what PII entails and what kinds of data you might find under this term.

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

Despite what detractors say, regulations are in place for good reason. They typically protect individuals from organizational malfeasance. Many of these regulations are actual laws passed by a governing body and cover the entire spectrum of the issue, not just the data involved. The ones that have data protection regulations written into them mostly deal with the handling and protection of sensitive information. For organizations that work in industries covered by these regulations there are very visible costs that go into compliance. Today, we look at the costs incurred by these organizations as a result of these regulations, and how to ascertain how they affect your business.

2023 was definitely the year that AI became a household name. We’ve barely seen what artificial intelligence is capable of, and while industries are still coming up with more ways to use the technology, we’ve already seen countless examples of how people want to take advantage of AI for less savory purposes. 2024 is already shaping up to be the year that businesses need to protect themselves from AI-generated cybersecurity threats. Let’s take a look at everything you need to know as a business owner.

What’s the State of AI in 2024, and How Can It Be Used?

In case you haven’t been caught up, the tech world has been shifted by some new technology that uses vast amounts of information and complex algorithms to generate human-like text. In the simplest terms possible, engineers wrote a piece of software that was designed to “train” itself by reading a massive amount of text from the Internet. It read about 300 billion words from books, social media sites, news articles, and plenty of other types of content. Because it was able to absorb and index so much information, users can ask it questions and it can understand and respond to those questions in plain English (or Spanish, French, German, Italian, Portuguese, and more). 

This is called a Large Language Model, or LLM, and the most popular version of this right now is called ChatGPT. Most people commonly refer to this technology and other similar types of systems as artificial intelligence (AI).

These systems can do some pretty remarkable things. They can answer questions quickly, and generate large amounts of content on a topic very fast. You can “brainstorm” ideas with it, and then ask it to give you a task list for everything discussed. AI has been a great resource for software developers, as it can be used to quickly find security vulnerabilities in vast amounts of code before cybercriminals can exploit them.

And that’s where the problem lies.

Any Great Technology Can Be Used By Bad People

Paleontologists have determined that the earliest use of the bow and arrow happened about 60,000-70,000 years ago in South Africa. It’s suspected that this groundbreaking (at the time) device was used for hunting. Obviously we will never be able to pinpoint exactly when or how this happened, but at some point, the world experienced the first prehistoric person drawing a bow and arrow on a fellow prehistoric person. 

This has been the cycle for technology ever since, and when something new emerges, someone is going to figure out how to use it to cause trouble. Over the last several years, we’ve even seen the so-called troublemakers adopt modern technology even faster than the general population in some cases.

This is happening with AI. Cybercriminals are able to use AI to become much more effective. They can use AI to find vulnerabilities in software before developers are able to provide security patches. They can use AI to write phishing emails that are even more convincing and effective. They can use AI to write malware that is more devastating and infectious. 

Cybersecurity has always been a virtual arms race, and AI kicks things into overdrive. To stick with our theme, cybercriminals from 20 years ago were using the bow and arrow, and now with AI and other modern tactics, they have supersonic fighter jets. Businesses and individuals need to be even more vigilant about protecting their data.

Something That Most People Don’t Think About When It Comes to Cybersecurity

We all always talk about cybercriminals and hackers as if they are lone wolf anarchists sitting in a dark basement, drinking store-brand Mountain Dew, wearing a dirty hoodie, and staring into a bunch of screens with green matrix code.

The reality is that most cybercriminals treat their work like a business.

They are always working on getting the most profit for the least amount of effort; they follow and repeat successful campaigns and revamp things that don’t work.

But that’s not the worst part.

Over the last few years, it’s been uncovered that a lot of scammers and cybercriminals are actually trafficked people, forced to follow scam playbooks in order to pay off their captors and regain freedom. In some cases, when you get a scam phone call or text message or phishing email, it’s coming from a victim of human trafficking. 

There are entire compounds that house thousands of people, tricked away from their homes and families and essentially imprisoned to try to scam individuals and businesses. CNN recently did an incredibly eye-opening article that is worth checking out, but be warned, there is some disturbing content.

This gets us a little off topic when it comes to how AI is being used by cybercriminals, but we feel that it’s extremely important to raise awareness about these types of operations, and just how intense they are both in scale and misery. Cybersecurity is an industry all on its own, and every time an individual or organization gets scammed, it fuels something that is causing a lot more harm than simply forcing a business to its knees or stealing thousands of dollars. 

2024 Needs to be the Year We All Take Cybersecurity Extremely Seriously

Between AI, social engineering scams, and a growing industry of reprehensible cybercriminals, doing your part in protecting your business and yourself from cyberthreats will go a long way in ensuring that you can be successful. 

MSPNetworks can help your business establish a culture of cybersecurity, and implement the tools you need to prevent threats. Get started with a cybersecurity audit—give us a call at (516) 403-9001 to get things kicked off.

We often advise people to steer clear of clicking on suspicious links, but distinguishing between a legitimate URL and a dubious one has become increasingly challenging. Not only have malicious tactics evolved to the point where everyone has to stay on top of their game to not be fooled, these threats are almost pervasive so they are coming at people from all types of directions. We thought we would focus on a single punctuation mark that can make all the difference in whether a link is legitimately safe or potentially dangerous.

Meet The Most Trusted Fictitious Online Retailer in the World

Imagine a fictional company that rises to become a global retail and multimedia giant, a household name—let's call it TallMart.

Our entirely fictional TallMart offers an extensive array of products and services. Users engage in buying and selling, managing payments, running ad campaigns, customizing personal profiles, watching exclusive movies from TallMart Studios, handling TallMart Web Hosting accounts, and now, accessing telehealthcare from licensed TallMart medical professionals.

Our motto is simple: TallMart: Why Go Anywhere Else?

Given TallMart's status as the world's most trusted online retailer, akin to giants like Facebook, Amazon, and Google, it enjoys widespread trust. However, like other major platforms, TallMart's massive success attracts cybercriminals attempting to scam its users for money and sensitive information. With so many transactions, the opportunity to separate users from money is there; and hackers are nothing if not opportunists.

When Users Feel Secure, Cybercriminals Gain an Advantage

TallMart users receive numerous emails about products, account notifications, receipts, transactions, and offers. Cybercriminals can easily mimic these emails, adopting TallMart's branding and employing technical spoofing to make them appear legitimate. They may include links that seem to lead to TallMart but redirect users to similar-looking URLs under the cybercriminals' control.

Creating a deceptive webpage is inexpensive and quick, allowing cybercriminals to register domains like Talmart.com or TallMartcustomerservice.com. It's crucial for users to stay vigilant and recognize potential warning signs to avoid falling victim to scams.

How to Verify the Destination of a Link in Emails, Chats, or Correspondence

While methods may vary across applications, hovering your mouse over a link typically reveals its destination. Most email clients and web browsers display the link destination at the bottom of the page.

The Key: Punctuation in the URL

While checking for misspellings and unofficial URLs, an effective way to identify a suspicious link is by observing periods after the domain name. For example:

Safe: https://www.tallmart.com/gp/help/customer/account-issues
Safe: https://support.tallmart.com/
Suspicious: https://support.tallmart.com.ru

The truth is that some legitimate URLs may have periods toward the end of them, indicating file types like .html, .pdf, .doc, etc. are connected to the link or attachment. It’s best to remain cautious with direct links to files in every situation, as malware could be embedded and all it takes is a simple interaction to execute the malicious code. It’s best to avoid clicking on suspicious email attachments. Ultimately, exercising caution with clickable content is the most prudent practice to keep yourself from becoming a victim.

You should always hover over links to inspect their destination. If you find that there is a period in any abnormal place, be skeptical and either avoid it altogether, or verify that it is from a legitimate source. 

If an email urges urgent action, such as logging into your account, refrain from using the provided links without first making certain that any link or attachment is completely legitimate. You can do this in several different ways, but clicking through without considering the potential consequences could turn out to be a nightmare for you and for your organization.

Please share this with others because the more people know about how to stay safe online, the safer we all are. 

In this blog, we do our best to give people the knowledge they need to protect themselves and their organizations while operating online. With all the digital tools that we all have come to rely on, it’s important to understand the result of a data breach on organizations and their customers. In today’s blog, we go through six of the most devastating data breaches that happened in 2023. 

T-Mobile 

At the very beginning of 2023, telecommunications giant T-Mobile announced that it had suffered what ended up being the most noteworthy data breaches of the entire year. Cybercriminals were able to use the T-Mobile API to steal data…for months. When T-Mobile found out about the attack, more than 37 million customers had their personal data exposed. Unfortunately for the company, they were the victims of a second breach only months later that cost the business more than $100 million to remediate. Overall customer names, billing addresses, phone numbers, and emails were leaked online. 

Mailchimp

Also early in 2023, digital marketing company Mailchimp discovered a data breach that affected user accounts and employee information and credentials. They were the victim of a social engineering attack that was unfortunately successful. Victims had their names, store web addresses and email addresses stolen. 

ChatGPT

One of the major innovators of AI was the victim of a serious cyberattack in March of 2023. The attack exposed the first and last names of users and their email addresses along with access to payment addresses and the last four digits of their credit cards. Open AI, ChatGPT’s parent company, was forced to take the service down briefly to address the breach.

Yum! Brands

The parent company of major fast food chains KFC, Taco Bell, and Pizza Hut was attacked in April of 2023. When it was discovered, the breach was thought to have only affected corporate data, but after careful consideration, it was found that some employee personal data was exposed in the breach. The result was stark as the company was forced to close down hundreds of locations outside of the United States and continues to pay handsomely for the breach.

Activision

One of the largest and most successful video game publishers: Activision found they were hacked in February 2023, a breach that occurred in December of 2022. The company's release schedule was unearthed and so was some employee data. A third-party security contractor found that the breach was the result of an SMS phishing attack.  Employee emails, phone numbers, salary details, and work locations were exposed in the breach.

PharMerica

In the largest data breach of a HIPAA-covered entity in 2023, the pharmacy provider PharMerica reported that 5.8 million individuals’ personal information was exposed in March of 2023. The breach was the result of a sophisticated attack carried out by the ransomware group “Money Message.” Some of the information exposed in the breach includes names, addresses, dates of birth, Social Security numbers, individual prescription information, and health insurance data. 

These are the extreme examples, but your business is just as (or more) susceptible to a data breach than any of them. That’s why you need to take your cybersecurity strategies seriously. If you would like to learn more about what you can do to keep your business as secure as it can be, including strategies for employee training, data, network security, and much more, give us a call today at (516) 403-9001.

Maintaining data security is an important consideration, and most people try to do what they must to secure their personal data. They verify emails; they roll out antivirus and antimalware; they take vigilant steps to avoid the myriad of threats and active attacks we all deal with from one day to the next. 

Taking these steps is great for a business’ overall data security profile. Still, other situations can present just as much of a threat. Today, we will talk about how sharing too much information on social media can have a negative effect on data security and overall digital privacy. 

What is Oversharing?

People use social media every day and often use it as a means to get their thoughts out there. Unfortunately, as that happens, they can often overshare information that can be used against them. 

Let’s take a look at some reasons this can backfire:

• Privacy Concerns - Sharing too much personal information online can compromise your privacy. It may expose you to potential identity theft, scams, or unwanted attention from individuals with malicious intentions.
• Security Risks - Oversharing details about your location, daily routine, or upcoming plans can pose security risks. It may make you more susceptible to burglary or other security threats.
• Professional Consequences - Employers and co-workers often check social media profiles. Oversharing personal or inappropriate content can negatively affect your professional reputation and even impact current and future job opportunities. 
• Relationship Strain - Sharing too much about personal relationships can lead to misunderstandings or strain in relationships. It may also expose private matters that should be kept between individuals.
• Emotional Impact - Constantly sharing personal details and seeking validation through social media can negatively impact mental health. It may lead to comparisons, feelings of inadequacy, or a dependence on external validation.
• Time Consumption - Spending excessive time sharing and consuming content on social media can be unproductive. It may take away time from real-world activities that could be more fruitful than posting opinions online. 

All of these reasons have a lot of negative impacts on future opportunities. Still, they can be entirely avoided by just considering how you operate your social media accounts. If you want additional technology content and best practices, visit our blog regularly.

I was talking to some colleagues the other day about cybersecurity and its relationship with modern everyday scams, like phone scams and similar things. In my opinion, it’s worth bundling these two topics together, and we found some interesting statistics that we’d like to share.

What Do We Mean By Scams?

When I say scam, I’m getting into some pretty broad territory. I’m talking about efforts to trick a person into giving their time, energy, money, or something else of value to someone who is trying to earn it through trickery, fear, or emotional manipulation.

In other words, we’re not going to talk about computers very much in this blog post.

Here are just a few examples of some common scams:

• Account issue or password scams - This is usually in the form of an email or text message claiming that there is a problem with an online account or payment, urging you to quickly log in using a fake link, so that a scammer can steal your credentials.
• Fake charity scams - Someone poses as a real or fake charity to try to get money from you.
• Debt collection scams - Someone poses as a debt collector to collect money you owe, or don’t actually owe.
• Settlement and debt relief scams - Someone offering to renegotiate or settle debt with the goal of simply taking your money.
• Mortgage scams - A wide range of scams where the scammer offers relief or tries to trick homeowners into sending their closing costs or payments to somewhere other than the actual lender. This can even result in a scammer owning your house.
• Imposter scams - A scammer pretends to be someone you know (often on social media) or someone with authority you can trust to trick you into sending them money or sensitive information.
• Romance scams - A scammer poses as a new love interest and tricks you into falling for them online so they can trick you out of your money.
• Grandparent scams - A complex scam where a scammer poses as a relative in desperate need for help asking you to transfer money without thinking about it.
• Mail fraud - Legitimate looking mail that is designed to trick you into sending money or personal information.
• Lottery and prize scams - A scammer contacts you to tell you that you’ve won something, and asks you to pay upfront for fees and taxes.
• Mobile payment fraud - Legitimate wallet apps like Venmo, Zelle, and others are full of scammers who will simply request money from you to see if you will fall for it.
• Online sales fraud - Scammers use Facebook Marketplace, Craigslist, and other sites to send money for goods, and then cancel the payment after you’ve shipped the item.
• Money mules - Not a scam in itself, but these are people caught up in a scam that might not even know it. They are recruited to collect money for scammers for various scams.

There are countless more, but this just shows you the scope that we are dealing with.

Scammers use a wide variety of communication methods to trick you, including phone calls, text messages, mail, email, physical meetings, television ads, website ads, social media, or altering legitimate signage and publicly accessible information.

The biggest thing to look out for with any sort of scam is an inflated sense of urgency. The scammers want you to act without thinking, and the most abhorrent scams above, like grandparent scams and imposter scams often make victims believe that a loved one is in danger in order to bypass any common sense one might have. 

Human Beings are Scammed CONSTANTLY

You probably already know this, but it’s easy to drown it all out. How often does your phone ring and say “Scam Likely?” Most of us just sort of ignore it now. Huge portions of the population just simply don’t answer phone calls from people who aren’t in their contacts unless they are expecting something, because most personal phone calls are scams.

What about email? While we’ve come a long way with spam protection, how many emails do you instinctively scroll past because you simply know it’s unsolicited or toxic or some sort of scam? We’re just all conditioned to see these things every day… and then I found some statistics that blew my mind.

It’s estimated that older adults, particularly baby boomers and seniors in general, observe an average of at least one scam every hour of their lives.

That’s a wild number, and while we couldn’t find a report for younger people, those of us who work on computers for eight or nine hours a day or more likely have a similar experience.

Some other things about age and demographics were interesting—Gen Z (people born in the late 1990s through the early 2010s) have reported higher rates of victimization when it comes to online scams. Growing up with the technology doesn’t necessarily mean you are less prone to being victimized while using it.

It’s also believed that older generations, again, baby boomers and seniors, simply don’t always report it when they fall victim to a scam. When people are asked why, they usually say they wanted to take responsibility for their actions, or that they didn’t want to be shamed for it.

You Aren’t Dumb For Falling Victim to a Scam

Let’s make this totally clear. If you look at the numbers, the sheer barrage of constant scams and attacks the average person just simply wades through in a day, it’s an incredible feat that we aren’t all going out of our minds.

Every single one of us has experiences in life where it’s the first time you have dealt with something, and you don’t know what to expect, and this puts you in a vulnerable state.

For instance, if you are a first time home buyer, and someone is mailing you some official-looking information about paying for access to your deed, it’s very possible that it could slip past your fraud-detecting radar. Is this a normal part of the process? Should I just do it? Should I contact my lawyer or my broker or at least ask other homeowners?

The problem is, the home-buying process is exhausting, and now you are in the middle of moving in and wrestling with your Internet service provider, your electric company, your former landlord, a moving company, all while your neighbors are telling you that the last owner always let them pick the apples from your new apple trees. Your fraud-detecting radar is shot and drained at this point, and it’s easier to fall for a simple scam.

The same goes for a grandparent scam—if you get a phone call from a loved-ones phone, and you hear their voice, stressed and tear-filled, pleading to help them, and then a lawyer gets on the phone and says your son/daughter/grandson/granddaughter was in an accident and are being kept in jail and you need to pay bail, your emotions will kick in. As a human being, you are doing the right thing by having an emotional response and reacting with compassion, but the people on the other end of the phone know this and are taking advantage of it.

Being a victim of a scam isn’t your fault. You should always report it, and tell your story so that others can learn from it. You aren’t dumb for being a victim. I’m not going to tell you that being more mindful of these things would have prevented it. If you were scammed, you already know this. You’ve learned your lesson, and like all of us, you’ll continue to be targeted and you’ll continue to avoid 99% of the scams that target you.

The best thing you can do is tell others about it. Turn your story into a warning for others. 

Scam artists follow a very effective playbook that wouldn’t be so effective if everyone was aware of it. They are incredibly good at covering their tracks and making it nearly impossible to get caught, so the best way we can combat these threats is by making the public more aware so that everyone knows what to look for.

Yes, there are cybersecurity measures to help with the online stuff, and that’s incredibly important. I can tell you to make sure you are using strong, secure passwords, and using unique passwords everywhere, and using multi-factor authentication, and making sure your business is secure, etc. Those are critically important, but no cybersecurity protection is going to stop Pam in HR from getting a text message that looks like it comes from the CEO’s phone, asking her to buy a few thousand dollars worth of gift cards to mail out. The only thing that stops that is awareness.

That’s all. Those are just some thoughts we had. This is important stuff, and I can’t stress enough how commonplace it is. Stay vigilant, and don’t hesitate to simply call and ask us if you get something that raises your suspicions. We’re here to protect local businesses, and we hope that we can serve our community at the same time. If you’d like to talk about cybersecurity and how we can protect your business and its people, give us a call at (516) 403-9001.

I hate to be the bearer of bad news, but when it comes to cybersecurity threats it’s kind of hard not to be. I used to look at it from two sides; one side is fascinated at the innovation and intensely brutal ways that high-end cyberattacks work, and the other side of me loses sleep at night worrying about these risks affecting our clients, prospects, and even my own business. This one particular classification of cyberattack, however, takes the cake for being especially frightening.

Introducing Killware, About as Bad As Cybercrime Gets

Imagine a computer virus or malware that is specifically designed for your organization. It knows the software and hardware you are using. It knows what settings and configurations can cause the most harm to your organization. It knows exactly how to slip in, infect the most vulnerable parts of your business, and do massive damage.

That implies a lot of things. It suggests that the cybercriminals targeting you are intimate with your organization and its inner workings. It suggests that the bad guys have an insider, or that you’ve already been compromised so severely that they may as well have an inside agent. Either way, at this point, the network is more their network than it is your own.

But it gets worse.

Not only can they dish out a threat to do harm to your business, but the goal of Killware is to cause as much public harm as possible. This is a frightening mixture of cybercrime and terrorism. It’s real, and it has real consequences.

A Cyberattack Almost Poisoned an Entire Community in Florida

In 2021, a water treatment plant in Oldsmar, Florida, a small city with a population of almost 15,000 people, suffered from a cyberattack. The attack seemed to have a singular goal; to raise the amount of sodium hydroxide in the water that Oldsmar residents were drinking. 

Sodium Hydroxide is used in water treatment to manage the pH level and reduce lead corrosion. In small amounts, it is considered safe. In larger quantities, it can cause severe burns and permanent tissue damage. The attack increased the amount of sodium hydroxide being added to the water by a factor of 100.

Fortunately, staff at the water treatment plant noticed the change immediately and nobody was hurt.

Cities and Local Government Systems are Often the Target

We’ve seen a few cases over the years where malware disrupted portions of city and town infrastructure. In 2018, Atlanta suffered from an attack that took down over a third of its systems, and it cost taxpayers over $17 million and over a year before things went back to normal.

In 2019, Baltimore suffered from a similar attack, which impacted the state's real estate market and dozens of other systems. The attack cost the city an estimated $18 million.

Healthcare, Nonprofit Organizations, Banks, and Others are at Risk Too

The U.S. Department of Homeland Security warns that other critical services like hospitals, police departments, utilities, and other highly networked industries are potential targets for this kind of attack.

In order to reduce the risk, organizations need to take cybersecurity seriously, and ensure that regular audits are happening throughout the year. Committing to industry compliance standards is a good first step, but depending on your industry, your business may want to raise the bar even more.

No matter what kind of organization you run, you have employees and customers to protect. MSPNetworks can help secure your business so that your organization avoids doing harm to the community in the event of one of these devastating attacks. 

While most of us know that Santa Claus lives at the North Pole, fewer know that he’s specifically built his big, rambling castle in the Laughing Valley. It is there that he and his workforce, the elves, sprites, pixies, and fairies that help him make his toys all live, all working hard to give the children of the world their presents each year.

Of course, as magical as Santa and his team may be, it isn’t unheard of for them to need a little help every once in a while.

The Laughing Valley sure does live up to its name. From the brook that winds its way through the emerald green banks and chuckles as it goes, to the wind that whistles a merry tune through the trees, to the cold sun that gives what heat and warmth it can to Santa’s establishments, to the poinsettias and daffodils that smile their way up through the snow. It only stands to reason that the Laughing Valley would be a place of contented happiness, and Santa Claus was proud to know that this contentment could be found in every nook and cranny of the valley he made his home and place of business.

To one side of the valley stood the Forest of Burzee, where all the elves—and even Santa himself—spent their childhoods amongst the mighty trees. At the other side, however, rose a great mountain, riddled with the Caves of the Daemons. In the middle is the peaceful and serene valley, where jolly old St. Nicholas has made his home.

Now, no one could blame you for thinking that Santa, the Santa Claus, the right jolly old elf who worked tirelessly to make the children of the world happy, would have no enemies. For a long time, you’d have been right to think that, too.

However, it wasn’t long before the Daemons who occupied the caves developed a loathing of Santa Claus, and it was largely because the toys that Santa delivered each year worked.

The mountain was home to five Daemons, each with their own cave. Closest to the ground, a broad path leads to the first of the caves, ornately decorated with intricate carvings that could easily draw in an unsuspecting witness. This was the home of the Daemon of Phishing. Just behind this cave was another cavern, much more utilitarian, this one occupied by the Daemon of Ransomware. Just beyond this entrance stood the cavernous hole that the Daemon of Data Theft called home, and if one were unfortunate enough to pass its threshold, they would find themselves approaching the heart of the mountain—the home of the Daemon of Business Failure—and all the weaving snares and traps that littered the caverns within.

Each of these caves had a small tunnel that emerged from beside it, all of which led to the last daemon’s home: the much cozier and safer-feeling cave that the Daemon of Disaster Recovery called home. The trails to this daemon’s home, while not quite as worn and traveled as the others, still showed signs of many a traveler having bypassed the other daemons in order to pay the much more pleasant Daemon of Disaster Recovery a welcome visit.

It was not long before the Daemons believed they had a reason to dislike Santa Claus and his work, and so they called a meeting to explore why that may be.

“I’m so bored,” complained the Daemon of Phishing. “Santa Claus gives all the children such neat toys, they’re happy and satisfied… no, thrilled… and aren’t tempted by my cave and all its glory.”

“I know what you mean,” replied the Daemon of Ransomware. “It’s as though Santa has warned the children about my plans, so many are on their guard whenever I approach.”

“You’re one to talk,” scoffed the Daemon of Data Theft. “I rely on you, Ransomware, to distract and confuse all those silly children so I can take their information without them realizing. If you can’t catch anyone in your web, how am I supposed to steal from them while they’re distracted?”

The Daemon of Business Failure quietly shook its ponderous head, as none of the children were letting it into their parent’s critical data on their business laptops.

“I mean, I guess I’m a little lonely, too,” chimed in the Daemon of Disaster Recovery. “If you all haven’t had any success, there really is no need for my activities.”

“It’s all that Santa Claus’ fault!” spat the Daemon of Ransomware. “His interference simply cannot be tolerated any longer. This might be my modus operandi, but we must concoct a plan to stop him in his tracks.”

All of them agreed (although the Daemon of Disaster Recovery was a little hesitant) and started plotting their strategy. Santa Claus would be easy to find—most of his hours were spent in the workshop, collaborating with his elves to create the gifts he was to distribute on Christmas Eve. The daemons determined that their best bet was to try and use their talents to prevent St. Nick from accomplishing his mission.

The Daemon of Phishing was chosen to try first, and so the very next day, the mountain dweller descended to the workshop and approached Santa and his elves as they merrily toiled away. The Daemon, putting on his most charming smile, addressed Santa Claus:

“Oh my, look at you all, so hard at work! You know, I have plenty of toys up in my cave. I’d be happy to give you all you need to fill your sleigh, you just have to come with me.”

Santa’s eyes brightened for a moment, until a small elf whose eyes had narrowed the moment the Daemon had approached, pulled the old man’s sleeve until he could whisper something in his ear.

“Oh, that’s quite all right,” Santa chuckled. “It is a sincere pleasure to create all these toys for the children of the world, and I wouldn’t want to take any too-good-to-be-true shortcuts.”

Scowling, the Daemon retreated, returning to the anxious faces of the others. He announced, “Santa does not seem to want an easy solution, so my best trap has failed.”

The next day was the Daemon of Ransomware’s turn. Using his influential magic, the Daemon caused all of the workshop’s machinery to suddenly stop. When he saw Santa, the Daemon of Ransomware approached, feigning concern. “Oh, no, your factories! How will you ever make all the toys you need if your workshop is dark?”

Santa, however, seemed unconcerned, and in a few moments the workshop surged back to life as the same small elf from the day before emerged with a triumphant look on his face.

“Ho, ho, ho! I learned long ago that, despite the most important aspect of my work happening on a single night, all the rest needs to be protected in order for me to be ready for that night. It was long ago that I was advised to maintain a backup of all my operations, just in case something were to go wrong.

Thus a second Daemon was foiled, but the next day was the Daemon of Data Theft’s turn. The daemon went straight to the workshop and found St. Nick’s all-important list of all the good children’s wishes, written in Santa’s unmistakable script. Extending his proboscis, Data Theft began slurping, removing all the ink from the document. Once finished, the daemon sought out Santa Claus.

“Santa, wait! I have the worst news! I stumbled upon the list, and I realized it was blank! How could this have happened?”

To the daemon’s shock, St. Nick simply chuckled and gestured an elf over, her hair carefully braided and draped around her shoulders. Once this elf had seen the document, she nodded, and clapping her hands three times, produced a magical whirlwind of text that swiftly repopulated the list, not an apostrophe or suffix out of place.

Santa winked at the daemon. “Good thing I always keep a backup, eh?”

Aghast, the Daemon of Data Theft retreated in defeat, and informed the others of their lack of progress. All the subterfuge and scams they had tried were for naught. However, it was the Daemon of Business Failure’s turn, and they were even more resolute than the others.

So, when Santa next took the sleigh and his crack team of reindeer out for a practice flight, his deep laughs of joy were suddenly interrupted by a lasso that wrapped around his famous belly and jerked him from his bench.

Landing heavily in the snow with a grunt, Santa was quickly bundled away by his assailants… the Daemons, led by Business Failure as his devious strategy came to light. Hurrying to a deep and secret cavern in their mountain, the Daemons soon had Santa affixed to the wall, helpless.

“Aha,” cackled four of the daemons, with Disaster Recovery hanging back, obviously conflicted. “We have him. We have him! No longer will he be able to distract the children of the world from our efforts, and they will grow up to be so vulnerable to all forms of cybercrime! Phishing Attacks will be more effective than ever, leading to Ransomware and Data Theft! Business Failure will be at an all-time high, despite everything that Disaster Recovery tries! We, the Daemons of the Caves, have finally won!”

“Eh, not really.”

Shocked, Phishing Attacks, Ransomware, Data Theft, and Business Failure spun toward the unexpected voice. The Daemon of Business Failure was the first to speak:

“It’s… you.”

Standing at the entrance to the cave was the elf who had produced the backup of Santa’s list. She arched one eyebrow at the huddled group of Daemons.

“Yep. It’s us.”

Us? The word hardly had the chance to register with the daemons before their own lasso arced over and looped around them. Somehow, the Daemons turned, only to see a freed Santa holding the other end of the rope, along with the other elf and—instilling no small amount of rage in the hogtied daemons—the Daemon of Disaster Recovery. This time, the Daemon of Ransomware spoke first.

“You, you traitor.”

Rather than shrinking back, the Daemon of Disaster Recovery fired back. “Yeah, maybe I am. Or maybe I’m just the guy who’s sick of cleaning up the messes you all make as you try to interfere with the happiness of a whole world of children.”

Scowling, Disaster Recovery stepped forward. “Every year, I watch you interfere with the joy and good tidings of people around the world. I see you influence people with little choice to convince them to spread their own misfortune through scams and cyberattacks. I observe as you four treat the world as though it's your own little sandbox of cybercrime.”

Disaster Recovery continued to advance upon his neighbors.

“I’m done watching. From now on, I’m going to do whatever I can to help Santa and his elves here prevent these kinds of issues, teaching those in the workshop the signs of threats of all kinds.”

Disaster Recovery stopped, looking to Santa and the elves. “If that’s okay with you all, of course.”

Santa grinned, and the elves snapped up a quick salute. “Welcome to the Laughing Valley Cybersecurity Defense Squad, friend. I’m sure your expertise will be a great help.”

Now, while we here at MSPNetworks aren’t the Laughing Valley Cybersecurity Defense Squad, we’d like to think that we can serve a similar purpose for the businesses of New York. Have a very happy holiday, and don’t hesitate to reach out to us at (516) 403-9001 as your resolution for the new year.

It is so important to keep your business secure nowadays. Statistics show this to be the case. Don’t believe us? We can share a few of these stats and explore what they mean, just to prove it.

Predictions Place the Global Annual Cost of Cybercrime this Year at $8 Trillion

With an estimated 400 million or so small and medium-sized businesses around the world, that breaks down into $20,000 of damage to each. Of course, in the real world, cybercrime isn’t divided up so equally. Many companies will be impacted less, and others will be impacted a lot, lot more. Speaking of which…

By 2025, Cybercrime is Set to Reach $10.5 Trillion

That’s quite a jump, especially when you update the impact to each of the 400 million SMBs around the world. Instead of about $20,000 damage each, this figure equates to $26,250… which, again, would not be evenly distributed.

This makes it all the more clear that cybersecurity not only needs to be seen as a priority for the world’s SMBs (including those around New York) now, but also and even more so in the future.

Phishing Attacks Were Blamed for 80% of Cybercrime in the Tech Sector

Phishing—or the use of fabricated communications to illicitly gain access to a resource—is a huge threat nowadays, simply because of its use as a kind of delivery system for other forms of attack. When four out of five attacks involve phishing in some way, you can’t afford not to be prepared to spot and stop it.

Hopefully, These Statistics Start to Illustrate the Importance of Cybersecurity

If you’d like to learn more about your business’ potential protections and what we can do to ensure them, make sure you give MSPNetworks a call at (516) 403-9001.

Ransomware has rapidly climbed to be one of the most dangerous and feared malware attacks that is used nowadays. It’s gotten to the point that, if you wish they would just stop, we can hardly blame you.

Unfortunately, there is no reason to believe that ransomware is going anywhere.

Numerous Statistics Show That, If Anything, Ransomware is On the Rise

Let’s go over just a few of these stats to really put the situation into perspective:

• In 2022, the average ransom was $812,380. This year, that average is $1.54 million.
• There’s been a 13% increase in ransomware attacks over the past five years.
• 27% of malware breaches involve ransomware.

Clearly, ransomware is here to stay. As a result, you need to be prepared to prevent it from interfering with your business.

How to Prevent Ransomware Infections in Your Business

In the vast majority of cases, ransomware is spread by taking advantage of the end user. Therefore, user training and testing is paramount.

Make sure that your team is aware of the threat of ransomware—what it is, how it works, and how to spot it. Teach them about phishing attacks, which are frequently used to spread ransomware, and general data security practices. Evaluate their readiness to avoid phishing and other cyberthreats regularly, and in addition to targeted training to resolve any identified shortcomings, make sure that all of your team members are maintaining their security practices with regular training and evaluations on the basics.

This is, admittedly, a lot…but it also isn’t something you have to tackle alone. We’re here to help. Reach out to us for assistance with your inclusive cybersecurity needs, as well as general IT maintenance and management, by calling (516) 403-9001 today.

Maintaining network security has proven to be more difficult for organizations as time has gone on. Like the people trying to keep them out of networks they don’t have access to, hackers are increasingly using artificial intelligence (AI) to enhance their cyberattacks and achieve various malicious objectives. Here are some ways in which hackers are using AI.

Automated Attacks

Hackers can use AI to automate various stages of an attack, from reconnaissance and vulnerability scanning to exploitation and data exfiltration. This can significantly speed up the attack process and allow for more efficient targeting of vulnerabilities.

Phishing Attacks

AI can be used to create highly convincing phishing emails and messages. Natural language processing (NLP) techniques can generate text that appears legitimate, making it more likely that recipients will fall for the phishing attempt.

Password Cracking 

AI can be used to accelerate the process of cracking passwords by rapidly trying different combinations and patterns. Machine learning algorithms can also analyze user behavior and patterns to predict passwords more effectively.

Malware Development 

Hackers can use AI to design and customize malware that is difficult to detect by traditional antivirus solutions. This involves using AI to obfuscate code and create polymorphic malware that constantly changes its appearance.

Distributed Denial of Service Attacks

AI can be used to launch more sophisticated DDoS attacks. AI-powered bots can adapt to defensive measures, making it harder to mitigate the attack.

Exfiltration 

AI can be employed to intelligently identify valuable data within an infected system and exfiltrate it while evading detection. This can involve compressing and encrypting data to minimize its footprint.

Social Engineering

AI-powered chatbots and virtual assistants can be used to impersonate legitimate individuals in social engineering attacks, making it easier to manipulate victims into divulging sensitive information.

Deepfakes

AI can be used to create convincing deepfake videos or audio recordings, which can be used for impersonation or disinformation campaigns.

If hackers are using AI, it is important that your organization get the advanced AI-integrated tools needed to thwart hacking attempts. If you would like more information about how hackers go about using advanced technology, including AI, to try and circumvent attempts to keep them out of accounts and off your network, give the IT security experts at MSPNetworks a call today at (516) 403-9001. 

As the threat landscape gets more concentrated with serious cyberthreats, new next-generation firewalls (NGFWs) have been developed to help stem the tide of negative outcomes that result from cyberattacks. An NGFW is an advanced network security device or software solution that combines traditional firewall capabilities with additional features and functionalities designed to provide enhanced protection and visibility into network traffic. NGFWs are designed to address the evolving and sophisticated nature of cyberthreats, including malware, intrusion attempts, and other malicious activities.

Key Features of NGFWs

• Application Awareness - These new firewalls can identify and control applications and services at the application layer. This allows them to make access decisions based on the specific applications or services being used, rather than just IP addresses and port numbers.
• Intrusion Prevention System - NGFWs often incorporate intrusion prevention capabilities, which help detect and prevent known and unknown threats by inspecting traffic for malicious patterns and signatures.
• User and Identity Awareness - These firewalls can associate network traffic with specific users or devices, enabling user-based policies and monitoring.
• Content Filtering - NGFWs can filter web content to block or allow specific types of websites, ensuring that organizations can enforce acceptable use policies and protect against malicious content.
• Advanced Threat Protection - Many NGFWs include features like antivirus, anti-malware, and sandboxing to detect and block advanced threats, including zero-day attacks.
• VPN Support - NGFWs often support Virtual Private Network (VPN) functionality, allowing secure remote access and site-to-site connectivity.
• Security Intelligence - Incorporating threat intelligence feeds and databases to keep up with emerging threats, NGFWs can update their security policies accordingly.
• Granular Control - Administrators can define granular policies for network traffic, specifying what is allowed and what is denied, based on various attributes such as application, user, content type, and more.
• Logging and Reporting - NGFWs offer robust logging and reporting capabilities to provide visibility into network activities, which can aid in incident response and compliance reporting.
• Scalability and Performance - NGFWs are designed to handle high volumes of traffic and offer scalable performance to accommodate the needs of large enterprises.

NGFWs are a crucial component of modern network security infrastructure, helping organizations protect their networks and data from a wide range of threats while maintaining control and visibility over network traffic. That is why it is so important to keep your firewalls, next-gen or not, updated with the latest threat definitions to ensure that you are getting the stated value out of it.

If you would like to learn more about outfitting your business with NGFWs, give the IT professionals at MSPNetworks a call today at (516) 403-9001.

Digital security cameras have revolutionized surveillance, supplanting their analog counterparts due to their myriad advantages. Let’s outline three key benefits of deploying digital security cameras.

Exceptional Video and Image Clarity

Digital security cameras are renowned for their capability to capture high-definition video and images, setting them apart. This heightened clarity proves invaluable for recognizing people, objects, or events in recorded footage. The augmented resolution and image quality offer intricate details, facilitating the identification of faces, license plates, and other critical information. This not only aids in incident investigations but also acts as a potent deterrent for potential intruders and wrongdoers, who know their actions are being meticulously documented in vivid detail.

Remote Monitoring and Accessibility

A hallmark feature of digital security cameras is their capacity for remote monitoring and accessibility. Today’s cameras empower users to view live video feeds and access recorded content from anywhere with an Internet connection. This feature proves indispensable for both homeowners and businesses, enabling real-time monitoring, instant alerts, and the ability to check on property security, even when physically absent. Whether you're traveling or merely away from your workplace, you can utilize your smartphone, tablet, or computer to keep a vigilant eye on the premises under camera surveillance.

Scalability and Versatility

Digital security cameras exhibit remarkable scalability and versatility, rendering them suitable for a diverse range of applications and environments. They can seamlessly integrate into existing surveillance systems or be expanded to meet evolving security requirements. This adaptability renders them ideal for a broad spectrum of installations, spanning from modest residential setups to expansive commercial configurations. Additionally, digital cameras are available in various styles and feature sets, permitting users to select the optimal camera type to align with their precise security needs.

The advantages of digital security cameras are more than the enhanced video quality they provide. They bring the convenience of remote monitoring, adaptability, and scalability, resulting in more effective and flexible security strategies. For more information about how MSPNetworks can assist you in selecting the right digital security cameras for your business, give us a call today at (516) 403-9001.

When I was a kid, there was a Tex Avery cartoon where Droopy Dog was chasing down a crook who escaped from jail. There was a particular scene where the crook (I think it was a wolf in a black-and-white striped jumpsuit) takes a bus, a plane, a ship, and a taxi to a secluded cabin, and then closes a series of increasingly complex doors with a large number of locks, in order to hide away from the pursuing cartoon basset hound. 

Of course, when he turns around, exhausted by all the effort he puts in, he realizes that Droopy is standing right behind him, and greets him with a monotone “hello.”

I haven’t seen this cartoon since I was 7 years old, but I almost always think about it when I am using multi-factor authentication. 

Does Cybersecurity Feel Like It’s a Lot of Effort?

Strong complex passwords, multi-factor authentication, complex policies and rules, and not always feeling like you have total access to everything you need at any given time certainly can feel like a hurdle when it comes to getting stuff done.

Believe me, I get it. As a tech head, I love how secure my information can get, but as a business owner, as a person who just needs to get things done, it really can be just frustrating enough to make it feel like it isn’t worth it.

I’ll never stop advocating it though.

Sometimes, in my head, I might grumble and think to myself—this is stupid, I’m just trying to get into my Facebook account. But then I think, through my Facebook account, I have all of my contacts, many of which are people I do business with. I also own my business page, and a couple of groups that I rely on for networking, and my ads account, which has my business credit card…

You get the idea. It’s just Facebook, but it’s so wrapped around my life that if someone else were to get in there, it could get really messy and complicated.

The same goes for email accounts, bank accounts, and software that stores sensitive information for myself and my business. Basically, anything that you can lock down with multi-factor authentication, you really should, and your employees should all be doing the same.

The Password Just Isn’t as Secure as It Used to Be

Somewhere early on, when the world was figuring out what to do with computers and the Internet, a bunch of folks got together and decided that the password would be the ultimate authentication tool. You just type in your magic words, “open sesame!” and yep, that’s definitely you and can’t possibly be anyone else!

It wasn’t a bad idea back before we were doing banking and storing medical records and other sensitive information online, and before we were using online tools and databases to store tons and tons of client information about people besides just ourselves.

But the password just isn’t that secure. They are easy to crack, and it’s so easy to be lazy about them to the point where they don’t even offer any protection at all. A 12-character password can be cracked with password-cracking software on your average laptop in less than 14 hours, and that time could be much shorter if your password isn’t all that complex.

Plus everyone has the tendency to reuse passwords or establish a predictable pattern in their password-making behaviors… it’s a mess. It’s not a good way to rely on security.

That’s why we have things like multi-factor authentication. Yes, it adds an extra step and can be a little annoying, but it can be streamlined. Here are some tips.

How to Optimize Your Multi-Factor Authentication

• Try to stick to just one single authentication app, preferably one that can be backed up and synced between devices. Give us a call at (516) 403-9001 to help you pick one that works for you.
• Label your accounts in the app clearly, and try to organize them if you can.
• In your password manager, note how the multi-factor authentication works. If it has to come through SMS or email, it might feel a little more efficient if you noted that for yourself so you were prepared as you were logging in.
• Go into current accounts and check to see what your security settings allow you to do. When possible, use the authentication app so you aren’t relying on authentication information coming in from all different directions.

Cybersecurity is complicated, and it can feel like an overwhelming hurdle, but we can help you and your business use it effectively. It is important, and it is something that we should all be using as often as possible.

To get help, give us a call at (516) 403-9001.

Cybersecurity is important. Scroll through a few pages of our blog and you’ll see article after article talking about threats and ways to make yourself and your business less vulnerable to cyberthreats. As an IT professional, however, I’d be so much happier if the state of the world didn’t require such a massive effort just to protect oneself and we could just talk about cool stuff you can do with modern technology all the time!

But alas, strong cybersecurity is crucial to virtually any organization, and it’s becoming even more important by the month.

You Can’t Flub Your Cybersecurity Awareness

Cybersecurity is something that you can’t just ignore. It’s not going to ignore you—cybercriminals target the people who think they aren’t a target in the first place.

Most businesses these days have at least some level of cybersecurity-based compliance regulations to meet and follow. Some can come from the state, some can come from the industry you are in, some apply based on the type of information you work with, and some can come directly from your business insurance provider. 

One of the biggest mistakes I see business owners and C-levels make is that they have overconfidence in their own cybersecurity. Most business owners are the least secure people I know (and I don’t mean that in an insulting way; CEOs and entrepreneurs, in general, are just wired to be efficient, and cybersecurity practices can feel like a big roadblock to efficiency.)

Heck, I lose sleep at night when I suspect that the owner of a company we work with refuses to use multi-factor authentication, but I catch myself longing to turn that feature off because of the extra couple of seconds it adds to getting into an account every day. 

The point is, even as a leader, you can’t skimp on security. In fact, you should be the shining example of it in your organization.

You Have to Know If You Are Compliant or Not

Depending on the regulations your organization needs to meet, you likely have a laundry list of tasks to check off quarterly or yearly. For many organizations, a part of that might include a regular penetration test.

A penetration test is a very specific set of tasks that involve an ethical hacker attempting to break into your business network using a variety of different ways. 

There are multiple phases that include reconnaissance, scanning for vulnerabilities and other weaknesses, getting in and attempting to steal, change or delete data, staying within the network undetected for a period of time, and looking for non-technical ways to exploit your organization, such as social engineering.

It’s not a small feat, and it’s far from the typical quick network audit or port sniffer scan and things that a technician might do to solve a problem or investigate an issue.

Don’t confuse the small stuff with a penetration test. I’ve talked to business owners in the past who were convinced their network was secure because a third-party ran some network audit tools that came back with devices that were out of date and fixed them. While that’s important to do, and something we do regularly, and maintain for our clients, it’s a long way from an actual penetration test.

Let’s Make Sense of Your Cybersecurity, Together

Protecting your business from modern-day threats and meeting regulatory requirements is a challenge if you try to do it by yourself. Let MSPNetworks be your trusted IT partner and keep your business operating smoothly. Get started today by calling (516) 403-9001.

When it comes to security, it can be challenging to keep up with shifting best practices. For instance, the use of a virtual private network has long been a staple to secure remote operations, and any decent IT service provider would recommend its use. However, this advice is changing with the growth of zero-trust access protocols.

Let’s compare these two security options to consider why this is.

Defining Virtual Private Networking and Zero-Trust Access

In order to properly compare these two security tools, it is important that we establish what each of them is meant to accomplish.

Virtual Private Networking, or the use of a VPN, creates a protected connection between two network endpoints via encryption. Let’s say you were stuck in an airport during a layover, but you had your work laptop with you. By using the VPN, you could connect back to your business’ infrastructure in order to access the data you need, without your activity being visible to others who may be snooping on the airport’s wireless network.

Zero-Trust Access is a strategy in and of itself that turns the principle of least privilege into an actionable approach, requiring comprehensive verification at each and every step of any business process. Fundamentally, the thesis of zero-trust is that everything and everyone is a threat until they are confirmed not to be—with this confirmation regularly verified throughout the user’s processes.

These two methods take very different approaches to securing your business. With the VPN, the focus is on keeping threats out, without particularly restricting the activities of those who have been authenticated. Zero-trust access, on the other hand, provides access to only what an authenticated user requires to fulfill their responsibilities.

What Does a VPN Do Compared to Zero-Trust Access?

Let’s break down different aspects that you need to keep in mind in terms of what each option provides.

Breach Containment

Should a breach occur, a VPN may help prevent the attacker from accessing more than what the VPN itself was directing toward, whereas a properly-configured zero-trust implementation will limit the breach specifically to the device, service, or application.

Cloud Support

Generally speaking, a VPN is hosted on-premise, although cloud options do exist. Zero-trust is typically hosted in the cloud, meaning that it works well in cloud-hosted applications.

Functionality

This is the crux of our discussion. All a VPN does is create a secure means of accessing different networks. Comparatively, zero-trust access does the same, but also restricts access within these networks based on predetermined policies.

Remote Support

With remote work being more prevalent than it has been in the past, ensuring a means of accessing the workplace securely is a more pressing need. A VPN enables remote workers to do so, while a zero-trust network does the same, but does so on a more granular level.

Security Strength

While the VPN does a great job of protecting data while it is being sent between two separate networks, that protection stops once each network is reached. The zero-trust network provides excellent security at every point, for every resource.

These comparisons make it pretty clear that both offer sincere benefits to a business’ security, and that both should have a welcome place in your business security infrastructure. That being said, it is also understandable why today’s security experts are predicting that zero-trust will ultimately take precedence.

In the meantime, MSPNetworks is here to help you ensure that your business’ technology and cybersecurity are maintained and ready for you to use it. Learn more about our managed services and how they can benefit you by giving us a call at (516) 403-9001.

We have not been shy about expounding upon the benefits of the cloud for businesses, as these benefits are both considerable and accessible. That being said, not even the cloud is completely perfect, and there are security errors that can easily be made.

Let’s go through these security errors to see if any sound familiar to your situation.

Missing Access Controls and No Multi-Factor Authentication

Here’s the thing: if your cloud resources are open to anyone, nothing in them can be considered secure. This is why proper access controls—ideally supported by multi-factor authentication—are so important to have.

The data and processes that the cloud can help you support are valuable to your business. Frankly, they’re critical. Leaving them exposed thereby puts your business at risk. Implementing access controls to limit access to your cloud resources to only the team members that actively need them is therefore necessary—and this access should also require multi-factor authentication requirements (identify authentication measures that go beyond just the username and password combination) to be met before it is granted.

You Have No Backups

Today’s businesses have various options available to them, in terms of how they put the cloud to use. Many will elect to utilize public cloud resources that are maintained and managed by an external provider, many will host and maintain their own cloud infrastructure within their business, and many will use a hybrid model that incorporates both for different purposes.

Regardless of the type of cloud you use, it is important that you don’t put all your eggs in one basket. Remember, the cloud is just another server that you are able to access remotely. What if something were to happen to the cloud infrastructure you were relying on?

This is precisely why it is important that you have backups for all of your cloud data—especially for that which you use a private, self-hosted cloud to store. And while it is true that most reputable cloud providers will actively store your data in numerous physical locations as a form of protective redundancy, it is always best to get this in writing in case the worst winds up happening.

Cloud Data is Left Unencrypted

Of course, backups are just one element of keeping your data safe. Again, while most public cloud providers are relatively very secure, data leaks and theft are not unheard of. Furthermore, data needs to travel back and forth between the user’s endpoint device and the cloud infrastructure, giving an enterprising cybercriminal the chance to take a peek while said data is in transit.

In this context, avoiding a breach will require you to keep your cloud data encrypted, which scrambles it to anyone who tries viewing it without the proper decryption key. This measure is actually required by many regulations that businesses of assorted kinds must abide by, including the Payment Card Industry Data Security Standard (PCI DSS) and the UK’s General Data Protection Regulation (GDPR), making noncompliance a direct detriment to your business in general.

We Can Help You Ensure Your Use of the Cloud is Secure, While Remaining Beneficial to Your Business

In fact, we can say the same for all of your business’ critical technology. Here to provide New York with the best that the managed services model of technology support has to offer, we’re hoping to get the opportunity to assist you and your business in accomplishing more. Find out what we could do for you by reaching out to us at (516) 403-9001.

Passwords are one of the most important parts of keeping any account secure, and if you were to gain access to these accounts, you’d have access to personal data, subscriptions, money, and even the victim’s identity. Today, we want to show you just how easy it is to steal a password and gain access to an account.

You Too Can Steal Passwords to Almost Any Type of Account

All it takes is a little spare cash to gain access to any account, and it’s remarkably easy to pull off. We can’t show you exactly how to do it, but we want to emphasize that literally anyone can do this to your business. Let’s look into some of the intricacies of how stealing a password works.

Learn a Little Bit About the Victim

We’ll use Homer J. Simpson for our example, a name with a singular entry in the United States census from 1940. Simpson was born in 1914, and we are confident that there have not been any babies born with the name since the 90s. That said, we’re making everything up from here on out. If we want to make Simpson’s life difficult, it’s pretty easy to do so, even if we don’t know anything about him.

Imagine that Simpson had a MyFitnessPal account in 2018, which he used to track his health metrics. MyFitnessPal is one of the services that suffered a data breach back in February of 2018 in which 144 million accounts had their emails and passwords compromised. These types of data breaches happen all the time, and users need to be aware of the risks associated with trusting this information to any online accounts, whether it’s Sony, Wendy’s, or even Doordash.

Thanks to the MyFitnessPal breach, Simpson’s password is on the Internet and available to criminals on the dark web. Because of this, we know his name, his email, and the password he likes to use. That’s plenty of information to work with.

From here, you go on Simpson’s social media accounts to find things like his date of birth, the town he grew up in, and his mother’s maiden name. You can also use LinkedIn to find information about his job and his social network. It’s easy to do this in as short a time as 10-15 minutes. You can find out about his kids, his dog, his wife, and potentially even his address. This is also helpful information to know when cracking a password.

Most individuals use information close to them for their passwords, and while we always advocate that it’s just not a good idea, well, it’s easier for people to remember credentials in this way. You can make a lot of educated guesses as to the user’s password simply by knowing a little bit about them.

Use Software to Crack the Code

This is where the fun begins. Using software found on the dark web, hackers can crack even sophisticated passwords. If the user’s password isn’t very complex, maybe 9 or 10 characters long, or without some special characters, it could be cracked in a matter of minutes or maybe a day or two. If the user has an actually random password, though, it will take longer, but the fact that these systems can be cracked is concerning to say the least. Complex passwords will naturally take longer to crack, but most of these tools will try the more common renditions first, just to check if the victim is skimping on their password security.

Alternatively, Just Trick the User

No use beating around the bush; just use phishing attacks to steal the password and let the victim do all the work for you. Around 95 percent of modern cyber breaches are caused by a phishing attack, and it’s such a high rate of success that there’s no reason not to try using it.

All you have to do is send them an email claiming to be their bank. You might make up an excuse like there is something wrong with their account. This is usually enough to elicit some sort of strong response, as people’s money is generally a soft spot. Whatever you do, make the problem important enough to require immediate attention.

Next, send them to a webpage that you built to look like their bank’s website. You can then have them offer up their login credentials on a silver platter as they attempt to log into their account. This happens all the time, and you might be surprised by how easy it is, but the fact remains that it’s simply far too easy to pull off to not take it seriously.

Always Remain Vigilant to Cybercrime

Now that you know how easy it is for someone to crack a password, or even steal it for that matter, you should remain vigilant and always try to stay ahead of hackers through the use of multi-factor authentication tools and other security solutions. MSPNetworks can help you stay ahead of hackers! Call us today at (516) 403-9001 to learn more.