Tech Blog

How an MSP Protects Your Company Part 3: Advanced Threats

January 25, 2019 By Jason Williams

First, read what a Managed Service Provider is before you take a deeper look into how an MSP protects your company. And here’s Part 2: The Human Element, if you missed it.

Here are the more advanced threats that can harm your company, and why an MSP is your best option.

Malware

According to Google, malware (short for “malicious software”) is software that is intended to damage or disable computers and computer systems. It can include phishing threats, viruses, ransomware, spyware, etc. Back in the day, malware was very simple. Many attacks came from curious hackers who weren’t out to make money but just to see what they could do. Nowadays, with ransomware and other digital money-making opportunities, malware has become exponentially more vicious. As technology rockets forward, so do the cyberthreats. And the more advanced malware gets, the less likely you can fight it on your own.

How an MSP protects you: Think of an MSP as your own digital army. Now your business is protected by consistent monitoring and professionals who can fight those cyber-battles for you. You won’t have to worry about whether or not you’re keeping up with the latest in cybersecurity because your network is protected at all times. Partnering with an MSP takes the worry out of your mind and allows you to focus on your business, not your technology.

Hackers

Hand-in-hand with malware, hackers are the human component behind cyberattacks. Someone has to program that evil bot, right? Now that there’s some serious money to be made in the hacking business, everyone with half a brain is trying to get into it. And with heavy competition like that, it’s a perfect environment to breed rockstar hackers. And the bad news is, the more advanced they get, the more help the average business owner will need to protect themselves.

How an MSP protects you: Just like with malware, having an MSP partner takes the stress off your shoulders. With your network being monitored 24/7, any kind of attack will be spotted before it can do damage. And, even better, your network won’t have the common vulnerabilities that most do. The usual holes that hackers exploit won’t exist in your network, meaning your business flies under the radar of most attacks. Your equipment will be updated, your software will be patched regularly, your network will be solidified, and you can sleep easy at night knowing your company is safe.

How an MSP Protects Your Company Part 2: The Human Element

January 25, 2019 By Jason Williams

If you missed what a Managed Service Provider is, check it out before you take a deeper look into how an MSP protects your company. If you missed Part 1: Hardware and Software, have no fear. You can read it and pop back here.

Now, let’s get into how partnering with an MSP protects you from the human element.

Everyday Criminals

Sometimes, crime revolves around opportunity. If you have an open-door policy at your business, it makes it easy for an everyday criminal to waltz inside. And once inside, they can poke around computers that aren’t locked or secured. All it takes is a couple of minutes, searching on an unattended computer for things like “Financial Records” or “Credit Card.” A crime of opportunity happens in an instant, and that criminal can walk away with a sheet of credit card numbers or bank statements. cyber criminal

How an MSP protects you: MSPs are well-versed in things like simple security, such as requiring all workstations to be secured with individual passwords. Once an MSP has audited your network, they can find where you are most vulnerable, and take the necessary measures to prevent unauthorized use of computers and wireless internet. On top of that, most MSPs can assist your company in becoming PCI compliant, which means all the credit card information you have on file isn’t accessible to the naked eye. So even if someone were able to access a computer at your business, they couldn’t download a sheet with full credit card numbers anyway.

Untrained Employees

You probably hire your employees based on their ability to perform the specific job you listed, right? And I’m sure they do a fine job. But unfortunately, a lot of them don’t come equipped with the right cybersecurity skills. No, we’re not talking about certified technical skills, but the basics of staying safe online. All it would take is Jim in accounts payable clicking on an unsafe link from an email and your sensitive financial information is in the hands of cybercriminals. As humans, we can’t know everything. The good news is, all it takes is a little education and your employees will turn from the weakest link to your strongest asset.

How an MSP Protects You: Some MSPs host either on-site or off-site training classes for employees. They’re basic and simple but make a huge difference in your cybersecurity plan. By simply showing employees how to spot a phishing email or what digital hygiene looks like, they’re less likely to endanger your network. Piedmont Computer Services will host several cybersecurity training events in the near future, and continues to look for new ways to educate businesses in the Union County area.

Vindictive Employees

The dark side of the normal employee is the rare vindictive employee. This employee is the one who had a bad attitude all along and once they were fired, decided to take all their worldly wrath out on the company. Vindictive employees are very dangerous, mainly because they have access to company records. Without the proper off-boarding procedure, vindictive employees may have access for days, months, or even years to the company network. And sometimes, depending on how sour they are, they can delete or modify records before they’re caught.

How an MSP protects you: MSPs have ample experience with the correct onboarding and offboarding procedures, exact times and all. In layman’s terms, this means those new employees have access to what they need the first day they start work, and employees that are fired or laid off have all access removed the moment they’re told. This eliminates the possibility of an angry employee stalking back to their desk, downloading sensitive information, and walking out. Or even going home, logging into their workstation remotely, and destroying information. Utilizing the proper strategy to make sure that never happens is critical to protecting your business.

How an MSP Protects Your Company Part 1: Hardware and Software

December 20, 2018 By Jason Williams

Now that we’ve covered what a Managed Service Provider is, let’s take a deeper look into how an MSP protects your company.

Let’s start with some of the simple things first, like how your hardware and software is protected.

Updates and Patches

Okay, this one is boring but absolutely critical. If you ignore all those little boxes in the corner that ask you to update software, you are in big trouble. The reason they pop up isn’t to annoy you (shocker, I know) but because there was a vulnerability identified and the software team made changes to address that issue. Sometimes the updates are frequent, and sometimes they don’t come around for a while. Regardless, you HAVE TO update your software as often as possible. You leave yourself open to attackers if you don’t.

How an MSP protects you: By partnering with an MSP, you’ll always stay up-to-date. Because of the proactive monitoring, your technology will be updated when needed. If there are any issues, you have a full support team to help. You won’t ever have to stress about that update again.

New Equipment

You may think that 8-year-old computer is perfectly fine to use, but old equipment can clog networks like hair clogs a drain. We all know that technology advances like the speed of light (hello new iPhone every 6 months) so think about that the next time you look at that 8-year-old piece of machinery.

And as much as we may love our workstation that we’ve become comfortable with over the years, it’s probably struggling under the weight of running newer and newer programs with its old operating system. It’s just the nature of the beast. So identifying those pieces of equipment that don’t make sense anymore really helps streamline your efficiency.

How an MSP protects you: When you partner with an MSP, you’ll get a very thorough audit into your current equipment and network. Pieces that are causing challenges will be identified, along with solutions to make sure those challenges disappear forever. And, by partnering with an MSP like Piedmont Computer Services, you get equipment refreshes every three years. You’ll never run into an 8-year-old computer again, nor will you have to worry about it. With up-to-date equipment supporting your network and experts constantly monitoring your infrastructure, your chances of falling victim to a cybercriminal are slim to none.

Phishing: A security threat most businesses can’t get around

December 12, 2018 By Jason Williams

Executive Summary

Phishing is the act of sending out malicious emails and has been the cause of $1.2 billion in loss.
These malicious emails can be highly targeted and involve an extensive amount of planning.
A successful phishing campaign can create a depressing ripple effect.
Phishing can break out of the inbox and play out in person and over the phone.
Suspicion is your greatest ally when it comes to online email scams.

Due to its simplicity and high rates of success, phishing attempts have become pervasive among low-level criminals and high-tech hackers alike. Overall, experts estimate that phishing and ransomware attacks generate over $1 billion annually from direct ransom payments and corporate loss.

In fact, Facebook and Google were recently the victims of a phishing scam resulting in $100 million in losses. Staff members at both companies were tricked into sending money to a hacker impersonating an electronics company. The attack lasted over a span of two years before he was caught.

If tech savvy people, like those at Facebook and Google can become victims of phishing, what do you think are the odds of your staff falling victim? Education is the first step.

What is Phishing?

Phishing is the act of sending out malicious emails with the intent to take personal information, business secrets, or financial data under false pretenses. This email can ask a professional to supply the sender with sensitive information like login credentials or social security numbers, to click on a corrupt link, to visit an infected website, or to perform an external action that goes against normal protocols.

Kaspersky Lab asserts that well over 50% of all users are not entirely confident in their abilities to successfully detect and avoid a phishing attack. This is because a phishing attack can be incredibly targeted and detailed. Hackers are becoming better and better at impersonating high-level executives, and employees often don’t think twice when doing exactly what the boss asks.

What can Phishing do?

The negative consequences of a phishing attack are serious, can carry on for years following an attack, and can initiate a depressing ripple effect.

Of course, you stand to lose money, either through paying a ransom to get your data back, transferring money per the hacker’s instructions,or corporate losses from productivity while overcoming an attack. You also stand to lose your hard earned reputation, as well as your long term livelihood.Sixty percent of small businesses that suffer a cyber attack, like phishing are out of business within six months if they ever open their doors again at all.

Where is Phishing headed?

Phishing is no longer limited to the inbox or impressive cyber-criminals. In fact, it never has been.

A successful phishing campaign can be played out in person,over the phone, or through an online advertisement by any petty criminal who wants to give it a go. All that’s required is a heavy dose of social engineering and maybe even some acting skills. To do this, a person preys upon human weaknesses by employing a variety of tactics. Here are a few possibilities:

Offering something for something – Here’s a shiny, new pen. Now, what’s your password? This may seem like it won’t work,but it does.
Showcasing a deal that’s too good to be true – Click here for your free trial of Photoshop! Works all the time. Ever heard of the Trojan horse?
Acting like a concerned third party – I’m calling from ABC Internet Company, and we noticed you’re experiencing some technical difficulties. Could we have your login credentials to run a few tests? Seems legitimate enough.
Pretending to be an authority figure and/or causing a scene – Your boss is going to have to answer to me if you don’t let me in his office right now! What receptionist would say no to that? Not very many.

These are just a few of the potential situations where social engineering goes beyond the typical phishing email and enters into the real world. Much like a phishing email,these situations can be difficult to spot, and if given enough detail and planning, they can be near impossible to effectively avoid.

How do you protect yourself from Phishing?

Your greatest defense against phishing emails and social engineering, in general, is your suspicion. You should always remain 100% suspicious of every request for information, money, and data that you receive – even if it comes from you CEO. Here are a few tips to help you and your fellow team members protect your business and yourselves from every day phishing scams:

Create strong internal processes that encourage requests to be double-checked and sometimes triple-checked.
Review all contents of the email to ensure that the proper grammar, contact information, and email address is used.
Consider the request carefully, and don’t always respond immediately. Ask yourself why someone would need this information, if this is typically how things are handled, and if this is coming from and going to the appropriate source.
Use strong anti-phishing software that protects your inbox and your internet browsing.
Regularly train and educate your staff members on how to effectively detect and avoid phishing emails.

How can we help you?

As a company specializing in online network security and email applications, we understand the inner-workings of phishing. If you have any questions on how to better prepare your business to fight off a phishing attack, then give PiedmontMSP a shout. We would be happy to discuss the security of your online data.

Resources

© Piedmont Computer Services LLC. All rights reserved. Reproduction in any manner whatsoever without the written permission of Piedmont Computer Services LLC. is strictly prohibited. This document contains confidential and proprietary intellectual property of Piedmont Computer Services LLC. Disclosure of this document to any party is strictly forbidden by any non-disclosure agreement(s) in effect.

Breaking Down Phishing

December 10, 2018 By Jason Williams

While the number of people falling for sending personal information to the crown prince of Nigeria in hopes of receiving his promised wealth and riches seems to be dropping, phishing remains a major issue. In fact, the number of phishing campaigns pursued by hackers around the world increased 65% in the last year.

What exactly is phishing? When someone post “My Account has been hacked” on Facebook, most of the time what has really happened is their account has been Phished. Hackers mimic the emails, forms, and websites of legitimate companies in an effort to lure people into providing their private, personal information, like credit cards numbers, social security information, account logins, and personal identifiers. The victim typically doesn’t realize they’ve been compromised until long after the event, and often times only after their identify, finances or accounts are affected. In the past, an attack was carried out relatively quickly. As soon as the victim gave up their information, the hacker moved in and stole money from the compromised bank account. Today, it’s often more lucrative for hackers to sell that information on the Dark Web, resulting in longer-lasting, even more devastating attacks.

Have you ever gotten an email from your bank or medical office asking you to update your information online or confirm your username and password? Maybe a suspicious email from your boss asking you to execute some wire transfer. That is most likely a phishing attempt, and you’re among the 76% of businesses that were victims of a phishing attack in the last year.

Phishing is the most widely used method for spreading ransomware, and has increased significantly since the birth of major ransomware viruses like Petya and Wannacry. Anyone can become a victim of phishing, and, in turn, ransomware attacks; however, hackers have begun targeting organizations that are more likely to pay the ransoms. Small businesses, education, government, and healthcare often, unfortunately, don’t have valid data backups, so they are unable to roll back to a pre-ransomed version of their data. Instead, they have to pay their way out or cease to exist. Outside of ransom costs, victims of phishing campaigns are often branded as untrustworthy, and many of their customers turn to their competitors,resulting in even greater financial loss.

Why are effective phishing campaigns so rampant despite public awareness from media coverage?

Volume: There are nearly 1.5million new phishing sites created every month, according to Webroot Threat Report. There are now even Phishing as a Service companies, offering phishing attacks in exchange for payment. One Russian website, “Fake Game,” claims over 61,000 subscribers and 680,000 credentials stolen.
They Work: Over 30% of phishing messages get opened, and 12% of targets click on the embedded attachments or links, according to the Verizon Data Breach Investigations Report. In short, these hackers have gotten really good at looking really legitimate.
They’re simple to Execute:New phishing campaigns and sites can be built by sophisticated hackers in a matter of minutes. While we think there are far more legitimate ways to be earning money, these individuals have made a living out of duplicating their successful campaigns.

How do you protect yourself from a phishing attack? Now that you have an understanding of what phishing is, our next two blogs will teach you How to Spot a Phishing Attack, and Fixing Your Weakest Link: Your Employees