Social engineering is at the heart of most cyberattacks. It’s a deceptive means of gaining trust from a person to get them to take a specific action. [Read more…]
Are Your Passwords for Sale on the Dark Web Right Now?
Data breach investigations have revealed a new shift in the hacking landscape, criminals are going after your passwords with a vengeance. [Read more…]
Marriott Hotels Exposed 500 Million Customer Records. Make Sure Your Business Doesn’t Suffer the Same Fate
Up to 500 million travelers could be compromised as hotel chain Marriott International have announced a security breach in their guest database. Analysts recently alerted the firm to a vulnerability that has granted hackers access to the hotel chain’s systems since 2014.
The firm announced their Starwood Preferred Guest (SPG) loyalty program was compromised for an extended period which left customers vulnerable. The exploit exposed critical guest information which included names, addresses, passport numbers, and dates of birth. Marriott also announced an unknown number of customers had encrypted credit card details stolen in the attack.
If you have been a member of Marriott’s Preferred Guest Program or a customer of Marriott hotels in the past, you should take steps today to ensure your data security. By doing so, you can protect your finances, prevent identity theft, and defend your data from attackers looking to exploit an opportunity.
Secure Your Data
Changing your Marriott password should, of course, be the first step to protecting your accounts. Even more importantly, sites, where that same password may have been reused, should be updated with new credentials too. Hackers commonly try details stolen from one site to access popular services and pages. We encourage everyone to use a password manager to store their details for safe use in the future. A good password manager enables unique, random, and strong passwords to be used with ease for every single website.
While we can’t stop hacks on systems outside of our control; we can defend our other accounts from being accessed by criminals.
With secure password management, attacks on your business services or related accounts from a single hack are made impossible.
Performing Damage Control
The damage to the Marriott International brand following news of the leak will be undoubtedly huge. At a minimum, they have lost the trust of their customers worldwide. Asking customers to leave their personal and financial details again to pay for goods and services will be no small feat.
News of the hack made front page news as it broke, further damaging the firm’s reputation among potential future customers too. As a result of a simple security attack, Marriott International will be forced into damage limitation to keep customers returning to the brand. This is why business security matters to us; when done right it’s cheaper by far.
The total cost of this latest attack won’t be known for years to come. The firm is vulnerable to lawsuits worldwide, in some cases liable for financial losses, and required to purchase identity monitoring and security services for affected customers. Business owners can learn from Marriott’s costly lesson.
Stopping an Attack in its Tracks
Marriott’s security breach was recently discovered, hitting the headlines just this week, but the firm admitted unauthorized access took place since 2014. This means the firm had a security hole for four years that they were unable to detect or patch.
For a firm of any size, this should be unacceptable. As business owners, we shouldn’t accept security vulnerabilities that leave our records, finances, or services open to hackers. As customers, we shouldn’t accept our data being treated so carelessly. The recent Marriott hack underlines the need for businesses to maintain constant network monitoring, regular security updates, and a lockdown on data access.
Protect Your Business and your Customers – Any business can find their systems vulnerable to attack at some point. Whether waiting for updates, a newly released zero-day hack, or malicious employee; responsible firms take steps to limit their liability.
As a rule, staff accounts should be locked to only the systems the regularly need to access. Similarly, customer data should only be open on an as-needed basis when a legitimate requirement exists. These steps, alongside systems and data monitoring, prevent a small-scale attack resulting in an enormous data breach. Strong security enables customers to place and maintain their trust in a brand they can keep coming back to again and again.
If your business could use a security update to protect against a Marriott style attack in the future, give us a call today at (312) 600-8357.
Should You Pay for a Ransomware Attack?
Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with 70% of businesses saying ‘yes’ in 2016 alone. Here’s what you should consider if you’re ever in this situation.
Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected by experts. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.
Can you manage the impact?
Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. On the other hand, if your data management comes under any special regulations, like health or legal, you may find the attack has a much wider, more intense impact. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.
How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.
Are your backups good?
Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.
What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.
Stay safe in the first place
Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. We recommend using business-class spam filters to catch these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.
Secure your data systems now, we can help! Call us at 312-600-8357
3 Internet Habits To Keep Kids Smart and Safe
How can you make the internet a safer place for your children? It’s a common concern as all parents want their kids to be protected and happy whenever they go online. It’s relatively easy to supervise and monitor the very young ones as they stare delightedly at the Disney Jnr site, but the risks increase greatly as kids get older and more independent.
You’ve probably heard the term ‘cyber safety’ before, but safe internet usage goes beyond reminding them not to talk to strangers. With the evolution of the internet and the way it’s now woven seamlessly into our lives, the focus needs to be on ingrained habits. That means ensuring your children have the tools and predefined responses to online events so that no matter what happens, they’re not placing themselves (or your family) at risk. Setting up these habits is easy, and begins with three basic understandings:
Downloads are a no-go
Most kids can’t tell the difference between a legitimate download and a scam/malicious link. It’s not their fault, the online world is full of things that will trick even the most savvy adult. The difference is that kids tend not to take that extra moment to check exactly where that link is pointing, question whether it’s too good to be true, or even read what they’re agreeing to. They want to get back to what they were doing, and if something pops up, their first instinct is to click ‘yes’ – purely so it goes away. Unfortunately, that single ‘yes’ may have just opened the doors to malware and viruses that will ruin their computer. Set a family rule that they need to ask permission for all downloads (and an adult will check it first), and to never click a popup. When you’re called over to give download permission or check a popup, talk through exactly what you’re checking and why. As your child matures, get them involved in this process so their safe habits extend outside the home.
Critical thinking is a must
Most youngsters think the internet is a magical place and can’t imagine their life without it. To them, the internet is on the same level as oxygen! With that acceptance though, comes unwavering trust that the internet would never lie to them, never trick them and never hurt them. While we adults know better, it’s only because we already view the internet with a certain level of distrust. The best way to keep kids safe is to teach them to approach every aspect of the internet with critical thinking. That includes teaching them to question the motives of other people online. Is that person really a kid? What do they really want? Unfortunately, all kids do need to be aware that predators use the internet to target and lure children. Ensure your children tell you immediately if a stranger makes contact. Along with this stranger danger, teach them to identify what marks something as suspicious, and what they should avoid. If they come across anything inappropriate, they should shut down the computer and come straight to you.
The internet is forever
Kids have an overwhelming drive to contribute to the internet, they don’t think twice about recording a video, jumping in a chat room or onto social media. The world really is their playground! But what they don’t understand until they’ve been burned, is that anything they upload, write or say is on the internet forever. Even if they delete it or use a platform where content self-erases, someone can still screenshot and send it right back out. Many cyber-bullying cases are based around this exact type of blow-back. Once your kids know that everything they post is permanent, they’ll be more likely to pause and think.
We can secure your computer and help keep your family safe – Contact Us Today!
How to Protect Yourself Online
The Internet has become a must-have in every household. However, the Internet presents its fair share of challenges especially when it comes to cyber-attacks. Hackers can steal your information such as credit card numbers, passwords, tax information or even disable your device. The following tips will help you browse safely and avoid such problems when online.
Be on the look-out for Phishing Scams
Nowadays, tech support scam has become more sophisticated and its no longer reliant solely on phone calls. Phishing scams seek to present illegitimate businesses as trustworthy by using fraudulent websites and emails to trick unsuspecting users into sharing their private information such as login details. As a safety precaution, when you receive emails from unknown businesses with a link to a website, ascertain the legitimacy of such websites first. Instead of clicking through to the site, open a separate browser and open the website to do your due diligence. Alternatively, you can call the business directly.
Precaution when shopping online
The most valuable information to hackers regards your finances, and online shopping presents this opportunity to them. Before buying items online, be certain that the website uses secure technology. Before checking out, verify that the site starts with https and there is a locked padlock symbol usually located at the right bottom corner. You can also check the legitimacy of the secure security vendor stated at the website by visiting their website and poking around.
Be Wise with Email Usage
Emails have quite literally replaced paper letters. Also, it is a fun way of keeping in touch with family, colleagues, and friends. Even if your device has the best protection software, it may not be the same with your respondents which make you vulnerable to cyber-attacks. With this in mind, never share private information such as social security number, credit card number, or any other personal information which can put you at a significant disadvantage if acquired by hackers.
Dangers of Instant Messaging Programs
Instant messaging programs have become the most popular way of communicating with friends and close people. When using these programs, be smart and restrict useful to casual chatting without sharing personal details because not all of them have an end to end encryption. When creating groups in these programs do not accept strangers, and it’s sometimes wise to use screen names.
Use Smart and Strong Passwords
This can be hard because of the sheer amount of passwords we have. However, it’s of paramount importance to have smart and strong passwords for, particularly sensitive accounts. Some websites insist on a strong password by making it a must for users to incorporate special characters, capital letters, and numbers among others. Even when this is not mandatory for a given website, it’s for your own good to follow these steps. Regularly used passwords like birthdays and pet names can no longer cut it in this modern times. A smart and strong password makes it harder for hackers to break into your accounts.
The more you rely on the internet in your day to day life, the more likely you are to be a target of tech support scams and cyber-attacks. Since the internet cannot be done away with, it’s upon you to protect yourself when online.
ALERT: Your Antivirus May Be Letting You Down
The best way to avoid a computer virus is by using common sense, but that doesn’t mean you’ll be safe from attack. Even the most careful user can find themselves infected in an instant and spreading the virus faster than a sneeze in flu season. It’s why antivirus software is still the first package we install on all systems – because you never know when you’ll be attacked. But should you choose free or paid antivirus?
Advertising: Much like a free app making its fortune with in-app purchases, the free antivirus software will push for payment. Expect popup boxes pestering you to sign up to the paid version at least daily. Some free options will also try to change your browser home page and default search engine, an inconvenience you may be stuck with. Paid options are more respectful and largely invisible unless they’ve detected a problem.
Effectiveness: It’s fair to expect your antivirus to detect malware, and testing showed that in a head-to-head battle free and paid are about equal at catching known infections. And therein lies the kicker: generally speaking, free antivirus needs to have recorded a virus to its library before it can detect it. Paid antivirus is more likely to identify and stop a new virus. It essentially bases the detection on suspicious behavior, source and attributes, a far more effective method of detection.
Features: Free antivirus options are usually created from the paid version, taking out everything except the bare minimum. In your paid version, you can expect advanced features like spam filters, firewalls, parental controls and secure web browsing. Some paid antivirus will also update your other software packages, forming a more secure protection against attacks. For example, you might view a malicious image file that takes advantage of an exploit in your PDF software. Unfortunately, hackers have advanced beyond simple tactics and it’s not just about avoiding email attachments anymore.
Support: Free antivirus options are the most popular choice because they’re… free. Obviously. This also means there’s generally no support available. If there’s a problem or conflict with another program, you may find yourself without protection until it can be resolved. Paid antivirus options usually include telephone support, ready to help with problems ranging from installation to system diagnostics.
Ease of use: Depending on what you use your computer for, this may be an important concern. Free antivirus options are easy to install and use, but are very limited in their flexibility. They come as-is, meaning you can’t pick and choose what it monitors or how it reacts. For example, users occasionally find it necessary to disable ALL protections in order to install a network game. Paid versions are more likely to allow you to adapt the way it runs, switching features on and off as required.
Free antivirus is fine for very basic protection, those on a budget or those with an older PC. In these cases, something is always better than nothing. But we generally recommend you go with a paid antivirus to defend you from the new attacks that are released daily, and to ensure you’ve got solid protection that will make a real difference to your digital safety.
Talk to us about upgrading your antivirus solution.
Will That Click Cost You Thousands?
Ransomware has undeniably been the biggest security threat of 2016. No-one was safe. Hackers targeted everyone and everything, including home PCs – and they were astoundingly successful – earning themselves upwards of $846million from US reported incidents alone. Business is booming for hackers, with thousands of attacks each day bringing in an average of $640 per target. Perhaps even more alarmingly, the financial cost of each individual attack is on the rise – the more ransomware proves to be an easy earner for them, the more they demand each time.
For a quick payday, some hackers offer to ‘rescue’ you from immediate danger – for a fee. One method is to trick you into thinking you have a virus that will spread if you don’t pay money to remove it immediately. Another much scarier method is to pretend to be the FBI and say your computer was involved in a crime (anything from money laundering to child pornography) and you can avoid going to prison by paying a few hundred dollars.
Thousands of regular people are also waking up every day to discover they’ve been locked out of their own files. Entire music and video libraries, digital photos from the past 5 years, personal budget files and even their secret novel draft …all held hostage until the user pays a ransom. The encryption is so strong and unbreakable that paying the ransom often becomes the only solution.
The way ransomware gets onto your computer is deviously simple. Generally, the hackers convince you to click an email attachment/link or pop-up. With both approaches, the hacker usually offers helpful information, for example:
- Tracking an unclaimed parcel
- Alerting that a virus was found and needs to be removed
- Advising details of a recent traffic fine
It’s so tempting to click through for more details and that’s what the hackers count on. Their messages and pop-ups aren’t obvious threats and so slip easily under our radar. Unfortunately, they’re not the most trustworthy bunch so paying may not actually unlock your files, and one payment can quickly become several.
To make matters worse, they can encrypt any backups connected to your computer too, like a USB drive. Having a backup is super important in any situation, but in cases like this, the right backup is needed. Not only one stored separate from your network, but one created recently with all the files you can’t bear to lose. Before restoring your backup, however, you’ll need to make sure the malware isn’t lurking in the background, ready to not just re-infect your restored files but also the backup drive itself.
To avoid finding yourself up to the waist in ransom demands or sending hackers money each month, we recommend being wary of email attachments, even from friends and family. If you’re not sure what the file is, don’t click it. They may not have sent that email intentionally; their infected system may be auto-emailing everyone in the address book. You should also be careful with any popups that appear out of place, especially ones that try to make you panic. If it doesn’t sound right or look right, don’t click it. Ransomware is just too dangerous to risk.
Contact Us to set your computer up with protections against ransomware, and put backups in place that will keep your important files safe.
