Claim Your Victory: 5 Defensive Strategies to Prevent Cyberattacks

October 3rd, 2018 by Julie Lough

Prevent CyberattacksIs it defense or offense that wins the game? While debate continues around whether defense or offense is key to victory, there is certainly no doubt about the importance of a solid defensive strategy. Similar to a game of football, creating a defensive strategy for your team is crucial to winning against the opponent, a.k.a. the data hackers.

Experienced hackers and sophisticated phishing schemes have affected all organizations, regardless of size. Consider this alarming statistic – 64% of companies have experienced web-based attacks and 43% of cyberattacks target small businesses. Small businesses are easy targets due to their minimal security and moderate amount of data, and because the chances of attack are high, setting up a strong defense is critical to avoiding big issues in the future.

Small businesses are at risk when unprepared for a cyberattack. Hackers can steal employee emails, client data, financial records and all the information that’s on your server – Microsoft Word documents, Excel spreadsheets, etc. Reputation damage and permanent financial damages are just two of the repercussions small businesses face when unprepared for a cyberattack. Going out of business is an extreme fallout that far too many organizations have experienced. Winning in business is very difficult if you get hacked.

With football season right around the corner, we created 5 defensive strategies for your business to consider for preventing cyberattacks.

5 Defensive Strategies to Prevent Cyberattacks

  1. Train your team
    Your employees must be an essential part of your defensive strategy. It is important to educate them on security standards and prevention so they know how to identify and handle threatening situations. Teach your employees basic cybersecurity practices so they know when they’re presented with a threat or are vulnerable to intrusion.
  2. Establish your line of scrimmage
    Define your line before you play. An information security policy outlines the actions and behaviors expected to avoid risks to the company, its clients, vendors, and other stakeholders. Examples of policies include acceptable use, access control, change control, disaster recovery, physical security, and many more.
  3. Implement double coverage
    Double up on your defense. Two-factor authentication verifies user identities with a required temporary passkey or verification code sent to the user’s mobile device. This will help keep your data safe because even if credentials were hacked, hackers can’t access your data without the required passkey.
  4. Blitz the hackers
    Don’t let your opponent find unnecessary opportunities. Seal the corners and rush directly toward the data hackers by securing the network with a business-class firewall featuring unified threat protection. By installing firewall protection, you can prevent unauthorized Internet users from accessing private networks connected to the Internet.
  5. Set up a defensive scheme
    With users accessing the Internet from multiple devices in and out of the office, it is crucial to protect and manage those devices. Setting up cloud security defenses to block known malicious destinations and implementing mobile device management to protect corporate data are two highly recommended solutions.

Establishing your business’ defensive strategy is crucial, and choosing the right IT partner can make the process much more seamless. Some IT providers fail to address security because they become complacent and forget to make sure everything is operating optimally. What it took to secure your business one year ago would look considerably different than it does today. It is important that your IT provider is well-versed on the latest developments to maintain ongoing security and to keep your company educated. You may be approaching the fourth quarter, but it’s not too late to secure the win.


Need to Declutter? Recycle Old Tech

September 6th, 2018 by Jennifer Lough

Let us suppose, just for a moment, that you’ve just treated yourself to a haul of new gadgets. You probably have a stack of old ones to dispose of. What to do?

 

 

Read the rest of this entry »


Going Smishing

August 26th, 2018 by Jennifer Lough

Fun, but very important, fact: your smartphone is not immune to the various hazards that attack computers. You’ve heard of phishing, which typically works through email. Smishing  is similar, but it relies on text messages to reel in victims. Like phishing, a smishing message looks like it comes from someone you trust, like a bank, or a family member. The goal is to get personal information from you, such as your social security number, passwords, and other things the attackers can use. Often, they will then try to steal your identity or your money, but sometimes there will also be malware in the message that gives them access to your phone.

There are a few reasons smishing can be more dangerous to you than phishing. Read the rest of this entry »


Examples of Phishing Emails and How Not to Get Infected

August 9th, 2018 by Julie Lough

Wombat Security Technologies recently released their “State of the Phish 2018” report. This report found that 76% of companies surveyed experienced phishing attacks in 2017.

What is a phishing attack?

Phishing is an attempt to gather sensitive information, such as username and password, credit card information, social security numbers, etc., and use it for malicious purposes. These are often done via email, over the phone, through messenger applications or on social media.

The term “phishing” came about to describe the “bait and switch” style that phishing attacks emulate. They bait you with something that looks legitimate, an email from a friend, an alert from a trusted organization, etc., and then switch out the link with a malicious one, funneling you into phisher’s “net.”

How has phishing evolved over the last 20 years?

The “Nigerian Prince” used to be the classic example of a phishing attack – you know the story. But phishing schemes have evolved significantly over the last 20 years. Webroot says there were 1.385 million new, unique phishing sites created each month in 2017, with a high of 2.3 million sites created in May. These sites are used to mimic popular websites that people trust such as social media platforms, bank websites, universities, and popular applications.

The target of the phishing attack receives an email that looks legitimate, mimicking the design, language and structure of typical emails from the copied organization. The link within the email then takes the target to the dummy site that also mimics the organization’s design in an attempt to gather login information to the legitimate portal.

For example, if you received an alert from your bank saying there was suspicious activity on your account and offers you a quick-access link to log-in and check it out, the link would take you to a site that looks exactly like your bank login screen. Except when you login you will be sent to a refreshed screen instead of your account and your account information will be compromised.

How to spot a phishing email and not get hacked or infected

Here are some things to look for in your messages to help recognize a phishing email before you click on an infected link.

  • Substituted or extra characters
    Check the sender’s domain name – it may contain substituted or extra characters. For example, changing a capital “I” to a one (1) or adding an extra letter changing yoursite.com to yourrsite.com.
  • Email messages from convincing sources
    Be wary of email messages that appear to come from a source such as Microsoft claiming your password needs to be updated.
  • Fake URLs
    Hover over links to verify that the URLs are legitimate.
  • Email messages from your CEO
    If your CEO emails a request for confidential information, such as copies of W2s or requests a financial transaction be initiated, always verify by phone or in person.
  • Unencrypted emails
    Remember that email is not secure unless the email is encrypted.
  • Email messages regarding your bank or credit card
    If you receive a message from bank or credit card companies about money or credentials, call or login directly to the website instead.

Some other tactics to look out for:

  • You may receive a fake LinkedIn request. Go directly to your LinkedIn account instead of clicking the link.
  • If a phisher gains access to your Outlook, a common tactic is for them to create a rule that forwards your email messages to an email account they created so they learn your contacts and writing style. Check your rules!

If you suspect you have been the victim of a phishing threat, the first thing you should do is contact your IT support team immediately. Other important courses of action include changing your passwords, running a security scan on your device, and monitoring your computer for slowness or abnormal behavior.

If you have questions about your company’s security or you’re looking to take advantage of our end user security awareness and security training, contact us today online or by phone at 616.776.0400. We are happy to help you!


Types of Malware and How to Beat Them: Part 4

July 23rd, 2018 by Jennifer Lough

This is the fourth of a multipart series on common types of malware and other computer hazards. For those who have managed services with Micro Visions, we’re keeping an eye on threats for you. However, there are always small things you can do to further protect yourself.

Part 4: Trojan Horses

The term “Trojan Horse” comes from Homer’s Iliad. During the Trojan War, the Greeks built a large wooden horse, pretended it was a peace offering, and snuck into the city of Troy by hiding inside the horse. The key to getting inside the city? The people of Troy had to bring the “peace offering” inside the wall. Similarly, victims of Trojan horse malware generally download or click on something that they expect to be innocuous. (Spoiler, it’s usually pretty nasty.) Good news is they don’t replicate (like a virus does), but the bad news is that they can still do damage. They also tend to be pretty invisible while they’re at it.

According to Symantec, there are a few major categories of Trojan: backdoor, downloader, and infostealer. Essentially, the backdoor type allows the attacker to access your machine and its data and programs. Sometimes this results in someone taking control of your computer while you’re not actively using it (or even while you are). The downloader type acts as a carrier for other types of malware. In this case the Trojan malware is the large wooden horse, and the other kinds of malware are the Greeks. Infostealer Trojans include Emotet, which steals sensitive information from your machine. This type can allow the attacker to  monitor your device for passwords and other login information.

What to do?

Micro Visions protects against Trojans and other malware with monitoring and antivirus software. To protect yourself, beware of phishing emails. Avoid websites or links that seem suspicious. IMPORTANT: Your phone can also get Trojans, and it is especially vulnerable to apps with malware. Do your research before downloading.


Thinking of Buying Grey Market? Not the Best Idea.

June 2nd, 2018 by Jennifer Lough

Attention, people in charge of buying things. If you’re anything like me, a large contributor to whether or not you’re going to purchase something is the price. However, if the cost of something is surprisingly low, you should look into the reason it’s so low. Simply put, if it seems too good to be true, it probably is. For example, when someone smashes the front end of a 2017 luxury car and has it rebuilt, the value of the car is far lower than the value of an unwrecked, otherwise identical car. Similarly, a product from one company that’s significantly cheaper than the same product from the official distributor or manufacturer will likely be a low price for a reason. This is where the grey market comes in. Read the rest of this entry »


Click Fraud: When Clicks on your Advertisements are Bad Things

April 18th, 2018 by Jennifer Lough

If you’re running a small business, you’re probably interested in the revenue that comes from successful advertising. Unfortunately, there’s this pesky thing called click fraud, which causes you to overpay for advertising. So how does this work, and how do you avoid it? Read the rest of this entry »


Types of Malware and How to Beat Them: Part 3

April 9th, 2018 by Jennifer Lough

This is the third of a multipart series on common types of malware and other computer hazards. For those who have managed services with Micro Visions, we’re keeping an eye on threats for you. However, there are always small things you can do to further protect yourself.

Part 3: Ransomware

Ransomware likes to sneak into your computer and encrypt your files. It’s called ransomware because if you give the attacker money, he could theoretically decrypt the data. Most of the time. Read the rest of this entry »


Domain Name Servers, at Your Service

March 28th, 2018 by Jennifer Lough

Do you know what DNS is and what it does? Because I didn’t, so no shame. First, it’s helpful to define terms.

  • IP address: the number that identifies a piece of hardware connected to a network. This allows information to reach it directly. There are several types of IP addresses with different purposes, but they all help devices communicate, but public IP addresses are those that connect to the Internet and the world outside an individual’s home.

Read the rest of this entry »


Types of Malware and How to Beat Them: Part 2

March 12th, 2018 by Jennifer Lough

This is the second part of a multipart series on common types of malware and other computer hazards. For those who have managed services with Micro Visions, we’re keeping an eye on threats for you. However, there are always small things you can do to further protect yourself.

Part 2: Spyware Read the rest of this entry »