Cybersecurity

Have you ever had a conversation about a topic, and then later that day you start seeing news, ads, or updates about that subject, and said to yourself, “This can’t be a coincidence”? Well, you’re probably right.  According to Norton, who you may remember as an antivirus software company and who now also owns LifeLock, your smart devices ARE listening to you because that’s their job. However, you probably didn’t realize how much they are listening to you or what they do with the information they collect. In this blog, you’ll see that your devices are listening to you and using and distributing the information they get, and how to protect yourself while still using the features these smart devices offer. Chances are when you activated Siri, Alexa, or Google Assistant, it asked you to accept the terms and conditions, which you did, without reading or listening to them. A quick search of the terms for Siri (https://www.apple.com/legal/privacy/data/en/ask-siri-dictation) advises you that: When you use Siri and Dictation, your device will send other Siri Data, such as: Contact names, nicknames, and relationships (for example, “my dad”), if you set them up in your contacts Music and podcasts you enjoy Names of your devices and those of your Family Sharing members Names of accessories, homes, scenes, shared home members in the Home app, and Apple TV user profiles Labels for items, such as people’s names in Photos, Alarm names, and names on Reminders lists Names of apps installed on your device and shortcuts you added through Siri And Google states (https://policies.google.com/privacy): We will share personal information outside of Google if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary. We may share non-personally identifiable information publicly and with our partners – like publishers, advertisers, developers, or rights holders. For example, we share information publicly to show trends in the general use of our services. We also allow specific partners to collect information from your browser or device for advertising and measurement purposes, using their own cookies or similar technologies. These are just some of the highlights from their privacy policy, which is a lengthy 15 pages.  You’ve got to remember, the privacy policy isn’t there to protect you – it’s there to protect the companies that create them! So, what do you do? Do you stop using smart devices, get rid of your phone and build a house in the woods? That’s probably a little extreme for most, so here are two things that actually make sense. First, you can take some basic actions to disable a few of the “eavesdropping” features built into your smart devices. Norton (the antivirus people) has a three-step way to do that at: https://us.norton.com/blog/how-to/is-my-phone-listening-to-me Second, you need to know that if your data is going to be stolen, it’s probably NOT through Alexa, Siri, and Google.  Most data breaches come from malicious links in e-mails; old, unpatched security vulnerabilities in software; and unsuspecting employees taking actions they shouldn’t be taking. These risks can be mitigated and monitored, and existing vulnerabilities can often be eliminated, simply by having the right software updates installed.  While it’s a little weird that Apple may know that your favorite musician is actually Taylor Swift, it’s much worse if your business data gets stolen or locked down and you’re out of business until you pay ransom to hackers.  Click here to schedule a brief 10-minute call https://calendar.app.google/jSA1tteBxFJKnJkX6 discuss your situation, needs, and concerns. If appropriate, we can conduct a simple security assessment for free to know for sure if your network and data are safe.

ROI Revolution estimates that e-commerce sales will eclipse $236 billion this holiday season. While that’s the most popular time for consumers to purchase online, in 2021 over $2 billion a day was made in online purchases. Chances are you and your employees make purchases weekly personally and for your business. And…chances are that cybercriminals are doing their best to capitalize on this to steal credit card numbers, logins and passwords and even you and your customers’ banking information.  If they don’t follow these four practices to stay safer (notice I didn’t say safe) buying online, they could be exposing themselves and your business to identity theft, fraud, and more. Don’t reuse passwords from site to site. If you use the same password for multiple sites, when one company’s records get breached (which happens every day) a criminal now has access to multiple accounts. So make sure you use different passwords for different sites. This does make things slightly more complicated for you, but it also makes it infinitely harder for cybercriminals.  Check the URL in the address bar. One indication that a website is secure is that it either has a small lock symbol to the far left of the URL or “https” in the URL. If you see a lock that’s unlocked or just an “http,” the site is not secure – do NOT provide any credit card information or bank account details.  Don’t use a debit card to pay – only use a credit card. This way, if someone is able to access your account, you won’t lose what’s currently in your bank account. And most major credit cards have a $50 or less liability policy if unauthorized charges are made. So it’s important to watch those statements. If you do feel you’re the victim of fraud, make sure to contact your credit card company immediately. Be wary of any texts or e-mails about package deliveries. Even if you have something you’re tracking, go back to the site you originally purchased from to check notifications that way. Any links from an unknown sender could infect the device you’re on, which could expose you to viruses and malicious software.   While there are plenty of cybercriminals happy to scam consumers, who they really want to go after are businesses because they have much deeper pockets and there are multiple ways they can cause havoc.  Click here to schedule a brief 10-minute call https://calendar.app.google/jSA1tteBxFJKnJkX6 to discuss your situation, needs and concerns. If appropriate, we can conduct a simple security assessment for free to know for sure if your network and data is safe. To schedule a 10-minute call to make sure all hybrid employees have all the tools necessary to protect your company’s data, visit https://calendar.app.google/jSA1tteBxFJKnJkX6or call us 774-241-8600. 

The last few years have seen countless companies going to a hybrid work model. According to a survey by Envoy over 77% of businesses have some full or part-time remote employees. While this change comes with many benefits, as a business owner, there are three big things you need to make sure your employees are doing to keep your company’s data secure, avoid online scams, and prevent being a victim of a cyber attack. Cybercriminals know that many of the security measures businesses have in place in their office instantly evaporate when employees work from home. Things like firewalls, secure Wi-Fi, and restricted physical access to a computer all disappear for remote workers.  According to the global security group the Institute for Security and Technology, businesses saw a 311% increase in Ransomware attacks in 2020 due to cyber criminals trying to exploit these trends. This has only increased as hybrid models have become more and more commonplace and look as though they are here to stay. But it doesn’t have to be all doom and gloom. Because these new models offer many benefits, it’s just important as a business owner to know what you need in place to keep from turning a positive into a giant catastrophe through no fault of your own. Here are three critical things you must do if you’re allowing employees to work remotely: Always On VPN for computers, tablets, and mobile devices to ensure that no matter what device employees use, or where they use it, you and your data are protected.  Use Multi-Factor Authentication (MFA). This is where you get a text, call or need to use an authentication app to log in to programs when your account is being used. Set your computer screen to lock automatically. This is a simple measure that automatically logs out and locks your computer so someone can’t just jump on and access your files and programs. Most small businesses aren’t doing these three basic things to keep your data and company from becoming a victim of cybercrime. They are easy to get in place and free or inexpensive. Want to know if your employees are putting your company at risk?  Click here to schedule a brief 10-minute call to discuss your situation, needs, and concerns. If appropriate, we can conduct a simple security assessment for free to know for sure if your network and data are safe. To schedule a 10-minute call to make sure all hybrid employees have all the tools necessary to protect your company’s data, visit https://calendar.app.google/jSA1tteBxFJKnJkX6 or call us at 774-241-8600. 

Anyone active on social media has seen those seemingly harmless quizzes that someone in your newsfeed takes and then shares…the ones that ask you to enter your first name, your middle name, and the street you grew up on to create your “new name.” Joe + Schmo + Blow Avenue = your stripper name. Turns out they aren’t so harmless. A hacker could use any of this info to get past firewalls into your accounts (financial or otherwise) by filling in answers to gain passwords. They can also use this information to hack into your profile. Then, by controlling your account, they are able to reach out to friends and colleagues, sending messages to you, which can quickly damage your reputation. According to the FTC, customers in 2021 reported losing about $770 million to fraud that started on social media. That’s an 18-fold increase since 2017 and affected more than twice the 2020 number of customers. In 2021, it affected more than 95,000 people. Socialcatfish.com ranked Facebook as the most popular platform for online scams. Other common social media scams include: Giveaways, where you’re told you have won but you need to submit payment info to receive your prize Profile hacking, where someone poses as an online “friend” and asks for money to get out of a bad situation Job offers, where what you think is a legitimate work-from-home opportunity might require you to pay a fee to “start” or guarantee a high paycheck for a menial task The best way to avoid these scams is to just be wary. Be careful of oversharing online. Does something seem too good to be true? Is your “friend” speaking in an unusual way? Reach out offline. Know that only scammers ask for money via a wire transfer or gift card. And if you really can’t resist a fun online quiz (because everyone else is taking it), just make up the answers.   If you do notice a scam, you can report it to the BBB Spam Tracker and ReportFraud.ftc.gov to help others. To check if your private data has been exposed to any hackers online, schedule a 10-minute discovery call with our team now. Call us at 774-504-5558 or book a time here: https://calendar.app.google/jSA1tteBxFJKnJkX6

One of the common issues on the Dark Web – whether you use it or not – is the sale of passwords, bank account information, Social Security numbers, and other private data. Hackers can breach firewalls and software to obtain this information and then go to the Dark Web to sell it to other criminals. Antivirus protection at a minimum is a practice to use for your business.  This will be sure protections are put in place on your network to be on the lookout for computer viruses and other malicious software. There are 3 other key practices to implement to protect your data: Keep your eye out for strange emails – What this means is even if you receive an email from someone or a company you know, check the email address, look for signs of poor grammar or spelling, and tread carefully before clicking any links.  If you get something saying your account is suspended and to click to verify details, go straight to the site and check it that way. Pay attention to data breaches – An easy way to do this is to subscribe to online newsletters, such as Data Breach Today.  This way you’ll be regularly alerted if a large company gets hacked.  You’ll also want to keep a close eye on bank statements and credit card usage to make sure your information is accurate and you don’t notice anything fraudulent. Choose unique and hard to learn passwords- As easy as it is for you to remember the same password for every account and device, imagine what happens to your data the second a hacker figures that one out.  Choose the strong passwords assigned by your phone or computer, and use a free password tool, such as LastPass to keep track so you don’t have to.  Don’t share them with others and don’t use identifying information when selecting them. While you might do everything in your power to prevent your data being stolen, you’ll want to have monitoring software in place.  We have multiple plans available, depending on your budget.  Schedule a 10-minute discovery call to see the cybersecurity protections we offer and determine if your information is already available on the Dark Web with a free scan.  Call us at 774-241-8600 or visit Centrend | Managed IT Services & IT Support in MA.

Increasing Threats Companies rely more and more on digital information and network-enabled devices. Threats are increasing, and cybercrime is on the rise, so it’s no wonder cybersecurity is increasingly important. Is your company prepared for a cyber attack? If you are like most small/medium businesses, you don’t have a written plan at all. If you have a plan, was it well thought out and tested, or was it thrown together quickly to appease a customer’s request? Take It Seriously It’s time to seriously consider the question: How would your business perform if it is hit by a cyber attack right now?  What would you do? Who would you notify? How would you recover? Cybersecurity Threat Evolution Cyber threats are constantly evolving, making it necessary to continually ensure your cybersecurity defenses and responses are effective for your business right now. A slow or inadequate response can have a very negative impact on the bottom line, along with your reputation. Regular Cybersecurity Audits It’s not enough to have plans in place; they need to be audited regularly. When was the last time your team updated the business’s cybersecurity plans? Are the documents current, and do they still meet the needs of each department? Has network and server equipment changed since the plan was written? What about 3rd party tools and services? The Four-Step Plan Regular internal audits are a smart way to prepare for a more comprehensive external audit.  The brief internal audit I’m recommending below can ensure your cybersecurity plans are up to date and functioning as they should. Here are the four quick steps you can take right now: Step 1 – Review your plans Pull out your documents and give them a hard look. Consider whether your policies and procedures still make sense. Has any personnel changed, etc… Ensure every component of the plan has a clear purpose and that roles and responsibilities for executing the plan are clearly defined. Every aspect of your plan should clearly say who has to do what and by when in the case of a cyber-attack. Step 2 – Assess risks and exposure Have any new services been introduced that have changed where threats can originate? For example, is there new off-site data storage or new wireless access points that have come online? Have there been other infrastructure upgrades such as new server hardware, software, or cloud-based services? If you discover new risks or identify new components, make sure to update your plan to include them. Step 3 – Consider security standard Once you have reviewed and updated the plan, consider whether it meets applicable security standards. If you work with CUI data (confidential unclassified information) under NIST 800-171, for example, do you meet the requirements appropriate to your role?  Does your plan meet the requirements of your standards? How does the plan measure up to general industry best practices?  Step 4 – Test for Action Would employees be able to use the plan in the case of a security breach? Where might a breach be discovered, and who would discover it? Would that person or group know what to do? Does the plan define who they would contact and how long it would take to mitigate the breach and fully resolve the situation? If you’ve taken a look at these steps and are still unsure whether they would be effective, Centrend can help you with a professional external audit. Give us a call or submit our contact form for a free Q&A session to discuss your organization’s readiness for handling a cyber attack.

https://youtu.be/FtdD_mQsTRg Technology Tips by Centrend Podcast: Episode 2 “Phishing” is a social hacking attempt to get you to reveal information that hackers can use to exploit your email or computer account. Here are some clues on how to detect a phishing attempt and what you should be looking for. Welcome to Email Phishing Anatomy 101! You cannot assume that an email you receive actually came from the sender it claims to be from. Phishers are very crafty and will do everything they can to appear familiar so that you will follow their call to action. The infographic below illustrates a very clever phishing email. “Keep Same Password” Now, what would happen if the recipient actually clicks the button? Now, what would happen if you clicked the button? You would be taken to a website that looks like an Outlook Web Access Portal and asked to do the following things: They tell you to confirm your current login name and password to “renew” it. Upon submitting your name and password, you are taken to a screen that asks for previously used passwords for verification purposes. This process is open-ended. The more time you spend time submitting passwords, the more data they collect to hack into other systems at your organization. You can do several things in your business to reduce the amount of these types of emails that actually make it through. Use a strong commercial-grade firewall with deep packet inspection. If you’re suspicious, don’t click the link. Instead, log in by going directly to the website yourself. Have strong endpoint security software on your workstations, so if you do click a link, you will get a warning like Centrend’s managed service clients get (see grap[hic at right) Centrend works hard to protect our customers from phishing by blocking many of these types of threats from ever entering your network or email folder, to begin with. Everyone gets fooled, especially if you are in a hurry. For times like this, we make sure there is local workstation security to safely check suspicious links. For example, clicking on the email below in one of our managed services environments will give the email recipient a second chance to reconsider by showing the following message: If you want to keep the phisherman from trolling your computer’s waters, give us a call or drop us a line.

When an Internet Service Provider (ISP) installs internet access in your business, you are usually provided with a router/firewall combination. Do you need to invest in a commercial-grade firewall, or is the ISP’s firewall sufficient? Let’s start with a simple description of what a firewall is and how it protects your network from intruders. The role of a firewall is to determine what data can come in, and what data will not be allowed. The pieces of data that arrive at your firewall are called packets. For a basic firewall, the rule is simple:  If somebody requested the packet, it is allowed into the network. If the packet was not requested, the firewall burns the packet. The graphic below shows a typical small business network. BASIC FIREWALL – LIKE FROM YOUR ISP When a packet approaches the firewall, It is analyzed to see if it should be let in. A basic firewall is only going to ask one question before deciding to let the packet of information into the network: Was the packet requested by someone inside the firewall? COMMERCIAL-GRADE FIREWALL When a packet approaches a commercial-grade firewall, it is scrutinized much more carefully and in BOTH directions – IN and OUT, When it decides to let the packet pass through, the decision is logged in a database. The activity log proves invaluable in chasing down and isolating data breaches. Here are some of the things a business-class firewall considers before letting a packet pass: Was the password Requested? Is the packet SAFE to let in or does the packet contain a virus, malware, or other malicious code? Is the destination internet address listed on any “blacklists” due to bad activity coming from there? Is traffic from the country of origin allowed? Does the corporate policy for content filtering allow access to the material that is on the destination website? The chart below shows examples of the types of traffic that are allowed or blocked by the different firewall options. The commercial-grade firewall is not only a strong defense against unsolicited traffic, but it also gives business control over what content is allowed on their network. Business-class firewalls are surprisingly affordable. If you would like help evaluating whether it’s right for your home or business, please give us or fill out the contact form below.

Cyber Criminals are taking advantage of the COVID-19 pandemic in some of the worse ways. Read on to learn how to avoid their evil scams… 1. Phishing: Phishing (pronounced fishing) occurs when criminals send fake mail, email, or phone calls pretending they are legit. They try to convince you to share your sensitive information like passwords or credit card details. They pretend they are from an organization you know, such as FedEx, UPS, or even a government agency. 2. Fake Products: Keep your eye on e-commerce websites, social media accounts, and emails from people and stores claiming to sell medical supplies currently in high demand. Supplies might include things like hand sanitizer, toilet paper, and surgical masks. When you make purchases from these fake stores, criminals will keep your money, but you will never see the products you purchased. 3. Fake Charity: Individuals and companies, sometimes with real-sounding names, call or email to ask for donations for people and groups affected by the coronavirus. Some of their elaborate backstories sound extremely legitimate and emotional but completely fake. 4. Medical scams: People are getting calls and emails from people pretending to be hospital workers or medical professionals claiming they treated someone they know for the coronavirus and demand payment. 5. Malware. Think of these malicious applications as Trojan Horses. You download them to your computer or phone for some purpose, and behind the scenes, the program is stealing your personal information. Sometimes these record your logins to banking sites, email, Facebook, etc., and send the data back to the hackers. 6. Zoom Bombing. Lots of businesses, schools, and individuals are using Zoom to hold online meetings. To make it easier, meeting hosts often don’t require a password. Unfortunately, not having a password makes it all too easy for hackers to jump on your meeting and flood your virtual room with swear and porn. They can embed virus code in the image files or stealthily share a file with all the participants that have virus or malware code in it. Check our blog next week for details on how to keep hackers out of your Zoom meetings. The number one way to protect yourself from cybercrime is to use strong passwords on your computer, phone, and meetings and make sure your computer is tuned up and secure. If you ever feel concerned that your computer system is hacked or you just want a security checkup, please contact us at 774-241-8600 or submit the quick contact form on this page. We’re always here to help!

Sometimes, it’s obvious, right?  There is a big obnoxious warning that pops up and tells you that you are infected and you need to call for support! Don’t call the number presented because that’s a scam. Call us instead!  Other times, the infection is much more subtle. Here are some things to watch out for… Signs that your computer is infected with a virus or malware Random pop-ups – if you are using your computer, especially the web browser and you are getting a lot of pop-up messages without clicking If you click a link in a web search but get an unexpected, less relevant result If in the bottom right, you are bombarded with notifications and solicitations If your browser has extra “toolbars” across the top or bottom that weren’t always there, or that you don’t see on other computers If you suddenly can’t open documents on your computer that you have always been able to open You are prompted for a password at a strange time. Such as when you are just working on a Word document or browsing a website that doesn’t require login Your virus scanning software is no longer running – malware or a virus may have shut it down If you have any of these problems, please call us for help! If you aren’t sure if you are infected, we are glad to offer a free consultation. Just fill out the Quick Contact form or call us at 774-241-8600.