Humans are social creatures and with social distancing currently in place, it can make social interaction difficult. Fortunately, unlike previous generations before us, we have the tools to stay connected through social media. For most people, social media is a place to post thoughts, ideas, opinions, updates on life or sharing that meme that made you “LOL”. On the other side, there are those who engage social media in a way that is a lot more sinister by means of social engineering.
Social Engineering is not new, in fact, it has been around for quite some time. With the recent pandemic, people are engaging in potentially dangerous behaviors more than ever before as this becomes one of the few ways we can stay connected. Chances are you have already been victim or at the very least, seen people you know become victims unknowingly.
#firstjob #firstcar #Seniors #Stop putting your information out for the world to see. With every new challenge or trending hashtag, people are lulled into a false sense of security because friends and family are participating. Have you ever stopped to notice that these closely resemble security questions for countless number of accounts?
That is not by accident.
Here is what to look out for:
- Post tagging you with personal questions
- Challenges that require you to post personal information or pictures
- Quizzes that want you to answer personal questions
- Tagging that encourages you to tag other people and tag family members by relationship.
You should see a theme trending here. Criminals will exploit this to their advantage leaving both the you and your employer vulnerable to attacks.
Here’s what you can do:
For businesses, make sure that your employees are receiving proper security awareness training. Knowledge is a powerful tool, consistent training and testing is a great way to abate any potential attacks through means of social engineering or phishing scams. Enabling a MFA solution is also an important tool in your security arsenal.
You should always err on the side of caution when sharing on the internet. Rest assure that your friends and family are aware of your favorite color, your first job, the year you graduated high school and your mother’s name.
With COVID-19 at the forefront of everyone’s mind now and in the coming days, criminals are using the public’s uncertainty and fear to exploit for personal gain. Educate yourself and your employees on things to look out for during this time.
What to look for:
“You Might Be Infected” Email | Text: Scammers are posing as hospital, doctors, and government health agencies to “alert” you that you have been in contact with someone who is confirmed positive for COVID-19. These emails and texts usually contain a link to redirect or download information to take to the nearest hospital to be tested for COVID-19.
- This is an attempt to trick you into downloading malware or inputting personal and financial information.
Essential Items Supply: Criminals are using various platforms such as email, text, websites, social media sites with offers to sell items currently in high demand such as masks, hand sanitizer, disinfectant, gloves and even toilet paper.
- Remember if it’s too good to be true, then it most definitely is not. Consumers are tricked to buying an inferior product or, most often, receive no product at all. Their “secure” checkout is quite possibly designed to trick you into stealing your financial information.
Cures and Treatment Scams: Criminals are again using numerous platforms to prey on the public’s fear with the promise of a cure, vaccination, or treatment.
- Currently there is no cure or vaccine for COVID-19, but that does not stop criminals from using this as a tactic.
COVID-19 Apps: Seemingly harmless apps designed to provide you with the latest statistics and track the spread of COVID-19.
- Harmless as it may seem, this app is designed to insert malware to comprise your device and steal personal information.
Steps to keep you and your business safe:
- Proceed with caution when receiving unsolicited emails texts and other forms of messaging pertaining to COVID-19. Legitimate health organizations will never ask you for personal information or contact you in this manner.
- Do not click links or open attachments from a source you cannot verify. Keep in mind criminals will use email addresses that are very similar to the legitimate ones.
- Ignore any form of communication that offers cures, vaccines, or treatments.
- When sourcing high demand supplies, make sure to thoroughly check independent reviews of any organization offering these items for sale.
- Make sure that all security patches, anti-malware, and anti-virus software is currently up to date on all your devices.
- Educate yourself and your employees to keep your systems and personal information secure.
Remember, we are all in this together and Acumen IT is here to keep you informed and your business safe from potential attacks during this time and in the future.
In case you’ve been living under a rock, know that ransomware is everywhere and it’s not slowing down anytime soon. Ransomware is a particularly nasty malware that locks you out of your devices and data. Hackers will demand a ransom, usually in bitcoin and since they are so kind, you may get a file unlocked to prove they mean business.
The worst thing about it, once you are hit, there is almost nothing you can do. You really only have 2 options: don’t pay the ransom and lose your data or pay it. There is no easy “downloadable” fix, despite claims you will see online. You are stuck. With ransomware, the ONLY real cure is prevention.
The top 4 reasons you are susceptible to Ransomware:
Security Awareness Training- This is by far the BIGGEST reason companies deal with ransomware, phishing and other hacking exploits. Educating and testing your end users on best practices and what to watch out for, can essentially create a “human firewall”. The investment is minimal compared to the alternative.
Improper Backups- not backing up your data or worse, backing it up improperly will ensure that your data is lost forever. You can choose to pay the ransom but is there “honesty among thieves”? Cyber criminals often have no intention of returning your stolen data or unlocking y our systems despite paying the ransom.
Weak Credentials- Not having a clearly defined IT policy that allows end users to use the same password over and over is a recipe for disaster. People like passwords that are easy to remember, thus, they use them for many different systems. Cyber criminals are well aware of this fact and will exploit it to their advantage.
Multi-factor Authentication- If you are still relying on simple passwords to access your most critical systems, you’re taking a big gamble. Multifactor Authentication provides a second layer “password” and only grants access when certain criteria is met.
To make sure you are as protected as you can be, we strongly recommend you contact a technical security expert to consult on the best way to protect against ransomware and other security hacks.
Hiring seasonal staff? Here are a few things to consider from the IT perspective
In many industries, there are seasonal spikes in business around specific times. For example, CPAs/Accounting firms, though busy all year, generally see a spike in business around the time of tax planning, IRS return filing, etc., the retail industry sees a boom around the Holiday Season, and so on. During such peak times, it is common practice in the industry to employ part-time staff to meet the immediate resource needs. While this works well in terms of costs and for handling additional work/client inflow, this poses a few challenges from the IT perspective. In this blog, we explore those challenges so you know what to watch out for before bringing part-time staff on board.
When you are hiring someone part-time, security could be a concern. You or your HR person may have done a background check, but their risk score nevertheless remains much higher than permanent employees who are on your payroll. Trusting a temp worker with customer and business data is a risky choice.
Having seasonal employees is a good solution to temporary spike in workload. But, there is still a need to provide your temps with the resources they need to perform their tasks efficiently. Computers, server space, internet and phone connectivity, all need to be made available to your temp workforce as well.
Lack of training
Your permanent employees will most likely have been trained in IT Security best practices, but what about your temps? When hiring short-term staff, SMBs and even bigger organizations rarely invest any time or resources in general training and induction. Usually brought in during the peak seasons, temps are expected to get going at the earliest. Often IT drills and security trainings have no place in such hurried schedules.
Often businesses hire seasonal staff from across the country or even the globe because it may offer cost savings. In such cases when the seasonal staff is working remotely, there is a need to ensure the work environment is seamless. High quality collaboration tools for file sharing and access and communication needs to be in place.
Having part-time or seasonal staff is an excellent solution to time-specific resource needs. However, for it to work as intended–smoothly and in-tandem with the work happening at your office, and without any untoward happenings–such as a security breach, businesses need to consider the aspects discussed above. A MSP, such as Acumen IT, will be able to help by managing them for you, in which case hiring temps will be all you need to think of.
Microsoft has officially announced the “End of Life” date for Windows 7. It will come January 14, 2020. Windows 7 was introduced in 2009 and is one of the most popular versions of Windows. It is estimated that around 40% of Windows OS is 7. So, if you are one of the Windows 7 users, read this blog to understand how this end of life announcement impacts you and what you should be doing.
End of life means, beyond January 2020, users of Windows 7 will not get any updates, security patches, or any kind of support from Microsoft. Does this mean you need to scrap all your devices that run on the Windows 7 OS? Technically, the answer is no. You can still continue to use your existing computer with Windows 7 OS, but it won’t get the free security patches and updates. This makes your computer and possibly your whole IT network vulnerable to malware and other IT security threats. Plus, as a business, running Windows 7 OS without the security patches and updates is not really an option as it creates liabilities in the event of data theft. Also, you may be inadvertently violating regulations by using an OS that’s officially declared vulnerable to security threats. In short, running Windows 7 without the support is not really an option for businesses.
You can buy extended support for Windows 7 from Microsoft, the extended support will be available until 2023. Keep in mind that there are specific circumstances you must meet in order to qualify for this option. Acumen IT, who is an authorized Microsoft partner, can tell you more about this option and if it will be a good fit for your business.
In the long run, however, you will have to migrate to a newer, supported version of Windows. Learn more about your options in the face of end of life of Windows 7, in our next blog post