Posts

Spear Phishing Gets More Sophisticated for The Holidays

Most of us have a virtual personal assistant that lives in our pockets, internet connected devices in our homes to make our lives easier, and we’re having lengthy customer service conversations with chat bots. Technology has gotten more sophisticated in every way (aside from that printer that never seems to work). In this climate of innovation, hackers have learned a few lessons too. Spear phishing attacks have become so complex that they have the power to trick even the most savvy user. With all the emails you will be getting this Black Friday and Cyber Monday, is your business ready?

What is Spear Phishing?

A study released by the Better Business Bureau in October 2017 revealed that 90 percent of cyberattacks on businesses come through phishing emails. All phishing attacks rely on trust. Hackers design fraudulent emails that create a sense of urgency, inciting panic and causing people to give up sensitive information before thinking of possible risks. These messages are disguised to look like critical security alerts or important work-related information. Or as the holiday shopping season kicks into full swing, emails from stores you like to frequent. There are many giveaways that help employees recognize these attacks, from too many typos to generic greetings like, “Dear Customer.” In a spear phishing attack, hackers target specific users, tailoring their messages with personal information to make their requests seem legitimate. Recently, they’ve taken these tactics to the next level.

Three Spear Phishing Trends

  1. Playing the long game
    Hackers can be very patient. They may obtain one employee’s login information, then monitor their emails to learn about your organization. They will determine who the decision makers are at your business and learn what types of attachments employees tend to send and receive so they can mimic them. By gaining access to one employee’s email account, the hackers gain enough information to make their next move. They may even use the compromised email address to contact others in your workforce, which brings us to the second trend on the list.
  2. Hijacking email threads
    Would you be suspicious of an email coming from one of your employees? Hackers may take over an employee’s email account, then look for an existing company email chain. Posing as the trusted employee, the hacker then tries to convince the others in the conversation to download an attachment, installing malware that infects their devices and network.
  3. Bypassing your spam filters
    Don’t depend on your email filters to catch spear phishing attempts. Hackers have figured out how to bypass those filters and end up in your main inbox. They have done this by impersonating trusted sources like Google Drive links and Microsoft SharePoint URLs that trick systems like Gmail and Office365 into thinking the links are coming from their own products. In this environment, how can you know the difference between a trusted communication and a spear phishing attack? Partner with an MSP like FUSE3 Communications. We can help you identify suspicious communications. If you’re ever unsure, it’s always a good idea to check in with your trusted IT experts.

Spear Phishing in the News

In February 2018, hackers targeted Netflix subscribers, sending emails saying the user’s accounts had been deactivated because the billing information could not be validated. The emails greeted the recipient by name, and the message instructed them to click on a link to reactivate the account. The link took them to a fake Netflix login page. After “logging in,” they would be prompted to provide credit card details, an updated address, and their mother’s maiden name. Because people often recycle passwords, or use very similar passwords with slight variations, the hackers could use those login credentials to gain access to the user’s other accounts. Imagine if this happened to one of your employees using their work email for their Netflix account.

We Can Help You Protect Your Business

Spear phishing attacks are frequent and they are getting harder to recognize. You don’t have to face these attacks alone. We are here to help you protect your business. Contact FUSE3 Communications today.

Celebrate National Cyber Security Awareness Month

Do you know every web application your employees are using? There is a high probability that your workforce is utilizing many devices and applications without explicit approval. Collectively, these programs and devices are called Shadow IT. Shadow IT is essentially any application employees download or IT service they sign up for without vetting by your IT provider. October is National Cyber Security Awareness Month, the perfect time to address the hidden risk of Shadow IT. If you aren’t dealing with your Shadow IT problem, your business is not as secure as you think it is!

There was a time in business when any piece of software would go through a thorough vetting process. These days, times have changed. In today’s technology environment, employees are always looking for the next new app or platform to increase productivity. Employees are more tech savvy, and that makes it is less likely that every piece of IT in use has gone through a thorough vetting process or a risk assessment.

Shadow IT also includes personal devices. There is a growing tendency for team members to get work done at home using their own laptops, iPads, or desktop devices. Personal devices are notorious for lax cybersecurity practices. When employees sign onto the business network using their own devices, there is a major risk that they will bring a virus into that business network.

At this point, it is difficult to imagine an organization that is not implementing Shadow IT, whether deliberately or not. There are countless tools that employees and departments may start implementing innocently without thinking they need to involve your IT provider. Many managers and employees are now selecting their own IT services independently, without checking with an IT expert. From file sharing solutions like Dropbox, to free project management platforms, employees are constantly finding new ways to efficiently collaborate and share information from wherever they happen to be. They no longer need to be in the office to check on the status of a project, or access a sensitive document. Employees are looking for ways to hit and exceed their goals, and they are not necessarily thinking about cybersecurity or the risks they are taking.

As a decision-maker, you must always balance risk and reward. The cost of increased employee productivity may be security, and that may not be a cost you want to cover. They are likely to choose programs for ease of use and convenience, without noticing a lack of important security features like two-factor authorization or encryption. Shadow IT may also lead to mounting costs as different teams pay individually for software that would have a lower group or business rate.

What can you do to protect your business in this climate? You certainly don’t want to discourage employees from building better processes and working when they feel inspired. Yet there are many ways in which Shadow IT puts your business at risk and creates cost inefficiencies. Don’t feel overwhelmed. Contact FUSE3 Communications today. We can work with you to assess Shadow IT usage, then build and implement a new Shadow IT strategy. If we find your team members using unsecured tools, our experts can recommend alternatives. Don’t wait to get started! We will bring your Shadow IT into the light.

Is It Time For A Network Assessment?

When was the last time your business underwent a Network Assessment? As a business decision-maker, there are many moving parts to keep track of, and IT monitoring can easily fall through the cracks until something breaks. This approach can lead to unexpected expenses and business downtime. With a Network Assessment, you can anticipate and plan for potential IT snags, and resolve issues before they become major problems.

First, it is important to understand what a Network Assessment is and what it can mean for your business. This service assesses your IT infrastructure, including processes, security, and performance to identify problems and solutions. It is your first step toward improving IT efficiency and data security.

Now that you understand what a Network Assessment is and why it would benefit your company, it is time to find the right IT provider to manage the process. Partner with FUSE3 Communications and get your Network Assessment scheduled. We’ll help you to:

  • Understand network vulnerabilities
  • Identify bandwidth bottlenecks
  • Increase IT performance and efficiency
  • Shore up your cybersecurity defenses

When do you want to have a Network Assessment performed? A Network Assessment is especially critical if you are planning any major IT roll-outs, like a transition to cloud storage solutions, changing to VoIP phones, or if any of your infrastructure is nearing end-of-support or end-of-life. This service can also help shed light on any ongoing issues you have been experiencing, like slow performance speeds.

In the event that issues are identified during the Network Assessment, it is time to determine which actions you should take with the data you have obtained. This is where many business owners and decision-makers may begin to feel overwhelmed. How do you make the best decisions without comprehensive IT expertise? Many small-to-medium sized companies have limited or even no IT staff, or team members who are spread too thin. That’s why FUSE3 Communications is here for you as you navigate these concerns. You do not have to deal with these issues alone. We understand that discovering IT problems can feel overwhelming. At FUSE3 Communications, we believe your IT should be an asset to your business, not a headache. Not only will we perform a full Network Assessment, but we will also work with you to build a plan of action that has you feeling confident. Even if it sounds overwhelming, being proactive can make a big difference, and identifying IT issues is actually the first step to creating an IT infrastructure that works better for your business.

Ready to learn more about our Network Assessment services? Contact FUSE3 Communications today. With our trusted, vetted IT experts on your side, your Network Assessment will provide you with both an understanding of your current IT infrastructure issues and a solution-oriented approach to identifying your next steps.

Protect Your Business from Ransomware Attacks

Ransomware attacks are a serious threat to any size business. For a small business, a ransomware attack can even result in the company going out of business. Last year, ransomware was found to be the most prevalent form of malware connected to company data breaches; cybersecurity provider Malwarebytes cited a staggering 90 percent increase in detected ransomware attacks. Being vigilant and armed with a ransomware plan is not just another best practice, it’s necessary to company survival.

There are two types of ransomware to look out for: encryptors and lockers. Encryption ransomware programs take your files hostage, converting them into a code that will require decrypting. Locker ransomware takes entire networks and devices hostage, sometimes even preventing a computer from booting up. Both types of ransomware tend to have a time limit associated with them. If the ransom is not paid within the time frame, the hackers threaten further sabotage. You do not want to find yourself pitted against criminals like these without a trusted IT partner by your side.

Systems can be infected in several ways. One common method is through phishing attacks, which are communications that pose as content from trusted sources like banks, governments, or popular businesses. These attacks ask users to click on an attachment or a link that then invades the network. Other tactics include pop-up ads and exploiting browser vulnerabilities. There is even a new trend of demanding a ransom without actually infecting the network or device! This method is executed by hackers sending multiple emails threatening users that there is a destructive malware infection on their computer waiting to be activated unless the ransom is paid. At FUSE3 Communications, it is our job to make sure we stay on top of the common tactics so that your network is always protected.

Don’t face the threat of ransomware attacks alone. These attacks can quickly escalate into extremely high-cost disasters. The price of a ransomware attack goes beyond the ransom you pay. For example, the Erie County Medical Center reported it recently spent an estimated $10 million on a $30,000 ransom. How did this happen? Responding to the attack can lead to additional high-cost consequences like staff overtime, lost revenue, emergency IT services, and staff training to prevent another mishap. These costs may be even higher if you are caught without a plan in place and a trusted IT partner like FUSE3 Communications in your corner.

Prevention is your best strategy. Our goal is to work with you to recognize common tactics and train your employees so that we can decrease the likelihood that a ransomware attack will find its way into your network or device. We will monitor your network for suspicious activity, and help you back up your files so that you, and not the hackers, are in control – even if they infect your system. We can also help you manage and predict costs by building a ransomware plan as part of a comprehensive disaster recovery strategy.

Contact FUSE3 Communications today. We will make sure you are ready for whatever hackers could throw your way.

Is Your Business Ready for the Internet of Things?

The summer season has arrived! Warmer weather means families are spending time enjoying outdoor activities like hiking, bike rides, and beach days. With less time in the office comes more time on other devices, especially wearable technology like Apple Watches or FitBits. In other words, it is time to think about IoT security.

IoT stands for Internet of Things. Today, we are interconnected like never before, and more and more of our everyday devices are connecting to the internet and to each other. Consequently, more personal and business data is being shared. Your IT strategy must now encompass all the different ways through which you and your team are connecting to your business network.

You are probably wondering how an employee’s fitness tracker affects your cybersecurity strategy. Fitness trackers need to connect to another device like a computer or smartphone in order for the user to view all of the data they collect throughout the day, or input information like foods eaten or how many glasses of water they had. In this example, your employee might be connecting their fitness tracker to both their work and home computers. If their home computer is less secure, a hacker may be able to use the fitness tracker to also infiltrate your network. This is just one example. New IoT devices are now coming onto the market constantly. Soon, smart home assistants could be as common as smartphones. You may even make use of them in your office. With all of this innovation and change, it can be hard for your IT strategy to keep up.

IoT devices are known for being unsecured and lacking built-in security systems. They are also designed to be found and recognized by other devices, so if the default password has not been changed, it can be extremely easy for a hacker to find and access a device by exploiting a known default password. In order to secure your network in the face of increased connectivity, you need to put proactive policies in place, rather than depending on the device’s security systems. Hackers are sophisticated, and their favorite targets are those they expect to be unsecured. They assume that small-to-medium sized businesses are not investing in cybersecurity and will not keep up with the latest technology trends.

We’re here to prove the hackers wrong. With FUSE3 Communications in your corner, you can be confident that we will keep you up-to-date on the latest cybersecurity best practices. We can also help you develop and implement policies that will help manage which personal devices your employees connect to your business network, and educate them around the security steps they need to take when doing so. Even seemingly small steps, like making sure they change their devices’ default password, can make a big difference.

Contact FUSE3 Communications today. Partner with us to keep up with today’s latest technology trends and manage the risks so that hackers never catch you off guard.