Avoid these 10 CyberSecurity mistakes in 2020: Network Breach

You are NOT Exempt from Online Attacks - 2 of 10

We frequently meet with small to medium size clients that have this false opinion that their business is too small or trivial to be targeted by Bad Guys, hackers, scammers, trouble makers or just general criminals. The fact is that every business, large or small, are possible targets for these criminals. The threat has become such a concern the Federal Bureau of Investigation (FBI) issued a High Impact Cyber-Attack Warning. On October 2, 2019, Alert Number I-100219-PSA describing and warning against ransomware attacks. Read the full alert release here https://www.ic3.gov/media/2019/191002.aspx

Last year a report written by the Ponemon Institute produced a survey of 1000 IT Support providers about the state of cybersecurity in small and medium-sized businesses. It revealed that 67% of their SMBs have encountered a cyberattack while another 58% have had a data breach in the previous 12 months. Another report writes that 60% of all SMB’s that have had a breach fail within 180 days. The breach will cost SMB’s: time, money, loss of reputation, possible fines, network downtime, loss of revenue coming into the business, loss of data and maximum effort to fix what was broken or stolen.

Find out if a business that you work with has been breached …“Oregon law requires businesses and state agencies to notify any Oregon consumer whose personal information was subject to a breach of security. In the event that a breach affected more than 250 Oregon consumers, the law also requires that a sample copy of a breach notice sent to more than 250 Oregon consumers must also be provided to the Oregon Attorney General.”  https://www.doj.state.or.us/consumer-protection/id-theft-data-breaches/data-breaches/

Most of these breaches were preventable. Furthermore, companies that do not manage credit card data or any customer/client information believe that cybercriminals will not target their company network. In truth, the Bad Guys are targeting multiple computer networks to find vulnerabilities, obtain sensitive information, take control of your network, lock your data up and demand financial payment to have it restored or just to cause damage.
The simple fact is if your business/organization has an online presence, you are at risk and must adopt cybersecurity as a business strategy to guard both your stored data and network resources.

Call us, 10D Tech, if you would like to create a technology security plan that prevents the crime and recovers the network/data quickly in case of a breach.

Avoid these CyberSecurity mistakes in 2020: Passwords

It could be stolen customer data, phishing, or ransomware attacks, successful cyberattacks will affect businesses of any size and in any industry. A study last year by Juniper Research exposed that breaches in cybersecurity are likely to result in the theft of over 146 billion records by the year 2023, while identity theft has already affected over 60 million Americans.

It won’t matter if you are offering professional services (Doctor, Lawyer, Accountant), running a local or global business operation, establishing an online presence has now become necessary for recognition and, ultimately, business success. A security breach can destroy a business in a number of ways, including loss of business revenue, client trust, loss of data, fines, penalties, as well as lost income while the breach is secured. 

The continually expanding awareness by word of mouth, media advertisements, social media and direct conversations with security experts about cyber attacks and online threats, business enterprises are investing effort and money into improving their cybersecurity through better tech, training and tools. Still, an analysis of even the most sophisticated online attacks reveals that security is often imperiled by the most elementary mistakes that can be easily fixed by any business, organization or at home.

Poor Password Management

Weak or duplicate passwords are among the first reasons leading to cybercrimes including brute force attacks. A brute force attack opened over 1,000 user accounts due to weak passwords. The bad guys used the company email directory to compromise accounts that had weak passwords. Examples of weak passwords that are still used include “123456,” “password,” and “qwerty.”

What are the best practices in password management that can improve cybersecurity?:

• Use of complex passwords that incorporates alphanumeric and special characters.
• I had LastPass generate the following: 7MG87@o2^VzILBwe I won’t have to remember it as long as I remember a single Master Password for LastPass.
• Enable 2-Factor Authentication (or 2FA) that can be used with strong passwords to safeguard user access.
• We all have smartphones today, setting up 2FA is quick and easy.  Search for the Google Authenticator in the app store and you are almost done
• Avoid the use of the same passwords in multiple business accounts.
• Once bad guys figure out you have used the same PW in 2 accounts they will try them all using your email address or known user name.
• Use of desktop or smartphone apps that can securely store (or even regenerate) passwords instead of writing them down on a post-it or note pad.
• LastPass is what we use, but there are others: www.lastpass.com
•  Maintain the habit of periodically changing passwords for all your accounts.
• The password manager, LastPass, can be used to change many of your passwords with a single click. You won’t need to know what the PW was changed to …. Provided you remember your Master Password to access LastPass.

The next post in our preparation for 2020 Cyber Security Awareness is:   

"Your business is NOT too small to be a target."

Windows 10 Hidden Tricks

Windows 10 Hidden Tricks

Sometimes I just wanna know stuff and while browsing some recent articles, I came across this one from PC Mag (https://www.pcmag.com/feature/347136/25-hidden-tricks-inside-windows-10/5 ) about some hidden tricks that came with the latest updates to Windows 10.  Some other tricks I found in the article are Shake (a quick way to clear cluttered windows), God Mode (for experienced users only!), Hidden Games and 3D Viewer. Go ahead and read the article, see how many of the hidden options you knew about and try out Shake.

While on the Windows 10 Subject. Microsoft ended mainstream support for Windows 7 in January 2015, with extended support running till January 14, 2020, 2 months from now. Businesses that fail to migrate in time will be saddled with high fees for further support from Microsoft.

This End of Life means no more bug-fixes, security patches or new functionality, making any user - personal or enterprise - significantly more susceptible to malware attacks. Just as it did with Windows XP, Microsoft will continue to offer support for those Windows 7 users still reluctant to upgrade to its Windows 10 OS, but it'll cost you.


However, there's absolutely nothing stopping you from using Windows 7 even after its End of Life. But you should know that using an outdated operating system makes your computer vulnerable to cyber-attacks.

As always if we can help you with a Windows 10 migration or any other support issues call us 541.243.4103

If you enjoy these short IT Tips subscribe to our Monday Morning Minute of Top Tech Tips (MMMTTT)

Disposing of your PC

How to get rid of your computer

#1 Save essential files

Back up your data or transfer files to a new computer. The easiest way to do this is to invest in an external hard drive. If you're looking for secure ongoing backup and file syncing solution, use a cloud service such as Box, Apple iCloud, Google Drive or Microsoft’s OneDrive of for more assistance call 10D Tech 541.243.4103

Backing up data to the cloud will quickly transfer it back to a new machine or enable access to it via an Internet connection, even from your Android or iPhone. Storing data in the cloud is also very convenient if your computer dies and you need to restore your files. You can also get to the data if you travel and need access to data or information on a different device.

1. Delete and overwrite sensitive files: Tax documents & other confidential data should be deleted with software specially designed to meet the government standards for secure data deletion. For hard drives in Windows PCs, try File Shredder (its free). For the older Macs with hard drives (pre-OS X El Capitan or OS 10.11) select the “Secure Empty Trash” option after deleting your files. You’ll see it under Finder > Secure Empty Trash. Macs with OS 10.11 and higher and Windows PCs with SSD drives, encrypt your drive. Encryption should be a standard practice at all times with all computers if it is available. Wiping your drive after these steps will securely erase your files.
2. Turn on drive encryption. For Windows PCs with SSD drives, go to Settings > About. Toward the bottom, you'll see either an option for Drive Encryption or Bitlocker Settings. Follow the prompts to encrypt your drive. For Macs, go to System Preferences > Security & Privacy > FileVault and select Turn On FileVault. You'll then select a password and select Restart.
3. Deauthorize your computer. Some programs, such as iTunes and Microsoft Office 365, only allow you to install software on a limited number of computers or allow a limited number of computers to access your files. So be sure to deauthorize your old equipment from your accounts - before uninstalling any programs.
4. Delete your browsing history. Your internet browsers save info about your internet browsing history. How you have your settings configured, you may even store your usernames and site passwords at various websites. Obviously, you don’t want a stranger or, worse, a stranger with bad intentions having access to this information. For Microsoft Internet Explorer, you click on the cogwheel in the upper right corner, and it will open the browser menu, then click on the Safety option, and then Delete Browsing History. Make sure all of the checkboxes are chosen, so it all gets removed. Repeat this step for any other browsers on your computer (Firefox, Safari, Chrome). Firefox and Chrome, you will need to first sign out of your browser.
5. Uninstall all of your programs. Many programs, such as Microsoft Office, will contain personal information like your name, address, and other details. We recommend uninstalling all programs before disposing of your computer. To uninstall programs on a PC: Start>Control Panel>Programs>click on program>click uninstall.
6. Consult your employer or IT Dept about data disposal policies. If your computer is used for business, check with your company or IT Support company about how to manage the organization related information that is on your computer. Local, State and Federal laws require businesses to follow data security and disposal processes for deleting personal information about clients and customers.
7. Wipe your hard drive. Once you've gone through and removed the information and data you know is there, perform a factory reset so you are confident that you have removed ALL of your personal files & software programs. Now restart your computer. Once the machine is back up, download & install the application “Eraser,” choose the most current version.
8. OR physically damage your hard drive. If you are only looking to recycle your computer and are very anxious about somebody recovering your files, take out the hard drive and drill a couple of holes in it OR utilize the anger management training and beat the heck out of it with a hammer. This works for CDs, Jumpdrives cameras, etc, once the files you want are off them, a drill or hammer is a great way to say goodbye to your old media.

Living The Human Firewall Life

From the 10D Monthly Security Awareness Newsletter

The 5 Traits of a Human Firewall 

The security of our organization depends upon you, the human firewall. You help prevent security events and control the input and output of sensitive information by exhibiting these five traits. 

Trait 1: Thinking before clicking
Phishing attacks remain the top strategy in every cybercriminal’s playbook. They flood organizations with emails containing malicious links and documents, knowing that all it takes is one click. Generic attacks are easy to spot, thanks to their poor grammar, spelling, or awkward phrasing. Others take a much more sophisticated approach, as in the case of spear phishing, which targets specific people and organizations. A human firewall reads emails carefully, hovers over links to display the full URL, and treats all requests for sensitive data with skepticism.

Trait 2: Using situational awareness 
Situational awareness simply means minding your surroundings, staying alert, and never making assumptions. For example, if you see an unfamiliar person in an area normally reserved for authorized personnel, or notice a secured door left open, don’t ignore it! Maintain a clean desk so as not to lose sensitive materials, and shred those materials when no longer needed. When traveling or working remotely, keep an eye on your personal belongings, stay alert for shoulder surfers, and use discretion when accessing or discussing highly sensitive information in public. These are all basic, non-technical behaviors of a strong human firewall.

Trait 3: Respecting privileged access
Access includes everything from login credentials to badges or keycards that allow you to enter secured areas. Respecting access means ensuring that whatever clearance you’ve been granted never gets misused for any reason. It means closing and locking doors, preventing tailgating (when someone slips in behind you without you knowing), never allowing someone to borrow your credentials, locking workstations when not in use, and maintaining strong, unique passwords for every account and every device.

Trait 4: Reporting incidents immediately 
Incidents happen. Reporting them immediately is the only way we can mitigate damages and reduce future risk. It doesn’t matter how big or small the incident seems. A secure door left open, an unknown individual hanging around the office, a phishing email, a smart device or computer malfunctioning—we rely on strong human firewalls like you, to inform us of these types of incidents as soon as possible. If you see something or hear something, say something!

Trait 5: Always following policy 
Human firewalls always follow our organization’s policies and never circumvent them for any reason. Why is this so important? Because policies define our security culture. They set the standards for how data is collected, stored, transferred, and destroyed when no longer needed. They exist to ensure that the privacy of our employees, clients, consumers, and partners remains intact. Failure to follow policy could lead to data breaches, ransomware attacks, or other damaging security incidents. And while we require that you know and follow our policies at all times, we also encourage you to ask questions when you’re unsure of something.

Back to School Edition: Keeping children CyberSafe

Start With These 11 Easy Tips to Keep Kids Safe Online:

1.   Talk to your kids!

2.   Turn on the "Do Not Track  Tool" on your browsers.

3.   Read the Privacy Policies on all the services and apps you use.

4.   Never share passwords and make strong passwords.

5.   Keep personal information personal (don't chat/send photos to strangers).

6.   (For Kids) Ask permission before signing up for anything.

7.   Know how to recognize ads and don't click on them.

8.   Respect age limits on all social networking sites.

9.   Set privacy settings on all social networking sites.

10. Advocate for Cyber Civics lessons at your school!

11. Talk to your kids!

For Teens: https://www.safesearchkids.com/a-teens-guide-to-social-media-safety/#.XW73VzZKiUl

This is a good link to send to your teens. Yes they will roll their eyes at you when you require them to read it but the constant nagging reminders WILL help protect your teens from the bad guys (If they do bad things, they are bad guys regardless of their gender) included in this link is how to best set the security settings for Facebook, Twitter, and Instagram. G+, Tumblr, Meetme and a new one I just found to be rising in popularity TikTok, all have security settings that need to be changed to protect your teen, your family network, your business network and potentially you, the parent, personal information.  We do not recommend Snapchat, because of the false sense of anonymity young users experience.  The false sense of secrecy encourages teens and young adults to post things in Cyberspace that they would never want to be revealed to the world.  

For Parents: https://www.safesearchkids.com/parents-guide-to-protecting-teens-on-social-media/#.XW75MzZKiUk

For Teachers: This site has 3 good cartoon-like video stories about Cybersecurity with good discussion stating questions. https://www.esafety.gov.au/education-resources/classroom-resources/challenge

 Or a program: https://staysafeonline.org/blog/teachers-guide-student-online-safety/

What do cybercriminals do with stolen data?

What do cybercriminals do with stolen data?

You’ve likely heard the stories of major data breaches that expose the personal information of millions of people. Perhaps you’ve even been a victim of this. But what actually happens to exposed data? How do cybercriminals actually use the data?

They sell it on the dark web. Credit card numbers, national ID numbers, email addresses, and passwords all fetch certain prices on the underground economy.

They launch spear phishing campaigns. With enough information, cybercriminals increase their chances of successful phishing attacks because they’re able to target specific individuals or organizations while sounding legitimate.

They pretend to be you. Identity theft is a top concern. If attackers gain access to your personal info, they can open accounts in your name, attempt to claim tax refunds, and file insurance claims, etc.

They attack even more accounts. In the case of stolen usernames and passwords, criminals use “credential stuffing,” which is an automated attack using those same usernames and passwords to gain access to other accounts.

Accidental data breach by clicking ‘Send'

Merely having a HIPAA-compliant email service isn’t enough to keep a clinic or agency within the regulations. The organization still needs to train its employees to use the Health Insurance Portability and Accountability Act compliant service properly, as well as implement the necessary policy and administration measures to guard its Electronic Protected Health Information (ePHI) records. If these aspects aren’t addressed, an organization could easily find itself suffering from a significant breach, the resulting fines, penalties and possibly failure.

Data breaches have become one of a medical clinic or insurance agency’s greatest fears. If you study the reparations, penalties, recovery costs and the ensuing investment in new security measures, data breaches are unbelievably expensive. That is aside from accounting for the interruption to regular business or the long-term damage to their brand reputation. 60% of all organizations that experience a data breach fail within the next 120 days … 120 days!

A clinic in Michigan closed its doors on April 1^st, 2019 just months after a ransomware attack deleted EVERYTHING. http://www.startribune.com/all-of-records-erased-doctor-s-office-closes-after-ransomware-attack/508180992/

Only 3 weeks ago, Eye Care Associates in Ohio had a trojan virus attack that severely affected their ability to do business and as of today (8/16/19) they are still struggling to recover and keep doors open https://businessjournaldaily.com/eye-care-associates-hit-by-ransomware-attack/

In both of these examples the clinics did not lose any patient data but Where the attack succeeded was interrupting business operations, Loss of reputation, loss of company data, costing it patient bookings and eventually, for Dr. Scalf and Dr. Bizon, the closure of their clinic.

Analyzing all breaches over the past 5 years will tell you that encryption is the most suitable way to make data confidential both in transit and at rest.

When organizations evaluate their need for email security, they all come to the conclusion that they need better access control, encryption, measures to ensure data integrity, documentation that the email is secure and much more. Some will find that they need more advanced mechanisms than others, such as opt-out email encryption to reduce the chances of employees accidentally causing data breaches. Ultimately, some businesses may decide that they have the capabilities to make their emails HIPAA-compliant in-house.

Others will choose to go with a HIPAA-compliant provider, like 10D Tech, that understands how to mitigate the problem in this complex regulatory world. This approach is generally easier and helps to spread the risks onto the provider, as long as a Business Associates Agreement (BAA) is signed. When audited, a clinic or organization simply refers to their provider for the documentation and reports of compliance. The end result of either method will be more than just HIPAA compliance. If your company has been judiciously following HIPAA’s recommended path of performing security reviews and implementing mitigation strategies, then it will end up with a secure email system as well. With the right systems in place, an organization will reduce its chances of suffering a data breach.

Accidentally causing a data breach is as easy as clicking ‘Send.’ Are you prepared?

10 reason to use 10D Tech

Our partners have discovered the benefits of having 10D Tech maintain and support your work stations, your network and your staff. 

Our Standards, Process Alignment, Business Impact and IT strategy is the recipe for our great results.

Our results for owners and managers:

1. Lower costs mean Higher Profit Margins. Using 10D Tech is like having an employee that never goes on vacation, doesn't require health insurance, is never sick, needs no profit sharing, no further company-based training, no desk, no chair, no phone ... etc.  
2. Increased Functionality as the staff is not spending 22 minutes a day working on some tech issue. 22 minutes a day is over 7 hours a month, or 11.5 days every year.
3. More Productive Employees They are not messing with the newest application or scouring their social media pages.
4. Better Morale amongst the staff knowing they don’t have to stress the Blue Screen or that they are downloading a virus.
5. A Reduced Risk as we back up your work stations, servers and overall network on a regular schedule all but eliminate the scary RansomWare notice everybody is talking about.
6. Installing a firewall, securing work stations with endpoint protection, instigating the password manager rules Enhances Security.
7. A stable network and protected work stations allow you to be More Competitive in the market without the added wasted time.
8. Looking at your current network and building a 3-5 year plan will Lower your Overall Technology cost. Instead of replacing things as they break, we help you purchase, according to a plan when prices are lowest.
9. A better balance of your Work vs. Life focus.  Nobody needs to stay late trying to figure out why the printer doesn’t work.  We already have it taken care of.
10. In general, a Peace of Mind that we have you covered and you can focus on what you do best.

Call us if this sounds like the solution you've been looking for. 541.243.4103  www.10dtech.com

Buying a Fur Lined Bathtub?

SPAM! Most of the time we don’t really fall for it, but sometimes an email looks interesting enough to open and read.  This morning I received this email that said it could deliver 5 phone system quotes to me in CORVALLIS  - OR, which is where our main office is located. So, my curiosity peaks and I check it out. (See the Note)

It’s probably not an email that interests you, unless you are looking for a new phone system. What you may not know is the same organization that collects your request for a phone system quote in “CORVALLIS - OR” will call me later this month and offer to sell me a list of businesses that want phone systems in “CORVALLIS - OR”

The same thing happens for other products. An email arrives that says they have a great price on something you have been looking to buy, it gets your attention and you think “Sure, I’d like to get 5 quotes for fur lining my bathtub” and you respond with the affirmative to the sender.  Who then calls a local bathtub fur liner and offers to sell your contact info along with “hundreds more.”  It’s a reasonably legitimate business model in that the spammer has offered you something, “5 quotes” and us something, “contact requested a quote,” but in reality, they have been deceitful on both ends.  They are building a list of contacts but can't really quote you a new phone system and then they are selling that list of contacts to companies under false pretense.  

As a note: 10D Tech does not buy these lists.

We feel your pain

Unsolicited emails, also called Spam, works because of the high volume the spammers send results in a tiny amount of success There are different kinds of spam, but in every case, sending spam is so cheap that it doesn’t take much for a spammer to pronounce that a spam campaign a big success.

For example, say a spammer sends 15 million emails pushing a knock-off of the latest wonder gizmo. If only a tiny percent, perhaps even just one person out of fifteen million, purchases the gizmo through him, the spammer has made a profit. It doesn’t matter if it’s fake purses, body-part enhancement aids, knock-off watches or discounted computer software. If even the tiniest percentage of spam emails produce a sale, then that spam was successful, they will continue.

Tired of Spam? Tired of sifting through a hundred emails a day that has nothing to do with your work? Call us and we can help 10D Tech 541.243.4103

Buying local?

When you buy local, your money stays local, and it strengthens the local economy in two ways. First, buying local fuels new employment and job opportunities for people within the community. Studies show, locally owned businesses employ more people per unit of sales, and retain more employees. Further, the expansion and growth of local businesses helps create a more stable, recession-resistant local economy and community alike.

Second, buying local keeps money circulating within the local economy. Cash flow is vital for prosperity and local businesses recirculate a greater share of every dollar, as they create locally owned supply chains and invest in their employees. An additional study found that local retailers return a total of 52 percent of their revenue to the local economy, compared to just 14 percent for the national chain retailers. Money circulating through the local economy benefits everyone who receives a transaction. 

We are disappointed our local city and county decided to buy from a chain that have no local employees or presence other than the phone systems they have installed.

City of Corvallis and Benton County buy new phone system.

#1 of 7 CyberSecurity Tips

We all now rely on technology. Our businesses rely on technology, big or small. Our clients find us online and use the 10D Tech website. We store confidential information and communicate via email. We download documents and research and file forms online. We manage other businesses networks.

10D Tech IS a target for bad guys. WE know IT and how to protect ourselves so that we can help our clients protect themselves. 

Numerous reports reveal that more than half of all small businesses are hit with a security breach. The financial consequences can be significant and for many, devastating. Right out of the gate, you’ll have to pay to have the systems recovered, get the data back, loss of reputation and potentially loss of your clients. 

Every organization needs to take responsibility and enable security measures to protect their business as part of the monthly reoccurring costs, like phone bills and rent. You can’t just set it up and forget it because the attack protocols change daily.  The Hollywood version of fending off a hacker attack, with streams of data scrolling across the screen is unrealistic. The image of a computer genius pounding away on a keyboard like they are replying to a political Facebook post is just comical. Most hackers are in a business network for 68 days before being discovered. They sneak in through emails, phishing links and EBKAC (Error Between Keyboard And Chair)  The bad guys are good, really good, BUT beatable with the right tools, properly configured firewalls and staff training.

Here is the first of 7 important cyber security tips.

#1. Create a clear set of security protocols.

How will you protect your business? Take some time and write it out with your IT team (10D Tech). You know your business, the IT team knows theirs. They’ll help you with the details for protecting your network, hardware and client information.   Don’t skimp here because the cost of a security failure can close your doors.

Evaluation items you should regularly ask your IT Team:

• How often do you run system updates, patches and network scans?
• Do we need to protect and back up all of our data?
• Does the staff have access to all of our sensitive data?
• What software and applications are critical, and which are optional?
• Where does the buck stop? The one throat to choke or the one back to pat?

Review the security plan every 6 months, and remember to include employee training in the security equation.  Your cybersecurity plan only protects the business if everyone knows it and follows it.

Next Tip: #2 Business Email Compromise (BEC) protection

540,000,000 - The news has become noise

Security Alert: April 3, 2019: 540 Million (540,000,000) FaceBook profiles exposed! It has become to common to keep track of them all.  

Security Advice: Stop using Facebook to log into websites & apps. Using a password manager is the single most effective tool to guarding your privacy online. Facebook is just the vehicle criminals use to loot your information. We use LastPass because it is simple.

We wonder how many Facebook profiles have NOT been exposed.  

https://www.extremetech.com/internet/288907-540-million-facebook-profiles-exposed-by-2-insecure-databases

Sextortion Scams

SEXTORTION SCAM

Have you ever received one of those emails that didn't really make sense but still made the hair stand up on the back of your neck? One of those could start with a message like:  “Send bitcoin right away or else I am sending compromising photos or information to your friends and family.”

This is a new variation of an old scam. A little fear-inciting jolt that has you unsure of the nature of what the scammer is talking about… your mind races … How would they have anything I would not want to be exposed? What item or video could they have that I would want to hide? Then you think about the privacy in your own home? What device did they hack? Even if you know the claim is impossible and untrue, it is still very unsettling and a bit frightening. This new version of an old scam is called Sextortion and it preys on your fear of the unknown.

How does this scam work?

The bad guy tells you they have hacked your device/computer and they will release embarrassing information. They don’t tell you what they have, only that they have something from your personal device. It could be photos, emails or text messages. Most of the time the bad guy vaguely threatens to release the information they have stolen to your employer, your friends and your family. Sometimes the bad guys describe details of what they allegedly have on you.

What is it that they want? They’ll tell you that to avoid having your personal items exposed to everybody you have to pay them immediately using bitcoin.

Here’s the catch:

What would make you believe their claims are right when you know it can’t be right. The scammer provides just enough information from one of your hacked accounts. Equifax, Target, Facebook, Marriott, MANY more! Mine was my old MySpace account. There are too many breached companies to list them all, but in all likelihood, some of your information has been stolen. They give you just enough information, that adds credibility to their claim, to make you believe they may have something of yours that you want back. They’ll show an exposed password and/or your user name which they purchased on the dark web. By matching your email address with passwords, they have enough information to make you a little frightened. The scammers assume a small percentage of their chosen victims will react and pay the extortion fee. It’s in the numbers, 1 million emails sent, 50,000 people get nervous, 5,000 pay the $1,000 ransom and they have a $5,000,000 payday. 
That's only .5%  response on the 1,000,000 emails sent for a HUGE payday.

The 50,000 nervous people have a jump in their fear level start a Google search for how to purchase Bitcoin or think about what could they have.  OK DEEP BREATH, if you are like 99.5% of us you know you're being scammed but let us give you some advice in case you're still nervous. Don’t fall for it and don’t pay the ransom.

As proof, they may provide you with a legitimate username and password, most likely from an old account because those are the cheapest to obtain. Regardless if it is old or new, stop using the password they provided, change it immediately, especially if it is one of the 3 passwords you use. Using the same password will eventually lead the bad guys to an account that does have items you want to keep safe and private. If you use your password manager, it will assist you in changing that password as well as do a security search of your accounts for the same password. Change those as well. Rest assured, if the password they show you has been used to secure some of your other accounts, all of those accounts are also compromised. That is where the hair on the back of your neck should raise up.

If you really want to be secure and keep information private, use the two-factor authentication on your password manager. Consider the advice below by covering your camera lens with a piece of tape, post-it note or slide cover.

What should you do if you get a Sextortion email?

Even though there is no real bit behind this scam doesn’t mean you should not take some sort of action. Use the extortion scam as a cue to protect yourself online. The Federal Bureau of Investigation aka FBI advises:

• Do not pay
• Do not respond to the email
• When opening unexpected attachments from people you know, use caution because their email addresses may have been spoofed
• Change your passwords often
• See if your other email addresses and passwords have been pawned or stolen
• Stop using the password immediately (and while you’re at it, update any old passwords — using a password manager, like LastPass, is fastest)
• Never ever send compromising photos of yourself to anyone unless you want everybody to see them.
• Don’t open attachments from strangers
• Turn off your computer’s camera or put a piece of tape over it when you’re not using it

I'll reiterate, DON’T reply to the email. The more you reply, the more likely you are to expose other items or information that they will use to manipulate against you.

Why you need a Battery

Call 10D Tech at 541-243-4103 for local advice and assistance in Salem, Keizer, Corvallis, Albany, Lebanon, and Eugene. We provide Avaya Business Phones, Managed IT, Internet Services and Cyber Security through out Oregon.

The following article is copied and pasted from the Tech Advisory - June, 2017 blog. They could not have said it better.

https://www.techadvisory.org/2017/06/why-businesses-need-a-ups/

"Why businesses need a UPS

By EDITOR | Published: JUNE 21, 2017

Power outages caused by utility failure, accidents, and natural disasters such as storms, flooding, or earthquakes are inevitable. There’s very little you can do to prevent any of these from happening, but you can avoid the consequences to your business by using an Uninterruptible Power Supply (UPS).

What is an uninterruptible power supply?

An uninterruptible power supply is an essential piece of hardware that protects both your computer and your data. It provides a backup power source in case of main power failures caused by electrical current problems such as blackouts, brownouts, and power spikes.

Smaller UPS units can protect individual computers while larger models can power multiple devices or an entire office. Small businesses can opt for individual UPS units, which should be enough to back up critical computers and other devices that are key to business continuity.

Benefits of having UPS

It’s a known fact that power outages can damage or completely destroy electronic equipment, especially computers. Unexpected computer shutdown can cause great damage to your computer hardware and make you lose unsaved data. A UPS ensures you never experience such a scenario.

Here are other ways that a UPS benefits your systems:

• Uninterrupted power flow during power surges

When you have UPS, the voltage that passes from the main electrical lines to your devices is consistently stabilized. This protects your computers from power surges, which happen when the voltage in other equipment suddenly rises.

• Refined and filtered power supply

It normalizes power levels so that your computers are protected against dips and spikes caused by lightning or an abnormal power supply that usually comes from restored power after a blackout.

• Instant power during brownouts

An uninterruptible power supply guarantees your operations’ continuity. In the event of short-term interruptions, it gives you enough time to switch to a larger, more stable power supply such as a generator. But unlike a generator, it provides instant power to your equipment at the exact moment the power goes out.

Does your business need a UPS?

If you’re purchasing new computers for your small business, a UPS is an invaluable add-on. Businesses that require constant power to function such as hospitals, banks, academic institutions, manufacturing companies, and any business for which storing and processing data are critical tasks can benefit from uninterrupted power.

Determining the type of UPS for your business as well as installing and maintaining it may require the expertise of professionals. We have experts who could provide you with information on properly operating a UPS, replacing its battery, identifying devices that should never be connected to it, and other safety tips. Call us today for advice."

Simplify your life

#1 Priority: Passwords!  

Password Manager: This is the most important of all priorities in securing your network. When we do security talks to groups, nearly everybody raises their hand when asked if they use the same password or a similar password for more than 1 account or website. By using a password manager, you only need to remember a single Master password. We can show you how to make a password that is very difficult to break but easy to remember. A password manager remembers and encrypts the other 587 passwords to your accounts, websites and portals and inputs them securely when you log in. We use LastPass www.lastpass.com  

We don’t sell it but we use #LastPass because it works and it does simplify our lives.  If you are already using a password manager, Thank you. The basic #LastPass version is free, but you can upgrade to Premium #LastPass for a couple dollars a month. The free versions work great, we have upgraded to premium for some convenience features.

Reminder: Never use the same password for multiple sites.

From #Sophos here is a 30 second smile, who can relate?

It's hard to think up passwords that you can remember.

Who are the Bad Guys?

Who are the bad guys?

Globally the primary bad guys are in 1 of 4 nations, - China, Iran, Russia, North Korea. They are supporting the worst of the bad guys trying to wreak havoc on the rest of the world.  They are on an industrial espionage mission to gather secrets and harm other nations.

Conventional Cybercriminals are very active as well but, for them, monetary gain is their primary motivation. Unfortunately, the lines between cybercriminals and the transgressing nations are blurring as many of the nationally supported bad guys are moonlighting to fatten their own bank accounts. In short, the threats are wide-ranging and are coming from many sources. They are not picky, they’ll crash through any unlocked door. You have information to share that will further their efforts. We here at 10D encourage you to protect yourself, which in turn protects us … your neighbor.

If you don’t have a plan, call us, we can help. 541.243.4103

Launched Today - Business grade firewall 2.0 for your home.

Priority: FIREWALLS! – Launched today, the new version of Sophos Home brings business-grade cybersecurity to your home. REALLY important! Your internet service provider can only generically protect you. For your home here is a FREE Sophos software based firewall for each of your computers. For your business, contact 10D Tech for information on our chosen Next-Gen active firewall. The Sophos website with some fun, entertaining videos and serious information. See the future of cybersecurity with the new version of Sophos Home. hashtag#business hashtag#networking hashtag#software hashtag#protection hashtag#networksecurity hashtag#sophos hashtag#firewalls