#1 of 7 CyberSecurity Tips

We all now rely on technology. Our businesses rely on technology, big or small. Our clients find us online and use the 10D Tech website. We store confidential information and communicate via email. We download documents and research and file forms online. We manage other businesses networks.

10D Tech IS a target for bad guys. WE know IT and how to protect ourselves so that we can help our clients protect themselves. 

Numerous reports reveal that more than half of all small businesses are hit with a security breach. The financial consequences can be significant and for many, devastating. Right out of the gate, you’ll have to pay to have the systems recovered, get the data back, loss of reputation and potentially loss of your clients. 

Every organization needs to take responsibility and enable security measures to protect their business as part of the monthly reoccurring costs, like phone bills and rent. You can’t just set it up and forget it because the attack protocols change daily.  The Hollywood version of fending off a hacker attack, with streams of data scrolling across the screen is unrealistic. The image of a computer genius pounding away on a keyboard like they are replying to a political Facebook post is just comical. Most hackers are in a business network for 68 days before being discovered. They sneak in through emails, phishing links and EBKAC (Error Between Keyboard And Chair)  The bad guys are good, really good, BUT beatable with the right tools, properly configured firewalls and staff training.

Here is the first of 7 important cyber security tips.

#1. Create a clear set of security protocols.

How will you protect your business? Take some time and write it out with your IT team (10D Tech). You know your business, the IT team knows theirs. They’ll help you with the details for protecting your network, hardware and client information.   Don’t skimp here because the cost of a security failure can close your doors.

Evaluation items you should regularly ask your IT Team:

• How often do you run system updates, patches and network scans?
• Do we need to protect and back up all of our data?
• Does the staff have access to all of our sensitive data?
• What software and applications are critical, and which are optional?
• Where does the buck stop? The one throat to choke or the one back to pat?

Review the security plan every 6 months, and remember to include employee training in the security equation.  Your cybersecurity plan only protects the business if everyone knows it and follows it.

Next Tip: #2 Business Email Compromise (BEC) protection

540,000,000 - The news has become noise

Security Alert: April 3, 2019: 540 Million (540,000,000) FaceBook profiles exposed! It has become to common to keep track of them all.  

Security Advice: Stop using Facebook to log into websites & apps. Using a password manager is the single most effective tool to guarding your privacy online. Facebook is just the vehicle criminals use to loot your information. We use LastPass because it is simple.

We wonder how many Facebook profiles have NOT been exposed.  

https://www.extremetech.com/internet/288907-540-million-facebook-profiles-exposed-by-2-insecure-databases

Sextortion Scams

SEXTORTION SCAM

Have you ever received one of those emails that didn't really make sense but still made the hair stand up on the back of your neck? One of those could start with a message like:  “Send bitcoin right away or else I am sending compromising photos or information to your friends and family.”

This is a new variation of an old scam. A little fear-inciting jolt that has you unsure of the nature of what the scammer is talking about… your mind races … How would they have anything I would not want to be exposed? What item or video could they have that I would want to hide? Then you think about the privacy in your own home? What device did they hack? Even if you know the claim is impossible and untrue, it is still very unsettling and a bit frightening. This new version of an old scam is called Sextortion and it preys on your fear of the unknown.

How does this scam work?

The bad guy tells you they have hacked your device/computer and they will release embarrassing information. They don’t tell you what they have, only that they have something from your personal device. It could be photos, emails or text messages. Most of the time the bad guy vaguely threatens to release the information they have stolen to your employer, your friends and your family. Sometimes the bad guys describe details of what they allegedly have on you.

What is it that they want? They’ll tell you that to avoid having your personal items exposed to everybody you have to pay them immediately using bitcoin.

Here’s the catch:

What would make you believe their claims are right when you know it can’t be right. The scammer provides just enough information from one of your hacked accounts. Equifax, Target, Facebook, Marriott, MANY more! Mine was my old MySpace account. There are too many breached companies to list them all, but in all likelihood, some of your information has been stolen. They give you just enough information, that adds credibility to their claim, to make you believe they may have something of yours that you want back. They’ll show an exposed password and/or your user name which they purchased on the dark web. By matching your email address with passwords, they have enough information to make you a little frightened. The scammers assume a small percentage of their chosen victims will react and pay the extortion fee. It’s in the numbers, 1 million emails sent, 50,000 people get nervous, 5,000 pay the $1,000 ransom and they have a $5,000,000 payday. 
That's only .5%  response on the 1,000,000 emails sent for a HUGE payday.

The 50,000 nervous people have a jump in their fear level start a Google search for how to purchase Bitcoin or think about what could they have.  OK DEEP BREATH, if you are like 99.5% of us you know you're being scammed but let us give you some advice in case you're still nervous. Don’t fall for it and don’t pay the ransom.

As proof, they may provide you with a legitimate username and password, most likely from an old account because those are the cheapest to obtain. Regardless if it is old or new, stop using the password they provided, change it immediately, especially if it is one of the 3 passwords you use. Using the same password will eventually lead the bad guys to an account that does have items you want to keep safe and private. If you use your password manager, it will assist you in changing that password as well as do a security search of your accounts for the same password. Change those as well. Rest assured, if the password they show you has been used to secure some of your other accounts, all of those accounts are also compromised. That is where the hair on the back of your neck should raise up.

If you really want to be secure and keep information private, use the two-factor authentication on your password manager. Consider the advice below by covering your camera lens with a piece of tape, post-it note or slide cover.

What should you do if you get a Sextortion email?

Even though there is no real bit behind this scam doesn’t mean you should not take some sort of action. Use the extortion scam as a cue to protect yourself online. The Federal Bureau of Investigation aka FBI advises:

• Do not pay
• Do not respond to the email
• When opening unexpected attachments from people you know, use caution because their email addresses may have been spoofed
• Change your passwords often
• See if your other email addresses and passwords have been pawned or stolen
• Stop using the password immediately (and while you’re at it, update any old passwords — using a password manager, like LastPass, is fastest)
• Never ever send compromising photos of yourself to anyone unless you want everybody to see them.
• Don’t open attachments from strangers
• Turn off your computer’s camera or put a piece of tape over it when you’re not using it

I'll reiterate, DON’T reply to the email. The more you reply, the more likely you are to expose other items or information that they will use to manipulate against you.

Why you need a Battery

Call 10D Tech at 541-243-4103 for local advice and assistance in Salem, Keizer, Corvallis, Albany, Lebanon, and Eugene. We provide Avaya Business Phones, Managed IT, Internet Services and Cyber Security through out Oregon.

The following article is copied and pasted from the Tech Advisory - June, 2017 blog. They could not have said it better.

https://www.techadvisory.org/2017/06/why-businesses-need-a-ups/

"Why businesses need a UPS

By EDITOR | Published: JUNE 21, 2017

Power outages caused by utility failure, accidents, and natural disasters such as storms, flooding, or earthquakes are inevitable. There’s very little you can do to prevent any of these from happening, but you can avoid the consequences to your business by using an Uninterruptible Power Supply (UPS).

What is an uninterruptible power supply?

An uninterruptible power supply is an essential piece of hardware that protects both your computer and your data. It provides a backup power source in case of main power failures caused by electrical current problems such as blackouts, brownouts, and power spikes.

Smaller UPS units can protect individual computers while larger models can power multiple devices or an entire office. Small businesses can opt for individual UPS units, which should be enough to back up critical computers and other devices that are key to business continuity.

Benefits of having UPS

It’s a known fact that power outages can damage or completely destroy electronic equipment, especially computers. Unexpected computer shutdown can cause great damage to your computer hardware and make you lose unsaved data. A UPS ensures you never experience such a scenario.

Here are other ways that a UPS benefits your systems:

• Uninterrupted power flow during power surges

When you have UPS, the voltage that passes from the main electrical lines to your devices is consistently stabilized. This protects your computers from power surges, which happen when the voltage in other equipment suddenly rises.

• Refined and filtered power supply

It normalizes power levels so that your computers are protected against dips and spikes caused by lightning or an abnormal power supply that usually comes from restored power after a blackout.

• Instant power during brownouts

An uninterruptible power supply guarantees your operations’ continuity. In the event of short-term interruptions, it gives you enough time to switch to a larger, more stable power supply such as a generator. But unlike a generator, it provides instant power to your equipment at the exact moment the power goes out.

Does your business need a UPS?

If you’re purchasing new computers for your small business, a UPS is an invaluable add-on. Businesses that require constant power to function such as hospitals, banks, academic institutions, manufacturing companies, and any business for which storing and processing data are critical tasks can benefit from uninterrupted power.

Determining the type of UPS for your business as well as installing and maintaining it may require the expertise of professionals. We have experts who could provide you with information on properly operating a UPS, replacing its battery, identifying devices that should never be connected to it, and other safety tips. Call us today for advice."

Simplify your life

#1 Priority: Passwords!  

Password Manager: This is the most important of all priorities in securing your network. When we do security talks to groups, nearly everybody raises their hand when asked if they use the same password or a similar password for more than 1 account or website. By using a password manager, you only need to remember a single Master password. We can show you how to make a password that is very difficult to break but easy to remember. A password manager remembers and encrypts the other 587 passwords to your accounts, websites and portals and inputs them securely when you log in. We use LastPass www.lastpass.com  

We don’t sell it but we use #LastPass because it works and it does simplify our lives.  If you are already using a password manager, Thank you. The basic #LastPass version is free, but you can upgrade to Premium #LastPass for a couple dollars a month. The free versions work great, we have upgraded to premium for some convenience features.

Reminder: Never use the same password for multiple sites.

From #Sophos here is a 30 second smile, who can relate?

It's hard to think up passwords that you can remember.

Who are the Bad Guys?

Who are the bad guys?

Globally the primary bad guys are in 1 of 4 nations, - China, Iran, Russia, North Korea. They are supporting the worst of the bad guys trying to wreak havoc on the rest of the world.  They are on an industrial espionage mission to gather secrets and harm other nations.

Conventional Cybercriminals are very active as well but, for them, monetary gain is their primary motivation. Unfortunately, the lines between cybercriminals and the transgressing nations are blurring as many of the nationally supported bad guys are moonlighting to fatten their own bank accounts. In short, the threats are wide-ranging and are coming from many sources. They are not picky, they’ll crash through any unlocked door. You have information to share that will further their efforts. We here at 10D encourage you to protect yourself, which in turn protects us … your neighbor.

If you don’t have a plan, call us, we can help. 541.243.4103

Launched Today - Business grade firewall 2.0 for your home.

Priority: FIREWALLS! – Launched today, the new version of Sophos Home brings business-grade cybersecurity to your home. REALLY important! Your internet service provider can only generically protect you. For your home here is a FREE Sophos software based firewall for each of your computers. For your business, contact 10D Tech for information on our chosen Next-Gen active firewall. The Sophos website with some fun, entertaining videos and serious information. See the future of cybersecurity with the new version of Sophos Home. hashtag#business hashtag#networking hashtag#software hashtag#protection hashtag#networksecurity hashtag#sophos hashtag#firewalls