A Proven Method To Secure Your Business’s Network

People don’t usually think about small businesses when discussing cybersecurity. The media covers breaches in governmental and big-business security in excess. These entities usually have lucrative targets that attract the attention of hackers but are often backed up with an extremely protective network security system that’s difficult to crack. When hackers can’t break the big system, they turn their attention to easier targets.

While most hackers want the opportunity to crack a high-risk target, these situations are few and far between. Instead, they turn their attention toward much lower-hanging fruit. This is where small businesses come in; they still have access to money and data but have much lower defense than a governmental entity. Luckily, many average cyber security strategies can keep the would-be hackers away. Their methods are always changing, though, and it helps to be one step ahead of the game.

These are the best current cybersecurity strategies you can put into place.

Cloud Security

Cloud security is the protection of data stored online via cloud computing platforms from theft, leakage and deletion. As more and more businesses switch from hard-drive data storage to remote databases, this practice is becoming more and more commonplace. Methods of providing cloud security include firewalls, penetration testing and virtual private networks (VPN), to name a few. While many people feel that their data and information are better stored on a hard drive on their own network, data stored in the cloud may actually be more secure, depending on the system’s defense strategy. Be wary, though: not all cloud securities are made the same. Do your research and pick one that will best protect your data.

Network Security

Network security is the protection of the underlying networking infrastructure from unauthorized access, misuse or theft. This is what your network administrator will need to put into place in order to keep your devices and data secure. The best approach to protecting your network is to create a strong WiFi password. Random numbers and letters work best for a small business since nobody but those who need it will be able to guess the password. In addition to a strong password, you’ll also have to anticipate any type of internal attack.

VPNs And Firewalls

A VPN can help protect your security by masking your IP address. This essentially means that you’ll be connected through a different server, making it much harder for the government or websites to pinpoint your location. It also encrypts all network data by creating a secure tunnel. A firewall is simply a shield that protects your computer from the Internet. Firewalls can help restrict access to sites that could be damaging to your network. Both of these tools can be highly effective when used properly, but they do not protect against all threats.

Updates And Upgrades

While it might seem simple, consistently updating and upgrading your technology tools can keep you much more secure. The developers of many of these tools are constantly looking for new threats that pose a risk to their program. They’ll issue patches to make sure any holes are filled. You just need to make sure that all of your tools are updated in a timely manner and verify that the updates are installing.

Data Backups

You should always have multiple backups of your business’s data. You never know when a power surge or some type of natural disaster might cause your current files to be deleted. You can prevent this issue by regularly backing up your data.

Employee Training

It’s important to limit employee access to systems and data owned by your company. Not everyone needs to have access, so only give it to those who can’t work without it. There should also be some type of security training for all employees. Phishing schemes and weak passwords create just as many issues as hackers do. Finally, you should make sure everyone in your workplace is security-conscious. A single breach could critically hurt your business. Your employees need to understand this so they can be proactive as well.

No matter which route you take, the most important thing you can do for your small business is protect its network. Governmental entities and big businesses do not suffer from security lapses nearly as bad as small businesses. A security lapse could even stop your business dead in its tracks.

Call SpartanTec, Inc. now if you need professional help in securing your business and your network.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Twitch Hack Was Much Bigger Than Expected

Are you a gamer or do you broadcast on Twitch for some other reason?

If so be aware that the platform was recently hacked and the amount of information the attackers made off with is much more substantial than was originally estimated.

Some of the data has now been leaked by an anonymous user on 4Chan.

The share included a torrent link leading back to a data archive that's a staggering 125GB in size.

Along with the torrent link the anonymous poster left the following message:

"Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories."

Among other things the Twitch data contains:

• Creator payout reports from 2019 to the present day
• SOC Internal Red Teaming Tools
• A Steam competitor from Amazon Game Studios
• A listing of every other property that Twitch owns
• A number of proprietary SDKs and internal AWS services utilized by Twitch
• Twitch clients for desktop, mobile and video game consoles
• Twitch.tv including history dating back to the site's beginnings

One tidbit culled from the torrent file is the fact that the creators of the hit series "Critical Role" on Twitch was paid more than ten million dollars for their work. That's a healthy payday for a group of friends playing Dungeons and Dragons together. However unlike some of the other information in the massive archive that's not damaging.

Out of an abundance of caution Twitch has reset the stream keys for all users. If you stream content of any kind you should have already received an email about it and what steps you need to take next in order to properly secure your account.

Call SpartanTec, Inc. if you need the help of IT professionals in bolstering your cybersecurity measures to keep hackers and other online threats at bay.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

The right information can protect your firm

Cybersecurity criminals Confess: The Top 5 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

The contemporary world is rife with digital thieves. They’re penetrating the complicated data structures of huge credit-monitoring companies like Equifax, scooping up the personal information of millions of people. They’re releasing sensitive customer data to the public from discreet businesses like Ashley Madison. They’re watching webcam feeds of our celebrities without them knowing; they’re locking down the systems of public utilities like the German railway system; they’re even managing to steal thousands of gigabytes of information directly from high-profile government entities like the CIA.

They’re also targeting small businesses exactly like your own and extorting them for thousands and thousands of dollars.

When running a company, it’s vital to have a dedicated security team, equipped with the most up-to-the-minute security technology, on your side to protect you from these malicious cyber threats. But it’s not enough to leave it to somebody else. You also need to be informed. Here are five of the most common ways hackers infiltrate your network:

1 Phishing Scams
You receive an e-mail in your work inbox coming directly from a high-ranking employee with whom you’ve been working on a project. Inside is a link he needs you to click to access some “vital information,” but when you click it, it rapidly installs a host of malware on the computer, spreads through the network and locks out everyone in the company.

Phishing scams are the oldest trick in a hacker’s book – ever received one of those “Nigerian Prince” scams? – but they’re still wildly successful. Not only that, but they’re becoming increasingly more sophisticated. As Thomas Peters writes for “Newsweek,” “The best messages look like they’re trying to protect the company. One well-meaning system administrator even offered to post a PDF that could deliver malware on an internal server because it was called, ‘How to avoid a phishing attack.’” How’s that for irony?

2 Social Engineering
Social engineering is a type of “hacking” that uses real, well-intentioned people to carry out its schemes, rather than intricate lines of code.

This is especially effective for gathering sensitive information that can later be used in another type of attack – e-mail passwords used for phishing scams, for example. Maybe your IT guy receives a call from the “secretary” of one of your clients, pretending that they’re experiencing problems with your service due to some firewall, a problem that your IT professional is more than happy to help out with. Before you know it, the caller knows the ins and outs of your entire security system, or lack thereof. Social engineers have been known to use phone company customer service departments, Facebook and other services to gather Social Security or credit card numbers, prepare for digital robbery and even change the passwords to your central data network security.

3 Password Hacking
You may think that your passwords are clever and complicated, filled with exclamation points and random numbers, but it’s rarely enough. With information gathered carefully from social engineering or a simple check on your employees’ social media accounts, hackers can easily use brute-force to figure out that your password is the name of the family dog, followed by your anniversary (for example). That’s if they didn’t already manage to steal your password through one of the techniques listed above.

4 Fault Injection
Sophisticated hackers can scan your businesses’ network or software source code for weak points. Once they’re located, they can surgically attempt to crash the system through snippets of code they splice in expressly for that purpose. Different commands can do different things, whether they want to deliver a devastating virus, redirect links on your website to malicious malware or steal and erase vast swathes of information.

5 USB-based Malware
At the last conference you attended, someone probably handed out free branded USB sticks to keep their business top-of-mind. Hackers will sometimes covertly slip a bunch of infected USB sticks into a company’s stash. The instant somebody tries to use one, their computer is taken over by ransomware.

So What Can I Do About It?
It’s a scary world out there, with virtually everyone left vulnerable to digital attack. Knowing the strategies hackers deploy is half the battle. But, frankly, these techniques are constantly changing; it’s impossible to keep up by yourself.

That’s why it’s so important to utilize only the most up-to-date security solutions when protecting your business. Hackers move fast. You and your security technology need to stay one step ahead.

Call SpartanTec, Inc. now if you need the help of IT support professionals in protecting your information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

The right information can protect your firm

Cybersecurity criminals Confess: The Top 5 Tricks, Sneaky Schemes And Gimmicks They Use To Hack Your Computer Network

The contemporary world is rife with digital thieves. They’re penetrating the complicated data structures of huge credit-monitoring companies like Equifax, scooping up the personal information of millions of people. They’re releasing sensitive customer data to the public from discreet businesses like Ashley Madison. They’re watching webcam feeds of our celebrities without them knowing; they’re locking down the systems of public utilities like the German railway system; they’re even managing to steal thousands of gigabytes of information directly from high-profile government entities like the CIA.

They’re also targeting small businesses exactly like your own and extorting them for thousands and thousands of dollars.

When running a company, it’s vital to have a dedicated security team, equipped with the most up-to-the-minute security technology, on your side to protect you from these malicious cyber threats. But it’s not enough to leave it to somebody else. You also need to be informed. Here are five of the most common ways hackers infiltrate your network:

1 Phishing Scams
You receive an e-mail in your work inbox coming directly from a high-ranking employee with whom you’ve been working on a project. Inside is a link he needs you to click to access some “vital information,” but when you click it, it rapidly installs a host of malware on the computer, spreads through the network and locks out everyone in the company.

Phishing scams are the oldest trick in a hacker’s book – ever received one of those “Nigerian Prince” scams? – but they’re still wildly successful. Not only that, but they’re becoming increasingly more sophisticated. As Thomas Peters writes for “Newsweek,” “The best messages look like they’re trying to protect the company. One well-meaning system administrator even offered to post a PDF that could deliver malware on an internal server because it was called, ‘How to avoid a phishing attack.’” How’s that for irony?

2 Social Engineering
Social engineering is a type of “hacking” that uses real, well-intentioned people to carry out its schemes, rather than intricate lines of code.

This is especially effective for gathering sensitive information that can later be used in another type of attack – e-mail passwords used for phishing scams, for example. Maybe your IT guy receives a call from the “secretary” of one of your clients, pretending that they’re experiencing problems with your service due to some firewall, a problem that your IT professional is more than happy to help out with. Before you know it, the caller knows the ins and outs of your entire security system, or lack thereof. Social engineers have been known to use phone company customer service departments, Facebook and other services to gather Social Security or credit card numbers, prepare for digital robbery and even change the passwords to your central data network security.

3 Password Hacking
You may think that your passwords are clever and complicated, filled with exclamation points and random numbers, but it’s rarely enough. With information gathered carefully from social engineering or a simple check on your employees’ social media accounts, hackers can easily use brute-force to figure out that your password is the name of the family dog, followed by your anniversary (for example). That’s if they didn’t already manage to steal your password through one of the techniques listed above.

4 Fault Injection
Sophisticated hackers can scan your businesses’ network or software source code for weak points. Once they’re located, they can surgically attempt to crash the system through snippets of code they splice in expressly for that purpose. Different commands can do different things, whether they want to deliver a devastating virus, redirect links on your website to malicious malware or steal and erase vast swathes of information.

5 USB-based Malware
At the last conference you attended, someone probably handed out free branded USB sticks to keep their business top-of-mind. Hackers will sometimes covertly slip a bunch of infected USB sticks into a company’s stash. The instant somebody tries to use one, their computer is taken over by ransomware.

So What Can I Do About It?
It’s a scary world out there, with virtually everyone left vulnerable to digital attack. Knowing the strategies hackers deploy is half the battle. But, frankly, these techniques are constantly changing; it’s impossible to keep up by yourself.

That’s why it’s so important to utilize only the most up-to-date security solutions when protecting your business. Hackers move fast. You and your security technology need to stay one step ahead.

Call SpartanTec, Inc. now if you need the help of IT support professionals in protecting your information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

New Dangerous Android Malware Is Infecting Millions

Researchers from Zimperium zLabs have detected a nasty, dangerous, global malware campaign that has managed to infect more than 10 million Android devices from around the world in more than 70 different countries.

As with most malware campaigns this one relies on social engineering to spread.

The first stage of the cyberthreat or infection process is that the hackers have to get their malicious apps past the gatekeepers of the Google Play Store and other third-party app vendors.

This part is purely a numbers game but the hackers behind Grifthorse are pretty good at it. Grifthorse code has been found in more than 200 apps on the Play Store alone.

Once the poisoned apps are in position the next goal is to trick users into subscribing to paid services without their knowledge. So far the campaign has managed to steal hundreds of millions of dollars from their victims. Even worse is that in many cases users are unwittingly signed up for recurring payments that can add up quickly unless the cyberattack victims are watching their accounts closely.

Zimperium's researchers had this to say about the malware strain:

"Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros.

...one of their first victims, if they have not shut off the scam, has lost more than €200 at the time of writing. The cumulative loss of the victims adds up to a massive profit for the cybercriminal group," the researcher explained.

The numerical stats reveal that more than 10 million Android users fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time."

Don't take the Grifthorse threat lightly and if you even suspect an infection monitor your accounts closely.

Call SpartanTec, Inc. now if you need help in protecting your company against malware and other cyberthreats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence

Used with permission from Article Aggregator

Zero Day Bug Found In MacOS

A new Zero Day vulnerability in macOS has been discovered. The flaw impacts all macOS versions up to the latest release Big Sur. The bug was found by Park Minchan an independent security researcher and is tied to the way that macOS processes inteloc files. The processing methodology allows an attacker to embed malicious commands which the system will execute without any warnings or prompts visible to the user of the targeted machine.

Interloc is short for "internet location files" and have the extension "*.interloc"

A recently published SSD Secure Disclosure advisory had this to say about the newly discovered flaw:

"A vulnerability in macOS Finder allows files whose extension is inetloc to execute arbitrary commands. These files can be embedded inside emails which if the user clicks on them will execute the commands embedded inside them without providing a prompt or warning to the user."

In this particular instance Apple botched the fix quietly patching the issue without assigning it a CVE identification number.

Unfortunately the fix was only partial and at present the bug can still be exploited in some instances as described below:

"Newer versions of macOS (from Big Sur) have blocked the file:// prefix (in the com.apple.generic-internet-location) however they did a case matching causing File:// or fIle:// to bypass the check. We have notified Apple that FiLe:// (just mangling the value) doesn't appear to be blocked, but have not received any response from them since the report has been made. As far as we know, at the moment, the vulnerability has not been patched."

Park Minchan developed a proof of concept that demonstrates how the bug could be exploited but to date no cybersecurity threat actors have been discovered exploiting the flaw in the wild. It is just a matter of time however. A flaw like this represents a serious weakness in the security of the OS.

Be aware that the easiest way to exploit the bug is via malicious links embedded in emails so make sure your employees are aware of the risks.

Call SpartanTec, Inc. now and let our team help your company by coming up with strategies that will keep online threats at bay.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Recent Study Shows Alarming Insights On People And Passwords

A new study recently published by the digital identity firm Beyond Identity contains a number of surprises relating to passwords and password security. This is information that IT support professionals and small or medium-sized business owners should be aware of.

While it is not a rigorous and scientific study the results of the company's survey are beyond surprising.

Cyberseurity Here's a quick overview:

First fully one in ten people surveyed felt confident that they could guess a co-worker's password by browsing through their social media accounts. Second and nearly as surprising is the fact that just over half of those surveyed (50.1 percent) share at least some of their passwords with others with video streaming accounts leading the pack here.

Nearly as many people (44.9 percent) share passwords to their music streaming platforms. The thing that is somewhat disturbing about this is that more than one in four of those surveyed (25.7 percent) share their banking passwords.

A surprising percentage of people (22 percent) try at least occasionally to guess a co-worker's password. Nearly as many people (19.9 percent) try to guess their boss' password.

When these attempts are made 39.2 percent of the time the person attempting the guess uses personal information they know about the person. In addition 18.4 percent of the time the person attempting to guess will check the other person's social media pages and use the information there to inform their password guesses.

43.7 percent of these attempts are made to try and get into the target's email system while 32.6 percent are attempting to guess phone passwords.

We find these statistics to be as stunning as they are illuminating and they serve to highlight areas of weaknesses that likely exist in your own organization.

The good news is that there are a number of easy cybersecurity things you can do to better secure your passwords including the use of two-factor authentication and strong password generation apps,. You should absolutely take steps like these because as this report shows your passwords probably aren't nearly as secure as you imagine them to be.

Call SpartanTec, Inc. now if you need the help of IT support experts in dealing with online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Serving: Myrtle Beach, North Myrtle Beach, Columbia, Wilmington, Fayetteville, Florence