Only 33 Percent Of People Change Password After Data Breach

Protect Your Company Data Webinar
June 25  1:00 EST
Register Here

 

A new study was published by researchers from the Carnegie Mellon University's Security and Privacy Institute and was presented at the 2020 IEEE Workshop on Technology and Consumer Protection.

The study has grim news for IT Security Professionals.

The key finding in the report is that only about one third of users will change their passwords after a company announces a data breach. This information was based not on survey responses, but on browser histories collected from the 249 participants who volunteered to open up their browser history for the purpose of the research.

The browser history data was collected between January 2017 and December 2018 and included both a complete map of all of the websites each participant visited during that time, and the passwords used by each user to access sites that required a login.

Over the course of the study, only 63 participants had accounts on breached domains during the data collection period, and of those, only 21 (33 percent) changed their passwords. Worse, 6 of the 21 took longer than 3 months to do so.

If that wasn't disheartening enough, most of the changed passwords were highly similar to the old password used. They were similar enough that simple brute-force techniques would be successful in giving a hacker access to the accounts in question, even after the password change.

It should be noted that this study was quite small in scale and limited in scope, so additional studies should be conducted to see if the trend holds up over time. However, it does provide a valuable, and worrisome data point that should give IT Professionals pause.

Education is the best way to combat this, but few companies spend the time and resources necessary to truly impart the seriousness of the consequences of a data breach. In addition, the message simply isn't getting through. That's unfortunate, and it could have tragic consequences, both at the personal and Enterprise level.

Call SpartanTec, Inc. if you need help in securing your business or client information.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Tips For Protecting Your Business Printers From Getting Hacked

Companies invest on resources that could help keep their devices and technology secure, however, they tend to overlook one important piece of hardware, the printer. Business printers, just like Wi-Fi networks and computers, could become an entry point for cybercriminals and hackers as well as a gateway to the sensitive information of your business. Here are a few things you need to know about making sure that your printers are safe and secure.

Why are business printers vulnerable to cyberattacks?

When evaluating the threats to network security, firms mainly focus on computers and servers not just because they are the ones that are most susceptible to external threats, but also since they get the bulk of online attacks. Printers are usually at the bottom of the list because they are not the main targets. Aside from that, their functions appear to be internal because they don’t interact with the external systems.

However, it is exactly because of their main functions, primarily scanning and printing, that make printers the perfect target of cybercriminals. Companies run crucial documents like employee information, tax forms, financial statements, and even medical records through printers and cybercriminals would love to have access to these information.

And they can easily do it.

Network printers store past print jobs in the hard drive, in some cases including those that were cancelled. If anybody tries to access the printer, even remotely, they might be able to see these important information by using a specialized tool to hack into a printer.

Files may also be hacked during wireless transmission since modern printers could now be linked to the internet. Hackers can exploit the open network ports of your printer to view data and they could also take control of vulnerable printers and send their own data through it.

How To Protect Printers

You should not disregard business printers when you are planning a cybersecurity approach. Always keep your printers secure by adhering to these basic practices:

• Always monitor your network
• Install printer software patches and updates right away.
• Always change the administration login and default password.
• Only allow devices that are owned by the company to connect to your printer.
• You should only use secure connections when linking to the printer.
• Don’t access your printer through a public internet connection.
• Use a firewall to restrict access to your printer.
• Prevent unauthorized access by requiring users to key in a PIN before they could print documents especially if you have a wireless printer.
• Don’t connect your printer to just any network especially if you are handling classified data. You should connect it directly to your computer by using data cables. You can also print using a thumb drive.
• Enable manual feeds so you can secure your printouts. With this setting, a user needs to input paper manually so there are less risks of dealing with stolen documents or leaving these important documents in the printing area.

Partnering with an IT company is also a good way to secure your business printers. IT experts do not just deal with your printed related problems but also other computer security concerns.

Call SpartanTec, Inc. and let our experts help you thwart cyber attacks, reduce your IT management costs, and keep your printer safe and secure.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

New Data Breach Affected Some Bank Of America Loan Applicants

If you're like many business owners, you may have recently applied for a loan through the Paycheck Protection Program (PPP) which was one of the COVID-19 relief funds established by the Federal government in response to the global pandemic.

If you applied for that loan through Bank of America, be advised that the company recently disclosed a security incident that impacted its online platform for processing those loan requests. The company says that it is possible that other lenders or organizations may have temporarily had access to significant portions of your application data.

The breached data included, but was not limited to:

• Your business' name and physical address
• Designated company contact officials
• Your firm's Tax Identification Number
• The name of the company owner
• The Social Security Number of the company owner, as well as the owner's email address, phone number and citizenship

Based on the initial findings of an investigation into the matter, Bank of America says that an SBA test server was at the root of the problem.

Per a company spokesman, "...this platform was designed to allow authorized lenders to test the process for submitting PPP applications to the SBA prior to the actual submission process."

The company's official words on the matter makes the issue seem rather insignificant, but there's more. Some business owners have reported that when they logged back into the system to check the status of their loan application, they could see the details of other loan applicants in their dashboard. That means that potentially, many more people than just 'authorized lenders' may have seen the details of your loan application.

The investigation is still ongoing, and so far, Bank of America has declined to comment on the growing number of reports described above, or offered any additional information. If you submitted your application to the PPP loan program by way of Bank of America, just be advised that for a brief period of time, others may have gained access to your application details, and that the problem that caused it has now been solved.

Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID complements that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime.

SpartanTec, Inc. is a local BullPhish agent. Contact us today for details.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Emails Saying Your Antivirus Is Expired Are Likely A Scam

A great many companies selling antivirus software have affiliate programs that help them expand their reach. Each time an affiliate sells a copy of the software, they get a cut.

It's a good business model used in a wide range of industries, and antivirus software companies have strict rules governing how their affiliates can market.

Unfortunately, not everyone plays by the rules. Recently, BleepingComputer sounded the alarm after being made aware of a scammy email campaign that uses deceptive marketing to try and convince people to buy their product.

The emails claim that the recipient's antivirus software is out of date, and provides convenient links allowing them to renew. The problem is, their software isn't out of date at all. It's a lie, designed to frighten people who aren't necessarily tech savvy into spending money they don't need to spend, all in the name of lining someone's pocket.

All scams take advantage of a few basic realities of modern life: Many people are too busy to check themselves to see exactly when their antivirus software expires. Many more simply don't know how. In both cases, an email recipient is likely to just sigh, pull out his or her credit card and spend a few bucks to keep the machine they're on protected.

It's easy to understand why the scam works, but that makes it no less despicable.

If you know anyone who isn't especially computer savvy and you feel they might fall victim to a scam like this, here is what to do. Gently remind them that whatever antivirus software they're using, the software itself will remind them when it's about to expire. There is no email needed, and before they spend any money, it's better to do some checking to verify that their expiration date is approaching. If they don't know how to check, they almost certainly know someone who does.

We may not be able to keep these scammers from ripping people off, but we can certainly put a dent in their profits, and that's a very good thing.

Call SpartanTec, Inc. if you need the help of an IT team in making sure that your emails, computer, and network are safe and secure from online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Protecting Your Business From Malware

Consumers and businesses face a serious threat called cyberattacks. It has now become a national security concern given the nationwide effect of large scale attacks.

A report from Kaspersky Lab revealed that over 100 banks across the globe has incurred as much as $1 billion losses from a cyberattack that took place back in 2013. Financial institutions from counties like Ukraine, Germany, China, United States, and Russia were affected. The malware that was used in this elaborate attack, got into and extracted information and exploited the weaknesses in the Microsoft Office files that were sent via email.

Another research revealed that a data breach can cost as much as $3.62 million, which makes it one of the costliest threats that businesses can face. It is believed that the damages caused by cybercrime will cost as much as $6 trillion per year by 2021.

Cybersecurity Tips For Businesses

Be Aware

You should be the first person to know about the kinds of cybersecurity threats that your business might face. One common source of weak systems is having a false sense of security. It is important to know the common threats and how you can protect your business.

Network Security Is Crucial

Your first line of defense against cyberattacks is the firewall. Your business is connected to the internet through different apps like media streaming, VoIP, and email. Your firewall must be able to monitor the threats that are coming from various connections. Additionally, you should consider creating a private network so you will have more control over your security.

Invest In Security

Installing an anti-virus software isn’t enough. The assets of your business needs to be protected by several layers of security. Anti-malware, anti-virus, as well as anti-ransomware suites are only a few of the tools that your small business should have. These applications could also assess the weakness of your security system.

Update Everything

You have to schedule regular updates. Malware can evolve rapidly and your security applications require updates and patches regularly

Encrypt Your Data

If hackers breach your computer security, the encryption is your next level of protection. Encryption works by encoding your data, which makes it useless to attacks conducted by third party groups. Most software firms provide encryption apps that are suitable for your needs.

Protect Your Hardware

Don’t forget that your hardware is also not safe. Stolen thumb drives, laptops, and hard drives with company information could very well be what cybercriminals want. Strong security in the premises of your businesses is important. You should not only protect your data but your physical assets, too, which means you need computer security.

Create A Security Policy

The greatest security threats are people. A single employee who clicks on a suspicious link accidentally can cost your business. Make sure that you integrate policies in the operations of your company. You should educate your staff about the various online threats and how they can prevent them.

Create Strong Passwords

You need to enforce strong passwords. All the things that are accessed in the company, from back accounts to emails, must be protected by strong passwords. A strong password must be at least 12 characters long. Concentrate on the sentences that you can easily remember or nice to think about.

Setup An Emergency Response Plan

Despite all the protection you have, you should still expect the worst to happen. You should create company guidelines that will allow you to detect probably attacks, what needs to be done during an attack, and what to do after an attack.

Backup Your Files

Backups can help save you the inconvenience of beginning from scratch. If ever a cyberattack happens, your next priority is to make sure that your business operations return to normal as soon as possible. Update your backups regularly as this will help you make sure that things run smoothly and suffer minor losses only.

Small and medium sized businesses, as well as large corporations, are common targets of cyberattacks. Be better prepared to face and deal with online threats. Call SpartanTec, Inc. now.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

In Utah, Hydrogen & Massive Salt Dome Are Winning The West For Renewable Energy

Remember the excitement about hydrogen early this century? The lightest element on the periodic table was touted as a cure-all for energy needs in everything from portable devices to high rises.

Mike Ducker remembers. He was an engineer for the U.S. Department of Energy at the time, and part of his job was to evaluate the potential of energy solutions such as hydrogen.

Ducker saw hydrogen’s potential in generating energy—but he also saw the cold, hard numbers. In the early 2000s, hydrogen was too expensive to be practical as a power generation fuel. There was no overabundance of excess renewable electricity that could be used to create renewable hydrogen. It had little hope of gaining traction without a number of improvements to make it more cost-effective, and power storage was not yet a high priority for utilities and governmental leaders.

“There was a lot of buzz, but clearly that fizzled out,” Ducker says. “Fifteen years later, the dynamics are fundamentally different. Just in the past year, there’s been overwhelming interest in storing renewable power, particularly in the western United States where curtailment of renewable power generation is now a routine occurrence.”

Last December, Ducker and his family were living in Pittsburgh, where he was senior director of New Product Solutions & Operations for Mitsubishi Hitachi Power Systems (MHPS), part of Mitsubishi Heavy Industries (MHI) Group.

One day, he got a call from MHPS Americas president and CEO Paul Browning: Things were moving on the hydrogen front. California was aggressively pushing to decarbonize its energy supply, and MHPS, in partnership with Utah-based Magnum Development, was to play a key role in developing a hydrogen-based renewable energy storage complex that could enable continued decarbonization of the West. The project, known as Advanced Clean Energy Storage (ACES), will be the first utility-scale renewable hydrogen creation, storage and transmission project.

“I would not move my entire family 2,000 miles across the country if I didn’t truly believe this has the potential to do what we hoped for [with hydrogen] 15 years ago.”

Mike Ducker

ACES needed a knowledgeable leader who could take hydrogen storage into the mainstream. Are you interested? Browning asked Ducker. The answer came quickly.

“Within four weeks, we had our bags packed and we set off across the country with our two young children and puppy from Pittsburgh to Salt Lake City,” says Ducker, who became the new vice president, Renewable Fuels & Western Region, for MHPS. “I would not move my entire family 2,000 miles across the country if I didn’t truly believe this is the right timing and has the potential to do what we hoped for [with hydrogen] 15 years ago.”

A Salt Dome Solution

The three biggest challenges in using hydrogen to store clean energy are converting renewable electricity to hydrogen affordably, storing large amounts of hydrogen for long periods of time at low cost and converting the hydrogen back to electricity at low cost and high efficiency.

Ducker knew that his colleagues at MHPS had a development program to use hydrogen as a fuel in their largest and most efficient gas turbine. He also knew that the electrolysis products to convert electricity to hydrogen existed and could be cost-reduced through improved economies of scale.

Hydrogen storage at substantial and affordable scale, however, had been a real barrier.

Enter the salt dome beneath Delta, Utah. Salt domes are underground salt formations, huge saline globes that intrude into other strata of the earth. Given salt’s impermeability, they can be hollowed out and used as underground storage for liquid and gas fuels.

Creating a storage cavern at Delta involves a sophisticated subterranean engineering process.

A large customer of MHPS recognized that the Delta dome was a viable candidate for hydrogen storage in the western U.S. and gave Browning the contact information of the Magnum development team. Browning discussed this with Dave Hunt, MHPS senior vice president for North America, who earlier in his career had worked in the hydrogen industry. A “light bulb went off at MHPS,” says Ducker, “and Hunt worked quickly, laying out the details of the hydrogen strategy and creating the partnership with Magnum.”

Now, MHPS and Magnum are co-developing the Delta salt dome for hydrogen storage.

Creating a storage cavern at Delta involves a sophisticated subterranean engineering process. Water is injected into a dome, creating a brine solution that is then pumped out. The resulting caverns are cylindrical and typically between 150 and 300 feet in diameter and 1,000 and 1,500 feet deep. A single cavern can contain enough pressurized hydrogen to produce 150,000 megawatt hours of energy. You would need 40,000 shipping containers of lithium-ion batteries for the same megawatt hours.

This kind of underground hydrogen storage is a proven technology. In Texas, salt caverns have been used to store hydrogen produced from natural gas since the 1980s. However, ACES will represent the first utility-scale implementation of renewable hydrogen for energy storage, industrial and transportation applications.

The huge salt dome in Delta could potentially house as many as 100 storage caverns.

Hydrogen In The Bigger Picture

The significance of ACES stems from the fact that an increasing percentage of renewable energy goes to waste for lack of an adequate storage solution. While battery storage has become increasingly affordable for short durations of time (a few hours), storage is also needed on a seasonal basis in the American West. In the spring, the combination of lower temperatures, copious sunlight, strong winds and snowmelt leads to large energy surpluses that go unused—or “curtailed,” in industry parlance—to the tune of hundreds of thousands of megawatt hours.

Hydrogen could go from being wishful thinking to an essential part of California’s push to reach 100 percent zero-carbon electricity.

In the near future, that energy will generate hydrogen through electrolysis. The resulting hydrogen will be stored in the ACES salt cavern and then tapped in periods of higher energy demand. “One of our caverns has the capacity to store the entire state of California’s monthly curtailed energy,” Ducker says.

Customers are investing in hydrogen-capable technology. For example, Intermountain Power Agency (IPA) will retire its coal units at the Intermountain Power Plant (IPP) in 2025. They will replace them with MHPS’s highly efficient gas turbine combined cycle technology, which will initially be capable of utilizing 30% renewable hydrogen as a clean energy fuel and will reach 100% renewable hydrogen capability by 2045. This plant will supply stored renewable power to the Los Angeles basin and other power users throughout California and Utah.

In just a few years, hydrogen could go from being wishful thinking to an essential part of California’s push to reach 100% zero-carbon electricity by 2045.

“If state governments and utilities are going to achieve aggressive decarbonization targets in the coming years, long-duration renewable power storage using hydrogen has to be part of the answer,” Ducker says. “This is truly a change in power.”

Read the original article here.

Call SpartanTec, Inc. if you are looking for a company that provides reliable managed IT services that's easy on the budget.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/

Payment Protection & Stimulus Programs Are Being Used By Scammers

Just about everyone in the country has been negatively impacted by the pandemic.

That is why the government is sending relief via the Payment Protection Program, the stimulus program, and other programs.

These programs are aimed directly at small and medium sized businesses to help keep them afloat until life can get back to normal.

Unfortunately, the world's hackers, scammers and phishers never let an opportunity go to waste, and they're getting in on the action.

According to IBM's X-Force, multiple spam campaigns are currently ongoing, with the scammers convincingly impersonating the US Small Business Administration, promising government relief fund to struggling businesses. The program itself actually exists and is 100 percent legitimate, but of course, the emails sent out by these scam groups simply offer a convincing spoof of the actual program.

Here's how it works:

The victim gets an email that, by all appearances, comes from the Federal Government. It outlines what the program does and indicates that a business owner who clicks the embedded link is just a few minutes away from being able to secure the financial aid his company needs.

To get the help, all you have to do is follow the link, enter your online banking login credentials, and let the government wire you some badly needed funds. Except of course, no funds are ever forthcoming. All the scammers wanted was a way into your online accounts so they could drain them dry.

In fact, if you enter your login credentials, you'll get an error message stating that there was a problem and that you must have entered your user name and password incorrectly. In the meanwhile, of course, the login information you just entered has already been sent to the owners of the webpage to use as they set fit.

It's a pity that the hackers and scammers have no shame, and that even in the face of a global pandemic, we have to deal with them in addition to the stress and chaos going on all around us. . Given that there's no end in sight where the pandemic is concerned, this is going to be an ongoing problem. Stay on your guard.

Call SpartanTec, Inc. and let our team of IT experts set up the most effective cybersecurity measures against the most common online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
(843) 420-9760
https://www.spartantec.com/