Relying on a Lucky Charm for Internet Security?

Carrying a lucky charm – four leaf clover might work for leprechauns. But when it comes to Internet abuse by employees, you’re going to need more than sheer luck… Did you know that 70% of all web traffic to Internet forbidden sites occurs during the work hours of 9 am–5 pm. Non-work-related Internet surfing results in up to a 40% loss in productivity each year at businesses.

According to a survey by International Data Corp , 30% to 40% of Internet access is spent on non-work-related browsing, and a staggering 60% of all online purchases are made during working hours. The list goes on, and the costs to your company can be staggering. What types of web sites present the greatest risk?

Categories include Dating, Gambling, Pornography, Profanity, Proxy and Travel.

Risks these types of web sites expose your business to include malware, viruses, fraud, violence, lawsuits, loss of confidential and/or proprietary data and more. Even social sites, while perhaps not quite as risky, can have a major impact on productivity. Barriers that once stood at the edges of your office network have been annihilated by digital media. Web content filtering is now crucial to network security – not to mention employee productivity – in this emerging environment. It can be deployed in a number of ways, but basically they boil down to two: Inline and Endpoint filtering.

Inline Web Filtering One way to filter web content is to control it at the entry point or gateway to your network. This technique intercepts all web traffic and applies filters that allow or block web access requests. Because the entire network is access to the user’s device is required.

With inline web filtering, there’s no need to expend resources managing content at each endpoint – your employees and their computers, whether desktop or mobile. Inline filtering not only saves bandwidth, it goes a long way toward mitigating cyber threats. For securing activities that take place within your network, it’s a critical and potent strategy.

Yet, with the shift away from traditional office-bound work routines to a work-from-anywhere culture, the effectiveness of inline filtering has diminished. When employees access the web outside your network’s gateways – via home networks, hotels, coffee shops, etc. – their devices become vulnerable to attack.

And any employee can carry an infected machine into and out of your company’s building and network on any given day, exposing your entire network to infections. And that’s why so many companies are moving to endpoint-based web filtering to complement their inline filtering.

Endpoint-Based Web Filtering Endpoint-based filtering protects employee devices from infections, no matter where they connect to the web. Software at the endpoint – your employee’s device – carries a predefined filtering policy from the central server that can be internal network-based or cloud-based.

The endpoint filter is then updated periodically from your company network. This method assures that web filtering is always active, no matter which gateway the machine connects through. The downside is that it must be rolled out and maintained at all endpoints.That being said, one advantage of endpoint-based filtering is that it addresses stringent employee privacy regulations that are quickly becoming the norm in Europe and elsewhere around the world. Because it keeps browsing-pattern information within the user’s device, endpoint based filtering provides a fairly non intrusive way to handle employee privacy concerns.

And finally, while endpoint-based filtering really is the only way to protect a network without boundaries, as most companies now have, ideally it works hand in glove with inline filtering.

Forget the Lucky Charm! You can bet on this… We highly recommend rolling out not only inline and endpoint filtering, but also an effective training program for your staff to encourage best practices and assure compliance with your company’s web security policies and procedures.

This IT Security Tip is brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

Warning Signs Of An Email Attack

As Cybercrime becomes more sophisticated the USER now becomes an easy target through an email attack. We’ve seen it all from an email with a fake resume that ended up destroying all the files on an ENTIRE network. To a pop-up message saying that your computer is infected and talk to Microsoft Support by calling 800-GOT-HACKD. When the user dialed a cyber criminal asked them to click on a remote site giving them entry into the system.

You’re probably thinking “this would never happen in my office” however the truth is it happens all the time. With increased phishing we want to make sure your network is secure and your office understands the warning signs of an email attack.

Educate your team with these Red Flags:

1. The Language Just Doesn’t Sound Right  If the language just doesn’t seem to sound right whether there are misspelled words or poor grammar choices made in the email, this is a sign that you might be dealing with a scammer.

2. There is a Sense of Urgency in The Email One thing that scammers do to try and circumvent your rational thought processes is to instill a sense of urgency to their request. They may say that there is something seriously wrong with your account or that your account may have been compromised and that you need to ACT NOW!

3. They Want You to “Verify” Something Scammers aren’t going to just come straight out and ask for your username and password so they can break into your account. They are going to take a different route that allows them to accomplish the same end result without alerting your mental defenses. Most likely the scammers are going to ask you to “verify” your account information. They will probably ask you to fill in a form so they can “verify” your information. But the result is that you are providing the information for them and they are just stealing it.

4. They Use Fear Tactics Another tactic used effectively by scammers is fear. They want you to worry that your money or something else is in danger of being lost so that you won’t be thinking clearly.

5. The E-mail’s Header Seems Very Strange The part of the message which shows the route an email took to reach you is probably going to have some inconsistencies.

This IT Security Tip is brought to you by BlackBox Connections. 

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

Safety Tips for the Internet of Things

Smart devices are now being referred to Internet of Things (IoT). A cool-sounding name, however, an IoT device is really just another computer, but one where you don’t have much say in what software runs on it, or whether it can be patched properly, or even secured at all.

There are plenty of people now, who have smart light bulbs, thermostats, cameras and security systems. We love our gadgets, and we can’t resist playing with new technologies to see how they might be used and abused. But can you join the IoT craze without having your devices turned against you?

Here are 7 tips to help you stay safe:

Many smart things support Wi-Fi so that you don’t have to plug them into your smartphone or computer every time you want to use them. If your home Wi-Fi router allows you to create separate guest networks to keep untrusted visitors off your regular network, make a special guest network for your “things” and connect them there.

Turn off Universal Plug and Play (UPnP) on your router, and on your IoT devices if possible, to prevent this exposure. Don’t assume that “no one will notice” when you hook up your device for the first time. There are specialised search engines that go out of their way to locate and index online devices, whether you wanted them to be found or not.

Keep the firmware up to date on all of your IoT devices  patching is just as important as it is on your PC. It can be time consuming to figure out whether updates are available, but why not make a habit of checking the manufacturer’s website twice a year? Treat it like changing your smoke detector batteries: a small price to pay for safety and security.

Choose passwords carefully and write them down if needed. Complexity is important, but so is uniqueness. Many IoT devices have been found to have bugs that let attackers trick them into leaking security information, such as giving away your Wi-Fi password. Remember: one device, one password.

Favor devices that can work without the cloud. IoT “things” that require a cloud service are often less secure, and potentially give way more information, than those you can control entirely from within your home. Read the packaging carefully to determine whether permanent internet access is needed for the device to function. If it’s “all-or-nothing,” then you can’t try out the device on your own network first.

Only network devices as much as you need to. If all you want from your TV is to watch broadcast television, you don’t need to connect it to the network at all. If you only want to control it or stream to it from your home network, it doesn’t need access to or from the outside. Eliminate unnecessary internet connections when possible.

Don’t take your IoT devices to work or connect them to your employer’s network without permission from IT. Insecure devices could be used by attackers as a foothold into the organization, and used to assist with data stealing and illicit surveillance. You could put your company and your job at risk.

This IT Security Tip is brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

KeyRanger – How Did the Hackers Get In? Hackers infected Macs through a tainted copy of a popular program known as Transmission a BitTorrent, which is used to transfer data through the peer-to-peer file sharing network. When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware.

“KeRanger” is programmed to stay quiet for three days after infecting a computer. Then it will connect to the attacker’s server and start encrypting files so they cannot be accessed. After encryption is completed “KeRanger” demands a ransom of 1 Bitcoin approximately $565 cdn.

How to Protect Yourself While Apple has taken steps to prevent further infections, this will do nothing to protect systems that have already been hit with the malware. Users who have directly downloaded Transmission installer from official website on March 4th will want to refer to Transmission for the proper security checks and install Transmission 2.92 which should automatically remove KeRanger.

With this recent KeRanger attack on Apple and the momentum that ransomware has been making, we strongly suggest reading our blog on tips to avoid ransomware https://3.96.205.29/tips-to-avoid-ransomware/

This IT Security Tech Tip brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business In Calgary’ magazine

A Brand New Phishing Scam

A brand new phishing scam is circulating in the workplace. Don’t let this happen to you …. It’s 3 pm and after getting a pick-me-up coffee to round out the day, you return to your desk and start going through your emails. You see an email from someone that applied for a job that you had listed. The email includes the applicant’s resume, you open the Word doc. and a WARNING pops up indicating something isn’t right. You click ‘OK’ and accept the warning.

By accepting the warning you’ve just allowed a malicious virus in which encrypted all your files on your computer, a cyber crook is asking you for 1 Bitcoin worth approximately $565 cdn.

What to do?

We recommend that you don’t pay, on the grounds that this means sending money to criminals.

Indeed, if you get hit by ransomware and you really need your files back, and you haven’t taken any precautions such as backing up, you might not have a choice but to pay.

“Prevention is better than cure” You can avoid becoming the next phishing victim by knowing these useful tips:

Back up often the ability to restore quickly undermines the attack.

Reputable antivirus software and firewall Business class firewalls and security software minimize exposure.

Block popups Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup.

Exercise caution Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

Disconnect from the Internet If you receive a Ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals.

Alert authorities Ransomware is a serious form of extortion.

This IT Security Tech Tip brought to you by BlackBox Connections.

Responsive & Affordable IT Service
We are featured in the March ‘Business In Calgary’ magazine. pg 101

News