Prevent this Hack Attack “Locky”

Prevent this Hack Attack “Locky”

Prevent this Hack Attack “Locky”

A small hospital in Henderson, KY is in a state of emergency reeling from a “Locky” ransomware attack waged by cyber criminals. The FBI reported that more recently, we’re seeing an increasing number of incidents involving so-called ‘drive-by‘ ransomware, where users can infect their computers simply by clicking on a compromised website, often lured there by a deceptive e-mail or pop-up window,” the FBI said in its report.

How did the hackers get in the Methodist Hospital’s computer network located in Henderson, KY? The criminals reportedly used new strain of malware known as “Locky” to encrypt important files. The malware spread from the initial infected machine to the entire internal network and several other systems. “Locky” ransomware is the newest ransomware variation.

The hospital is reportedly considering paying hackers the ransom money of four bitcoins, about $1,600 at the current exchange rate, for the key to unlock the files.

As with other hack attacks, you can work to avoid ransomware. Experts advise taking these steps to avoid attacks or protect yourself after an attack:

Back up often The ability to restore quickly undermines the attack.

Reputable antivirus software and firewall Business class firewalls and security software minimize exposure.

Block popups Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup.

Exercise caution Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.

Disconnect from the Internet If you receive a Ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals.

Alert authorities Ransomware is a serious form of extortion.

This IT Security Tip is brought to you by BlackBox Connections. 

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

7 Tips to Protect Your Business from Cybercrime

7 Tips to Protect Your Business from Cybercrime

7 Tips to Protect Your Business from Cybercrime

Cybercrime is on the rise and a very real threat for business owners.

To make matters worse, hackers don’t have rules, regulations, and compliance concerns, which means that small business owners must take an offensive position to security. Unfortunately, many business owners don’t seem to focus on network and system security until after they’ve been compromised, been affected, or lost data.

Security starts at the front door and needs to be well designed through technology. What can you do to protect your business from some of the threats out there today?

#1 Be deliberate about passwords and access. Make sure your staff changes passwords on a regular basis and make it mandatory to create complex passwords.

#2 Employ a layered security approach between your network and the internet. This could include: a Unified Threat Management based firewalls, URL filtering, third party spam filtering, encrypted email, and intrusion protection system and a web application filter

#3 Discuss banking security services including account controls with your commercial banker.

#4 Insist on routine vulnerability testing of your network and remediation as necessary. Make sure your company is using an advance firewall. Be sure to keep your subscriptions and patching up-to date.

#5 Make sure you educate users on what software they can use as well and what they should avoid clicking on. Implement advance filters and anti-spam services to prevent your users form getting malware and infected emails.

#6 Keep your computer operating systems and mission-critical applications running on the most current and supported versions. Update your SSL certificates and Application Programming Interface keys. Replace any machines that are running Windows XP because Microsoft stopped providing security patches for this operating system.

#7 Ensure you have a reliable data backup and recovery system so that if you must restore, you can do so quickly and efficiently.

Conclusion: The key to protecting your business is: awareness, planning, protection and ongoing auditing.

This IT Security Tip is brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

How to Buy Online Safely

How to Buy Online Safely

How to Buy Online Safely

Can you trust your common sense and intuition? Unfortunately, it isn’t practical for users to determine if a website is safe or not. Although invisible to the visiting online customer, hackers often target improperly secured legitimate websites. Being a large, well-established company is no guarantee that the site is safe!

Purchasing from a secure computer or device running the latest antivirus software, firewalls and security patches will significantly decrease your chances of becoming a victim.

Only part with sensitive information like your personal or financial details when you are fully satisfied with the legitimacy of the company. See below more key tips on How to Buy Online Safely:

Familiarize yourself with the Terms of Use and theData Protection Policy

Read the fine print. Terms can sometimes detail hidden and unexpected costs or obligations.

Only purchase through websites using encryption

URLs that start with https:// rather than http:// (the “s” stands for secure) are encrypting information during transfer. Another indicator of a website using encryption is a small padlock icon displayed in the Internet browser. However, there is no guarantee that these sites are safe, as hackers can create websites that use encryption but are designed to steal personal information.

Provide the minimum amount of personal information

Leave optional fields blank: Middle name, date of birth, mobile phone number. Many website operators request optional information alongside required information to process a business transaction.

Never share your password

Even if someone else is making the purchase for you, you should enter the password yourself and never share it with others. Also, never select the “remember my password” option on a shared computer.

Buy local where possible

When the seller is based in a different country, it can be much more difficult and expensive to resolve any issues.

Check your bank statements

Check your bank account transactions regularly, particularly after making purchases over the Internet, to be sure that all payments are legitimate.

Keep your order confirmations and receipts

Always keep important information relating to a purchase in either printed or electronic format. This information will be very useful in resolving any issues relating to the purchase.

This IT Security Tip is brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

Choosing Security and Anti-Virus Software

Choosing Security and Anti-Virus Software

Security and Anti-Virus Software is a key component of your company’s IT security. It helps protect your computers, servers, software and data from viruses, malware, hackers, spyware, dodgy emails and more.

Choosing the best security Security and Anti-Virus Software can be tricky. Many options are available from free basic software through to packages with price tags to match. Determine what you need from your security software. Not all security packages do exactly the same jobs. It’s therefore wise to map your requirements before evaluating specific options. You need to consider:

What needs protecting? How many computers and servers do you have? You may also want to install security software on mobile devices.

Do you already have any security software? You may be able to save money by using or upgrading an existing package.

How much IT expertise do you have? Some packages are easy to set up and maintain. Others require technical knowledge.

Do your staff understand IT security? You may consider giving staff members more control if you are confident they understand the risks.

Do you need to meet external standards? For example, businesses that accept cards may be required to have security software under certain regulations.

What are your future plans? If you intend to expand your business, make sure your security software allows you to add extra users or devices.

Once you have a shortlist of security packages, some other factors can help you identify which is best for your company:

Can your computers run it? Anti-virus software can demand a lot from your computer, because it’s constantly scanning files in the background. Make sure your computers comfortably exceed the software’s requirements.

Are there any potential clashes? Because security software needs to access all the data on your computer, it can occasionally clash with or block other software. Check the software’s website for known issues.

Can you afford it? A decent security package typically costs $60- $80 for three devices/ yearly subscription. Budget for ongoing update costs, as without these the software is much less effective.

If you would like more information on Security and Anti-Virus Software and hear our recommendations, please contact us.

This IT Security Tech Tip brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business In Calgary’ magazine

Relying on a Lucky Charm for Internet Security?

Relying on a Lucky Charm for Internet Security?

Relying on a Lucky Charm for Internet Security?

Carrying a lucky charm – four leaf clover might work for leprechauns. But when it comes to Internet abuse by employees, you’re going to need more than sheer luck… Did you know that 70% of all web traffic to Internet forbidden sites occurs during the work hours of 9 am–5 pm. Non-work-related Internet surfing results in up to a 40% loss in productivity each year at businesses.

According to a survey by International Data Corp , 30% to 40% of Internet access is spent on non-work-related browsing, and a staggering 60% of all online purchases are made during working hours. The list goes on, and the costs to your company can be staggering. What types of web sites present the greatest risk?

Categories include Dating, Gambling, Pornography, Profanity, Proxy and Travel.

Risks these types of web sites expose your business to include malware, viruses, fraud, violence, lawsuits, loss of confidential and/or proprietary data and more. Even social sites, while perhaps not quite as risky, can have a major impact on productivity. Barriers that once stood at the edges of your office network have been annihilated by digital media. Web content filtering is now crucial to network security – not to mention employee productivity – in this emerging environment. It can be deployed in a number of ways, but basically they boil down to two: Inline and Endpoint filtering.

Inline Web Filtering One way to filter web content is to control it at the entry point or gateway to your network. This technique intercepts all web traffic and applies filters that allow or block web access requests. Because the entire network is access to the user’s device is required.

With inline web filtering, there’s no need to expend resources managing content at each endpoint – your employees and their computers, whether desktop or mobile. Inline filtering not only saves bandwidth, it goes a long way toward mitigating cyber threats. For securing activities that take place within your network, it’s a critical and potent strategy.

Yet, with the shift away from traditional office-bound work routines to a work-from-anywhere culture, the effectiveness of inline filtering has diminished. When employees access the web outside your network’s gateways – via home networks, hotels, coffee shops, etc. – their devices become vulnerable to attack.

And any employee can carry an infected machine into and out of your company’s building and network on any given day, exposing your entire network to infections. And that’s why so many companies are moving to endpoint-based web filtering to complement their inline filtering.

Endpoint-Based Web Filtering Endpoint-based filtering protects employee devices from infections, no matter where they connect to the web. Software at the endpoint – your employee’s device – carries a predefined filtering policy from the central server that can be internal network-based or cloud-based.

The endpoint filter is then updated periodically from your company network. This method assures that web filtering is always active, no matter which gateway the machine connects through. The downside is that it must be rolled out and maintained at all endpoints.That being said, one advantage of endpoint-based filtering is that it addresses stringent employee privacy regulations that are quickly becoming the norm in Europe and elsewhere around the world. Because it keeps browsing-pattern information within the user’s device, endpoint based filtering provides a fairly non intrusive way to handle employee privacy concerns.

And finally, while endpoint-based filtering really is the only way to protect a network without boundaries, as most companies now have, ideally it works hand in glove with inline filtering.

Forget the Lucky Charm! You can bet on this… We highly recommend rolling out not only inline and endpoint filtering, but also an effective training program for your staff to encourage best practices and assure compliance with your company’s web security policies and procedures.

This IT Security Tip is brought to you by BlackBox Connections.

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine

Warning Signs Of An Email Attack!

Warning Signs Of An Email Attack!

Warning Signs Of An Email Attack

As Cybercrime becomes more sophisticated the USER now becomes an easy target through an email attack. We’ve seen it all from an email with a fake resume that ended up destroying all the files on an ENTIRE network. To a pop-up message saying that your computer is infected and talk to Microsoft Support by calling 800-GOT-HACKD. When the user dialed a cyber criminal asked them to click on a remote site giving them entry into the system.

You’re probably thinking “this would never happen in my office” however the truth is it happens all the time. With increased phishing we want to make sure your network is secure and your office understands the warning signs of an email attack.

Educate your team with these Red Flags:

1. The Language Just Doesn’t Sound Right  If the language just doesn’t seem to sound right whether there are misspelled words or poor grammar choices made in the email, this is a sign that you might be dealing with a scammer.

2. There is a Sense of Urgency in The Email One thing that scammers do to try and circumvent your rational thought processes is to instill a sense of urgency to their request. They may say that there is something seriously wrong with your account or that your account may have been compromised and that you need to ACT NOW!

3. They Want You to “Verify” Something Scammers aren’t going to just come straight out and ask for your username and password so they can break into your account. They are going to take a different route that allows them to accomplish the same end result without alerting your mental defenses. Most likely the scammers are going to ask you to “verify” your account information. They will probably ask you to fill in a form so they can “verify” your information. But the result is that you are providing the information for them and they are just stealing it.

4. They Use Fear Tactics Another tactic used effectively by scammers is fear. They want you to worry that your money or something else is in danger of being lost so that you won’t be thinking clearly.

5. The E-mail’s Header Seems Very Strange The part of the message which shows the route an email took to reach you is probably going to have some inconsistencies.

This IT Security Tip is brought to you by BlackBox Connections. 

You Want Secure IT with Fast Response at the Best Price!
We are featured on Page 101 in the March ‘Business in Calgary’ magazine