securewebsite

Scam of the Week: Mobile Phishing on the Rise

July 19, 2018 by securewebsite

The bad guys are trying to trick you on your mobile device! Users are three times more likely to click on a suspicious link on their mobile device than on a desktop, and the bad guys are taking advantage of this. They will send you malicious links through email, social media (Facebook messenger), and text messages.

Don’t be their next target! If you’re using your mobile device and receive a suspicious message, or you cannot see where a link is taking you, don’t click! Instead, wait until you can view the message on a desktop, or delete the message altogether.

Let’s stay safe out there!

Stop, Look, and Think. Don’t be fooled.

Multi-factor authentication: A necessity for today’s businesses

July 9, 2018 by securewebsite

Just recently I had a client contact me here at Oram about a serious security issue. Another business they work with was hacked and it nearly ended up costing my client big money. The worst part about the whole situation is that with the right technology in place, it could have been easily prevented.

The Problem Hack

The client called in to say he had wired his travel agent about €1.4 million (or roughly $1.63 million U.S.) for an extended European family vacation. Well, lo and behold, the travel agency’s email was hacked. Turns out a hacker, not the travel agent, had been communicating with my client for the entire month. My client thought he was planning this event with the travel agent when, in fact, he was communicating with a cybercriminal. Everything culminated when the hacker, posing as the agent, sent my client the wiring instructions for the funds.

The way that this hack presented itself was that a person in Germany deployed a phishing scheme to compromise the travel agent’s email. The hacker had been monitoring the agent’s email for a number of weeks and was just waiting for some event like my client’s to occur so they could then interrupt the communications.

The reason the travel agent was none the wiser is that the hacker also set up rules in the mailbox so that any time a communication came in from my client, it would go straight into the deleted items. This made it so the travel agent had no idea that someone else was communicating by email with my client.

Luckily, this scenario ended on a positive note. My client was able to get all of his money back. The FBI is now involved with the situation to try and catch this criminal. Without Oram, the travel agency would never have been alerted to the hack and may have seen more of its customers defrauded of their funds.

Passwords Aren’t Enough

The reality is that the majority of data breaches occurring today are the result of compromised authentication. Though having a strong password is a great start for implementing security, just having this one step in place can leave your network incredibly vulnerable. That’s why multi-factor authentication (MFA) is so important, particularly for securing your business’s most valuable data.

According to the 2017 Cost of Data Breach Study by the Ponemon Institute, data breaches cost businesses millions of dollars each year in the U.S. alone. The study also shows the likelihood of a business experiencing a recurring material data breach within the next two years after an initial hack is nearly 28 percent. Data breaches are the most expensive to deal with in the United States and Canada, costing $225 million and $190 million respectively. The average total organizational cost of breaches in the United States found in the 2017 study was a whopping $7.35 million.

Why Your Email Is Key

The reason hackers want into your email is that it can lead to a huge payday. With access to your email, a cybercriminal can log into any account you have by simply clicking on “forgot my password.” This allows them to create a new password using your email.

Access to your email allows criminals to create new, fraudulent accounts in your name. They can use your identity and email address to open new accounts and create their own passwords. From there, the possibilities are limitless from ordering goods online to withdrawing your entire life savings.

In addition to your business being negatively impacted, the friends and connections in your email network can also be put at risk for infection. Or, in the case of my client, hackers can steal access to your clients and could possibly ruin solid business relationships. Many criminals even sell access to hacked email accounts on the black market. The amount of damage that can be done in less than an hour is astounding.

How It Works

Multi-factor authentication is a security system that requires more than one method of authentication to verify a user’s identity. This can range from requiring passwords that must periodically be changed by legitimate users to requiring a one-time PIN provided via smartphone for access.

Without having all of the required pieces of information, a user would not be able to log in successfully. This means better protection for you and your business. Multi-factor authentication can help secure everything on your business network from logging into your server to shared resources and employees who bring their own devices to work. Some larger organizations that use MFA that you are probably familiar with include Google and PayPal. Most financial and medical institutions also employ MFA as well.

Our Recommendation

The moral of the story is that whether you are using personal email or corporate email, you need MFA. Had my client’s travel agent employed MFA, this hack would likely have never occurred. The would-be criminal would have likely hit a brick wall of security and moved on to a less secure target.

While Oram already recommends multifactor authentication, going forward, we are requiring our clients to utilize MFA for everything possible from email and icloud accounts to banking and financial sites. The reasoning behind this is that MFA significantly reduces the risk that a cybercriminal could access your most important systems. Additionally, it adds extra layers of security that will make your network and other proprietary systems that much more difficult to breach.

If you would like to learn more about multi-factor authentication or other ways to better secure your business, we are happy to assist you. Call Oram today at (617) 933-5060 or visit us online.

Putting out fires all day? You could use an awesome IT partner!

May 16, 2018 by securewebsite

If you feel like you’re putting out a million fires each day and can’t think far into the future for more IT requests, we can help! We’d love to be your partner to alleviate some of the many hats CIOs must wear.

Team inspiration

May 16, 2018 by securewebsite

“Inspiration is what carries us over the long term, connected to what is driving us to pursue our potential.”

7 ways to spring clean your business network

May 14, 2018 by securewebsite

Now that we’ve officially sent winter packing, have you started organizing or cleaning at home or in the office? Spring is a great time to clear out the clutter. Here are seven spring cleaning strategies you should include to help your business network run at peak performance.

Map your network. Mapping out all of the connections of your business data is crucial, not only for knowing what everything entails but also for understanding whether you have security at all of your “entrances” and knowing where to look if you encounter network down times. You could do this by hand, use software such as Visio, use cloud-based mapping tools or work with an IT consultant to diagram all of the pieces. We’d be happy to help review your network with you.
Create or review your downtime troubleshooting step. When your network goes down, business comes to a halt. Do you have the steps in place to recover when that happens? If so, when was the last time you reviewed them for accuracy or updates? Make today the day you create the procedure if you don’t have one.
Schedule cyber security employee training today. You can invest in the best software and hardware for protecting your business against cyber threats, but if you aren’t training your employees, your life raft can be full of holes. Set up those classes right now and get everyone involved with protecting your data. Teach them to prevent it, flag it, report it and respond to it.
Evaluate your relationship with your tech. Are your software and hardware solutions working FOR you or AGAINST you? Technology should be enhancing your skills, not hampering them. Evaluate your business technology and determine if it’s helping to drive your business forward or if it’s become outdated and lags behind.
Clean out your inbox. Are you mass deleting or ignoring a bunch of emails that showed up after attending webinars, downloading white papers or requesting additional information? Take the time to scroll to the bottom of those emails and find the unsubscribe button. Get rid of the digital distractions (and the possibility of any containing unsafe links!).
Physically clean your equipment. When was the last time you cleaned out dirt and dust build up from computers, printers, keyboards and more? Grab a can of compressed air or a small vacuum and protect equipment from overheating or breaking down.
Partner with us to provide managed network services. You need to provide critical infrastructure for your business’s valuable data while supporting the daily workflow and processes of your business. Don’t feel overwhelmed. We have a trusted team of network engineers waiting for your call. Let’s connect.

Do you virtually lock the doors at night for your business?

May 11, 2018 by securewebsite

When you go to bed for the night at home, you lock your doors and windows and set the alarm. Are you doing the same for your business virtually?

« Previous Page