securewebsite

This Week in Breach: Quest Diagnostics

June 13, 2019 by securewebsite

Exploit: Unauthorized network access

Quest Diagnostics: Clinical laboratory company with operations in the United States, the United Kingdom, Mexico, and Brazil.

Risk to Small Business: Severe: A collection firm partnering with Quest Diagnostics encountered a data breach that directly impacted nearly 12 million of the lab’s patients. In response, Quest is partnering with a third-party cybersecurity organization to ensure proper breach notification standards are followed. Even though the event precipitated at a separate organization, Quest Diagnostics will bear the financial and reputational burden of a data breach that has compromised the most sensitive information in people’s lives: the type that is related to their health.

Individual Risk: Severe: The scope of this incident is astounding, and it includes patient information, financial data, social security numbers, along with other medical data. While test results were not included in the breach, this extensive trove of valuable information can quickly make its way to the Dark Web, and those impacted by the breach should attain the services necessary to know what happens to their information after it’s compromised.

Customers Impacted: 11.9 million
How it Could Affect Your Customers’ Business: Caring for customers in the wake of a data breach should be any company’s top priority. Although Quest Diagnostics is working diligently to notify those impacted by the breach, much more is required to adequately make reparations. Since sensitive personal information has a significant market on the Dark Web, providing services to help customers understand what happens to their data is an excellent place to start.

In Other News: Phishing Scams Are Getting More Sophisticated

Phishing scams, already a significant headache for companies of all sizes, are becoming more complicated. A recent study found that nearly half of all phishing attacks are polymorphic, meaning that they can implement slight but significant changes to multichannel formats and become more difficult to detect or prevent.

For instance, polymorphic phishing scams will use different email addresses, content, subject lines, sender names, or other features. Therefore, recipients are forced to fend off various versions of the same attack.

Phishing scams, which are frequently used to deliver malicious malware and ransomware, rely on users’ ambivalence to be successful, and they are defendable with proper training and preparation from qualified MSPs. With polymorphic phishing scams on the rise, yesterday’s technical safeguards are being bypassed through sophistication, and the importance of cybersecurity awareness continues to grow in magnitude.

Scam of the Week: Think Before You Tweet

June 12, 2019 by securewebsite

If you’ve ever used social media to make a complaint about a company, you’d know that many organizations are quick to respond to this public expression. But have you ever stopped to question whether the account responding to your concern is really someone from the company?

Recently, fraudsters have taken to social media platforms to trick people into falling for their “help” and giving away their personal information. For example, a woman was upset with her broadband services so she took to Twitter to complain about her provider. She promptly received a response from an account appearing to be the customer service team for this company. The “customer service team” was able to gain personal information, and even banking information from her by using lines like: “I’m having trouble locating your account” and “I’ll first need to ask you a security question”. The woman soon found her bank account emptied out and several loans taken out under her name.
Clearly, this customer service team wasn’t helping anyone aside from themselves.

Remember the following to protect yourself:

Never trust that an account is legitimate based on their Twitter “handle”, or any other “name” on social media. Just because the company name is present, doesn’t make it valid.
A legitimate organization would never ask you for sensitive data like your bank account information. If it sounds like a strange request, then it probably is.
If you’re having trouble with a product or service, log in to your account or reach out to their customer support channels, yourself. Never trust a response you receive after making a public complaint on social media or anywhere else online.

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: Checkers Drive-In

June 6, 2019 by securewebsite

Exploit: Malware

Checkers Drive-in Restaurants Inc.: Fast food chain operating in 28 states

Risk to Small Business: Severe: Hackers successfully infected 102 of the company’s point-of-sale systems with malware that stole customers’ payment information. The restaurant chain has elicited the support of law enforcement authorities and third-party security experts to remove the corrupted software from their systems. They will now face the considerable costs of digital infrastructure repair and reputational costs that could discourage people from visiting their restaurants.

Individual Risk: Severe: Attackers gained access to information stored on the credit or debit cards’ magnetic strips. This includes cardholder names, payment card numbers, verification codes, and expiration dates. This extensive payment information can quickly make its way to the Dark Web or be redeployed as a payment method on other websites. All customers should review their account statements for suspicious activity while also procuring credit monitoring services.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business: Any company reliant on point-of-sale exchanges with their customers must be especially vigilant about protecting the integrity of these systems. Not only is it incredibly costly to repair the technological infrastructure, but the cascading consequences of reputational damage can be even more profound. Companies can (and should) demonstrate their commitment to protecting their employees and customers by taking proactive measures to prevent future breaches.

In Other News: Stolen NSA Tool May Be Responsible for Rash of Ransomware Attacks

Ransomware attacks on local governments have become alarmingly prevalent, and they may have an unlikely source – a cyber weapon developed by the U.S. National Security Agency (NSA). In 2017, the NSA lost control of one of its most impactful weapons, code-named EternalBlue, and it now lies in the hands of independent bad actors and state sponsored hackers.

The impact on local governments has been immense. While some cities refuse to pay the ransom, many are left with little choice but to pay up to restore access to their digital infrastructure. At the same time, the additional security costs have made it difficult for cash-strapped governments to combat the threat.

With so much on the line, a comprehensive ransomware response plan has never been more important. Since most ransomware originates as phishing scams sent to employee email accounts, this also means that proper training can be worth its weight in gold, or at least in Bitcoin.

Scam of the Week: Brand Impersonation Attacks Are at an All-Time High

June 5, 2019 by securewebsite

According to recent reports, phishing attacks that use brand impersonation are at an all-time high. Cyber criminals are posing as familiar companies so they can trick you and get access to your account in order to steal sensitive data or target additional employees.

Here’s how it typically happens: Attackers send you a standard-looking email appearing to be from a service or company that you use, such as Office 365. Clicking the link in the email will take you to a fake (but very realistic) login page. The most deceiving part of some of these fake pages is that the web address appears to be safe. The URL may end with a legitimate domain like “windows.net”, because the bad guys are hosting these pages with Microsoft’s Azure cloud services. If you enter your information here, the bad guys will gain access to one or more of your accounts which they can use to steal data or plan further attacks on your organization.

Remember the following to protect yourself from your inbox:

Look out for strange or suspicious domains in sender addresses. Even if the domain looks legitimate, check again. Does the email say “micronsoft.com” instead of “microsoft.com”?
Before clicking, always hover over links to see where they are taking you. Never click on a link in a message unless you’re certain the sender is legitimate.
Whenever you get an email from an online service you use, log in to your account through your browser (not through links in the email) to check whether the email message is valid.

Stop, Look, and Think. Don’t be fooled.

Why are IT Consulting companies on the rise?

May 30, 2019 by securewebsite

Four Benefits of Using IT Consulting Companies In Boston

IT companies are more popular than ever, but they are also more competitive. Companies are working hard to earn the confidence of their clients, and your IT infrastructure is perhaps your most trusted asset! You don’t want to trust your system to just anyone.

What exactly are the benefits of using an IT consulting firm? You may have heard that you should hire one, but do you understand the benefits that come with such a choice?

The Top Advantages of Hiring An IT Consulting Firm For Your Business

1) Your Happy Place

If you’re like most people, you are happiest doing what you do best. You probably don’t want to deal with situations that have nothing to do with your passion. IT is no exception. Technology is useful for doing work, but it becomes a burden when you have to deal with a tech issue.

Here’s an Example

A pediatric radiologist is in the middle of helping a child figure out his stomach problems. He is using a screen is helping him go over a care plan with his patient. The screen breaks down and he now needs to take time out to figure out the problem.

He does not have time for that!

He needs someone who can come in and take care of the problem without it interrupting his conversation with the family.

This is exactly the kind of situation in which an IT firm can come in handy. Their staff can figure out the problem immediately and fix it with minimal downtime, and all without burdening the doctor.

2) The Power

A well-connected company with a strong IT infrastructure usually has more power and influence. Take away a well-oiled IT network, and the business will struggle.

Take back your power! Remember that outsourced IT services are cheaper and faster to use. They are only focused solely on your IT success. They can scale your IT network according to your goals and ambitions, and respond when any part of your system is down.

3) The Seconds Tick Away

Did you know that a few seconds of downtime can have a tremendous impact on your business, especially if you are a small company? That five seconds you lose when the power goes out could cost you hundreds of dollars. That is why you need an IT company to help manage your systems. They can take care of a problem before it arises.

Customers will go to somewhere else if they feel your company has too much downtime. They will abandon a purchase if your Internet connection is slow or if your website is down. This could cause you to lose thousands of dollars in sales!

4) The Internal Costs

Did you know you are wasting money on hiring one hundred people when you could make do with ten? IT outsourcing helps to control the internal costs so you know exactly how you are spending your money. IT services also help you to control the size of your staff. Some companies, especially small ones, do not typically need a lot of people to handle their daily routines.

Dennis: “You could run this whole department with minimal staff for up to three days. Do you think that kind of automation comes easy or cheap? Do you know anyone who can network eight connection lines and debug two million lines of code for what I bid for this job? If you can, I would love to see them try!” Jurassic Park, 1992

Do you want to save on internal costs? Work with minimal staff and use an IT firm to manage your technology. Visit oramboston.com for more information.

Why You Probably Need to Outsource Your IT

May 30, 2019 by securewebsite

In today’s competitive world, it is more important than ever that businesses to use their available resources efficiently. You need to hire the most qualified professionals for your enterprise, engage in best business practices, and develop operations solutions so you can stay on top of your goals.

An effective development team includes IT support services, human resources, and project development. Each department has its own role to play, but together, they work towards a common goal.

All this being said, why should you outsource your IT support instead of getting one in-house?

Why IT Outsourcing?

IT support services are important for ensuring the smooth function of your IT infrastructure. Your business’ entire development team depends on the proper functioning of your computer systems, network, cloud storage, and website. It doesn’t matter whether you are a small or large-scale business. You always face two options: 1) You can set up a new IT department or 2) You can opt for IT Outsourcing.

IT outsourcing has some obvious advantages over hiring an entire IT department. Here are just a few.

Efficient

Outsourcing the IT needs of your business is a cost and time efficient option. All you have to do is thoroughly research potential service providers and choose one with an excellent reputation. Then, turn over the reins!

2. The Experience Factor

A reputed service provider of hospitality IT solutions or medical IT solutions will always a team of experts working for them. Setting up an IT team with the same level of expertise will take significant time and money, especially if you are a small business.

3. Targeted Focus

Once you know that your IT support services are in good hands, you can focus on what’s most important: your customers. This will increase the overall client experience and expand your exposure!