Small Business

This Week in Breach: Dunkin Donuts

February 21, 2019 by securewebsite

Dunkin’ Donuts: One of the world’s leading baked goods and coffee chains

Risk to Small Business: Severe: On February 12th, Dunkin’ Donuts announced that it suffered a credential stuffing attack back in January. This news comes just a few months after the company fell victim to a similar attack on October 31, 2018. As we’ve covered before, hackers employ credential stuffing attacks by leveraging previously leaked usernames and passwords to access user accounts. In this case, they were able to breach DD Perks rewards accounts and are putting them up for sale on Dark Web forums. Aside for the “double whammy” of two attacks within a short time-frame, loyal customers who have lost their rewards will likely bring their business elsewhere.

Individual Risk: Moderate: The exposed accounts contain personal information such as first and last names, email addresses, 16-digit account numbers, and QR codes. Although the accounts have been put up for sale so that buyers on the Dark Web can cash out on reward points, they can also use credentials to orchestrate further cyberattacks.

Customers Impacted: 12,000

How it Could Affect Your Customers’ Business: The trend of credential stuffing is only the first wave resulting from billions of recently leaked usernames and passwords. Companies that experience similar attacks on user accounts will be held liable, regardless of whether they are the source of the breach. To protect from future attacks, businesses must team up with security providers to ensure state-of-the-art password protection and Dark Web monitoring.

Read more

In Other News: MyFitnessPal and CoffeeMeetsBagel data go for sale on the Dark Web

After the breach of MyFitnessPal last year involving 150M user accounts, the data has finally been packaged up along with stolen credentials from 15 other websites to be sold on the Dark Web. The asking price? Less than $20,000 in Bitcoin.Other websites included are CoffeeMeetsBagel, Dubsmash, MyHeritage, ShareThis, HauteLook, Animoto, EyeEm, 8fit, Whitepages, Fotolog, 500px, Armor Games, BookMate, Artsy, and DataCamp. In total, 617 million compromised records are involved.

Cybercriminals can combine such databases to find users who are recycling passwords across multiple sites, allowing them to hack into valuable accounts that can be leveraged for fraud. By investing in solutions that can consistently monitor the Dark Web, companies can quickly understand how hackers are planning to use exposed information and implement cybersecurity safeguards.

Read more

The Modern Office and End User Support: What it is and how it can help your business

February 21, 2019 by securewebsite

End-user support is an information technology (IT) term that is often used in business yet many people don’t understand what all it entails. Furthermore, business leaders don’t know how end user support can improve the productivity of their company. Here we take a look at what end-user support is and how it can keep your business moving forward.

What is an End User?
First, we must tackle what an end user is. Anyone who uses a particular product or program, typically your employees, is an end user. Think about the desktops, laptops, tablets, software, and even cell phones used by your employees to conduct business and fulfill their duties. They are the end users of your business IT.

Why Might End Users Need Support?
Whenever a new employee is onboarded, they need to be made a user so they can access the hardware, programs, and information within a company so they may perform their work. This means they need to be set up with a company email, account access, file access, and cybersecurity training that is specific to your organization.

In addition, employees will sometimes have trouble using the hardware and programs your business has purchased in order to operate. That can mean a computer with a virus, a laptop attacked by malware, or simply a program missing a necessary patch or update. While your employees may be great at what they do, not everyone is an IT expert. They may need help addressing issues from configuration to spam filtering in their business email.

Whether you have a small company without an IT department of its own or your business is a large one with an IT department is overwhelmed, these issues all must be addressed. When new employees are waiting to be onboarded or existing employees have hit the proverbial IT wall, they cannot work until these issues are resolved. That means downtime and a loss of productivity which negatively impacts your organization’s bottom line. That’s where outsourcing to IT specialists like those at ORAM can really assist your company.

What Does End User Support Look Like?
End-user support is about providing immediate, ongoing assistance whenever your employees need IT help. Think about having all email, account access, and training ready for new employees the minute they walk in the door on their first day. Imagine running into a snag with your email and being able to simply pick up the phone to fix the problem right away. Consider never having to worry about program updates or patches because they are applied automatically before you even get to the office. All of these very real IT issues are covered by end-user support.

The goal of end-user support is to provide businesses with the “modern office.” That means keeping end users productive and moving at all times. The question then becomes how does end-user support keep your business moving? In football terms, end-user support is like a lineman running in front of a running back to keep him protected and clear the path so he can do his job of advancing the ball. End-user support ensures issues with security, network connectivity, and active threats are held at bay. It also ensures your network is as reliable as possible, keeps up with patches, and hardware needs are covered.

With end-user support, your employees will have the tools to be continuously productive with little to no downtime. In addition, you will have the security of knowing those tools are also being used in a responsible, compliant, and efficient manner. Regardless of the size of your business, end-user support can help you manage your ongoing IT needs without sacrificing uptime, connectivity, or cost. Depending on which IT company you work with, your end user support may include:

• Antivirus Management and Support
• Configuration Services
• Hardware and O/S Maintenance
• Performance Monitoring
• Mobile Device Support
• Patch and Update Management
• Onsite Desktop and Laptop Support Services
• Incident Management and Resolution
• Priority Response Level and Problem Management
• Self-Service Knowledge Base
• User Account Administration
• Policy Management
• Email Content and Spam Filtering
• Encryption Services

Who Offers End User Support?
End-user support can be handled internally by your IT employee(s) if you have them and they aren’t completely overwhelmed themselves. The other option is to outsource your IT needs to a company like ORAM Corporate Advisors. Such IT professionals can work in tandem with your existing IT employees or can work in place of hiring your own IT staff.

Without the cost of hiring internal IT staff or additional staff, your network can be secure and running efficiently at all times through end user support. You won’t have to pay for support until you need it and help requests can be managed and resolved quickly and easily. Your business will also have all of the tools it needs to be continuously productive while achieving regulatory compliance.

If you need more information about end-user support, please contact ORAM anytime at (617) 933-5060. We can even schedule a free initial consultation to review your end user support needs. Our IT specialists are always available to answer your questions and help you when your business needs it most.

Scam of the Week: Watch out for Tech Support Scams

February 20, 2019 by securewebsite

Nowadays, you should be on high alert whenever you’re browsing the web. The cyber scammers are counting on you to have an average (or below-average) level of knowledge about cybersecurity threats so they can trick you into downloading malicious applications.

The attack usually goes like this: First, you receive a fake Windows Alert pop-up message claiming “Your PC might be infected” and to “click OK to do a quick 10-second scan”.

When you click OK, a very realistic-looking–but very fake–”system scan” runs within your browser. The scan looks almost identical to your antivirus software’s real system scans.

Once the “scan” ends, you’re told that your PC is indeed infected and that you need to download and install an update to the antivirus software. Don’t do it! This “update” is actually an unwanted application that will install onto your computer.

Consider the following to protect yourself from this type of scam:

Never trust internet pop-ups. They often use scare tactics to get you to call a number for tech support or download an application to “fix” the problem.
Go to your IT administrator (if at work) or a reputable computer repair company (if at home) if you think something is wrong with your computer.

Stay safe out there!

Stop, Look, and Think. Don’t be fooled.

This Week in Breach

February 15, 2019 by securewebsite

Trakt: Media service for “scrobbling,” or tracking movies and shows watched online

Risk to Small Business: Severe: The California-based media platform emailed its customers notifying them of a breach that took place over 4 years ago, in December of 2014. In their statement, they claimed that they only recently discovered the breach, and took steps to mitigate it since. Payment information was not disclosed, but usernames, emails, passwords, names, and locations were. The investigation is ongoing, but the only risk at this point seems to be that of customer attrition.

Individual Risk: Moderate: The company seems to have inadvertently mitigated the breach, migrating to a more secure version of its website in January 2015. However, users that have recycled passwords between accounts should be wary.

How it Could Affect Your Customers’ Business: Even without involving payment data, breaches that trace back multiple years can unnerve end-users into deleting their accounts forever. When they receive an email notifying them that a breach from 2014 was just now discovered, they are likely to weigh other options or stop using the service entirely. In a world where competition is cutthroat and the customer has more information and choices at their fingertips than ever before, businesses must do everything in their power to retain and build trust.

————————————————————————————————————

In Other News:

How to save your IT system from its own users: Zero Trust Browsing

2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019? It’s shaping up to be the Year of Phishing.

Historically, we’ve labeled phishing as a nuisance that only a select few fall for. However, the increasing sophistication of social engineering, along with a gradual evolution of phishing techniques, have leveled the game. For example, hackers have realized the importance we place on SSL certification, and have found ways to exploit it in order to give us a false sense of reassurance. Browsers such as Edge, Chrome, and Firefox have created advanced filtering techniques, but they are still unable to identify 10-25% of phishing sites…

Read more

Scam of the Week: Watch out for Malicious “Love You” Malware

February 13, 2019 by securewebsite

The bad guys always use holidays to their advantage, and Valentine’s Day is no exception. They’re now sending malware to your inbox with love.

Cybercriminals are sending Valentine-themed spam emails containing malicious attachments. They’re attempting to trick you and steal your attention with subject lines like: “My love letter for you” and “Always thinking about you”.

Within the email, they’ve included a zipped file that has a title beginning with “Love_you_” and when you open or double click on the file, multiple types of malware will be downloaded to your system.

Remember the following to avoid falling victim to these types of scams:

Check the sender of the email. Even if it is coming from someone you know, their email address could be spoofed.
Before opening any attachments that appear to be coming from someone you know, give that person a phone call and make sure they intended to share it with you.

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: Houzz

February 8, 2019 by securewebsite

Houzz: Home improvement and interior decorating startup.

Risk to Small Business: Severe: On Friday, the company issued a notice to customers stating that an “unauthorized third party” had accessed user data including usernames, passwords, and IP addresses. Although financial information was not exposed, Houzz became aware of the breach in in late December of 2018, yet the investigation is still ongoing and it is still not clear how many users were impacted.

Individual Risk: Severe: When combined with the internal data that was compromised, public information such as first and last name, city, state, country, profile description, can be packaged together to sell on the Dark Web and commit cyber fraud. Additionally, users who logged into the app via Facebook would have their IDs exposed as well.

Customers Impacted:To be determined

How it Could Affect You: In the event that an organization has to disclose a breach to its users, it is essential to be clear on “who, what, when, and where”. Even though Houzz discovered the leak in late December of 2018 and was compelled to disclose in a timely manner in accordance with new GDPR laws, they are still unsure on the number of users impacted or the origin of the cyberattack. Aside from dispelling vigilant customers who want to protect their data going forward, the incident may trigger fines to be levied.