Security | Tech Sentries

Ransomware, Security

We already know what we think when our digital technology has been compromised by some &^%#$* hacker and her (yes, her!) virus, malware, ransomware, or phishing expedition. We get frustrated and downright angry. Have you ever wondered, what the hacker was thinking or what motivated her? We thought it might help to understand.

A recent report published by Government CIO indicated that,

“Most cyber criminals are motivated by the commission of a crime. It is a psychological issue that defines them as people with some super traits that cause antisocial behavior. Possibly, these people suffer from one or more forms of psychological disorders that seek to gain recognition or personal gain from illegal activities.

Other personality traits exhibited by the cyber criminals include “self-centeredness, grandiosity, callousness, and lack of remorse or empathy for others coupled with a charismatic, charming, and manipulative superficiality.”

Does that give you a warm, fuzzy feeling? We didn’t think so. Perhaps this will help. In late 2016 Digital Endpoint described eight common types of hackers along with some insights into what motives them.

TYPE	PERSONA	MOTIVATION
White Hat	Good guys	Companies employ them to test software, websites, and systems from criminal hackers.
Black Hat	Guns for hire	They get paid for stealing information by the people who want that information. They don’t care about the information per se.
Grey Hat	Wolves in sheep’s clothing	They test systems, but without permission. When they find a weakness, they try to sell their findings to their victims for a price.
Script Kiddies	Trainees	They use packaged software to disrupt systems and establish a reputation in the hacking community.
Hactivists	Protesters	They are employed by governments to gain information and/or attack foreign entities.
State Sponsored	Warriors	They hack to harass, expose, and exact revenge on entities to which they are opposed.
Corporate Spies	Corporate Spies	Corporate spies have existed for years. The internet and digital technology are just new tools.
Cyber Terrorists	Terrorists	They want to “spread fear and create chaos … by causing unrest.”

Did we mention that some hackers are women? Watch this video. It will give you even more insight in what in the world hackers are thinking.

Guarding your technology takes an awareness of potential dangers and a few, common-sense steps to ensure the safety of your data and devices, not the least of which is having regularly-scheduled system and software audits by digital security professionals.

29Aug2017

Did You Know that Digital Hygiene Can Reduce Cyber Breaches?

August 29, 2017

Digital hygiene? What’s that?

Digital hygiene is a lot like dental hygiene. A dental hygiene regimen helps to protect our teeth and gums from bacteria, infection, and decay. A digital hygiene regimen is necessary to protect our technology and information against infection from viruses, malware, hacking, phishing and other cyber attacks.

Cyber attacks are just about as stealthy as dental attacks. Most often we don’t realize that we have developed a cavity until it is already too late. The same is true with cyber infections. The best hygiene in either the dental or the digital world is preventive. A 2015 report by Verizon revealed that most cyber attacks are not carried out by a full frontal hacking of a device, but rather by manipulating the humans that operate them.

Digital hygiene requires continual, proactive care.

Just as routine dental hygiene involves care at home and checkups by a professional, so, too, does digital hygiene. Here are 10 important steps we recommend to keep your technology safe.

Be extra careful when asked for personal information in response to emails, phone calls (cell phones are technology too), or web pages. It’s not that sharing is, itself a bad thing. Just be super cautious about what you share and with whom you share it.
Do not respond to online or on-phone demands to run a particular software on your computer.
Do not be afraid of specific online threats of “account closure, disciplinary action, or arrest.” Legitimate businesses do not usually threaten people.
Ensure that all of your software is up to date. You can set your devices to update automatically. (If you are not sure if you should or how you can exercise this option, give us a call at 843-282-2222. We will be happy to help.)
Avoid visiting “suspicious” websites or installing “suspicious” programs.
Think carefully about identifying your location on your mobile devices.
Create strong passwords on all devices – including your cell phone.
Think twice before clicking on attachments or links.
Strengthen your security with two-step verification for access. Click on this link to learn how to use Google account two-step verification. (Did you think twice before clicking on the link?)
Have a regular digital hygiene checkup.

Guarding your technology is best done with regular digital hygiene. It just takes an awareness of potential dangers and taking a few, common-sense steps to ensure the safety of your data and devices.

25Aug2017

You Are Most Exposed to Cyber Threats When You Think You Are Not a Target

August 25, 2017

Back in the last decade of the 20^th century, an entrepreneur in Orlando proudly, publicly stated that his business was too small to be a target. Granted, he wasn’t talking about cyber threats, but he was talking about other threats to the security of his business.

He was wrong. Within a matter of months after he boldly blurted out what he believed to be true, his company was the target of litigious attack from a German-based company with over 300,000 employees and annual revenue in excess of $80 billion.

Lesson learned: The size of your business does not exempt it from attack.

This applies, in particular, today when it comes to small businesses and cyber threats. As a recent article in CIO magazine put it, “Believing that their security program is good enough means there’s a good chance they’ll be breached.” The article was addressing small business owners.

Think You Are Immune from Cyber Threats?

Think again. The CIO article described the lack of small business ownership with cyber security issues was akin to them being in a time warp compared to Fortune 100 enterprises. In fact, small business owners should consider these documented facts.

“95 percent of IT professionals at small businesses believe their cyber security posture is above average. However, 100 percent of the same respondents also said they could improve their ”
Small businesses are the victims of a whopping 4,000 cyber attacks per day.
- That’s more than 120,000 per month.
- That’s nearly 1.5 million attacks per year.
75 percent of all U.S. companies have experienced some form of cybersecurity breach in the 12 months from April 2016 to March 2017.
SMBs are the target of 62 percent of all cyber-attacks.
“60 percent of small businesses are unable to sustain their businesses” for more than six months following an attack.

If you think that last statistic is because those businesses aren’t as well operated as yours, this statistic should put it in a more worrisome perspective. The average cost of a single data breach is $225 per record lost or stolen. For small businesses, the average price of recovery from a cyber-attack is $690,000. (Fast Math: ≈ 3,000 records x $225/record)

Our objective is not to scare you. It is to warn you. When it comes to being the target of a cyber threat, size doesn’t seem to matter.

Guarding your technology does not have to involve elaborate evasive tactics. It just takes an awareness of potential dangers and taking a few, common-sense steps to ensure the safety of your data and devices.

16Aug2017

Internet Security on the Go . . . Going, Gone

August 16, 2017

Carrying a laptop, notebook, or other mobile device wherever one goes is so commonplace now that even kids in the backseat have Wi-Fi access to the internet over the river and through the woods to Grandmother’s house. Before you point a finger at the kids, just remember, you started it – and you are carrying your device wherever you go, too.

Because you do, because you need to guard your technology, and because we care, here are a few tips for ensuring your internet security when you are on the go, before your personal information is going, going, gone.

Avoid Public Charging Stations

But, they are so-o-o convenient! Exactly – and therein lies the rub. They are so convenient that they are an attractive, ubiquitous, and convenient tool for hackers. As soon as you plug into the USB port your device and all the data on it is conveniently accessible. For hackers, the practice of Juice Jacking is like taking candy from a baby. Carrying your own portable charger if you expect to need to juice up on the go.

Create and Use a Virtual Private Network

The operative word here is “private.” Your VPN virtually guards your technology while using publicly shared networks. Think of your network as a wire insulated to keep it protected from all of the other wires in the same conduit.

Disable Shared Settings

Don’t leave home without doing this: turn off all sharing enabled on each device accompanying you on the trip. You probably locked the doors to your house when you departed, unless you like to keep them open just in case anyone wants to use it while you are gone. Lock the doors; turn off sharing.

Ethernet as a Business Essential

Your business data and technology is too valuable to expose it to public Wi-Fi access. Avoid Wi-Fi by having a business ethernet, ethernet-enabled mobile devices, and traveling with an ethernet port.

Beware of Bluetooth

You don’t need to worry about Blackbeard pirating your information via Bluetooth, but there are plenty of others who are ready and willing to grab the bounty on your business devices when you least expect it. It’s Bluetooth. It must be secure. Not.

Guarding your technology does not have to involve elaborate evasive tactics. It just takes an awareness of potential dangers and taking a few, common sense steps to ensure the safety of your data and devices.

6Aug2017

Why BYOD Makes a Case for Whitelisting

August 6, 2017

Twenty years ago, no one would have imagined employees bringing their computers to work. In fact, twenty years ago, having a company-owned PC on an employee’s desk was considered a status symbol in some companies.

Today, the average person’s cell phone has more technology inside that NASA used to land our astronauts on the moon. What is more, 98% of mobile device users keep their devices within reach 100% of the time – from the bathroom to the boardroom. That’s a lot of technology in the hands of people who are not rocket scientists.

BYOD Makes a Strong Case for Whitelisting

While, on the one hand, employees and companies alike embrace the concept of Bring Your Own Device, it is not without its inherent dangers.

When people bring their own device, any amount a company saves in CapEx for computer hardware, as a result, may potentially be lost by a failure to manage those devices in the workplace.

Advice from INFOSEC

As far back as 2012, the INFOSEC Institute warned businesses about the rising tide of changes that a BYOD culture would generate related to guarding the businesses’ technology. Among their recommendations was:

Know who can access your company network and data remotely.
Know how your employees’ devices are configured.
Clearly communicate your BYOD policies.
Audit BYOD activities on a regular basis.
Ensure that employee devices are compliant with your IT security policies and government regulations.
Control the apps.

Control the Apps

Managing the apps is where whitelisting comes into play. Several of our recent blog posts have addressed the wisdom of whitelisting, including the most recent, “From Whitelisting to Dynamic Whitelisting,” so we do not need to cover that ground again. However, we want to raise your awareness of the efficacy of implementing whitelisting if your business allows a BYOD practice.

We recommend whitelisting to protect both your system, if accessible by employee devices, and to protect their devices as well. You know what they say, “One bad app can spoil the whole bunch.”

12Dec2016

Protecting Yourself From Email Scams During The Holidays

December 12, 2016

Myrtle Beach Scam, Myrtle Beach scammer, Scam in Myrtle Beach, Scam Myrtle Beach Security

Fraud Alert Myrtle Beach

During the holidays, it’s extra important to be aware of email scams as you’re sending and receiving your holiday gifts and packages. One of the more common scams during this season are the fake delivery notices that you have a package waiting. Consumers are once again reporting this scam at an alarming rate so we wanted to help you be aware of what it is and what it looks like

What Does This Email Scam Look Like?

The scam works like this: An email is sent by the scammers with the subject line reading something like “Delivery Failure From USPS.” There will be a link to click on to find out why your package wasn’t able to be delivered. As soon as you click on that link, you’ve opened up your computer for the virus. Some of the lingo used might look something like this:

USPS.com

You have a package that your postman was unable to deliver.

Please print the label provided to you through this link and take it to your nearest post office to retrieve your package.

NEVER CLICK ON THE LINK!

Clicking on links associated with these email scams can open up a host of issues. The biggest risk is downloading a virus to your hard drive. This allows your sensitive information to become exposed and easily stolen. Scammers would have access to your passwords, credit card info and other financial data.

Often, malicious ransomware and malware infect your computer without you ever even knowing it. Once you attempt to sign into various accounts online, the email scammers will use a mirroring program to record your actions and they will use that to steal every bit of personal information they can get their hands on.

It isn’t just the post office dealing with these scams—UPS and FedEx also have fallen prey to hackers and scammers. The scary part is the scammers will use official looking logos and websites to make themselves look legit. You will receive notices that look completely official from the shipping companies, making it hard to know when you are dealing with an email scam.

Protecting Yourself

Stay aware! If you get emails that you don’t think you should be getting from either the post office or a major shipping company, do not click links within that email! Even though you may be waiting on a package, it’s better to deal with the company directly, rather than risking a virus by clicking on a link.

Be on the lookout for any phone calls claiming to be employees of any of these agencies. If you are called and asked for sensitive information, never provide that info until you know for sure who you are dealing with!

Look for obvious errors in grammar and spelling on any emails or other communication. It’s usually a dead give-away that you’re dealing with an email scammer.

Never answer texts you aren’t sure about. This, too, can open you up for email scams.

You can never be too careful when it comes to your personal information this holiday season! It’s ok to be suspicious of any text, email or phone call that you aren’t sure about. If you are expecting a package, always deal directly with the shipping company!

For more information on how to protect yourself from email scammers during the holidays, call us today at Tech Sentries! Our number is 843-282-2222.

Remember “Think Before You Click!”

9Dec2016

Which Generation Is More Likely To Fall Victim To Online Scammers?

December 9, 2016

Myrtle Beach online scammers, Myrtle Beach Scammers, Scammers in Myrtle Beach, Scammers Myrtle Beach Security

Scammers Myrtle Beach Did you know that elderly people aren’t necessarily the most likely to be scammed online? Well, the Better Business Bureau issued a report stating that its Millennials and Generation X’ers who are the most likely to be a victim of scammers. The reason? The elderly population are far more likely to actually report the incident of a scam before financial loss occurs. In fact, over 90% of them will report it sooner than the younger generation. Even though Millennials and Generation X’ers are far more tech savvy, they are far slower to report being scammed, making them much more likely to lose money as a result.

Oddly enough, many of these younger people never reported the scam activity because they never actually believed they were really a victim. Even though they may feel they are immune to malware attacks and other scammers, none of us are immune to it. Staying aware and being informed is your best defense, no matter how old you are! Knowledge is power when it comes to protecting yourself against online scams. If you fail to report being scammed in a timely manner, your chances of suffering a financial loss will increase dramatically! The elderly population seem to know this.

One other important factor worth noting is that the individual’s online activity can play into becoming a victim of scams. This is because of online shopping and other retail websites visited by younger people. Individuals under the age of 45 tend to shop online much more than the older generation, thereby making them more susceptible to online scammers and malware.

The bottom line for a take-away lesson here is to always be aware of the fact that you are as much at risk for being scammed as anyone else. If you are solicited to spend money, sign up for various websites and their services, or even asked to click on a link you receive in your email, STOP and THINK before you click anything! Make sure that you are spending only in secure websites with secure methods of payments. If you have any questions about what you are seeing, call the BBB and ask them to verify the site or company before you spend any money or click any links that could cost you dearly!

While it is possible to recover a financial loss, it’s very difficult if it is not reported immediately! To get the absolute best protection, call Tech Sentries today! We can apply the best application whitelisting technology which will block unsafe or unwanted programs from ever opening. Let us show you how easy it is to be protected so you can keep your mind on the things that matter most to you!

7Nov2016

Just Give Me Your Personal Information and Everything Will Be Fine

November 7, 2016

Myrtle Beach Scam, Myrtle Beach scammer, Scam in Myrtle Beach, Scam Myrtle Beach Security

A woman visiting a Myrtle Beach resort recently report a scam in which her credit card was charged close to $2,000 – in California!

The scam is neither new nor localized. In 2015 a Memphis hotel guest fell for the same scam and soon discovered $1,000 in unauthorized charges on his card.

Information, Please

Personal Information Myrtle Beach

The scam is simple. The scammer calls the hotel room and identifies themselves as “so and so and the front desk.” He or she goes on to explain that the hotel’s credit card system has crashed or that there was a minor problem with their credit card when they registered. All they need is to read your credit card information to them again over the phone.

The problem is that the call did not originate at the front desk. In fact, it could originate from nearly anywhere, as long as the caller sounds sincere.

Don’t Think You’d Fall for That? Think Again.

What if you were doing research on the internet and a window pops up on a website indicating that the information you want is a “secure file” or “protected document?” It’s not a problem. All you need to do is provide the requested personal information and you will be given access to the file.

Same scam. Different playground. Fooled you! Whether it is done on the phone or on the internet, the scammers are phishing, and you have taken the bait, hook, line, and sinker.

Be Smarter Than the Scammers

A simple rule: Never give out your personal information. The tighter you hold onto it, the less likely it is to be stolen.

A simple question: Was your information really stolen? Or, did you voluntarily give it away.

A simple strategy: THINK before you give out your personal information. It’s nice to be nice and cooperative, but it’s stupid to be stupid and cooperative.

A simple precaution: If you receive an email that asks you to view a secure or protected document by clicking a link, delete the email. Do not open. Do not pass Go. Do not lose $200.00 (or more).

For more information, please call Tech Sentries at 843-282-2222.

22Sep2016

Just When You Thought It Was Safe…

September 22, 2016