Simple Security

Online security is a major issue for businesses of all sizes. The good news is that there are IT tools that can give you peace of mind if a security threat arises. They can prevent and stop the threat quickly, providing a great return on investment for your managed IT Services.

Are You Safe?

Some recent famous security breaches you might be familiar with are Facebook, Equifax, eBay, Apple, Panera Bread, Target, Home Depot, Yahoo! and Blue Cross Blue Shield. These breaches resulted in exposing the private data of millions of people to hackers. Athough you may only hear about these breaches happening to larger companies, the risk is high for smaller businesses, too.

Who Is a Target?

The Verizon Data Breach Investigations Report revealed that 61 percent of cyber-attacks in 2017 were targeted at smaller businesses.

Hackers can use a variety of tactics to gain access to a business’s private data or information. According to the study, more than 50 percent of breaches included malware, 81 percent of hacking-related breaches were from leveraging stolen and/or weak passwords, and 43 percent were social attacks.

The majority of malware was installed via malicious email attachments and were financially motivated. About 25 percent were related to espionage, discovered by third parties.

Can My Business Be Safe?

There are many easy and affordable steps a small business owner can and should take to lower the risk for online threats. Here are five of them:

  1. Insist on complex and unique passwords  This is the easiest way to prevent your business from being hacked. Have all employees use secure passwords, update them every 90 days and secure them in a safe password keeper.
  2. Use anti-virus and email anti-spam  Anti-virus is software designed to detect and destroy computer viruses. Anti-spam manages and filters unsafe emails from unwanted and blacklisted senders.
  3. Make sure you have a firewall  A firewall helps secure and monitor traffic in and out of your network.
  4. Create a backup  Storing and protecting your data from unauthorized access is important and can prevent a long-term data loss disaster.
  5. Educate all employees  Phishing is the most common form of email hacking and malware installation that can reveal personal and business information. It’s important to educate yourself and your employees from exposing private information to malicious cybercriminals.

To get a comprehensive breakdown of easy-to-implement IT essentials to protect your business from online threats, download The Purple Guys’ free resource, Simple Security—5 Easy Ways at https://goo.gl/8m4n4e

INFO-TEK is the highest-rated outsourced IT support department for small to midsized businesses in the Greater Kansas City Area, holding a 97.3 percent customer satisfaction rate. We’re on the front lines of managing our customers’ security through our 24/7 monitoring services, and we’d be happy to talk with you about your IT needs. 816-914-8826

Posted in Uncategorized | Leave a comment

How To Protect Yourself From a Future Email Attack

Whether you’ve been hacked or not, everyone can take stronger efforts to protect their accounts. In the modern age, it’s no longer if you get hacked – it’s when. There are measures you can take, however to make it more difficult for hackers to gain control of your accounts. Follow these steps to keep your data and identity safe online.

Use Secure Passwords
Change your passwords on all accounts frequently, and they need to be strong, with at least 12 characters, including numbers, letters, special characters. Avoid any common information about you, or things that could be learned from your Facebook account, like address, kids’ names, pets’ names, birthday, etc. You should have a different password for every online account you have. A unique phrase that is creative and unpredictable is best, something like, il0veTr@vel, would be a good option.

Use Multi-Factor Authentication
You can set this up on your email, Facebook, banking sites, and other accounts as well. Every time you login, you’ll be sent a unique temporary code via text or to another email account, and you’ll need to input that to access your account. Hackers would have to also take your cell phone in order to login to your accounts if you set this up, so it gives a good layer of protection.

Use Secure devices
If possible, only access online accounts from your personal computer or device, while using a secured internet connection. Avoid accessing personal accounts from public computers, which could have been infected with malware, or might use an unsecured internet connection. If you do use public computers, always log out of every account when you are finished. It’s also advised to use your phone’s cellular data if you need to access a secure account, as opposed to public internet.

Protect your financial information
Though it’s convenient to have your credit card or banking info saved on accounts or websites you use, if your account is hacked, they now have all that information. Whenever you need to enter financial information on a website, make sure it is secure, so the URL starts with “https://”—remember that the “s” is for “secure”). And always log out once you are finished.

Never open suspicious emails
If you get an email from your bank or PayPal that looks strange, don’t open it. If you’re unsure if it’s real, call the office before opening it. Hackers have been known to impersonate banks, the IRS, and more to try and get your information. If you get a weird email from a friend with a link that you weren’t expecting, don’t click it. Call them to see if they sent the email before you open it. It is best to delete spam or dubious-looking emails without opening them.

Get account alerts
Some accounts give you the option to sign up for an email or text alert when your account is accessed from a new device or unusual location. This will instantly update you if an unauthorized person is accessing your account. As a result, you’ll minimize the amount of time they have in your account. If you get a suspicious alert, change your password immediately.

For your computer & devices:

  • Update security software
  • All internet-connected software and operating systems should be updated regularly, like email programs, web browsers, and music players. Sometimes an attack could have been prevented if your system was updated to the latest security measures.
  • Install antivirus software
    If you don’t already have security software, it’s a good idea to install a firewall and antivirus software and keep them up-to-date. If you need recommendations for software, let us know. These programs will help identify threats and help you remove any malicious software. Beware of scam software that may get you to download programs that actually contain malware.

Getting your email hacked is a scary prospect, but if you know how to keep your account secure and what to do if it happens, you can minimize the impact. If you have any further questions about protecting your accounts from hackers, please contact us.

Posted in Uncategorized | Leave a comment

How to Protect Your Network and Devices From Cryptojacking

If you don’t know that your computer or server is being cryptojacked, how will you find the malware and remove it?

Unlike other forms of malware, cryptojacking doesn’t seek to disrupt your business — at least not immediately. On the contrary, its goal is to steal your processing power so that hackers can mine cryptocurrency, which the malware can accomplish only by remaining hidden as long as possible.

In May, cryptojacking viruses took the top two spots on Check Point Software Technologies’ top 10 “most wanted” malware list. Cryptojacking’s widespread success means it won’t go away any time soon. Despite its ubiquity, you’re not helpless against it. Proper preventive methods and recognizing the symptoms can help you minimize any damage. And knowing how to remove it will get you up and running again ASAP.

Am I a Target?

The short answer? Yes. For other malware such as ransomware, the “profit” depends on whether the victims chose to pay a ransom to get their data back. Only a small percentage of those infected will pay the ransom.

With cryptojacking, every system that is compromised will produce profits — a 100 percent return for the hijackers. In effect, that makes everyone a target. A small business network with 30 to 40 computers and high-speed internet access, for example, is a perfect target.

How Do I Avoid Cryptojacking / Miner Malware?

Cryptocurrency mining malware might be a new breed of cyberattack, but like any other virus, it has to get into your system before it can cause damage. It can come through a seemingly legitimate email attachment, link, or supposedly innocent website download.

If you’re running antivirus and anti-phishing software, you already have at least some level of protection. One way to strengthen your defenses is to include cryptojacking malware awareness as part of your employees’ regular training sessions. The same safety and security measures you take for all other forms of malware should apply here, too.

According to Check Point’s list, nearly 40 percent of organizations in the world have already fallen victim, so learning the warning signs is just as important as prevention itself.

How Can I Spot It?

Cryptojacking has such a high profit margin because it’s designed to hide better than other common viruses or malware. For example, you’ll know right away if your system is infected by ransomware. The malware will encrypt your data until you pay the ransom to release it. If the goal is to steal data, the malware will become obvious sooner or later.

Instead, crytpocurrency miner malware’s prime directive is to work in the background, hidden. It will force processors to max out during a device’s downtime when no one is around to see or hear it.

You won’t see the malware operating, but you can sometimes spot the symptoms if you keep a close eye on your system’s performance. If one or all of your company’s PCs are running full throttle at 2 a.m., that’s a likely indicator that something malicious is forcing them to work.

After all that processing, the malware then has to send data back to its creator — another telltale sign to look out for. If your computers are communicating with servers in Russia or China but you do business only in the States, then its worth double-checking those devices’ downtime performance to find out whether they’ve been cryptojacked.

Is My System Doomed?

Because cryptojacking malware is designed to hide, it automatically stops when someone starts working on the computer or device, but it will still have an impact on your business. Over time, the malware will wear down all of your devices’ processors, causing you to replace costly systems and forcing an increase in your utility bills. Detection can allow you to purge the malware from your devices, sometimes without your even needing to reset all of them.

As with any malware, you first have to find it to scrub it and move on. Working with a managed IT services provider can help you avoid having to reset. The team can run several advanced software scans to find every last trace of the malware on your system and strip its code. But if your system is severely infected, you might need to factory reset everything and start from scratch with your backup data.

You might not always be able to avoid a cryptojacking malware infection, but proper preventive measures and comprehensive system monitoring  can help to prepare you if that crisis does arrive.

INFO-TEK can help prepare you and your company for any cryptojacking challenges that might lie ahead. Contact us for more information on how to protect your business from those viruses.

Posted in Uncategorized | Leave a comment

Tips for using Outlook more efficiently

Outlook is arguably the best tool that businesses use to manage their email, set up meetings, and coordinate projects. It’s much more than a basic email program and includes features that help you organize your work, contacts, and business communications. Let’s take a look at a few tips you may have missed.

Clean Up your inbox
No matter inbox how meticulously organized your Outlook inbox is, there’s always room for improvement. For a little computer-assisted help, try the ‘Clean Up’ feature.

  • From your Inbox, click the Home tab and choose from Outlook’s three Clean Up options:
    • Clean Up Conversation – Reviews an email thread or a conversation and deletes redundant messages.
    • Clean Up Folder – Reviews conversations in a selected folder and deletes redundant messages.
    • Clean Up Folder & Subfolders – Reviews all messages in a selected folder and its subfolder, and deletes redundant messages in all of them.

Ignore (unnecessary) conversations
An overstuffed inbox is often caused by group conversations that aren’t relevant to you. The Ignore button helps you organize your inbox and focus on relevant emails.

  • Select a message, then click Home > Ignore > Ignore Conversation. You can also do this by opening a message in a new window and clicking Ignore under the Delete function. To recover an ignored message, go to the Deleted Items folder, and click Ignore > Stop Ignoring Conversation.

Send links instead of a file copy
Help your colleagues save storage by sending a link to a cloud version of a file instead of the file itself. This is particularly useful when sending massive files. You can also set permissions to allow recipients to edit and collaborate on linked files in real time.

  • Upload the file you wish to send on OneDrive and send it to your recipients. From the message box, click Attach File > Browse web locations > OneDrive.

Improve meetings with Skype and OneNote
Outlook allows you to combine Skype’s HD video and screen-sharing features with OneNote’s organizational and project planning functions. It’s easy:

  • Go to the Meeting tab in Outlook, then click Skype meeting and send the link to participants. After the meeting has started, select Meeting Notes (under the Meeting tab) and choose whether you want to Take notes on your own or Share notes with the meeting.

Tag contacts
To get the attention of a specific person in a group email message, use the @Mention function. This works particularly well for mails to multiple recipients or for if you simply want to convey the urgency of your message.

  • In the email body or meeting request, type the ‘@’ symbol followed by the first and last name of the person you wish to tag (e.g., @firstnamelastname).
  • To search for emails you’re tagged in, select Filter Email from the Home tab and choose Mentioned, then choose Mentioned.

These are just a few strategies for getting more out of Microsoft’s email platform. To unlock Outlook’s true potential, you need the support of certified IT professionals. Give us a call today.

Posted in Uncategorized | Leave a comment

Are hackers using your PC to mine Bitcoin?

Cryptocurrencies like Bitcoin and Monero are so popular because they’re secure and potentially worth thousands of dollars. But investors and consumers aren’t the only ones interested in them. Hackers are using malicious tactics to steal cryptocurrency, and they’re doing it with something called cryptojacking.

Hijacked hardware
Cryptojacking secretly uses your computer to calculate complex mathematical problems to generate cryptocurrency. They get inside by using phishing emails to lure victims into clicking on a link, which then runs malicious cryptomining programs on the computer. Any cryptocurrency produced then gets delivered to the hacker’s private server.

But hackers have developed an even more insidious tactic. By infecting websites with ads and plugins that run cryptojacking code, any visitor who loads the web page instantly gets infected with the malware, sending their computer’s processor into overdrive trying to generate cryptocurrency.

Unlike most malware, cryptojacking software won’t compromise your data. But it will hijack your hardware’s processing power, decreasing performance while increasing your power and cooling bills. So instead of paying for the computing power themselves, hackers can simply use thousands of compromised computers.

Surge in cryptojacking
It’s difficult to tell how much hackers are making with cryptojacking, but there’s a good chance that this type of attack will be as popular as ransomware was in 2017. In fact, for as little as $30, anyone can purchase a cryptojacking kit from the dark web to force other computers to generate Bitcoin or Monero for them.

According to several reports, even sites like The Pirate Bay, Openload, and OnlineVideoConverter are allegedly using cryptojacking exploits to diversify their revenue streams.

The biggest reason why this is becoming so popular is because it’s a low-risk, high-reward scheme. Instead of extorting money directly from the victim, hackers can secretly generate digital currencies without the victim knowing.

If it is detected, it’s also very hard to track down who initiated the attack. And since nothing was actually “stolen” (other than a portion of computing power), victims have little incentive to apprehend the culprit.

Prevention and response
To avoid cryptojacking, you need to incorporate it into your monthly security training sessions. Teach your employees to practice extra caution with unsolicited emails and suspicious links. Using ad-blocker or anti-cryptomining extensions on web browsers is also a great way to stay protected.

Beyond prevention, use network monitoring solutions to detect any unusual behavior with your computers. For example, if you notice a significant number of PCs running slower than usual, you should assume that cryptojacking is taking place.

If you’ve confirmed that it is, advise your staff to close browser tabs and update browser extensions as soon as possible.

Cryptojacking may seem less threatening than some malware we’ve discussed in the past, but it can incur real power, cooling, and performance costs to your business when several systems are compromised. To make sure you don’t end up enriching any hackers, call us today. We offer hardware solutions and cybersecurity tips to keep your business safe and sound.

Posted in Uncategorized | Leave a comment

Improve Business Productivity with Cortana

As an entrepreneur, you understand how essential time is. There is always a need to come up with new processes or search for new technology to keep your office organized. If you use Windows 10, you already have an underutilized tool right in front of you.

To take advantage of Cortana, you should enable it on your desktop first. The process is easy: Just press the Windows Key, type “cortana” and click on “Cortana settings.” From there, you can change whether it responds to your voice or get activated by a keyboard shortcut, and you can set other personal preferences.

Voice Reminders, Notes and Alarms

As soon as you enable “Hey, Cortana” on all your gadgets, you can begin using it to dictate notes, set alarms, and create reminders. Thanks to advancements in AI, Cortana should be able to recognize most natural-language requests, like “Wake me up at 9am tomorrow,” or “Remind me to pick up my dry cleaning tomorrow.”

Meanwhile, you can use it as a voice recorder during meetings instead of writing down notes. Just say, “Hey Cortana, make a new note in OneNote,” and whatever is recorded will automatically be saved to OneNote!

AI-Scheduled Meetings

With Microsoft’s new Calendar.help feature, you can issue commands to a group email chain by saying things like, “Hey Cortana, can you help us book a 30-minute call next week?”

Calendar.help will work with Cortana to contact each attendee individually, find out what times they are available, and pick the best option for the group. You would only need to email the details, including duration, agenda and location, before you cc Cortana and forward it to the people involved. At that point, Cortana will send invites and handle all email exchanges. For now the project is still in preview/beta, so you will need to sign up.

Quick Conversions and Calculations

There are times when you need to make some calculations, but Googling or using your phone’s calculator just takes too much time. Cortana can answer complicated math problems, even if they are stated in plain language. What’s more, Cortana is able to convert temperature, time zone, weight, and volume.

Cortana will not only improve your business processes, but also help create a more relaxed workplace. And when employees are less stressed, everyone experiences more rewarding workdays.

We’re experts in traditional office IT, but we’re also pretty savvy with exciting new tools like Cortana. Send us a message today to learn more tips on improving productivity in your workplace.

Posted in Uncategorized | Leave a comment

Hackers exploit vulnerable Office feature

As the world’s most popular productivity suite, Microsoft Office tends to receive much attention from cybercriminals. Generally, hackers embed malware in authentic Office files to trick users into unleashing it onto their machines. However, the most recent exploit proves to be much more dangerous than any Office hack we’ve seen.

What’s the new Office threat?
The Office exploit takes advantage of Microsoft’s Dynamic Data Exchange (DDE), a protocol that sends messages and data between applications. For example, DDE can be used to automatically update a table in a Word document with data collected in an Excel spreadsheet.

The problem with this is hackers can create DDE-enabled documents that link to malicious sources rather than to other Office apps. Theoretically, this allows hackers to launch scripts that download Trojan viruses from the internet and execute it before the user is even aware of the attack.

And unlike most malware-embedded Office files, which are usually blocked by security protocols from Microsoft, DDE exploits are instant. Once a compromised Word file is opened, it automatically executes the hack.

Outlook at risk
What’s even more alarming are the DDE vulnerabilities in Outlook. Recent reports found that hackers can embed malicious code in the body of an email or calendar invite, allowing them to perform phishing scams without a file attachment.

Fortunately, Outlook DDE attacks are not as automated as Word or Excel DDE attacks. Two dialog boxes will usually appear when you open the email asking if you want to update a document with data from linked files and start a specific application. Simply clicking ‘No’ on either of these boxes will stop the attack from executing.

Defending against DDE attacks
Beyond saying no, you can protect yourself by following these security best practices:

  • Evaluate the authenticity of unsolicited emails before interacting with them and don’t open attachments from unfamiliar contacts.
  • View emails in plain text format to completely stop DDE attacks embedded directly in emails from running. Note that this will also disable all original formatting, colors, images, and buttons.
  • Use a strong email security system that prevents phishing emails, spam, and other unwanted messages from reaching your inbox.
  • Get in the habit of checking for Microsoft updates, as they’re usually quick to release patches after vulnerabilities have been discovered.

Last but not least, consider working with our team. We’re Microsoft Office experts who can keep you safe from the latest threats. Call us today to get started!

Posted in Uncategorized | Leave a comment