by Felicien | Apr 12, 2020 | Education
How to Protect Your Business From the Surge in Phishing Websites
Look at the spike in phishing websites during the coronavirus. Learn how cybercriminals are leveraging the pandemic. Find out how to protect your business.
As the entire world is worrying about the coronavirus, cybercriminals are taking advantage of the global crisis to line their pockets. Google reports that there has been a 350% increase in phishing websites in the last two months alone. This threat is genuine, and you need to take steps to protect yourself, your business, and your data.
What Is a Phishing Website?
Phishing websites are designed to steal your information, but they can work in a variety of different ways. For instance, a cybercriminal may make a website that looks like your bank site. You think the site is real so you enter your username and password, and then, the criminals have everything they need to access your account.
Similarly, a phishing website may look like it’s for a charity helping people with the coronavirus. Still, in fact, it’s just a scam designed to steal money and credit card information. In some cases, phishing websites download malicious files to your computer when you visit them — once executed, these files may encrypt your data until you pay a ransom, copy all your keystrokes, or steal information from your computer in other ways.
Rise in Phishing Websites During the Coronavirus
In January, Google reported that it knew of 149,000 active phishing websites. By February, the number almost doubled to 293,000. As the virus began to take hold in the United States in March, the number increased to 522,000. That’s a 350% increase since January.
During the coronavirus, the most significant increases in phishing sites have happened during the most stressful times. The most significant day-over-day increase occurred on March 21st, the day after New York, Illinois, and Connecticut told their residents to shelter in place. The second-biggest increase? March 11th, the day the World Health Organization declared the virus as a pandemic. Both of these days saw about a threefold increase.
Unfortunately, no one is immune — one survey indicates that 22% of Americans say they have been targeted by cybercrime related to COVID-19.
Critical Strategies for Protecting Yourself From Phishing Websites
To protect yourself and your business from phishing websites, you need to take a multi-pronged approach. Keep these essential practices in mind:
Educate your employees about the risks of phishing websites. Send out a newsletter, set up a training session over videoconferencing, or find another way to talk with your employees about how to protect your business from phishing attacks.
Don’t click on links in emails from unknown senders. A lot of cybercriminals use phishing emails to direct users to their sites. If the email appears to be from someone you know, double-check the sender, and consider reaching out to them directly before clicking on any links.
Invest in quality cybersecurity tools that block malicious websites, prevent your computers from executing approved applications, or protect your network in other ways.
Be aware of the signs of a phishing website. These may include misspelled names of companies or charity organizations or forms that ask for information you usually don’t provide. For instance, a phishing website trying to steal your bank details may ask for your username, password, and PIN, while your bank’s actual website only requests your username and password.
Advise your team to be selective about the websites they visit. Ideally, if they are searching for information on the virus or trying to donate, they should go to sites that they know and trust, rather than going to unknown websites.
Work with a cybersecurity specialist. They can help you safeguard your network, which ultimately protects your money, your data, your business, and your reputation.
To stay as safe as possible from cybercrime during the coronavirus, you need to be aware of the heightened risks. If your team is working remotely, your network is likely to be even more vulnerable than usual.
To get help, reach out to a cybersecurity expert. In essence, they can guide you toward the right products, scan your network for vulnerabilities, and take other measures to ensure you are as protected as possible.
by Felicien | Apr 8, 2020 | Education
How to Protect Your Phone From the Coronavirus
Find out how long the coronavirus can live on your phone. Learn how the coronavirus gets onto phones. Get tips on how to clean your phone or other devices.
Around the world, people are taking unprecedented measures to protect themselves from the coronavirus. Schools and businesses have closed, and many people are sheltering in place, only leaving their homes for essentials.
While you may already be taking many of these precautions, you also need to be aware that your phone could be harboring the virus. Keep reading to learn how to protect yourself.
Can the Coronavirus Live on Your Phone?
Research indicates that the coronavirus can live on inanimate surfaces such as the metal or glass of a phone for up to nine days. If you’ve handed your phone to a friend to watch a video, had your phone in the vicinity of coworkers or other people, or even just held your phone after touching potentially infected surfaces, you need to clean your phone.
Even if your phone hasn’t been anywhere in a while, you should still clean it. This can be especially important if you are a senior or are immunocompromised or if you let your children use your phone.
How the Coronavirus May Get on Your Phone
Because people use their phones so much, they’re likely to touch their phones without even thinking about it. To illustrate, imagine you’re in a store grabbing groceries. You are very careful not to get within six feet of other shoppers and of course, you sanitize the shopping cart before use.
However, you end up touching items on the shelves or the credit card machine while you are paying. If someone with the coronavirus has touched these surfaces or coughed near them, these surfaces may harbor the virus.
After touching these surfaces, you are aware that you may have picked up some germs on your hands so you avoid touching your face until you can sanitize your hands, but you still reach for your phone to use mobile pay, check your bank balance, or to look at a text. While doing those routine tasks, you potentially put germs onto your phone.
In other cases, the spread of germs to your phone can be much simpler. For instance, you walk into a store, touch the door handle, and then pull out your phone. People are so used to checking their phones frequently that they are often overlooking these risks.
Why You Shouldn’t Touch Other People’s Phones
Additionally, a lot of people bring their phones into the bathroom, and the coronavirus can be transmitted by fecal matter just as easily as it spreads with droplets from your mouth.
To protect yourself, avoid touching other people’s phones. If you work in an industry where you have to touch people’s phones — for instance, if you work in phone repair or handle tech support for a business — you should wipe off phones or devices before touching them.
How to Clean Your Phone
Now that you see how easily these germs may get onto your phone, check out these tips for properly sanitizing your device.
Find a sanitizing product. If you don’t have hand sanitizer, you can make a solution with 0.1% bleach or 62% to 71% ethanol and water. You can use Clorox disinfecting wipes or similar products safely on most phones, but you should not use aerosol sprays, pure bleach, or abrasive cleaners.
Put the cleaner on a soft cloth. Don’t apply it directly to the phone.
Wipe off the phone with the sanitizing wipe or a microfiber rag moistened with cleaner. Throw sanitizing wipes away after use, and put rags directly into the wash. Keep in mind those items may harbor germs so you want to avoid reusing them or putting them somewhere they could spread more germs.
The coronavirus is more contagious and significantly more deadly than the flu. People are also contagious for quite a while before they show symptoms. As a result, you need to take protective precautions very seriously, and you should make sure your phones or other devices are as clean as possible.
by Felicien | Apr 7, 2020 | Education
What Is Two-Factor Authentication (2FA) and Why Does it Matter?
What is two-factor authentication (2FA) and why does it matter? If you are unfamiliar with this extra layer of protection for all of your logins, keep reading.
It’s no secret that we live in a time where access to laptops and smartphones is so prevalent. Almost everything we do in our daily lives has some sort of connection to these devices, leaving us vulnerable to hackers and scammers who want access to our personal information.
Thankfully, there is a way to help protect yourself. Two-factor authentication (2FA) provides an extra layer of security over what a traditional password offer. Here is what you need to know about two-factor authentication and why it matters to businesses.
Why is Digital Security as a Whole So Important?
Before we can discuss 2FA, we really need to talk about a few of the basics as to why digital security is so important. As individuals, the main reason to practice good digital security habits is to protect your personal information. But for businesses, the benefits of taking extra steps to ensure information is secure is two-fold. Not only does this keep private information of your employees and companies safe, taking additional security steps to protect your customer’s digital data builds trust. That’s why it is important to take measures like implementing 2FA.
What is Two-Factor Authentication (2FA)?
That said, let’s discuss what two-factor authentication (2FA) actually is. This is an extra layer of protection that requires users to prove that they are who they say they are by providing a second set of identification credentials.
How it works is that the user puts in their basic login and password. Then they are immediately required to provide an additional piece of information. This information generally falls into one of three categories:
Something you know, such as a PIN or a second code;
Something you have in your possession, like a credit card you can type in a number to or a smartphone that you can receive a text message on;
Something you are, which includes a fingerprint or use of a biometric device.
In most cases, using 2FA on your website or internal desktop will require just the something you know category. Only in extreme cases with especially sensitive data needing protection will companies often utilize the other two options.
What Are the Different Types of 2FA?
Now that we’ve talked about the basics of 2FA, it is a good idea to talk about the types. There are literally hundreds of options for how you can implement this type of security measure, but some are a bit more common than others. The most used types include:
Hardware Tokens: This is usually a small fob or device that produces a code when a user tries to login. The user must then input that number on their screen. This is usually the least preferred option as the fobs are cost prohibitive and easily lost by users.
SMS-Based and Voice-Based: This is where a user receives either a one-time token via a text message or a phone call. With SMS, the user must input the keycode onto the screen to gain access. For voice, the user must verbally say the passcode when prompted during the call. Both methods are extremely common and many companies are opting for their use.
Software Tokens: The most popular 2FA method is a software token. This is where the user must install a special application on their phone and use it to gain access when attempting to login.
Push Notifications: Alternately, you can also opt to use a push notification as part of 2FA. When the user provides their login information on the screen, a special notification is sent to their smartphone. The user must then approve the popup on the phone to continue.
In short, it is always a good idea to take extra precautions to protect systems and data. Two-factor authentication (2FA) ensures information is much more secure than traditional passwords by adding a layer of security. For most businesses, this is a good idea that protects both sensitive data and builds trust with customers.
by Felicien | Apr 5, 2020 | Education
Zoom Scrambles to Address Cybersecurity Issues in Meeting Platform
As the usage of Zoom has skyrocketed during the coronavirus outbreak, the company has had to respond quickly to security flaws and potential phishing attacks
As Zoom usage skyrockets around the world, so too do the opportunities to exploit users unfamiliar with the tool.
The Zoom platform has increasingly has been the target of hackers exploiting the vast numbers of users working from home. For context, the company noted that as of December 2019, the most significant amount of daily users was 10 million. In March, that number ballooned to 200 million.
How Are Hackers Exploiting the Zoom Platform?
For many exploits, it starts with a website.
According to Check Point, more than 1,700 domains had been registered using the word zoom in the first three months of 2020. Many of those domains point to an email server, which can indicate the site is part of a phishing scheme.
Remote workers may receive seemingly official meeting notices using the Zoom platform. Hackers ask recipients to head to a login page and enter their corporate credentials.
It’s a perfect storm that’s playing into the hands of hackers. It also means companies need to be vigilant in helping users understand how to access and use the platform and other tools used in this paradigm shift of how work is done.
“Zoom users should be aware that links to our platform will only ever have a zoom.us or zoom.com domain name,” a spokesman noted. “Prior to clicking on a link, they should carefully review the URL, being mindful of lookalike domain names and spelling errors.”
What Is Zoom Doing to Protect Users?
Zoom has had to take several steps recently to address security concerns related to its dramatic usage growth. The company has increased its training sessions and reduced customer service wait times. Here are several of the other issues that Zoom has addressed:
Zoombombing. Multiple incidents of zoombombing have arisen in recent weeks. Uninvited visitors to online sessions have gained access and harassed participants by playing music loudly, displaying pornography and disrupted sessions. That’s led to more explanations of passwords, muting controls and sharing settings
Windows 10. The company has addressed an issue that affected those using Zoom’s Windows 10 client group chat tool. If chatters used the tool to share links, the Windows network credentials of anyone who clicks on a link were exposed
Facebook Interface for Apple Devices. Zoom removed Facebook’s software developer kit from its iOS client to prevent it from collecting users’ device information
Privacy Issues. The company removed features, including the LinkedIn Sales Navigator app and attendee attention tracker, to address privacy concerns. It also issued updates to its privacy policy
The company announced it was freezing all feature enhancements to redeploy software engineers to focus on what it calls “our biggest trust, safety, and privacy issues.”
How Can You Protect Zoom Users from Cyberattacks?
Here are some tips to ensure that Zoom users are protected:
Use password features to require meeting attendees to log in before being allowed access
Update the software. Users should be alerted that upon finishing a meeting, the software will check to see if an update is necessary
Encourage managers to use the Manage Participants section features, which can control the use of users’ microphones and cameras. Sharing restrictions are also a good practice
Be careful about recording meetings. The recording sits in a file, either online or the host’s computer and could be stolen
Cybersecurity is a sad reality in these turbulent times. However, a focus on prevention and detection are important deterrents to cybercriminals and can reduce the risks to your business.
by Felicien | Apr 1, 2020 | Education
How to Create a Work-From-Home Team Quickly As Your Business Deals With the Coronavirus
Stay productive and secure your tech network as you deal with the coronavirus. Get support for at-home employees. Learn how to switch from an in-office to a remote team.
In the midst of the coronavirus, business owners are facing a host of new challenges. To slow the spread of the virus, you may have been asked to suspend services or allow your employees to work from home. At the same time, however, you also need to continue to bring in revenue, stay productive, and focus on growth as much as possible.
Making the shift from an in-office to a remote team quickly, especially at a time when everyone is dealing with untold stresses, can be difficult, and the right approach is essential. Check out these tips.
1. Decide What You Need to Stay Productive
Creating a remote team isn’t as easy as handing your workers a laptop and telling them to check in once in a while. If you don’t have a current work-at-home policy, you need to create one from scratch, and you may need to adjust workflows, find new tools, and create new security policies. As you try to facilitate this shift, keep these types of questions in mind:
What can my employees accomplish from home?
Can they handle core business activities from home?
Even if my business is deemed essential, can I send some employees home?
What types of projects do I want to prioritize during this time?
What applications do I need to facilitate workflows and keep everyone connected?
How can my employees work from home without compromising the security of our network?
What can I do to make this new arrangement as productive and comfortable as possible for myself and my team?
2. Consider Providing Employee With Devices
Don’t necessarily encourage your employees to use their own devices when working from home. Their home computers and tablets have all kinds of music, videos, images, and other downloads that may be infected with malware, and their devices are usually not equipped with the same level of antivirus or malware software you use in your office.
To reduce the threat of cyberattacks, consider providing your team with company-approved and secured devices. However, if you already have a bring-your-own-device (BYOD) policy for your office, you may want to continue having employees use their own devices because in this situation, you’ve already taken steps to secure those devices.
3. Help Your Workers Secure Their WiFi Access Points
As a general rule of thumb, your employees home WiFi networks are probably less secure than the WiFi you use in your office. To secure these access points, instruct your team to do the following:
Use stronger encryption
Create more complex passwords
Hide your network names
Use firewalls
To help your employees with these steps, you may want to create detailed tutorials or contact an IT managed services provider to help you.
4. Route Traffic Through a Two-Factor Authentication VPN
To secure your tech environment as much as possible, consider having your employees access your network through a virtual private network (VPN). A VPN encrypts all the information passing from your employees’ computers to your network. Even if a hacker gets onto your employee’s WiFi network, they cannot see keystrokes or any of the data being transmitted.
If you don’t already have a VPN, look into services such as GoToMyPC or Zoho. Also, try to choose a VPN that supports dual-factor authentication. Then, your employees have to enter a username and a password, but they also have to use a second authenticator such as a code texted to their phone number or email address. This layer of security provides extra defense against cyber criminals.
5. Consult With an IT Managed Services Provider
Returning to business as normal may not be possible for a while, and a managed IT services provider can help identify the tools and processes you need to support your new working environment, while also taking steps to ensure your network is as secure as possible.
In difficult times, you want your business to survive, but if possible, you should try to thrive. Our managed IT services can help you adapt to this quickly changing environment. We can help you choose the tools, the processes, and the resources you need to stay as productive as possible.
