by Felicien | Jan 16, 2020 | Education
Learn about juice jacking and how to prevent you or employees from becoming a victim.
Here’s a new cyber threat to worry about: Juice Jacking. Read on to learn what about juice jacking and how to prevent yourself or employees from becoming a victim.
What Is Juice Jacking?
One common feature of modern smartphones is that the power supply and data stream pass through the same cable. When you plug your phone in to charge, hackers could theoretically access your phone through the same cable and inject malicious code or steal your personal information.
Your USB connector has five pins. However, it only uses one of those five pins to pass-through power for charging. Two additional pins are used for transferring data. So, when you charge, you could also be opening a port for passing data between devices.
We have only seen unconfirmed reports of juice jacking happening in the real world, but engineers have demonstrated how it is possible. In theory, threat actors might hide a device in a public charging station at airports or hotels. It’s a big enough concern that the District Attorney’s office in Los Angeles recently put out a warning to travels to avoid using public USB charging stations.
The FBI put out a warning about a device that’s small enough to fit inside a USB charger that can steal keystrokes from wireless keyboards. Another device hidden inside a USB charging station accesses your video display. It then records a video of everything you do, which might include passwords, accounts numbers, or PINs.
How To Prevent Juice Jacking From Happening to You or Your Employees
We’ve been warning people about the potential danger of using public Wi-Fi stations for years. Hackers can set up Wi-Fi hotspots in coffee shops and other public places then intercept data as it’s sent back and forth to your device. Now you can add public charging stations to the list of potential problems.
This doesn’t mean you shouldn’t use them. You just need to take basic security precautions to stay safe.
Avoid using public USB charging stations or plugging into computers that you aren’t familiar with.
Instead, use an AC power outlet and your own charging device. No data transfer is going to take place when you’re using an AC outlet and your charger.
Consider external batteries, power banks, or wireless charges if you need a charge on the go.
You should also avoid the temptation to plug into a USB charger you find left plugged in somewhere. It may be waiting for you to plug in and infect your device.
For iOS users, you can also use USB Restricted Mode which allows charging but prevents data transfers under certain circumstances. You’ll find it by going to Settings > Face ID & Passcodes (or Touch ID & Passcode) > USB Accessories. For Android users, USB data transfer should be disabled by default. If you want to check to make sure that’s the case, plug in your phone in a safe place, click on the notification and check USB Configuration options.
by Felicien | Jan 15, 2020 | Education
What You Can Do to Prevent Cyber Attacks Targeting Employee Data
Threat actors are targeting companies to obtain personal information about employees to use for tax fraud and filing false returns.
Your company stores all sorts of personally-identifiable data about your employees. Birth dates, social security numbers, health information, and bank account numbers are all on the shopping lists for hackers who can sell the information they steal or use it for malicious acts. One of the most sought-after documents by bad guys is tax records and tax forms.
These threat actors use that information to steal identities and file fake tax returns. Tax identity theft is the biggest type of ID theft reported to the Federal Trade Commission (FTC) each year. The FTC estimates the fraud at more than $5 billion annually.
Often, the victims aren’t aware anything has happened until they go to file their personal tax returns. They may try to file electronically, and have it rejected as a duplicate, or get a notice from the IRS saying there’s a problem. By then, the fraudsters are long gone.
How Do Hackers Steal Employee Data?
The most common way your employee data is breached is via phishing emails. Nearly a third of all data breaches and 78% of cyber-attacks started with a phishing email.
Hackers use email as a weapon to gain access to your systems. It may be as simple as sending an email asking employees to update their payroll information. Clicking on a malicious link can send that info to the wrong people. That’s exactly what happened to employees at the University of Kansas who soon found the direct deposit of their paychecks had been re-routed.
Other phishing emails may be targeted at individual employees using a variety of schemes to trick employees into giving up login credentials allowing cybercriminals to have access to company records. Other schemes may install malicious code when clicked and set up backdoors for hackers to access company computer networks. HR employees are also being targeted. A forged email may appear to come from a company executive or a third-party payroll processor asking for verification of information.
In an increasingly mobile society, hackers are gaining access to sensitive data when employees are connecting remotely to company servers without using proper security practices. When employees use public Wi-Fi, for example, they are vulnerable to man-in-the-middle attacks where threat actors intercept data as it’s being transmitted back and forth.
How To Prevent Becoming A Victim
Educating your employees about the dangers of phishing emails is a good place to start. One trillion phishing emails are being sent every year. While your company’s spam filters catch many of them, a significant number can slip through. Employees need to recognize the warning signs and everybody within your organization needs to take precautions to safeguard your data:
Install anti-virus and anti-malware software on all devices
Use strong passwords of 8 or more characters, numbers, and alphanumeric characters. Force changes regularly.
Encrypt all sensitive information
Back up sensitive information to a secure external source
Limit access to employee data with escalating security procedures
Require employees to install security software on all devices that access company data, including personal devices
Use Virtual Private Networks (VPNs) to encrypt data accessed remotely
It’s also important to keep all your software up-to-date. Hackers exploit what’s known as zero-day vulnerabilities in outdated software. These are known security problems that have been patched by the company. If the patches haven’t been applied by those using the software, hackers can exploit this known problem. That’s what happened to credit reporting agency Equifax, which saw hundreds of millions of records stolen when the company had failed to apply patches to known security issues.
Consider A Managed Service Provider
Even the best IT teams can be overwhelmed by managing all the various devices and entry points to their networks. They may not have the expertise needed to stay on top of constantly evolving threats and security practices.
A Managed Service Provider (MSP) can actively monitor a company’s servers, exchange servers, active directory servers, firewalls, routers, switches, and platforms remotely. This ensures software is always up-to-date and breaches are identified immediately.
An MSP will monitor your network traffic and incursion points 24/7 in a cost-effective way. In case there is a cyber-attack, an MSP can be your best weapon in identifying the threat, shutting it down, and building additional security walls to prevent future breaches.
by Felicien | Jan 7, 2020 | Education
Have you been following the news lately?
The recent events between the United States and the Islamic Republic of Iran are causing some concerns across the cybersecurity community. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a very important alert focused on Iran’s historic use of cyber offensive activities as retaliation for attacks against their state.
Read more here
Patterns of known Iranian threat techniques include: credential dumping, obfuscated files or information, data compressed, PowerShell, user execution, scripting, registry run keys/startup folder, remote file copy, spearphishing link, and spearphishing attachment.
As your trusted IT services provider, we want to make you aware of this information shared so you can protect yourself, your company, and your customers. The CISA recommends taking the following actions:
Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
Increase organizational vigilance. Ensure security personnel is monitoring key internal security capabilities and that they know how to identify anomalous behavior.
Confirm reporting processes. Ensure personnel knows how and when to report an incident. The well-being of an organization’s workforce and cyberinfrastructure depends on an awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system.
Exercise organizational incident response plans. Ensure personnel is familiar with the key steps they need to take during an incident. Do they have the access they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel is positioned to act in a calm and unified manner.
by Felicien | Jan 5, 2020 | Education
25+ Microsoft Excel Shortcuts to Boost Your Productivity
Are you getting your money’s worth out of this productivity tool? Find out how to save insane amounts of time and frustration with these 25 Microsoft Excel Tips
When it comes to processing data, Microsoft Excel is everything to everyone. But because it’s a vast tool, many people never take the time to discover the Excel shortcuts relevant to them.
Obviously, these Excel shortcuts aren’t really secrets. No one’s hiding them from you. But because we don’t learn them, we waste a lot of time in an otherwise very streamlined and powerful productivity tool.
Franklin Covey, the author of the bestseller business classic, 7 Habits of Highly Effective People, said we need to take the time to “sharpen the saw”. Are you working with a dull blade by not using Excel to its fullest? Check out these Excel tips that will instantly sharpen your skills.
Learn Navigating Shortcuts
Ctrl+End moves you to the bottom right-hand corner of your worksheet. Because this stays within the cells in which you currently have data points, shortcuts like this let you quickly move from one side of the sheet to the other. You don’t have to endure the frustration scrolling too far.
Similar navigation shortcuts include:
Ctrl + Home – Go to upper left-hand corner.
Ctrl + Down Arrow – Go to lowest cell in the currently highlighted column.
Ctrl + Up Arrow – Go to the top cell in the current column. But keep in mind that if you have a blank cell in the column, it will stop there whether you’re going up, down, left or right.
Ctrl + Right – Go to the far right of the current row.
Ctrl + Left – Go to the far left in that row. Home key also does this.
Use the Go To Box
In the upper left-hand side of Excel, above your worksheet, you’ll find a Go To box. Simply point and click into the box. Then you can type any coordinates to go directly to a cell. For example, G102. If you’re working with a large sheet, Microsoft Excel tips like this are indispensable.
Keyboard shortcuts will always save time once you know them. But it’s when you’re on devices that have difficulty with point and click systems that you’ll save the most time.
Use F5 or Ctrl + G to pull up the Go To box automatically. Then type, press enter and go.
Use this same shortcut to select ranges of cells.
You can further use Go To Special, which is in the bottom right of the Go to Screen. This takes you directly to cells that meet a particular requirement. For example, if several cells on a spreadsheet should have a formula, this gives you a visual of which cells are missing formulas to help you validate your data.
From here, while the cells are highlighted, you might choose to add special formatting to make your sheet more understandable at a glance.
Highlight Cells Without the Mouse
Once again, your mouse is a terrible way to navigate in Excel. As you try to highlight groups of cells across columns, you inadvertently select other cells and can’t seem to get the right ones selected.
Yes, there are some better ways to select large numbers of cells with Excel shortcuts.
Ctrl+A highlights all cells with data points in them. Press Ctrl + A again to highlight the whole sheet.
Or highlight a specific section with this keyboard-mouse combo. Just start at the top-left cell of the part you want to select. Then Shift + click into lower right cell with the mouse. This highlights everything vertically and horizontally in between those cells.
You can accomplish the same thing without the mouse if needed. Simply move to the starting cell (always top left) for your highlighted area. Then hold the shift key and use the arrows to highlight across a row, down a column or across columns/rows.
You can also keep holding shift and move the arrows until you get it just right. Or use the mouse plus keyboard technique first. Then fine-tune what you select by pressing shift again and then using the arrows.
This is perfect for erasing large sections or formatting areas of your sheet.
But let’s say that the cells you want to highlight aren’t all next to each other. You can still highlight them together. But you will need the mouse for this one. Hold select while clicking the various cells, you’d like to highlight.
Once you’ve highlighted these cells, use Microsoft Keyboard shortcuts like:
Ctrl + B – Bold
Ctrl + I – Italic
Ctrl + U – Underline
And know that even if you’re using Excel on a Mac, you still have similar shortcuts. In most cases, the Command key replaces CTRL.
Improve Cell Data Entry Speed
Data entry is the centerpiece of Excel. But there are definitely some right and wrong ways to do it when treating Excel like the productivity tool it is. Check out these Microsoft Excel tips for faster and more accurate data entry.
Highlight an occupied cell and start typing to replace the data. There’s no need to delete or backspace first. But be careful. You could accidentally erase a cell this way.
Edit more detailed cell data from the formula bar instead of in-place. This is especially effective if you have formatted your sheet to not show all the data in a particular cell because it’s long. Just click the cell and then click into the appropriate place in the text to start typing within that bar.
Use in place editing when small amounts of data in a cell. Simply double click to open the cell for editing.
Excel Shortcuts & More
We’ve only scratched the surface. So practice these 20+ tips and you’ll be eager to learn more. For more ways to increase your individual and corporate productivity, follow our blog.
by Felicien | Jan 4, 2020 | Education
Quick Tips to Save Your Computer from Ransomware
Are you struggling to remove vicious ransomware from your computer? These quick tips will help you (safely!) access information on your computer and get back online in no time.
You’ve heard about ransomware attacks, but never thought it could happen to you. That’s the beginning of the story that IT professionals around the world are hearing from users — business users, individuals, schools — there are no “safe spaces” when it comes to the ability of cybercriminals to wreak havoc on your technology. There’s always the option of paying the ransom, but this path is fraught with dangers. If the attacker doesn’t issue you the unlock code for your files, there’s no Better Business Bureau to report them, you lose the money you paid and will still need to work with professionals for ransomware removal. Understanding the three key variants of ransomware is the first step to potentially rescue your computer.
Three Main Variants of Ransomware
Ransomware is often classified into three main types:
Scareware, when a bogus antivirus screen pops up on your computer, letting you know that there are “many issues” and demanding money to remove the detrimental files. This is the easiest variant to resolve.
Lock-screen viruses are a more advanced attack and can be quite frightening. With this type of ransomware, you might be presented with an official-looking screen that you cannot navigate away from with details on sending money securely to remove the lock.
Advanced ransomware physically encrypts your files as well as locking access to them. It can be significantly more challenging to remove this type of ransomware without paying the fine. One example is Ryuk, where data recovery by professionals has only been successful approximately 3% of the time.
PC Rescue and Recovery Tips
While the other sure path to success is to work with a local technical professional to get everything up and running securely, you may be able to run through these tips and release your PC from the hostage situation.
Enter Windows’ Safe Mode and utilize on-demand anti-malware scanning software such as Malwarebytes.
If your anti-malware software isn’t successful, your next option is to attempt to restore to a point in time when your computer was safe and free from infection. You can complete this task by shutting down your PC completely. For Windows 7: Restart your computer, pressing the F8 key repeatedly and then selecting “Repair Your Computer”, log on and select System Restore. For Windows 8, 8.1 or 10: Hold down the Shift key, select Restart which will reboot your computer to the recovery screen. From there, you will select “Troubleshoot” “Advanced Options” “System Restore”.
If your system restore attempt is unsuccessful, your next option is to attempt running anti-malware software from a USB drive or bootable disk. The following trusted vendors have solutions available: Bitdefender, Avast, Kaspersky, Norton and Sophos.
The final step in the recovery process often involves finding your lost files and attempting to restore any additional systems settings that were lost during the process.
Ransomware recovery is a pain at best and very expensive at worst. A strong defense is your best option and installing a strong anti-malware and antivirus software package will help repel the vast majority of attacks before they can take hold. However, the only sure-fire method of ensuring you don’t lose anything in a ransomware attack is to create full and complete external backups. With ransomware attacks surging 77% in 2019, there’s always the possibility that you will never retrieve your priceless memories and private files without a solid backup plan in place.
