The Sneaky Threat of ‘Internet of Things’ Devices

Many Americans have begun purchasing and installing smart devices in their homes. Unfortunately, these devices have brought about more security issues for the people whom have purchased them and society as a whole. The issue stems from the quickly increasing number of sensors and remote monitors it uses to manage overhead lights in corporate offices as well as the detailed manufacturing processes in factories. Even governments are getting on board as cities, especially, seek new ways to improve energy efficiency, lower traffic build up and improve water quality.

Can you believe there are tens of billions of these ‘internet of things’ now? They create an interconnected world with the intention of making people’s lives more efficient, secure and enjoyable. However, these same devices aren’t all fun and games. Many of them have no real security protection and are becoming what are referred to as ‘botnets’, large networks of small computers that are vulnerable to breaches by hackers.

These botnets have caused a vast amount of issues, from sending large amounts of spam mail to disrupting websites all around the world. Before, these botnets were mostly laptop and desktop computers, however, now with the growth of unsecured devices such as webcams, smart home devices, etc. their disruptive capabilities are increasing.

Most of the companies that are producing products that are the ‘internet of things’ are small and not well known (if at all) with no popular brands or public reputations to preserve. The goals of these companies are to produce vast amounts of products as cheaply as possible, so the customer’s cybersecurity isn’t of much concern for them.

Since these devices are used for a large array of things, it also means there are many vulnerabilities. Examples include weak passwords, unencrypted communications and insecure web interfaces. With hundreds of thousands of identical insecure devices worldwide, there are many targets for the hackers to attack.

Let’s say a manufacturer has set an unchangeable administrative password. A hacker can run a program that searches the internet for those devices and can take control, installing their own malicious software, which makes the device join the botnet community. The thing is, you might not even know it’s happening as the device runs normally until the hacker gives instructions. Then, they can do just about anything a computer might do, such as sending meaningless internet traffic to clog up data connections.

That type of attack, when emanating from thousands of devices at once (called a ‘distributed denial of service’) can shut down companies’ servers or even block wide swaths of the internet from being accessible publicly.

Here’s an example: A major DDoS attack back in 2016 messed with connections to Amazon, Netflix and Paypal for people east coast of the U.S…. and those are some pretty big companies! Can you believe that the attack linked to a botnet-control program created by three teenagers? These individuals were seeking to use more than 100,000 hijacked webcams and other devices around the world to gain an advantage over other players in the video game, ‘Minecraft’. Talk about serious gamers!

The size, scale and broad range of devices make this issue both an individual and public problem. Hackers can interfere with all activity if they flood the internet, or even sections of it, with meaningless content. Traffic would be standstill across towns, countries, and even police offers would have communication issues while trying to resolve the problem. Even the small devices in large numbers can work together to have huge repercussions both online and in the physical world.


7 Warning Signs of an Insider Threat

Internal threats are employees that conduct cyber-attacks on their own organization, which can cause the majority of a companies’ data loss. However, there are plenty of red flags revealed ahead of time if you know what to look for.

According to CA Technologies, over 50% of organizations suffered an insider threat-based attack in 2018, while 25% say they suffered more attacks than in the previous year… 90% of those organizations admitted to feeling vulnerable to insider threats.

Internal threats can be accidental, such as an employee mistakenly leaking information, an outsider imitating an insider with stolen credentials, or an insider seeking revenge or money. Sometimes spotting internal threats can be difficult, but there are warning signs that can help to alert the company of a potential incident before it ensues.

These attacks can be very costly. According to Ponemon, a successful internal attack costs $600,000 on average. Talk about pricey!

Insider Threat Examples

One of the most well-known insider attacks was done by Edward Snowden, the contractor that leaked thousands of documents that revealed how the National Security Agency (NSA) and other intelligence agencies operate. Chelsea Manning is another example. She leaked a large cache of military documents to WikiLeaks.

Another case of an insider: Anthony Levandowske, whom is the Otto Motors’ founder. He reportedly stole 14,000 files from Google’s Waymo autonomous car project just to start his own company. This hurt the company’s finances so much that they ended up giving a stake in its business to Google.

Let’s look at some of the warning signs of an insider threat:

1. Major changes at the organization

There are usually some obvious physical signs before the digital red flags become apparent when it comes to insider attacks.  Dr. Jamie Graves, VP of product management and security analytics at ZoneFox -a behavioral analytics company (later acquired by Fortinet) says, “Usually, there is some sort of organizational change or event that precedes an attack. The most common are if, as an organization, you go through great change- you’re going to be acquired or you’re going through redundancies.”

He goes on to say, “If you dig into it, there’ll be a reason why in there. There could be an indicating factor, and then when you talk to people in your organization they say, ‘Oh yes, Bob, he’s coming up for redundancy, or he’s failed a review, etc.’ You need to have your ducks in a row when it comes to monitoring for that sort of [malicious] behavior.”

2. Personality and behavioral changes

Personality and behavioral changes will be the  first sign of a potential insider threat. The individual could be very clearly and vocally unhappy or seeming to lack motivation. They could be talking about money troubles, working long hours, over the weekend, or spending a higher number of work hours from their home would also be indicators.

Speaking poorly on the company or discussing looking for new jobs should be taken as warning signs. Tom Huckle, lead cyber security consultant and head of training and development at Crucial Academy, a cyber-security training firm, touches on this subject. He says, “If you use LinkedIn Recruiter, you can see if your employees are searching for new roles when they opt in to the option of ‘Looking for New Opportunities. If you do not have access to this, other telltale signs could include them engaging with suspicious parties [on social media] through likes and comments.

3. Employees leaving the company

It is often likely that those leaving the company, whether by their own volition or not, are considering taking data with them. Most IP theft by insiders occurs within 30 days of an employee leaving a company. Those who have a past of ignoring safety protocol should be monitored closely. A Deloitte study showed that 50% of employees known to have been involved in insider attacks had past history of breaking IT security protocols.

4. Insiders accessing large amounts of data

If the behavioral red flags are overlooked, there will be digital warning signs that someone is actively conducting or considering an insider attack. Tom Tahany, intelligence analyst at Blackstone Consultancy, says, “Insiders no longer have to photocopy, photograph, or remove large swaths of physical documents from an office space. Rather, the downloading of several terabytes of data from an online reservoir can be done within minutes from a remote location and distributed rapidly.” The accessing and downloading of large amounts of data is a very strong indication that you have an insider threat.

5. Unauthorized insider attempts to access servers and data

Many insiders go through a reconnaissance stage, where they look into what data and/or systems they have access to. Carolyn Crandall, chief deception officer at Attivo Networks says, “ Warning sings include attempts by authorized users to access servers or data they shouldn’t be, authorized users accessing or requesting access to information that is unrelated to their roles or job duties, and theft of authorized user credentials. Whether the activity is from an authorized employee just poking around where they shouldn’t be out of curiosity, an authorized employee with malicious intentions accessing servers or data to cause damage or steal information, or an external attacker that has obtained valid credentials of an authorized user, if any of these activities are detected it is cause for alarm.”

6. Authorized but unusual insider access to servers and data

Individuals accessing areas of the database they have permission to, but would rarely/never need to access during their day-to-day operations, adjusting many files in a short amount of time, staying late/arriving earlier than usual, or repeatedly trying (and failing) to access areas they don’t have permission for are all clues that an internal attacker may be present.

7. Attempts to move data offsite

The last stage is individual(s) trying to withdrawing data. Examples of this are large downloads to external storage (USB ports, for example), big uploads to personal cloud apps (Dropbox, for example) when your organization doesn’t use that application, or large amounts of emails sent outside of the company that have many attachments.

USBs are still a functional way to remove large amounts of data with less of a footprint, remote late night downloads are also very common. Cisco’s cloud data exfiltration study discovered 62% of questionable downloads happened outside of regular business-working hours, 40% actually took place on the weekends. It is important to keep in mind that even small amounts of data can contain sensitive information that the internal attacker might want.

Jeff Williams, CTO and co-founder at Contrast Security stated, “A credit card is 12 digits from 0 to 9, easily stored in 6 bytes. That means 100,000 credit cards fits into 60KB, a million is only .6 megabytes. You could easily hide that data in a picture or document and nobody would ever detect it.”

Maintaining Employee Trust

One red flag doesn’t always mean that someone is guilty of the crime. There should be an amount of trust between employers and employees. That being said, these are the warning signs to look out for. Prevention is better than the cure. Cooperation, collaboration, and communication between departments is one step to take to create an effective insider threat management program.


27% of Healthcare Organizations Have Had a Ransomware attack in the Past Year

The Kaspersky Lab reported that 27% of healthcare employees said their organization had at least one ransomware attack in the past year. 33% of those individuals said their organization experienced multiple breaches.

In the report, Cyber Pulse: The State of Cybersecurity in Healthcare, the lab explained that in 2018, the U.S. Department of Health and Human Services’ Office for Civil Rights was notified of more than 110 hacking/IT-related data breaches that have affected more than 500 people. That’s a lot of money, not to mention how breaches can permanently damage a company’s reputation and potential harm to patients.

To investigate cybersecurity in health care, the lab used Opinion Matters, a market research firm, to do a survey of healthcare employees in the US and Canada. 1,758 were surveyed to look into the perception of these employees regarding cybersecurity in their company.

81% of small healthcare companies (1-49 employees), 83% of medium-sized healthcare companies (50-249), and 81% of large healthcare organizations (250+ employees) reported experiencing between 1 and 4 attacks.

According to the Penemon Institute/IBM Security’s 2018 Cost of a Data Breach Report, the average cost of a data breach has risen to $3.86 million. Kaspersky Lab’s 2018 Cost of a Data Breach Report reports the average cost at $1.23 million for enterprises and $120,000 for SMBs.

Of course, cybersecurity is important to prevent healthcare companies’ financial loss, but 71% said it was important to protect patients. 60% said it was important to protect the people and companies they work with.

Even though a lot of healthcare companies have a form of cybersecurity in place, many employees don’t have confidence in their organization’s strategy. As a matter of face, only 50% of healthcare IT workers were confident in their cybersecurity strategy, that fell to 29% of management and doctors, 21% of nurses, 23% of finance employees, and 13% of the HR department.

A lot of healthcare employees seem to have a false sense of security. Data breaches are being reported daily, but only 21% of respondents had total faith their organization’s ability to prevent cyber attacks and didn’t think they would suffer a single data breach in the upcoming year. Say what??

Even though 73% of employees said they’d let the security team know if they got an email from an unknown individual asking for PHI or login info, 17% said they’d do nothing. 17% of employees also confessed to having received an email request from an outside vendor for Ephi and gave them the info they requested!

Healthcare companies have become a major target for hackers because of the success they’ve had in the past. IT personnel, management, and all employees have to work together in order to accomplish the balance of training, education, and security solutions that will prevent breaches.


10 Reasons Why Security Awareness Training is a MUST

 

It’s smart to provide security awareness training for your employees. Why? Even with top security services, hackers keep coming up with trickier ways to fool their victims. You can’t 100% guarantee that your clients will stay safe.

Just one breach can cause tons of hours of operation to be lost, damage to the trust you’ve built with clients, and financial loss.

Here are 10 reasons why security awareness training is a MUST:

Think about it… why do you floss and brush your teeth? So that you don’t have to pay to get a cavity filled. How is your network any different? Preventative measures are cheaper than trying to fix a problem. Don’t leave the future of your business in untrained hands. Educate them!

1.Weakest Link

  • In 2016, phishing attacks were behind 90% of security breaches. Phishing attacks like these contribute to over 93% of ransomware attacks (1). So let’s be honest, users are the weakest link in the cyber security chain.

2. First and Last Line of Defense

  • Users are usually the easiest target for attackers. They can be easily fooled into opening suspicious emails, downloading bad attachments, and visiting malicious URLs. If trained properly, users will learn how to spot potential threats and can become the first line of defense.

3. Wise Investment

  • The Ponemon Institute studied phishing awareness training programs. Even the least affective progam still resulted in a 7-fold ROI(2).

4. Breaking Bad Habits

  • Investing in security awareness can help break users’ bad habits by teaching them about how important the role they play is to keeping their organization safe. Companies that provide cybersecurity awareness training see failure rates go down from as much as 25%-5% in just one year (3).

5. No Target Too Small

  • Small businesses have the same risk as large companies. Not only do they handle the data that hackers want, but they’re also less likely to have the resources to get strong security programs that the large businesses can afford.

6. High Stakes

  • An attack on a client is also an attack on your company as it can create financial and legal blows, damage customer loyalty and trust, and even threaten the survival of a business.

7. Threats Aplenty

  • There are so many different forms of threats that users won’t be able to keep up with the defense line without proper education. Just a few examples of threats are phishing, drive-by downloads, malvertising, ransomware, social engineering, code injection, and many more.

8. Work in Progress

  • Cybersecurity threats are always evolving and changing, which makes user education an ongoing necessity. Research shows that providing continuous security education for employees can reduce the risk of a cybersecurity breach by an average of 50% (4). Wow!

9. Assured Compliance

  • Different industries, such as financial services, healthcare, and energy, may face some pretty pricey fines for neglecting to provide training.

10. The Trifecta

  • Security awareness training is a win-win-win scenario. The user becomes more aware and secure, the company reduces its risks and compliance records remain in good standing, and finally the managed service provider minimizes its remediation time and costs.

Think about it… why do you floss and brush your teeth? So that you don’t have to pay to get a cavity filled. How is your network any different? Preventative measures are cheaper than trying to fix a problem. Don’t leave the future of your business in untrained hands. Educate them!

Resources:

  1. “2017 Data Breach Investigations Report.” (April 2017)
  2. Ponemon Institute. “The Cost of Phishing & Value of Employee Training.” (August 2015)
  3. com. “Does Security Awareness Training Even Work?” (September 2015)
  4. Aberdeen Group. “Security Awareness Training: Small Investment, Large Reduction in Risk.” (July 2017)

 

 

 

 


The Truth About Cyber-Crime

If you own a phone, you’ve likely gotten a call with a robotic voice notifying you about something such as the IRS wanting your money or that your personal information has been stolen. If you have an email address, you have probably gotten more than a handful of spam email on any given day. While these are common occurrences, at what point are these scammers a real danger to you and your company? Let’s start with the facts.

 

Numbers

  • 76% of websites contain vulnerabilities
  • 496,657 web attacks blocked per day
  • 1 in 965 emails is a phishing attack
  • 317M new malware variants yearly
  • 28% of malware is virtual-machine aware
  • 9M malicious web robots

 

Hackers tend to target the small and medium businesses because they have fewer resources, minimal security expertise, and inferior (or freeware) anti-viruses. Additionally, these companies tend to have less advanced security layers, are prone to bank online, and are less stringent on security policies.

 

It is important to familiarize yourself with some common suspicious qualities in emails. Here are some tips for noticing these red flags:

 

  • Don’t just look at the senders name, but also look at the email address it came from
  • If prompted to download files, hover your mouse over the link (do not click it) and look at the bottom left-hand corner of your window. Here, you will see the exact site that the link would direct you to. If it is a scam, there will likely be random content in the URL and the hacker link will be obvious

 

As cybercrime becomes more and more of an ongoing issue, the most important thing is to raise awareness within your office. With this information and these helpful tips, you will be better equipped to protect your employees and your company as a whole.


10 Cybersecurity Tips for Your Small Business

If you run a small business, you have a responsibility to your employees and customers. Your employees rely on you to provide them with a steady paycheck in exchange for all their hard work, and your customers rely on you to provide top quality products and

services.

Your customers also expect you to keep their personal data safe, from the credit cards they use to make their payments to the names and addresses they provide. If you run a small business, you have a responsibility to those customers, and you need to take cybersecurity very seriously.

It seems sometimes that not a day goes by without another data breach, and many of those intrusions are aimed squarely at the small business community. If you want to protect your business and its data, start by building these cybersecurity tips into your daily operations.

  • Train all employees on the importance of cybersecurity, including the security of their personal devices. Continue their education with regular refreshers and warnings about current cyberattacks.
  • Set up a separate Wi-Fi network to let workers and guests connect their smartphones and other handheld devices. Personal devices can be a weak link in the security chain, so keeping them off the corporate network improves your overall protection.
  • Use strong spam filters and check their accuracy regularly. Many cyberattacks originate with infected emails.
  • Consider turning off clickable links in incoming emails, at least for emails that originate outside the company.
  • Establish a strong firewall and keep it updated. Whether you use a software firewall, a hardware device or a combination of both, your firewall is your first line of defense against cyberattacks.
  • Test your backups on a regular basis by doing dummy restores. Your cybersecurity and ransomware defense is only as good as your latest backup, and it is important to know where you stand.
  • Keep every device on your network, from network attached storage devices like external hard drives to the servers in the data room to the computers on the desks, up to date with the latest security patches. Make sure your operating systems and software packages are up to date, and do spot checks to make sure the recommended updates are being applied.
  • Stay abreast of end dates for software support. When support for a given operating system or software package ends, so do the security updates. Always have a plan in place to update your operating systems as the support end dates approach.
  • Consider outsourcing your IT operations to a third party. It can be hard for small business owners to keep up with the never-ending security requirements, and outsourcing those tasks can improve safety and give those owners one less thing to worry about.
  • Give employees only the access they need. Insider threats run the gamut, from the unintentional sharing of proprietary information to the deliberate theft of company secrets. Following the least access policy can minimize these dangers.

Running a small business is hard, and keeping your customer data safe can be even more challenging. The threats to data security are not going away – if anything they are ramping up with every passing day. Small businesses are increasingly the targets of sophisticated hacking attempts, ransomware attacks and other online threats, and it is easy for your own business to be caught unaware. Building cybersecurity into your daily operations is the best way to protect yourself, starting with the 10 security pointers listed above.


10 Ways Nonprofit Agencies Can Enhance the Privacy of Their Data

Data breaches are nothing new, and they are no longer confined to for-profit businesses. More and more nonprofit agencies are finding their data compromised, leaving their donors, volunteers and the people they serve vulnerable to identity theft and other serious ramifications.

There are several reasons that nonprofit agencies are increasingly becoming the targets of hackers and the writers of ransomware. One of the most significant reasons for the targeting is the perception that nonprofit agencies often lack the sophistication to protect their data adequately, and there is some truth to this assertion.

Nonprofit agencies often run on shoestring budgets, with little money left over for IT staff or outsourced data monitoring. For many years, some nonprofits have treated security as an afterthought, but these days no one can afford to be blasé about protecting the integrity of their information.

If you run a nonprofit agency or work for one, you need to take a proactive approach to data security. Here are 10 things you can do right now to protect your donors, your customers and the data with which you are entrusted.

  • Collect only the information you need. Whether you are collecting money from donors, working with the people you serve or bringing new volunteers onboard, minimize the amount of data you collect.
  • Recruit volunteers with solid technical skills. Having volunteer staff with up-to-date technical skills is a great way to protect your data without interfering with the good work you do.
  • Store sensitive information offline. If you must store Social Security numbers, credit card data and other confidential information, keep it in an offline database.
  • Provide employees and volunteers with the least necessary amount of access. Giving staff members access to only the information they need to do their jobs reduces the chance of data leakage and helps keep everyone safe.
  • Train your employees and volunteers on security best practices. Provide each new worker or volunteer with data security training, and hold regular sessions to remind them how important it is to keep the firm’s data safe.
  • Install a quality email filter and check it regularly. A good spam filter can reduce the chances of email-based phishing attempts and data breaches.
  • Filter internet traffic as well. Just loading a compromised website could put the security of the entire network in danger, and a good filter is your first line of defense.
  • Turn on automatic updates for all your connected equipment. Keeping your software up to date is an essential part of data security for nonprofits.
  • Schedule an annual security test for your network. Intrusion testing should be an integral part of your data security, and a yearly review will give you, and your customers, peace of mind.
  • Require strong passwords for website access. Online access can make it easier to give donations to the nonprofit, but weak passwords can put those donors at risk. By requiring a secure password for the nonprofit website, you force everyone who logs on to take their security seriously.

Nonprofit agencies face significant challenges when keeping their data safe. From the assumption of weak security to the reality of stretched budgets, these difficulties can create real problems. By taking a proactive approach to the safety of your donor, volunteer and customer data, you can enhance data security and make a data breach far less likely.


7 Reasons You Should Switch to Cloud-Based ERP Software Systems

ERP softward solutions with Elevated Tech

More than ever, small to medium-sized businesses are favoring cloud-based enterprise resource planning (ERP) solutions. While it may seem daunting to transfer your resource management systems off-premise, for most businesses it’s a smooth, streamlined process. Yes, there’s an initial learning curve, but most systems are intuitive, customizable, and cost-efficient. Here are seven reasons you should switch to ERP software.

  1. Data Management and Security

Most cloud-based ERP solutions have enhanced user-permission settings. What that means is greater security for all your data, including processes, financial, resources, planning, and inventory. ERP software offers a more robust security package than typical spreadsheet programs or document sharing solutions.

Software-as-a-Service (SaaS) providers monitor systems 24/7 and can patch any potential security exploits as soon as they’re discovered with automated, real-time updates for all users. Compare that with only discovering a security issue once there’s been a breach and then having to report the issue and wait for a response. Most reputable cloud-based ERP vendors support higher security standards than a typical small to medium-sized business can afford on their own.

  1. Knowledge Sharing and Community Support

With on-premise ERP software, customer support can be slow and expensive. But with cloud-based solutions, you have access to a vast knowledge base drawing on the experience and expertise of hundreds of thousands of business users. User forums for SaaS ERP solutions are active and efficient, providing experience-based resolution to issues in record time. You’ll have access to the vendor’s customer support service packaged into your monthly subscription. It’s a win-win, best-of-both-worlds situation.

  1. Improving Data-driven Business Decisions

Other advantages of cloud-based ERP systems are standardized data and integrated data management applications. In practice, that means better speed and accuracy when performing year-to-year analyses and forecasting.  Most ERP software solutions offer a user-friendly, browser-style interface and dashboard.

  1. Facilitate Regulatory Compliance

Cloud-based ERP software systems facilitate compliance with government regulations. Most providers deploy GAAP as the standard in financial management software, for example. Integrated data systems increase ease of traceability across the supply chain.  Compliance with data security standards is built in and updated for you.

  1. Automated Daily Business Processes

Most on-premise software solutions demand hours of employees’ time to run even basic processes. Cloud-based ERP systems allow you to automate operational and administrative processes such as linking orders to accounts, sales reporting, human resources management, manufacturing processes and distribution tracking. This leaves your employees free to concentrate their time and creativity on revenue enhancing processes rather than process management.

  1. Your Business in Your Pocket

To access on-premise ERP software systems you have to be on the premises. But most cloud-based providers offer integrated native applications for mobile devices. More than just allowing you to keep in touch, this means you can monitor key performance indicators such as sales, revenue, acquisitions, and web traffic in real time wherever you are. You can carry the office with you in your pocket and access and manage data on the move.

  1. Competitive Pricing and Customizability

The SaaS cloud-based ERP software solutions market is growing. That means it’s competitive and good for customers. The upfront and on-going costs of cloud-based solutions are favorable for small to medium-sized businesses as there’s no need for investment in hardware, infrastructure, added staff training, or licensing. As vendors compete for your business, they’re offering ever-more flexible and customizable products so you’re almost certain to find a solution tailored to your needs.

The Future is in the Cloud

The operational capabilities offered by cloud-based enterprise solutions are attractive and cost-efficient. Coupled with enhanced process automation an intuitive, dynamic user interface and mobility, there’s little competition. The future of enterprise resource management is in the cloud. Smart businesses bring the future forward. Now is the time to switch to cloud-based ERP software solutions.


What You Need to Know About Ransomware

ransomware protection with Elevated Tech

Social media is full of scare stories about ransomware and the damage it can do to businesses and personal users. However, taking a few precautions and planning ahead can minimise the potential for damage. Understanding what ransomware is and how it works enables you to protect your computers and important files. Here’s what you need to know about ransomware.

Ransomware

Ransomware is an increasingly prevalent form of malicious software (malware) that works by blocking access to files, folders or whole devices. Once cybercriminals have taken control of your system, they can demand a ransom to restore your files. Ransom payments are usually made with cryptocurrency, although credit cards, PayPal and even cash payments are sometimes used.

Types of Ransomware

Encryption ransomware works by encrypting individual files or folders so that you can only access them with a special code or encryption key. With this type of ransomware, you should still be able to use your computer and any unaffected files.

Screen lockers work by blocking access to your entire computer. If your computer has been infected with screen-locking ransomware, you will see a full-size window covering the whole screen. This window will contain instructions for making the ransom payment. The message on the lock screen may claim that your computer has been locked due to suspicious or illegal activity and will often appear to come from an official source, such as law enforcement or legal departments.

Another common type of ransomware is the security scam, which starts by displaying a pop-up window that appears to come from your antivirus or security software. The window may claim that your computer is infected with a virus and the only way to remove it is to make a one-off payment for a special removal tool.

File encryptors, screen lockers and security scams are the most common forms of ransomware, but there are new types being developed all the time.

Sources of Ransomware

Ransomware can come from a number of sources, including email attachments, infected websites and malicious advertisements. Spam emails containing attachments or links to malicious websites are among the most common causes of malware infections. Links in social media posts, online forums and even messaging apps can also direct users to infected websites.

Malicious advertisements can contain code and webpage elements that distribute ransomware and other malware to unprotected computers. These advertisements are automatically loaded when you visit particular websites, which means that your computer can be infected with malware even if you don’t click on the advertisement or link. Browser add-ons, infographics, program installation files and many other files downloaded from the Internet can also contain malware.

Protecting Against Ransomware

Staying vigilant and being cautious when opening email attachments, clicking on links and downloading files from the Internet will significantly reduce the risk of ransomware infection, but there are other things you can do to increase security and protect your computer from malware. Installing a security suite and antivirus software is essential for any computer or device with access to the Internet.

Most operating systems and browsers provide extra security settings to increase online safety. However, the best protection against ransomware is to make regular backups of all your files. If you keep up-to-date backups of your data, you will be able to restore any files encrypted by the ransomware.

Ransomware Infection

If your computer is infected by ransomware, you can try using decryption tools to recover encrypted files. You can also try using software available from trusted security companies to regain access to a locked computer. However, these tools are not effective for some types of ransomware. Often, the best solution is to wipe the hard drive and reinstall the backup files. Security experts advise users never to pay the ransom, as there is no guarantee that cybercriminals will restore the files.

Finally, you should report any ransomware attacks to the relevant authorities in your country, as this helps security experts to design tools to protect against this ongoing threat.


Five Online Scams to Watch for in 2018

scam alert

Online scammers never rest. They always find new ways to trick people. You must be vigilant. If you are active online, it is important to stay educated about the scammer’s methods. Here are five scams to watch out for in 2018.

Netflix Phishing Scam: Netflix has a customer base of over 100 million users. That makes it a frequent target of scammers. Some users have received an email asking them to update their billing information before their membership is suspended. If you receive such a message, be cautious. It is always risky to follow links in an email. Before updating your information with Netflix, go directly to the official website and log in from there.

Google Chrome Browser Freeze: Google Chrome is the most widely used browser, which makes it a frequent target of scammers. Upon visiting certain infected websites, Google Chrome will begin to download thousands of files. Soon after, your Chrome browser is likely to become unresponsive. Next, you receive a pop-up with a toll-free number to a fake technical support line.

This malware spreads through the use of infected ads on reputable websites, so using an ad blocker will prevent most attacks. Make sure that your computer’s virus protection is up-to-date. If your browser freezes, you can still close Chrome through the task manager by selecting Control-Alt-Delete on your keyboard.

New 2018 Microsoft Phishing Scam: Many Microsoft Hotmail, Live, and Outlook users have received fraudulent emails claiming that their account will be frozen if they don’t update to 2018 Microsoft. If you follow the link in the email, you are asked to enter your username and passwords. If you do as the scammers request, they will have access to your login information and can take control of your Microsoft-related accounts.

If you receive this message, go to Hotmail, Live, or Outlook directly. After you log in to your account, you will receive instructions if there are indeed any problems. Remember: don’t ever follow a link in a suspicious email.

FedEx Parcel Scam: Many FedEx users have received phishing emails with a subject line stating “FedEx: Delivery Problems Notification”. The scammers have created an email template almost identical to FedEx’s official email template, so beware. If the email asks for information about credit cards, invoices, or account numbers, it is not a genuine email from FedEx. If you have any questions about your FedEx account, go directly to the FedEx website and log in from there.

$1,000 Amazon Gift Card scam: This scam has been around for years, and is still a problem in 2018. Infected ads at reputable websites install adware that shows pop-ups. Once infected with the adware, you will receive a message claiming you have won a $1,000 Amazon gift card. If you click the pop-up, it takes you to a short survey. After you complete the survey, you are asked to provide personal information, such as banking details and contact information.

Never click any pop-ups that claim you have won an Amazon gift card.

Online scammers are very creative, continually developing new tools and methods. But the criminal’s best weapon always remains the same: exploiting user complacency. Even if you know the site is reputable, be suspicious when you receive emails and pop-ups. If you have a question about one of your accounts, go directly to the website and log in. Don’t ever follow a link in an email unless you are 100% certain it is authentic. Keep up-to-date on the latest scams. Be smart and stay safe.  Contact Elevated Tech today for user awareness training!