If you are a frequent reader of our blog, you know all about phishing scams. They are emails and messages sent that are designed to extort money and gain access to computers and networks for nefarious purposes. The popular IT support company Geek Squad, a subsidiary of Best Buy, is the latest company caught up in such a scam.
Let’s take a look at how the scam works and how you can avoid becoming its next victim.
The Scam Overview
The scam starts benign enough: users will get an email that tells the user that their Geek Squad membership has been renewed. Typically the people that receive this email aren’t members of any recurring Geek Squad service, so they call the toll-free number listed in the email to find out what the deal is. The operator on the other end of the line then agrees to refund the money, but demands access to your online banking account to quickly refund the money. They ask for remote access to your computer to show you how to securely do this.
Then things go completely sideways.
The technician then tells the user that something has gone wrong and tells the user that they mistakenly sent a large amount of money to their bank. Using intimidation and accusations, they get the user to then withdraw money from their bank account and send it to an address to settle up. These fake technicians (fraudsters) will then try to extort more money out of users by saying that the parcel containing the money was never received. It has cost hundreds of people hundreds of thousands of dollars over the first half of 2022 alone.
So, you don’t think you could fall for such a thing? That’s what every victim thinks until they are thousands of dollars lighter in their bank account. Last year, it was Norton Antivirus and during the height of the pandemic it was the IRS and Amazon. These scams never stop, so you should know how they operate so that you can do your best to stay secure. These scams:
- Use the name of a popular and well-established organization
- Send emails with attachments or links that, if you look past the frenetic content of the message, seem completely suspect.
- Use urgency to stress the user out and make mistakes they normally wouldn’t.
Questions About Phishing You Need to Consider
If you think a message you’ve received could be a potential phishing attack, you should ask yourself these three questions:
Who Sent It?
Are there irregularities in the address it came from, are names or suffixes misspelled, or does it come from someone who has never corresponded with you before?
What Does the Message Contain?
Are there any links shared in it, does a strange URL appear when you hover your cursor over them, are there any attachments?
What Does the Message Actually Say?
Are there spelling and grammar issues in a professional email, is there an excessive sense of urgency or time sensitivity communicated, or is there a request to do something like share data or forward access credentials?
Phishing scams aren’t ever going to stop, so knowing how to identify and thwart attacks before you are out money or your organization deals with a data breach is extremely important. Let’s talk about the best practices to safeguard your organization from cyber crimes.
Check back soon for more great cybersecurity content.
With cybersecurity a priority for every business that depends on their IT, there are a lot of different strategies being utilized out there to keep threats off of networks and data safe. One of the most advanced strategies being used today is enlisting a service that runs a Security Operations Center (SOC). Today, we’ll investigate what a SOC is and how it works to keep threats at bay.
What is a Security Operations Center?
The Security Operations Center is a lot like the Network Operations Center (NOC), but its whole purpose is to monitor computing networks and devices and eliminate threats to their efficient operation. While that description may seem simple, business computing infrastructures are typically complex with a lot of end users, making network and device security a complicated endeavor.
Today’s businesses have computing infrastructures and networks that run around the clock, and the SOC is staffed to facilitate that 24/7/365 demand for security monitoring and services. Working hand-in-hand with your NOC (and perhaps other IT administrators depending on the complexity of your business’ IT), the SOC typically handles the overarching cybersecurity strategy.
Typically, businesses want their IT to align with how they want to run their business and part of that is maintaining uptime and keeping threats off of the endpoints, networks, and the vast amount of infrastructure that makes up the network. After all, all it takes is one vulnerability to be exploited and it can create major problems. The SOC deploys a myriad of tools and strategies all designed to do one thing: stay ahead of threats to the network.
How the SOC Operates
As we stated previously, the SOC functions much like a NOC in that its main purpose is comprehensive around-the-clock monitoring and notification. If something goes wrong on the network, the SOC will log the issue and do what it can to mitigate the issue. As these things happen it will notify the IT administrator (the NOC) of the issue to keep them in the loop. Let’s take a brief look at some of the services the SOC will provide:
The discovery process is a major part of how the SOC can be most effective. In being aware of all the hardware, applications, and other tools on the network(s) your business needs, the SOC can ensure that everything is monitored continuously.
Not only will the SOC monitor software and traffic trends, it will also monitor user and system behaviors as a way to identify issues.
Keeping large computing networks secure is a big job, and a lot of your executive and managerial team don’t have the knowledge or the time to stay on top of threats as they come in. Keeping logs of every action the SOC makes, including communications with vendors/employees and steps taken to keep the network and infrastructure free from threats is a great way to provide a layer of oversight to the security process. It’s also an important factor in staying compliant with any regulatory mandates.
Comprehensive Incident response and investigation
This is where the SOC really becomes a major benefit for the security of your company’s IT. Not only do SOC technicians respond quickly to any incident, they also work fast to investigate what caused the issue in the first place. Going further than your typical IT management, the main benefit of the SOC is the mitigation of efficiency-sapping issues such as malware and other manners of attack.
If you think your business could use a Security Operations Center service to keep your growing network and infrastructure clean from threats and working for your business, give Point North Networks, Inc., a call today at 651-234-0895.
How often do you find yourself stressing out about who has access to which data or internal resources on your company network? What about who has access to open the front door of your office or who has access to important physical resources within your building? Ensuring the security of your business’ assets is critical, and access control tools can help your company ensure that only authorized individuals have access to specific parts of your organization’s infrastructure, be it physical or digital.
What is Access Control?
Access control is, at its core, a way to restrict access to specific resources within your company based on user or role. It generally involves authorization of some sort and demands that the user verify their identity before being granted access to said resources. Think about it like asking the network for permission before being allowed onto it; once the network or infrastructure has confirmed the identity of the individual, they will have access to the resources.
Access control can be broken up into two groups: digital or cyber access control and physical access control. We’ll go over some of the benefits for both types of access control and how they can help your business keep itself safe.
Cyber Access Control
Your business undoubtedly has data on its infrastructure that should only be accessed by specific individuals and no one else. This might include sensitive employee data, applications or resources, financial records, and so on. You should be limiting access to important information like this specifically because the fewer people who have access to it, the less likely it will be compromised. Through access control tools, you can control which employees have access to specific data, applications, or resources on your network, based on their role within your organization.
Physical Access Control
Sometimes you want to keep certain users out of specific parts of your office. This is where physical access control comes into play. Physical access control might involve key cards, code-guarded doors, and even biometric scanners, with the intention of securing various parts of your office. One example of how you might use it is if you have sensitive records stored in a specific part of your office. You might keep that door locked, only accessible to specific individuals within your organization. Another example might be an access gate open only to employees of your business.
Get Started Today
Point North networks, Inc., knows how complex it can be to implement new security solutions, especially if they require a certain level of management and maintenance, like access control systems do. We want to help your business take advantage of these solutions in a way that minimizes the additional duties and responsibilities of your organization. Through Point North, you can implement, manage, and maintain these systems without dedicating your internal resources to them; instead, you can outsource the responsibility to us! Our technicians are more than happy to assist you each step of the way.
To learn more, reach out to us at 651-234-0895.
Getting your staff to care about your organizational network and data security may be more difficult than you might think, but it’s not a lost cause. Today, keeping your business’ organizational security strong relies heavily on your staff’s willingness to follow the right practices, so today we thought we’d give you seven tips to get your people to care about security
Be Up Front
One of the main reasons employees don’t often care about cybersecurity is the overt secrecy surrounding it. Today’s organization needs to come clean when it comes to the constant threats that are out there. If you want your people to have a vested interest in keeping your business’ information systems and data secure, you need to level with them. After all, they can’t help if they don’t understand.
Make it a Personal Investment
Your company holds a lot of your employees personal data. Let them know that along with any sensitive and proprietary data that could be lost in a data breach, that their data could also be vulnerable. In order to sufficiently secure your data and theirs, they need to know what’s at stake if they don’t actively follow cybersecurity procedures.
Top Down Security
Every member of your organization needs to understand that they could be targeted by hackers and fall victim to these threats. The more your employees understand that management is actively complying with security policies, the more willing they will be to alter the way they consider cybersecurity.
Gamify Your Process
People tend to be more engaged when there is incentive baked into a policy. Gamification is the strategy of scoring a person based on their efforts. This strategy works wonders for productivity so it stands to reason that it would work for cybersecurity awareness and following any organizational policy that’s in place to keep your systems and data secure.
One of the most important variables to get your people to follow the rules, is to have them in place to begin with. In cybersecurity, confusion can be a huge albatross, so ensuring that everyone is playing with the same rulebook is a must. This includes building procedures to handle attacks such as phishing as well as password hygiene and many other security-based policies. The more consistent your procedures are, the more likely your staff is to understand and follow them.
Start from Day One
With all the threats that are out there at the moment, you will want to stress the importance of cybersecurity with current and new employees, alike. If you start hammering home the importance of compliance with security procedures from the day an employee starts at your business, the more likely they will continue to comply with them as they undertake their job; which for most of your staff, isn’t strictly cybersecurity.
Employee’s Security training is becoming commonplace at almost every organization, largely because the threats that it faces could have devastating consequences. You will want to invest in comprehensive training and re-training to ensure that your employees understand the importance of your cybersecurity initiatives, and that they are up-to-date on any and all changes to policy or strategy.
Cybersecurity is a team effort today and if your organization isn’t stressing the importance of it, it’s only a matter of time until it rears its head. If you would like to learn more about training your employees on the best practices of cybersecurity, creating a cybersecurity policy that works to keep your information systems secure, or if you would just like to talk to one of our IT professionals about cybersecurity best practices and procedures, give us a call today at 651-234-0895.
Hopefully, you’re aware of how important cybersecurity is today—if not, make sure you come back to our blog often for more information on that. The Internet, for all its benefits, can easily be the source of serious threats. With today’s youth growing more connected, these threats can easily target them… making it all the more important to start teaching cybersecurity awareness and best practices early.
Let’s examine the platform that Google has provided through its Be Internet Awesome initiative.
What Does “Be Internet Awesome” Mean?
Be Internet Awesome is designed to help educate kids about safe Internet browsing practices so they are, to quote the website, “prepared to make smart decisions.” The idea is that, by teaching digital citizenship—a term that describes the use of technology in a responsible and effective way to empower oneself—today’s children will be ready to securely work, play, and live in what is sure to be an even more online world.
Frankly, this is a smart idea when you consider the struggles we all have with security nowadays. One of the biggest challenges that any cybersecurity initiative faces is that it feels like an added step (or in other words, an inconvenience) when it is actually an essential one. By framing what is really a person’s introduction to the Internet in terms of security, you change the paradigm by making security the default route to take.
Google has made an effort to do so by creating the Be Internet Awesome curriculum, in partnership with iKeepSafe, ConnectSafely, and the Family Online Safety Institute.
How Does “Be Internet Awesome” Work?
Be Internet Awesome provides what they call “The Internet Code of Awesome” that breaks down a few best practices in terms of Internet security… or, as the program puts it, “the fundamentals.” These fundamentals are as follows:
- Share with Care, which teaches children to think through what kind of things they are posting in terms of privacy and principle.
- Don’t Fall for Fake, which educates kids how to spot scam attempts and phishing lures.
- Secure Your Secrets, which goes over the password best practices that we’ve often preached.
- It’s Cool to Be Kind, which encourages a more positive Internet experience through the application of “treat others as you want to be treated.”
- When in Doubt, Talk It Out, which establishes that the adults in their life are there to help them work through things they may stumble across despite these practices.
These five tenets establish the behaviors that can lead to a safer Internet experience for life, and are consistently reinforced through the different tools and resources that Be Internet Awesome provides.
Kids—or, to be fair, people of all ages, really—react well to gamified content. Therefore, it makes sense that Google would choose to reinforce these lessons through gameplay. Interland is a quiz-style adventure that lets users progress through animated landscapes by correctly answering multiple choice questions, occasionally upping the ante with timed countdowns. Along the way, the user learns important vocabulary for any modern user and has important habits reinforced. Each “island,” once completed, provides a successful user with a PDF certificate available for download.
The entire experience requires no login, by the way, meaning that no progress is saved outside of the downloaded PDF. We argue that this is a good thing, as it makes each “island” infinitely repeatable until a lesson sticks—and still leaves it available as a refresher course.
Be Internet Awesome also includes a downloadable curriculum for educators to follow, filled with activities and other resources to help reinforce the aforementioned fundamentals. According to the curriculum, it was created for use with kids in anywhere from second to sixth grade, but it also encourages educators to adjust the lessons to match any grade level. While definitely written for an educator by profession, even these can potentially be useful for the parent or guardian doing their best to instill positive online behaviors and habits.
Hopefully, we’ll see more efforts like Be Internet Awesome come about, as Internet security really is an important life skill. We encourage you to check it out and share it with your team and friends. It may be meant for kids, but some of the lessons in there certainly apply to business cybersecurity as well. The more people who are aware of the potential risks of the Internet, the better. Visit the website today at beinginternetawesome.withgoogle.com to see what it has to offer.
If you’d like some added assistance with your business’ cybersecurity right now, we can help with that as well. Give us a call at 651-234-0895 to learn more about the security services we can provide.
Workforces have been increasingly distributed and many businesses aim to continue that strategy for the foreseeable future. There are a fair share of challenges that distributed employees have themselves, but for the business, it can be tough getting them to do the things that need to be done to secure the business. Here are a few actions that need to be taken if you want to make that happen.
What Changes When People Work Remotely?
One of the things that workers don’t understand is what exactly changes when they work from home is that it effectively distributes the operational network over a wide array of networks, making it difficult for security teams to provide the comprehensive services that they typically do. This requires the employee him/herself to do most of the diligent work to ensure that their endpoints don’t become problematic for their business. This gets more difficult as the number of new endpoints and those who are new to working remotely increase.
For many businesses, the procedures that dictate a work-from-home policy have been hashed out at some point over the past two years, but it is important to not be complacent when onboarding new workers or dealing with current staff that all have increasing numbers of endpoints in their home.
Do you supply the devices that your employees are working on?
Have you migrated your production to Software-as-a-Service applications?
Do you use any other cloud-hosted environments to make it easier for remote employees to access information?
If not, do you have secure access for remote employees through a VPN or some other remote access service?
Staying up to date and present on these issues will help you do more to protect your network and infrastructure from any threats that could be brought in by unwitting employees.
The Threat of Personal Devices
For many organizations, the thought of purchasing endpoints for every employee now working from home is an impossible ask. Even if it is possible, is it a prudent way to spend capital? Some would argue yes since one of the biggest cybersecurity risks to your company is a personal device that isn’t secured against today’s various threats. This isn’t because your security platforms can’t secure your network, it is because the user may not have up-to-date antivirus software, or their applications aren’t updated properly, or they don’t use password practices that help ward against outside infiltration.
Since the threat of a data breach increases substantially when there are open vulnerabilities, it is prudent to expand your security protocols to ensure that all company-owned information is being saved to company-owned storage solutions; whether that be an onsite server or company-owned cloud platforms. The less company data is found on employees personal devices, the better the chances of protecting it.
It was so when everyone was working side-by-side, but employees depend on collaboration apps even more today to get projects out the door and keep lines of communication open. Unfortunately, these tools were never designed with security in mind—they are designed with cooperative productivity in mind—so it opens up new problems for people working in these apps if their data isn’t secure in transit; and when it arrives on your employees’ computers.
One solid tip is to ensure that the people that are collaborating on a project or service are the only ones inside a specific group. Since anyone can initiate conversations, it is important that only the people that need to be in on the conversation, data flow, and administration of any project be in the chat. Otherwise, exposing potentially sensitive information to insecure parties is possible. This happens more than you think, especially in enterprise and medium-sized business settings where people are added and removed to mailing lists and collaboration lists all the time.
Finally, you will need to train your people. In the collaboration age, where doing more with less is a business model, you need to ensure that you invest resources in getting the people that work for you the information they need to keep your business’ IT and data secure. They don’t necessarily need to be experts in computer maintenance to do this either. Just teach them the basics—how to spot phishing and other potentially harmful messages and report them to the IT administrator; how to put together a secure password; why your business has the password and security policies it does; what resources are managed by your IT team; and what they need to do to ensure that they aren’t a weak link in your business’ cybersecurity efforts.
A lot of people like the experience of working from home, and for the business (with today’s technology) it can be of great benefit, but in order for it to be a good experience, strategies have to be altered to ensure that you aren’t constantly battling your team and scammers alike. If you would like some advice about how to navigate a remote team, the technology needed to ensure you’re ready and any other IT or workflow related questions, give Point North Networks, Inc., a call today at 651-234-0895.
Data Privacy Week happens this month and it’s the perfect time to assess your company’s overall network security. There are many ways to do this and Point North Networks can cover almost all of them. Here are 3 of the best ways you can start ensuring your data is as protected as it can be.
Get an IT & Cybersecurity assessment
A free IT & cybersecurity assessment from Point North Networks is a great place to start. During your full audit, we will provide you with detailed information on servers, workstations, and networking devices. We will also identify risks from misconfigurations, network vulnerabilities, and user threats. It also includes an internal and external vulnerability scan, a ransomware protection review, and a comprehensive SWOT analysis and roadmap. How much more thorough could that be?
Train your employees
Knowledge is power when it comes to cybersecurity threats. Another way to keep your data safe is to empower your employees to know how to do that. Point North Networks provides employee cybersecurity training that is engaging and relatable, not demeaning. We first assess your organization’s risk using the Employee Vulnerability Assessment and then we help you fight cybercriminals from the inside out with this training.
Get your network on a secure private cloud
Point North Networks provides PCI, NIST, & HIPAA compliant IT solutions to keep your business running safely without missing a beat. Secure cloud hosting infrastructure provides higher security and privacy. It ensures your data is always monitored and accessible and our service provides full-data backup, too.
Contact Point North Networks today to get set up with a free IT & Cybersecurity Assessment during Data Privacy Week.
Never underestimate the power of a hacker. A cyber attack can single-handedly destroy a small business and there are a lot of avenues for a hacker to obtain the information you might not want anyone else to have. Here are three things to know about hackers to help you prepare yourself against major security threats.
Hackers know more than you do
As much as you may think you know about network protection, we can guarantee there is someone who knows more than you. At Point North Networks, we use our expertise to educate businesses and their employees about how to avoid major security threats. One can never know too much about cyber security.
There are types of hackers
A few categories of hackers exist: black hat hackers, white hat (ethical) hackers, and grey hat hackers. The black hat hackers are the types that business owners need to look out for. These hackers are criminals who do not practice ethics or ask permission for access to your channels. These are the hackers who seek vulnerabilities in order to exploit them.
Nearly every digital device can be hacked
Hacking doesn’t only apply to computers. Your work phones are vulnerable, too. Apple’s iOS is resistant, but not immune to hacking. Android users can be at risk if they download apps from third parties. Internet routers are vulnerable to hackers redirecting your internet tracking and stealing valuable information. Set up a strong admin and network password and try to disable Wi-Fi Protected Setup on your router, if possible.
The more knowledge everyone has about hackers, the less power they have. Contact Point North Networks to receive a free cyber security assessment for your business.
As technology advances, so will the cyber threats that can affect your business. With the rise of remote working and more businesses moving their operations online, your business faces increased risks of being targeted by cybercriminals trying to hack and destroy small and mid-sized businesses without dedicated IT security teams. Here are 3 reasons why it might be time to perform an IT & cybersecurity assessment if you haven’t in over a year.
One weak link is all it takes
One ill-advised employee can damage your company’s reputation. Your spam filter isn’t enough. 48% of hackers and incident respondents spend 1-5 hours per week keeping up with security news, trends, and technologies. Your employees need to be informed.
Point North Networks is Minnesota’s team of cyber security experts. We have a trusted and proven system for training your team to protect itself from cyber security threats.
Your business needs to meet compliance requirements
Many businesses are operating without knowing that parts of their IT plan may not be compliant with their industry.
Our Private Cloud Hosting services from our Minneapolis & Eagan facilities support a wide array of organizations, from healthcare, financial services companies, merchants, and SaaS providers, helping them all to ensure their infrastructure, websites, and applications meet the compliance requirements of FedRAMP, FISMA, SSAE18, HIPAA, and PCI-DSS.
No one wants to lose information
Are you backing things up and storing your information in a safe manner? Have a data recovery plan in place before a disaster happens, like vital information being lost.
Our data disaster recovery solutions cover all device makes and models as well as all operating systems and software. We have extensive experience in recovering data of all sizes and in various industries. We also provide a secure backup of your recovered files through our computer solutions and data recovery.
Point North Networks is running free IT & Cybersecurity Assessments. We will provide detailed information on servers, workstations, and networking devices to identify risks. Take advantage of this by simply scheduling some time to discuss it.
Contact Point North Networks today for your IT Assessment.
We don’t like it any more than you do, but if we have learned anything at all over the past several years, it’s that security absolutely needs to be a priority for all small businesses.
In the face of high-profile ransomware attacks that can snuff companies out of existence, what are you doing to keep your own business secure?
To put things in perspective, we’ve put together a list of some of the more common threats that all companies should be able to address.
Common Security Threats for Businesses
The following list of threats should give you an idea for how to start securing your business. You can never prepare too much for a potential security breach, so take the time now to get ready for what will inevitably come down the line.
Some viruses are little more than an irritation, whereas others are incredibly disruptive to operations. They are basically bits of code that can harm your computer or data. Viruses are known for being able to spread from system to system to corrupt data, destroy files, and other harmful behavior. You can get viruses through downloading files, installing free software or applications, clicking on infected advertisements, clicking on the wrong links, or opening email attachments. Fortunately, modern antivirus software has gotten really good at protecting computers, provided that your software is up-to-date. For businesses, it’s best to have a centralized antivirus on your network that controls and manages all of the antivirus clients on your workstations.
Malware is malicious software that performs a specific task. A virus can also be considered a type of malware, albeit more simplistic in nature. Malware comes in various forms according to its purpose, such as spyware for spying on infected machines and adware for displaying ads in extremely intrusive or inconvenient ways. The major takeaway here is that you don’t want to deal with malware in any capacity. It’s often installed on devices under the radar, and unless you are actively looking for it, it’s entirely possible that it can run in the background and cause all kinds of trouble without being detected. You can get malware through the same processes as viruses, and the same antivirus solutions can help you to resolve malware as well.
Phishing attacks are mediums to spread other types of threats rather than actually being threats in and of themselves. Hackers might try to send out spam messages with links or infected attachments aiming to get the user to download them or click on them. When they do, the device is infected. Some phishing attacks are so inconspicuous that they can be hard to identify.
There are other types of phishing attacks as well, some of which try to get the user to share sensitive information or send money to the cybercriminal. Cybercriminals can spoof legitimate-sounding email addresses and use psychological hacks to convince the user to act in a certain way. It’s the most common way that hackers see results, so you should be aware of it.
Ransomware is so dangerous and high-profile that it is deserving of its own section. Ransomware locks down files using encryption and forces the user to pay a ransom in order to unlock them, usually in the form of cryptocurrency. Recent ransomware attacks are also threatening to release encrypted data on the Internet if the ransom is not paid, something which basically forces the user to pay up and gets around the possibility of restoring a backup.
Denial of Service (DDoS)
Denial of Service and Distributed Denial of Service attacks occur when a botnet, or a network of infected computers, repeatedly launches traffic at a server or infrastructure to the point where it just cannot handle the load, effectively disrupting operations and forcing it to shut down. Sometimes this happens with websites or services, so it’s no surprise that businesses can suffer from them, as well.
Trojans (also called backdoors) install themselves on devices and work in the background to open up more opportunities for hackers later on. These can be used to steal data, infiltrate networks, or install other threats. Basically, if a hacker installs a backdoor on your network, they can access it whenever they want to; you are essentially at their mercy.
Zero-day vulnerabilities are those that were previously unknown to developers but are currently in use by cybercriminals. These zero-day vulnerabilities are problems because when the developer discovers them and issues a patch, cybercriminals can identify the vulnerability based on the patch, and then exploit users who haven’t installed the patch yet. There is not much to be done besides keeping your software up-to-date, monitoring your networks for issues, and trusting the developers to issue patches as they discover security problems.
User error is a critical issue for many businesses. Your business is made up of people who perform tasks and work toward objectives. If one of these employees makes a mistake, it could leave your business exposed to threats. Thankfully, a combination of best practices and security solutions should be enough to minimize user error, and with some security training under their belt, your employees should have a good idea of how to handle it.
Get Started with Security Solutions
Point North Networks, Inc., can equip your business with the tools you need to be successful when protecting your organization. To learn more, reach out to us at 651-234-0895.