Tag

phishing Archives - thinkCSC

malicious attacks

Malicious Attacks Are on the Rise

By | threat detection | No Comments

There has been a measurable uptick in malicious cyber activity globally, and what’s most concerning is that more than half of organizations are reporting that they either have no plans to thwart an attack, have never tested their plans or do not feel their plans are capable of protecting them, or have not updated their plans in over a year. And malicious cyberattacks are coming from every direction.

Software Updates

It’s not just the big threats of Windows 7 end-of-support that put your IT infrastructure at risk – it’s patching in general. If your IT department is understaffed or nonexistent, patching is one of the things that often gets postponed. But it’s important to realize that those patches function much like locks on the back doors of your network.

Apps – Both IOS and Google

Both Google and Apple have a high success rate with app security, but they are not flawless. Recently, Google disabled seven apps that were found to have undetected malware embedded in them. If your employees use their personal devices to access your network, be sure you have strict policies in place for securing those devices. And check your own phone, too: delete unused apps, set apps to update automatically, and secure your phone with threat detection and biometric (fingerprint or face recognition) access.

Emotet and Other Banking Trojans

Emotet is a botnet – a malware that, once embedded in your system, can be used to take control of your computer system and use it for malicious attacks, or to email spam, or to capture financial data. All it takes is an employee clicking a link for this type of malware to infect your entire network.

Phishing and Social Engineering

Phishing remains one of the most prevalent threats to your organization’s security, and social engineering is just making it more successful. Hackers spend time learning about the employees in your organization, using social media and other public information, so that when they do send an email that asks for password information or payments, it seems legitimate. Training your employees is a good beginning – they need to have a heightened awareness – but you also need to assume that somewhere along the way, regardless of your efforts, someone is going to click on a link, download a file, or attempt to process a payment. You need to have layers of security and protocol in place to protect you and your business.

Malicious Attacks Will Get More Sophisticated

As we enter the next decade, the struggle to protect your data will only get more intense. Outsourcing your IT to reliable experts adds power to your proactive data protection strategy, helping you thwart malicious attacks in their tracks..

Choosing the right managed services provider in the Columbus area takes more than just a quick Google search. You should invest your IT budget in a long-term partnership that improves your operational efficiency and provides the security, monitoring, and training required in today’s high-risk environment. Their objectives should align with your organizational and operational goals, and they should assume some of the risk and responsibility for your business continuity.

thinkCSC Can Help You Protect Your Data

thinkCSC has more than 20 years of experience helping clients exceed their goals. We understand that business and technology are so intertwined that you can’t be strategic about one without taking the other into consideration. We offer more than the typical MSP, and we bundle the IT services you need to achieve objectives; increase efficiency, productivity, and agility; cut down on IT costs; and ensure you have a competitive edge.  Whether you want to outsource most or all of your infrastructure management, or you simply want to optimize the systems already in place, thinkCSC provides personalized IT expertise that saves money and provides the manpower that ensures your infrastructure is always an asset – never a liability. Get in touch to learn more.

Your Credentials Are a Hot Commodity on the Dark Web

By | Data Security | One Comment

John Larger, manager of thinkCSC’s NOC, shares his insight on the Dark Web and why your business credentials can be a hacker’s dream if you’re not vigilant.

Usernames and passwords are the go-to security solution for so many networks, services, and social media sites, but they are the weakest link in your security efforts, particularly when taking into consideration the risk of human error. Usernames and passwords are often the only layer of security that stands between your employees and your business network. While best practices demand that we should use different passwords for every service (do you?), the reality is that most of us repeatedly reuse passwords. That is a huge problem. The password that may have just been stolen from your employee during the Capital One breach, for example, may be the same one used to connect to your network, your financial system, or their work email.

Password Reuse Is a Huge Risk

In fact, passwords being shared among different services is one of the most common issues we come across. When one service is compromised, every subsequent use of that credential is at risk. We commonly see malicious actors inject themselves into the middle of an email conversation regarding an invoice or other financial transaction and intercept data (e.g. provide the other party with different bank routing info). We’ve seen these cyber criminals create rules to forward, delete, or hide messages so that their activity is undetected. Sometimes it might be used only for gathering information for other nefarious purposes. It all starts with a password that someone used in more than one place and found its way into the hands of the criminal element on the Dark Web.

Learn more about how even the information you store with your favorite pizza place can be used against you and your organization. Read the full article on the Columbus Chamber blog.

At thinkCSC, we offer Dark Web monitoring to identify exposed credentials and alert our customers before hackers can do harm. thinkCSC’s Dark Web monitoring services are provided through a strategic partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, thinkCSC can now offer 24/7 monitoring of millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards, and illegal black-market sites, to alert you of stolen or compromised data. To learn more, please get in touch with us.

Cybercriminals are Going Phishing for Your Data

By | Data Security

Email may not be a popular communication form for millennials and younger generations, but it is still one of the most-often-used technologies in business. Collaborating, sending information and files, and working remotely are made possible with email. Email, however, is also what makes it possible to trick your employees into wiring $300,000 to a hacker in East Asia, revealing the credit card numbers of every customer who has ever shopped with you, or delivering the social security numbers of every employee in your organization. And just when you think you’ve outsmarted cybercriminals and have a handle on phishing issues, a single employee clicks on a link and invites ransomware to invade your network.

No business is immune – businesses of all sizes and in every industry have reported phishing attacks. Avoiding these attacks requires more than just telling employees to be careful; it requires ongoing training and regular reminders, combined with layered security designed to detect and thwart attacks.

Improve email security

Prevent as many phishing emails as possible from even landing in employees’ inboxes, by implementing a hosted email service. In addition, develop a sender policy framework that makes it less likely for spoofed email to work. Better email security is an essential first step in thwarting phishing attacks.

Implement layered security

Carefully layered detection and security protocols can make it much more difficult for cybercriminals to hack your database. Consider how and where your data is stored and accessed; running files from desktops, USB sticks, or external drives can leave you without a safety net. Enterprise file sync software, such as SyncedTool provides a secure way to access data from anywhere. Backups of your data should also be stored offsite and protected with a comprehensive backup and recovery (BDR) solution. In the event of an attack, a managed services provider can perform a mass revision restore to the point in time before the attack.

Train and retrain (and train them again)

The only way to prevent phishing attacks from succeeding is for every employee to be vigilant at all times. Establish policies that require wire transfer requests to be verified by phone and approved by at least two people. Have a no-tolerance policy for clicking on unverified links or opening unknown files. Provide ongoing training to your employees and reminders about phishing techniques.

Download the thinkCSC email security guide.

Email security must be a top concern for every business. Take the necessary steps to protect your organization. Minimizing your risk is easier when you align your business with a trusted managed IT service provider that partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet your needs. For more information, contact us today.