Spear Phishing 

One of the most effective types of attacks is called spear fishing. “Spear phishing is email targeted at a specific individual or department within an organization that appears to be from a trusted source. It’s actually cybercriminals attempting to steal confidential information,” – KnowBe4. 

Read More

*Special Alert* – Problems with a Google Chrome Automatic Update

It has been brought to our attention that last night Google pushed an update to a significant amount of Chrome users. This update prevents you from browsing websites with the error: “Aw, Snap! Something went wrong while displaying this webpage.” This issue is being reported by many people across the globe, but Google has yet to address the issue.

Have no fear! Our team of technicians has a workaround to get you up and running.

Please give us a call 512-832-6209 if you need help immediately; we’re here to help!

If you’re already up and running in Firefox or Internet Explorer but need Chrome fixed with a lower priority, you can also submit a ticket by emailing [email protected].

By now you should have trained your employees on what an attack might look like. Now what? Training an employee is half the battle. Not only do they need to know what NOT to do, they need to know what TO DO when a challenge presents itself.  Next, employees need to be aware of internal changes that could directly impact them or their environment, and what to do in case your company does fall victim to an attack. One might call this a Security Plan… 

Read More

We’ve been talking a lot about how end of life can negatively impact commonly used servers and desktops, but did you know this can affect your email software as well? In addition to Server 2008 and Windows 7, Exchange 2010 will be ending their support in January of 2020, which means any updates and patches will cease for your email as well.

Read More

*Special Alert* – Extortion Email Scam

A worrying new type of phishing email is going around using stolen data from high-profile websites. These emails include a password that has been used with the user’s email address in the past in an attempt to scare that person into sending the scammer money (typically Bitcoin). Since the emails include personalized information, they appear credible in ways typical phishing emails do not. Typically, the scammer is claiming that they have recorded “compromising activity” and blackmailing the user for their silence.

Within the last year, Facebook, MyHeritage, Ticketfly, Under Armour, and several other high-profile services have been compromised.

Read More

Websites and social media sites have been under attack this week. Here’s the short list:
 – NBC.com: the site was hacked on 2/21 and the Citadel Trojan, which is used by cyber criminals for “banking fraud and cyber-espionage”, was introduced. If you visited NBC.com yesterday morning you may have picked up a virus. Please scan your PC for this virus. If you are unsure how to do this then please give us a call.
 – Jeep’s twitter account was hacked on 2/19 and bogus information was posted. This hack was so severe that Chrysler had to shut down the account.
 – Burger King’s twitter account was hacked on 2/18 and bogus information was posted.

At this time preliminary reports indicate that in all of the above cases the hackers were able to break in by accessing compromised email accounts hosted on 3rd party mail servers out of their control. If you rely on a 3rd party for maintenance of any social media accounts or critical systems then you need to make sure that they employ security at least as strong as your own if not stronger. This vendor could potentially be the weakest link in your company security. You have the right to ask this 3rd party for their internal security policies. If they don’t have any policies or if the policies are not adequate then it may be time to look for another provider.

Which vendors should I be concerned about?

  • Vendors that have access to any system owned or used by you or your company.
  • Vendors that take your data or equipment offsite. 

Don’t be shy about who this vendor is or what they mean to your business. In 2011 in Houston, TX the laptops of two credit union examiners were stolen from the trunk of their car. These laptops contained detailed spreadsheets with account information for the credit unions that had just recently  been examined. The hard drives of these laptops were unencrypted. This was a clear violation of the policies of the credit unions being examined and these credit unions had to treat this data loss just like any other breach.

If you have any questions or concerns about your security or your vendors security then please give us a call. We can help you prioritize your data, identify your risks, and formulate the questions you need to ask of your critical vendors.We can be reached at 512-832-6209.

According to Rep. Mike Rogers, Chairman of the House Intelligence Committee, 95% of private sector networks are insecure. 95%!!!! That is a crazy number. Experts estimate that $400 billion in information is stolen every year from US Businesses. Just last week The Wall Street Journal, The New York Times, The Washington Post, and former President George W. Bush were hacked. Last August 55,000 Computers at the Saudi state oil company, Saudi Aramco, were hacked, erased, and overwritten so that their data could no longer be accessed! 
What does insecure mean? Insecure means that your network and the data contained on it can be easily accessed without your knowledge by unauthorized people.
Who are these people? They are everyone from Russian and Chinese hacker teams, disgruntled individuals, or just random people with enough knowledge and time on their hands.
What’s your liability? If you’re a business, at a minimum, you have your employee social security numbers on file probably in QuickBooks or some other accounting application. You may also have trade secrets, plans, or account information. This is what the hackers want. Please check out this weeks “Face The Nation” at http://www.cbsnews.com/video/watch/?id=50140745n. The cyber security discussion starts at 26:00 minutes. This video is a must watch!!!!!
This is such a huge issue that the Federal Government is tying to figure out coordinate and mandate Cyber Security. They are talking about mandating the reporting of any hack to a central organization and mandatory security measures. The problem is that its the Federal Government so don’t expect action any time soon.
What should I do? There are a few things you can do to make yourself more secure. These things are not complex but they will require some time from you or a member of your staff.
1. Practice a strong password policy.
– Enforce password changes. We recommend changing your password at least every 45 days.
– Make your password complex. Make your passwords at least seven characters long. Mandate usage of at least three of the following categories in your passwords: upper case letters, lower case letters, numbers, and non-alphanumeric characters.
– Setup a password lockout policy – Hackers love it when they can try to crack a password by entering different combinations over and over until they get it right. Lock the account if there have been too many incorrect attempts. We recommend locking the account after five attempts.
2. Regularly update every device on the network.
– Hackers #1 method for breaking into your network is by exploiting the devices on your network that are not updated. They do this by running robots on the internet that are aware of all published and unpublished exploits for all network devices. If they hit a device that answers to the exploit they are in. The only way to close this hole is to know every device that is plugged into your network and make sure it is updated with the most current patch available.
3. Change out your network firewall and wireless access point.
– I know, these devices are probably still working and they are five years old. The problem is that the manufacturers of your firewall and access point eventually stop updating them. If you haven’t seen a patch for your wireless access point or firewall in the last year then its time to replace them.
4. Police your network login accounts.
– Disable or delete the accounts that are not in use. 
– Make sure that NO ONE has admin rights that does not need it.
5. Keep your security software up to date.
– Install security software on any device that has proprietary info and keep it up to date.
6. Create a network security policy and live by it. 
– Please check out our post on how to setup a good network security policy for some tips on how to do this
7. Test your security regularly and fix anything that isn’t working right.
– Scan your network for vulnerabilities regularly.
– Do penetration testing against your firewall. 
– Fix everything that turns up in your tests.
This may sound like a big task but it really isn’t. If you don’t know where to start then give us a call at 512-832-6209 and we can help. 

When you saw our post regarding security holes in HP printers (HP Laser Printer Hack Raises Concern)  you were probably as concerned as we were. In most networks, printers are treated and trusted devices with little port security.
Well, HP has patched their software. We recommend patching your printers as soon as possible. Please click this link to find out if your printer needs an update. If you are a contract customer we will be calling you to schedule an update. Give us a call if you have any questions or concerns.