---

Phishing attacks have been around for a long time in IT. Designed to steal your credentials or trick you into installing malicious software, they have persisted in the IT world precisely because they have been so devastatingly simple and effective. Today, a more modern and more effective version of the same attack is commonly used.

A typical phishing attack involves an attacker sending out a malicious email to hundreds of thousands, if not millions of users. The attacker’s email is designed to look like it comes from a bank, financial service, or even the tax office. Often aiming to trick you into logging in to a fake online service, a phishing attack captures the login details you enter so an attacker may use them to enter the genuine service later.

By sending out tens of thousands of emails at a time, attackers can guarantee that even if only one half of one percent of people fall for it, there is a lot of profit to be made by draining accounts. Spear phishing is a more modern, more sophisticated, and far more dangerous form of the attack. It’s typically targeted at businesses and their staff.

A Convincing, Dangerous Attack

While a traditional phishing attack throws out a broad net in the hope of capturing as many credentials as possible, spear phishing is targeted and precise. The attack is aimed towards convincing a single business, department, or individual that a fraudulent email or website is genuine.

The attacker focuses on building a relationship and establishing trust with the target. By building trust and convincing the target that they are who they are pretending to be, the user is more likely to open attachments, follow links, or provide sensitive details.

Consider how many times you have followed a link or opened an attachment just because it has come from a contact you have trusted before.

A Trusted E-mail

The malicious email can appear to come from a vendor you deal with regularly. It may even look like an invoice you are expecting to receive. Often attackers can simply substitute the vendors’ banking details for their own, hoping the target will not notice the difference.

Such an attack is very difficult to detect. It takes a keen eye, strong working knowledge, and constant awareness to keep your company protected. Even a single small mistake by an unaware member of staff can compromise your business accounts.

Defending Your Business

The key to stopping a spear phishing attack is education. Learning attack techniques, and how to protect against them is the single biggest thing you can do to enhance business security.

Whenever you deal with a vendor in a business transaction, you should always consider important questions before proceeding. Are you expecting this email? Is the vendor attempting to rush you into a quick decision or transaction? Have you checked all the details are correct and as you expected? Sometimes a simple query to the vendor can protect you against worst-case scenarios.

In many cases, a phishing attack can be halted in its tracks with a strong IT security package. Web filtering prevents malicious emails and links from entering the network, shutting attacks down before any damage can be done.

Good Security Practice

As with many types of IT threat, good security practices help mitigate damage. Locking down security to ensure employees only access the systems they need helps to prevent damage spreading across the network.

Enforcing unique and strong passwords prevents leaked credentials from affecting systems related to the one that has been compromised. Getting employees set up with a password manager and good security policies can do the world of good to boost your security to the level it needs to be.

Give us a call at 312-600-8357 to audit your security practices. It could be the difference that secures your firm against sophisticated spear phishing attacks.

---

We often tend to be creatures of habit, particularly when it comes to technology. Passwords are a prime example. Many of us use the same logins for multiple websites and applications because we don’t have a photographic memory. A large percentage of users aren’t aware that this is one of the most significant security dangers they can face online. It has a simple fix too.

Regularly, in the news today, there are stories about major companies being hacked, their customer data stolen, and their customers left stranded. Hackers commonly use data stolen from one site to access others where login credentials have been reused between accounts. In some cases, access to bank accounts has been gained simply by using a compromised email account.

Businesses and individuals can face significant losses simply because a third party outside their control has been hacked or compromised.

The Danger Of Old Passwords

MySpace is a key example of why old and possibly forgotten services pose a security danger when passwords haven’t been regularly changed. Once a thriving popular network, the use of MySpace services declined drastically from 2007 onwards. While many people moved to new social networks, old accounts typically remained abandoned on their servers. Hundreds of millions of accounts remained on MySpace servers many years past the firm’s peak.

In 2016, MySpace suffered a data leak which exposed usernames, emails, and passwords of 360 million user accounts. Shortly after the hack, these details were published online for anyone to see. Many were used to access email accounts, servers, and accounts that shared the same details.

Shared Responsibility

Even if you have never had a MySpace or social media account personally, how many of your employees or coworkers have one or more? Many have had more social media, forum, or game accounts than they care to remember. Have their passwords been updated since 2016?

Your business network protects your systems, work, and intellectual property. For many firms, it’s the single most critical component, the backbone to business operations. Keeping it secure regardless of the number of people, staff or clients using it is a crucial task.

Consider how many people currently have access and how many of those may reuse their password on another website or service. Just reusing your password once can expose you to the hacking of a third party entirely out of your control.

Password Management

Good security practice is to use a unique and strong password for every login you use. A strong password should include, where possible, capital letters, lowercase letters, numbers, and character symbols. Many consider this impractical or even impossible, but it is entirely achievable for every firm.

It is clearly impossible to manually remember a strong password for each one of the dozens of logins needed today. Few would even attempt to. A password manager makes storing, retrieving, and using unique passwords easy.

When using a password manager, an individual is required to remember only one single strong password to access a database which contains a different login password for each service. This database can be synced between multiple devices, saved and backed up to the cloud, and even used to create strong passwords for you.

Strong Protection

Password managers can be used to implement security policies that demand zero password reuse, between services or over time, and set strict limits over the duration a password can last. With the right policies in place, both your business and your employees are protected against attacks from hackers that have compromised third-party sites.

The maximum recommended lifetime of a password for any service is a single year. Make the start of the calendar year the time which you refresh your passwords and start new.

To help keep on top of your security and make sure your firm is safe well into the new year, give us a call at 312-600-8357.

---

Losing a mobile phone or laptop is an experience that everyone dreads. The expense and inconvenience of buying a new device are unpleasant, but only represents a fraction of the damage done when a device is misplaced. The cost of data contained within every device can add up to many times more than the total value of the device itself.

Chances are, you already use automatic login on a large variety of online services. Each of these services is vulnerable to an attacker having possession of your device.

Usernames and passwords – An obvious place for an attacker to start is the likely long list of usernames and passwords saved for future use by your browser. This is often done to save time when logging into sites that you visit often. Almost universally, people opt to save login information so that they don’t have to attempt to remember it every time they return.

In only a short amount of time, a browser is trained to log in to your Facebook, cloud storage, and bank details just by visiting the page using your regular device. These details, called up by the browser, are saved in a single list accessible to anyone with access to the device. For an unscrupulous stranger with a found device, this list represents a goldmine of information. Simply by finding a phone misplaced in public, they may gain access to a huge array of services.

The problem can be made many times worse where a single password or a combination of similar passwords have been used across several accounts. In some instances, an attacker need only gain access to a single one and reuse the same stolen credentials across many sites and services.

Email – Email accounts are a key target for attackers looking for access to your personal information. It is a service that many take for granted, logging in once the first time they set up the device and using automatic login every time after. It is a service that also unlocks a great deal more than just private messages. Of course, an attacker having free access to read your personal emails is bad news, but with email access, a malicious user can gain access to many of the most commonly used web services online.

Using the “forgotten password” button on many sites triggers a response that emails a password reset link to the email address registered on file. An attacker may use this feature to reset account passwords to one of their choosing. Doing this both grants themselves access to your account and denies you access to rescue it.

Contacts – One of the best features of instant messaging is that your contacts know the messages come from you. When a message is sent from your device to someone you know it displays along with your name, details, and likely a photograph too. This can lead to identity theft, one of the biggest concerns of a lost or stolen device.

With contact information already programmed in an attacker has an opportunity to impersonate you when speaking to anyone in your contacts list. Using your identity, an attacker may attempt to steal yet more details about you and your contacts.

Social Media – Your social media accounts are often the face of your brand. They can be a primary way to reach out and contact customers. They are almost always the first point of contact a client has with your business. They are also extremely vulnerable to being hijacked from a stolen device.

Fraudulent social media access can allow attackers to harvest both client and business data. Even without profiting directly, posting privileges can be used to cause irreversible damage to a business.

Protecting your business – Services, accounts, and entire businesses can be put in great danger by something as simple as misplacing an unsecured mobile phone or laptop computer.

We can help you to stay secure and remain in control even in the face of losing a device. Give us a call at 312-600-8357 and let us help secure your business.

---

Christmas time is back with us again. The latest devices and gadgets are hitting store shelves just in time to keep up with the rush. Magazines, television, and the web are brimming with advertisements and reviews of the latest tech your money can buy.

Before you rush out to buy the gadgets you’ve been waiting all year for, consider a few important questions before parting with your hard-earned cash.

Does This Technology Do What I need?

First, you must ask what problem you are trying to solve with a new piece of tech. The most important thing to consider is how adopting your new device will improve on what you had before.

In some cases, a sleek new gadget or device for fun is good too.

When you’ve answered this question, you should consider whether there is another tech or competing devices out there that can perform even better.

Should I Become an Early Adopter?

Early adopters are people that anticipate the release of new tech, wait in line on release day, and pride themselves on having the latest gadgets to hit the shelves. If you recognize yourself in this description you are likely to snap up the latest devices the day they are released. This eager anticipation, however, is not always the way to get the best deals or the best gadgets.

Companies often rely on new product hype to give sales an early boost. Waiting for the marketing and hype to subside, even a little, can save you a lot of money.

After initial sales fall, companies often mark down their prices to keep their devices attractive and sales high. When newer, faster, sleeker devices hit the market, companies cut prices to maintain strong sales figures. For the budget smart consumer this is an opportunity for a bargain. A device good enough to buy on launch day is well worth waiting for.

Have I checked The Reviews?

We are fortunate enough to have access to seemingly unlimited amounts of information at our fingertips. Often weeks before a product is released, reviews are available across the web.

One of the best things you can do when considering a new device, particularly a high-cost purchase, is to watch and read a wide variety of product reviews. It pays to be cautious of reviews that are particularly glowing, or too downbeat. Keep an eye out for the middle of the road reviews that fairly weigh the pros and cons of each device.

Have I Found the Best Deal?

There are many ways to keep an eye out to make sure you get the best deal on your device. If you can, monitor prices over time to see how they rise and fall to find the best time to purchase.

When purchasing online, many sites include a box to add a coupon code when you are ready to buy. It sometimes pays to jump over to Google and search the website name and ‘coupon’ or ‘voucher’ to find out if there are any good deals on.

A quick search can save you as much as 10, 15, or 20 percent on some purchases. Sometimes companies send out offers to appeal to groups they want to market to. A companies Facebook page may get different offers or vouchers than its Twitter followers or newsletter for example.

It can pay to search around for offers and vouchers to get money off before you checkout. Five minutes work can save huge amounts of cash.

Purchase in Confidence

If you have asked yourself these questions, done all your research, and found the answers you’re looking for then you may well be ready to buy.

You can do so with the confidence that you’ve done all your homework and you’re getting the best deal and gadget for your money.

---

Companies that suffer security breaches nearly always have one of these IT security problems. Is your company guilty of any of them?

No Backups

A shocking number of businesses are not backing up their data properly. According to market research company Clutch, 60 percent of businesses who suffer a data loss shut down within six months.

Not only should every business be fully backing up their data, but their backups should be regularly tested to work too. It’s a step that businesses miss surprisingly often. Many businesses don’t find out that their backup can’t be used until it’s already too late.

Reactive and not proactive

The world is constantly changing. The IT world doubly so. Attackers are always figuring out new ways to break into businesses, hardware evolves faster than most can keep up, and old systems fail due to wear and tear far quicker than we would like. A huge number of businesses wait until these issues impact them directly before they respond. The result is higher costs, longer downtime, and harder hitting impacts.

By responding to hardware warnings before it fails, fixing security holes before they’re exploited, and upgrading systems before they are out of date: IT can be done the right way. Being proactive about your IT needs means systems don’t have to break or compromised before they are fixed. The result for your business is less downtime, fewer losses, and lower IT costs.

Weak Passwords

A surprising number of people will use the password “password” to secure some of their most important accounts. Even more still will write their own password on a post-it note next to their computer. In some cases, many will even use no password at all. Strong passwords act, not only as a barrier to prevent unwanted entry but as a vital accountability tool too. When system changes are made it’s often essential that the account that made changes is secured to the right person.

With an insecure password or worse; none at all, tracking the individual responsible for reports or accountability becomes impossible. This can result in both auditing disasters on top of technical ones.

Insufficient Staff Training

Humans in the system are commonly the weakest point in IT security. Great IT security can be a bit like having state-of-the-art locks on a door propped open with a milk crate. If staff aren’t trained to use the lock, it’s worth nothing at all.

Often times businesses can justify spending big on security for the latest and greatest IT defenses. The very same firms may exceed their budget and spend almost zero on training staff to use them. In this instance, a little goes a long way. Security training can help staff to identify a threat where it takes place, avoiding and mitigating damage, often completely.

Weak Data Controls

Some companies can take an ad-hoc, fast and loose approach to store professional data. Often crucial parts can be spread across many devices, copied needlessly, and sometimes even left unsecured. Client data can be found regularly on employee laptops, mobile phones, and tablet devices. These are famously prone to be misplaced or stolen out in the field along with vital client and security data.

It can be easy for both employees and firms to focus on the costs of devices and hardware purchased for the business. The reality is that the data held on devices is almost always worth many times more than the device that holds it. For many firms, their approach to data hasn’t been changed since the firm was first founded. Critical data is often held on single machines that haven’t been updated precisely because they hold critical data. Such machines are clearly vulnerable, outdated, and prone to failure.

Common problems with simple solutions

Each of these common issues has simple solutions to secure against IT failure. With a professional eye and expertise in the field, every business should be defended against IT issues that risk the firm.

If you need help securing your IT to protect your business, give us a call at 312-600-8357.

---

Being hacked is the single biggest fear of most computer users. Many believe the first sign of strange behavior or errors on their PC is a sign a hacker has taken control. But are hackers really inside your machine, stealing your information? Or should we be on the lookout for more subtle signs? What does being hacked really look like?

There is an important distinction to make between being hacked by a person and being infected with a virus or malware. Virus software and malware are automated processes designed to damage your system, steal your data, or both. There are of course ways that we can defeat these processes, but what if we are instead hacked by an individual?

Logins not working

One of the first steps a hacker might take would be to change the computers passwords. By doing so, not only do they ensure future access to the account, they prevent you from accessing the system to stop them. For the hacker, this is a crucial step that keeps them in control. With this in mind, we always want to make sure to keep on top of our own login details and how often we change them.

Security Emails or SMS’s from online services

Many services track which device and location you logged into your account from last. If your account is accessed from a new device or a different country it might trigger an automated email or SMS to ask if this new login is your own.

If you have logged in using a new computer, tablet, or phone; an email that asks “hey, is this you?” need not be cause for alarm. If you haven’t, it may be time to investigate further. This service is an important part of information security. It may be a key first step to identify someone else gaining access to your account.

Bank accounts missing money or strange transactions

Most commonly today, hackers commit crimes to steal money. The end goal for hackers is typically to profit from their crimes by taking money from people online.

It always pays to keep a regular eye on your financial transactions to make sure you know what money is coming and going from your account.

You may see a large sum missing where hackers have attempted to take as much as they can in a single transaction.

Alternatively small, hard to notice transactions may appear. These often account for small purchases where attackers have tested the details they have to make sure they work.

Sudden loss of cellular connectivity

Network interruption is a symptom that few people expect but occurs commonly when hackers attack. Many banks and online services use a security feature known as Two-factor authentication. To do this they send a shortcode to your phone or app when you log in. Two-factor authentication is ideal in most cases and a great boost to security.

Hackers can try to work around this by calling your mobile service provider to report your phone as lost or stolen. During this call, they will request your phone number be transferred to a new sim card that they control. When your bank sends its regular two-factor authentication code to the number registered, it goes instead to the hacker who may be able to log in. From your perspective phone service will simply stop working.

Keeping vigilant and maintaining security

These are only some of the modern techniques that hackers can try to use to gain access to your accounts. It pays to be extra vigilant and pay close attention to the signs and signals that indicate you may have been hacked.

If you suspect that you might have been hacked, or would like help to prevent hackers in the future, give us a call at 312-600-8357 and we’ll improve your security.

---

In today’s business world, having great Wi-Fi isn’t a luxury -it’s a necessity. Businesses, with their varying needs, have personal requirements for what constitutes great Wi-Fi. For some small businesses, consumer-grade Wi-Fi may be sufficient, but many find that business-grade Wi-Fi is more appropriate. As companies grow, there becomes a tipping point where business-grade is necessary. So how do you know if your business is ready for business-grade Wi-Fi? Ask yourself the following questions to find out.

How many devices use your Wi-Fi?

It used to be that only desktop computers connected to your Wi-Fi, but that is no longer the case. With the rise of portable devices such as smartphones, tablets, and laptops, each person may be using your Wi-Fi from several devices. Consumer-grade hardware is designed for just a few people (like the amount that live in a single household) but can’t manage larger amounts of users and all of their devices. This is especially true for sustained usage. Remember that your employees aren’t the only people who expect to be able to connect to your Wi-Fi. One of the first things visitors typically do is look for a Wi-Fi network to connect their smartphones too.

What is the size and shape of your workspace?

The number of access points you will need for your Wi-Fi is dependent on the amount of physical space that needs to be covered, the shape of the area, wall material, and the number of users/devices. In smaller spaces, consumer-grade Wi-Fi is good enough. Larger, oddly shaped spaces benefit from business-grade. If your building’s walls are made of brick, cinder blocks, or cement, you likely need more access points than buildings made of other materials. Make sure you have a strong connection from all locations. It’s annoying to only be connected to Wi-Fi in certain areas of a building and find yourself in a dead zone a few steps later.

Access points for business-grade Wi-Fi tend to be more powerful and flexible. For example, some business Wi-Fi systems can transfer Wi-Fi devices from a crowded access point to one that is less busy. By doing this, everybody’s fast speed remains. If you foresee your range needing to increase, such as renting out more space, it’s easier to add more access points to business-grade Wi-Fi than consumer-grade. Businesses that anticipate scaling up soon are better off with business-grade Wi-Fi.

Do you want guests to have the same quality Wi-Fi as workers?

In households, where consumer-grade Wi-Fi is prevalent, all users share the Wi-Fi equally. In a home environment, if children are slowing down the internet with Netflix or video games, it’s not a big problem. However, a choked business Wi-Fi can cause a lot of problems. Business-grade Wi-Fi allows your network management. You can assign a designated amount of bandwidth to different users so they’re unable to clog the entire connection. You can allow visitors internet access without giving them unlimited access to the network.

How much does the internet affect your employees’ productivity?

For some companies, workers only use Wi-Fi for a few quick tasks. With these types of businesses, if the internet is slow, it won’t have a big impact on how much work your employees get done. Consumer-grade Wi-Fi might be a good choice. For other companies, there aren’t many people can accomplish if the Wi-Fi isn’t working well. The slower your employees work, the less money you make. Wi-Fi troubles can also lead to frustrated, unhappy workers. If the fast internet is essential for people to complete their daily tasks, business-grade Wi-Fi is important.

Strong Wi-Fi is a necessity for all businesses. This is especially true for larger businesses that connect a lot of devices (from both employees and visitors) and have a big work area. Also for those where employee productivity depends on a strong connection. The goal is to keep your business-critical technology running smoothly. Consider carefully whether consumer-grade Wi-Fi or business-grade Wi-Fi is the best choice for your business. When you ask yourself the questions above, the answer should become clear.

Is your business’s Wi-Fi struggling? Give us a call at (312) 600-8357 to discuss a solution.

---

Getting new computers for your business is exciting, but what happens to the old ones? Depending on the age, some people sell them, others throw them out. That’s the easy part. The problem is the sensitive data on them. There are passwords, account numbers, license keys, customer details, medical information, tax returns, browser history…. the works! Each computer, whether laptop, tablet or desktop, contains a treasure trove of sensitive information that cybercriminals would love to get their hands on.

Unfortunately, hitting delete on your files doesn’t actually make them disappear, nor does waving a strong magnet over the drive. These mistakes have cost businesses millions of dollars over the years.

Most businesses are unaware that specialized data cleanup is necessary, others think calling someone to collect the computers will cover all the bases. A 2016 experiment proved just how dangerous the situation can be when they bought 200 used hard drives and found 67% held unwiped, unencrypted sensitive data, including sales projection spreadsheets, CRM records, and product inventories. Frighteningly, they didn’t need any special hacking skills to get this data, it was all right there and helpfully labeled. It’s also not surprising that with simple data recovery tools, people have also been able to access British NHS medical records and missile data, all waiting patiently on a discarded hard drive.

Why hitting delete doesn’t help

Data on a hard drive works like a book with an index page. Every time data is written, it pops a quick entry into the index so when you need it again, it knows where to look. The index is used for files you create as well as system files you can’t even see. Sensible, right? Except if you delete a file it’s more like changing the index to say nothing is on page 10 and you can write something else there when you’re ready. But if you manually flip to page 10, you’ll find the information is still there – the file still exists until it’s been written over – it’s the index reference that got deleted.

Wiping data before disposal

There are software tools you can get to do it yourself, as well as dedicated security firms, but your best option is to choose an IT business you know and trust. With that in mind, a methodical approach is required to ensure not a single drive is left untreated. You don’t want to leave data behind, or even clues that a motivated person could extrapolate any private information from. The approach might include using checklists to maintain security, or dedicated processes to guide each step in decommissioning. Careful records should also be kept, including who signs off on completion of the retirement, and where the computers are sent afterward. A proper inventory and auditing process may slow the rollout of the new computers slightly, but it’s always better than having your old data come back to haunt you.

We can migrate any needed data, back up the information to your server or external drive, then wipe or destroy the hard drives for you. We can assess the age of your old computers and either dispose of them for you or point you in the right direction of computer recyclers. Plus, the quicker you dispose of your old computers, the easier the process will be. Recyclers will be able to spend less of your equipment to landfill, and you’ll be less likely to forget how valuable the drive contents are.

Upgrading your business computers should be a happy time for you and your employees, so with a little forward planning, you’ll be able to keep everyone smiling and all your data secure.

Need help with your old hardware? Call us today at 312-600-8357