Many companies have experienced phishing scams in which a hacker (claiming to be a contractor) requests a change in bank accounts. They end up stealing funds and even make phony calls demonstrating knowledge about the project. Coupled with fake emails and bank account records, they are able to convince those managing the project to redirect all future payments to this false bank account. In the first half of 2019 alone, a Datto survey found that 56% of MSPs reported ransomware attacks against their clients. 15% of MSPs reported multiple ransomware attacks in a single day. Now that's a lot of attacks... And as a tech company, we have been seeing a huge growth in ransomware efforts in Northwest Ohio. In fact, the Ohio Facilities Construction Commission (The OFCC is responsible for guiding capital projects for the state.) has reported that numerous school districts, contractors, business owners and more are often contacted by these hackers who try to learn information about the project, effectively creating a more believable scam. "Some of these suspicious attempts to obtain the list of project contacts was portrayed as a small research project that would favorably highlight the benefits from the completed project." - OFCC
Chances are that you have heard about the factors of making a strong password, like how the longer it is the better and how the use of upper-case and lower-case letters, numbers, and symbols protects you against brute force attacks. But what if I told you there was a way to make an account protected by “drowssap” or “qwerty” exponentially safer than an account protected by more complex passwords like “Th15_1$_@_P@55w0rd”? Multi-factor authentication (MFA) to the rescue! Also known as two-factor or two-step authentication, this is one of the more secure (and quite easy to implement) methods of securing your accounts. MFA can be considered a few different things. The most common form is an algorithm that generates random temporary passwords that must be entered in addition to your standard password. It could also be push notifications from third party apps that manage these MFA communications like Duo Security. This is nice because out devices all have the capability to be only unlocked through certain means like facial recognition, voice recognition, fingerprint scanners, pin numbers, or even retinal scans. What that means for you is even if your first password is compromised you have a second method of identity verification protecting your account. We here at Lighthouse IT Solutions care about your cyber security; our series of posts and webinars espousing its benefits probably convey that just fine.
Many of our clients using Buckeye and Telesystem services received a notice this morning regarding a set of zero-day vulnerabilities known as "Urgent/11" for devices running the VxWorks realtime operating system or VxWorks IPnet TCP/IP stack.
To help our clients understand the impact of this vulnerability, we are sharing the known impact of these vulnerabilities with respect to solutions provided by Lighthouse IT Solutions.
The extent of Urgent/11 is quite massive in size, due to its lightweight, high-performance nature and can be found commonly in medical devices, IP phones, firewalls, industrial controllers, elevators, and more. With this in mind, it may be necessary to contact other technology vendors to ensure that Urgent/11 does not affect a device outside of our partnerships.
We hope that you didn't forget about National Cybersecurity Awareness Month! We wanted to discuss some elements of cybersecurity that you may not be familiar with. Cybersecurity is a lot more than just dealing with viruses and not clicking on spam emails. The true definition is "the state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this." This means that anything you do to help protect against getting your data stolen can be considered cybersecurity. So let's go through some of the methods often overlooked and skipped.
Firstly, it is important to make sure that all devices on your network have adequate protection, especially the ones you don’t normally think about. And if your computer is mobile, it is a good idea to make sure that device is encrypted and has a strong password on it. Encrypting devices that will be leaving work often, like company laptops, will help ensure company data isn't access when something is lost or stolen. Keep everything that is connected to the internet and your network in mind.Learn more about this in our "How secure is your network?" post.