Select Page
Dark Web Protection: Assessment, Awareness & Actualization

Dark Web Protection: Assessment, Awareness & Actualization

Deep Web

Business owners, especially those who have been through the challenges involved in a data breach, often hope the dark web goes completely dark — as in nonexistent. Wouldn’t it be nice if trending IT services, like advanced web scans and security audits, go out with the times? For now, the illegal realm of the dark web makes history every day, so companies must work nonstop to predict cyber threats and stay a step ahead of the hackers.

 

Dark Exposure

 

The dark web is an encrypted network of criminal intent. The deep web, conversely, provides a safe haven for your private information. By law, you need to keep most of your business data hidden from public view. You don’t want your financial information or your employees’ social security numbers exposed, and neither does the government. Whether you’re a manufacturing company in the heart of Denver, Colorado, or a distribution business with hubs across the country, you need hidden security — call it “dark web” protection — for massive amounts of corporate data. This means you’ll need to keep your real-time data and your backups in the deep web and out of the dark web.

 

The deep web is essential to privacy, compliance, safety and security. Like the illegal areas of the web, it’s built from non-indexed pages. Your company’s network is not revealed to random viewers because it’s kept hidden in the deep web — unless you suffer a data breach that exposes your information to malcontents.

 

 

To Breach Their Own

 

People feel vulnerable online and are somewhat aware that cyber danger is lurking. However, data breaches often originate in too much trust or in lack of communication surrounding network trust issues. Your users trust an email and get phished, or they trust “12345” as a solid password. Could the problem be that your users trust the company to protect them? Does your team assume that strong security solutions are already in place? Here are some of the common reasons, stemming from the trust factor, that your business could suffer cyber attacks:

  • spam email
  • weak passwords
  • unprotected mobile devices
  • delayed software updates

Mix these with user oblivion (or trust) and flimsy (or outdated) policies, and your company is at high risk for a cyber attack.

 

 

“A” for Security

 

Let’s now look at 3 “Easy A” ways you can create safe deep web data:

  • Assessment: A security audit is an excellent way to surface your network’s weak points. You can immediately see vulnerabilities and close openings that could bring in hacker traffic.
  • Awareness: Users often trust the system. Cybersecurity awareness training, such as a fire drill phishing attack, can educate users about current cyber risks and prepare them for real-time attacks.
  • Actualization: Enriching and enforcing security policies, updating hardware and software, advancing network protection measures — there are hundreds of ways to make advanced security a reality for your company.

 

When was the last time you had a security audit? Have you ever clicked on a suspicious link because of mental fatigue or, the opposite, heightened curiosity? When did you last test your backups? Install updates? Scan the dark web for your private data? Did you ever turn off multi-factor authentication because it was annoying? If you assess your system and close obvious gaps, train the users accessing your corporate network, and actualize things like security in the cloud and advanced endpoint security, you can leave the hacker chapter out of your company’s history books.

 

 

 

Are you ready to protect your business from the hackers?

Our team can help you with assessment, awareness and actualization.

 

Getting QWERTY with Password Management

Getting QWERTY with Password Management

Before the Time Runs Out!

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Riddle Me This, Dear Reader,

What Do These Little Threads Share?

qwerty

password

12345

iloveyou

111111

54321

I’ll tell you in a minute. A secret. A code. A…  12345. Uh… password.

 

I’m lucky to work with a team of password management rockstars because I’m about as QWERTY as it gets when it comes to password history. One of my network admins once scolded me for choosing “password” to access a vulnerable system, and I’ve depended on multi-factor authentication and other cybersecurity tricks ever since. If you’re shaking your head at me over my password management talents, then let’s take a quick look at the most common passwords of 2018: 123456, password, 123456789, 12345, 111111, 1234567, sunshine, qwerty, iloveyou.

 

 

Security

iloveyou2

 

Password proliferation has become the norm. With every new app, website and device that we commandeer, there’s new access information created. Moreover, many of these systems require a periodic reset. Keeping track of all of these passcodes can be likened to taking a mnemonic census of an anthill.

 

Archimedes once said that if only he had a solid rock on which to stand, he would move the earth.

 

If you assume that your passwords are a firm footing, prepare to have your assumptions rocked. It is believed that up to 80% of common hacking activities are due to compromised credentials, mostly in the form of stolen usernames and passwords. Worse still, IT Managers report 73% of all passwords used are duplicated in multiple applications.

 

When people use the same password for multiple systems, having one password exposed may compromise the whole network of applications. Luckily, password management doesn’t mean you have to buy a walk-in safe to store your password diaries. To keep it simple, here are a few tips to memorize as a starting point for improved password management:

  • Never use the same password twice
  • Never write down your passwords
  • Never share your passwords with anyone else
  • Never use real words or known information about yourself in your passwords
  • Avoid commonly used passwords

 

The last bullet is especially salient—50% of all attacks involve the top 25 most used passwords, proving there are risks involved in “getting qwerty” with your password management procedures.

 

 

Need a more sophisticated password management plan?

Shield

Let’s talk password management solutions and multi-factor authentication, two great ways to prevent getting hacked.

 

Password Manager: A password manager solution, such as SolarWinds’s PassPortal, allows you to store all of your passwords in one place. This makes managing and remembering all of them much easier. Make sure your password manager solution is itself password protected, preferably with multi-factor authentication.

 

Multi-factor authentication: Multi-factor authentication is the use of additional forms of authentication in conjunction with a traditional password. This most often takes the form of a shared key, sent to a separate device, or calculated through a common authentication application. This makes it difficult for a compromised password to compromise the application. Enable multi-factor authentication wherever possible, but make sure your secondary authentication source is equally secured with a strong password—failure to do so is like having a biplane write your shared key in the sky.

 

qwertyiloveyou2!

 

Random password generators can also help create passwords, but the results are often long random jumbles of characters and quite difficult to remember. Unless you can recite the longest word in the world from memory, you might want to use these password management tools in conjunction with a password management solution.

 

If you’re a business owner trusting dozens or hundreds or thousands of employees with sensitive information, then a managed IT solution that includes password management will definitely be the safest way to interact with the millions of letters, numbers and characters that are involved in the multitude of passwords that access the data of your systems.

 

 

Looking for help keeping your business safe from cybercrime?

Sign up for IT news sent right to your inbox, no qwerty-strings attached.  

IT Services in a 1 + 1: 4 Signs You Need Managed IT

IT Services in a 1 + 1: 4 Signs You Need Managed IT

The word “outsourced” makes some business owners curious and others nervous when it comes to IT services. “MSP” is another term floating around, and you might also come across “IT-in-a-Box” when you go looking for help with your systems. Managed IT (our favorite code phrase) can mean a lot of things. If you’re a manufacturing or distribution company, then IT services might mean, among other things, industry-specific Cloud or Hosting platforms.

IT Services

When Nobody Sees the IT Stop Signs

 

When it comes to your ERP and IT systems, you need effective stop signs that work both internally and externally. Your cybersecurity infrastructure can keep your team safe and productive while also keeping the bad guys out. Cybercrime is a 1 + 1 relationship. If you didn’t have a team to be hacked, then you wouldn’t ever need to worry about adding a hacker to your network. 

  • Stop Sign 1: Your company’s IT services need to ensure that your employees are traveling through safe pathways and that they know when to stop before falling into the webs of ransomware or other destructive malware.
  • Stop Sign 2: Your team’s mobile devices, laptops and desktops all make friends on a daily basis. This is essential for business growth. Because of this, IT services ideally provide a clear STOP sign for potential trespassers—a bold indication that cyber tricksters will not be tolerated, even on the fringes, and will not be unknowingly welcomed in by your team.  

A Wanted Man or a Wanted Spam?

 

But how do you know if your system has a “Most Wanted” sign that’s attracting criminals rather than telling them you already know they’re the lawbreakers? When it comes to business, you’re continually building relationships, and hopefully these become lifelong friendships. You trust your most valuable data to your IT talent. When it comes to managed IT services, business owners and other decision-makers might squint at the cyber lineup and not know whom or when to choose.  Here are 4 signs your staff would benefit from a partnership with a managed IT and cybersecurity firm:

  • High-value IT projects, best done internally, are distracting your key players or forcing them to work long hours.
  • IT operations are unpredictable or unreliable, causing project or system failures, yet you don’t want to grow or change your employee pool.
  • IT costs are variable or steep, and you’d like a more predictable budget.
  • Security and compliance issues are overwhelming your team.

 

Every second of the day you rely on experts to protect you. The meteorologists warn you of bad weather. The firefighters alert you when it’s a fire risk to roast a s’more. The doctors warn you of heart attack predisposition. In regard to IT, the challenges you face include ransomware that could destroy the business you’ve worked so hard to build. This holds true whether you’re a DoD manufacturer, a medical clinic, an accounting firm, a lollipop distributor, a small-town bank… the list goes on. Because the hackers are always available to friend you, you’re always risking adding them to your inner circle, making your 1 + 1 relationship one of IT enemies, rather than friends. A 1 (your team) + 1 (EstesGroup Managed IT services team) relationship will keep your IT math simple, your budget profitable, and your company safe.

 

Mobile Device Theft Prevention Tips

Mobile Device Theft Prevention Tips

Estes

With more people working outside of the office, companies need to prepare their employees for the possibility that company and personal mobile devices could be lost to theft or misplacement. This post discusses ways companies and employees can prepare and prevent the loss or theft of devices before it happens.

mobile theft
Security

Step 1: Make sure your device is locked and so are the apps!

 

In this day and age, most laptops and other portable devices can be locked (both physically and by using a passcode).  Yet, anyone hanging out at a coffee shop will notice many people going to the restroom, paying for food or going outside to take a call with their devices left unattended and unlocked.  Don’t be that person and become the victim of theft or loss.  The likelihood of theft in such public and transient locations tends to be high, and relying on the video camera of the theft doesn’t guarantee the return of the device.  Take your devices in a bag with you if you leave the location any reason and also when you don’t have a direct line of sight on you and your company’s belongings.

 

When walking in crowded locations make sure to close all of your bag openings (lock them if you can) and be aware of how easily a device could be taken without your knowledge.  Visible and unsecured devices are targets of thieves and could fall out of whatever you are holding them inside. Having a cell phone with critical information in the back pocket of your jeans is an invitation for accidents or worse to happen.

Step 2: Know where your devices are located.

 

Most phones have the capability to track where you might have left it or where someone has taken it. These features are great but you can also step it up a notch with 3rd-party tools made for this purpose. A simple search will yield a number of location security applications built for business consumers.

 

In addition to 3rd-party applications that can help you find devices, if you want to add another layer of security there are a few physical GPS devices available. These small devices are not prohibitively expensive and can be slipped into a phone/tablet case, a briefcase or a backpack for an extra layer to identify where a device is located.

world

Step 3: Consider having the device engraved or having return information placed on the device

 

Another tip that is overlooked but important is to have devices engraved so you can add return (and reward) information in the event that a device is misplaced. If engraving is not possible, a sticker with your contact details is also another useful option. Not everyone is out to steal your device, sometimes we simply misplace it so leaving contact details in the event of a loss will facilitate the return of a device.

Step 4: Encrypt or remove sensitive information

 

Luckily there are plenty of options to encrypt information on your devices. Not only do many operating systems provide you with encryption options, but there are also many 3rd-party applications to help you.  VeraCrypt is a free/open-source disk encryption software that’s worth considering if you are looking for free options.

 

Beyond encrypting sensitive data, developing a mindset of being rigorous about the removal of sensitive data (that includes photos of sensitive information) will help you avoid unwanted access to your devices that might hold sensitive information.

Shield

 

While loss prevention isn’t always avoidable, these tips will help to reduce the probability of loss or theft and ensure we are doing everything to prevent our devices and the sensitive data from being accessed by unwanted individuals.

 

Let the EstesGroup help keep your company’s data secure.

Hidden Ransomware as a VM Valentine (Video)

Hidden Ransomware as a VM Valentine (Video)

Apparently ransomware is now installing a virtual machine inside the hacked computer in order to avoid detection.  We’ve entered a new phase of devious behavior!  How will your company avoid the new forms of ransomware hidden in your system’s shadows?

Hidden Ransomware

Hackers Exploit Your Pixie Dust Trust

Please make sure your users are safe!  I think the only way to avoid all this malefic malware is to adopt a Zero Trust attitude, bringing in an IT expert with a Zero Trust philosophy if necessary.  Think of it this way — do you let a technician into your home to work on the AC unit, just because they have the right shirt on?  Did you call them?  Are they “safe”?  Do they take their shoes off and keep their N95 masks on?  Some of us will allow them in, some will not.  At this time, I have immune-compromised folks at home, and that technician isn’t coming in.  I’ll live with a busted AC unit for now — it’s not worth the risk.

 

Is your PC worth the risk to allow untrusted software in and run whatever, wherever it wants, with whatever bugs it brings with it?  I think not.  When it comes to the technology that enables your business, it can be easy to trust your users because you see them as good people, as your helpful team.  But the magical thinking of an IT fairy tale will not protect your team from hidden ransomware dangers, especially those that appear deceptively dressed in a VM.  You can trust your team without trusting their machines or their software.

 

Made in the Shade

Are your systems safe from ransomware hidden in the shadow of a VM?  Companies enabling remote connectivity for their teams may have put their data at significant risk by taking shortcuts to ensure business continuity.  Rushed IT policy often creates vulnerabilities that hackers can easily exploit.  Malware can get into your network by posing as something friendly to your system.  Hidden ransomware, now lurking as an amicable virtual machine, creates troublesome tenements for remote teams.

 

Ghosting the Hackers

Hidden malware is only one challenge you have when connecting your teams to company data.  Fortunately, remote access and remote control utilities, when done properly, are tools that allow companies to connect home users to corporate data securely and efficiently.  You can keep your team safe from malicious valentines, even when they appear in the form of a friendly VM.  With protective IT policies in place, including a Zero Trust approach to the machines that make your business run, you can ghost the bad guys trying to unlock your data and prevent their hidden ransomware from accessing your system.

 

 

 

To learn more about remote access and remote control utilities, please watch one of our IT strategy videos here:

 

 

IT Strategies for Remote Teams (Video)

IT Strategies for Remote Teams (Video)

Brad Feakes Director Professional Services
Brad Feakes

SVP Epicor Services, Professional Services

Daryl Sirota – Director, Technical Services
Daryl Sirota

Technical Services Director

 

Brad and Daryl talk about IT strategies for remote teams

 

Brad and Daryl sit down this week for a Q&A style chat to unravel a few of the complex IT issues in today’s work from home (WFH) environment.  At a high level, Daryl emphasizes how we should not make the mistake of trying to plug pieces of cloud software together expecting them to work properly.  That is almost impossible to do effectively without the appropriate policy to guide the technology.  You will need to understand how you will provide guidance to your end users faced with a variety of remote work environments (working for a cafe, home office, etc) and the new tools you will use to manage staff.

 

They move on to talking about some of the end-user WFH problems from asking the question “what does work from home mean?”  to discussing what technology can be used to help get users up and running while also creating business efficiencies.

 

Throughout the discussion, Daryl covers a variety of other topics such as data security, public vs. home wifi, two-factor authentication, remote access vs. remote control utilities, data access, machine vulnerabilities and many other topics.

 

Brad and Daryl do an excellent job of taking some big, complex issues around WFH and explain the issues that every business owner needs to be aware of as they navigate moving their staff into the cloud and potentially hiring a company like EstesGroup to help them with their remote IT management.

 

Of course, you can always reach out to our managed IT services team.  We’ll help you throughout the entire process of moving your company into the cloud and help you avoid the costly mistakes that can put your entire business at risk.

 

Are you having issues with or have questions about your current IT management? Contact us today.