Blog

April 24th, 2017

So much of cybersecurity depends on adequate awareness from users. Phishing for example, preys on people’s fears and desires to convince them to click on hyperlink images and text before checking where they actually lead to. However, with the latest trend in phishing, even the most cautious users can get swept up. Read on to educate yourself on how to avoid this dangerous scam.

What are homographs?

There are a lot of ways to disguise a hyperlink, but one strategy has survived for decades -- and it’s enjoying a spike in popularity. Referred to as “homographs” by cybersecurity professionals, this phishing strategy revolves around how browsers interpret URLs written in other languages.
Read more.
Topic Security
April 6th, 2017

2017April6Security_BAccusations of inappropriate government surveillance have been swirling after Wikileaks recently released thousands of pages supposedly detailing the CIA’s exploitation of compromised devices and applications. But in today’s climate, every headline needs to be taken with a grain of salt. Read on to find out what’s actually at stake and why you probably don’t need to worry.

What devices and apps are supposedly vulnerable?

Wikileaks labeled its ongoing release of 8,761 classified CIA documents “Year Zero.” Nestled among those files are tools and correspondence that explain how operatives could snoop on communications, downloads, and browsing history. Here is a list of the “affected” applications and hardware:
  • Windows operating systems
  • iOS
  • Android
  • Samsung Smart TVs
  • WhatsApp
  • Signal
  • Telegram
  • Confide
Those are some very big names, right? Thankfully, it’s mostly hyperbole. The reality of the situation isn’t nearly as bad as it sounds.

Two considerations before freaking out

First, almost all these exploits require physical access to devices before anything can be compromised. For example, news organizations repeatedly reported that WhatsApp, Signal, Telegram and Confide all had encryption protocols that had been subverted by the CIA. That is 100% false.
Read more.
Topic Security
March 22nd, 2017

2017March22Security_BWe’ve gotten so caught up discussing ransomware prevention with our clients that we’ve neglected to mention that several strains have already been defeated. In fact, there’s a decent chance you can actually decrypt all your data for free. Always make sure to check these lists before responding to a cyber attacker’s demands.

The state of ransomware in 2017

It’s been almost 30 years since malware was first created that could encrypt locally-stored data and demand money in exchange for its safe return. Known as ransomware, this type of malware has gone through multiple periods of popularity. 2006 and 2013 saw brief spikes in infections, but they’ve never been as bad as they are now.
Read more.
Topic Security
March 3rd, 2017

2017March3Security_BHow many times have you read a shocking headline, only to find the attached article incredibly underwhelming? Over the last several weeks headlines decrying the threat of “fileless malware” have been everywhere, but the truth is a little less scary. Let’s take a look at what’s really going on and who's actually at risk.

What is this new threat?

To oversimplify the matter, fileless malware is stored somewhere other than a hard drive. For example, with some incredibly talented programming, a piece of malware could be stored in your Random Access Memory (RAM).
Read more.
Topic Security
February 15th, 2017

2017February15_Security_BShopping around for a managed IT services provider is tough. You’re looking for a business to manage extremely complex and delicate technology, so they can’t be expected to get into the nitty gritty details of DNS-layer security, intrusion prevention systems, and encryption in their marketing content. But one thing does need clarification: What exactly are “proactive cyber-security” measures?

Understand the threats you’re facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Create a baseline of protection

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.
Read more.
Topic Security