The Dangers of Direct RDP Access!

Direct RDP Access Used To Be So Common That Now It’s Become More Dangerous.

Did you grow up leaving your doors unlocked and your cars unlocked?
I bet you didn’t have to worry about intruders coming in.
Come to think of it, I don’t think I see it anymore.
Direct RDP access is just leaving your door unlocked for an intruder to come in!

Let’s go over why direct RDP access is dangerous.

What Is Direct RPD Access

The Remote Desktop Protocol (also known as RDP) is used to allow remote access to a computer.  Once you log into a computer, you are able to access everything the way you were able to working on the desktop. RDP is very easy to use and widely implemented. Remote Desktop even comes built-in to most versions of Microsoft Windows.  When it is used within a private network, it’s a very strong business tool. Unfortunately, it’s not secure enough to safely expose to the Internet.

What Can Happen With Direct RDP Access

Hackers are able to get into the information easier than you think.  They can target a specific business and they can act as an employee to gain access to administrative accounts.  Once they gain access, it gives them leverage to steal data, destroy data, install malware or ransomware, or even just staying under the radar and using the resources to host their own services or use as an intermediary to commit other crimes.
Most common is seeing employees getting locked out of their systems/accounts as a hacker forces access with their password.  Then the damage is done and a data breach has occurred.

What You Can Do To Prevent This

As we used above, the easiest way to avoid this is to simply close the door!  Closing down the ports to RDP and reduce the attack. There are so many different tools and protocols that can be used to provide businesses with the safety they need with secured access.

A few examples are as followed:
Setup VPN (Virtual Private Network) that must be connected first before using RDP.
Using a multifactor authentication mechanism can be implemented to augment traditional password authentication.

Another way to prevent a data breach from occurring is to contact your IT company for them to setup everything for you and your company that will keep your business safe.

Close the door and lock it so hackers can’t get in! Avoid intruders!

For more information or you want to get your company on the right track to safety, contact PCS!

How Often Should You Change Your Passwords?!

KEEP YOUR PASSWORDS UPDATED AND SECURED!

When you create a password, you often find something that not only you can remember, but you are also add different characters to make them safe.  From one special character, to at least 6 characters with one capital letter and a number, it can sometimes drive you NUTS on what your password could be.
But, in technology world, there is a reason why this needs to be done.

IT HELPS KEEP YOUR INFORMATION SAFE!

Here are some tips on password changes and how to keep everything safe.

How Often Should You Change Your Password?

Password changes should be about every 60-90 days, if not more.  Be sure you’re also using your multi-factor authentication and a password manager to increase your password security. This is alleviate having a security breach with having the same password lingering around your system for a while.  Always make sure your passwords are STRONG.

You Should Never Have The Same Password Twice!

Having the same password twice could end up being an issue when it comes to security.  If somehow they get into one thing, they will use the same information to get into everything! Make sure you are keeping consistent with having different passwords and having a password manager to keep all your passwords secured and organized. The golden rule is to never have the same password twice or use any personal information in your passwords.
Don’t use names, pets, birthdays, anniversaries, addresses, SS numbers, children’s names, etc. for your passwords.  Passwords should always be a random combination of letters, numbers, and symbols or unrelated phrases.

Change The Weak Passwords

Passwords should always be strong.  Leaving weak passwords will only allow hackers to potentially get into your information.  It’ll cause issues in the end if you leave them on the weaker side.

Always Use A Password Manager

We have discussed why password managers were important, but we want to refresh your minds on why it is.  A password manager is program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database or calculating them on demand.
DON’T STORE YOUR PASSWORDS ON A GOOGLE DOC OR WORD DOC!!!  That will only give your information away even faster if someone were to hack into your system.

Don’t Forget To Use Multi-Factor Authentication

Multi-factor Authentication is your best friend. We’ve discussed how important it is, but it goes well with a password manager so no one can get into your information.  Multi-factor authentication is an electronic authentication method that a device user is granted access to a website or application only AFTER successfully presenting two or more pieces of evidence.  It usually involves a code or token needed to access any important information.

Make Time To Change Passwords

This part is going to take you a little bit of time.  Make sure you set aside enough time to go through all your passwords and update your password manager with the new ones.  A few times a year is ideal to be able to change all your passwords effectively and make sure your information is stored correctly.  You don’t want to rush it and end up having to redo all that work.

Having all these tools will allow you to feel more secured about your password and information safety.
Once you have a schedule set to update them, it’ll feel like second nature.

Need help setting up your passwords or have questions? Contact us here at PCS and we can help make sure you’re secured!

Image VS File-Based Backups … The Great Debate!

Image-based backups VS file based back-ups are tricky. 

Knowing when you should use which is even harder.
Knowing what is best for you comes down to what kind of information you are looking to save and back-up.
Let’s go over the difference and what would be best for you and your company.
The main question is … What are you looking to recover?

Difference Between Image VS File-Based Backup’s

Image-based backups preserve a copy of a machine’s operating system. That includes system state and application configurations, as well as the data associated with that machine.  It’s basically an image of your entire operating system including files, executive programs, and OS configurations.  It works best if it is necessary to bac k up a VMware or Hyper-V virtual machine. This is very simple to configure type of backup where you just select an entire drive, partition, or an entire machine, which typically backs up the entire selection you have selected.

File-based backups will back up each file on your PC.  It will save the files, but not the applications that created them. If you did not setup your file backup to save “all” the documents on your machine, then you won’t be able to restore them. It is reasonable when it is necessary to copy separate files so that they can be recovered to any other system. File backups basically come down to you selecting some files and folders that you want to back up and then where you want those file level backups to go.


File-based backups are usually more flexible way to doing backups, scheduling, and are normally smaller backups.

Image-based backups are usually better in disaster scenarios when an entire system restore is required.

What Type of Backup is Recommended?

Now that we have established the difference between the two, the major question stands … Which one is recommended? Both is adequate when having back-ups.

A good backup setup would usually include:
1. An image backup once a month.
2. A full file level backup once a week.
3. A differential file level backup every day other than the full backup day.

This type of schedule will most often help give you an easy and quick way to get files and folders back.  Having extra backup to be able to recover any and all files will be a huge impact to your business information.

 

Need help backing up your computer? Don’t know where to start? Contact PCS and we can help!

Cyber Training … Why Is It Important?

Cyber security is one of the most important things in today’s technology world. 

From data breaches to just taking someone’s banking information, hackers are now being more creative with their tactics. But, there are plenty of ways to always stay alert so you can keep on top of any security threat.

Cyber Security Training

You hear this term a lot and it’s something that has been harped about … But why is it so important?

The workplace has evolved throughout the years and technology has been a big party of that transformation. Adding in the risk of having someone come into your personal information and even company data means workplaces need to have more security.  Firewalls and anti-virus protections are simply not enough for hackers.  Hackers have been more creative with their tactics and scams that now everyone needs to be more alert!

Having the ability to know what is a threat and what is just your daily routine is important.
|Cyber security training can help you recognize different types of threats using simulators and common hacker moves.

If you can’t recognize emails, links, or even phone calls, you can be potentially putting a company at risk for a data breach.
You always want to be alert with any email that is coming to you!

 

Having the ability to be one step above a hacker is challenging. One way is by having simulations will help you see the different kinds of attacks and how you can prevent your company from having a data breach and/or information deleted/stolen.

In 2020, there was an estimated amount of 1001 cases.
That’s 1001 cases that could of probably been avoided if companies has cyber security training.

Data breaches are getting worse and users are not aware of the risks!

Employees are often the primary targets for hackers looking to get into critical business systems.
Rather than trying to breach a secure network or system through external means, it’s much easier for hackers to pretend to be authorized members of a company while they inflict their damage from the inside and do so undetected.

Sadly, many employees don’t even realize how important cybersecurity training really is for the organization they work for.
Even worse, according to a survey of over 4,500 employees, 22% of employees don’t feel like they should be obligated to keep their employer’s information safe.

Employees handle the information on an everyday basis, so a hacker will come to them first before anyone else. Internal attacks are easier.

Don’t wait to get cyber security training. You could not only protect the company, but you can even protect your own information!

For more information about Cyber Security training, contact PCS today!

Keep Your Passwords Safe and Your Information Safer!

How can you save your passwords and still keep your information safe?!

Password safety is something that is only mentioned when you want a strong password that is more than 8 characters, has at least one number, and has a special character in it.  Nothing that will be too obviously like “password1!”  that you use repetitively. Your information deserves to be protected without worrying about having to just write your passwords down on a post-it.
One thing that is challenging is that you want to store your many of passwords without the fear of hackers. 
But no one just wants to have software they know nothing about.

Here at PCS, we’re here to help you ease your mind without having a difficult route along the way.

So … What can help with this issue?

A password manager is program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database or calculating them on demand. 
Having this will allow users to change passwords often for safety without forgetting them every time.

Password information should be stored safely with a password manager.  Users don’t want to have to worry about a NEW issue of whether or not the password manager is safe.

We’ve got you covered!

 

Keepass Password Safe is a free and open-source password manager primarily for Windows.
It officially supports macOS and Linux operating systems as well through Mono.

KeePass is a free open source password manager, which helps to manage your passwords in a secure way.
You can store all your passwords in one database, which is locked with a master key.
You only have to remember one single master key to unlock the whole database.


Database files are encrypted using the best and most secure encryption algorithms currently known (AES-256, ChaCha20 and Twofish)
Keepass supports two-factor authentication, and has a Secure Desktop mode.
Password managers are safe, but having Keepass with ensure your information will always stay secure.

 

For more information about password manager or Keepass, call PCS today!

 

 

Keep Your Information Safe From Hackers!

We always try to make it harder for hackers to get into our information. Hackers don’t want to work too hard to get information.
There’s a few different things that can help keep your data safe and protected, but one easy way to do it is  …

Multi-Factor Authentication

Multi-factor authentication is an electronic authentication method that a device user is granted access to a website or application only AFTER successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is).

Having multi-factor authentication makes stealing your information harder for the average criminal. If your information is hard to get into, it becomes less enticing to the average hacker and makes them move on to the next person.

Multi-factor authentication adds a second or third (or more) factor to the login process for company resources (apps, services, servers, etc.).  You can use multi-factor for banking accounts, emails, any sort of company program that has valuable information, and even email!

Having a hacker try to get into your information should be a challenge for them! Not having your information backed up by different security could lead to deleted information or even a data breach that could potentially lead to danger within your company or even for yourself! I know … It’s hard to think that you can’t just get into an app or even a site without having to use a code to get into it, but once you do it for a while it feels like second nature! You’ll be thanking yourself for it and happy you went with it.
Hackers are only getting more advanced with their strategies to get into your personal and company information.  Finding different strategies and approaches will help you continue to keep your data safe.  With multi-factor authentication, you are able to use security codes, questions, tokens, and other ways to make sure you are the only person able to get into the system and having access to the information.

There are a few different products out there that can help you get started, but talking to your IT company will help you see what is best for you and your company!

Always remember … The more a hacker needs to try, the less enticing your information is!!!

If you need more information or you are looking to start multi-factor authentication for your company, contact PCS today!

Don’t Know How To Protect Your Company’s Data?

Data is one of the most important assets that your company has and needs your attention.

Having cloud connections can ensure the security of primary or additional backups in a cloud repository may be not enough to ensure data security for you.

The backed-up data may become unavailable because of a malicious attack or unintentional action on your end. Meaning that a user could hack into your companies data and do severe damage to your company’s reputation!

The data can also be accidentally deleted from a cloud repository or because of a mistake done during the configuration of backup jobs and settings. There are many ways to lose data in such a quick amount of time. But, there are ways to ensure more safety for your company’s data!

iland has come up with the Secure Cloud Backup Insider Protection! iland Insider Protection protects you from both straightforward deletion of all backups from the Veeam console, as well more sophisticated attacks.  Everyone has concerns with their backup files and they could be deleted accidentally or a hacker could get in and delete it.  With Insider protection, you can sit comfortably and be confident that there is a copy of your backups available. iland Insider Protection enables you to recover a full backup deleted by mistake, but more importantly it also protects you from malicious attacks from outside threats.


With iland Insider Protection, backup files deleted accidentally or maliciously are retained in an air-gapped directory. This file system is only accessible to technicians.

iland Insider Protection protects you from both straightforward
deletion of all backups from the Veeam console, as well more
sophisticated attacks

iland Insider Protection is just what you need to keep your data protected and your company safe.  iland also has great support 24/7 with reliable sources and will be able to recover your information quickly.

For more information or you’re interested on continuing to keep your business safe, contact PCS today!

Enhance Your Cyber Security!

Technology is a huge part of today’s society!

Smaller business are not flying under the radar anymore.

Smaller businesses are actually targeted MORE because they are usually less protected than larger companies, making it an easier way to scam.  Hackers now are finding new and innovated ways to bypass these systems and invade SMB networks.

With having all your information with just a click of a mouse, it can be difficult to keep all your important information hidden. Hackers THRIVE on that.

Everyone talks about different antiviruses and cyber safety, but everyone needs that extra protection to make sure their information is not being compromised throughout the process!

We are here to show you a strong and effective way to save your data and help protect your company against hackers.

Huntress is the company that is one step ahead of the hackers!  Traditional IT security tools like antivirus and firewalls are more focused on prevention.  If a hacker breaks down that front door (antivirus/firewall), they don’t have to worry about any other security issues and can get any information needed. Antivirus tools are no longer enough for these horrible attacks and it’s time to take charge of your information.  Huntress is the key!

To protect clients, Huntress offers a Managed Detection and Response (MDR) solution as part of their security service. It is an additional protective layer that specifically looks at hidden threats and silent indicators of compromise that other tools miss.

This is how MDR Works:

With Antivirus and Managed Detection and Response, you will have all your ground covered and your company will continue to stay safe.

 

Hackers have upgraded their systems. It’s time to upgrade yours!

 

Contact PCS for more information about Huntress!

Spear Phishing VS Phishing … How To Prevent From Being Attacked

We all have heard of the term “Spear Phishing” and just assume that it is the same thing as just phishing.  It is in the similar category, but it is in fact a different form of phishing that exceeds the broad range of cyber attacks.

Let’s take this image and use it as a metaphor to help better understand the terms.

When you are fishing and you aren’t targeting on one particular fish, you are open to a broad range of different fish and aren’t specific on what you catch.  You use your basic line and hook to see what you catch in the heat of the moment.

When you are out spear fishing, you want a particular fish and the spear targets the exact fish you are looking for and can reel it in.  You do research on your specific fish you are looking for and get all the right equipment together.  when you see it and the time is right, you go right for it and attack.

THIS IS THE DIFFERENCE BETWEEN SPEAR PHISHING AND PHISHING!

Phishing is using a broad-stroke approach that involves sending bulk emails to massive lists of unsuspecting contacts.  Phishing doesn’t aim for a specific target, but hopes that a target will just go in and fall for the bait they lie within the email.

Spear Phishing is targeted and personalized to a specific individual, group, or organization. They send emails to specific and well-researched targets while acting to be a trusted sender. The goal is to either infect devices with malware or convince their victims to hand over information or money.

What can you do to prevent spear phishing or any form of phishing?

Cybir supports Ironscales (a self-learning email security platform to stop phishing attacks) to deliver an advanced email security platform with machine learning capabilities.  Cybir implements regular testing of employee security awareness via phishing campaigns.

Cybir has a few different jobs that will help keep you and your business safe against spear phishing threats:

  • Responding to all alerts raised within the platform
  • Verifying all mailboxes within Client organization receive necessary protection coverage
  • Creation and deployment of phishing campaigns on a monthly basis
  • Creation of reports to Client detailing results of phishing campaigns
  • Work with Client to schedule and deploy learning modules to end users
  • Review and respond to all alerts and suspicious activity within the platform
  • Review and respond to all email submitted for review by end user

Browsing

Cybir offers key features to keep users safe of any acts of phishing within the company. With the jobs they have while incorporating their key features. it has the extra protection that can save the company from experiencing a data breach and losing any valuable information.

Spear phishing attacks a particular person and/or company.  Be careful on emails that you are being sent and watch out for the email addresses that are attached to the email.  Make sure to let your IT company know so they can further investigate the issue, but having more backup that can go on after hours is helpful for these kinds of scams.  Get to the root of the problem before the problem gets to you!

For more information or to continue keeping your business safe, contact PCS by phone or by emailing help@helpmepcs.com.