Cyber Security – Back To School Edition

Back to school is here and we start to see more children using technology for their assignments/homework.
We also see parents posting pictures of their children with back to school chalkboards.
We’re here to remind that anything can be used as personal data to hack into your information!

Back To School Pictures

September is that time where users can sign in to social media platforms and see those adorable back to school pictures that parents post. Posting pictures of the chalkboards with the child’s school, favorite things, grade, etc. Seems harmless, right? Not for hackers it isn’t. Malicious attacks can happen to your personal accounts just by posting a picture on social media.
Based off of this picture, hackers can see what your child’s name is, school, and sometimes favorite color. Based off of this, sometimes it can trace back to your password hints. Try to keep all personal information sacred and not posting the detailed chalkboards on social media.

Keep it personal to family/friends and try to keep it simple for social media. Be very mindful of what you post on social media. Don’t post any personal information that you don’t want someone using for a cyber attack.

DON’T!

DO!

Homework On Personal Computer

Now that the school year is starting, so will all the homework assignments that children will have to complete through different websites. One thing can lead to another and they can click on a link that can lead to a malicious attack happening. Be cautious on what your child is doing online! Clicking bad links can lead to your personal information on your PC to be accessed.

Clicking on a suspicious link is dangerous:
Information is sent.
Malicious software can be launched.
Your location can be determined.

If you don’t completely trust the site, don’t let it install or launch anything on it. Always make sure you have your firewall activated and monitor your child while using websites to make sure they don’t accidentally click on a link that would cause an attack.

Make sure you also familiarize yourself with all the websites your child needs to complete their assignments. If you’re able to navigate yourself through the website, you can help your child just steer towards where they need to go. This will help ensure that no extra links are being clicked on within the website so there won’t be any risks of malicious attacks.

Password Protection

Assignments being scheduled online and children having to login to specific website, this is a cause for them to have access to passwords. With passwords being such a big secret, children might not understand how important it is to protect data as much as we do. Creating a password can get tricky, but do not make it the same password as all your personal information!

A few tips on password protection:
 Do not use easy-to-guess passwords.
 “Complex passwords” are nice, “Cognitive Passwords” are better.
 Do not use the same password iterations.
 Never use the same password for all of your accounts.
 Do not use the same password at work that you use at home. Keep work and home separate.
 Do not give child password on paper. Could lose it and get into the wrong hands.
 Do not store passwords on documents online!

Make Use Of Parental Controls & Privacy Settings

Parental controls and privacy settings help you keep your child safe from cyberbullying and online predators by allowing you to establish boundaries around which sites your child can access, the amount of information they can share online, and the amount of time they can spend online outside of school. Don’t just configure the settings; explain the importance of them to your children. This is a great opportunity to shift into a larger discussion of online safety.

Make Sure Software & Devices Are Up-To-Date

Having updated software and devices allows important security settings to remain active within your device. Don’t keep pushing it off! That extra added protection will allow your children to have no issues and continue to stay secured.

Beware Of Phishing Scams

Monitoring your children’s school emails are important when it comes to cyber security.  Clicking on suspicious links and replying back to suspicious emails can lead to malicious attacks and causing personal data to be accessed. Talk to your child about the importance of emails and not clicking links they see unless approved by someone.

Avoid all suspicious emails!

Start off the school year right with these important tips to keeping your information safe!

Cyber Security – What Is It and Examples of Cyber Threats

Technology and data is the core of most organizations.
But what is cyber security and have you put the effort into effective cyber security?
We’re here to explain what it is and cyber security practices for effectively defending against hazards in the digital world with the help of Mike at Cybir!

Cybir is a continued core focus on a full suite of in-house cyber security, digital forensic and data recovery expertise, honed for litigation support, eDiscovery and expert witness services.

What Is Cyber Security?

Cyber security (as stated by Merriam-Webster ), is the measures taken to protect a computer or computer system against unauthorized access or attack.
Any organization that uses modern technology must face with the risk of cyber threats. Taking steps to address this risk is crucial for the operational security of businesses. Data breaches and cyber-attacks against businesses have the potential to cause huge financial and reputational damage. It could not only affect the business, but also the employees.

Examples of Cyber Threats

Malware
Malware, shorthand for “malicious software,” is an application that’s intended to cause damage to systems, steal data, gain unauthorized access to networks, or otherwise wreak havoc. This is the most common type of cyber threat. 

There are a number of malicious software variants, including:

  • Viruses – Attaches themselves to clean files, replicate, and spread to other files. They may delete files, force reboots, join machines to a botnet, or enable remote backdoor access to infected systems.
  • Worms – Similar to viruses, but without the need for a host file. Worms infect systems directly and reside in memory, where they self-replicate and spread to other systems on the network.
  • Backdoor – Used by attackers to secure remote access to infected systems, or to obtain unauthorized access to privileged information.
  • Trojans – Disguises themselves as a legitimate application, or simply hide within one. They discretely open backdoors to give attackers easy access to infected systems, often enabling the loading of other malware.

Ransomware
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware attacks often rely on social engineering techniques such as phishing, tricking users into downloading a dropper that retrieves and installs the payload. Once on the system, ransomware finds all files of a specific type locally and across the network, encrypting and often stealing them. The original files, recovery points, and backups are then deleted to prevent users from restoring the system on their own. Ransomware usually changes the file extension and adds a “help” file, explaining how victims can pay to recover their data.

Mike at Cybir also mentions data exfiltration. He states, “Ransomware is evolving where threat actors are also stealing data and saying, ‘ok great your backups worked and you restored, but you are still going to want to pay us if you do not want us to leak your data to the internet or dark web.'”

He states for protection, “For ransomware and malware traditional AV is no longer effective. Traditional AV basically has a definitions file where when it is running a scan it looks at the current file and compares it to its list of known good / bad files and then makes a decision about what happens to it from there. If it does not know anything about the file it likely skips right over it and allows it to pass. EDR/MDR/XDR SentinelOne provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.”

Cybir offers endpoint protection, detection, and response in conjunction to SentinelOne that provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.

Phishing
Phishing is a common attack technique that manipulates people into taking unsafe actions or divulging sensitive information. In typical phishing campaigns, attacks will use different types of communication – email, instant messages, SMS, and websites – to impersonate a trustworthy person or organization that they are familiar with and using that identity to trick users into clicking on malicious links, downloading malware-laden attachments, or disclosing sensitive personal information.

Mike at Cybir states, “This often leads to ransomware or a business email compromise type of attack.”

One way to stay protected from phishing attacks is training and education. Mike at Cybir states, “The keys are constant user training and education as well as a solution like ironscales that is going to profile an email and add banners/details to give the user a heads up.”

There are two types of phishing attacks – phishing which is wide-ranged and spear phishing which is targeting a specific individual/company.

Spear phishing requires a lot of research for the attacker, but these cyber threats are generally tailored to their target based on insider knowledge or information available on the web and/or through social media. They use reputable names within the company to attack someone who they think will fall for it. It requires extra effort to spear phish, but they are more likely to succeed.

PCS offers a variety of phishing training products to help you and your company stay protected and aware of what to look for when it comes to phishing attacks. 

Knowing the different malicious attacks out there, there are ways to monitor and keep protected again malicious attacks.

Cybir offers Security Operations Center As A Service (SOCAAS) with these key features –

For more information about cyber security and ways to stay protected, contact PCS today!

Unannounced Apple Features For iOS 15!

Apple announced iOS 15 back in June at WWDC, but lacked to mention an important feature that can help us all when it comes to traveling and even other cool features Apple didn’t go into.

Redesign of Maps App

The redesign of the Maps app was mentioned, but it was not put into detail what would be happening other than a nice refresh. One cool thing that is happening with the Maps app is that now it will factor in weather conditions! BGR.com goes into detail about how the Maps app will be able to let you know the weather conditions, such as a flash flood warning, into it’s suggested route.
Not clear how many weather events the app will be capable of alerting Apple users about. It’s a smart addition either way and can help travelers stay warned or find other paths if there is a weather alert in that area.


Here is an example of what to expect when you are using Maps on iOS 15.

Drag-and-Drop Across Apps

The iPad has had it’s ability to drag-and-drop documents, texts or pictures between apps. Now, iPhone has it’s turn!  If you are going back and forth between Messages and Photos to share pictures from an event with coworkers, you can now drag-and-drop the from the Photos app to the Messages app.

To test out the new feature:
Open the Photos app and view your recent photos.
Don’t tap on a picture to open it full screen, instead place a finger on the photo and start to drag your finger across the screen.
Don’t lift your finger when the thumbnail starts to float over the rest of the photos, then switch back to the messages app.
You’ll see a green circle with a + sign in it show up on the thumbnail indicating that you can lift your finger and the photo will be placed in the text field, ready for you to send.

Real Time Snow or Rain Alerts From The iPhone Weather App

Now the Weather app is making it’s comeback. Apple now is having the Weather app alert when snow/rain is getting close to you! It will alert you on your phone a few minutes before it starts and then it will alert when the rain/snow is almost finished.
Once you’re running iOS 15, you can turn on the new precipitation alerts by opening the Weather app, then tapping the three-line icon in the bottom-right corner of the screen.
Next, tap the circle icon with the three dots in the top-right corner of the screen followed by Notifications.
Slide the switch next to My Location to the On position and then tap Done. If you have more cities added to the Weather app, you can also turn on alerts for each one.

We will keep you updated on more features about iOS 15 as more details unfold!

Phishing Emails – Ways To Detect and Prevent Attacks

Phishing has become one of the most common methods of cybercrime. Despite how much we think we know about scam emails, people still frequently fall victim.
We’re here show you how to detect a phishing email.

phishing scams

Message Is Sent From A Public Email Domain/Misspelled Domain

Sometimes, the hacker will try to use the same information as someone higher up in your organization (such as a president or manager) and use the same credentials but different domain. The one part to check specifically is the email domain. If the email is not recognizable, don’t click on anything!

One example is if the email is allegedly from PayPal, but the domain of the link does not include “paypal.com,” that’s a huge giveaway.  Looking at all your sources will help you identify what is legitimate and what is a malicious attack.

Make sure you are checking ALL parts of the email (not just the display name). Many of us don’t ever look at the email address that a message has come from, but rather just look at the display name. Hackers will use that against you by using the real sender’s picture and name that they are trying to impersonate. Looking into the email address that is sending you anything helps with being able to identify if it is legitimate or if it is a phishing email.

Email Is Poorly Written

When it comes to crafting phishing messages, scammers will often use a spellchecker or translation machine. It will give them all the right words but not necessarily in the proper context. Noticing poorly written emails will usually mean that it is coming from an outside source and it’s a spoof.  Keep an eye on poor grammar and spelling errors.

Message Has a Sense of Urgency

Phishing emails have a tendency of not only having grammatical errors, but it seems like they always have a sense of urgency. Hackers know that an email that seems urgent receives a little more attention to others emails that can be thrown into the back burner. Criminals know that we’re likely to drop everything if our superiors email us with a vital request. Taking the time to actually look at the email domain and how the email is typed out, you will see that it is a malicious attack and not anyone within the company.
Knowing the difference will help not only you, but the company itself with avoiding a data breach.

Suspicious Links

Sometimes when phishing emails are sent, you see either a button or a link that is attached. You can spot a suspicious link if the destination address doesn’t match the context of the rest of the email. Unfortunately, when a suspicious link is hidden behind a button, it is hard to determine if it is legitimist or if it is a fraud. Looking at the email address and identifying if it is real will help with determining whether it is legitimate or not.

Ways To Stay Protected

One way to make sure you’re alert and aware of phishing attacks is educating yourself is phishing training. Phishing training will allow you and your employees to detect phishing emails and understanding what to look for. With simulations, you will be able to identify many different ways that a phishing attack can occur and ways to prevent a data breach for your company.

For more information about phishing training, contact PCS!

More News From Microsoft About Windows 11

Microsoft has released more updates and info about Windows 11. Here is what to expect!

Start Menu Moved

The start menu is no longer at the bottom left of your PC desktop.  Don’t worry, you can move it back!  The redesign of the iconic Windows menu is now in the center of the screen rather than the corner.  It allows you to quickly see pinned apps, as well as a few recommended apps based on what you’ve used before.

Windows 11 also is coming with productivity shortcuts. If you  have multiple apps and windows going at once, you can hover over any window to reveal different options for organizing your screen. Maybe it’s two windows side by side, or one big window with a few smaller ones floating next to it. Click on the configuration you want, and your windows will “snap” into that shape.

Microsoft Won’t Confirm Which CPUs Work With Windows 11 … Yet

Microsoft is making another attempt at clarifying the minimum requirements for Windows 11, as stated in their blog post.  The post is clear that Intel 6th Gen Skylake and earlier CPUs, along with non-Zen AMD processors, will not meet “principles around security and reliability and minimum system requirements for Windows 11.”  That lines up with the company’s original statement that Windows 11 would require Intel 8th Gen Coffee Lake or Zen 2 CPUs and up, but there is some hope for Intel 7th Gen Kaby Lake and Zen 1 users.

Where it gets a little confusing is the first Inside build of Windows 11 won’t require TPM 2.0 or specific CPUs.  Microsoft will be paying attention to users with Intel 7th Gen CPUs and AMD Zen 1 CPUs to see if they’re getting the performance that Microsoft is looking for, especially when it comes to reliability and security.

Download Windows 11 As A Free Upgrade Later This Year

Windows 11 should be available around the 2021 holiday season.  It will be a free update to owners of Windows 10 PCs.  There are some hardware requirements, such as a newer processor, four gigabytes of RAM and at least 64 gigabytes of storage. Microsoft has a PC-checker tool you can use.

Support on Windows 10 Software

If you don’t decide to upgrade, Microsoft confirmed that it will continue to support Windows 10 until October 14, 2025.  If you choose not to upgrade, you may lose opportunity on security settings that will continue to keep your PC and data safe. We highly suggest taking the opportunity to upgrade immediately when it is available.

We will continue report as more details unfold!

Data Loss – What Is It and What Can You Do To Stop It

Data Loss
What exactly is it?
How can you avoid it?
We’re here to go over everything you need to know about preventing data loss to help keep your information safe!

What Is Data Loss?

Data loss is exactly what you think it is. Whether your information/back-ups are accidentally or maliciously deleted from your system, important data is lost. This might happen when a malicious internal user gains inappropriate administrator privileges, or when an external party seeking to do damage to your company’s reputation hacks into your system. It could be thanks to poorly configured backup jobs or other settings. In addition to these human causes, hardware failure or theft can also account for data loss.

What Can You Do To Protect Your Data?

iland is a cloud service provider of secure and compliant hosting for Backup as a Service (BaaS).  iland’s Insider Protection, guards you against straightforward deletion of all backups and even more sophisticated attacks. The service will assure that a copy of your backup is always available!

Internal or External Threat Protection

Insider Protection enables you to recover a full backup of deleted data! Instead of deleting your backup files, hackers may choose to corrupt or encrypt your backups. This would replace any recovery points you may have causing you to instead use damaged backups. With Insider Protection you will have access to backups that the attackers did not, giving you the confidence you need during a disaster recovery event.

How It Works and How To Recover

With iland Insider Protection, backup files that were deleted maliciously or accidentally are kept in an air-gapped directory. This directory will only be accessible to iland technicians! Backup files that were deleted will remain in this isolated folder for seven days and can be saved to be transferred back to you once you are ready to restore data. Your files will not go away until after seven days of isolated storage.

If you fall victim to a breach like a ransomware infection, the data protected by iland would be untouchable and could be trusted to restore critical data after an attack, easing your mind and reducing your downtime.

 

Contact your PCS Account Representative today
to add this increased security to your current iland cloud storage!

Data Breach – How Can It Happen And Ways To Avoid It!

It seems like recently, we have been hearing a lot more about how businesses have experienced data breaches.  But how did the hackers get into their systems?
We’re here to tell you different ways that hackers can get into your companies information and how to prevent it!

1. Weak and Stolen Credentials (Passwords)

Weak passwords are the easiest way for malicious attacks to happen to your company. They allow hackers to ease their way into your system faster than you could imagine. Having strong and secure passwords that change every 60-90 days will greatly decrease the chances of these attacks.

Password Managers can help store, generate, and manage your passwords for local applications and online services. They assist in generating and retrieving complicated passwords, storing the passwords in an encrypted database, or calculating them on demand.

2. Phishing Scams

Email has been used more for business throughout the years. Hackers have found a way to gain access into your information by creating email that impersonates those that you would receive every day, perhaps even from company executives. Phishing emails are scams that target a specific person/company. Having email security will help identify threats to make sure you keep your companies’ information safe. Identifying email threats will also help to keep your personal information and accounts from being hacked. Knowing what types of email are threats can make a big difference to you and your company!

3. No VPN/Secured Wi-Fi

Not using a VPN service, or logging into an unsecured network can allow hackers to gain access to your business data! Allowing your data to travel through an unsecured network gives access to someone who is using the same network, or even a hacker who is trying to gain access to information you were retrieving on your devices. Once you connect to an unsecured Wi-Fi network, your information is vulnerable. Make sure to use your VPN service, or log into a secured Wi-Fi when trying to access important information. These steps create an extra layer of security, helping to avoid malicious activity, and making it more difficult for your data to get into the wrong person’s hands.

4. Running Updating Operating Systems/Applications

If you’re still running Windows 7 or haven’t updated your applications … STOP HERE AND READ!! Using outdated software and applications can lead to system vulnerability. Microsoft confirmed that Windows 7 will no longer be supported for security updates or technical assistance. If you’re running an outdated operating system, you’ll open your company up to known hacks, malware, viruses and other potential future security flaws.
For example, any Google Chrome versions prior to 91.0.4472.114 may have vulnerabilities that allow attackers to execute arbitrary code in your browser. Having an outdated application or web browser could lead to malicious attacks within your systems, targeting all the information that hackers want to get their hands on. An attacker could view, change, or even delete data if they have the access to do so.
Try to keep track of everything and make sure you install all your software updates as new ones come out. It will help reduce system vulnerabilities and from being a target of a data breach!

Malicious attacks can be avoided if you take the proper steps. A VPN Service, Email Security, Password Manager, Multi-Factor Authentication, and up-to-date software will help keep your system protected and secure!

Want to make sure you’re protected and taking the right steps? Contact PCS for all your cyber security needs!

How Important Is Having A VPN Service?

The term “VPN” gets thrown around more often than others when it comes to your access.  Whether it be for business or personal, being told to have a VPN has always been standard protocol on our systems.  But what exactly is it? Where can we use it? What happens if you don’t have it?
We’re here to tell you what you need to know and how it works!

What Is A VPN?

VPN stands for Virtual Private Network. It gives you online privacy and anonymity by creating a private network from a public internet connection.  They mask your IP (internet protocol) address so your online actions are virtually untraceable. Virtual Private Networks  also secure connections to provide greater privacy than even a secured Wi-Fi hotspot.

Why Do You Need A VPN Service?

Having a VPN service is not only important for business settings, but you can also get it for your personal devices!  When you’re on the internet, especially on an unsecured Wi-Fi network, you could be exposing your private information and browsing history.

Imagine yourself being at an airport or even a coffee shop where there is no secured service.  You are browsing through your emails and even working on a big project for work that is due in a few days.  The amount of clicking you do and what is being put into the unsecured network could potentially get into  by a stranger using the same network. Unless it’s a secured network that allows you to put in a password when trying to connect, your information is vulnerable.

Having the ability to not worry about someone else getting into your information is one way to keep your data and your companies data secured.   Especially when most companies are working remotely, you don’t want to have that thought in the back of your mind whether or not someone can access your companies information.

How Does A VPN Protect Your IP Address And Privacy

The VPN essentially creates a data tunnel between your local network and an exit node in another location.  It makes it seem like you’re miles away in another place when really you are home! Having that luxury allows your location to stay private, while also keeping data and information private.  Think of it like a sturdy tunnel that no one can get into.
Virtual Private Networks use encryption to scramble data when it’s sent over a Wi-Fi network and encryption makes the data unreadable.

Without a VPN, your internet service provider can know your entire browsing history. With a VPN, your search history is hidden. That’s because your web activity will be associated with the VPN server’s IP address, not your own.

What A VPN Can Hide

  • Browsing history
  •  IP address and location
  •  Location for streaming
  • Devices
  • Web activity

Where Can You Use Your VPN?

The answer? Anywhere! Once you have it, you can use it to be able to keep your data secured. While traveling, at home, in the office, and even while enjoying a cup of coffee at your nearest coffee shop.  Having the VPN on your laptop, tablet, iPad, and even any phone device will help make sure your information is protected.

Need help with keeping you and your company safe? Contact PCS!

Important Updates From The Apple Announcement: macOS Monterey Version

Monday’s Apple Announcement On The New macOS Software Update

Apple’s newest software update announcement featured the new macOS Monterey update! Here is a quick review of the important information given and the privacy settings featured.

Privacy Settings

Privacy and keeping all your information secured is the most important with technology today.   Apple continues to keep your information safe with all new features that will allow not only your information hidden, but some accounts as well!

Hide My Email

In our previous blog post about iOS 15, Apple has released a feature that we can all enjoy when it comes to keeping your email private! Hide my email instantly generates unique, random email addresses that forward to your personal inbox. This way you don’t have to share your real email address when filling out a form on the web or signing up for a newsletter. Hide my email is built into Safari, Mail, and iCloud Settings.  This is a great way to sign up for subscriptions and then not get bombarded with emails from other spams! iCloud+

iCloud Private Relay 

Apple went a different route with privacy.  With iCloud Private Relay, it is essentially like a VPN that will route your internet traffic through two relays in order to mask who’s browsing and where that data is coming from.  The Verge stated, ” Apple is trying to distinguish the feature from traditional VPNs — and if you ask, Apple will tell you it’s not a VPN at all — in part because it sends data through that second hop. That second hop prevents any one party,
including Apple, from seeing all of your browsing data, Apple says.”

Apple confirmed that it ensures that the traffic leaving your device is encrypted and uses two separate internet relays so no one can use your IP address, location, and browsing activity to create a detailed profile about you.

Mail Privacy Protection

This one is pretty cool to say the least.  Mail Privacy Protection is supposed to hide your IP address so senders can’t link it to your other online activity or determine your location.  It also prevents senders seeing if you opened your email or not.  That helps in SO many different cases because now anything you do with your email is completely secured due to the new updates.

Airplay

Airplay is coming to Mac. You can share, play, or present content from another Apple product to the Mac screen!  You can also expand and mirror your display.  This is a HUGE gamechanger for people who love using Airplay but were never able to use it because it was only for smaller devices.  Apple confirmed that you can now also use your Mac as an Airplay speaker high-fidelity sound when you play music or podcasts from another device.

Shortcuts

Apple has now confirmed that you are able to create your own shortcuts using their newest software update.  Apple has confirmed Save time by turning something that would take multiple steps into just one, or connecting your go-to apps and services together with the Shortcuts editor. You can run them from your Dock, menu bar, the Finder, Spotlight, or even with Siri.

 

Apple released more information about their new software update Monterey and all the cool new features added on. To learn more, go to Apple.com and find out everything about the Apple Announcement!

Want to make sure your Apple products are protected? Contact PCS today and we can help you!