New Years Resolution: Keeping Cyber Safe!

2021 has ended with a record-breaking year for data breaches.
According to Identity Theft Resource Center (ITRC) research, the total number of data breaches through September 30, 2021 already exceeded the total number of events in 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020.

We’re here to review ways for you to stay protected in the New Year!

Change Your Password

Password safety cannot be stressed enough! Changing your passwords every 60-90 days will allow your information to stay protected. With that, your cyber security will continue to increase.

Not only will changing your password help, but also make sure it is STRONG. Adding symbols, numbers and making sure the length is eight or more characters will help keep the password strong. In the example presented above, pa$$word1a has a more muscular password strength than password1 (please don’t use the model above for your next password).

Webroot has given some great tips for creating a new password. Using a phrase and incorporating shortcut codes and acronyms will keep the password strong while remembering your favorite word or saying. Are some examples 2BorNot2B_ThatIsThe? (To be or not to be, that is the question) or ABT2_uz_AMZ! (About to use Amazon).  Unique passwords are more complicated to break through than weak and simple passwords (please do not use any examples given above).

When selecting a password, do not use any personal information! Using personal information can lead to hackers knowing the answers to your security questions.

Examples of personal information to not use:
Your name
Age
Date of birth
Child’s name
Pet’s name
Favorite color/song

Don’t Use The Same Password For Everything!
Using the same password for multiple logins will cause a more significant issue than you may think. Having the same password for your banking, company sites, or even for your email will allow hackers to get into multiple accounts rather than just the one they got into.

Having different passwords will increase your cyber security to protect your data. It seems hard at first, but having that variety will allow not only your companies information to stay safe, but your data will continue to stay protected.

Use A Password Manager
A password manager is a program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database, or calculating them on demand.

Having this will alleviate having to write your passwords down on a piece of paper.  Writing your passwords on paper or even putting them on a Word/Google document will create an easier passage for hackers to get into your information and cause malicious attacks.

Installing Multi-Factor Authentication

Multi-Factor Authentication is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Having that extra layer of protection will allow your data to be protected while making it difficult for any malicious attacks to happen.

DENY any user that is not you logging in!

Phishing Training

Malicious attacks are happening within your email. Clicking on one bad link could lead to a data breach. Knowing how to identify a phishing scam could not only impact your company data but also your personal information. Phishing training allows you to see simulations of different ways a threat email can come through for you to identify.

 

Cyber Security Tools

At PCS, we offer cyber security tools to help keep your company and information protected. With Managed Endpoint Protection/Next Generation Antivirus, Advanced E-mail Security/Phishing Training, and Multi-factor Authentication, it would be a challenge for malicious attacks to happen.

DUO Adds Another Layer of Protection!

Cybercriminals can easily gain access to an account when there aren’t layers of protection from stopping them.
Hackers don’t want to work too hard to obtain information, so making it harder for malicious attacks to happen is ideal.
One way to keep your information safe is having Multi-Factor Authentication!

What is Multi-Factor Authentication?

Multi-Factor Authentication is an additional layer of security to your online accounts. Having multi-factor authentication makes obtaining data difficult for cybercriminals. If it becomes too much of a challenge for a hacker to acquire information, they will move on and not try anymore. Multi-factor can be used for bank accounts, most programs, and even protect the entire workstation/system!

Two-factor authentication means whatever application or service you’re logging in to is double-checking that the request is coming from you by confirming the login with you through a separate venue. You can secure access for any user and device, to any environment, from anywhere. You can get peace of mind knowing that the information stored on particular systems won’t be vulnerable.

How does Multi-Factor Authentication Work?

Typically, a 2FA transaction happens like this:

  1. The user logs in to the website or service with their username and password.
  2. The password is validated by an authentication server, and if correct, the user becomes eligible for the second factor.
  3. The authentication server sends a unique code to the user’s second-factor device.
  4. The user confirms their identity by approving the additional authentication from their second-factor device.

Why Should You Consider Multi-Factor Authentication?

Having multi-factor authentication will not only give companies that added layer of protection that is needed, but it will decrease malicious attacks. Hackers do not want to have a difficult time trying to access a system, but rather get into vulnerable systems. Multi-factor authentication allows you to present two forms of authentication when logging into an account. The authentication will come directly to your device and it will only work for a short amount of time.

Another reason to consider Multi-Factor Authentication is that Cyber Insurance Companies will make it MANDATORY to have.

How Can You Get Multi-Factor Authentication?

Multi-Factor Authentication can be installed through your IT service. Allowing your IT service to install the product will allow them to monitor any issues that were to occur.

Here at PCS, we offer DUO!

Duo is designed for the modern workforce and backed by a zero-trust philosophy, Duo is Cisco’s user-friendly, scalable access security platform that keeps your business ahead of ever-changing security threats. Multi-factor authentication from Cisco’s Duo protects your applications by using a second source of authorization, like a phone or token, to verify user identity before granting access. Duo is fast and easy for users to set up.

 

If you’re looking to keep your company’s data protected, contact PCS!

Information provided for the product is from Cisco.

Keep Your Internet Traffic Secure!

With a current worldwide estimated population of 7.8 billion, approximately 4.93 billion people have access to and use the internet frequently.
That means that 63.2% of the world population uses the internet.
So why should anyone think to have a protective DNS service?
We’re here to review what a protective DNS service is and how it can benefit everyone!

What Is A Protective DNS Service?

Protective DNS service creates a highly secure, private, resilient and manageable connection to the internet. This filtering stops most internet threats before they can infected networks or endpoints.

Why Do You Need A Protective DNS Service?

With todays businesses, they need secure, private, manageable and visible control over internet traffic. The DNS (Domain Name System) resolves internet requests through a global system of servers, then translates those requests into their unique IP (Internet Protocol) addresses. But using a protective DNS service, organizations can control their networks and maintain the security, privacy, and visibility they need to protect IT setup and users … Even those working remotely!

Webroot DNS Protection Features: 

  • Secure and Reliable Internet Security
  • No on-site hardware to install
  • IPv4, IPV6, HTTP, and HTTPS filtering
  • 80 web categories
  • Roaming and mobile user protection
  • WiFi and guest network protection
  • Policy control by user, group, or IP address
  • On-demand drill-down reporting

How Can You Get A Protective DNS Service?

Here at PCS, we provide organizations ways to stay safe and secure through such vulnerable times.

PCS offers Webroot DNS Protection to help companies stay secure.
Below are attributes that can help organizations understand what Webroot can do.

Webroot is different from other DNS Protection services.
Here is how:

Webroot DNS Protection also secures your mobile workforce without interfering with the VPNs, firewalls, and security tools you already use.

Webroot DNS Protection and your organizations VPN work together to:

  • Protect end users on any network, anywhere
  • Provide a secure encrypted connection
  • Never slow down DNS requests
  • Stop malicious inbound web traffic and threats
  • Provide full visibility into users’ internet activity

Protective DNS Services allow organizations to stay secure while maintaining the security, privacy, and visibility they need to protect IT setup and users. Continue to keep your business secure!


For more information, contact PCS
!

Trick or Treat! – Cyber Security Awareness At Your Door

Halloween is right around the corner!
October is also Cyber Security Awareness Month and we’re here to review some tips to keep your information safe.

Don’t Click Spooky Links From Strangers

We’re taught to never take candy from strangers, so opening links from an unknown source can be just as dangerous! Phishing scams are designed to make their victims believe they are interacting with a trusted website/user. Once the hacker gains the users trust, they will attempt to collect login credentials, financial data, or account information. This could cause a data breach and could affect you and your companies data.

Rather than opening untrusted emails or links, try to verify the information by looking it up to see if there is a website associated with it. You may also want to try phishing training within your company to ensure that your employees understand what a phishing attack looks like.

Chase Away The Lurking Monsters

Unlike Halloween monsters that go away after the holiday is over, online monsters can infiltrate your computer for months without being noticed. Using your computer on a public Wi-Fi can leave your computer vulnerable and easier to attack your data.

It is important to use a VPN (Virtual Private Network) while using a public network to keep your information secure and encrypt traffic between your devices on public, unsecured network.

Using A Strong Password Will Protect Your Candy

Protecting your candy on Halloween night from bullies or your older sibling is crucial. It is also crucial to have a strong password and maintaining it. Having a strong and secure password will keep your information safe, but changing it every 60-90 days will continue to keep hackers away from your data. Your password should include: upper and lowercase letters, numbers, symbols, and punctuation.

It is important as well to have different passwords for all of your accounts.

Don’t forget a password manager! Password manager is a program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database or calculating them on demand.

Garlic Will Keep The Vampires Away

A great way to keep vampires away is to have garlic around your neck. Keeping hackers away starts with having Multi-Factor Authentication.

Multi-Factor Authentication is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Having that extra layer of protection will allow your data to be protected while making it difficult for any malicious attacks to happen.

Don’t get the monsters compromise your data!

For more information, contact PCS!

Cyber Security – Back To School Edition

Back to school is here and we start to see more children using technology for their assignments/homework.
We also see parents posting pictures of their children with back to school chalkboards.
We’re here to remind that anything can be used as personal data to hack into your information!

Back To School Pictures

September is that time where users can sign in to social media platforms and see those adorable back to school pictures that parents post. Posting pictures of the chalkboards with the child’s school, favorite things, grade, etc. Seems harmless, right? Not for hackers it isn’t. Malicious attacks can happen to your personal accounts just by posting a picture on social media.
Based off of this picture, hackers can see what your child’s name is, school, and sometimes favorite color. Based off of this, sometimes it can trace back to your password hints. Try to keep all personal information sacred and not posting the detailed chalkboards on social media.

Keep it personal to family/friends and try to keep it simple for social media. Be very mindful of what you post on social media. Don’t post any personal information that you don’t want someone using for a cyber attack.

DON’T!

DO!

Homework On Personal Computer

Now that the school year is starting, so will all the homework assignments that children will have to complete through different websites. One thing can lead to another and they can click on a link that can lead to a malicious attack happening. Be cautious on what your child is doing online! Clicking bad links can lead to your personal information on your PC to be accessed.

Clicking on a suspicious link is dangerous:
Information is sent.
Malicious software can be launched.
Your location can be determined.

If you don’t completely trust the site, don’t let it install or launch anything on it. Always make sure you have your firewall activated and monitor your child while using websites to make sure they don’t accidentally click on a link that would cause an attack.

Make sure you also familiarize yourself with all the websites your child needs to complete their assignments. If you’re able to navigate yourself through the website, you can help your child just steer towards where they need to go. This will help ensure that no extra links are being clicked on within the website so there won’t be any risks of malicious attacks.

Password Protection

Assignments being scheduled online and children having to login to specific website, this is a cause for them to have access to passwords. With passwords being such a big secret, children might not understand how important it is to protect data as much as we do. Creating a password can get tricky, but do not make it the same password as all your personal information!

A few tips on password protection:
 Do not use easy-to-guess passwords.
 “Complex passwords” are nice, “Cognitive Passwords” are better.
 Do not use the same password iterations.
 Never use the same password for all of your accounts.
 Do not use the same password at work that you use at home. Keep work and home separate.
 Do not give child password on paper. Could lose it and get into the wrong hands.
 Do not store passwords on documents online!

Make Use Of Parental Controls & Privacy Settings

Parental controls and privacy settings help you keep your child safe from cyberbullying and online predators by allowing you to establish boundaries around which sites your child can access, the amount of information they can share online, and the amount of time they can spend online outside of school. Don’t just configure the settings; explain the importance of them to your children. This is a great opportunity to shift into a larger discussion of online safety.

Make Sure Software & Devices Are Up-To-Date

Having updated software and devices allows important security settings to remain active within your device. Don’t keep pushing it off! That extra added protection will allow your children to have no issues and continue to stay secured.

Beware Of Phishing Scams

Monitoring your children’s school emails are important when it comes to cyber security.  Clicking on suspicious links and replying back to suspicious emails can lead to malicious attacks and causing personal data to be accessed. Talk to your child about the importance of emails and not clicking links they see unless approved by someone.

Avoid all suspicious emails!

Start off the school year right with these important tips to keeping your information safe!

Cyber Security – What Is It and Examples of Cyber Threats

Technology and data is the core of most organizations.
But what is cyber security and have you put the effort into effective cyber security?
We’re here to explain what it is and cyber security practices for effectively defending against hazards in the digital world with the help of Mike at Cybir!

Cybir is a continued core focus on a full suite of in-house cyber security, digital forensic and data recovery expertise, honed for litigation support, eDiscovery and expert witness services.

What Is Cyber Security?

Cyber security (as stated by Merriam-Webster ), is the measures taken to protect a computer or computer system against unauthorized access or attack.
Any organization that uses modern technology must face with the risk of cyber threats. Taking steps to address this risk is crucial for the operational security of businesses. Data breaches and cyber-attacks against businesses have the potential to cause huge financial and reputational damage. It could not only affect the business, but also the employees.

Examples of Cyber Threats

Malware
Malware, shorthand for “malicious software,” is an application that’s intended to cause damage to systems, steal data, gain unauthorized access to networks, or otherwise wreak havoc. This is the most common type of cyber threat. 

There are a number of malicious software variants, including:

  • Viruses – Attaches themselves to clean files, replicate, and spread to other files. They may delete files, force reboots, join machines to a botnet, or enable remote backdoor access to infected systems.
  • Worms – Similar to viruses, but without the need for a host file. Worms infect systems directly and reside in memory, where they self-replicate and spread to other systems on the network.
  • Backdoor – Used by attackers to secure remote access to infected systems, or to obtain unauthorized access to privileged information.
  • Trojans – Disguises themselves as a legitimate application, or simply hide within one. They discretely open backdoors to give attackers easy access to infected systems, often enabling the loading of other malware.

Ransomware
Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Ransomware attacks often rely on social engineering techniques such as phishing, tricking users into downloading a dropper that retrieves and installs the payload. Once on the system, ransomware finds all files of a specific type locally and across the network, encrypting and often stealing them. The original files, recovery points, and backups are then deleted to prevent users from restoring the system on their own. Ransomware usually changes the file extension and adds a “help” file, explaining how victims can pay to recover their data.

Mike at Cybir also mentions data exfiltration. He states, “Ransomware is evolving where threat actors are also stealing data and saying, ‘ok great your backups worked and you restored, but you are still going to want to pay us if you do not want us to leak your data to the internet or dark web.'”

He states for protection, “For ransomware and malware traditional AV is no longer effective. Traditional AV basically has a definitions file where when it is running a scan it looks at the current file and compares it to its list of known good / bad files and then makes a decision about what happens to it from there. If it does not know anything about the file it likely skips right over it and allows it to pass. EDR/MDR/XDR SentinelOne provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.”

Cybir offers endpoint protection, detection, and response in conjunction to SentinelOne that provides best in class NextGen Antivirus, device control, firewall control and threat hunting capabilities.

Phishing
Phishing is a common attack technique that manipulates people into taking unsafe actions or divulging sensitive information. In typical phishing campaigns, attacks will use different types of communication – email, instant messages, SMS, and websites – to impersonate a trustworthy person or organization that they are familiar with and using that identity to trick users into clicking on malicious links, downloading malware-laden attachments, or disclosing sensitive personal information.

Mike at Cybir states, “This often leads to ransomware or a business email compromise type of attack.”

One way to stay protected from phishing attacks is training and education. Mike at Cybir states, “The keys are constant user training and education as well as a solution like ironscales that is going to profile an email and add banners/details to give the user a heads up.”

There are two types of phishing attacks – phishing which is wide-ranged and spear phishing which is targeting a specific individual/company.

Spear phishing requires a lot of research for the attacker, but these cyber threats are generally tailored to their target based on insider knowledge or information available on the web and/or through social media. They use reputable names within the company to attack someone who they think will fall for it. It requires extra effort to spear phish, but they are more likely to succeed.

PCS offers a variety of phishing training products to help you and your company stay protected and aware of what to look for when it comes to phishing attacks. 

Knowing the different malicious attacks out there, there are ways to monitor and keep protected again malicious attacks.

Cybir offers Security Operations Center As A Service (SOCAAS) with these key features –

For more information about cyber security and ways to stay protected, contact PCS today!

Cyber Security Practices We Should Do To Stay Protected

Cyber security is one of the most talked about subjects in the technology field.
Having your business data secured is crucial, but there are ways to stay protected.
Here are some ways to help you keep your data protected with these security practices we should all do to ensure cyber security!

Changing Passwords/Password Strength

Password safety cannot be stressed enough! Changing your passwords every 60-90 days will allow your information to stay protected. With that, your cyber security will continue to increase.

Not only will changing your password help, but also make sure it is STRONG. Adding symbols, numbers, and making sure the length is 8 or more characters will help keep the password strong. In the example presented above, pa$$word1a has a stronger password strength than password1 (please don’t use example above for your next password).

Webroot has given some greats tips for creating a new password. Using a phrase and incorporate shortcut codes and acronyms will keep the password strong while being able to remember your favorite phrase or saying. Some examples are 2BorNot2B_ThatIsThe? (To be or not to be, that is the question) or ABT2_uz_AMZ! (About to use Amazon).  Unique passwords are harder to break through than weak and simple passwords (please do not use any examples given above).

When selecting a password, do not use any personal information! Using personal information can lead to hackers knowing the answers to your security questions.

Examples of personal information to not use:
Your name
Age
Date of birth
Child’s name
Pet’s name
Favorite color/song

Don’t Use The Same Password For Everything!

Using the same password for multiple logins will cause a bigger issue than you may think. Having the same password for your banking, company sites, or even for your email will allow hackers to get into multiple accounts rather than just the one they got into.

Having different passwords will increase your cyber security to allow your data to be protected. It seems hard at first, but having that variety will allow not only your companies information to stay safe, but your own personal data will continue to stay protected.

Using A Password Manager

A password manager is a program that allows users to store, generate, and manage their passwords for local applications and online services. It assists in generating and retrieving complicated passwords, storing the passwords in an encrypted database or calculating them on demand.

Having this will alleviate having to write your passwords down on a piece of paper.  Writing your passwords on paper or even putting them on a Word/Google document will create an easier passage for hackers to get into your information and cause malicious attacks.

Updating Your Antivirus

Your antivirus is used to prevent, scan, detect and delete viruses from a computer. But what happens when you don’t update your antivirus?
There are always new viruses developing and keeping your computer clear from them are important. When you don’t update your antivirus, it won’t protect against the newest threats, leading it to believe that it is nothing to worry about. You might not be as protected from cyber security risks as you might think. Even worse, your device could be at risk of the latest threats that your security product is not yet aware of.  Making sure you are updated on the latest software could relieve all stress in not knowing whether or not you are protected from any threats. This will continue to add that extra layer of cyber security you need.

Installing Multi-Factor Authentication

Multi-Factor Authentication is a security technology that requires multiple methods of authentication from independent categories of credentials to verify a user’s identity for a login or other transaction. Having that extra layer of protection will allow your data to be protected while making it difficult for any malicious attacks to happen.

Once you login, you will get a prompt on your phone asking if it is you with the name and address that is trying to login to your account.  When you see the pop-up, you have to click accept or deny.  After you accept that it is you, you will be let in! This is just another layer of cyber security that will help protect your data. DENY any user that is not you logging in!

Phishing Training

Phishing training is IMPORTANT! Malicious attacks are happening within your email. Clicking on one bad link could lead to a data breach. Knowing how to identify a phishing scam could not only impact your company data, but also your personal information. Phishing training allows you to see simulations of different ways a threat email can come through for you to identify.

Identifying an email could seem harder than you think. Hackers have been able to make it so users think the email is coming from someone reputable within your company. We have broken down the ways to identify phishing emails in our post “Phishing Emails – Ways To Detect and Prevent Attacks,” but having an added layer of security by taking phishing training will decrease your chances of malicious attacks.

For more information or need help getting set up, contact PCS!

Phishing Emails – Ways To Detect and Prevent Attacks

Phishing has become one of the most common methods of cybercrime. Despite how much we think we know about scam emails, people still frequently fall victim.
We’re here show you how to detect a phishing email.

phishing scams

Message Is Sent From A Public Email Domain/Misspelled Domain

Sometimes, the hacker will try to use the same information as someone higher up in your organization (such as a president or manager) and use the same credentials but different domain. The one part to check specifically is the email domain. If the email is not recognizable, don’t click on anything!

One example is if the email is allegedly from PayPal, but the domain of the link does not include “paypal.com,” that’s a huge giveaway.  Looking at all your sources will help you identify what is legitimate and what is a malicious attack.

Make sure you are checking ALL parts of the email (not just the display name). Many of us don’t ever look at the email address that a message has come from, but rather just look at the display name. Hackers will use that against you by using the real sender’s picture and name that they are trying to impersonate. Looking into the email address that is sending you anything helps with being able to identify if it is legitimate or if it is a phishing email.

Email Is Poorly Written

When it comes to crafting phishing messages, scammers will often use a spellchecker or translation machine. It will give them all the right words but not necessarily in the proper context. Noticing poorly written emails will usually mean that it is coming from an outside source and it’s a spoof.  Keep an eye on poor grammar and spelling errors.

Message Has a Sense of Urgency

Phishing emails have a tendency of not only having grammatical errors, but it seems like they always have a sense of urgency. Hackers know that an email that seems urgent receives a little more attention to others emails that can be thrown into the back burner. Criminals know that we’re likely to drop everything if our superiors email us with a vital request. Taking the time to actually look at the email domain and how the email is typed out, you will see that it is a malicious attack and not anyone within the company.
Knowing the difference will help not only you, but the company itself with avoiding a data breach.

Suspicious Links

Sometimes when phishing emails are sent, you see either a button or a link that is attached. You can spot a suspicious link if the destination address doesn’t match the context of the rest of the email. Unfortunately, when a suspicious link is hidden behind a button, it is hard to determine if it is legitimist or if it is a fraud. Looking at the email address and identifying if it is real will help with determining whether it is legitimate or not.

Ways To Stay Protected

One way to make sure you’re alert and aware of phishing attacks is educating yourself is phishing training. Phishing training will allow you and your employees to detect phishing emails and understanding what to look for. With simulations, you will be able to identify many different ways that a phishing attack can occur and ways to prevent a data breach for your company.

For more information about phishing training, contact PCS!

Data Loss – What Is It and What Can You Do To Stop It

Data Loss
What exactly is it?
How can you avoid it?
We’re here to go over everything you need to know about preventing data loss to help keep your information safe!

What Is Data Loss?

Data loss is exactly what you think it is. Whether your information/back-ups are accidentally or maliciously deleted from your system, important data is lost. This might happen when a malicious internal user gains inappropriate administrator privileges, or when an external party seeking to do damage to your company’s reputation hacks into your system. It could be thanks to poorly configured backup jobs or other settings. In addition to these human causes, hardware failure or theft can also account for data loss.

What Can You Do To Protect Your Data?

iland is a cloud service provider of secure and compliant hosting for Backup as a Service (BaaS).  iland’s Insider Protection, guards you against straightforward deletion of all backups and even more sophisticated attacks. The service will assure that a copy of your backup is always available!

Internal or External Threat Protection

Insider Protection enables you to recover a full backup of deleted data! Instead of deleting your backup files, hackers may choose to corrupt or encrypt your backups. This would replace any recovery points you may have causing you to instead use damaged backups. With Insider Protection you will have access to backups that the attackers did not, giving you the confidence you need during a disaster recovery event.

How It Works and How To Recover

With iland Insider Protection, backup files that were deleted maliciously or accidentally are kept in an air-gapped directory. This directory will only be accessible to iland technicians! Backup files that were deleted will remain in this isolated folder for seven days and can be saved to be transferred back to you once you are ready to restore data. Your files will not go away until after seven days of isolated storage.

If you fall victim to a breach like a ransomware infection, the data protected by iland would be untouchable and could be trusted to restore critical data after an attack, easing your mind and reducing your downtime.

 

Contact your PCS Account Representative today
to add this increased security to your current iland cloud storage!