Categories
Technology

Phishing Attacks In The Real World

 

When was the last time you almost lost $23,000 to a phishing email? This nearly happened to one of our clients this week. Fortunately, this phishing attempt was spotted before the funds were transferred, however, there are a few good lessons to take away from this story and we want to educate you so you can protect your company from these sorts of attacks.

“Bob’s Company” received an email at Accounting@Bobscompany.com. The email was from Bob@Bobsscompany.com.

The email wrote:

“Good Morning,

Please pay the attached invoice in the amount of $23,000.

Thank you,

Bob”
For the accounting manager, this was business as usual. The boss regularly sends requests to the accounting department to have bills paid. At a glance, there is nothing wrong with the email but in this instance, the tone of the email was unusual which caused for further investigation.

This phishing attempt was sophisticated enough to the point where the scam artist even took the time to forge a signature on the attached invoice that matched Bob’s signature. Fortunately, the accounting manager double checked with the boss before processing the transaction. What’s scary is just how close the accounting manager came to processing the payment which is a mistake any one of us could make. If they weren’t paying attention or were just in a hurry, anything could have happened.

What’s important to take away is just how predictable we are. Most companies operate the same way with similar departmental and communication structures. If this wasn’t true then social engineering scams wouldn’t work. This was a close call for just one company and it isn’t hard to believe that whoever sent this email has sent thousands of them and likely got paid on a handful.

These types of attacks are becoming more prevalent than any other because they are cheap, easy and work on businesses of all sizes. “Bob’s Company” is a small business, not a behemoth company that you surmise a hacker would go after. Small businesses are easy targets from a hacker’s perspective because many of them do not invest in security and user training like large companies do.

Some actionable steps you can take to avoid falling prone to this type of attack are:

  1. Avoid using departmental emails like Accounting, Payroll or HR. This lets the hacker know that they are sending the phishing email to the right person making it more likely for the email to have the hackers desired effect.
  2. Use regularly changing keywords when sending requests for a transfer of funds. Change this keyword every month and instruct your staff never to transfer funds without the keyword in the email. This is a really low tech solution but it works. These attacks are intended to trip you up when you aren’t paying attention. The majority of attacks never involve someone spying on your network and learning your passwords and company secrets. Simple though it may be, this is an effective form of two-factor authentication.
  3. Use free spoof phishing tools like KnowBe4 to test your employees to see who is likely to click on phishing emails. Invest in those employees by training them on what to watch out for.

We are living in an ever-developing world where cybercrime is global, the barrier to entry is low and we humans are the weak link in the chain. Since cybercrime has such low risk and high reward these scams will become more frequent and sophisticated. Businesses will have to adapt to these changes and develop strategies to protect their resources. It is important to consult with your IT partner to learn how you can train your employees and set up security measures that will prevent this coming wave of cybercrime.

Categories
Technology Training

Harden Employees Against Ransomware With KnowBe4

Are you curious to see who in your company is most likely to download a virus on your network? Well now you can find out and the best part is, its free. With KnowBe4 you can administer a range of free tools that will allow you to see which of your users is most likely fall for phishing emails.

The sad truth is that some people will click on anything that comes across their email inbox. This is how most network infections start. Till more recently, there hasn’t been a lot anyone could do to prevent this. KnowBe4 allows you to find those trouble users and train them so that this major hole in your network can be filled.

From a compliance standpoint, KnowBe4 offers actionable data that will allow you to show your HIPAA or PCI compliance officer that you are taking actions toward due diligence.

As an IT company, we do our best to prevent major disasters with layered security involving anti-virus, managed firewalls, Office 365 spam filtering, security permissions and most important, great backups. Even with all of these security measures in place, there isn’t a foolproof method to ensuring that a few phishing emails won’t slip by unnoticed. We rely on backups to get our clients up an running quickly but even under the best of conditions, it is still better for the virus to have never been clicked on to begin with.

For a small investment in time, you can’t afford to not use these great free tools from KnowBe4. Take a few minutes to watch our new video on how to get started with KnowBe4 and harder you users against malicious emails.

Categories
Technology Training

Repair Windows 10 With Windows Automatic Repair Tool

If you are having a problem with your desktop or laptop computer such as a reboot loop, corrupt Windows files, corrupt registry keys, corrupt registry driver or other Windows boot related issues you can resolve most of these by using the Windows Automatic Repair tool.

Windows Automatic Repair or Startup Repair can fix a lot of issues in Windows 10. This solution may not fix all of your PC Boot up problems but it is a good place to start. Running Startup Repair on your computer can fix problems that keep Windows from loading on your computer.

In this video, we will walk you through the advanced settings for using the Windows Automatic Repair tool. If your computer is having a boot issue you should follow this process before taking your computer to your IT partner. Doing this will likely save you a lot of money and time. Remember, before using any of these tools, it is very important that you back up your data as some of these tools have the ability to erase your hard work.

If you find that you are still having Windows boot issues after having run this tool, consider calling the techs at eTop Technology for support on all of your business technology needs.

Categories
Technology Training

Microsoft OneDrive For Beginners

Every Microsoft product is designed to drive collaboration and efficiency. Microsoft OneDrive is no exception. Built as a solution to match the emergence of products like DropBox, OneDrive is integrated into the Office 365 offering and works seamlessly with all Microsoft Office products.

In this video, we will show you how to access and set up your OneDrive account that comes with five gigabytes of storage. OneDrive allows you to send files without having to use email or file transfer methods. Simply upload your files to the cloud and allow your team or any specific person to have access to them.

The real power of OneDrive is the ability to share data. OneDrive will act as a kind of backup, staying synced with the computer files that you have saved in OneDrive, however, OneDrive was intended to serve as a way for teams to collaborate with large files. Instead of trying to send a large file directly, you can simply upload your file to OneDrive send a link that will allow the recipient to download and work from anywhere in the world.

If you are using Office 365 then you should take a moment to set up your OneDrive account. Especially if you are paying for a product like DropBox. This will help save you a little money every month and will sync well with all the Microsoft products you already use.

Categories
Technology Training

CamStudio Screen Recording

If you have tried to explain a complex computer problem to your technical support group and found it difficult to bridge the gap between English and all the technical jargon, you may find it easier to make a screen recording of the problem rather than sending a lengthy email. CamStudio is a great, free program that will help you with just that.

In this video, we will walk you through downloading CamStudio and getting it set up to start screen recording. CamStudio is a very simple and straightforward program but none the less it is very powerful when you are trying to explain a problem. Once you know how to use the program you can export a .mp4 file that you can then email to your technical support group.

Categories
Technology Training

Learn how to use a VPN

You may have heard of, or even used, a virtual private network (VPN), but do you know what it is? A VPN is an encrypted tunnel through a wide area network (WAN), also known as the Internet. This means that the network does not have to be located in one physical location, unlike a local area network (LAN). By using encryption and other security measures, a VPN can scramble all the data sent through the WAN, so the network is “virtually” private. In other words, a VPN allows you to access the files on your local network over the internet from an airport, coffee shop or another country, and you will be as secure as if you were sitting in your office.

Businesses commonly use VPNs to communicate across multiple locations. A large company that has offices in several cities may need to send data between their locations via the Internet. To keep the information secure, the company will set up a VPN with an encrypted connection, effectively giving the company a secure intranet over the Internet.

In this video, we will show how you can download one of the many VPN services on your computer. Once downloaded, we will show you how to set up and use this tool. Although there are many VPN options to choose from, most of them work the same way. If you are going to be traveling for work, or need to work from home or a coffee shop, it is important to send and receive sensitive data over a VPN. Otherwise, you are opening a direct access to all of your company’s sensitive information, and risk a security breach. For more information, or if you would like to set up a VPN for your company, contact eTop today.

Categories
Technology

Automate using Automate.io and Microsoft Flow

Business today gets done through the technology that connects us. The problem is that no matter what, there will never be one master program that does everything we specifically need. We’re forced into optimizing our work lives through no less than a dozen applications that we ourselves string together. While this is still faster than reverting back to pen and paper, you may still find yourself having to do a task in one program only to do it again in another.automate.io For example, right now I have my newsletter program, email platform, YouTube, CRM, LinkedIn, several other social media programs, my internal chat app and our company website all running at the same time in order to get work done.

Let’s say I meet someone who I want to do business with: I have to find them on LinkedIn, send them a follow-up email, add them to my contacts list, and add them to my mailing list.
Flow
This takes time, and if you are going through a large list of new potential clients after a trade show, you could find yourself losing a day just doing data entry. Happily, there is a solution to this problem, and it’s called automation.

Most major programs today have open API’s that other third party apps can create integrations for. Instead of having to repeat yourself for every application, you can use programs like Automate.io or Microsoft Flow to bridge the gap between programs.

In this typical sales situation, you can now add your new contact to your CRM. Your automated processes will take that information and send that contact a LinkedIn invite, add them to your newsletter mailing list, and also send them an email thanking them for their time. Now you have taken three steps and turned them into one.

There are countless ways that these automation programs can be used, and more applications are jumping on board with this system every day. If you are finding yourself doing repetitive tasks in multiple application then take the time to find an integration that will ensure that you are only doing your most important work.

Categories
Technology

Stop Ransomware In It’s Tracks

Today we are going to review a brilliant tool that stops ransomware and other spam in its tracks. It’s called Sendio Opt-Inbox, and it’s more than just antivirus and spam filtering; it’s all of that combined with two-factor authentication, meaning that if anyone sends you an email, a human has to verify that they sent that email to you.

Sendio
Sendio Anti Ransomware Protection

This nifty tool is different because it completely filters out mass email attacks. Ransomware is a numbers game; large scale attacks use automated systems to send out thousands of emails, knowing that some portion of those emails will inevitably succeed. However, hackers and their automated systems do not account for any kind of authentication process.

When you sign up for Sendio, you are opting to re-route your mail through their system. This allows them to run a series of scans on the email and check the IP address to see if the email is coming from a trusted source. Before Sendio hands off the email to you, the sender will go through the “Sender Address Verification SAV” process or their email won’t be delivered. This means that someone actually has to tell Sendio “It’s okay, I’m a real person and I want to have a conversation with the addressee.” Sendio makes sure that you are only having meaningful conversations with people who you want to talk to.

What about automated emails, like newsletters, that you voluntarily subscribe to? Sendio takes this one step further: you can not only choose to trust certain newsletters, but also choose when these emails get sent to your inbox.

Is this new fancy widget expensive, or even worth the extra cost? The starting price is $34 per month, and the pricing changes depending on whether you have Sendio host the application for you, or if you host it on your own network. You can run a quick cost-benefit analysis to see if an application like Sendio would be cost effective for you and your organization. Go to the store and get a cheap stop watch, and click the stopwatch every time you sort through junk mail. Do this for a month, and you will see how much time you could save sorting through junk mail alone. Multiply this estimate by the number of employees in your company, and you can see that a product like Sendio is easily worth the price. Beyond the amount of sheer time saved, you can assume increased productivity, and thus an additional capacity to increase revenue. Furthermore, a product like Sendio could save you countless amounts of time, money, and data loss by preventing ransomware attacks.

It sounds great, but are there any downsides to this magical tool? Unfortunately, no tools on the market are 100% foolproof. Potentially, if you are subject to a highly targeted attack, the attacker could manually go through the verification process, assuming that Sendio hasn’t already flagged their domain or IP address for fraudulent behavior. However, with the high volume of fraudulent emails sent out by hackers every day, it seems improbable for hackers to find an effective way around this new gateway.

Ransomware has caused too many executives and management sleepless nights and it is time for a system that can help you take back your peace of mind. Talk to your IT partner about implementing Sendio across your network. Get you time back, become more efficient, and most importantly, get a few more hours of sleep!

Categories
Technology

Use Technology To Avoid Pesky Salesmen

Technology has driven a wedge into the profession of sales in a way that industry wasn’t prepared to deal with. On the one hand, you rely on it to keep you connected, but on the other hand, you also want it to protect you and keep your life private as well. Salesmen look to utilize every bit of accessible information to help them drive revenue. In the meantime, they create a lot of noise in your inbox that for the most part, you couldn’t care less about.

We have a unique perspective on sales because we are the purveyors of technology for our clients, and like every other business, also need to sell in order to grow as a company. This allows us to see how businesses are set up and how the technology can be taken advantage of in order to drive more sales. What we have learned is that there are a few ways to hide in plain sight so that you can only be reached by people you care about while remaining invisible to the rest of the world.

Stressed businesswoman is frustrated and overworked at her desk and computer isolated on white background

Problem #1: Email

Let’s start with email, the most important means of communication for businesses today. Except for when everyone knows your email address; then it becomes a time sink to delete thousands of emails just to get to the handful that are important. How does this happen? It starts when you set up your email address for your company. You choose your domain along with a format so that everyone in the company has basically the same email. This looks professional but the downside is that it is very predictable. For example, john.doe@domain.com might be the owner while sally.jane@domain.com might be the receptionist. Meanwhile, you can find the names of all of the key decision makers in your company on sites like LinkedIn, Facebook or Google search. Companies will happily give away contact information to lower level employees while not realizing that they are actually giving away every contact in the company.

Answer

You are playing with smoke and mirrors. If a salesman doesn’t know your email address, he or she is going to guess and they will likely figure it out by sending an email to the most common variations of email addresses that businesses use until they don’t receive a kickback email. The best bet is to have more than one email address. Have one that you use to get your work done and another that serves as a filter to catch all of the unwanted emails. Make your filter email predictable and easy to guess and use an uncommon variation as your important email. Additionally, you can also purchase another domain and use that for your important email separate from your web address domain. If a salesman is relying on guess work to get your email, it will be very difficult to put this together.

Problem #2: Phone/Voicemail

The second biggest issue is the dial by name directory and your personal extension. You may have hired the toughest gate keeper in the world but if a sales person knows your name and can use a dial by name directory, they might as well have your direct line. Even if you forgo the dial by name directory altogether, it is important to remember not to start your voicemail with “Hi, this is John Doe at extension 222” which accomplishes the same thing as far as any sales person is concerned. More often than this small human error, is the error built into your auto attendant that says “Hello, you have reached John Doe at extension 222. Please leave a message at the tone”.

Answer

If you are going to opt into the dial by name directory, you should make an effort to hide your name on all of your social profiles, especially LinkedIn, by setting your profile to private. Be sure that you are not giving away information for free by putting your email address and extension in your voicemail. Lastly, think carefully the next time you purchase a phone system and look at each feature to see how it may be used by a salesman to contact you. Many of these features can be customized, however, most of them are set to default which gives away the most information.

Problem #3: Social Media

Social media is making it very difficult to hide from people who don’t know who you are. It makes you look good to have a striking LinkedIn profile with lots of connections, but while you are advertising yourself, remember that that information is accessible to everyone. If a salesman stops by a company to leave some information and the gate keeper won’t give them the contact information for the decision maker, there is no need to lose sleep over it. It is more than likely that all the information they need will be right at their finger tips as soon as they log into their computer.

Answer

If you are going to have a LinkedIn profile, be sure to keep your profile private. In most cases, all a salesman needs is a correct name to get your email and to start flooding your voicemail inbox. The goal is to be easily accessible by those who already know who you are and by the people who you want to contact you, not by those who are looking to sell you something. It is also important to remember that companies like LinkedIn are playing both sides. While you can set your profile information to private, you can also pay for a Sales Navigator account to remove those privacy settings. The ultimate truth is that if you are going to put your information on the internet, it will be used by people who want to get in contact with you, even if you don’t want to hear from them.

It has gotten to the point where it is almost astonishing to not be able to find contact information for prospective clients online. Combine this with the human tendency to be predictable, and there are no barriers keeping your inbox from getting flooded. This can be troubling and can cause many distractions in your work life if you do not develop a strategy to keep your privacy under control. One way you can benefit from working with an IT partner is by setting up the systems that connect you so that they also protect your privacy.

Categories
Technology

How Businesses Should Think About Technology

It’s a common saying that every business needs a good accountant, banker, and lawyer to be successful. More recently, IT partners have been added to that list by many business owners because of the growing role that they play in keeping businesses moving forward. As technology takes over an increasing portion of business processes through automation, IT partners have quickly become a cornerstone to company growth.

This puts higher demands on the types of people that you partner with. Not only do they need to be able to fix IT problems, but they also have to be smart business professionals who can think about complicated business processes and create smart solutions to overcome problems.

bigstock-technology-internet-and-busin-56984204

This is an important point to think about when engaging with a potential IT partner. Both you and your IT partner need to be on the same page about how you think about and tackle IT problems. Mindset will inevitably predict the end results, and this is an area where you will need to know where your IT partner stands.

There are two ways to look at IT. The most prominent way is the reactionary “Don’t fix it if it isn’t broken” method. This has been the leading thought process for many years, but as technology takes over a larger portion of a business, it hurts more when these systems break.  The second thought process is the “Proactive over Reactive” method. This is an emerging strategy that many business owners are starting to find important.

Businesses can invest minimally in the technology that they rely on by stretching the life of their equipment, hiring under-qualified and inexpensive people to resolve IT problems, and only paying for support after a problem arises. On the surface, this will seem like the least expensive option. However, when important upgrades have been postponed and corners have been cut, the expenses will start adding up.

A proactive mindset takes a different strategy. To regularly maintain a network, it takes a consistent investment. By doing this, you spread out the cost of hardware and support and pay for it in a way that can fit your budget. Evening out the cost of IT isn’t the only benefit of being proactive. The savings occur in the time you recapture by increased staff efficiency, the satisfaction of your clients when products and services are not delayed, avoiding fines from regulatory bodies when data is lost, and so on. This payback may seem immeasurable, but when you are faced with fines like charge backs for late delivery of products, for example, making sure that your business can operate consistently is a very important investment to make.

The point is that it is hard to grow, let alone operate a business when you are constantly putting out fires. Forward thinking companies are looking to their IT partners for solutions that work rather than services that repair so that they can put the IT fires behind them. Allow your company to focus on what you do best by making sure that both you and your IT partner are seeing the future of technology and how it can work for you.

CW Portal