Mode:         
Posts

4 Trending Threats to Your Mobile Security

The popularity of mobile devices has increased substantially in recent years. According to the latest numbers from eMarketer, approximately 25% of the world's population uses smartphones. That number is expected to rise in the next few years.

Mobile device management

Hackers have begun to notice this trend, and many are now focusing their efforts on taking advantage of mobile device users. Here are four key threats to the security of your mobile devices.

1. The Accidental Installation of Malware

As mobile devices become more popular, the app market has grown to meet the demand. However, you should be careful to only download applications listed in the official marketplace for your mobile device's operating system. Downloading prohibited or non-approved applications can lead to the accidental installation of malware.

Most mobile devices have built-in security parameters. These parameters block many kinds of malware, including a newly prevalent worm called NotCompatible.C. Jailbreaking your device turns off these security features, and makes you more vulnerable to malware.

2. Phishing Attacks Through SMS Messages

Microsoft defines phishing as the act of using "email messages, websites, and phone calls [that] are designed to steal money." However, cyber criminals have recently extended phishing to SMS messages as well.

Scammers will send people SMS messages under a variety of pretenses that are designed to look legitimate. These messages will often include a link or a phone number. Opening the link or calling the number will usually lead to a service that asks you for money or personal information. It can also result in your device becoming infected.

3. Infection Through a Wireless Connection

Many pieces of malware are capable of infecting devices through a wireless local network. NotCompatible.C, for example, is one of several pieces of Android malware that are able to spread themselves in this way. The risk of being attacked by this type of malware is higher when your phone is connected to a public Wi-Fi hotspot, like the ones found in coffee shops, libraries, and airports.

It can also happen that an employee will bring an infected device into a company facility. The malware will then use the wireless network to infect the company's computers as well as other employees' devices.

4. Cross-platform Banking Attacks

Cyber criminals are also running hybrid attacks as part of their efforts to break into your bank account. These attacks target your phone by going through your computer.

When you access your bank account through a web browser on an infected computer, the malware performs what is referred to as a man-in-the-middle or man-in-the-browser attack. This attack steals your banking information as it is being sent from the browser, but before it is encrypted.

The malware then poses as your bank and tells you to install an app for “increased security” on your smartphone. It will send your phone a link to an infected app, and once you download it, hackers can control both your computer and your mobile device.

Final Thoughts

People should always be careful when using either their mobile device or their computer to access personal information. Users should always confirm the validity of any app that they are downloading or SMS message that they are responding to.

While mobile devices are convenient and useful tools, people must make sure that they are using the right security parameters. These include both built-in and third-party antivirus programs. Contact us to learn about the best ways to protect your mobile devices.


Comments (0)

Simple Email Mistakes That Can Cause Serious Data Security Breaches

Careless human error is one of the main causes of IT problems. Many companies know how disastrous these mistakes can be. As the Ponemon Institute's 2014 Cost of Data Breach Study pointed out, nearly one-third of all data breaches were caused by careless human error.

Email mistakes in particular stand out as significant causes of data breaches. While these mistakes are understandable in many cases, they are still very costly.

Major Examples of Email Mistakes

One notable example of an email mistake that caused a data breach involved the Goldman Sachs investment management firm. In June 2014, a Goldman Sachs contractor accidentally sent a message to a gmail.com email address instead of the corresponding gs.com email address. The latter email address is connected to the company's in-house email network.

The email contained a confidential document, and the mistake sent Goldman Sachs scrambling for a solution. To prevent the gmail.com recipient from opening the message, Goldman Sachs took Google to the New York State Supreme Court. In its petition, the investment management firm said that the message contained "highly confidential brokerage account information" and asked Google to help it prevent a "needless and massive" data breach.

The case was unprecedented, in that Goldman Sachs argued that email senders should have the right to "unsend" an email if it was sent by mistake. In the end, however, the court did not have to rule on the case, since Google voluntarily blocked the recipient's access to the email.

Another noteworthy email mistake occurred in April 2014. An employee at the risk advisor and insurance brokerage firm Willis North America accidentally sent a spreadsheet to a group of employees enrolled in the company medical plan's Healthy Rewards Program. The spreadsheet contained confidential information, including employees' names, email addresses, birthdates, Social Security numbers, employee ID numbers, office locations, and the details of their medical insurance plans.

Willis North America agreed to pay for 2 years of identity theft protection for the 4,830 people affected by the breach. Although the leaked information did not include details about the victims' health conditions or the health information of their dependents, Willis North America was still cited for violating the US Health Insurance Portability and Accountability Act (HIPAA).

A similar incident occurred in September 2013, when a Cisco employee accidentally sent an email to a "sept_training1" mailing list. The list included thousands of other Cisco workers. A large number of these workers replied to the email by asking to be removed from the list, and many of them accidentally clicked "Reply All" when responding to the message. This resulted in millions of unwanted email messages taking up space on Cisco's network. The mistake severely damaged the employees' productivity, and cost the company hundreds of thousands of dollars.

The Costs of Email Mistakes

According to the Ponemon Institute, data breaches caused by careless human error cost companies on average $117 per compromised record. If an email mistake affected thousands of people, as was the case for Willis North America, then it could result in sizable losses. Several issues can cause these high costs.

As the Cisco case showed, losses in productivity can cost a company a significant amount of time and money. Another cost stems from paying for identity theft protection for the victims. Additionally, if the email mistake led to a data breach, then the company could find itself facing lawsuits or punitive fines. Data breaches like these could also reveal sensitive company information to the general public.

Email mistakes, especially those that cause data breaches, can also tarnish a company's reputation, which can lead to lost business opportunities. As one example, Goldman Sachs faced substantial damage to its reputation after its email-related data breach in 2014.

Avoiding Careless Mistakes

To prevent any mistakes, create clear-cut policies and procedures about sending emails, especially those with sensitive information. You'll also need to educate your staff members about the problems caused by carelessly sending emails. Employees are more likely to think twice about sending a message when they know just how costly a mistake can be.

By the same token, you should develop a workplace environment in which employees feel comfortable talking about their IT concerns. By making your staff members feel comfortable about discussing these issues, you can improve the odds that one of them will ask a question that could avert a mistake.

Data loss prevention (DLP) software can also help in this regard. This software can stop employees from sending confidential information by accident. Look to your IT staff or service provider for help when searching for a DLP solution that matches your individual needs.

Ease Technologies provides IT support services and cloud solutions for organizations in Baltimore, Washington or Fairfax. Watch our Ease Cloud Workspace video and learn how our secure cloud offering can be your virtual office wherever you go.

Comments (0)

7 Tech Tips for Your Summer Travel

Summer vacations and traveling are a great way to relax and unwind.  For many though, work follows them no matter how far they try to get away.  Before setting out the beach chair or embarking on that whitewater rafting trip, here are a few ideas on keeping your technology in order while on the road. 

Backup
iphone beachMake sure you have a good backup of all your devices.  If something were to happen to your technology while you are traveling it would be much easier to recover that data when you return.  Cloud-based backup systems can also provide some limited access to files that you may have forgotten while traveling.

Cloud-Ready
Keep your travel plans, hotel confirmation, the contact information of your credit card company, phone numbers and other important trip information stored in a secure cloud notes program.  I like to use Evernote because I can add PDFs, emails and text notes, but you may already be using Apple’s Notes or Microsoft’s OneNote Online.  If your gear gets lost or stolen you’ll have access to your information online in one of these cloud-based apps from any device.

Stay Protected
Some travelers are required to get vaccinations before they go overseas.  In the same way, tech-savvy travelers should get the latest virus updates installed for their systems too.  Be sure to turn on the password protection options for your electronic devices, as this will ensure the data on your devices is much safer if they were to get lost or stolen.

Mark Your stuff
Your name was written all over your gear back when you went to summer camp.  Well, your mom had it right, so be sure to label your equipment with your cell phone number.  That number on your electronic devices will be the easiest way for that Good Samaritan to call you with your lost gear. 

Find Your Friends
Apple iPhones and iPads have a feature called Find your Friends.  Once enabled the software provides an easy way to keep track of family and friends, provided you are within cell coverage.  Knowing the location of members of your group can be useful at the airport, amusement park or at the beach.

Stay Connected
Before you roll on down the highway, scout out where the best Wi-Fi hot spots will be during your trip.  Many major chains provide free access, and knowing where they are before you take to the friendly skies can make a big difference when trying to stay connected.  Be careful to use only trusted Wi-Fi hotspots.  That "Free Wi-Fi" at the airport may not be as friendly as it seems.

Power-up
Remember to bring all the proper power cords and an extra extension cord for your smartphone, cameras and laptops.  Being properly equipped for power during your vacation can make a big difference in getting that access you expect versus blowing a few hours of your precious time looking for Dell power adapters near Old Faithful.  If you do lose a power cord, just ask the hotel front desk or housekeeping for a replacement.  You won’t be the first to do so, and it’s likely that they will have a pile of cords in a box with housekeeping. 

Ease Technologies provides IT support services and cloud solutions for organizations in Baltimore, Washington or Fairfax. Watch our Ease Cloud Workspace video and learn how our secure cloud offering can be your virtual office wherever you go. 

Comments (0)

What You Need to Know About the US Government's Massive Data Breach

In June 2015, US officials announced that 4 million current and former federal employees may have had their personal information stolen by hackers. It is believed that the legislative and executive branches of the government were not breached. Uniformed military personnel were also unaffected. However, the list of potential victims included workers from nearly every major government agency.

opmt

The incident is one of the largest data breaches ever faced by the US government. Computers at both the Department of the Interior and the Office of Personnel Management (OPM) were hit in the attack. The latter agency handles the overwhelming majority of all federal background checks, and therefore has a huge amount of information on government employees. As a result, the data breach affects practically all of the federal government.

Authorities are still attempting to determine how the hackers managed to breach the government's computer systems. Unconfirmed, is more recent news that millions more may be effected. The OPM is offering credit monitoring and identity theft insurance for 18 months to people who may have been affected by the attack. The government has warned all potential victims to get new credit reports and keep a close watch on their financial statements.

A History of Similar Cyber Attacks

Investigators believe that Beijing is behind the attack. A spokesman for the Chinese Embassy in Washington called the allegations irresponsible and counterproductive. However, this is the second time in less than a year that China has been linked to a cyber attack against the OPM.

In July 2014, The New York Times revealed that hackers had broken into several databases at the OPM. The Department of Homeland Security confirmed the attack, but added that the culprits had not managed to steal any personally identifiable information. According to the Times, a senior US official said that the attackers were based in China.

Beijing has been tied to several high-profile attacks against major American organizations, particularly those in the healthcare industry. Specifically, cyber security professionals have linked it to a large-scale data breach at Anthem Inc., one of the leading health insurers in the US. Anthem announced in February 2015 that hackers had stolen a huge amount of files from one of the company's databases. While the exact number of victims was not disclosed, the database contained the records of up to 80 million customers. The cyber intelligence firm iSight Partners has gone one step further by connecting the Anthem attack to the OPM data breach.

The recent attack against the federal government's computers comes on the heels of another major data breach at a US agency. In May 2015, the Internal Revenue Service (IRS) revealed that hackers had manipulated a tool on the agency's website in order to steal the records of over 100,000 people. The stolen information was used to file fraudulent tax returns. The IRS sent out nearly $50 million in refunds before it detected the data breach.

How Hackers Use Stolen Personal Information

As the IRS attack shows, stolen personal records are incredibly valuable. Hackers can use this information to file fraudulent tax returns or perform other types of identity theft. As one example, criminals use personal data to get past security questions linked to their targets' online accounts. They also secure loans and apply for credit cards in the names of their victims.

Hackers also use this information for spear-phishing campaigns. After targeting a victim, a hacker using spear-phishing techniques will create an email carefully tailored to fool the target into downloading a malware-infected attachment or clicking on a link to a malicious website. After the victim does so, the hacker will be able to gain access to their computer. The OPM breach is especially devastating when viewed in this light. If a hacker targeted the right federal employee, then they could end up with a substantial amount of confidential government files.

How You Can Protect Your Data

The hackers behind these attacks have shown that they are capable of getting past high-level cyber security measures. These attacks should serve as a wake-up call to organizations throughout the world: you cannot be lax about your cyber security.

Check with your IT staff or service provider about the status of your cyber security efforts. You should be using comprehensive anti-malware and intrusion detection measures. Similarly, multi-factor authentication tools can keep your accounts secure, while access control tools can help you enforce your network security policies.

A solid cyber security strategy also calls for contingency planning. In order to prepare for the worst, you'll need a data backup plan. Frequently creating backup copies of your databases means that an attack won't leave you without a large amount of your files. By the same token, documenting a detailed disaster recovery plan ensures that your employees will always know what to do when reacting to a data breach.

With the help of experienced IT professionals, you can improve every facet of your cyber security efforts. When protecting your data, these partnerships can make all the difference.

Learn more tips by joining us for for one of our upcoming webinars.  Each month we provide a live webinar the covers important information on security, mobile or cloud solutions.  To learn more about our next webinar check out our Events page here.

Comments (0)

3 Signs That Your Company Needs a Managed Service Provider

Many companies find themselves juggling IT problems along with their typical day-to-day responsibilities. Outsourcing IT work to a managed service provider (MSP) lets a company excel at what it does best. Here are some signs that your business should look into hiring an MSP.

1. You don't have dedicated IT staff

Small companies often rely on a computer-savvy staff member, rather than hiring an actual IT expert. Problems are solved as they occur, but little planning occurs to avoid future problems. A dedicated IT expert has the time and resources to anticipate hardware and software upgrades, as well as to protect a company from the latest security threats.

Another problem with this practice is that, even if a staff member is computer-savvy, they can only bring their own limited knowledge to the table. MSPs deal with recurring issues from multiple clients, and stay up-to-date on the latest IT developments. In turn, they generally possess a greater breadth and depth of IT-specific knowledge than you can source from within your office.

There's also an opportunity cost when a staff member is sidelined by IT responsibilities. Rather than completing the role they were hired to fill, they are sinking time into work for which they were not specifically trained.

2. Maintenance-related IT tasks are piling up

Dealing with IT maintenance can be a huge distraction from your core business service and can negatively impact productivity. Software updates and licensing are just a couple areas where an MSP can offer relief.

Software updates require constant attention. Failure to keep up with them can cause vulnerabilities and expose company data. MSPs can create maintenance plans to regularly attend to updates and fix any problems that may surface during the process.

Software licenses also need to be properly acquired and maintained. With the exception of software you've written for your own use, all software requires some sort of license. The penalties for using unlicensed software include huge fines and expensive litigation, not to mention a tarnished reputation. When you hire an MSP, they'll keep organized records of your software licenses and create a schedule for renewing them.

3. You want to save money

Many studies have shown that MSPs can reduce costs for small businesses.

Relying on yourself or another staff member for ad hoc IT support pulls resources away from your core competencies, which is inefficient and wasteful. A dedicated in-house IT staff isn't much better, requiring salaries, benefits, office real estate, equipment and training. They also need continuing education, such as courses and conferences, to stay current on the latest IT developments and trends. An MSP removes that overhead entirely.

With an MSP, small businesses only pay for the services and support they need. MSPs can monitor, protect, and support your infrastructure from a remote location using Remote Monitoring and Management (RMM) software. They'll also work with other vendors to ensure that you get the best deals on hardware, software and technology services.

Learn more tips by joining us for our next webinar on June 17, 2015 – Demystifying the Cloud.  We will look how new innovations with clouds services allow employees to securely work from anywhere. Sign up here.


Comments (0)
Our Newsletter

Upcoming Events
Calendar Icon

Upcoming Events

Wounded Warrior iPad Training
8/20/2015 12:00 PM - 1:00 PM

iOS For Business [Webinar}
8/26/2015 12:00 PM - 1:00 PM

Blog Archive

Archive by Years