I get these emails with some regularity. I’ve kept my same email address for about ten years now and so there are a lot of chances for my records to be exposed.

In this latest breach, over 22 million records were exposed. And unlike most breaches, it was more than emails and addresses. This included mobile phone numbers, CRM entries, records of real world interactions, summaries of legal briefs, and more.

In fact, at this point my email address and password have been exposed multiple times online. Yours have, too, you just don’t know it yet.

This is a huge part of why we agitate for:

  • Using multifactor authentication
  • Disallowing password re-use

Even though my data is out there, yet again, the combination of using multi-factor authentication and different passwords for different sites nearly guarantees that I won’t suffer a personal breach. In fact, both Microsoft and Google have reported that turning on multifactor authentication stops 99% of all breach attempts.

Next time we tell you that multifactor authentication needs to be turned on, you know why!

How should employers plan to respond to a Coronavirus outbreak? There are several protocols the CDC has recommended we follow in order to prepare our work environments for such an event.

A few include sanitizing workstations regularly, actively encourage sick employees to stay home, prepare for flexible work schedules, and have the capability to allow flexible work arrangements, which means your employees being able to work remotely.

How would your business replace face to face interaction between employees? Some options we recommend are Microsoft Teams, Skype, and Google hangouts.

Another question is, would your employees have access to company files, data, and the applications they need to get their job done remotely?

Lastly, would you have access to your company phone system? With an internet based phone system, your customers can still access your phone directory, along with having the capability to transfer your calls back and forth like you could at the office.

This is a high-level overview of how to prepare for events such as this. We are here to help. Feel free to give us a call at (865) 240-2716 or email us at info@jmaddington.com

We just finished writing about an IT provider of managed services in Colorado who was hacked, and in turn all or most of their customers were hacked as well.

Well, it’s another day and this time the story comes from California.

Synoptek, a California business that provides cloud hosting and IT management services to more than a thousand customers nationwide, suffered a ransomware attack this week that has disrupted operations for many of its clients, according to sources. The company has reportedly paid a ransom demand in a bid to restore operations as quickly as possible.

Irvine, Calif.-based Synoptek is a managed service provider that maintains a variety of cloud-based services for more than 1,100 customers across a broad spectrum of industries, including state and local governments, financial services, healthcare, manufacturing, media, retail and software. The company has nearly a thousand employees and brought in more than $100 million in revenue in the past year, according to their Web site.

Much like other ransomware gangs operating today, the crooks behind Sodiniokibi seem to focus on targeting IT providers.

Every single IT provider is now a major target, because by successfully compromising a single IT provider attackers compromise dozens or hundreds of other companies in the process.

If you aren’t asking your current IT provider what they are doing to make sure that their own house is in order, you aren’t doing your due diligence.

Krebs on Security writes about a hacking incident in Colorado late in 2019:

A Colorado company that specializes in providing IT services to dental offices suffered a ransomware attack that is disrupting operations for more than 100 dentistry practices, KrebsOnSecurity has learned.

We’ve started talking about this in verbal conversations with prospects: today your biggest risk may be your IT provider.

Most IT providers (MSPs) put an RMM agent or remote-control software on each computer that they manage. This agent then connects back to a central source where the MSP can push out security updates, backups and other such measures to keep customers secure.

However, if the MSP’s central source is hacked then it is easily possible for all of their customers to be hacked at the same time.

The active targetting of MSPs is going to reach epidemic levels soon.

We’ll unpack what all of these means in a later post. For now, the top takeaway is that you should be asking your IT provider (1) how they are securing their own house, (2) what changes they have made / are making as the security threats change.

Hackers are beginning to target Apple iPhone users by sending them text messages that appear to be from Apple. The text message have messages indicating that a lost device has been found and use URLs that have Apple product names in them such as: apple.com-support[.]id, apple.com-findlocation[.]id, apple.com-sign[.]in, apple.com-isupport[.]in, icloud.com-site-log[.]in

There is a widespread belief that Apple products are inherently more secure than Android or Windows devices. Inherent security doesn’t matter here, if the hacker can convince you to install their viruses and malware it is game over for you.

Of course, other companies, especially Microsoft, have been battling this for years. The part that is unique here is the SMS delivery and Apple-specific targeting.

How do you respond? After 20 years of telling people not to click on links, we’ve discovered that doesn’t work: they are going to click.

  1. Turn on multi factor authentication for everywhere that supports it. Do not limit this to the “important” sites.
  2. Store information on systems that use AI to detect usage that is different from your, unique, usage and alert you when something is amiss, like the credit card companies do for travel.
  3. Assume that people are going click and design your security around that, instead of assuming that they can and will accurately determine the safety of links.

Bitlocker hard drive encryption is the encryption software that Microsoft builds into every version of Windows 10 Professional. It physically encrypts the data on your computer’s hard drive so that even if your device is lost or stolen no one else can retrieve information off of it.

This is important to your business because most states, including Tennessee, have mandatory disclosure laws for data loss. In short, data you store on your customers is or may have been stolen or hacked, you have to let them know. And that’s not an email or phone call any business owner wants to make.

Encryption is so important in today’s environment that it has become a standard for all of our managed service customers. We turn it on by default for any computers that support it. For computers that do not support it, we recommend upgrading to one that does.

If you want to have a free discussion about cybersecurity and how to better protect your business call or email us today, 865-240-2716 or info@jmaddington.com

One of the world’s biggest security vendors had hidden backdoors in their products that would allow virtually anyone to take over the firewall.

Your firewall is the security appliance that is supposed to separate your internal, secure, network from the outside world. This bug/backdoor essentially lets anybody into your network that would like to be there.

This hits East Tennessee hard for 3 major reasons

  • One of the biggest IT firms in the area standardized on this vendor’s firewalls years ago, smaller IT shops followed
  • The security required by firms that do business with DOE and ORNL mean a lot of these firewalls are in place in and around Oak Ridge and Knoxville
  • One of the areas biggest retailers also standardized on these, with 100s believed to be in production

What you need to do — today!

If you’ve seen the images below in your office, server room or computer call your IT firm — TODAY — and ask them if they’ve updated it to a version that no longer contains these bugs. Most IT firms are notorious for patching firewalls slowly, so things don’t break. But being behind on these patches means you are already broken.

This is a really big deal

It allows anyone, anywhere to reset any user’s password on the firewall.

One of the world’s biggest video game companies has had two incredibly major bugs this month and it can kill your organization’s security if you don’t have the right policies in place.

Most organizations we bring on initially have a fuzzy line around what’s “work” equipment and what’s “personal,” and what can be used for what, the result is an insecure environment. On business machines, there is typically a security standard that is in place, a set of policies and procedures set by management and rules (set by IT) to keep the bad guys out and your confidential information inside. Personal machines typically have virtually none of this. security

If your organization allows business information on personal machines or personal use of business machines you’ve opened up the door to attackers. To use the video game example, this company doesn’t seem to count an entire category of bugs important enough to fix. If they sold to businesses, they would never get away with it. If you let your employees install this video game software on your computers, however, you just did. If you allow your employees to access your company information from their personal machines, you also just did.

It’s an easy fix: put in place a written policy that only allows access to confidential information from secured, company-owned machines.

BIG WARNING: Execs usually want to be exempted from these rules. They also typically have the MOST access to the most CONFIDENTIAL information. Then THEY become your biggest risk, and TARGET.

Policies are abstract and don’t often change. They are defined by specific procedures that change as your business changes (“our external IT partner will provide you with a work laptop from which you can access company information”) and enforced by technical rules (i.e., your MSP provider blocks access to company information from machines without your security policy in place).

Even if you can’t get all of your rules and procedures in place today, define and communicate your policies. The security of your organization depends on it, and your security is no less than your future.

Need help? Call us today: 865-240-2716.

One of the newest ways to get past email defenses is getting the least amount of attention: the changing link. Here’s how it works:

The Bad Guy emails one of your employees an email “from” your CEO/President whatever with a link that looks something like https://www.dropbox.com/ImportantShare but it goes to http://bit.ly/325JnYX (feel free to click those links!). This link intentionally is a redirect: it will take users from one URL to another, it has common legitimate uses.

At first, http://bit.ly/325JnYX goes to a harmless site, maybe Google, and gets past your email defense filters as a result. However, a few minutes later the Bad Guy changes it to go to a site that they control that phishes, distributes malware, whatever technique that they want to use to get into your organization. When you user clicks the link, it now goes to the bad site.

What do you? These new Bad Guy techniques require new tools to defend your organization and your data, tools that are always up-to-date with real-time information and that don’t check things only once — like your current email defenses — but do so continually.

Fortunately, there are new defense tools available for SMBs. If you are interested in understanding the options feel free to set up an appointment with us, info@jmaddington.com or 865-240-2716

Earlier this week ZDNet profiled an incredible exit strategy of one of the largest Ransomware operators of the last 12 months, GandCrab.

Setting aside irony, the professionalism of the operation should catch the attention of any business owner. The operators have a Software as a Service (SaaS) business model, complete with online forum support for paying customers. They send out private emails to current customers about plans in change of service, including advising their customers to get their victims to cash in before it is too late. They are shutting down their service after claiming to have made and successfully laundered $150m.

Also, the operators plan to delete the decryption keys, so without a backup victims will be toast.

So what are the takeaways?

  • Ransomware has graduated to the level of truly organized crime: these are teenagers in their parents’ basements
  • The industry is so profitable AND competitive so as to have a “B2B” sphere, complete with customer support
  • It was true a few years ago that ransomware operations were largely opportunistic: today the money involved means you are an active target