Hackers are beginning to target Apple iPhone users by sending them text messages that appear to be from Apple. The text message have messages indicating that a lost device has been found and use URLs that have Apple product names in them such as: apple.com-support[.]id, apple.com-findlocation[.]id, apple.com-sign[.]in, apple.com-isupport[.]in, icloud.com-site-log[.]in

There is a widespread belief that Apple products are inherently more secure than Android or Windows devices. Inherent security doesn’t matter here, if the hacker can convince you to install their viruses and malware it is game over for you.

Of course, other companies, especially Microsoft, have been battling this for years. The part that is unique here is the SMS delivery and Apple-specific targeting.

How do you respond? After 20 years of telling people not to click on links, we’ve discovered that doesn’t work: they are going to click.

  1. Turn on multi factor authentication for everywhere that supports it. Do not limit this to the “important” sites.
  2. Store information on systems that use AI to detect usage that is different from your, unique, usage and alert you when something is amiss, like the credit card companies do for travel.
  3. Assume that people are going click and design your security around that, instead of assuming that they can and will accurately determine the safety of links.

ToTok, a social media app that recently took off in international popularity, is the United Arab Emirates actually spying on your according to a new article from the New York Times.

Officially it’s supposed to be a secure way to communicate with family and friends, even in countries that block similar tools. However, is actually a spying tool the United Arab Emirates government.

While both Google and Apple have removed it from their stores it will not be automatically uninstalled from your phone.

We understand that a number of readers of our blog are not social media aficionados. However, given the widespread scope of the spying of this app we highly recommend that you send this article out as a PSA to your employees who are digital natives.

The app appears to track messages, analyze user calls, analyze user contacts and track location. And that’s just what we know so far. This raises another question. Given practical and regulatory risks of such data, and creating vulnerability for your company through your employees phones, how are you securing your company on these devices? 

Iran is targeting industrial control systems, according to Microsoft security researchers and reported by Ars Technica. The scale of the attempted hacking is incredible, with the Iranian group targeting about 2000 organizations per month.

Motivations behind the attacks are not yet clear. While the US government was concerned that Iran may retaliate in the cybersecurity space. In response, the late December drone strike on their general, this appears to have begun before that. It’s possible that this is laying the groundwork for a larger attack later on.

Given the number of organizations that directly and indirectly support Y12 and Oak Ridge National Laboratory it seems prudent to assume that some of these organizations that are targeted include those in East Tennessee.

It’s a great example of why we block Internet traffic for our managed customers from countries such as Iran. While not a panacea, it goes a long way toward securing the network.

If you’re interested in having a conversation with us about how to better secure your network. Give us a call at 865-240-2716.

You need to buy CyberSecurity insurance and you need to buy it today. And no, I’m don’t even sell it, this is just a PSA.

First, small businesses are targets for hackers today. 20% of SMBs reported that they’ve been a victim of a ransomware attack (Datto, 2019) and 60% of all cyber attacks are aimed at SMBs.

You should let that last sentence sink in for a minute, you are being targeted.

Second, rates for CyberSecurity coverage have historically been low, pennies of pennies on the dollar. Managed services providers, like JM Addington, are already seeing rates rise across the nation to purchase this type of coverage, with deductibles increasing as well. Today, you can still lock-in affordable rates. For next year it is an open question.

In addition the better your security the lower your rates are and the less likely you are to have to use the insurance in the first. I’d love to talk to you today about three easy things you can do to increase the security of your business, call me at 865-544-8045 (direct) or email jonathan.addington@jmaddington.com.

Bitlocker hard drive encryption is the encryption software that Microsoft builds into every version of Windows 10 Professional. It physically encrypts the data on your computer’s hard drive so that even if your device is lost or stolen no one else can retrieve information off of it.

This is important to your business because most states, including Tennessee, have mandatory disclosure laws for data loss. In short, data you store on your customers is or may have been stolen or hacked, you have to let them know. And that’s not an email or phone call any business owner wants to make.

Encryption is so important in today’s environment that it has become a standard for all of our managed service customers. We turn it on by default for any computers that support it. For computers that do not support it, we recommend upgrading to one that does.

If you want to have a free discussion about cybersecurity and how to better protect your business call or email us today, 865-240-2716 or info@jmaddington.com

Ars Technica and the BBC are reporting that the travel insurance and currency exchange company Travelex has been breached. Hackers have allegedly been inside the company’s network for 6 months and stolen customer information including:

  • Credit card info
  • Date of birth
  • Insurance numbers

These incidents are shockingly common yet only the big companies make the news. Data from Datto says that most small businesses either have suffered a similar attack or have been targeted by one.

How are you safe-guarding your clients’ data?