Fake Emails: What You Need to Know

Teach your employees how to identify fake emails. Fake emails, generally called “phishing” and “spoofing” emails, are a constant threat. If you learn how to spot them, you can better protect your computers and data from malware, ransomware, and other attacks.

 

 

Here is what you need to know:

  1. Check the “from” address

Most fake emails will have a display name that you may recognize such as the name of your banking institution, but upon further review the actual “from” address will not be from that institutions domain. Here is an example I received just yesterday:

Although the display name says Bank of America, if this was actually from BofA the domain would be @bankofamerica.com not @test.net.

  1. Never open attachments
    Never open an attachment from someone you don’t know and even from those you know, if you were not expecting anything. Even if you think it may be legitimate, don’t open it! Attachments are the place that most malware lives. If you think it may be a valid attachment, contact that person via phone and confirm they sent you something.

 

  1. Don’t click on links
    Most fake emails will have links like “You need to change your password. Please click here.” Almost all companies that require you to have a password for their site will send you an email more along the lines of, “We noticed an issue with your password. Please go to our site and correct this issue” with no link, not even just to the site! This is just one example. If you receive a potential fake email and want to verify what they are telling you is wrong, close the email, go to your browser and login to that site directly. If there is any issue with your account they will tell you once you have logged in.

 

  1. Analyze the salutation
    Emails addressed to “Customer” or “Valued Client” are at best ads but if they have your email address and don’t know your name they are most likely phishing emails and should be deleted.

 

  1. Be a skeptic
    Phishing and spoofing emails are getting better and better at looking legitimate. They use logo’s, brands and can seem valid. Be skeptical of any and all email, if it looks at all suspicious don’t open it.

If you have any questions or would like more information on these or other services AcaciaIT provides please contact us at aitservices@acaciait.net or call (520) 751-0888.

The Best Way to Protect Your Company from Ransomware

I am asked on a daily basis, “How do we protect our company from ransomware?”

A lot of you know of, or have friends that have been infected with Ransomware and were not prepared. They have paid ransom and have, in cases, lost all of their data.

Ransomware is such a scary topic to many, as it should be, but there are things you can do to protect yourself and your company.

For those not as “in-tune” to what ransomware is: ransomware is a malware that once it installs to a computer, proceeds to encrypt all the data on the computer and any network shares it can reach. It then produces a screen informing you that you are infected and need to pay $XX in bitcoin to get your data back.

So, what do you need to know and do to protect yourself?

First, know that there is no “silver bullet” to stopping a ransomware attack. That being said, we like to look at it as a layered approach involving education and software(s).

Here is what we recommend:

 

  1. Education
    Educate yourself and your people on fake email. Phishing and spoofing attempts are becoming very realistic and can fool you into becoming a victim. If you’d like more information about what to look for in fake emails checkout our article “Fake Emails: What You Need to Know”

 

  1. Have good, up-to-date endpoint protection
    You’ve heard of antivirus and anti-malware and most likely have them, the newest iteration of these software is called endpoint protection. The difference between antivirus and endpoint protection resides in how the software is monitored and updated. Endpoint protection software is managed remotely by your IT support. This way they can monitor alert and log entries to better protect your computers. And they have likely fixed any issues before you even knew you had them.

 

  1. Software updates and patches
    The latest ransomware attacked computers through missing security updates. Make sure all of your software is up to date and all security patches have been installed. Updates come out almost weekly so this can be a daunting task, the easiest way to make sure you are updated is to have a managed services contract with a good IT firm that monitors and patches your computers as needed.

 

  1. Router configurations and updates
    Your Router is the gateway between your computer and the internet. This device controls all access in and out of your computer from the outside world. As with all devices they need to be configured properly to make sure you are as safe as possible. Firmware also needs to be updated. The firmware is the software that runs a router and just like any other software it needs updates from time to time.

 

  1. DNS services
    There are several companies that provide what are called DNS services. These services act as another gateway and route all of your traffic on the internet. Blocking all sites that are considered nefarious. As an example, most Ransomware, once it is on your computer needs to report back to a website to get an encryption key so that it can encrypt your files. DNS services block those sites as soon as they are known, thus blocking the capability of the ransomware from encrypting your files.

 

As time and malware changes, so will this list. Malware is an ever-changing dynamic of computers and networks and the bad guys are always trying new things.

If you have any questions or would like more information on these or other services AcaciaIT provides please contact us at aitservices@acaciait.net or call (520) 751-0888.

 

AcaciaIT is causing a Ruckus!


AcaciaIT is causing a Ruckus!

No that is not a misspelling, AcaciaIT has recently become a Ruckus Wireless Partner. Ruckus wireless devices are the high-end access points used in stadiums, concert venues, hotels and convention centers. We have recently installed the first phase of wireless for the Pima County Fairgrounds RV and convention center (Old Pueblo hall), just in time to be live for all of the vendors and RV’ers at this year’s fair! Comments from “Wow” to “This is fantastic” have been heard from RV and Vendors alike.

If you are interested in what Ruckus can do for your wireless needs please contact AcaciaIT and we can do a heat map of your location for best placement and get you a quote.

AcaciaIT staff was on-site for the entire Fair. Thank you to those who said hello. Our techs helped keep the Fair vendors happy and RV goers connected. It is always great to see our clients enjoying themselves in the community.

Why should you switch to Office 365?

Microsoft is changing the way you Office.

In the past, Microsoft sold you a CD with the Microsoft Office software on it and allowed you to install it on up to 3 computers/devices. They are now moving to a “monthly service plan” or “subscription” style for Office (and presumably this is just the beginning of software they will provide this way)

You may be saying “Great, I don’t want a monthly bill! I’ll be paying way too much for the software!” but in actuality, the cost of Office 365 business is only $8.25 per month. If you total up what you were paying for that CD (approximately $219 +) it will take you over 2 years to equal that price. And with the automatic updates, new features added without having to upgrade, the capability to install on up to 5 devices (tablets, phones, computers, laptops, etc.) the benefits start to outweigh the fact that you are now on a subscription.

In addition, Office 365 business will install on your device, but it is also accessible via the cloud. That means you can log in to your office from a website. You can get to all of your documents if you store them on the provided Microsoft OneDrive and thus you can office anywhere on any computer.

For a few dollars more you can upgrade to Office 365 Business Premium. This will be advantageous for businesses that need to keep everyone in touch and up to date, it includes hosting of your email on Microsoft’s Exchange platform, where you are able to share calendars with officemates, you can create your own internal office webpage with SharePoint, you can have central document storage with OneDrive, and you get a free Business Skype account.

You may be saying “But isn’t it safer to keep my documents on the premise than in the cloud?” but Microsoft actually has a complete Security Development Lifecycle that prevents, detects and mitigates breaches that many companies do not have the resources to provide. And Microsoft also insures that it meets all of the latest regulations and rules of HIPAA, Sarbanes-Oxley, FISMA and several other compliance regulations. Safety is always a concern, but with the steps Microsoft is taking the risk is far less than it used to be and if you choose not to have your data “in the cloud” you can always continue to store it on your servers and PC systems, it just will not be as accessible to you.

If you are interested in moving to Office 365, give your AcaciaIT rep a call, we can add Office 365 to your Managed Services contract and get you started in just a few short days!

Ask the IT expert

 

Avast SafePrice

Avast has a new plugin application to its antivirus software called SafePrice. SafePrice is a part of the Online Security Browser extension. Its purpose is to help you find whatever you are shopping online for at cheaper prices from secure trusted vendors. If you choose to use it, a small bar will appear on the top of your browser displaying a notification of cheaper offers.

Avast will remove all identifiable personal information before shopping the other vendors so as not to create more junk mail in your inbox and protect your identity.

You are not required to use this plugin just because you are using Avast as your antivirus, you can deactivate it directly in the settings of Avast or within your Browser you can deactivate the plugin so it will not function within that browser.

Have questions for our Experts? Send us your questions and we will publish them in our newsletter and on our blog!

just click here and fill out the form!

Pokemon Go for your business?

The latest rage in internet games is here and it’s name is Pokemon Go.

You have by now at least heard of the game but how can your business profit from it? There are several ways;

  • Use a Lure Module;

You can purchase a Pokemon Lure Module for a little over a $1 per hour. This lures Pokemon characters to your location. The idea being if you lure the characters you will lure the people looking for the characters.

  • Setup business by a Pokemon Gym;

If your business is mobile such as a food truck, you can locate a Pokemon Gym, this is a place usually by a park or other open outdoor area where players come to workout and battle their characters. It has been recorded by several sources that doing business in these areas has seen a massive increase in business.

In the near future there will be opportunities to pay for a Gym to be located at or near your business. There will also be paid sponsorship’s for items like free Pokeballs (the ball you must throw at the character to capture it).

Heard of other Pokemon Go business ideas? We’d love to hear your thoughts! Drop us an email at support@acaciait.net

 

 

Keyboard Security Risk!

Watch out for Keysniffer!

There is a new security threat whereby a Hacker could get your passwords answers to your security questions and other private information. Keysniffer simply grabs whatever you are typing on your keyboard and sends it to the hacker. The good news is the hacker must be within 250ft of you to intercept this transmission and, it is only affecting certain models of wireless keyboards that do not encrypt their signal.

Do you have one? Here is the list of affected keyboards;

  • Anker
  • EagleTec
  • General Electric
  • Hewlett-Packard
  • Insignia
  • Kensington
  • Radio Shack
  • Toshiba

Again, remember these are only wireless keyboards as the “Hack” intercepts the signal between your keyboard and your device.

Other models, such as Logitech and Microsoft encrypt that signal so even though it can be intercepted it cannot be decrypted.

If you do have one of these keyboards you may want to consider getting a new keyboard, most of the manufacturers have already released statements that any new keyboards will be encrypted.

Why should you switch to Office 365?

Microsoft is changing the way you Office.

In the past Microsoft sold you a CD with the Microsoft Office software on it and allowed you to install it on up to 3 computers/devices. They are now moving to a “monthly service plan” or “subscription” style for Office (and presumably this is just the beginning of software they will provide this way)
You may be saying “Great, I don’t want a monthly bill! I’ll be paying way too much for the software!” but in actuality the cost of Office 365 business is only $8.25 per month. If you total up what you were paying for that CD (approximately $219 +) it will take you over 2 years to equal that price. And with the automatic updates, new features added without having to upgrade, capability to install on up to 5 devices (tablets, phones, computers, laptops, etc.) the benefits start to outweigh the fact that you are now on a subscription.
In addition, Office 365 business will install on your device, but it is also accessible via the cloud. That means you can login to your office from a website. You can get to all of your documents if you store them on the provided Microsoft OneDrive and thus you can office anywhere on any computer.
For a few dollars more you can upgrade to Office 365 Business Premium. This will be advantageous for businesses that need to keep everyone in touch and up to date, it includes hosting of your email on Microsoft’s Exchange platform, You are able to share calendars with officemates, you can create your own internal office webpage with SharePoint, you can have central document storage with OneDrive, and you get a free Business Skype account.
You may be saying “But isn’t it safer to keep my documents on premise than in the cloud?” but Microsoft actually has a complete Security Development Lifecycle that prevents, detects and mitigates breaches that many companies do not have the resources to provide. And Microsoft also insures that it meets all of the latest regulations and rules of HIPAA, Sarbanes-Oxley, FISMA and several other compliance regulations. Safety is always a concern, but with the steps Microsoft is taking the risk is far less than it used to be and if you choose not to have your data “in the cloud” you can always continue to store it on your servers and PC systems, it just will not be as accessible to you.
If you are interested in moving to Office 365, give your AcaciaIT rep a call, we can add Office 365 to your Managed Services contract and get you started in just a few short days!

Ask the IT Expert – BAA’s?

What is a BAA and who needs to sign them?

If you have had any experience with HIPAA, you have probably heard the term BAA. A BAA is a Business Associate Agreement and all of your vendors that may come in contact with PHI (Patient Health Information) must sign one and comply with it.

This means (obviously) your IT Vendor, but others you may not think of like the office cleaning company, the shredding company, your accountant, software vendors and subcontract employees.

What PHI might they have access to?

Your accountant for instance, if he has access to patient names, addresses etc.,
Your cleaning company, if they clean areas where you store medical files.
The Shredding company as they handle PHI prior to it being shredded.
The list can be quite long.

What your Business Associates may not realize is signing a BAA means their company must comply with HIPAA regulations as well and are now subject to audits by the Department Health and Human Services just like you. They will have to do an annual Risk Assessment and have policies and procedures to cover their actions with PHI. Some of your Business Associates may be able to be removed from needing a BAA if you can find ways to remove them from accessing PHI. For instance if you can give your accountant numbers for your clients instead of names and addresses.

So what do you do if they refuse to sign the BAA?

The general rule is, you cancel your association with that company, or you inform them that due to their refusal to comply with the rules set forth as a Business Associate, you as the Covered Entity are required to report it to the Secretary of Health and Human Services. (and yes if you continue to do business with them you must report it, here is the link http://www.hhs.gov/hipaa/filing-a-complaint/what-to-expect/index.html) This will generally get them moving on actually signing it as no one likes to be reported to the government.

Stopping Microsoft Windows 10 upgrade

Microsoft really, really wants you to upgrade to Windows 10!

Recently we have been contacted by some of our non-managed clients complaining that their computers updated and now is running Windows 10.
This is a problem as many of them run legacy software that will not be compatible with the new version of Windows. So what is a user to do?

You may have noticed I said this was an issue for non-managed clients, well, we knew that Microsoft was potentially going to do something like this so our Managed clients got an update from us that blocks the update from being downloaded to their computers. But, for non-managed clients we can offer some advice;

If you want to stop Microsoft from updating your computer you must follow these steps

(word of caution here: if you have never used Regedit or do not even know what Regedit is, I would recommend you call a professional to help you with this)

  1. You need to disable the OS automatic update by editing the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
    And creating a DWORD value called DisableOSUpgrade and set it to 1
  1. You need to edit the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\GWX
    And create the DWORD Value called DisableGWX and set it to 1
  1. Then save and reboot your computer.

If your computer has already updated itself to Windows 10 you will have to roll back the installation

  1. Go to the start menu and select Settings
  2. Click the Update and Security icon
  3. Select Recovery
    You should see a go back to Windows 7 or Go back to Windows 8.1 option.
  1. Click the get started button and it will roll you back to your old OS.

To block Windows 10 from upgrading again follow the first set of instructions above.

As always if you need any help, or support, please give us a call.