Fake Emails: What You Need to Know

Teach your employees how to identify fake emails. Fake emails, generally called “phishing” and “spoofing” emails, are a constant threat. If you learn how to spot them, you can better protect your computers and data from malware, ransomware, and other attacks.

 

 

Here is what you need to know:

  1. Check the “from” address

Most fake emails will have a display name that you may recognize such as the name of your banking institution, but upon further review the actual “from” address will not be from that institutions domain. Here is an example I received just yesterday:

Although the display name says Bank of America, if this was actually from BofA the domain would be @bankofamerica.com not @test.net.

  1. Never open attachments
    Never open an attachment from someone you don’t know and even from those you know, if you were not expecting anything. Even if you think it may be legitimate, don’t open it! Attachments are the place that most malware lives. If you think it may be a valid attachment, contact that person via phone and confirm they sent you something.

 

  1. Don’t click on links
    Most fake emails will have links like “You need to change your password. Please click here.” Almost all companies that require you to have a password for their site will send you an email more along the lines of, “We noticed an issue with your password. Please go to our site and correct this issue” with no link, not even just to the site! This is just one example. If you receive a potential fake email and want to verify what they are telling you is wrong, close the email, go to your browser and login to that site directly. If there is any issue with your account they will tell you once you have logged in.

 

  1. Analyze the salutation
    Emails addressed to “Customer” or “Valued Client” are at best ads but if they have your email address and don’t know your name they are most likely phishing emails and should be deleted.

 

  1. Be a skeptic
    Phishing and spoofing emails are getting better and better at looking legitimate. They use logo’s, brands and can seem valid. Be skeptical of any and all email, if it looks at all suspicious don’t open it.

If you have any questions or would like more information on these or other services AcaciaIT provides please contact us at aitservices@acaciait.net or call (520) 751-0888.

The Best Way to Protect Your Company from Ransomware

I am asked on a daily basis, “How do we protect our company from ransomware?”

A lot of you know of, or have friends that have been infected with Ransomware and were not prepared. They have paid ransom and have, in cases, lost all of their data.

Ransomware is such a scary topic to many, as it should be, but there are things you can do to protect yourself and your company.

For those not as “in-tune” to what ransomware is: ransomware is a malware that once it installs to a computer, proceeds to encrypt all the data on the computer and any network shares it can reach. It then produces a screen informing you that you are infected and need to pay $XX in bitcoin to get your data back.

So, what do you need to know and do to protect yourself?

First, know that there is no “silver bullet” to stopping a ransomware attack. That being said, we like to look at it as a layered approach involving education and software(s).

Here is what we recommend:

 

  1. Education
    Educate yourself and your people on fake email. Phishing and spoofing attempts are becoming very realistic and can fool you into becoming a victim. If you’d like more information about what to look for in fake emails checkout our article “Fake Emails: What You Need to Know”

 

  1. Have good, up-to-date endpoint protection
    You’ve heard of antivirus and anti-malware and most likely have them, the newest iteration of these software is called endpoint protection. The difference between antivirus and endpoint protection resides in how the software is monitored and updated. Endpoint protection software is managed remotely by your IT support. This way they can monitor alert and log entries to better protect your computers. And they have likely fixed any issues before you even knew you had them.

 

  1. Software updates and patches
    The latest ransomware attacked computers through missing security updates. Make sure all of your software is up to date and all security patches have been installed. Updates come out almost weekly so this can be a daunting task, the easiest way to make sure you are updated is to have a managed services contract with a good IT firm that monitors and patches your computers as needed.

 

  1. Router configurations and updates
    Your Router is the gateway between your computer and the internet. This device controls all access in and out of your computer from the outside world. As with all devices they need to be configured properly to make sure you are as safe as possible. Firmware also needs to be updated. The firmware is the software that runs a router and just like any other software it needs updates from time to time.

 

  1. DNS services
    There are several companies that provide what are called DNS services. These services act as another gateway and route all of your traffic on the internet. Blocking all sites that are considered nefarious. As an example, most Ransomware, once it is on your computer needs to report back to a website to get an encryption key so that it can encrypt your files. DNS services block those sites as soon as they are known, thus blocking the capability of the ransomware from encrypting your files.

 

As time and malware changes, so will this list. Malware is an ever-changing dynamic of computers and networks and the bad guys are always trying new things.

If you have any questions or would like more information on these or other services AcaciaIT provides please contact us at aitservices@acaciait.net or call (520) 751-0888.

 

Why should you switch to Office 365?

Microsoft is changing the way you Office.

In the past, Microsoft sold you a CD with the Microsoft Office software on it and allowed you to install it on up to 3 computers/devices. They are now moving to a “monthly service plan” or “subscription” style for Office (and presumably this is just the beginning of software they will provide this way)

You may be saying “Great, I don’t want a monthly bill! I’ll be paying way too much for the software!” but in actuality, the cost of Office 365 business is only $8.25 per month. If you total up what you were paying for that CD (approximately $219 +) it will take you over 2 years to equal that price. And with the automatic updates, new features added without having to upgrade, the capability to install on up to 5 devices (tablets, phones, computers, laptops, etc.) the benefits start to outweigh the fact that you are now on a subscription.

In addition, Office 365 business will install on your device, but it is also accessible via the cloud. That means you can log in to your office from a website. You can get to all of your documents if you store them on the provided Microsoft OneDrive and thus you can office anywhere on any computer.

For a few dollars more you can upgrade to Office 365 Business Premium. This will be advantageous for businesses that need to keep everyone in touch and up to date, it includes hosting of your email on Microsoft’s Exchange platform, where you are able to share calendars with officemates, you can create your own internal office webpage with SharePoint, you can have central document storage with OneDrive, and you get a free Business Skype account.

You may be saying “But isn’t it safer to keep my documents on the premise than in the cloud?” but Microsoft actually has a complete Security Development Lifecycle that prevents, detects and mitigates breaches that many companies do not have the resources to provide. And Microsoft also insures that it meets all of the latest regulations and rules of HIPAA, Sarbanes-Oxley, FISMA and several other compliance regulations. Safety is always a concern, but with the steps Microsoft is taking the risk is far less than it used to be and if you choose not to have your data “in the cloud” you can always continue to store it on your servers and PC systems, it just will not be as accessible to you.

If you are interested in moving to Office 365, give your AcaciaIT rep a call, we can add Office 365 to your Managed Services contract and get you started in just a few short days!

Pokemon Go for your business?

The latest rage in internet games is here and it’s name is Pokemon Go.

You have by now at least heard of the game but how can your business profit from it? There are several ways;

  • Use a Lure Module;

You can purchase a Pokemon Lure Module for a little over a $1 per hour. This lures Pokemon characters to your location. The idea being if you lure the characters you will lure the people looking for the characters.

  • Setup business by a Pokemon Gym;

If your business is mobile such as a food truck, you can locate a Pokemon Gym, this is a place usually by a park or other open outdoor area where players come to workout and battle their characters. It has been recorded by several sources that doing business in these areas has seen a massive increase in business.

In the near future there will be opportunities to pay for a Gym to be located at or near your business. There will also be paid sponsorship’s for items like free Pokeballs (the ball you must throw at the character to capture it).

Heard of other Pokemon Go business ideas? We’d love to hear your thoughts! Drop us an email at support@acaciait.net

 

 

Keyboard Security Risk!

Watch out for Keysniffer!

There is a new security threat whereby a Hacker could get your passwords answers to your security questions and other private information. Keysniffer simply grabs whatever you are typing on your keyboard and sends it to the hacker. The good news is the hacker must be within 250ft of you to intercept this transmission and, it is only affecting certain models of wireless keyboards that do not encrypt their signal.

Do you have one? Here is the list of affected keyboards;

  • Anker
  • EagleTec
  • General Electric
  • Hewlett-Packard
  • Insignia
  • Kensington
  • Radio Shack
  • Toshiba

Again, remember these are only wireless keyboards as the “Hack” intercepts the signal between your keyboard and your device.

Other models, such as Logitech and Microsoft encrypt that signal so even though it can be intercepted it cannot be decrypted.

If you do have one of these keyboards you may want to consider getting a new keyboard, most of the manufacturers have already released statements that any new keyboards will be encrypted.

Why should you switch to Office 365?

Microsoft is changing the way you Office.

In the past Microsoft sold you a CD with the Microsoft Office software on it and allowed you to install it on up to 3 computers/devices. They are now moving to a “monthly service plan” or “subscription” style for Office (and presumably this is just the beginning of software they will provide this way)
You may be saying “Great, I don’t want a monthly bill! I’ll be paying way too much for the software!” but in actuality the cost of Office 365 business is only $8.25 per month. If you total up what you were paying for that CD (approximately $219 +) it will take you over 2 years to equal that price. And with the automatic updates, new features added without having to upgrade, capability to install on up to 5 devices (tablets, phones, computers, laptops, etc.) the benefits start to outweigh the fact that you are now on a subscription.
In addition, Office 365 business will install on your device, but it is also accessible via the cloud. That means you can login to your office from a website. You can get to all of your documents if you store them on the provided Microsoft OneDrive and thus you can office anywhere on any computer.
For a few dollars more you can upgrade to Office 365 Business Premium. This will be advantageous for businesses that need to keep everyone in touch and up to date, it includes hosting of your email on Microsoft’s Exchange platform, You are able to share calendars with officemates, you can create your own internal office webpage with SharePoint, you can have central document storage with OneDrive, and you get a free Business Skype account.
You may be saying “But isn’t it safer to keep my documents on premise than in the cloud?” but Microsoft actually has a complete Security Development Lifecycle that prevents, detects and mitigates breaches that many companies do not have the resources to provide. And Microsoft also insures that it meets all of the latest regulations and rules of HIPAA, Sarbanes-Oxley, FISMA and several other compliance regulations. Safety is always a concern, but with the steps Microsoft is taking the risk is far less than it used to be and if you choose not to have your data “in the cloud” you can always continue to store it on your servers and PC systems, it just will not be as accessible to you.
If you are interested in moving to Office 365, give your AcaciaIT rep a call, we can add Office 365 to your Managed Services contract and get you started in just a few short days!

Do I need to protect my _____________ from hackers?

Fill in the blank with any of today’s technology, phones, tablets even Smart TV’s!
Hackers are everywhere these days, so the answer is yes.

The protection of your devices may not seem crucial until something happens. Hackers are using more and more resources to get to your personal information, so ask yourself a couple of questions;

  1. Do you use your device to access your bank account?
  2. Do you use your device to access other devices that access private personal information (in other words, do you remote into your computer at the office?)
  3. Do you receive email from your office, bank or other places that have access to your private personal information?
  4. Do you load apps from 3rd party companies?

If you said yes to any of these then you need to protect your device.

So what is the best way to protect your devices? Well, let’s take a look;

Tablets and phones running Android – The biggest issue with Android is applications installed from what is called side-load apps, these are applications loaded from sources other than Googles App Store. App’s downloaded from Google are generally safe as Google screens all applications and removes any that may be infected or installing malware. If you use side-load apps you should consider getting some antivirus software.

Tablets and phones running iOS – Apple, much like Android has malware as well, although most Apple people dislike this comparison all together, iOS is just another operating system vulnerable to hackers like everyone else. And much like the Google app store the Apple app store verifies its applications as well. Unlike Android there are no antivirus software for these devices. Apples recommendation is to keep the device updated and protected with a secure, strong and independent password from your other devices.

Tablets and phones running Windows – Just like your desktop at work, these tablets and phones run the same base operating system, although it is not a full version of the Windows OS it is susceptible to the same viruses and malware. With these devices it is recommended to use a full antivirus software that protects you against virus and malware attacks.

SmartTV’s – Smart Watches, and other internet connected devices– This is a new entry into the malware arena and as of yet there has not been an attack directed at these devices, but it is only a matter of time. SmartTV’s, smart watches and other devices do have a form on OS (operating System) to enable you to connect to Netflix, YouTube your email, and other internet related sites. So it is only logical that someone will create a malware to attack these systems as well. It is important to keep this in mind for your overall protection as we progress into the future.

The second largest security hole is hackers intercepting your data over the air/internet.

What does this mean? Picture yourself in the airport or favorite coffee shop and you want to connect to their free wireless internet. Hackers can intercept your signal on that network and hack right into the data you are transmitting back and forth to sites and devices.

The best defense here is a VPN or Virtual Private Network. A VPN will create a secure encrypted tunnel to the websites you will be visiting so when you are connected to the VPN the data traveling from your device to the website and back is encrypted. VPN software is available for all phones and tablets on the market today and cost very little per month to protect you.

Lastly, what happens to your device if it is lost or stolen?

If your device has data on it documents, downloads of office related items, private pictures, etc. this can be a real problem. Many devices have a password or lock on them, but these can be hacked (yes, even the iPhone just ask the FBI). So, how can you protect it? For Companies, most IT vendors can provide software security that allows them to do several things such as; locate the device (if it is on and has gps capability like most phones) wipe the device of all data, and even turn on the camera to see who is using the device. Ask your company IT provider for more information on these services. There are also a few publicly available software companies that provide this service as well such as Lookout.com or enabling Find My iPhone on Apple.

So consider your device usage and gauge your risk. Use the appropriate protections and keep your devices happy, safe and hacker free!

Dealing with Ransomware

Ransomware such as Cryptolocker has made a lot of headlines in recent months mainly because it can cost you dearly. But also because it has affected a large number of people. Most of us know someone or have heard of companies that have had to deal with this type of situation. And it can be very devastating to a company.

So, exactly what is Ransomware?

Ransomware is a type of malware that infects your computer and encrypts and locks your data files. Then, typically, there is a warning screen alerting the user that the system has been locked and they must pay a certain amount of money within (generally) 72 hours or the data will be deleted, destroyed or otherwise unable to be unlocked.

How much is the Ransom?

We have seen ransom’s of anywhere from $300 to, most recently, a California hospital that paid $17,000 and it can depend heavily on who’s computer has been locked. If it is a higher profile company, the higher the ransom.

What should I do to help prevent it?

The 3 best things to do are; Make sure you have Antimalware software for your computer that is up to date, Backup your data and use a DNS service.

Even with the most up to date Antimalware software, new malware is always out there that may not be detected. With a good backup of your data, at least nightly or as we like to say “backup your data as often as you can afford to lose it”. That means, if you can go for a whole week and lose the sum of what you have done that week without being affected then you only need to backup once a week. For most people that is not often enough so we highly recommend a nightly backup of your data.

What is a DNS Service?

DNS services block phishing websites and help prevent malware. Some offer customizable filtering and even parental controls but the main reason you want it is to prevent ransomware programs from being able to contact their site or “phone home” as it is referred to. If the ransomware cannot contact its home site it cannot encrypt your files. DNS services block these sites and prevent files from being encrypted.

Why is a data backup so important?

If you have a good backup, the ransomware is generally easy to remove from the system. The encrypted data can be deleted and the backup data can be restored, thus, the only amount of down time and loss is related to what you have done that day to the point you were infected and the time it takes to restore the data. Generally, a lot less the ransom would cost you.

If you pay the Ransom, are you guaranteed to get your data back?

The simple answer to this is no. remember, you are dealing with criminals. That being said, it is in their best interest to release your data once you have paid. If they don’t, no one would pay the ransoms after a while.

Should I call the Police or the FBI? Isn’t this a crime?

You should always report crime, that being said they will probably not be of much help. A recent statement from the Boston Bureau of the FBI stated “it’s up to individual companies to decide for themselves the best way to proceed. That is, either revert to back up systems, contact a security professional, or pay”

If you have questions or would like to inquire about Antimalware protection, Backup services or DNS services, please contact us at sales@acaciait.net

Passwords to Avoid! Business Security

Password Security Protocols with Acacia I.T. Tucson Arizona

Once again there has been a list of passwords you should avoid using, a company known as SplashData releases this list every year. This list is comprised of passwords that were compromised over the past year.

Password security is a vital part of protecting yourself from hackers, if you are using a password on this list, before you do anything else, change it!

 Passwords to avoid for business security. Plan your implementation in regards to your computers and employees is vital to your business.

Your password should be comprised of at least 8 digits long, with different combination of numbers, letters, and symbols. Also, you should use different passwords for different logins (computer, bank, website, programs)

There are many very good password management software available as well as Managed Service packages from your IT vendor, where you only have to remember one password and all of your other website passwords can be randomly generated and stored in the password safe. Contact your IT vendor for more details.

Drumroll please!

here is the top 25 list:
1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball
11. welcome
12. 1234567890
13. abc123
14. 111111
15. 1qaz2wsx
16. dragon
17. master
18. monkey
19. letmein
20. login
21. princess
22. qwertyuiop
23. solo
24. passw0rd
25. starwars

 

 

Acacia I.T., Tucson, Arizona, Business Computers Since 1991 Password Security

Acacia I.T offering business computer needs in Southern Arizona Since 1991. Specializing in security, PCI compliance, HIPAA and managed services. Providing Tucson Clients the opportunity to work with minimal employee interruptions.

Data breaches, 5 things you can do to help prevent them!

The definition of a Data Breach, as given by the Department of Health and Human Services (HHS.gov) is; “An incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so.”

With 120 Million patient records compromised in 2015, more than 90% of healthcare organizations, in a recent study have had breaches, and 43% of those breaches caused by user error and not malicious attacks* These are 5 key things you should be doing to help prevent accidental data breaches;

1. Encryption; Encrypt all drives that have data PHI (Patient Health Information) on them. There are many ways to encrypt a drive from free software from Microsoft to more complex Key encryption servers from Symantec. They important thing here is; if someone steals a computer or that computer is retired, data cannot be retrieved from the system because it is encrypted. This is also a good time to talk about location of PHI. If you store your company PHI only on a server then you only need to encrypt one device. If you store the data on multiple user PC’s, servers, etc. this becomes much more complex, and many more possibilities for accidental breaches. Users should be able to store all data in software or folders on a domain server and you can even restrict the rights to store that data on the local computers.

2. Password policies; Yes this is a sore subject. The multitude of passwords that an employee needs to know to access the computer, network, applications and websites can be daunting, but there are solutions for that. Most IT vendors are now able to offer password management as part of their services, with this your employee will only need to remember one password!

That being said, your passwords need to meet these specifications because passwords such as “password” and “abc123” are simply not sufficient to protect data;
a. A password should protect all access to PHI data.
b. Passwords need to meet security standards such as; 8 or more charters, letters, symbols with requirements to utilize all three of those items within it.
c. There should be a forced time period to change passwords and not allow them to repeated.

3. Education; Your employees need to know what you are protecting, how you are protecting it and why you are protecting it. This will give them a much better understanding of what is expected of them and how to avoid accidental data breaches. Your IT vendor should be able to hold an educational lunch and learn with you and your employees to go over what you are doing now and what you should change to better protect your data.

4. Policies; Along with education, your company needs to put in place policies and procedures that enforce the education and give boundaries to employees. Not only will they be educated on what needs to be done with PHI information, they will also have a company policy to fall back on. This also gives a HIPAA auditor information about how your company is treating PHI in the event of an audit.

5. Business Associate Agreements (BAA); A BAA is an agreement between a company with PHI and any of their vendors that may come in contact with PHI. This agreement helps protect your company from accidental data breaches outside of your company, network and employees. Vendors that fall into this category are; IT vendors, cleaning crews, Trash removal services, record storage companies and software vendors just to name a few. Your IT vendor should be able to provide you with a generic BAA that you can customize to your needs. This helps your vendors understand their responsibilities when it comes to the services they provide to you as well as protect you from accidental vendor breaches.

If you have any questions or concerns about PHI, HIPAA, or security questions in general, please contact us at support@acaciait.net or call us at 520.751.0888.

*Source: “Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data, Ponemon Institute