Connect with Us
  1. Comportz
  2. Articles by: Andrew Mahoney

Archives Andrew Mahoney

23Jul 2018

The Importance of Password Security

It’s 2018, take your password security seriously. The consequences are not worth the inaction.

In today’s world of growing identity theft and online crime, a weak password can lead to unwanted access to your financial information, email, and much more. Passwords are one of the essentials in keeping all your information safe but are not the only part of the equation. In addition to creating a long, complex password, you should store your passwords in a secure location, like in a locked drawer, or find a trustworthy password vault online. That’s why now, more than ever, password security is more important than it ever has been. 

There are many password managers you can use to keep your passwords safe.  Some popular ones are DashLane, LastPass and 1Password. If you get a password manager, all you need is to remember one master password that unlocks a vault with all your other passwords.

About 63% of confirmed data breaches involved weak, default or stolen passwords.

— Source: Verizon 2016 Data Breach Investigations Report

 

Have an extra layer of security

Another way you can protect your information is 2-factor authentication. The most common is a code or some other type of message that is sent to a mobile device registered to you so you can verify it’s really you who is logging in.

 

Never give anyone your password

Although this seems obvious, many people will give their passwords to good friends thinking it’s not a big deal. But those friends could accidentally pass it along to others or use it to harm you. When it comes to password security, it’s a given we shouldn’t be handing out our passwords to anyone.

 

Passphrase

Most people choose passwords that are easy for them to remember or something personal to them. If you fear you will forget your password then use a passphrase. Use the first letter of a sentence that you know you would remember. Ex. “I like to drink coffee and read” could be turned to, “!L2dc&r”. You can also find a random password generator online.

 

Use different passwords for each site

It’s crucial to use unique passwords for your different sites in case of a breach. If someone hacks your Instagram, and you use the same password for all your other sites, you could be in a lot of trouble.

 

Changing your password frequently might not be as necessary as you think

First of all, most people that change their passwords frequently, don’t even really change them, but rather “transform” them. As an example say someone has their password as ElePhant5, they would then just change it to elepHaNt6, which can be easily hacked. In addition to that, hackers now days have new and better software for hacking passwords and will probably take immediate action as soon as they get a hold of your password. Changing your password after you realize you there has been a breach is a must, but it is highly doubtful changing your password every month will help much.

Following these tips can help you stay protected online. Password security is one of the leading issues facing you to ensure your identity and information is safe.

Password security

Contact Comportz today to learn more about how we can help you and your business follow these password security protocols. We offer a variety of different ways we can help protect your business. 

12Jul 2018

15 Common Ransomware Scams

Common Ransomware Scams

The goal of this post is to identify the 15 most common ransomware scams. You will learn about each of these scams, how they work and what they target. Knowing is half the battle.

common ransomware scams

 

  1. Locky’s- Locky’s is similar to many other types of ransomware. This common ransomware scam spreads via an email message, that is disguised as an invoice. When the malware is opened, the invoice is scrambled and the victim is instructed to enable macros in order to read the document. However, when macros are enabled, Locky begins encrypting a large number of file types using AES encryption.

2. NotPetya- NotPetya is a malware known as a wiper with a sole purpose of destroying data instead of obtaining a ransom.

3. Petya- Unlike other types of ransomware, Petya encrypts entire computer systems. Petya overwrites the master boot record, rendering the system unbootable.

4. Spider- Spider is spread via spam emails across Europe. Spider is hidden in Microsoft Word documents that install the ransomware on a victim’s computer when downloaded. The Word document is disguised as a debt collection notice, which contains malicious macros. When the macros are executed, the ransomware begins to encrypt the victim’s data.

5. TeslaCrypt- TeslaCrypt is new on the scene. TeslaCrypt uses the AES algorithm to encrypt files. The malicious malware is typically spread via the Angler exploit kit, which specifically attacks Adobe vulnerabilities. Once exploited, TeslaCrypt installs itself in the Microsoft temp folder.

6. TorrentLocker- TorrentLocker is distributed through spam emails and is geographically targeted to specific regions. TorrentLocker is often referred to as CryptoLocker and uses the AES algorithm to encrypt files while also encoding files.TorrentLocker collects email addresses from the victim’s address book to spread the malware beyond the initially infected computer.

7. WannaCry- WannaCry is becoming an epidemic and has affected organizations all over the globe. The ransomware has hit over 125,000 organizations in 150 countries. The Wanna cry strain is also known as WCry or WanaCrypt0r and currently affects Windows machines through a Microsoft exploit known as EternalBlue.

8. ZCryptor- ZCryptor is a self-propagating malware strain that acts like a worm. The malware encrypts files while also infecting external drives and flash drives so it can be distributed to other computers.

9. Bad Rabbit- Bad Rabbit is a sort of ransomware that has infected organizations in Russia and Eastern Europe. Bad Rabbit is spread through a fake Adobe Flash update on compromised websites. When the ransomware infects a machine, the users are taken to a payment page demanding .05 bitcoin (around $285).

10. Le Chiffre- “Le Chiffre”, which in French means “encryption”. Unlike other ransomware, LeChiffre is run manually on the compromised system. Cybercriminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running an instance of the virus.

11. Jigsaw- Jigsaw encrypts and progressively deletes files until a ransom is paid. The ransomware deletes a single file after the first hour, then deletes more per hour until the 72-hour mark, when all the files that are left are deleted.

12. CryptoLocker- The original CryptoLocker botnet was shut down mid-2014, but not before the hackers behind it extorted $3 million from victims. Since then, hackers have copied the CryptoLocker approach, although the variants in operation today are not linked to the original.

13. CTB-Locker- The criminals behind CTB-Locker used a different approach to spreading malware. Taking a page from the playbooks of Girl Scout Cookies these hackers outsource the infection process to partners in exchange for a cut of the profits. This is a proven strategy for achieving large volumes of malware infections at a faster rate.

14. KeRanger- KeRanger is a common ransomware scam that was discovered on a popular BitTorrent client. It’s known as the first fully functioning ransomware designed to lock Mac OS X applications.

15. Cerber- Cerber targets cloud-based Office 365 users and has impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup in addition to on-premises.

If you have any questions about these common ransomware scams or about cyber security in general, please contact us and read our blog on How Ransomware Attacks your Business or our FREE E-Book: The Small Business’ Guide to Ransomware

11Jul 2018

How Ransomware Attacks Your Business

Why you shouldn’t click on random links that are sent to you

You go to check your email, when you notice that you have a weird message from someone that you don’t know. You open the message and read through it. Basically, the email says that you have inherited some money, and in order to receive it you need to click a link that accompanies the email. Don’t click the link! Never click anything sent to you from someone you don’t know. The reason for that is ransomware. Ransomware attacks businesses frequently and without hesitation. Basically, ransomware is a kind of malicious software that takes over your computer and ransoms the files on it back to you for a price. If or when the price is met, the malware “leaves”, even though Forbes reports the only 19% of victims got their files back.

Photo of ransomware attack

How Ransomware attacks your business?

After the victim clicks on a link that contains ransomware, they are redirected to a real looking site, but in reality the site itself is an exploit kit. The server then sends out a request to software such as Java, this is to find vulnerable versions that the kit can exploit. If the software breaks in, it forces your computer to run its software. The ransomware then deletes files that cripple the security system on the victim’s computer in order to hide itself. This is to limit the possibility of file recovery. After this takes place, the ransomware then begins encrypting files on the victim’s computer and sends an encryption key back to the command server. The malware now has complete control over your computer. This is when you receive a message telling you how to pay. Usually, it’ll ask the victim to pay in bitcoin, which is a cryptocurrency that can’t be traced. When or if you pay, the hackers aren’t done yet. If you receive your files back, the malware may be lurking on your computer, collecting information about you (such as bank cards, residency, name, general information, browsing history). If you pay for malware, always seek help from people who know how to get rid of ransomware.

Not all ransomware works the same. Some steal information, some steal money, and some just brick (break) your computer.

Check out our new post on the 15 most common ransomware attacks.

Comportz can protect your company’s email at a low cost, that can keep your business safe from malicious ransomware . Please contact us today to learn how to prevent ransomware attacks at your business. Check out our FREE E-Book: The Small Business’ Guide to Ransomware

 

 

Sources:

https://www.forbes.com/sites/leemathews/2018/03/09/why-you-should-never-pay-a-ransomware-ransom/#1eb35f3f1753

https://www.carbonblack.com/2016/09/19/how-ransomware-works/

http://www.phishing.org/10-ways-to-avoid-phishing-scams

25Jun 2018

New Email Attack Can Bypass Office 365 Security Protocols

Scam Alert- Email Attack

ZeroFont phishing email attack- recently cybercriminals are getting creative in their attacks by manipulating font sizes to get around Office 365 anti-phishing filters.

One of the anti-phishing/spoofing detection mechanisms in Office 365 involves natural language processing to identify the content of the messages typically used in malicious emails. This tactic has been named ZeroFont, simply because these tricky emails are using words with a font size of zero to bypass Office 365 protections.

What the ZeroFont email attack essentially does is insert a long string of meaningless text with a font size of zero in the HTML code of an email, in between real text. The zero font text is invisible to the recipient of the email but not to the Office 365 filter.

For example, an email including the words “Apple” or “Microsoft” that are not sent from legitimate domains, or messages referencing user accounts, password resets or financial requests are flagged as malicious. Any emails that suggest banking information, user accounts, password resets, financial requests, etc. are scrutinized for authenticity through Microsoft’s filters. This means attackers have had to get increasingly more creative in their attempts to work around these filters.

You might get an email trying to impersonate your bank. Inside the email, it might say something along lines of “Your account needs to be updated. Please click here to verify your account.” The design of the email and the footer of the email will look almost exactly like an email you might get from your bank. The footer will even say “2018 Your Bank Name. All Rights Reserved.” Everything will look legitimate to you as the end-user. If you click on the link, you will be brought to a webpage that will also look like your banks website and be asked to enter private information and possibly even your bank account number.

The problem is, this email used to the ZeroFont technique to bypass the filters through the manipulation of the HTML code. You’ll see this:

          Thanks for taking these additional steps to keep your account safe.
          Your Bank Name
          © 2018 Your Bank Name. All rights reserved.

While the Office 365 filters see this:

         Thfdsjkllkfnnlankfdssds for taking these adfdsdsfditiofdsfsdfsdnal stfdsfsdfseps to keefdsfsdfp your accodsdsfsdfunt safdsfsdfsdfe.
          Yofdsfsdfur Bfdsfdsafsdnfsdfsk Nfsdafsdmfsde
          © 2018 Ydfdsofsdfsur hghfgBhgfhfghagfhfdhnk Nahfgfghmgfhfge. Agfhfgll rigfhgfghts resgfhfgfgeghfghrbvbcved.

All of the letters in the second example that aren’t in the view the user sees are using the ZeroFont technique. And since Microsoft cannot see the name of your bank in the email, it cannot detect that it is a spoofing email.

What this means for you as a business is you need to be more vigilant than ever to combat these new attacks. There are many additional options outside of Office 365’s protection out there for businesses to utilize that can increase your chances to prevent an attack and filter out spoofing emails.

Talk with a Comportz representative today to learn about these low-cost solutions that can keep you and your business safe.

 

14Jun 2018

IT Services & Principles That Are Here To Stay

IT Services

IT Services that aren’t going anywhere.

The world of information technology services (IT Services) is constantly evolving due to new best practices, improved technology, and market efficiencies. However, there are certain tried and true methods and ideas that have always and will always be here to stay.

  • It’s not just about how good the technology is

Of course, you want to make sure that you have good high-quality equipment that runs for a long time and benefits your business. However, if the technology is not implemented correctly or doesn’t fit what your business goals are, the technology can become a hindrance and drain on financial resources. A good IT service provider will recommend the technology that makes sense for you and implements it correctly. Good technology is only as good as the people implementing it.

  • Good physical security and information security goes hand in hand

A good source of physical security is limiting the number of people that have access to your data center. Employees with badges should be the only ones to have access. This decreases the risks of data theft. A good security system and the use of strategically placed cameras can provide a deterrent to crime and misuse of company property. On top of that, good information security includes proper firewalls, passwords, and email security is in place to keep hackers at bay.

  • Know the possible threats

With PCs came a lot more possible threats from hackers. Trying to eliminate though, IT professionals are locking down desktops and putting firewalls up. Though locking down information is a great way to avoid the risks of data theft, it isn’t always practical. We should be looking to implement new ideas on how to avoid theft without having to lock everything down. This is where us IT professionals use innovation to create a safer space for data and secure your information.

  • Test software

IT uses regression testing to make sure the new equipment does not break the old equipment. Stress testing is making sure that everything is performing well when things are being worked on. The testing is done in three stages- development, test, and production.

  • Control changes the production environment

There is a process that needs to be gone through making sure that the changes don’t interrupt production. And if there is an interruption back up plans are a must have.

  • Relationships outlive transactions

Maintaining good relationships throughout your business is crucial. Without maintaining good relationships your business will NOT be successful. When a member of the IT service provider interacts with you and your team, you are building a relationship that includes trust and yIT providers want to ensure that you can rely on them to provide great and efficient work. With good relationships come business growth and respect.

  • Integrate

There are many interfaces in today’s age that it sometimes becomes hard to maintain. IT providers are coming up with new ways on how to integrate systems and maintain all these interfaces so they do not pile up on one another.

  • IT is here to support a business

IT leadership supports managers and users that are ready to buy technology, bring technology into their business and maintain the running technology. IT helps everyone in the business. They are what helps the business succeed.

Comportz is proud to provide these tried and true methods in their everyday approach to providing high-quality IT services to businesses of all sizes. Relationships and customer service are at the core of our values along with trust and respect. Keeping up with technology for your business is hard and that’s why Comportz exists- to help businesses grow through sound advice and affordable solutions. 

1Jun 2018

Steps to Protect Your Identity

Identity theft has become and will remain a concern for individuals and businesses for the foreseeable future. Take some time to learn some key steps you can take to protect your identity.

Identity Theft

Identity Theft

The last thing you would want for you and your business is to lose access to your accounts whether it’s financial or personal. Learning some tips on how to keep your information away from online thieves can save you quite the trouble of trying to get all your information back.

  • Make sure to shred any unwanted information that you are about to throw away. A document shredder can become your new best friend when it comes to getting rid of old unwanted documents.
  • Providing your personal information to only verified companies that have an outstanding reputation is another way to keep unwanted predators out.
  • Encryption software allows all your digital documents to be stored and hidden so no one who takes a look at your computer will be able to see it.
  • Change your passwords often. Make sure to use strong characters that decrease the chances of breach. Password manager is an effective program that allows to keep track of all your current passwords.
  • Your smartphone contains personal data that could potentially be easy access to identity thieves. Set up a strong authentication method lock on your device. Fingerprint or facial recognition is one of the strongest lock methods you could use.
  • Sharing post and pictures with your friends on social media have become more popular. Do you know that with each post you make you could be at potential risk of sharing that information with identity thieves as well? Avoid oversharing and make sure that your privacy settings are up to date.

Phone Identity Theft

At the end of the day, common sense will go a long way in keeping your identity safe. If something doesn’t look or feel right, it usually isn’t. Use caution and avoid risky behavior online. In the world of online security, it’s better to be safe than sorry.

If you or your business need advice, protocols, software aimed at protecting your identity, reach out to us today. Comportz provides a variety of best practice online security services to make sure your identity is safe. 

16May 2018

Is Every Company a Technology Company?

Every company is a technology company, no matter its size, product or service. The businesses and business owners who accept and embrace this fact are the ones that will shape the future of innovation, business, and entrepreneurship. But why exactly is technology and small business so important these days?

Technology and Small Business

Technology has grown dramatically throughout the years. Businesses of all sizes rely on technology to keep themselves running. There would be no business without technology. Knowing how technology affects your business is a key point in how to target your customers. Technology and small business go hand-in-hand more than ever now.

Companies are always adapting to new changing technologies. Looking at technology as a way that can assist and become a partner for you and your business instead of a need. There are no companies today that are capable of promoting their business and products without technology. We integrate smartphones and internet our daily technological necessities to reach our customers. Further, with technology life cycles becoming shorter and shorter, it’s important for business owners to find meaningful ways to adapt to these frequent changes. By integrating technology life cycles into their business, small businesses can stay ahead of the curve and find they are staying more effective and efficient.

Embracing Technology in Small Business

We should embrace technology as a partner and not just a commodity. Operations should always allow its technology to reach its full potential. Businesses that quickly adapt to new technology often tend to gain an increased share in the market. On the other hand, companies that fail to embrace new technology and sit back and wait, find themselves falling behind.

How Do We Embrace Technology When It’s Always Changing?

There are four important ways for business owners to embrace technology and make sure they stay ahead of the game:

  • Understanding how technology affects your business
  • Understanding how technology impacts your consumers
  • Embracing the ever-evolving waves of technology
  • Find new ways to work given the changing technological landscape

The first step is simply to understand how technology affects your business. By doing so, the business owner will see how technology is integrated into everything they do as a business which allows them to make sound decisions to support that technology. It’s no doubt that in today’s day and age, every company needs some form of IT support. Without IT support, a business is exponentially more at risk for data loss, corruption, poor productivity and overall business failure. Finding an IT solution that works for your business is paramount to the success of the business. The first question most small businesses ask is, “do I need a dedicated server for my business?” These types of questions will be important to a business’s growth.

Second, technology affects every businesses consumers just as much as it affects the business. Today’s consumers are more technologically savvy than ever before. Consumers are often adapting to technology at a quicker rate than businesses and can often be turned off by a company that isn’t using or adapting to the technologies they are using.

By embracing the changing wave of technology, businesses are able to implement IT changes quickly and effectively. Again, by having an plan for IT support in place, whether in-house or sub-contracted, a business is entrusting the upkeep, modifications and best practices to experts in the technology industry. IT support will be a partner in helping the business grow.

Finally, finding new ways to work given the technological landscape, a company will improve its efficiency and effectiveness on a larger scale. Technology is evolving in ways that help businesses grow. Automating systems and procedures, allows employees to focus on more important operations and spend less time worrying about data-entry, infrastructure concerns, etc.

In conclusion, technology drives business to success. Remember to integrate technology when advertising and promoting your business. Allow IT to help run and guide your technological interest and take part of your business. Adopting new ways to implement recurring waves of change can also help drive your business to the top.

Here at Comportz, we specialize in helping businesses of all sizes become technology companies. The success of your business equals the success of our business and there is nothing more important than helping you grow and succeed in today’s technological environment. Send a message or give us a call to get a FREE IT evaluation of your business.

*Ransomware is causing 1 in 5 small businesses to shut down and is an important factor to think about when approaching your business’ technology and security. Click HERE to download our FREE E-Book on how small businesses can mitigate ransomware threats.