Home/Cybersecurity

Cybersecurity

Zero-Day Exploit Affects Microsoft Exchange Servers

Microsoft has announced that Hafnium, a Chinese-backed cybercriminal organization, has been taking advantage of four zero-day exploits to attack on-premises Microsoft Exchange servers. These newly-discovered vulnerabilities are being used to infiltrate networks and steal data, and they pose a serious risk to any organization running on-premises Exchange servers. We strongly recommend that any organizations with on-premises Exchange servers, including hybrid Office 365 setups, should apply Microsoft’s security updates immediately.

If you are a TechMD client and are using any version of Microsoft Exchange Server that was affected by this exploit, then we have already applied the relevant security updates.

This zero-day exploit affects the following versions of Exchange:

  • Microsoft Exchange Server 2019
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2010

You can find links to Microsoft’s security updates below:

To ensure your organization is protected from data breaches, your IT team will need to apply the security updates above and follow Microsoft’s guidelines to secure your Exchange server(s). Again, it is vital that this patch is applied to any affected servers as soon as possible, even for organizations that have shifted email infrastructure to Office 365 but retain any on-premises Exchange servers.

For more information about migrating your email to Microsoft Office 365 the right way, or if you’d like to discuss how TechMD can help your organization be more proactive about cybersecurity, please contact us.

March 3rd, 2021|

Webinar: Building A Framework-Based Managed Security Program in Your Business

Cybersecurity has become an even hotter topic over the last 12 months as businesses have accelerated their plans to operate in virtual and remote environments. Despite the growth of sophisticated techniques used by cyber criminals, we know that 98% of data breaches can be prevented by implementing the Center for Internet Security’s Top 20 Critical Security Controls correctly.

Surprisingly, most businesses have not implemented these Top 20 Controls. In this webinar, we discussed the different types of CIS security controls and explored a globally-recognized framework for assessing your business’ existing cybersecurity defenses. The webinar included two guest cybersecurity experts, Kevin Holmes and Eric Rockwell from MAP CyberSecure.

  • Kevin Holmes is the Audit and Assurance Practice Leader at Martini Akpovi Partners and has extensive experience in internal controls consulting. He holds the AICPA Internal Control Certification in the COSO Internal Control Integrated Framework. Kevin also holds an AICPA Certification in Cybersecurity Advisory Services.
  • Eric Rockwell has more than 17 years of leadership experience helping clients optimize their IT environment while aligning with business goals. A member of the Center for Internet Security, Eric is an expert in risk management, incident response, infrastructure protection, business continuity and disaster recovery.

Special thanks to our partner:

 

February 17th, 2021|

Executive Extortion: The Evolution of Ransomware

By now everyone knows that ransomware is a real threat with real risks to businesses of all sizes. What you may not know is that hacking techniques are evolving and ransom payments are going up. ZDNet reports a new trend where cybercriminals directly target the computers of top executives at small and mid-sized companies. Executive computers are much more likely to contain sensitive information about the company as well as personal information that a CEO would not want to see on the internet. Gaining access to these computers is highly valuable for pressuring management into approving high-dollar ransom payouts, which means that executives are even more of a target and should consider taking extra steps to secure their information. 

Cybercriminal groups are well aware that small and mid-sized businesses have generally not implemented cybersecurity best practices. This makes SMBs easy to infiltrate and allows cybercriminals to spend an average of 200 days inside a network undetected. While in the network, they can sift through executives’ files and emails in order to exfiltrate data that might be useful in threatening, embarrassing, or putting pressure on a company’s management. Cybercriminals might find proprietary company data, financial numbers, or compromising personal information and threaten to post them to online leak sites. They might also plan to disclose the data breach to authorities, which causes reputational damage and may also incur a fine from regulators. 

By now every business needs to conduct a cybersecurity assessment to understand their largest vulnerabilities. TechMD recommends following the NIST Cybersecurity Framework and the CIS Top 20 Controls. In the meantimehere are a few simple steps that every executive can take right now to protect themselves from cybercriminals:

1) Use complex and unique passphrases on your accounts 

Because trying to come up with and remember unique passwords for hundreds of different accounts is impossible, most people use one simple password for everything. However, this presents a huge security vulnerability: cybercriminals can easily breach accounts via brute force (working through a list of commonly-used password combinations) or find passwords in one data breach and reuse it to compromise unrelated accounts (since the password is likely to be identical). 

To address this issue, we recommend creating complex passphrases instead of a passwords. Passphrases are long strings of words that are easy to remember but hard to brute force—an example might look like George loves breakfast!”We also recommend using a password manager like LastPass or Dashlane to generate complex passwords and store them for you. This combination of a single master passphrase to access your password managers and automatically-generated complex passwords for all your other accounts should keep you safe from most simple password breach attempts. 

2) Set up Two-Factor Authentication on everything 

Even if you have a strong passphrase and unique passwords across all your accounts, you’re still vulnerable to a third-party suffering a data breach and releasing your information. To combat this, it is critical to enable Two-Factor Authentication (or 2FA) on all your accounts. 2FA works by creating an extra layer of security by validating your logins with a text message or app prompt on your smartphone. 

Symantec recently published a study that showed that two-factor authentication could have prevented over 80% of all account compromises. This makes 2FA one of the single most important things you can do to protect yourself and your business from cybercriminals. To see 2FA in action, you can check out our recent One-Minute Wednesday on how to get started with two-factor authentication. 

3) Understand how to identify and avoid phishing scams 

Phishing is a common cyberattack where a cybercriminal sends an email that looks like it’s from a legitimate institution or company in order to trick the recipient into divulging personal information, wiring money to an offshore account, or install malicious softwarePhishing emails usually mimic the logos, web addresses, and language from real companies in order convince you that the email is legitimate. Phishing emails can also be highly targeted—cybercriminals often do background research and send extraordinarily specific emails that appear to be from clients or close associates, which include information that you wouldn’t expect anyone else to know. 

Here are a few things to keep in mind about phishing: 

  1. Never click on links or open attachments from suspicious-looking emails, especially if they are asking you to enter login credentials. 
  2. Keep an eye out for unusual requests or other odd features about an email. Common phishing tactics include sending emails from a “personal email” because the sender is “locked out” of their work address, instilling a sense of urgency or claiming an emergency in order to bypass the recipient’s natural suspicion, and claiming to be too busy to discuss the email further or clarify the request. 
  3. If you’re not sure that an email is legitimate, always reach out to the sender directly. Call them to confirm they sent the email, or ideally discuss it with them in person. 

Stay Safe! 

Executives and management teams are increasingly the targets of highly sophisticated cybercriminals. If you’re in a high-level position in your organization, it’s critical that you take extra caution when it comes to cybersecurity. 

However, it’s not enough to protect yourself if your business doesn’t also have a robust cybersecurity strategy in place. The best way to find out how secure your business is today and get the best ROI on your cybersecurity spending is to perform a Security Maturity Level Assessment (SMLA). Developed to follow the globally-recognized NIST Cybersecurity Framework, the SMLA provides a big-picture look at your business’ cybersecurity along with specific, detailed recommendations about how to improve. 

If you have any questions, feel free to contact TechMD or check out our managed cybersecurity page! 

February 5th, 2021|

Cybersecurity Alert: Microsoft 365 Vulnerability Leads to US Treasury Breach

State-backed hackers use Microsoft 365 vulnerability to breach US Treasury

Reuters reported over the weekend that foreign state-backed hackers have breached Microsoft 365 accounts at the US Treasury Department, using their access to secretly monitor email accounts and email exchanges between the US Treasury and the National Telecommunications and Information Administration. The attack was extremely sophisticated and was able to bypass Microsoft’s authentication controls.

Microsoft has released guidance for how organizations can bolster security to attempt to avoid these attacks, and we suggest having your IT provider take a look at this document and make sure your organization is following the recommended best practices. In addition to Microsoft’s recommendations, here are 3 tools and tips to help protect both personal and business accounts from cybercriminals:

1) Set up Two-Factor Authentication (2FA)

Two-factor authentication is the one tool that provides the highest ROI in terms of protecting your accounts from unauthorized access. Microsoft has said that 2FA can prevent 99% of automated attacks on Microsoft 365 accounts, and a recent Symantec study found that 2FA would have prevented up to 80% of data breaches (of all types). If your organization is not currently securing all employee accounts with 2FA, then implementing it should be your top priority. You can also set up 2FA for most of your critical personal accounts (like online banking) in just a few minutes. In general, we recommend using an app-based solution like Duo or Google Authenticator rather than SMS-based text messages for both business and personal accounts. If you’d like to learn more about 2FA, you can check out our One-Minute Wednesday episode on how it works.

2) Improve your password hygiene

Never use the same password twice—if your password becomes compromised in a data breach, cybercriminals can (and will) attempt to use it on all your other accounts. For personal accounts, we recommend using a password manager (like LastPass) to help you 1) keep track of all your unique passwords and 2) create highly-complex, strong passwords. Good passwords should avoid using common words, uses as many characters as possible, and includes a variety of different character types (uppercase, lowercase, numbers, and special characters).

For business accounts, the best practice would be to implement Single Sign On, which allows you to use a single master username and password to access all your business applications, and then protect it with Two-Factor Authentication. You can learn more about SSO by checking out our recent article on it.

3) Learn to spot phishing scams

If you get an email claiming that one of your accounts has been breached and you need to login immediately, it is probably a phishing scam. Phishing is a type of attack where cybercriminals impersonate a person or organization you trust in an attempt to trick you into providing personally-identifiable information (PII) like passwords or credit card numbers. Phishing emails normally include a link to a malicious website or attachment.

The best way to avoid getting compromised is to know how to spot phishing emails. They often have misspelled words, involve a slightly misspelled website like (like microsoftsupport.ru or microsft.com), or include an urgent call to take action immediately. You can learn more about how to spot phishing emails by checking out one of our One-Minute Wednesday episodes on phishing. If you receive an email that seems suspicious, either delete it or forward it to the Anti-Phishing Working Group at phishing-report@us-cert.gov.

About TechMD

TechMD is an award-winning IT services firm that specializes in managed IT services in Orange County and Los Angelesmanaged cybersecuritycloud solutions, and strategic IT consulting. We are passionate about bringing enterprise-level productivity, scalability, and security to small and medium businesses.

December 15th, 2020|

Combining Security and Convenience in Your Business with Single Sign-On

In the modern workforce, managing passwords is tough. Most employees manage 85 different passwords, according to this year’s Annual Global Password Security Report by LastPass, and this presents a significant cybersecurity risk for businesses while also harming productivity and user experience.

Most business leaders are aware that maintaining a robust password security posture is more important than ever, as cybercriminals continue to target small and mid-sized businesses (and their employees). However, the rise of cloud adoption also means that most users expect to have seamless access to multiple applications from anywhere and on any device, and 2020’s exponential increase in work-from-home situations only exacerbates the issue by adding new applications and forcing users to enter passwords more often.

One of the best solutions to this security/productivity dilemma is called Single Sign-On (SSO). Single Sign-On means that users don’t have to sign in every time they need to use an application—instead, they log in using a master username and password and those credentials are used for all their other business apps. This solution perfectly combines security and simplicity, allowing your team to stick to a single master password while also improving your organization’s security posture. SSO also helps satisfy compliance requirements built on the NIST Cybersecurity Framework and CIS Top 20 Controls, making it a win-win for organizations subject to CMMC, HIPAA, CCPA, and others.

How SSO Improves Security & Increases Productivity

By allowing employees to use a single set of login credentials everywhere, SSO boosts productivity while also improving your overall cybersecurity posture. Here’s how:

Better Passwords

Employees at small and mid-sized businesses manage 85 different passwords on average. This presents a large security risk as users are likely to create simple passwords and reuse them across multiple logins. With SSO, users only need to remember a single password for all their applications, which means they are more likely to create a stronger passphrase that can’t be reused in multiple places.

Two-Factor Authentication on Everything

Enabling Two-Factor Authentication (2FA) is one of the single most important things you can do to improve your cybersecurity posture: a recent Symantec study found that over 80% of all data breaches could have been prevented by 2FA.

2FA and SSO are a match made in heaven: by enabling Two-Factor Authentication on each user’s master login, you effectively protect every application that your team needs to access, without forcing them to enter their 2FA code for every app. To learn more about how Two-Factor Authentication works, check out our One-Minute Wednesday episode.

Secure User Provisioning

Traditionally, when an employee leaves the company, the IT department needs to track down and change every single password that employee had access to. With an average of 85 passwords to update and (generally) a lack of documentation about which accounts were in use, this can present a major security vulnerability for most businesses.

SSO solves this issue by streamlining the user provisioning/deprovisioning process: when someone leaves the company, the IT team only needs to disable a single master account and/or update a master login. This can save a ton of time and, more importantly, means your IT team will never overlook an account that needs to be locked down.

Fewer Support Requests

Users often forget passwords and get locked out of important applications, and this usually necessitates a call to your IT department or IT provider to initiate a password reset. Enabling SSO means your employees only have a single password to remember, which means they’ll get locked out less often and the downtime associated with password reset requests will be significantly reduced. This frees up your employees to be more productive and your IT team to focus on important proactive work.

Improved User Experience

Single Sign-On is already a part of most people’s personal lives—we’re used to logging into a single Google login and then automatically having access to our Gmail, Google Drive, YouTube, etc. SSO extends this user experience to your employees’ work environment: your team won’t need to stress about password management or click through multiple login windows for every application, saving time with every login and boosting overall productivity.

Find Out How SSO Works For Your Business

With more people working from home and using cloud applications than ever before, it is increasingly important for businesses to develop a cybersecurity strategy. SSO is a powerful tool for securing your business from cybercriminals while also improving user experience and boosting productivity. If you have any questions about how SSO could work for your business, please don’t hesitate to contact us!

November 18th, 2020|

The One Cybersecurity Assessment Every SMB Needs

Most cybersecurity assessments today do not follow an authoritative framework, are incredibly expensive for what they provide, and (most importantly) fail to answer these three critical questions:  

  • How secure is our business today? 
  • What is the appropriate level of cybersecurity for our business? 
  • How can we improve cybersecurity practices to meet business objectives? 

TechMD’s Security Maturity Level Assessment (SMLA) process fully answers these three questions by following the nationally-recognized NIST Cybersecurity Framework (you can learn more about NIST framework here). And with an all-in flat-rate price of $6,000 for the entire SMLA process, our assessment is as cost-effective as we can make it. 

Here is an overview of how TechMD conducts the NIST SMLA and what we provide once we’re finished: 

Security Maturity Level Assessment (SMLA) 

Step 1: Confirmation of Business Cybersecurity Requirements 

The SMLA process begins with scheduling a complimentary meeting where TechMD will seek to understand your business cybersecurity needs, what your cybersecurity posture looks like today, and how your IT infrastructure, IT systems, and IT support are set upBy the end of this meeting, you’ll understand how the SMLA process works, you’ll know the all-in flat rate costs for the assessment, and you’ll have a high-level overview of how our process will impact your overall cybersecurity posture. 

If you want to move forward, we’ll sign an SMLA agreement and will begin the process of identifying the key personnel that will need to be interviewed as a part of the assessment process. Click here for a sample Statement of Work document for the SMLA. 

Step 2: Interviews with Key Personnel 

The SMLA is built to follow the NIST Cybersecurity Framework and the CIS Top 20 Cybersecurity Controls. Once we begin the assessment, we will sit down with key personnel, usually a C-level executive plus whomever manages IT and HR, to understand how your organization stacks up against the NIST framework and CIS Top 20 Controls. 

 

This is a highly-detailed, structured process where we assess the status of and execution on each of the CIS 20 controls and sub-controls one-by-one. The goal is to understand whether there is a policy or practice in place that satisfies each control, and if so, to what extent it satisfies the control. For each control, we’ll be looking for:  

  • Is there a verbal policy that satisfies this control? 
  • If yes, is there a written policy that satisfies this control? 
  • If yes, is the policy fully automated? 
  • If yes, is there a reporting process in case the policy fails to execute properly? 

Once we gather all the data for each of the CIS 20 Controls, we will make evidence requests to prove compliance. We will also be documenting everything along the way and maintaining an inventory of evidence provided. This is important because we are taking the position of an outside auditor—our job is to ensure that you can pass an independent audit, and we will stand behind you if and when you decide to engage one. 

Step 3: Review the Evidence 

Once the initial key personnel interviews and evidence-gathering process is completed, we will review the policies provided by the client and the technical evidence provided by the IT team, determine if each policy satisfies its corresponding control and would pass an audit, and finally analyze all the information to get a high-level overview of the organization’s cybersecurity compliance. 

After our analysis is complete, we normally expect to schedule follow-up meetings with key personnel to fill in any gaps in information. Once we have a complete picture, we’ll move on to the deliverables. 

SMLA Deliverables 

As a result of the SMLA process, you will receive: 

Official Security Maturity Level (SML) Score  

Your SML score will range from 0-5 and will include a full breakdown of the percentage to which each control has been satisfied, along with a comparison to other companies in your industry. 

Executive Summary Report  

This report contains high-level insights into how your cybersecurity policies fit together and an overview of your overall cybersecurity posture. This report is based on your cybersecurity goals and where you’re falling short in relation to those goals. Not every organization needs to have an SML Score of 4 or 5, so the analysis in this report will be highly dependent on your specific needs and goals. 

Full Detail and Risk Analysis Report  

This report includes a full breakdown of what is missing from each policy and what is needed to satisfy its corresponding CIS Control, along with an assessment of how much risk each policy presents to the organization. 

Customized System Security Plan 

The first three deliverables may paint a depressing picture about your cybersecurity posture, and if so, you probably already knew roughly how bad it was. But what you probably want to know is what you should do next, so the most important piece of the SMLA process is the customized System Security Plan (SSP) and its companion Timeline and Budget.  

 

The custom SSP will provide you with a step-by-step plan and budget for improving your SML score. This plan will be designed to satisfy your organization’s specific timeline, budget, and goals—normally we develop 1-year plans, but you may be willing or required to spend more and arrive at your targeted SML score sooner. Our SSP applies to any industry or compliance requirement and will be customized to fit your organization’s needs. For example: 

  • You may need to be HIPAA compliant, CMMC certified, or follow any number of other industry-specific compliance requirements 
  • You may need to meet the cybersecurity requirements of a large customer  

Once you receive your customized SSP, you’ll have the freedom to execute the plan yourself if you have in-house cybersecurity expertise, or we can help you drive that process forward through a Managed Security Services Agreement. 

Get Started Today 

It’s easy to get overwhelmed by all the different cybersecurity solutions out there, but it doesn’t have to be that way. We now have a nationally-recognized cybersecurity standard in the NIST Cybersecurity Framework and CIS Top 20 Controls. With the SMLA process built on that standard, TechMD can help you understand your cybersecurity risks and develop a customized action plan that will get you where you need to be, at your own pace and according to your budget. 

To learn more about the SMLA, contact us here! 

September 16th, 2020|

Does the new CCPA law apply to your business?

What is the California Consumer Privacy Act?



Many California businesses will need to address new compliance and privacy requirements this year due to the California Consumer Privacy Act (CCPA), which went into effect on January 1st, 2020. CCPA established new data privacy rights relating to how businesses handle consumers’ data. Companies that fall under CCPA have a six-month grace period before enforcement actions from the California attorney general begin in July.

Once enforcement begins, penalties being out of compliance are up to $7,500 per intentional violation and up to $2,500 per unintentional violation. Consumers also have the right to pursue individual actions against companies that mishandle their data.

Does CCPA apply to you?

CCPA regulates any company that does business in California (or has customers who live in California) and falls into at least one of the following categories:

  • Earns annual gross revenues over $25 million
  • Receives, buys, sells or shares the personal information of at least 50,000 California consumers
  • Derives at least half of annual revenue from selling the information of California residents

For more details on the CCPA standards, see Microsoft’s FAQ.

How to Prepare for CCPA Enforcement

If CCPA applies to you and your business, you’ll want to start taking steps to ensure you’re compliant now. Here are a few things to keep in mind:

1. Understand the scope of your obligations

First you need to understand what kind of consumer data you are collecting and storing. CCPA defines “personal information” as anything that “identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes things like:

  • Personal identifiers (names, addresses, emails, social security numbers, driver’s license numbers, etc.)
  • Geolocation
  • Biometric information
  • Employment information
  • Educational information
  • Internet or network activity

If you don’t already have a good understanding of what data you’re collecting and how you’re storing it, you’ll want to get a compliance assessment. If you have a Microsoft 365 subscription, you already have access to the Microsoft 365 Compliance Center and the new Compliance Score. These tools will help you assess your current compliance posture and point out areas that require improvement.

2. Develop processes for responding to Data Subject Requests (DSRs)

CCPA gives consumers the right to control how companies use their information, including the right to access, delete, or transfer data. Consumers exercise these rights by submitting Data Subject Requests (DSRs) to companies, and businesses subject to CCPA will be obligated to review and respond to each DSR in a timely manner. The Microsoft 365 Compliance Center can help you streamline the DSR response process and is another reason why we recommend Microsoft.

3. Find and secure sensitive data

Most businesses are not taking steps to secure corporate data, and data breaches are becoming more common every day. Because CCPA imposes penalties for data breaches of consumer information, it’s important to have the right systems in place for securing sensitive data. Tools like Message Encryption, which enables users to encrypt messages going in and out of your organization, and Microsoft Information Protection, which blocks sensitive data from leaving the organization, are a critical part of your compliance stack.

4. Train your employees

CCPA requires all employees who are responsible for the company’s compliance or might find themselves handling requests related to data privacy (opting out, deleting or accessing information, etc) to undergo specific training about how CCPA works and what it requires. This training requirement most likely covers all customer service representatives along with the company’s legal/compliance team. You will want to make sure all employees who are required to undergo CCPA training complete it before enforcement actions begin later this year.

TechMD Can Help

If you have any questions about how CCPA might affect your business, please feel free to reach out to us!

February 11th, 2020|

Tech Talk: 3 Practical Steps To Avoid Getting Hacked

In today’s technology landscape, cybercriminals are now primarily targeting individual users rather than breaking into systems. In today’s Tech Talk, we’ll review three best practices you can implement to protect yourself from cyberattacks, whether at work or home.

    1) Phishing Scams
    Understand how to identify and avoid phishing scams. Phishing occurs when a hacker sends an email that looks like it’s from a legitimate institution or company to trick users into giving up their personal information. They mimic real logos, web addresses, and language from real companies to prompt you into clicking malicious links, downloading harmful files and logging into fake websites. Once you enter your credentials to log in, the criminal on the other end steals your username and password to breach your account. Another common tactic is a CEO scam, where a fake email appears to come from a CEO or top executive asking employees to transfer money to them. To combat scams that invade your inbox, make sure you never click on links or open attachments that look suspicious. If someone asks you to transfer money or sensitive information via email, you should think twice and verify that request with the sender in person or on the phone.
    2) Password Discipline
    A good password strategy is also imperative to being connected online. The media is replete with headlines of data breaches where millions of accounts are compromised. Some of this can be attributed to the mistake of using simple, repeat passwords across different accounts. Thankfully, there are tools like LastPass and Dashlane which can generate complex passwords for your various accounts and house them in one location. Today’s password management isn’t complete without Two-Factor Authentication, or 2FA. 2FA works by creating an extra layer of security by validating login with a text message or app prompt on your smartphone. Implementing 2FA can prevent over 90% of security breaches.
    3) Phone Scams
    Lastly, cybercriminals are targeting smartphones for their attacks. This occurs when a hacker contacts you personally, such as pretending to be from the IRS or a law enforcement agency and will coerce you into paying back taxes or doing a wire transfer. The tactics you’d use against phishing emails should also be used here, so don’t give out sensitive information or send payments in response to unsolicited phone calls.

In conclusion, healthy cybersecurity is built on knowing how to spot phishing emails, improving your password management, and knowing when you’re receiving a call from a scammer. Make sure you follow these three principles to stay safe wherever you are!

October 22nd, 2019|

Cybersecurity Alert: SharePoint Phishing Attack Targets Office 365 Users

New PhishPoint Attack May Be Affecting As Many As 10% of Office 365 Users

Recently we have been seeing a new phishing attack called PhishPoint that is targeting Office 365 customers. In this scam, cybercriminals are inserting malicious links into SharePoint files and then sharing them with potential victims, ultimately allowing them to steal Office 365 user credentials.

This attack is particularly insidious because it bypasses Office 365’s built-in security. Microsoft automatically scans incoming emails for malicious links and attachments, but a link to Microsoft’s own SharePoint Online platform wouldn’t raise any red flags with their system. Because the malicious phishing link is hosted in the SharePoint file rather than the email itself, is goes unnoticed by Microsoft’s email security.

How to Spot A PhishPoint Attack

In a PhishPoint attack, the target will receive an email that looks exactly like the standard SharePoint invitation to collaborate:

an example PhishPoint email

Clicking on the link will automatically open up a SharePoint file. This SharePoint file will contain content that looks like a standard request to access a OneDrive file. However, the link to “Access Document” is actually a malicious URL.

A malicious SharePoint file

Clicking on the SharePoint link to access the document takes the user to a spoofed Office 365 login page. When the victim enters their username and password, their credentials will be recorded and stolen by the hacker.

PhishPoint ultimately leads to a spoofed Office 365 login screen

How Can You Protect Yourself?

Like many phishing attacks, PhishPoint is designed to perfectly imitate aspects of the Office 365 experience in order to lull users into a false sense of security. Here are a few things to keep in mind:

  • PhishPoint emails are unsolicited and usually have a generic subject line like “
    [name] has sent you a OneDrive for Business file”. If you are not expecting a file share from someone in your office, take the time to verify the email’s legitimacy by calling the sender directly or, better yet, talking to them in person.
  • Many PhishPoint emails attempt to manufacture a sense of urgency by including words like ACTION REQUIRED or URGENT in their subject lines. Don’t let the sense of urgency put you in a hurry—take the time to look closely at emails like this before clicking on them.
  • Always check the URL when you receive suspicious links! In PhishPoint’s case, when you finally make it to the login page, you can tell that it is not associated with the Office 365 domain by looking at the address bar in your browser.

To learn more about how to spot phishing attacks, check out this helpful video. As always, make sure you stay alert and think before you click!

August 21st, 2018|

What You Need to Know About the WannaCry Breach

WannaCry Ransomware Causes Global Security Breach

You may have seen the news this weekend: cybercriminals released a new strain of ransomware that can automatically spread itself across all computers in a network. It’s been dubbed “WannaCry” and it’s causing a global epidemic. More than 40 hospitals in the UK were shut down over the weekend. Spanish telecommunications firm Telefonica reported 85% of their systems went down because of the cyberattack. And those are just a few of the victims: this monster has infected hundreds of thousands of systems in more than 150 countries.

This piece of malware is particularly dangerous because it only requires one person to make a mistake: if someone opens a phishing email attachment, it will not only infect their computer but will immediately spread to everyone else’s computer on their network.

The WannaCry Ransomware Payment Window

Each infection demands a $300 bitcoin payment to unlock that computer’s files, leading to massive downtime while breached companies attempt to make payments and wait for unlock keys to come back from the cybercriminals.

Steps TechMD Has Taken:

IT Security has always been a top priority at TechMD. We know there’s no silver bullet when it comes to IT Security, so we have invested in the following layers to protect our clients:

  1. Patch Management: we regularly update computers under our management with the latest security patches, and typically we do this work in the middle of the night while our clients are sleeping. Back in March, Microsoft released a patch to protect against the vulnerability exploited by WannaCry, and our team worked around the clock to deploy the update.
  2. Email Filtering: emails sent to our clients are filtered for spam and malware. We block thousands of emails every day from reaching our clients’ inboxes, helping to reduce the threat from these types of attacks.
  3. Antivirus: all the computers under our support have antivirus software that we install and manage. Our team monitors this critical layer of protection and work tirelessly to keep your antivirus software working and updated.
  4. Training and Awareness: individual users are by far the most important security layer in protecting themselves and their organization. Our weekly training videos and cybersecurity email alerts are helping to educate and train our 6,000 end users.
  5. Backup: we know there’s nothing anyone can do to guarantee security, and that’s why it’s critical that our clients have a robust backup strategy. In case all else fails we will use the backups to recover any lost data and reduce downtime.

In addition to these layers, TechMD has developed hundreds of best practices over the past 15 years. We have a team dedicated to deploying and managing these policies that are critical to keeping our clients safe from cyberthreats.

What Should You Do About This?

We have been working behind the scenes to protect your organization from this breach, but we still need your help. Here are a few things you can do to make sure WannaCry doesn’t infect your company network:

  • Remain Cautious with Email Attachments: be very careful when you get an email with an attachment or a link, especially if the email is unexpected. Opening attachments can immediately infect your computer, and following malicious links can give cybercriminals access to your computer and data. Remember: “When in doubt, throw it out!”
  • Don’t Wait, Alert TechMD: if you think you have been infected, or if you accidentally opened a suspicious-looking attachment in an email, don’t wait! Let us know ASAP by calling 888-883-2463.

For a quick refresher on how phishing attacks work and how to avoid them, check out this One-Minute Wednesday episode:

 


How Can You Protect Yourself at Home?

Although we only support the computers at your office, we want to share some steps you should take to make sure your personal computers are protected:

  • Patch Your Computer: the vulnerability exploited by WannaCry does not exist in Windows 10 however, the vulnerability is present in all prior versions. If you haven’t already done so, make sure your computer is patched with the latest security updates. Please refer to this article from Microsoft for more information.
  • Check Your Antivirus: check to make sure your antivirus software is working and fully updated. If you don’t have an antivirus on your home computer, here’s an overview of the top 2017 antiviruses.

All Quiet at TechMD

Although it’s too early to spike the football, as of today TechMD has had zero reported infections across the 6,000 workstations we manage. Our goal is to make sure your technology is seamless so you can stay focused on your day. That means we’ve made security a top priority, and we will continue working around the clock to respond to the ever-changing threats posed by cybercriminals. All that’s to say: don’t worry, we’ve got your back!

Have a productive week, and thank you for partnering with TechMD!

May 15th, 2017|

Cloudflare Announces Possible Breach of User Credentials

Make sure you change duplicate passwords immediately!

On Thursday of last week, website security provider Cloudflare announced a major security vulnerability affecting their service. This vulnerability has caused sensitive user data to be exposed across a number of popular websites, like Yelp, Uber, and others.

To protect yourself, make sure you are not reusing any passwords on multiple accounts. If you are reusing passwords, we suggest changing them to unique passwords immediately. People often get into trouble when a breach compromises one of their passwords, and they also use that password for their bank account, credit cards, or other sensitive logins.

We know it’s tough to make sure every single password is unique, so we recommend using a tool like LastPass. To learn more about LastPass, check out this article and One-Minute Wednesday video on our favorite password manager. You can also watch the video below:

 
February 27th, 2017|

Cybersecurity Alert: Latest Scam Combines CEO Fraud With W-2 Phishing

Tax season kicks off with W-2 phishing and wire transfer scams

These days, most of us are probably aware of CEO fraud, where cybercriminals impersonate high-level executives and trick employees into wiring company funds to an external account. And you may remember hearing about W-2 phishing during last year’s tax season, where scammers impersonated CEOs to extract employee tax forms from unsuspecting finance employees.

A W-2 Wage and Tax StatementRecently we’ve been seeing these two scams combined into a one-two punch. The IRS has released a security alert warning that scammers have started W-2 phishing much earlier than normal this year. Scammers have already extracted W-2 data from a number of U.S. companies, which have subsequently been used to file fraudulent tax returns. What’s worse is that these scammers are following up on their W-2 scam emails with a second set of phishing attacks, where they send a spoofed “executive” email to someone in the finance department demanding an urgent wire transfer.

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.” A recent Federal Trade Commission report indicated that tax fraud contributed to a 50% increase in identity theft in 2015, and we think the upward trend will likely continue.

What should you do about this?

Most importantly, we suggest you send this email to anyone you feel may be at risk, whether employees, friends, or family. Feel free to modify the email to fit your needs:

[ALERT] Cybercriminals are starting their tax scams early this season! They are now combining two scams into a strong one-two punch. First, they ask you to send them the W-2 forms for all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cybercriminals.

Remember: requests like this should raise a red flag. You should verify that the request is legitimate by calling the sender directly or, better yet, talking to them in person. These scam emails are often pushy and urgent, but don’t be afraid to spend five minutes verifying them, even if it’s the CEO making the request!

To learn more about how to spot phishing attacks, check out this helpful video. Cybercriminals are out in force this tax season, so make sure you stay alert and think before you click!

After educating your team, make sure you report any suspicious emails. According to the IRS, organizations receiving a W-2 phishing email should immediately forward it to phishing@irs.gov with “W2 Scam” as the subject line. Anyone receiving phishing scams or falling victim to one should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

If you think your W-2 form has been stolen: you should review the Federal Trade Commission’s recommendations at www.identitytheft.gov or the IRS’s steps at www.irs.gov/identitytheft. If your tax return was rejected because of a duplicate (likely stolen) Social Security number, you should immediately file a Form 14039 Identity Theft Affidavit with the IRS.

Finally, we suggest filing your taxes as soon as you can this year—a fraudulent tax return will be rejected if you beat the cybercriminals to the punch.

If you’re not sure whether your company is protected from the latest cybersecurity threats, we’d love to help you assess your vulnerabilities and then work with you to take action. Click here to make an appointment to discuss your security assessment. And don’t forget to stay safe out there!

February 14th, 2017|

Five Tips for Shopping Securely Online

Shop Smart and Secure This Holiday Season!

Christmas is just around the corner, and while you might have all your shopping done already, most of us are still looking around for the perfect gift! And like many people, you’ll do a good portion (or even all) of your shopping online.

However, is your financial data protected? Have you taken the proper measures to make sure your online purchases are protected? Finding the perfect gift may be stressful, but cybersecurity doesn’t have to be too—here are a few tips for staying safe while shopping online:

#1: Create Secure Passwords

    Checking out online can be a tedious process. You often have to sign-up for an account, fill out your name and shipping information, and choose a username and password to log in to your account.

    A crucial part of this process is making sure you choose a secure password. While choosing a password you’ve already memorized is often the easiest route, it is not the safest way to do things. If a cybercriminal breaches an online vendor and gains access to your username and password, they will test those login credentials against more sensitive websites, like you bank or credit card.

    The best way to prevent this is to use a different password for every website. This can quickly become overwhelming—to manage all those passwords, we highly recommend our favorite password management tool: LastPass.

#2: Shop on a Secure Website

    Shopping on websites through a secure HTTPS connection is one of the most important things you can do to stay safe during the holiday season. A website with HTTPS enabled means that any information you submit will be encrypted rather than being sent over the network in plain text. This helps keep you protected from cybercriminals intercepting and stealing your credit card data.

    One way to tell if a website is secure is to look for a padlock icon to the left of the website address in the navigation bar, and “https” at the beginning of the web address. Most common web browsers, including Chrome, Firefox, and Safari, will display this icon.

    The Firefox navigation bar showing a secure connection

    You can learn more about secure HTTPS connections here.

#3: Avoid Shopping on Public Wi-Fi Networks

    Public wi-fi networks are convenient, allowing you to browse the internet for free while on the go. However, public wi-fi networks are rarely secure, and purchasing gifts or logging into online accounts while connected to one can be a huge risk. Any data sent through a free public connection is vulnerable to being observed and captured by malicious cybercriminals.

    If you’d like to learn more about some best practices for browsing on public wi-fi networks, don’t miss our One-Minute Wednesday episode on wi-fi security!

#4: Just Say No to Unsolicited Email Offers

    Getting deep discounts on your purchases is always exciting, but you should be wary of any email offers coming from stores you don’t commonly shop with. This is a big red flag that could indicate a phishing attempt.

    Scammers often send out emails posing as online shopping outlets, tempting consumers to click on malicious links with “can’t-miss” deals and offers. Clicking on these links will allow cybercriminals to steal any information you submit, including usernames and passwords as well as credit card data. If you’ve received a suspicious email like this and have clicked on the link, close the window and type in the online store’s web address directly, just in case.

    To learn more about phishing scams and how to spot them, check out our One-Minute Wednesday episode covering the Target Data Breach.

#5: Use a Credit Card, Not a Debit Card

    Even if you follow all the best practices outlined above, there’s always a small chance that your financial data will be compromised. Because of this, it’s a smart idea to use a credit card rather than a debit card for online purchases, since most credit cards are covered with fraud protection and credit card companies are incentivized to resolve any fraudulent activity quickly.

    Fraudulent activity on your credit card is also better for you because there’s no immediate impact to your cash flow—if someone steals $1000 from your checking account, you’re out of luck until you get it back. But if someone charges up $1000 on your credit card, you aren’t obligated to pay off the charges while you wait for them to be reversed.

Above all, Christmas is a time to celebrate and enjoy your loved ones. Avoid having to worry about your cybersecurity and privacy during the holiday season by following our tips and tricks above.

December 8th, 2016|

Yahoo Announces Largest Security Breach of All Time

the Yahoo sign at company headquarters

On Thursday, Yahoo announced a massive security breach involving user account credentials for its services.

According to Yahoo’s investor relations page, “a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”. The account information in question includes names, email addresses, passwords, birthdays, telephone numbers, and some potentially-unencrypted security questions and answers”. Yahoo says it does not believe any credit card or bank account information was included in the breach.

Initial accounts from Yahoo indicate that at least 500 million user account credentials were stolen, making this the largest security breach of all time. If you use any of Yahoo’s services, we strongly recommend changing your password and security answers as soon as possible.

To learn more about creating strong passwords and protecting them from hackers, check out our One-Minute Wednesday episode by clicking here or watching below:

 


You can watch our One-Minute Wednesday episode on LastPass here.

See below for the full message from Yahoo’s investor relations page:

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.

Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo asks users to consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.

Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account. Since the inception of Yahoo’s program in December 2015, independent of the recent investigation, approximately 10,000 users have received such a notice.

Additional information will be available on the Yahoo Security Issue FAQs page, beginning at 11:30 am Pacific Daylight Time (PDT) on September 22, 2016.

September 26th, 2016|

Infographic – Traditional Backup vs Business Continuity

A common question in business is “do I back things up myself or let someone else handle it?” Let this infographic settle the debate once and for all by giving you the truth on data backup!

Click the image to learn the full story!

Traditional-Backup-vs-Business-Continuity-Top

November 24th, 2014|