Received a Random Link? DO NOT CLICK ON IT!

a person using a laptop computer on a wooden table

If you ever receive random texts or emails from PayPal (or any other business, for that matter) telling you they suspended your account and now require you to authenticate your identity with an unknown link, then you should definitely think twice before clicking on that link. This is a common method that hackers use to break into accounts, especially those account holders that fall for this phishing scam. There is a better alternative to investigate this issue to see where it leads. It is important to access your account the way you normally would instead of clicking on that link.

If you were in this position, what would you do?

It is pretty safe to say that no one wants to fall for a phishing scam; but, at the same time, it can be very tempting to trust the message to make sure there is nothing wrong with your account.

The best approach is simple, but definitely not one that we would intuitively think to do.

Instead of clicking on the link provided in the text or email, open up a new web browser tab and login to the website, the same way you normally would in order to access your account. It does not matter the type of account you are trying to log into, whether it be your bank, your favorite online retailer, or any website that you have an account with. The practice of logging into the site directly, rather than using the link given, is simple and easy to do. It will also help keep you from being a victim of a phishing attack.

Let Us Help Your Team and Keep Them Safe

4 Corner IT can help you and your company choose the best tools and resources to keep everyone safe from security and phishing attacks. Our professionals can help build your business’ defenses and offer training to all members of your team, including how to identify potential threats and the best practices to keep safe from these attacks. For more information or to get started today, contact us at 954.474.2204.

Contact Us Today and Check Out Our Blog!

It’s Time to Revisit Your Password Best Practices

a close up of a computer keyboard with the word password on it

When a hacker tries to access one of your accounts, the first challenge they must overcome is the password. This is why industry professionals always encourage you to create them with security in mind. The latest guidelines issued by the National Institute of Standards and Technology, or NIST, are not quite conventional or traditional, but they do give valuable insights into how password best practices.

What is the NIST?

The NIST is the authority on all things password-creation, and they are no strangers to issuing various best practices. While these practices do shift over time, due to the unfortunate side-effect of threats adapting to security standards, their advice is trusted and should absolutely be considered by all. Please see below for the recent update on password best practices.

The New Guidelines

Many organizations and Federal agencies have adopted these guidelines. Here are the latest steps to take when building a secure password.

Length Over Complexity

Most security professionals have advocated for password complexity over the past several years, but the guidelines issued by NIST disagree. NIST suggests that the longer the password, the harder it is to decrypt, and they even go so far as to say that complex passwords with numbers, symbols, and upper and lower-case letters make passwords even less secure.

The reasoning for this is that the user might make passwords too complicated, leading them to forget them entirely, so when it comes time to replace the password, they will add a “1” or an exclamation point at the end. This makes them easier to predict should the original password be stolen. Users might also be tempted to use the same password for multiple accounts, which is a whole other issue that certainly does not aid in security.

No More Password Resets

Many organizations require their staff to periodically change their passwords, mostly every month or every few months. The idea here is to preemptively change passwords on the off chance that the old passwords have been compromised. Trying to use the same old password multiple times would then lock the hacker out of the account, as the password has since been changed. While this has been an accepted best practice for some time, NIST recommends that this practice be put to the wayside, as it is actually counterproductive to account security.

The reasoning behind this determination is that people will not be as careful with the password creation process if they are always making new ones. Plus, when people do change their passwords, they will use the same pattern to remember them. This means that passwords could potentially be compromised even if they have been changed, as a hacker could recognize the pattern and use it against the user.

Make Passwords Easy to Use

Some network administrators worry that the removal of certain quality-of-life features such as showing a password while the user types it or allowing for copy/paste will make the password more likely to be compromised. The truth is the opposite; ease of use does not compromise security, as people are more likely to stick to established password protocol if you make it easier for them to do so.

Don’t Give Out Password Hints

At the same time, you don’t want to make things too easy for your employees, either. One way that administrators help out employees who easily forget passwords is by providing password hints. The system itself is flawed, especially in today’s society of oversharing information across social media and the Internet in general. If Sally makes her password-based around the name of her dog, for example, the hacker might be able to find that information on her social media page, then can try variations of that name until the code is cracked. So, in the interest of network security, it’s better to just forego these hints. There are other ways to make your password system easier to deal with that don’t compromise security.

Limit Password Attempts

When you place a limit on password attempts for your business, what you are essentially doing is giving hackers a limited number of chances to get lucky. NIST suggests that most employees will fall into one of two categories in regard to password remembrance; either they will remember it, or they will keep it stored somewhere (hopefully in a password management system). Thus, if an employee is likely to do one or the other, a limit on password attempts will not necessarily impact them but will make all the difference against security threats.

Implement Multi-Factor Authentication

COMPANYNAME recommends that your business implement multi-factor authentication or two-factor authentication whenever possible. NIST recommends that users be able to demonstrate at least two of the following methods of authentication before they can access an account. They are the following:

  1. “Something you know” (like a password)
  2. “Something you have” (like a mobile device)
  3. “Something you are” (like a face or a fingerprint)

If two of the above are met, then there is sufficient evidence to suggest that the user is supposed to be accessing that account. Consider how much more difficult this makes things for a hacker. Even if they have a password, it is unlikely that they also have physical access to a mobile device, a face, or a fingerprint.

Make password security a priority for your organization now so that you don’t have to worry about data breaches later on down the road. AE Technology Group can help you set up a password manager that makes adhering to these best practices easier. To learn more, reach out to us at (516) 536-5006.

BlackRock Trojan: Aggressive Viral Menace For Android Device Users

a computer screen with a malware symbol on it

A new attack on android applications known as the BlackRock trojan has already targeted over 300 applications on the android operating system, including banking, social media, and dating applications. Any application with payment features, which is most nowadays, has been targeted and users credit card information has been compromised. How does this all work though, and what implications will it have for the future of the android operating system?

The Mechanics of BlackRock

The essential approach that BlackRock takes to get access to your information is it sends out a false Google Update and requests accessibility privileges. After it is granted these privileges it develops its own autonomy and no longer needs further interaction from the user to operate, it does this through granting itself further permissions afterwards. 

Some abilities BlackRock has, are traditional of trojan attacks, and some are quite problematic. It can collect device information, it can perform overlay attacks, but even more concerning, it can prevent antivirus software and even prevent uninstalling, leading to a longer lifespan than most hacks and more damage being done to your device and more of your information being compromised.

The Network and History of BlackRock Malware

Information from the site ThreatFabric has concluded that BlackRock is based on banking malware known as Xerxes, which itself is a version of Lokibot malware, discovered in 2019. Lokibot is part of an underground network of rented malware which circulated in 2016 and 2017. What really caused it to be a ubiquitous problem is when the source code got leaked. 

Android tried to get out in front of the older malware by pushing their newer devices which, with their new hardware, had a natural adaptation curve for implementing the attacks on the new systems. This, unfortunately, didn’t last long. In 2018, MysteryBot dropped, which was an update on the Xerxes system to work with new Android systems. 

The ancestral history of BlackRock is inundated with Lokibot variants. Parasite was a brief problem, although after disappearing from the malware space, Xeres was the direct parent of BlackRock, with the former appearing in 2019 and now, here in 2020, we have BlackRock.

Top Apps That Have Been Threatened

Numerous applications have suffered the injection and compromise of BlackRock, but the most notable are:

  • Gmail
  • Google Play
  • Netflix
  • Wells Fargo
  • Twitter
  • Instagram
  • Facebook

Many others have been targeted as well, leading to an entire suite of applications being at risk. Millions of users could have been affected and had their financial and contact information now in the hands of hackers, which could be numerous themselves seeing as the above mentioned malware network is vast and diverse.

Implications for Android

Android, being a more open operating system, runs the risk of more of these said attacks if they don’t take a new approach to how they monitor their application base. Two futures exist for android after this latest breach.

One, they stay with the same approach they have now and hope that they can rely on a numbers game, praying that the majority of their apps stay solid with their own individual protection protocols, and hoping the majority of their users stay safe.

The other is they radically change how they monitor their operating system, implementing much more rigorous analysis of their potential apps and making the approval process contain much more scrutiny in their security requirements. 

Either way the future for android will remain risky if they simply ignore the growing underground network of malware. They desperately need to engage in research of this growing corner of the hacking world if they have any hope of maintaining a safe and secure user base.

Get more news, tips and tricks at our blog here.

Business Owners 12x More Likely to Be a Cyber Security Target Here’s What You Can Do About It

a close up of a target with arrows in it

As a business owner or operator, it is up to you to protect yourself and your employees from cyber attacks. Unfortunately, many small business owners either underestimate the damage a cyber attack can cause or fail to take the proper steps to protect themselves. Below is a look at some reasons why business owners are more likely to be a cyber security target and some steps you can take to reduce your risk.

Why are Business Owners More Susceptible to Cyber Attacks?

A recent study by Verizon highlights how vulnerable business owners are to cyber security attacks. When compared to other employees, business owners and senior executives are a dozen times more apt to become a victim of a cyber security attack. Small businesses were especially likely to be targeted, accounting for 43% of cyber attacks and data breaches. Here are a few reasons why business owners and executives are more at risk:

They are incredibly busy

Business owners and top executives are usually preoccupied with the day to day activities of running a business. They are so busy focusing on customer issues, troubleshooting, and promoting their business that they do not have time to think about cybersecurity. 

They often know little about protecting themselves

In addition to having little time to think about IT threats, business owners typically know very little about cybersecurity. They have no idea about the most common threats or what measures they can take to protect themselves.

They think they are immune to attacks

Small business owners, in particular, are especially likely to think that they will never become a target of a cyber attack. They often assume that hackers will target larger, more profitable companies, and therefore focus little on prevention.

They underestimate the damage an attack can cause

With the average cost of a cyber attack now exceeding $1 million, a cyber attack can spell financial doom for a business – especially a small one. Between lost productivity, service disruptions, and a poor customer experience, cyber attacks can cause lasting damage to a business.

What are some simple steps you can take to help prevent attacks?

The path to preventing cyber attacks begins with knowledge and training. By having a keen understanding of your risks, you will be motivated to increase your focus on cybersecurity. Here are a few simple steps you can take to protect yourself from cyber attacks:

  • Make cybersecurity a top priority at your business
  • Incorporate cybersecurity details into your training initiatives
  • Ensure data is kept in a safe, secure location
  • Implement security surveying and testing procedures
  • Closely manage your internet firewall protection

What is the single best way to protect yourself from cyber attacks?

As outlined above, there are many reasons why business owners are at an increased risk of cyber attacks and data breaches. And while there are some measures you can take to help prevent these problems, the single best way to protect yourself and your business is to seek the services of an experienced IT partner. An accomplished IT partner will work with you to educate you and your team about the most common threats. More importantly, they will arm you with a strategic plan to protect you from those threats.

As New York’s premier provider of IT services, AE Technology Group is your solution to preventing cyber security attacks. We invite you to contact us to discover why business owners across NYC and Long Island trust us to protect their identity and their companies. For 20 years, we have delivered five-star IT support and management to businesses of all sizes. We look forward to giving you and your business the cyber security protection you deserve!

Prevent Cyber Attacks With This Essential Guide

a group of toy soldiers standing next to each other

From data theft to compromising the core integrity of your company’s sensitive information, cyber attacks can strike anytime, anywhere. Malware and ransomware present a significant liability. Small businesses are especially vulnerable as these entities are often seen as an easy target. 43% of cyber attacks are aimed at small businesses and most close up shop within a year following a data compromise. Don’t leave your company’s future in the hands of hackers. Take control with AE Technology Group’s Essential Guide to Preventing Cyber Attacks.

Identify The Weakest Link

Conduct a detailed audit of your business systems and protocols. Establish what security measures are in place and what areas need to be fortified. A quick vulnerabilities check is essential in determining a course of preemptive action. Does your company train employees to be technologically compliant? Are uniform password standards and other security measures in place? Is software updated to ensure new, evolving threats are actively being mitigated?

Filling the gaps in your security wall is the best way to start defending against cyber crime.

Build Your Defense

Invest in robust antivirus and anti-malware software. No matter the scale of your business, the most valuable asset is your data. Building a strong cyber defense is the best way to secure systems information. Arm your network with a strong firewall and establish a routine for updating software and applications — or set systems to automatically update so your security never lapses.

Train Your Team

People are the greatest asset when it comes to preventing cyber attacks. Make sure your staff is equipped to play an active role in cyber security. 

Hosting biannual technology training courses provides a comprehensive environment for employees to learn about technology compliance. From phishing schemes to password protection, the digital world is constantly updating and rapidly evolving to meet the needs of today’s professionals. Keep your crew up to date as well with dedicated in house support, IT management, and one-on-one training opportunities.

Compliance is Key

Provide uniform corporate standards for data security. This includes password regulations and controlling user access through individual employee accounts. A good rule of thumb when it comes to password security is to utilize a combination of letters, numbers, and special characters. Sentence passwords are typically the most secure. Set passwords to expire every 6 months so that routine updates are required by all users.

Monitor any unauthorized activity to detect threats early on. This will allow management to minimize the impact of any malware that slips through the cracks. It’s also a good idea to manage employee credentials by limiting higher level data access. Assign user profiles with authority to install and download new software, as well as make administrative changes to critical systems information. Limiting access is a good way to reduce the risk of a cyber attack.

Along the same lines of protocol, consider compartmentalizing the network. Separate departments by access level so that each department only has access to the resources they need. This will make it easier for your managers and staff to focus on one aspect of the development environment without worrying about compliance outside of their organization.

Secure your company’s Wi-Fi network and ensure the network is always hidden to avoid any unwanted guests stealing your internet — or worse, your data.

Have a Back Up Plan

Even the most stringent of companies can be subject to a data breach. Keep your critical information secure by backing up your network through cloud storage options and external hard drives. Be sure to back up data on a weekly basis so your information is always up to date. This can dramatically minimize profit loss when it comes to recovering from a cyber attack.

When all else fails, the tech experts at AE have our New York business owners covered with comprehensive disaster recovery solutionsContact us today to learn more about securing your company’s future.