Managed Services – Network Security

Ransomware, phishing, and other types of cyberattacks are increasing in number and sophistication. To avoid becoming a victim, you must take measures to protect your company.

No business is too small to go unnoticed by cybercriminals. The fact is that cybercriminals like to attack small companies because those businesses often do not have the expertise or resources to fend them off.

Running anti-malware software is a good first step. However, that is only one of several measures you need to take to protect your company against cyberattacks. Other important measures include reducing known security vulnerabilities, educating your employees, and preparing for the worst-case scenario.

Are You Ready for Worry Free IT-Security?

Make sure your company has the proper safeguards in place. Waiting until tomorrow might prove to be too late. Even if you’re not ready to outsource your security yet, we’d still like to help. The following are some suggestions to help you protect your business in the meantime:

Reduce Security Vulnerabilities

Update Your Software Regularly
Cybercriminals like to target operating system software and applications that have known security vulnerabilities.

Our services will keep your software up to date regularly with newly released patches and eliminate known vulnerabilities, reducing the number of exploitable entry points into your computer systems.

Update Your Firmware
Computers, printers, routers, and other hardware devices include firmware, which is software that gives a device its functionality. Just like software, firmware can have vulnerabilities that cybercriminals exploit. So, it is important to patch your devices’ firmware whenever the device manufacturers release an update.

Upgrade Your Software When Necessary
When was the last time your software was upgraded? At some point in time, software vendors stop supporting older operating system software and applications. Cybercriminals keep track of when versions of popular applications reach their end of support. Sometimes, they stockpile malware until the end-of-support date and then set it loose. 

Our team can conduct a vulnerability analysis to identify security issues that are leaving your business susceptible to cyberattacks. Once identified, we can work with you to address those vulnerabilities and reduce your risk.

Educate Employees

Ransomware, Phishing and Spear Phishing
Despite being around for years, phishing emails are still being used by cybercriminals which they use to solicit sensitive information and steal money and data from businesses. Although people are now more aware of phishing, the attacks are still effective because of the growing sophistication of the emails.

Today, cybercriminals are increasingly posing as legitimate companies, creating emails that look almost identical to real ones sent by those organizations. Cybercriminals can even personalize the email to the point where it includes your name and other information about you—a tactic referred to as “spear phishing”.

Train your employees to look for elements such as:

• A deceptive email address in the “From” field. At first glance, the email address might seem legitimate. For instance, cybercriminals might send out an email message using the address “account-update@amazan.com” instead of the real “account-update@amazon.com” address.
• A request to update or verify information. Cybercriminals like to get sensitive information by posing as a popular legitimate financial institution (e.g., a bank) and asking you to update or verify your information.
• A sense of urgency. A common tactic in a phishing or spear phishing scam is to create a sense of urgency. The cybercriminals first let you know about a problem that requires your attention. Then, they let you know that there will be unfortunate consequences if you do not take action quickly.
• A deceptive URL. A deceptive URL is one in which the actual URL does not match the displayed linked text or web address. For example, the displayed text might specify a legitimate bank name (“Chase”) or bank web address (“www.chase.com”), but when you hover your cursor over it (without clicking it), you might discover that the actual URL leads to a website in a foreign country known for cyber attacks.
• An attachment. Cybercriminals sometimes use email attachments to install malware on computers. Many different types of files can contain malicious code, including PDF files and Microsoft Word documents.

When discussing how to spot phishing attacks with employees, be sure to stress the risks associated with clicking an email link or opening an email attachment, especially if the email is from an unknown source. You also need to let employees know what they should do if they receive a suspicious email.

Social Engineering
Cybercriminals sometimes try to con employees into giving them the information they need to access business computer systems or accounts. This is referred to as “social engineering”. Hackers like to use social engineering attacks because exploiting human behavior is usually easier than hacking security and computer systems.

While social engineering attacks typically occur via email (a.k.a. spear phishing emails), they can also occur over the phone and in person. The cybercriminals often masquerade as employees, but they also might pretend to be suppliers, customers, or even trusted outside authority figures (e.g., firefighters, auditors).

To get into character, cybercriminals usually learn your business’s lingo and sometimes search the internet for information that can help them in their impersonations. Without realizing it, many people provide a lot of information about their professional and personal lives on LinkedIn, Facebook, and other social media sites that can be exploited by attackers.

When discussing social engineering with your employees, stress the importance of being careful about what they post on social media sites. For example, if an employee posts pictures and stories about her favorite cat, cybercriminals might try using the cat’s name as a password or the answer to the security question “What is the name of your favorite pet?” With some online accounts, all it takes to reset a password is an email address and the correct answer to a security question. If cybercriminals are able to reset an account’s password, they gain full access to that account.

The Intec team can share their vast knowledge about cyberattacks with your employees. Armed with this information, your employees can present a formidable line of defense against cyberattacks.

Prepare for the Worst-Case Scenario

Cybercriminals are constantly devising new ways to attack businesses, so despite your best efforts, your business might become the latest cyberattack victim. This is yet another important reason why you need a data backup strategy.

Although having backup copies of your data and systems will not prevent a cyberattack, it can mitigate the effects of one. For example, if your business becomes the victim of a ransomware attack, you will not have to pay the ransom to get your data back.

We can help you develop a data backup strategy and test it to make sure that your information can be restored in case your company is attacked.