Thursday, December 20, 2018

Quote of the Day


"Art, freedom and creativity will change society faster than politics." - Victor Pinchuk 

Monday, December 17, 2018

Quote of the Day

"I feel that there is nothing more truly artistic than to love people." - Vincent Van Gogh

Friday, December 14, 2018

Reminder: That Padlock Doesn’t Mean It’s Secure

Reminder: That Padlock Doesn’t Mean It’s Secure

We’ve mentioned this before, but the misconception has surfaced again, and it’s worth mentioning again. Looking for the padlock as a sign of a secure legitimate website isn’t an accurate indication that a site is malware free. Recent research indicates that nearly half of all phishing sites display the padlock and a web address that begins with https.

Data from PhishLabs show that 49% of all phishing sites in third quarter 2018 had the lock icon. This is up 25% from a year ago. Since a majority of users take “look for the lock” to heart, this new finding is significant. 80% of the respondents to a PhishLabs survey believed the lock indicated a legitimate and safe website.

Remind Employees, That Padlock Doesn’t Mean It’s Secure

Remind employees that the https portion of the address signifies that the data being transmitted is encrypted and so can’t be read by third parties. The padlock itself signifies nothing more than this. Its appearance may mean nothing more than that criminals are just lending some bogus credibility to their site.

John LaCour, chief technology officer for PhishLabs, said, “The bottom line is that the presence or lack of SSL doesn’t tell you anything about a site’s legitimacy.” More:
https://blog.knowbe4.com/reminder-that-padlock-doesnt-mean-its-secure

Tuesday, December 11, 2018

Attackers Impersonate CEOs to Scam Employees Into Sending Gift Cards for the Holidays

Attackers Impersonate CEOs to Scam Employees Into Sending Gift Cards for the Holidays

A crafty mix of social engineering, great timing, and context act as the perfect ingredients to trick unwitting users into buying gift cards and placing them into the hands of the attacker.

At the end of the year, nearly every company is thinking about holiday bonuses, corporate gifts, and holiday greeting cards for customers. So, it’s not unusual to think that the head of an organization might want to give out some gift cards to select employees at this time of year.

This all-too-common scenario is being taken advantage of by cybercriminals, according to the latest threat spotlight from security company Barracuda. Using simple impersonation tactics, the bad guys pose as the CEO asking an office manager, executive assistant, or receptionist to discreetly purchase some gift cards that will be used as gifts to employees.

Using well-researched personnel details, these cybercriminals are able to identify an appropriate individual to target, send them an email from the CEO’s supposed personal account, implying a sense of urgency to move the victim to act.

What makes these attacks so successful boils down to a few factors: 
  • They are filled with contextual goodness – these attacks get so many details right: the CEO’s name, the recipient selected, the time of year, and the reason for the gift card purchase. In an employee’s mind, this is all very plausible. 
  • There’s no malware – this is a malware-less attack, with no links or attachments for an AV or endpoint protection solution to spot. 
  • They leverage the power of the CEO – this is important. When the CEO says jump, generally people say how high? The fact that the request is coming from the CEO is usually sufficient motivation to make the recipient comply.
I can think of only two real ways to stop attacks like this:
  • Process – anytime a request is made to purchase something over a certain amount via email, a phone call should follow to verify the request. 
  • Education – users that continually go through security awareness training should spot this a mile away. The email details and the abnormality of the request are red flags to a user with an elevated security mindset. Users that step through security awareness training are educated on the scams run, tactics used, what to look for, and, generally, to maintain a state of vigilance when it comes to their interaction with email and the web.
This impersonation attack is simple but effective. Protect your organization by enabling your users to be the last line of defense in your security strategy before an attack like this hits.

CEO Fraud Prevention Manual Download

CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim. Download at the KnowBe4 blog:
https://blog.knowbe4.com/attackers-impersonate-ceos-to-scam-employees-into-sending-gift-cards-for-the-holidays

Monday, December 10, 2018

Infrastructure Organizations Beware


According to the 2018 Verizon Data Breach Investigations Report, 29.2% of reported breaches happen in industries considered infrastructure. These industries include utilities, transportation, healthcare and others that use operational technology systems.

What can organizations that are considered infrastructure do to mitigate these risks? First, let’s take a look at what the risks are, and then how to secure your organization from them.

The first risk is the environment where the organization exists. If there is no inventory of the systems, a lack of security and a lack of understanding of what data is being used, the organization is at a major risk. In order to best combat this risk, one should start by gaining an understanding of overall security posture. If an organization is operating in multiple environments, pick a representative environment and apply what was learned to the other environments.

The second risk is patch management. This is self-explanatory, and its solution is as well. Patch your systems! Running outdated OT systems greatly increases the chance of a breach. Network Segmentation is the third risk, with many OT systems having connections between systems that should not be connected. In order to combat this, develop a plan for network segmentation, that way if one network is breached it is contained rather than spreading.

The fourth risk is the supply chain. It is very hard to control how organizations handle their data, which is why it is important to include security requirements when bringing on new systems, as well as continuing maintenance efforts within their vendor management programs. The fifth risk is a lack of a united front within the organization regarding security. To avoid this, one should foster cooperation and respect between the groups who address cyber threats. Training, communication and cooperation are key here.

With the world becoming increasingly digital, state actors are waging war behind the scenes more and more. A good example of this is Russia crippling Ukrainian infrastructure by launching a cyber-attack on power plants. All organizations are at risk for a cyber-attack, but those that are considered infrastructure should consider that the person trying to hack you isn’t necessarily some kid in his mom’s basement or even a pro hacker. It could be an intelligence agency with hundreds of well-trained specialists trying to see how your systems tick and how to break them.
https://www.darkreading.com/vulnerabilities---threats/vulnerabilities-in-our-infrastructure-5-ways-to-mitigate-the-risk/a/d-id/1333211

Friday, December 7, 2018

United States – HSBC Bank USA


Exploit: Multiple compromised online accounts.HSBC: One of the largest banking and financial services organizations in the world, HSBC is based in London and has offices in 80 countries.Risk to Small Business: 1.888 = Severe Risk: The data compromised in this breach can be very harmful to an individual if in the wrong hands, and customers know this. Customers will second-guess their choice of a bank if their information is compromised and those thinking about setting up an account could very well look elsewhere.Individual Risk: 2.428 = Severe Risk: Those who are affected by this breach are at a higher risk of fraud and should take advantage of the identity monitoring program that HSBC offered to victims.Customers Impacted: Undisclosed at this time.How it Could Affect Your Customers’ BusinessOne of the most important things a financial institution has is the trust of its business partners and customers. No one wants to hand over their money to someone they don’t trust. Any organization loses face when experiencing a breach but when a financial institution fails to secure account numbers, transaction history, and balances, customers will NOT forget it.ID Agent to the Rescue: Spotlight ID™ by ID Agent offers comprehensive identity monitoring that also includes credit monitoring. Learn more: https://www.idagent.com/identity-monitoring-programs
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Thursday, December 6, 2018

Canada – Ontario Cannabis Store/Canada Post

Exploit: Supply chain breach. Gained access to the Canada Post’s delivery tracking tool.
Ontario Cannabis Store: A recreational cannabis store in Ontario.Canada Post: A crown corporation that functions as the primary postal operator in Canada.Risk to Small Business: 2.222 = Severe: Mail is highly personal. Nobody likes the idea of someone scooping a package off his or her porch (around here they are called porch pirates). The same idea applies to postal data. Even though the Canada Post was the organization compromised, the customers of the Ontario Cannabis Store suffer. Those customers are likely to take their business elsewhere especially given the newly legal status of the product.Individual Risk: 2.714 = Moderate: Those affected by this breach are more likely to fall victim to identity theft and become targets of phishing emails. While this breach is moderate, this is a special case given those exposed are customers of a recently legalized drug. Those exposed could possibly face social/ business repercussions after their use of cannabis becomes public.Customers Impacted: 4,500 customers / 2% of the firm’s customers.How it Could Affect Your Customers’ BusinessThe legalization of cannabis in Ontario has not been a smooth transition, and with this breach of Canada Post that reveals the names of the Ontario Cannabis Store’s customers the situation only gets stickier.ID Agent to the Rescue: SpotLight ID™ by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type.Learn more: https://www.idagent.com/identity-monitoring-programsRisk Levels:1 - 1.5 = Extreme Risk1.51 - 2.49 = Severe Risk2.5 - 3 = Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

[Heads-Up] Bad Guys Love Marriott: 500 Million Data Breach Is Phishing Heaven

[Heads-Up] Bad Guys Love Marriott: 500 Million Data Breach Is Phishing Heaven 

So, I guess we have just reached the tipping point, it's "privacy game over" for business travelers.

For about 327 million of the 500, the breached data includes names, mailing addresses, phone numbers, email addresses, passport numbers (!), Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

The company said in a statement that it discovered "unauthorized access" to the database, which extended back until 2014. In some cases, payment card numbers and expiration dates were also taken, but Marriott said it's unclear whether the hackers have information to decrypt the payment card numbers.

Marriott said it has set up a website for consumers impacted by the hack, at info.starwoodhotels.com, and a call center. "Call volume may be high, and we appreciate your patience," the company said. Starwood is sending an email to all addresses affected.

Here is where the bad guys come in.

You can expect a raft of phishing attacks that try to exploit this data breach, either by using just scare tactics, or by using actual data from the breach itself to make it look as real as possible.

If you are a KnowBe4 customer, we strongly recommend you inoculate your users and send a simulated phishing attack to your users that uses this Marriott data breach as the theme.

Two new phishing templates and a landing page have been added to our Current Events phishing templates category. Use them to prepare your users before the bad guys use social engineering tactics and trick them. Each template leads to a fake Marriott login page to mimic a credentials phishing attack.

Grab these template and landing pages and send it to either all users, or if you have a Smart Group containing your frequent travelers, that would be the first priority.

If you are not a KnowBe4 customer yet, we suggest you step your users through this free module that is available until the end of December 2018! “Safe Travels For Road Warriors" is a 12-minute animated course with lots of interactivity for those that travel for business—and some very helpful tips for personal travel too.

You will find this module as step 5 of a blog post with some practical advice for business travelers here:
https://blog.knowbe4.com/the-massive-marriott-data-breach-some-practical-advice-for-business-travelers

Monday, November 26, 2018

Infrastructure Organizations Beware


According to the 2018 Verizon Data Breach Investigations Report, 29.2% of reported breaches happen in industries considered infrastructure. These industries include utilities, transportation, healthcare and others that use operational technology systems.

What can organizations that are considered infrastructure do to mitigate these risks? First, let’s take a look at what the risks are, and then how to secure your organization from them.

The first risk is the environment where the organization exists. If there is no inventory of the systems, a lack of security and a lack of understanding of what data is being used, the organization is at a major risk. In order to best combat this risk, one should start by gaining an understanding of overall security posture. If an organization is operating in multiple environments, pick a representative environment and apply what was learned to the other environments.

The second risk is patch management. This is self-explanatory, and its solution is as well. Patch your systems! Running outdated OT systems greatly increases the chance of a breach. Network Segmentation is the third risk, with many OT systems having connections between systems that should not be connected. In order to combat this, develop a plan for network segmentation, that way if one network is breached it is contained rather than spreading.

The fourth risk is the supply chain. It is very hard to control how organizations handle their data, which is why it is important to include security requirements when bringing on new systems, as well as continuing maintenance efforts within their vendor management programs. The fifth risk is a lack of a united front within the organization regarding security. To avoid this, one should foster cooperation and respect between the groups who address cyber threats. Training, communication and cooperation are key here.

With the world becoming increasingly digital, state actors are waging war behind the scenes more and more. A good example of this is Russia crippling Ukrainian infrastructure by launching a cyber-attack on power plants. All organizations are at risk for a cyber-attack, but those that are considered infrastructure should consider that the person trying to hack you isn’t necessarily some kid in his mom’s basement or even a pro hacker. It could be an intelligence agency with hundreds of well-trained specialists trying to see how your systems tick and how to break them.
https://www.darkreading.com/vulnerabilities---threats/vulnerabilities-in-our-infrastructure-5-ways-to-mitigate-the-risk/a/d-id/1333211

For more information checkout our website at www.bitxbit.com or call 877.860.5863

Friday, November 16, 2018

Hackers are Bundling Up This Fall.

Well, it’s nearing the end of the year. You know what that means: it’s time for the ‘best of 2018’ collections to start coming out. One category is Best Movies of 2018… personally, I think The Incredibles 2 is at the top of that list. Another category is Best of Ransomware. Yes, there is a ‘best of the year’ collection for cybercriminals. To the surprise of no one, the ransomware collection is being sold on the Dark Web, but there are many surprising elements to the bundle.
First off, the fact that the year’s most dangerous ransomware variants are being sold as a package deal at a reduced price should show the... professionalism… of the Dark Web marketplaces, as strange as it is to use that word to describe cybercriminals. This crime-as-a-service model is nothing new, but this bundle is undoubtedly a step above the norm. There are 23 ransomware variants included in the bundle, including SamSam. Yes, the notorious SamSam ransomware is included in the bundle. If you don’t know what SamSam is, it is a variant of ransomware that is infamous because of the high-profile targets it has been used against and because until now, it was under lock and key deployed only by a highly specialized group.
This bundle is not for inexperienced hackers, however, which would be worse than the current situation. An unskilled hacker would find difficulty putting most of the bundle to use. The bundle will be removed from the marketplace after sold 25 times, according to the seller, although it is unclear why this is the case. Don’t let one of the hackers who buy this bundle use it against your business! See last week’s The Week in Breach for tips on avoiding ransomware.


Need help? Give us a call at 877.860.5831

Thursday, November 15, 2018

Webinar | Is Your Business Protected Against the Dark Web? Find Out Now!



http://pages.icpro.co/archive/bWVzc2FnZV8zNDA5NDMzXzI4OF8xMTIwXzIwNzAz


Did you know that your digital credentials can be sold for $1 in the secretive corners of the Dark Web? It's a small price for a cyber crime that steals your identity, breaches your data, and could cost your company millions. 
User names, passwords, business applications, and online services -- they're all vulnerable to lurking cyber criminals. They're easily compromised and you might not even know it until it's too late.
Worried yet? You should be.
Find out if your critical assets are exposed before the damage is done with Dark Web Monitoring, a cutting-edge threat intelligence and identity monitoring solution.
In this webinar, you will learn:
  • What makes up the Dark Web & why it's so lethal
  • How everyone in your organization is at risk of exposure
  • The ways Dark Web Monitoring provides real-time awareness of compromised credentials before identity theft or data breaches occur
  • How Dark Web Monitoring will safeguard your business & protect your assets, employees & customers from threats
Sign up to attend this webinar & receive a free, one-time scan of your ID credentials to see if you're exposed!

Register here:

Monday, October 29, 2018

Multi-factor fact


The Dark Web Monster

The Dark Web MonsterWhen looking for a job, usually you would check one of the many job hunting sites you see in commercials or circle ads in newspapers (at least at one point you did). Some people do something very similar… but on the Dark Web searching for an illicit job. Many job postings on the Dark Web seem like normal job ads. But when you look closer you will notice that advert for a driver not only needs the person to drive but also transport drugs. The driver would make $1,000 for a week of work, not including the living expense compensation. One of the more lucrative opportunities on the Dark Web job market is the corporate insider. The most common target is financial employees who, in one example, are offered $3,150 to get a loan or increase cash withdrawal limits on a card. Postal workers are also targeted to steal packages.
The Dark Web is lucrative for those willing to risk their job and possibly their freedom for money. Be careful of both insiders and the wide array of illicit software sold there.https://www.darkreading.com/threat-intelligence/inside-the-dark-webs-help-wanted-ads/d/d-id/1333066

Thursday, October 25, 2018

compromised!!!!

This week Tumblr was breached and we explore Dark Web job postings.
Dark Web ID Trends:
  • Total Compromises: 3,767
  • Top Source Hits: ID Theft Forum (1,429)
  • Top PIIs compromised: Domains (3,761)
    • Clear Text Passwords (876)
  • Top Company Size: 11-50
  • Top Industry: Business & Professional Services and Finance & Insurance

Exploit: Exposed database.
Magen David Adom: The state of Israel’s aid and disaster relief organization.Risk to Small Business: 1.444 = ExtremeA large breach of medical and payment information is highly damaging to business and could take a significant amount of time to regain the trust of its clients.Individual Risk: 2.285 = Severe: Those affected by this breach will be at a high risk of identity theft.Customers Impacted: Not disclosed.How it Could Affect Your Customers’ BusinessThe negative impact of a breach of this nature could influence relationships with customers and other businesses for years to come.ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programsRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
United States – Disqushttps://thehackernews.com/2017/10/disqus-comment-system-hacked.htmlExploit: Exposed DatabaseDisqus: A network community platform that allows users to blog or comment on other company’s websites. It can be installed as a plug-in or drop-in code. Disqus collects user data on the back end and allows companies to use this information for customer analytics, etc…Risk to Small Business: 2.4444 = Severe: Although roughly 1/3 of the 17.5 million records compromised involved passwords, they happened to be salted/hashed. The company also discovered and announced the breach in a quick manner and notified the affected customers.Individual Risk: 2.4286 = Severe: Those affected by this breach will be at a high risk of identity theft.Customers Impacted: 5.8 millionHow it Could Affect Your Customers’ BusinessThe breach involved a large number of customers; however, the database was from 2012 and most credentials could have already been changed. While this is damaging to Disqus’ reputation, they followed protocol and demonstrated how to do breach disclosure the proper way.ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that is vital for those affected by a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programs
United States – Tumblrhttps://www.bleepingcomputer.com/news/security/tumblr-fixes-security-bug-that-leaked-private-account-info/Exploit: Bug.Tumblr: A popular blogging website.Risk to Small Business: 2 = Severe: While Tumblr deserves some credit for 1. Having a bug bounty program that resulted in catching this bug, and 2. Fixing the bug in less than 12 hours after it was discovered, many customers will not appreciate their personal information being leaked and will react accordingly. Tumblr’s timely response, disclosure of the breach, and its bug bounty program will likely reduce the impact on the business significantly.Individual Risk: 2.714 = Moderate: Email addresses were leaked so those affected by the breach are at a higher risk of spam.Customers Impacted: All of the ‘recommend blogs’ shown on Tumblr.How it Could Affect Your Customers’ BusinessA breach that exposes user information is always going to have a negative effect on business, but every organization should take a page out of Tumblr’s book here regarding their response to the event and how they discovered it. Customers lose trust in businesses that mishandle their information, but they also respect when a company is making a serious effort to locate vulnerabilities and can handle a problem when it arises with swift action.ID Agent to the Rescue:  Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach such as this. Learn more: https://www.idagent.com/identity-monitoring-programRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

Wednesday, October 24, 2018

Educational Cybersecurity Awareness Month


October is the month for cybersecurity awareness, and the perfect time to educate your employees on steps they can take to protect your network. From password protection measures to becoming aware of common phishing tactics, awareness is a vital step in protecting your business from cybercrime. Here are some tips you can share with your employees today!

Email Security:
- Never use personal email accounts for company business, nor business credentials for personal logins.
- Use two-factor authentication whenever possible.
- Use unique passwords for all email accounts.
- Maintain suspicions when opening attachments in emails. When in doubt, place a quick call to verify the validity of an email.

Password Security:
- Use complex passwords (not your dog’s name with a number at the end!)
- Consider a password manager.
- Always monitor the Dark Web for stolen credentials.

File Sharing and USB Drives:
- Use application-level encryption to protect the information in your files.
- Monitor your network for unapproved file sharing programs.
- Use file naming that doesn’t disclose the type of information being shared.
- Free file sharing methods do not provide the legal protection to help secure sensitive information.
- Scan USBs for external viruses and malware.
- Disable auto run.
- Encrypt USB drives.
- Keep personal and business USB drives separate.

Mobile Protection:
- Update mobile software regularly.
- Download apps from trusted sources and read reviews to check the validity of apps.
- Always use passcodes or fingerprint recognition when available.
- Turn off discovery mode.
- Activate “find device” and “remote wipe.”

Take the next steps to protecting your network! To learn more about 3bSecurity services Contact us at 877.860.5831 x190

Monday, October 15, 2018

Mojave Upgrade - Apple 2

After installing I have found that Daylite CRM, has issues with the mail plug in.. this is only listed in the support section not the section that tell you Daylite is supported by Mojave. This plug in is rather important in getting mail to the CRM.. so they should list it as being incompatible until that is fixed.. they are currently working on the issue.. Robert

Friday, October 12, 2018

Mojave Upgrade - Apple

I have waited a couple weeks on the ScanSnap update.. it is officially released today.. After installing the Scansnap update and checking the compatibility is various programs, such as Paperless, daylight, Billings, and Scansnap. I proceeded with the latest Apple OS upgrade (Mojave. So far nothing is out of place and everything seems to be running rather well.. I will update again later in the week... Robert Blake

Monday, October 1, 2018

What to Do If Your Computer Is Infected with Ransomware

Ransomware has been in the news a lot lately, with big incidents involving WannaCry, Petya, and many more. The effects that they have can be devastating. They often render computers completely useless and wipe out all of the data saved on them.

While it's obviously best to avoid getting ransomware to begin with, even the safest of users can get infected. That is why it's important to know what to do once your computer does have ransomware on it.

The ransom
Ransomware is called such because they either lock your computer, encrypt your files, or both and then request payment to remove it. 

While you can pay the ransom in hopes of regaining access to your computer and files, it's generally recommended that you don't. The reason for this is because there's absolutely no guarantee that the hacker will ever give you the key to remove the ransomware instead of just pocketing your money and not doing anything about it. Plus, it encourages the hacker to launch more attacks towards you or your company because they know you'll pay up.

So, unless you're willing to take that risk, it's generally a better idea to not pay the ransom.

What to do once your computer is infected
If you are unfortunate enough to end up infected with ransomware, there are a few first steps you can take to try and minimize the damage it does. It is very important to follow the correct steps exactly to limit the damage that the ransomware will do.

The very first step is to disconnect the computer from any and all networks. This will not only keep the ransomware from communicating with the hacker, but it will stop it from spreading and infecting other computers. This step should be done the very second you notice that the computer is infected.

The second thing you need to do is shut down the computer completely, as this will also help keep the damage at a minimum as well as help you potentially recover your computer and its files later.

Finally, you will want to report the incident to the authorities and file a police report. This is not only a necessary legal step in order to file an insurance claim, but it could potentially give the law enforcement officers more evidence to help catch the hacker.

Removing the ransomware and recovering your files
Once you've gone through the first important steps, you have a couple options you can try in order to get your computer back. But, unfortunately, it's not easy to get your data back and there is a very good chance that it may be lost forever.

One of the best options to try is to use the System Restore tool in Windows. To do this, boot your computer back up but don't log in. From the Windows login screen, hold the shift key, click the power icon, and then select restart. It should reboot to the recovery screen.

Once you are on the recovery screen, select "Troubleshoot," then "Advanced Options," and finally, "System Restore." Follow the onscreen instructions to restore your Windows installation back to the previous state before it was infected.

If you're not able to get into the system restore screen normally, then you will need a copy of Windows installation media on either a USB drive or a disc. You'll want to boot into it and choose the "Repair" option instead of installation.

If using the System Restore option doesn't work, then you will need to install a virus scanner to a bootable USB drive or disc. Most of the big antivirus brands will have something like this. AVG, Avast, and Bitdefender all have good, reliable tools that will do the job.

Once you have your bootable virus scanner, you'll want to restart the computer and boot into the scanner in the same way that you booted into the Windows installation. From there, you can run an offline scan on your computer and it will hopefully be able to remove the ransomware for you.

If even that doesn't work, then you will need to use your Windows installation media to do a complete wipe of your computer and reinstall windows. All your data will be lost for good, but you'll have access to the computer again.

Future considerations
Ransomware is one of the worst forms of malware that you could possibly get. It is difficult, if not impossible, to remove and does a lot of damage. This is why It's so important to avoid getting infected with it to begin with.

To avoid ransomware in the future, you will want to make sure you keep everything up to date, particularly the typical vulnerable software like web browsers, Java, and Adobe Flash, and be sure to have a good antivirus program running on your computer at all time.

But the most important thing to do in order to avoid ransomware is to be wary of every email you see, because this is one of the most common methods hackers use to try and infect people with ransomware. Don't trust any email if you're not completely positive who sent it to you, and never download any attachments if you don't already know for sure what they are.

Most important part of ensuring that you are able to recover from an attack is maintaining a consistent and solid backup solution. If you have not evaluated how you back up, you should do it today!

As long as you follow this advice, you'll greatly reduce the chance that you end up getting infected with ransomware in the future.


Robert Blake


Contact Bit by Bit for more information to help recover from a ransomeware attack or help with all of your technology needs. 877.860.5831 x190



Monday, September 17, 2018

Wouldn't it be great if your users had a way to "roll back time" when they forgot to think before they click on a bad link? Now they can!

KnowBe4 is excited to announce Second Chancea brand-new security tool for Outlook, Office 365, and Gmail email clients that you can download and deploy at no cost. Second Chance enables your user to make a smarter security decision by giving them a way to back out of that click.
Second Chance takes an intelligent look at the clicked URL in email, and asks your user if they are sure they want to do this, in case they clicked on a potentially unsafe or an unknown website. 
With the URL Unwinding feature, shortened and re-written links gives users the original link and the location the link will take them. It even prompts your user when they click on a Punycode link! 
You might ask: "What happens if my user continues or aborts their action?" If they choose to abort their action, the prompt will be closed, and the URL will not be opened. If they choose to continue, their browser will navigate to the URL they clicked on.



Get the second chance tool kit here

Monday, September 3, 2018

What's the Diff: Backup vs Archive

Backups and archives serve different functions, yet it's common to hear the terms used interchangeably in cloud storage. It's important to understand the difference between the two to ensure that your data is available when you need it and retained for the period of time you require.Read More Here:

https://www.backblaze.com/blog/data-backup-vs-archive/?utm_source=email&utm_medium=social&utm_campaign=SocialWarfare

Signature Image







Robert Blake 877.680.5831 x190


Managing technology and Protecting Data.

                                                           

The Biggest IT Service Management Myths

When it comes to your IT service management, you're probably going to find you are continually faced with some basic questions and concerns that individuals seem to always create confusion or even complete misconceptions.

It is important to clear up all of these issues far ahead of time, in order to create peace of mind before they back out of potentially helpful IT services. While IT is there to help improve the technology in a business's life, the first step is always to reassure individuals and company owners regarding the possible features and attributes IT service management is able to offer them. 

Cloud Computing is Not Safe 

Making the switch over to the cloud is necessary for most businesses, as it allows individuals to access company files anywhere in the world as long as there is an Internet connection present. However, many first time users of the cloud believe it is rather unsafe because they think anyone with an Internet connection is simply able to hack into it and steal sensitive information.

While there is always a safety risk with storing anything on the Internet, cloud computing is one of the safest options out there and, as long as employees don't hand out their passwords and username, there shouldn't be any sort of problem at all. Cloud computing is far more reliable than having large, bulky network hard drives in the office and it ensures traveling personnel is able to download, view and upload essential documentation wherever they are, which helps expand a business and potentially provide the necessary advantage over the competition.

Mac Based Networks are 100 Percent Safe and Secure 

Some businesses completely love the look and feel of Mac computers and decide to go with these systems over a Windows based one. This is completely fine, but one misconception is many individuals believe Mac computers are completely immune from viruses, hacks and other common Internet-based problems.

To an extent, this is true, as fewer Macs are hit with viruses, but this really has nothing to do with Windows computers being more susceptible than Mac computers. It is more so because there are far more Windows than Mac computers out there, so a hacker or virus designer is going to produce spyware, malware, and viruses for the larger audience, in order to affect the largest number of individuals. Because of this, it is still important to always have network installed security, in order to protect the Mac computers from possible security threats, because as more and more users switch to Apple products, the higher the likelihood someone will attack the Macs.

Managed services is not for me

For many small and medium business might believe the costs will be too expensive. In reality, you get much more with managed services that you can get with hiring one, two or even several in house staff.  When out hire a managed service company, you get a full It  department that has specialists to manage each part of your network. You will find a team to managed your security, servers and advanced technology. You will have a separate team that managed desktop users and a team to manage your administration functions.  You will also gain the knowledge gained from the experience of managing many clients with differing environments. 
Additionally, with with a managed service provider, you don't have to worry about your IT staff being sick or on vacation.  With entire teams on a Helpdesk or server admin, there is someone to take over where the other technician leaves off.  If you need  24 x 7 support, this is much easier when you have a company behind your IT services. When you think about the cost of down time for your technology, how can you not afford to hire a managed service provider. 

In Conclusion 

There are a number of myths floating around regarding IT services and what is best for a particular company. The world of IT is not a one size fits all approach. What works for one company may not work for the next. Due to this, it's extremely important to not only determine the available budget for IT services, but to work with a service provider (either outsourced or an on-site IT professional) to determine the best IT fit for the business.


Do you have more questions? Contact Robert Blake at 877.960.5831 x190