TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

cyberattacks

Ransomware: Why Paying Up Could Destroy Your Business

Picture this: You sit down at your desk, fire up your computer, and something’s off. Nothing works.

Your files are encrypted. Your systems are frozen. And staring you in the face is a message demanding thousands of dollars in cryptocurrency to get your data back.

It’s not a movie plot. It’s ransomware. And it’s hitting small businesses like yours more often than ever.

The gut reaction? Pay the ransom and make it go away.

But that’s exactly what the criminals are counting on.

Here’s the truth they don’t tell you: Paying the ransom rarely ends the nightmare.

Even if you pay, there’s no guarantee you’ll get your data back. In many cases, the criminals either don’t unlock everything – or they do, but your data is corrupted or incomplete.

Worse, some businesses pay the ransom only to be hit again a few months later by the same attackers.

Why? Because paying once paints a target on your back.

And it’s not just your files at risk anymore. Modern ransomware doesn’t just lock your data – it steals it.

Attackers threaten to leak sensitive information unless you cough up more cash. Financial records. Client files. Employee info. It all becomes leverage. And if you don’t pay? They publish it online.

Backups? They thought of that, too. Many ransomware variants are designed to find and destroy backup systems before you even realize what’s happening. So even if you think you’re protected, you might not be.

Here’s another kicker: The real cost of a ransomware attack goes way beyond the ransom. Studies show that the total damage – including downtime, recovery, lost productivity, and reputation damage – can be ten times the actual demand.

That’s right. A $10,000 ransom could turn into a six – figure problem.

Now let’s talk about the long game.

Every ransom paid helps fund the next wave of attacks. The tools get better. The tactics get trickier. And the pool of targets gets bigger. Paying up doesn’t just hurt your business – it fuels the engine that drives this entire criminal enterprise.

So what’s the smart play? Don’t focus on ransom. Focus on recovery.

That means:

  • Having backups that can’t be touched by attackers.
  • Testing those backups regularly – don’t just set it and forget it.
  • Training your team to spot the red flags and respond fast.
  • Creating a disaster recovery plan that actually works when you need it.

You might not be able to stop every threat from getting in. But you can make sure a ransomware attack doesn’t take your business down with it.

If you’re not sure where to start, we can help. We build cybersecurity and recovery plans specifically for small businesses – without the jargon, the scare tactics, or the six – figure price tag.

Let’s make sure you never have to choose between paying criminals or going out of business. Reach out. We’ve got your back. Email us at info@MyTechExperts.com.

What Is A Password Spraying Attack?

Password spraying is a complex type of cyberattack that uses weak passwords to get into multiple user accounts without permission. Using the same password or a list of passwords that are often used on multiple accounts is what this method is all about. The goal is to get around common security measures like account lockouts.

Attacks that use a lot of passwords are very successful because they target the weakest link in cybersecurity: people and how they manage their passwords.

What is password spraying and how does it work?

A brute-force attack called “password spraying” tries to get into multiple accounts with the same password. Attackers can avoid account shutdown policies with this method.

Attackers often get lists of usernames from public directories or data leaks that have already happened. They then use the same passwords to try to log in to all of these accounts. Usually, the process is automated so that it can quickly try all possible pairs of username and password.

Password spraying has become popular among hackers, even those working for the government, in recent years. Because it is so easy to do and works so well to get around security measures, it is a major threat to both personal and business data security.

As cybersecurity improves, it will become more important to understand and stop password spraying.

How does password spraying differ from other cyberattacks?

Password spraying is distinct from other brute-force attacks in its approach and execution. While traditional brute-force attacks focus on trying multiple passwords against a single account, password spraying uses a single password across multiple accounts.

Understanding brute-force attacks

Brute-force attacks involve systematically trying all possible combinations of passwords to gain access to an account. These attacks are often resource- intensive and can be easily detected due to the high volume of login attempts on a single account.

Comparing credential stuffing

Credential stuffing involves using lists of stolen username and password combinations to attempt logins.

How can organizations detect and prevent password spraying?

Detecting password spraying attacks requires a proactive approach to monitoring and analysis. Organizations must implement robust security measures to identify suspicious activities early on.

Implementing Strong Password Policies. Organizations should adopt guidelines that ensure passwords are complex, lengthy, and regularly updated.

Deploying Multi-Factor Authentication. Multi-factor authentication (MFA) significantly reduces the risk of unauthorized access by requiring additional verification steps beyond just a password.

Conducting Regular Security Audits. Regular audits of authentication logs and security posture assessments can help identify vulnerabilities that could facilitate password spraying attacks.

Enhancing Login Detection. Organizations should set up detection systems for login attempts to multiple accounts from a single host over a short period. Implementing stronger lockout policies that balance security with usability is also crucial.

Incident Response Planning. This plan should include procedures for alerting users, changing passwords, and conducting thorough security audits.

Taking action against password spraying

To enhance your organization’s cybersecurity and protect against password spraying attacks, contact us today to learn how we can assist you in securing your systems against evolving cyber threats.

Think About Recovery Before The Attack Strikes

Let us set the scene. It’s an ordinary Wednesday. You’re in the zone, minding your own business, getting things done, and making those boss decisions that keep your company running smoothly. Suddenly, without warning, BAM… you get hit with a cyber attack.

Panic mode kicks in.

But here’s the thing: These attacks are far more common than you might think. And guess who the favorite targets are? Surprisingly, it’s not the big multinational corporations but small and medium-sized businesses (SMBs) like yours.

The consequences of a cyber attack? We’re talking about severe financial losses, significant data loss, and reputation damage that can take years to recover from. The whole nine yards.

However, it doesn’t have to be that way. If you have a recovery plan in place, you can turn what could be a total nightmare into merely “an annoying inconvenience.”

So, what should your recovery plan include? Well, let’s start with prevention. Prevention is absolutely key. Investing in solid cybersecurity measures such as firewalls, antivirus software, and regular security checkups can go a long way in keeping your business safe. And don’t underestimate the importance of educating your team about good cyber hygiene – this includes using strong passwords, recognizing phishing attempts, and not clicking on suspicious links.

Next, it’s crucial to have a game plan for when the inevitable happens. This means having clear protocols in place for how to respond to an attack. Know who to call, what immediate steps to take to minimize the damage, and how to communicate with your stakeholders. Quick and decisive action can significantly reduce the impact of an attack.

One of the most critical components of your recovery plan is data backups. Regularly backing up your data to a secure location can be a true lifesaver in the event of an attack. This ensures that even if your systems are compromised, you still have access to your important files. Make sure your backups are done frequently and stored in a location that is not connected to your primary network.

Moreover, practice makes perfect! Regularly test your recovery plan to ensure it’s effective and up to date. Conducting drills and simulations can help you identify any weaknesses in your plan and make necessary adjustments. After all, you don’t want to wait until disaster strikes to discover that your plan has more holes than a block of Swiss cheese.

It’s also important to consider the legal and regulatory aspects of cybersecurity. Different industries have different requirements when it comes to data protection and breach notification. Ensure that your recovery plan complies with all relevant laws and regulations. This not only helps protect your business but also builds trust with your customers and partners.

In the aftermath of an attack, communication is key. Be transparent with your customers, employees, and other stakeholders about what happened, what steps you are taking to address the situation, and how you plan to prevent future incidents. Honest and timely communication can help mitigate reputation damage and maintain trust.

Finally, consider partnering with cybersecurity experts who can provide additional support and guidance. They can help you develop a comprehensive recovery plan, conduct regular security assessments, and stay up to date with the latest threats and best practices. Cybersecurity is a complex and ever-evolving field, and having experts on your side can make a significant difference.

Cyber attacks may be scary, but with a solid recovery plan in place, you can rest easy knowing your business is armed and ready. Remember what they say: Fail to prepare, prepare to fail.

If you need assistance in creating your recovery plan, don’t hesitate to get in touch. We’re here to help you safeguard your business and ensure you’re prepared for whatever comes your way.

Satellites Are Safe In Space…But Not Cyber-Space!

Yes, satellites are indeed vulnerable to cyberattacks.

As sophisticated technologies, satellites are not immune to the risks posed by cyber threats. While they operate in space, they are still managed and controlled through ground stations on Earth, making them susceptible to various types of cybervulnerabilities.

Think about it…

Like any computer system, satellites can be infected with malware or viruses, affecting their functionality and data integrity. They can also be overwhelmed with excessive traffic, causing temporary or permanent disruptions, like any other DDOS attack.

Attackers can also send false signals or information to satellites, leading to incorrect data processing or navigation errors.

Imagine if a company’s computer systems crash, or there’s a big cyber-attack, or a natural disaster like a flood or fire strikes their office.

With a well-thought-out plan in place, you (and your coworkers)can quickly get back on your feet, minimize the damage and continue serving customers.

The disaster recovery plan includes things like data backups, so important information doesn’t get lost forever. It also outlines who’s in charge of what during the crisis, so everyone knows what to do.

If hackers gain access to the ground stations or satellite control systems, they may be able to manipulate or disrupt satellite operations. Intercepting that communication signal could expose sensitive information!

While less common, physical attacks on satellites or their infrastructure in space can also occur, leading to a loss of functionality.

If someone successfully hacked a satellite, it could impact critical services such as communication, navigation, weather forecasting and national security.

For this reason, space agencies, satellite operators, government organizations and other stakeholders are continuously working to enhance satellite cybersecurity measures and stay ahead of potential threats!

Do you have a disaster recovery plan?

Having a disaster recovery plan might seem like extra work, but it’s a smart and responsible thing to do.

It helps keep the company running smoothly even when bad things happen, and it shows that you’re ready for anything! So, just like how we prepare for unexpected situations in our daily lives, companies need to have a disaster recovery plan to be ready for anything that comes their way.

It’s like having an emergency kit ready for unexpected disasters. Just like how we keep a flashlight, some snacks, and first aid supplies handy for emergencies, a disaster recovery plan is a strategy for what to do when major problems occur that disrupt operations.

A disaster recovery plan also ensures that you have a safe place to work from in case their usual office is unavailable (like, say, if a global pandemic were to strike?).

When something major happens, it’s normal for people to panic. A disaster recovery plan that has been routinely tested, updated and studied will save you from the panic, and headache, of what to do when the worst goes down.

Instead, you’ll be back to business as usual in no time.

What Is Push Bombing And How Can You Prevent It?

In the fast-paced digital landscape, businesses both big and small face a multitude of challenges. One such emerging threat that has garnered significant attention is “push bombing.”

This practice involves bombarding a company’s push notification system with fraudulent or malicious requests, causing disruptions, overwhelming server capacities, and undermining user experiences.

Small companies, in particular, are vulnerable to the detrimental effects of push bombing as they often lack the resources and expertise to swiftly counteract such attacks.

Understanding push bombing

Push bombing refers to the deliberate act of flooding a company’s push notification system with an excessive number of requests, typically generated by automated scripts or bots.

These requests are intended to exhaust server resources, disrupt normal operations, and degrade the performance of legitimate notifications.

Push bombing can lead to a series of detrimental consequences for targeted businesses, including increased server costs, diminished user experience, loss of customer trust, and even reputational damage.

Small companies often face a unique set of challenges when dealing with push bombing attacks.

Limited budgets, scarce technological resources, and a lack of dedicated security personnel make it difficult for these businesses to respond effectively. Unlike larger enterprises, small companies may not have the financial means to invest in robust security systems or hire specialized personnel to address such threats.

Consequently, they become attractive targets for push bombing perpetrators seeking vulnerabilities to exploit.

Preventive measures for small businesses

While it may be challenging for small companies to completely eradicate the risk of push bombing, there are several key, low-cost preventive measures they can take to minimize the impact of such attacks:

Implement rate limiting: By setting thresholds for the number of push notifications allowed per second, small companies can regulate the flow of requests and prevent overwhelming their systems.

Rate limiting helps distinguish legitimate user requests from automated ones and ensures a more balanced distribution of server resources.

CAPTCHA implementation: Employing CAPTCHAs (Completely Automated Public Turing tests to tell Computers and Humans Apart) in push notification sign-up forms can effectively deter automated bots from inundating the system with fake requests.

CAPTCHAs require users to complete a challenge, thus confirming their human presence and preventing malicious activities.

Monitor traffic patterns: Vigilant monitoring of network traffic can help small companies identify abnormal patterns indicative of a push bombing attack.
Employing security tools that provide real-time alerts and anomaly detection capabilities can enable proactive response and mitigation.

Two-factor authentication (2FA): Implementing 2FA for push notification subscriptions can add an extra layer of security. By requiring users to verify their identities through a secondary authentication method, such as SMS codes or email confirmations, small companies can significantly reduce the risk of unauthorized subscriptions by bots.

Collaborate with security experts: Small companies can benefit from partnering with reputable cybersecurity firms or consultants.

These experts can assist in conducting security assessments, implementing protective measures, and providing guidance on responding to push bombing attacks, thus augmenting the company’s overall security posture.

As digital threats continue to evolve, it is crucial for small companies to remain proactive in safeguarding their push notification systems against push bombing attacks.

By implementing preventative measures such as rate limiting, CAPTCHAs, traffic monitoring, 2FA, and seeking professional guidance, small businesses can fortify their defenses and mitigate the risks associated with push bombing.

As technology advances, it is essential for companies of all sizes to prioritize cybersecurity to maintain the trust and confidence of their customers, ensuring smooth operations and sustained growth in an increasingly digital world.

Proven Ways To Mitigate The Cost Of A Data Breach

Cybersecurity is an essential aspect of running a business. In today’s digital world, it’s crucial to have a plan in place to respond to incidents, adopt a zero trust approach to security, and use tools with security AI and automation.

By taking these measures, you can help reduce the cost of a data breach and lower the risk of cyberattacks.

Putting in place an incident response plan is crucial for any organization. In the event of a cyberattack, having a well-planned and executed response can help contain the breach and prevent further damage.

In fact, a practiced incident response plan can greatly reduce the cost of a data breach, by an average of $2.66 million per incident. It’s important to regularly practice and update this plan to ensure that your organization is prepared for any potential cyber threats.

Another effective cybersecurity measure is to adopt a zero trust approach. This means that instead of trusting everything within your network, you should verify everything and everyone.

By adopting a zero trust approach, you can significantly reduce the cost of a data breach. Organizations that don’t deploy zero trust tactics pay about $1 million more per breach.

It’s important to carefully evaluate the access levels of your employees and partners, and ensure that they only have access to the information and systems they need to do their jobs.

Using tools with security AI and automation is also an effective way to reduce the cost of a data breach. These tools use machine learning and artificial intelligence to detect and respond to cyberattacks. By automating your cybersecurity processes, you can free up your IT team to focus on other tasks while ensuring that your organization is protected against cyber threats.

Advanced Threat Protection (ATP) is an example of a tool that uses security AI and automation to detect and respond to cyberattacks. By using these types of tools, you can reduce the cost of a data breach by 65.2%.

If you’re feeling overwhelmed by the thought of improving your organization’s cybersecurity, working with a trusted IT partner can help.

A trusted IT partner can help you develop a cybersecurity roadmap, implement best practices, and ensure that your organization is protected against cyber threats. They can also provide regular security assessments and help you stay up-to-date with the latest threats and vulnerabilities.

Cybersecurity is a critical aspect of running a business in today’s digital world. By putting in place an incident response plan, adopting a zero trust approach, and using tools with security AI and automation, you can greatly reduce the cost of a data breach and lower the risk of cyberattacks.

If you need help improving your organization’s cybersecurity, consider working with a trusted IT partner like Tech Experts who can guide you through the process and ensure that your organization is protected against cyber threats.

What Are The Top Cybersecurity Attack Trends For 2023?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

As the world becomes increasingly reliant on technology, cyber attacks have become a major concern for individuals and organizations alike. In 2023, it is likely that we will see a continuation of current trends, as well as the emergence of new threats. Here are some things to look out for:

Ransomware attacks

Ransomware attacks involve hackers encrypting a victim’s data and demanding a ransom in exchange for the decryption key. These attacks can be extremely disruptive, as they can prevent businesses from accessing important data and systems.

It is likely that we will see an increase in the number of ransomware attacks, as well as more sophisticated and targeted attacks.

[Read more…] about What Are The Top Cybersecurity Attack Trends For 2023?

The Biggest Vulnerabilities Hackers Are Currently Exploiting

Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.

The developer issues a patch to fix the vulnerability. But it’s not long before a new feature update causes more.

It’s like a game of “whack-a-mole” to keep your systems secure.

Without ongoing patch and update management, company networks are vulnerable. And these attacks are completely avoidable.

82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities.

What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA). Make sure to patch any of these vulnerabilities in your systems.

Microsoft Vulnerabilities

  • CVE-2012-4969: An Internet Explorer vulnerability that allows the remote execution of code.
  • CVE-2013-1331: This Microsoft Office flaw enables hackers to launch remote attacks.
  • CVE-2012-0151: This Windows vulnerability allows user-assisted attackers to execute remote code.

Google Vulnerabilities

  • CVE-2016-1646 & CVE-2016-518: These Chrome & Chromium engine vulnerabilities both allow attackers to conduct denial of service attacks.

Adobe Vulnerabilities

  • CVE-2009-4324: This is a flaw in Acrobat that allows hackers to execute remote code via a PDF file.
  • CVE-2010-1297: A Flash Player vulnerability that allows remote execution and denial of service attacks. (Flash Player is no longer supported, so you should remove it).

Netgear Vulnerability

  • CVE-2017-6862: This router flaw allows a hacker to execute code remotely.

Patch & Update Regularly!

These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added at https://www.cisa.gov

How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional (like us) to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.

Small Businesses Are Attacked By Hackers Three Times More Often Than Larger Ones

Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want?

Didn’t think they even knew about your small business?

Well, a new report out by cyber-security firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.

Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.

Why Are Smaller Companies Targeted More?

There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.

Small Companies Tend to Spend Less on Cybersecurity

When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.

Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them.

But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.

Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.

Every Business Has “Hack-Worthy” Resources

Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cyber-criminals can sell these on the Dark Web. From there, other criminals use them for identity theft.

Here are some of the data that hackers will go after:

  • Customer records
  • Employee records
  • Bank account information
  • Emails and passwords
  • Payment card details

Small Businesses Can Provide Entry Into Larger Ones

If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies, including digital marketing, website management, accounting, and more.

Vendors are often digitally connected to their client’s systems.

This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus.

Small Business Owners Are Often Unprepared for Ransomware

Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.

The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.

Who’s To Blame For A Cyber Security Breach?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

We all know what a huge danger a cyber security breach can be for a business. And just how many businesses are being breached right now. You hear about it on the nightly news and read about it almost daily in the newspaper.

In truth, we hate having to write this. We don’t want to feel like we’re scaring you or sound all doom and gloom! But it’s really important that you’re fully aware of the risk to your business if you suffer a breach.

Last year, the number of reported data breaches rose 68% compared to 2020.

And while it’s a good idea to implement the right cyber security tools to help reduce the risk of an attack, it’s practically impossible (or definitely unworkable) to give your business 100% protection from attack by only using software tools. You also have to manage the human element of data protection. [Read more…] about Who’s To Blame For A Cyber Security Breach?