Managed Security

How To Protect Your Company Data From Phishing!

What is Phishing Email?

A phishing email is a general term for an email that requests you to click a link, open a document, or provide personal/corporate information.  The results of a successful phishing attack could mean stolen identities or credit card information, compromised passwords, malware infection (including ransomware), and various other problems.

How Do You Avoid Becoming a Phishing Victim?

INSI offers many useful tools to help protect your company from phishing, such as spam filters, antivirus software, firewalls, and data backups.  All of these tools are critical in the defense against phishing.  However, these resources alone cannot prevent all attempts from reaching users.  Ultimately, everyone must be educated and vigilant!

What to Look for in an Email?

Your end-users must be trained and tested on how to identify phishing emails.  Following are the most common clues:

Unclear Heading:

  • Make sure you know the sender.  Also, ensure that the sender’s name matches their email address.
  • Be wary when the subject is not clear.  Usually, phishing emails are known to have oddities in the subject lines.
  • Check to see who the greeting is directed toward.  A generic greeting is a sign of phishing.

Unusual Requests:

  • One of the single biggest red flags is if the email insists on urgent action.  Cyber-criminals know that panicked users will be more likely to click on a dangerous link.
  • Never click on a link that claims it will redirect you to the company website as these links can actually send you to a fake website and trick you into giving your username and password.

Inconsistent/Suspicious Content:

  • Most professional companies will review their emails so that they will not often contain spelling or grammatical mistakes.  Take another look if you see many simple errors.
  • If you know the sender, ask yourself if the language used sounds like the person you know.  Look for a writing style inconsistent with how that person usually communicates.
  • Ensure all attachments are clearly named.  Many phishing emails use obscure or generic names to pique curiosity and encourage the recipient to open the attachment.

Now Let’s Take a Look at Some Real Examples!

Phishing Example

Don’t Be Afraid to Ask the Sender!

When I am unsure if it is a phishing email, I call the person directly and ask them if they sent it to me.  Sometimes I reply to the email with the same question.  I have found people do not get offended and they are more than happy to answer this simple question.

INSI Security Package

INSI’s Security Package includes a phishing email to all your employees.  We track who clicks on the email to determine who needs additional training on cybersecurity.  This package also includes a security audit, network security vulnerability assessment, semi-annual security check, biannual penetration test, quarterly security checks, staff training, antivirus monitoring, web content filtering, web protection, spam protection, and 24X7X365 monitoring and response.

We have multiple other managed security options available to meet all your needs.

When In Doubt – Let Us Know

This post is part of the INSI Awareness Campaign that is designed to keep our clients protected and informed.  If you are concerned about a phishing email, please do not hesitate to contact our helpdesk at 770-387-2424 before opening it.  Our engineers are more than happy to check it out and make sure it is safe.  After all, we are here to serve you!

 

By: Brandon Schultz & Deborah Frazier

Microsoft End of Life Products #1 Culprit for 2020 Security Breaches

Danger: 2020 Microsoft End of Life Products

In 2020 Microsoft Windows 7, Windows 8.1, Office 10, and certain versions of Windows 10 will reach the Microsoft end of life.  Likewise, in 2019 60% of all hacks were a result of unapplied patches according to ServiceNow.  As a result, this combination greatly increases the SMBs risk of being hacked.  For instance, there will be no new:

  • security updates
  • non-security updates
  • free or paid assisted support options
  • online technical content.

Accordingly, Microsoft end of life products creates an open playground for hackers.   I expect them to exploit these vulnerabilities and we will see a huge increase in security breaches in 2020.  For this reason, it is most dangerous for SMB because they are notorious for holding on to Microsoft end of life products.

Microsoft End of Life Financial Cost

Security threats have been on the rise over the past five years.  Add to that unsupported Microsoft end of life products, and you have absolute chaos.  As a result, once a hacker finds a vulnerability, they quickly embed themselves in the system.  First, they establish a foothold in the system.   Second, they analyze the environment.  Third, install malware.

Finally, once the hacker downloads malware on your system, they can easily collect information, intercept traffic, and scan devices. Most concerning, the average breach goes undetected for 276 days. That is nine months during which a hacker is peaking around and stealing your valuable information without your knowledge. Subsequently, you should ask yourself what type of information on your system they can exploit.  Is it intellectual property?  HR information?  Banking information?  Client information?  In the end, all these things have a monetary value.  For instance, they can keep you from accessing your information.  Moreover, they can seize your information and sell it.  Both can cause a serious financial crisis.

Steps to Protect Yourself

There are many reasons why a company will hold off on updating their software and reach Microsoft end of life.  However, there is a solution for each one.  First, some hold off due to cost.  Second, is the pain associated with change?  Third, are there compatibility issues with legacy software?

  • Cost – Cost can be a major factor in upgrading system software.  Today, you have more options than ever before.  For example, if your provider has the right connections, Office 365 can be billed out monthly.  You can also lease the software and labor installation to spread out the cost over several years.
  • Change – Downtime can be a major detriment to operations.  A mature IT organization knows how to plan for this.  Most updates can be done at night or over the weekend.  Also, a quality MSP will have an engineer readily available on the go-live date.
  • Custom Legacy Software Compatibility Issues –  Your custom software may not work with new operating systems or office products.  However, there are many affordable programs available in the market today.  Start looking at your options today.

At the end of the day, upgrading your Microsoft end of life software does not have to be hard.  If it is done right, your MSP will know the proper steps to make the transition smooth for both you and your end-users.

In conclusion, if you have Microsoft Windows 7, and Windows 8.1, Office 10, and Windows 10, it’s time to upgrade or risk being the next cybersecurity target.  INSI can help.  We can help you plan so you will never find yourself in this situation again.  Moreover, we will help prepare for the inevitable by planning for warranty expiration and end of life software products.  If you want to take control of your technology expenses, call INSI today at 770-387-2424.  A seasoned consultant will help you through the process.  Call now.