Threat Meter

XSolutions’ LinkedIn Post Roundup: Mar 01, 2021

Here are a select few of this week’s LinkedIn posts by XSolutions:

The Best Way To Use Security Questions For Online Accounts (Posted 2/26/2021)

Many times when signing up for a new service, part of their onboarding is to ask you to complete a few “security questions” so you can still gain access to your account if you’ve lost your password.

Putting truthful answers to these questions is one of the worst things you can do.

You see, whether you like it or not, your personal information is all over the web, on social media, hacked accounts, or on certain databases that specialize in find info on people. You’d be surprised how easy it is to find detailed information on just about anyone.

Instead of putting truthful answers to these questions, try using nonsensical responses, like passwords created by your Password Manager application. Just make sure you record the responses in your Password Manager should you ever need them.

By doing this, even if a thief performs a detailed analysis on you, if they try to access an account by responding to a security question, they’ll be wrong 100% of the time. It’s another layer of security to increase your protection online.

7 Steps To Secure Online Shopping (Posted 2/25/2021)

Shopping online can be a virtual landmine, especially since COVID. Criminals have cooked up ingenious ways to scam us, but you can avoid issues by taking simple precautions. Here how:

(1) Use only reputable sites – seems basic, and it is. Stay away from unknown retailers.

(2) Pay on secure sites only – look for the “HTTPS” in the URL or the lock symbol. Although not fool-proof, it’s a good sign.

(3) Always use a credit card, never a debit card – with credit cards, you have some protections. Debit cards leave your bank accounts wide open for fraud.

(4) Don’t fall for shipping scams – ALWAYS track your purchases from the verified retailer’s website or official FedEx site. NEVER click on links in emails or text messages.

(5) Never go online without an up-to-date Operating System and anti-virus program – enough said.

(6) Don’t use a company-issued computer to shop online – this increases the possibility that you’ll infect your corporate network the next time you log in.

(7) If you do use your PC for business – make sure you use a separate, non-admin account; it’s loaded with company-approved protections; and no one else in your household uses the company account to surf the web.

What To Do About The Ransomware Problem Posted 2/24/2021

Recent studies reveal that data is stolen in 70% of ransomware attacks.

In some cases, hackers threaten to dump the victim’s data on the dark web if they don’t pay. But, let’s face it, you’re dealing with crooks! So, how do you know they won’t expose your data if you do pay? The problem is, you don’t. Besides, even if they don’t, your confidential information is in the hands of criminals, and they’ll use it to make money.

Although no company or system can guarantee that you’ll never be breached or your data stolen, all is not lost.

One high-impact thing you can do is install a Managed Detection and Response (MDR) system with a Security Operations Center (SOC) monitoring users, endpoints, detection systems, etc. When anomalies are detected, a SOC will investigate and take action on your behalf to protect your network.

MDR solutions are not only for mega-corporations. Prices are now coming within reach of small businesses and are being offered by specialized Managed Service Providers.

Something to consider.

What Are You Doing About Phishing Attacks? (Posted 02/23/2021)

Did you know?

* Phishing attacks grew 600% in 2020 (source: BBC News)

* 90% of cyber attacks start with a phishing email (source: Verizon)

* The IT industry estimates that 78% of phishes are directed to company executives (source: Forbes)

* Business Email Compromise average loss per attack climbs to $130K (Source: FBI)

Any wannabe criminal can become a cybercrime kingpin by purchasing a Phishing Kit off of the dark web for around $30.

Companies need to harden their IT infrastructure by instituting employee training programs, using simulated phishing attacks, and installing AI-based protection to secure their email system. An Artificial Intelligence powered solution will help block attacks at the time of delivery, help prevent targeted spear-phishing and Business Email Compromise attacks, and increase protection against polymorphic and zero-day malware attacks.

Contact your MSP now to take the above measures.

The Secret 2 Year Cyber-War On Windows And Linux Servers (Posted 2/22/2021)

The crypto-mining botnet, WatchDog, has used outdated apps to worm its way onto servers.

Watchdog uses 32 various exploits against unpatched apps such as:

* Drupal

* SQL Server

* Oracle WebLogic

* Apache Hadoop

The above list is not exhaustive, so take steps to secure your system.

The security team, Unit42, estimates that WatchdDog has infected up to 1,000 systems so far.

TO ALL SYSTEM ADMINISTRATORS: make sure you have a process that keeps your applications fully updated with the latest security patches.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions. We provide Disaster Recovery as a Service (DRaaS), Backup as a Service (BaaS), Cloud Data Protection (CDP), and Managed I.T. Services (MSP). Call (845) 362-9675 for a free consultation. Backup & Disaster Recovery| Cloud Data Protection |Managed I.T. Services