Category: CyberSecurity Newsletters

Social Engineering Red Flags

Social Engineering Red Flags: What to look out for

Cyber Attacks are constantly on the rise and Cyber Criminals are always trying new ways to get access to your data. One of the most common ways is through Social Engineering. Whether it be via an Email or Phone call, Cyber Criminals have learned that the easiest way to infiltrate your network or gain access to your information is by you simply providing them what they need through Social Engineering.

Cyber Criminals will send emails that may look legitimate at a glance, but in fact they are spoofed emails that are designed to gain key information or get you to install malicious software by clicking on a link or opening an attachment.

The good news is there are ways to prevent this and below is a list of Red Flags to look out for:

CyberSecurity Tip #1 – Email

CYBER SECURITY TIP #1 : Email

 

Email is the most common delivery vehicle for viruses, malware, and ransomware.

You can infect the entire network by simply clicking on a link or an attachement.

Hackers can easily spoof email addresses and appear to be someone you know.

Beware of all links and attachments, even if they appear to come from a trusted source.

Never open a link or attachment unless you are ABSOLUTELY sure it is safe. Confirm the identity of anyone who sends you a link or attachment. If in doubt, call them or send them a separate email to confirm it is they who actually sent it to you.

Report anything that is suspicious – DO NOT CLICK ON IT!

 

We are here to help!

If you would like to schedule an in-depth one-hour Cyber Security Training Seminar for your company, business organization, or community group, please send a request to solutions@alpinebiz.com

 

Check out our Cyber Security Training presentations and videos on our website www.alpinebiz.com/presentations – And YES! You should just manually type that in to your browser rather than clicking on that link!

Please call us at 908-707-9696 with any questions or email support@alpinebiz.com

We will continue to reach out to you with more things you can do to stay safe.

 

Thank you,
Your Support Team at Alpine Business Systems

CyberSecurity Tip #2 – Passwords

CYBER SECURITY TIP #2 : Passwords

 

You should use a different password for every website and application. It is the best way to protect yourself and your data. Period.

 

Here are the best practices:

  • Include numbers, symbols, and upper- and lower-case letters in every password.
  • They should be at least 8 characters long, preferably 12. Change every one of them at least once every 90 days.
  • Always use 6 characters (or longer) wherever possible for your smartphone and other PINs.
  • Use Biometrics (thumbprint, facial recognition) and Two Factor Authentication wherever possible.

Why is this important?

When a website you use is breached, your username and password become widely available on the Internet. Hackers then use those credentials to login to your email and other websites. If it is the same passowrd you use for other sites (email, banking, etc.), thay can easily access those sites and steal your data, or worse, your identity.

Pretty overwhelming, right?

Then use a Password Manager! We do. Last Pass and DashLane are market leaders. Despite the concerns over having someone else manage your passwords, many financial firms are now required to use them for CyberSecurity compliance.

Whether you decide to use a password manager or not, please heed our advice: Make your passwords long, complex, unique, and change them regularly!

We are here to help!

If you would like to schedule an in-depth one-hour Cyber Security Training Seminar for your company, business organization, or community group, please send a request to solutions@alpinebiz.com

Check out our Cyber Security Training presentations and videos on our website www.alpinebiz.com/presentations – And YES! You should just manually type that in to your browser rather than clicking on that link!

Please call us at 908-707-9696 with any questions or email support@alpinebiz.com

We will continue to reach out to you with more things you can do to stay safe.

 

Thank you,
Your Support Team at Alpine Business Systems

25 Ways to Protect Yourself and Your Firm.

What you can do at Work and at Home to Protect Yourself and Your Firm.

 

1. Backup personal data to the cloud: Carbonite, Mozy, iBackup.

2. Change your passwords, make them strong, keep them private. NEVER use the same password for more than one site. Use Last Pass or another secure password manager.

3. Keep your Computer, Anti-Virus, Browsers, Flash & Java up to date. No XP or Vista OS’s!

4. Configure Anti-Virus to scan anything plugged in to your computer.

5. Beware of unsolicited links or attachments. Never open a link or attachment unless you are ABSOLUTELY sure it is safe. Report anything that is suspicious – DO NOT CLICK ON IT!

6. Beware of Pop-ups telling you that you need to call to remove a virus or update/optimize your computer. If you get one, close out of all programs and reboot your computer. NEVER call the number on the screen.

7. NEVER allow anyone to access your computer unless if you are absolutely sure they are from your corporate help desk. If you are unsure, call your corporate help desk to confirm that they are who they say they are.

8. Beware of phone scams – “I’m from the Help Desk, Microsoft, the IRS, your bank….” HANG UP the phone immediately.

9. Lock your computer when you are leaving it for any period of time.

10. Logoff your computer every night. Leave it on, though, so it can receive updates.

11. Reboot your computer at least once a week.

12. Never e-mail work products to your personal email account.

13. Never use Flash Drives you “found” or ones given to you. Buy and use brand names.

14. Smartphones: Beware of the apps you use. Delete the ones you don’t use.

15. Smartphones: Use biometrics & strong passwords. Wipe them before discarding them.

16. Never use public USB charging stations- Always use your own charger.

17. NEVER email Personally Identifiable Information (PII). Use secure encrypted portals to share files containing PII.

18. Encrypt laptops that have PII or confidential data on them.

19. Only use secure websites (httpS://) when entering any personal or financial information (credit card numbers, Social Security Number, Driver’s License, etc.).

20. Always convert sensitive files to PDF before sending them to strip out metadata.

21. Never use “free” music/video sharing sites. Legitimate streaming sites like Pandora and Spotify are fine, though.

22. Protect and encrypt your wireless networks with passwords.

23. Check your bank accounts daily and credit cards at least monthly for suspicious activity.

24. Freeze your credit reports. It is easy and it is the best protection against identity theft.

25. If you think you have been breached: TURN OFF THE COMPUTER and CALL FOR HELP!

We are here to help!

If you would like to schedule an in-depth one-hour Cyber Security Training Seminar for your company, business organization, or community group, please send a request to solutions@alpinebiz.com

Check out our Cyber Security Training presentations and videos on our website www.alpinebiz.com/presentations – And YES! You should just manually type that in to your browser rather than clicking on that link!

Please call us at 908-707-9696 with any questions or email support@alpinebiz.com

We will continue to reach out to you with more things you can do to stay safe.

Thank you,
Your Support Team at Alpine Business Systems

FBI WARNING: Cyber Criminals Targeted Web Browser Extensions to distribute malware

  • Important Security Notification!The FBI has observed cyber criminals targeting web browser extension (WBE) developers as intrusion vectors during spearphishing campaigns, allowing for distribution of malware to end users.

    Popular WBEs can be used to block intrusive pop-ups and advertisements, store sensitive website credentials, and customize the web browser’s user interface.

    Cyber criminals increasingly select WBEs as an intrusion vector because of the trust a victim puts into them and the WBEs’ ability to autoupdate, pushing malicious code to the victim without notification. By hacking WBE developer accounts, cyber criminals exploit victims with the WBE already installed, removing the social engineering required to convince a victim to download a malicious WBE.

    What you should do:

    • Limit the installation of web browser extensions as much as possible.
      Extensions are software add-ons for customizing a web browser. Browsers typically allow a variety of extensions, including user interface modifications, ad blocking, cookie management, etc….

    Be very aware of the following:

    • Permissions requested by browser extensions when installing, or after updates.
    • Advertisements that seem out of the ordinary of typical web browsing use.
    • Unexpected website redirections and new homepages while using the web browser. They could be indications that you have an infected WBE. Call our Support Team immediately.

     

    If you experience any of the above,
    you could have an infected WBE.

    Call our Support Team if you have any
    questions or concerns. 908-707-9696

THE #1 THREAT: Business Email Compromises – “BEC’s”

THE #1 THREAT:
Business Email Compromises – “BEC’s”

 

THE SOLUTION:
Multi Factor Authentication – “MFA”
Also known as 2 Factor Authentication – “2FA”

 

WHY YOU NEED IT:

“Your passwords can be easily compromised. Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA. MFA immediately increases your account security by requiring multiple forms of verification to prove your identity when signing into an application.” – Microsoft

Alpine Business Systems strongly recommends it for every application you have, starting immediately with email.

 

HOW?

We can provide you with the best, most cost-effective solution.

Send an email to solutions@alpinebiz.com

We will show you how it will make you more secure, and what minimal impact there will be to your workflow.

Better to do it now BEFORE you get compromised.

BEWARE: Your smartphone is highly vulnerable to phishing attacks!

BEWARE: Your smartphone is highly vulnerable to phishing attacks!

 

And contrary to popular belief:
ALL Apple and Android devices are targets that can be compromised.

THE FACTS:

  • Mobile attacks have increased 66% in the past year.
  • We all click on links in mobile phishing messages at higher rates than we do on laptops and desktops.
  • We all work very quickly on mobile devices and this makes us VERY vulnerable.
  • 85% of mobile attacks are NOT delivered by email.
  • Attacks come in Texts, Games, Facebook Messenger, and other Social Network Messages.
  • They also come in links and documents that look like a protected document from a trusted source.
  • Attacks that spoof a website login page appear very authentic.

DON’T BE A VICTIM:

  • SLOW DOWN on your mobile device.
  • Beware of texts, games, social network messages, links, and documents.
  • Don’t let your guard down.
  • Be vigilant always.

 

As always, we are here to help you protect yourself, your company, and your clients.

We would like to share with you

The 25 things you can do at work and at home to protect yourself

Just send an email to solutions@alpinebiz.com

 

Thank you to mobile security vendor Lookout for the data contained herein.