Tag Archives: Business Advice

Posted on Author Atlantic Computer Services Categories Blog

Update Any Nest Cam Security Cameras You May Own

Did you get your Google Nest Security Camera system used or second hand?  If you did, be sure your cameras are running the latest firmware.

Recently, the tech review site Wirecutter reported that some older Nest cams allowed their former owners to access camera feeds, even after the devices had been reset to factory settings.

This is an interesting case because in this instance, the bug wasn’t found by a group of savvy researchers, but by a Facebook group for Wink smart hub owners.  By pure happenstance and experimentation, the group discovered that feeds from formerly owned cameras could still be accessed via the Wink hub, even in cases where those devices had been reset to factory defaults. This naturally created a buzz, which was picked up by Wirecutter’s staff and then promptly forwarded onto Google.

For their part, Google responded quickly, issuing a security patch and pushing it to all Nest cameras connected to the web.  Of course, that didn’t capture all the Nest cameras in existence. If you’ve been considering buying some (even from a respected seller like Amazon), the first thing you should do is to check the firmware version of the camera you get and update to the latest if it’s not already installed.

Google is better than most of the companies selling smart devices, many of which don’t offer any sort of security at all.  Even so, as this incident clearly highlights that even Google’s firmware isn’t perfect.

Given the recent explosion in smart devices in recent years, we can expect to see many more incidents and reports like these.  While the Internet of Things holds great promise, it also carries grave risks that should not be underestimated or discounted.  If you’ve embraced smart home culture, be careful.

0
Posted on Author Atlantic Computer Services Categories Blog

Florida City Paid Big Bucks To Hackers Using Ransomware  

The city of Riviera Beach, Florida is the latest high-profile victim of a ransomware attack.

Recently, the city council voted to pay more than $600,000 to a hacking group to regain access to data that had been locked and encrypted via ransomware nearly a month ago.  That is in addition to the $941,000 the city will be paying for new computers.

An investigation into the hack revealed that the trouble began when a Riviera Beach police department employee opened an email from an unrecognized, un-trusted sender.  That’s all it took to bring the entire city government network to its knees. Since May 29th, all city services have been suspended except for 911 services, which have been able to continue in limited fashion.

The city council didn’t initially plan to pay the hackers off.  Their first move was to vote to spend the money to get new computers and rebuild their IT infrastructure.  Since that time, however, the city’s IT staff has been unable to decrypt the files on their own.  In light of the lack of progress, the city council reconvened and voted 5-0 to pay 65 Bitcoins to the hackers (which amounts to a little over $600,00 USD at the time this piece was written).

Riviera Beach, a suburb north of Palm Beach, Florida, isn’t the only local government to fall victim to hacking groups or ransomware attacks.  Earlier this year, officials in Jackson County, Georgia paid more than $400,000 to regain access to their files.   To date, the highest ransom paid to hackers employing this tactic was $1.14 million USD, paid by South Korean web hosting firm Internet Nayana.

Last year was a record-setting year for the number of successful hacks.  This year is on track to beat it by a wide margin.  Your company could be next.

0
Posted on Author Atlantic Computer Services Categories Blog

Undelivered Mail Notification Could Be A Phishing Scam

Hackers are always on the lookout for new ways to freshen up time-tested techniques. Where time-tested techniques are concerned, few are older than the humble phishing email.

In one form or another, it seeks to trick an unsuspecting user to innocently hand over sensitive information, like usernames and passwords that the hacker can then use later for any purpose.

The latest variant on this old chestnut is to send what appears to be a legitimate email, politely informing the user that they’ve received a number of confidential emails that are currently being held for them on a server.  They’re given the choice to either refuse these messages, accept them, or delete them.

This is a case, however, of all roads leading to the same destination.  Whichever linked option is chosen, the user will be routed to a mock-up of a Microsoft Outlook login screen where the user will be prompted to enter his or her credentials.  As you might suspect, there are no actual emails, and the only purpose this box serves is to capture the information for later use.

If there’s a silver lining to this attack, it is that all of the samples that have been collected so far have the faux login box hosted on a hacked domain.  Careful users will quickly note that they haven’t been taken to Microsoft’s domain and the game will be up.

Unfortunately, ‘careful’ does not describe the vast majority of internet users, and this ploy has already taken in its fair share of victims.

Make sure your IT staff is aware of this latest iteration in the ongoing evolution of the phishing email. It wouldn’t hurt to send a company-wide communication to all employees so that it’s at the forefront of everyone’s minds.  It only takes one person to slip up and a hacker could gain access to your company’s network. That’s never a good thing.

0
Posted on Author Atlantic Computer Services Categories Blog

Microsoft Says Office 365 Users Should Use Spam Filter

Microsoft recently updated their support page and offered additional guidance to network admins as it relates to Office 365’s built-in spam filters.  The gist of the update is that they strongly advise against turning the auto-filters off.

They provided some additional guidelines if you decide to bypass them for one reason or another.

Here are the most relevant portions of the recent update:

“If you have to set bypassing, you should do this carefully because Microsoft will honor your configuration request and potentially let harmful messages pass through.  Additionally, bypassing should be done only on a temporary basis.  This is because spam filters can evolve and verdicts could improve over time….”

If you decide you want or need to bypass anyway, the company offered the following additional suggestions:

  • Never put domains that you own onto the Allow and Block lists
  • Never put common domains, such as Microsoft.com and office.com onto the Allow and Block lists
  • Do not keep domains on the lists permanently, unless you disagree with the verdict of Microsoft

You and your IT staff are likely already aware of this. If not, Microsoft maintains a living document on their support website where they keep a comprehensive list of security best practices for Office 365.  If you haven’t seen it before, or if it’s been a while since you reviewed it, it pays to take some time to look it over.

On a related note, the company recently sent out a bulletin advising all Office 365 customers and admins to report junk email messages for analysis using the Microsoft Junk Email Reporting add-on. This is in order to help reduce the number and effect of future junk email messages.  If you and your team aren’t already in the habit of doing this, now is an excellent time to start.

 

 

0
Posted on Author Atlantic Computer Services Categories Blog

Survey Shows Employees Would Compromise Company Data

A recent report published by nCipher confirms what many business owners have known for a long time.  Their employees are the weakest link when it comes to data security.

The nCipher report, however, adds a disturbing exclamation point to the data with a few details you’re likely to find shocking.

First, fully 71 percent of C-Suite employees surveyed in the UK would knowingly and willingly cover up a data breach if doing so meant escaping the fines associated with it.  This, contrasted with just 57 percent of managers and directions.  The latter number is still distressingly high, but nothing compared with the C-suite.

Second, don’t make the mistake of thinking that it’s just the people you have installed in the corner office that are willing to put your business at risk. A disappointing 25 percent of office employees indicated that they’d be willing to sell corporate information for as little as £1000, with 5 percent of office employees saying that they’d simply give it away for free.  10 percent said they’d need at least £250 to make it worth their while.

Dan Turner, the CEO of Deep Secure, had this to say on reading the report:

“The cost of employee loyalty is staggeringly low.  With nearly half of all office workers admitting they would sell their company’s and clients’ most sensitive and valuable information, the business risk is not only undisputable, but immense in the age of GDPR and where customers no longer tolerate data breaches.

Given the prevalent use of digital and cyber tactics to exfiltrate this information, it’s critical that businesses invest in a security posture that will help them both detect and prevent company information from leaving the network.”

Wise words indeed. Unfortunately, given the realities above, that means keeping a closer eye on your own people.

 

0
1 19 20 21 22 23