Blog

January 29th, 2015

Security_Jan28_BMost of us have suffered the horrors of a computer virus at some point, and we know the damage that can be caused by these security infections. Our work gets disrupted as IT systems go down and, if we’re really unlucky, sensitive and valuable data might be lost or even leaked. But there’s a silver lining to most viruses, worms and other such malware, in that they can at least be tracked down and removed. Well, not always - enter the invisible Poweliks, which even your most sophisticated anti-virus software might not be able to protect you against. So, what do you need to know and how can you protect yourself?

What is Poweliks?

Security firm Symantec describes Poweliks as a trojan horse that performs malicious activities on the compromised computer. But it’s no ordinary trojan - unlike the majority, which infect your computer with malicious files, Poweliks is a silent and invisible threat that hides away in the memory registry of your system. It’s not entirely new for a virus to seek to cover its tracks by making itself "file-less" but, in contrast with Poweliks, most are wiped when you restart your computer and its memory is cleared. Worse still, Poweliks hijacks the legitimate processes and applications running on your network, inserting its code into them where it can largely evade detection.

First discovered back in August 2014, Poweliks has therefore created something of a headache for firms behind conventional security solutions like anti-virus software. Symantec and others have admittedly managed a number of updates to their protection in response to the threat posed by Poweliks. But although very minor records of the presence of the trojan are left behind by way, for instance, of registry logs, the signs of its destructive presence are much lower key than the computer world is used to, meaning Poweliks is unlikely to show up on most system scans.

Poweliks has links to Kazakhstan, the home of two servers the malware connects to once it is up and running from within your computer. The servers in Kazakhstan then send commands to the bug to tell it what to do next. In theory, this then makes way for the tool to be used to download other undesirable programs that could infect your system without your knowledge. It could equally be used to steal and disseminate data from your network.

How can I best protect myself?

As well as the anti-virus updates that have gradually been released - but which are still likely to have only a limited impact on threats of this type compared with those of the past - a number of Poweliks removal guides are now available online. Nevertheless, prevention as ever, remains better than cure. One method reported to have been employed in the distribution of the Poweliks infection is embedding it in a Microsoft Word document, which is then sent as an attachment to spam emails, and which the attackers hope your curiosity will lead you to open. Among the senders that these spam messages have masqueraded as being from are the United States Postal Service and Canada Post. Of course the best advice remains to be suspicious of any and every email attachment you open, particularly if you weren’t expecting mail or it's from someone you don’t know.

Should I be concerned?

In fact, revisiting your everyday security precautions is probably pretty good advice all round, since experts predict that this type of threat is likely to become ever more common as attackers seek to exploit the techniques of Poweliks in order for their infiltration to remain unnoticed for as long as possible. Sure enough, a number of copycat threats have already been detected by security specialists as of the start of 2015.

General awareness around web sites you choose to visit is also recommendable in particular, since others have also reported the bug making its way onto their systems thanks to so-called ‘drive-by download attacks’ - whereby simply visiting a malicious web site is enough to trigger the infection, and actively downloading a file isn’t even necessary. As a result, organizations may wish to consider more comprehensive filtering of internet access, or at the very least reactive blocking of known malicious sites, in order to prevent employees from inadvertently infecting a company network.

To find out more about IT security solutions and protecting your technology from attack, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
January 27th, 2015

iPhone_Jan27_B

We’re all busy. Our schedules are loaded with work, fitness regimes, kids’ soccer practices - it’s enough to make your head spin. So when your son or daughter gets sick, how do you squeeze their care into your day? The iPhone’s latest health apps and accessories may be the solution you’ve been searching for, giving you the ability to book a virtual doctor appointment from home and even keep track of your own medical history to speed up those in-person doctor visits. For three ways the iPhone is revolutionizing health care, read on.

At-home ear infection diagnosis

If you have a young child, you'll already know that ear infections are a common nuisance. By the age of 3, roughly 80% of all children have suffered from this affliction. And this problem alone costs the medical industry roughly 3.5 billion dollars annually.

In today’s world, full of long work hours and overloaded schedules, it can be difficult to find the time to visit a doctor. And if you live in a remote area, the challenge is even greater. But when little Johnny’s ear infection means you're waking up at night to deal with a screaming toddler, you know that something needs to be done. The iPhone’s new Oto Home device could be your solution.

For $79 you can bring the technology of an otoscope (the device your doctor uses to look into your ear at a checkup) directly into your home. Not the whole thing of course. Instead, the Oto Home is just the small black cone-like part at the tip of the otoscope that the doctor inserts into your ear. Now you can attach this tool to your iPhone’s camera, and use it to take a video of the inside of your child’s ear, which can then be sent to your doctor via email. For a $49 fee, your doctor can diagnose and provide a prescription almost instantly.

At this time, the device is only available in California, but will likely be approved for use in more states soon.

Medical history for quicker doctor appointments

Whether you need to keep a close eye on a sick relative’s temperature or want to have a record of your own medical history, iPhone’s new Swaive app can help. Like the Oto Home device, the Swaive also involves your ear. But instead of diagnosing ear infections, the Swaive acts as an in-ear thermometer.

In combination with Apple’s Health app, the Swaive can keep track of your temperature over weeks, months or years. With this app, you can also record any kind of recurring physical symptom or medication you’re taking. This information can then be sent to your physician.

Even better, the next time you pop in for an in-person doctor visit, this info can speed up the process as it acts as a recent medical history.

Virtual doctor appointments from anywhere

But if you’d rather not visit the doctor at all, now you can make a virtual appointment through an app called Amwell. This allows you to Facetime with your physician at anytime, with no appointment necessary.

The way Amwell works is simple. A patient can open the app and scroll through the physicians who are part of the Amwell network. Just like other online health databases, you’ll be able to see the doctor’s years in practice, education and patient rating. Once you’ve made your choice, you can sign up for a $49 virtual visit where a doctor can provide instant feedback, diagnosis and treatment. Best of all, Amwell visits are covered by some insurance providers. So once you get your printable receipt, you can still get reimbursed.

Looking for more tips on how your iPhone can make life easier? Contact us today and learn how we can help.

Published with permission from TechAdvisory.org. Source.

Topic iPhone
January 23rd, 2015

Office365_Jan21_BThe cloud is hovering over many businesses, especially those who want to benefit from enhanced collaboration that Office 365 promises. Whilst data is protected in the cloud, issues can still arise with risks at the user end. The latest good news is that Spanning is looking to look after Office 365 data in 2015 and provide an extra layer of protection to this cloud platform.

Data backup provider Spanning is widening its ambit to include Office 365 this coming year. With an increasing amount of data located in cloud applications, this expansion will likely be welcomed by business bosses all over the world.

Isn't my data protected in the cloud? Well, yes it is, but not 100%, and it is this gap that users need to be wary of. A 2014 report by IT hardware storage providers, EMC, who recently acquired Spanning, points to a 400% rise in data loss since 2012. With platforms such as Office 365, each end-user represents an opportunity for data to be compromised. In other words, it is not the solid core of the cloud and its backup and recovery services that is the issue, but this increase in cloud-based collaboration and file sharing.

How can data be lost? Each cloud provider offers certain protections and terms which it is vital you understand first and foremost. On top of this, an awareness of how data is at risk from user influence is essential too. Some data loss issues include:

  • Accidentally deleting files.
  • Intentionally deleting files with malicious intent.
  • File corruption and data wipes due to tech glitches.
  • Retrieving files deleted over 30 days previously or locating a previous file version due to errors in current documents.
What will Spanning offer Office 365 users? Spanning allows for automated and manual daily backups of mail, calendar and contacts, whilst ensuring there is a copy of data from applications and cloud files. Other benefits include:
  • Ability to find previous backups and restore these.
  • Ability for data restoration, from one Office 365 account to another to allow for smoother and security-conscious recruitment and end-of-employment changes.
  • Protection through 256 bit encryption with intrusion detection.
  • Data control with compartmentalized access.
When it comes to data loss there is clear and present danger that could spell financial ruin for your business. There is always need for a copy of your data so that recovery is possible. To ignore cloud security and not consider data protection for Office 365 could be costly and for many businesses even deliver a fatal blow.

According to some recent statistics from IDG Research, 58% of businesses surveyed had suffered some hosted software data loss in the last year and 31% were debating whether to invest in backup and recovery for this data. Cloud data storage protection does not cover human error or problems with system configurations, nor IT service management process errors.

Find out how to protect your Office 365 data by getting in touch today.

Published with permission from TechAdvisory.org. Source.

Topic Office 365
January 22nd, 2015

socialmedia_Jan20_BIn today’s digital world, social media has become a vital tool that effectively helps accelerate business development and the relationship-building process between different organizations. And with solid communication being at the core of business development, let’s take a look at how social media can help drive partnering processes for the better.

In most cases, a business development manager already has an idea of the kind of company with which to partner. Their next step is to contact that company via a phone call or email. However, this can be an unreliable way to reach out, especially when your potential partner has never heard of you. Social media speeds up this process by identifying the best person to contact, as well as determining if you have any mutual connections.

Simply put, social media lets you understand the background of different companies and gives you an idea of the different players involved, before you even engage in a dialogue. With this in mind, let’s take a look at four ways you can utilize information available on social media to enhance your business development success.

  1. Social media is an extra pair of eyes Social media allows you to see first-hand what potential partners, competitors, and customers are doing, which is a major asset when it comes to your business development and performance. This can also reveal business-relationship possibilities or even warn where it is best to stay away. It’s crucial to position yourself and your company as industry experts by sharing mind-blowing content as well as highlighting recent successes.
  2. There’s no universal message in social media The way people behave and connect across different social media platforms varies, therefore it is important to adjust accordingly. For instance, you might use Twitter to promote ongoing marketing campaigns, share content, and direct customer service requests. You may use Facebook for larger marketing initiatives, such as showcasing a company’s culture and resources. It’s important to remember that there’s no universal rule to utilizing social media and that it is beneficial to be flexible. Think about what your individual goals are and work out which social media platform is the best avenue to explore.
  3. Leverage employee relationships If you’re looking to connect with an individual in a specific company, make it a habit to check and see if anyone in your company has a pre-existing relationship with that person. Social media channels like Facebook and LinkedIn make it fairly easy to spot mutual connections, so it is a good idea to get into the habit of checking. Whether you ask your colleague to help make an introduction or to arrange a meeting, a mutual connection gives you the competitive edge in effective business development.
  4. Use social media as a touchpoint Social media is not only essential to business development, but also complements other more traditional practices, such as when you’ve sent an email or voicemail to a business prospect that has gone unanswered. It’s understandable that people get so busy they can delay, forget or pass over an inquiry, but instead of passively waiting for a reply, why not make it standard practice to follow up separately via LinkedIn or other social media platforms? This way you can build additional opportunities with potential partners, increase the likelihood of a response, and even forge a future business relationship.
The fundamentals of business development are strong relationships with a partner or companies with a good reputation, who will have a positive impact on your business, such as marketing an initiative collaboratively. Social media can get this whole process started, so the next time you’re looking to contact a business prospect or potential partner, start by visiting their social media channels to get the heads up to help you in your quest.

Looking to learn more about the benefits of social media in business? Contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
January 21st, 2015

Facebook_Jan20_BA close friend just messaged you on Facebook. You log on to view it, and suddenly you're overwhelmed with high school friends (who you haven’t seen in years) boasting about their new diet and cryptic updates from your unemployed cousin. Next thing you know, you’re responding to game requests from your daughter’s playmate. And suddenly a half hour has passed...yet your message from your actual friend still awaits. If all this sound mentally exhausting, here are five tips to take control of your Facebook News Feed for good.

1. Become good friends with the "Unfollow" button

If you haven't heard, there's this amazing little tab that instantly allows a person to disappear from your News Feed. It's called the "Unfollow" tab, and you'll soon become best buddies with it.

Don't worry though, when you unfollow someone, you’re not unfriending him or her. And they'll never even know you did it (unless you tell them). It just keeps their TMI and updates about visiting the grocery store out of your feed.

To unfollow a person, click on the drop-down arrow in the top right corner of whomever's post and click "Unfollow [Name]"

An alternative option is to visit said person's profile and click on the "Following" button at the bottom-right corner of their cover photo. Once you click, it will change from "Following" to "Follow." Goodbye happy hashtag Sarah. #solongSarah #won'tbemissed

2. Avoid content from Facebook Pages

What if you don't want to unfollow someone but are sick of all the links they share? Not a problem. No more seeing surveys from Anotherdumbsurvey.net about which Hunger Games character you are or what baked good best describes your personality.

If you want to say goodbye to a page's content you're not interested in, click on that same top-right arrow in the upper right hand corner of the post and hit the "Hide all from [Page Name]" option.

3. Tell Facebook what posts annoy you

Sometimes you need to speak directly to the Facebook gods. Maybe you’re tired of seeing all those Facebook check ins, event spam, and baby pictures of little Tommy’s first experience eating cake...

To stop seeing posts you're not interested in, hit that same drop-down arrow and select "I don't want to see this." In theory, and if you do it enough times to the same type of content, this should put an end to all those baby updates for good.

4. Complete a Facebook survey

Yes, they do exist. And well, they kind of seem to work. We've tested this feature out, and it appears that some of the more spammy/annoying posts have disappeared. So back to the top-right arrow we go.

Click on it and the very last option is "Take a survey to make News Feed better." You'll click through 15 screenshots and rate how much they look like an advertisement.

5. Adjust your News Feed preferences

At the top of your home page is a little arrow that, when clicked on, shows you the option to choose your "News Feed Preferences." When you open it, you'll see the content you’ve viewed most and what you're currently following. Opt out of what you don’t want to see anymore.

Don’t get sucked into the online lives of people you rarely see in real life. Take action and control your News Feed today. If you're looking to learn more about Facebook and its features, contact us and learn how we can help.

Published with permission from TechAdvisory.org. Source.

Topic Facebook
January 14th, 2015

Security_Jan12_BAny business can become the victim of security breaches on a mass scale, as shown by the debacle which recently eclipsed Sony and forced it to temporarily cancel the release of blockbuster movie The Interview. Beneath the dramatic headlines are lessons for small business owners everywhere in how simple errors in IT security management can have grave consequences. These tips will help prevent your firm being the next to suffer Sony’s fate.

Don’t let basic security habits slip

Our modern-day instinct tells us that the answer to potential security breaches is to install new layers of antivirus software, firewalls and further encryption systems. While these are all worthy additions to your company’s armor of security shields, they will do little to help if good old-fashioned protective habits are allowed to slide.

Instill a disciplined, security-conscious mentality in your organization, and keep the messages simple so that staff remember and follow them. Focus on regularly changing passwords and keeping them secret, being vigilant about avoiding unexpected links in email messages, and limiting network access for the likes of external contractors to that which is absolutely necessary.

One of the ways hackers made their way into the Sony network was by tricking administrators into thinking they had a legitimate need for access: teach your staff to be careful, and praise cautiousness even if it turns out access is warranted. Encourage staff to flag up potential security lapses, and make sure they know that reports will be followed up and loopholes closed.

Take a flexible and agile approach to IT

IT changes, and so do the ways best suited to keeping it safe. This means it is vitally important to keep your IT systems up to date, and where necessary to do away with outdated practices that could leave your business technology exposed. This involves more than just ensuring that your network is running updated antivirus software to catch the latest bugs and worms - it means staying abreast of emerging methods to mitigate potential threats from hackers worldwide.

All of this uses staff and resources that your small business might not have - which is where outsourced managed services come in. Using a managed service provider as an add-on to your own IT team can give you extra flexibility and the ability to keep abreast of industry security developments, even when you lack the time to do so yourself.

Equally, know when it is time to ditch data - think of emerging social networks like Snapchat, which set messages to self-destruct after a set time, as your cue to make your data retention policy less permanent, particularly in relation to email. If you no longer have a business need or a regulatory requirement to retain information, then delete it - in the process you can limit the possible damage even if the worst should occur and you fall victim to an external attack.

Backup, backup, backup

The last thing you want in the event of a security breach is for it to hit your day-to-day operations - the potential damage caused by the hack itself is likely to give you enough to worry about. But that is exactly the situation Sony found itself in after its latest hack, with its email system down and staff forced to return to the days of pen, paper and even the fax machine.

As well as ensuring alternative means of communication remain open to your business in the aftermath of a possible attack, it is also vital to make sure that you retain access to the information most critical to your work. Regular, secured backups help ensure that, whatever happens, the show is able to go on and your firm’s productivity and revenue are not unduly hit. Engaging professionals to undertake your backups on a managed service basis also means this can happen routinely and without fail, while you stay focused on running your business.

Want to learn more about how to reduce your IT network’s vulnerability to attack? Get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
January 13th, 2015

office365_jan12_BThe way that we are sharing important and often sensitive information is changing, with a growing focus on enhanced collaborative tools. Office 365 users are increasingly sharing data using SharePoint, OneDrive for Business, Windows File Share and also Office apps. Data loss prevention is now set to expand to give greater control over this type of collaborative data in real-time.

Beyond email security

There has long been an awareness of security when it comes to email content and Office 365 incorporated data loss prevention in Exchange and Outlook, as well as Outlook Web App. It is understandable that when you write an email you don't want the information within it to be seen by anyone else, and whilst Google maintains its email scanning policies, data loss prevention tools can help stop hackers from getting a glimpse of your private data. This is all well and good but sharing critical data via email is not the only way to exchange information and Microsoft's latest data loss prevention strategy recognizes these changes.

Collaboration needs to be safe

Microsoft has enhanced collaboration capabilities with Office 365 but along with these new ways of sharing data, there needs to be solid security measures in place too. Documents in Word and spreadsheets in Excel are created using applications and then shared via various collaboration tools. To ensure this data is safe, access restrictions and permissions need to be activated.

Data loss prevention in SharePoint and OneDrive for Business

Recently eDiscovery has allowed users of SharePoint and OneDrive for Business to identify sensitive information within collaborative content. This security is set to expand to policies on restricting and blocking access, user education and to include email notifications.

Data loss prevention in Windows File Share

Windows File Server already has file classification infrastructure in place, whereby the server scans files to identify sensitive data. This data is then tagged and classified according to the definitions users set, with an ability to initiate action on these identified or classified files. The latest security, or data loss prevention, measures involve this content classification being extended to Office files in Exchange, SharePoint and OneDrive for Business. In time, this will continue to grow to include centrally managed policies and allow for greater user education within companies.

Data loss prevention in Office applications

This protection is being expanded to Microsoft applications so that when content is created users will be able to set up policies with regard to sharing permissions at the same time. Tips connected to the policies that have been established will then be offered as well. Initially, Excel will benefit from this expansion, with Word and PowerPoint being included later in the year.

The importance of data loss prevention

With so many different ways to create and share content, it is essential that business leaders can take advantage of a stable strategy for preventing data loss. If sensitive and crucial information is allowed to leak out this could potentially be incredibly damaging to a business and put productivity and profitability in jeopardy. With greater collaborative tools comes greater risk and the latest plans for Office 365 data loss prevention are a welcome layer of security to protect against data dangers.

Find out more about how Office 365 can benefit your business. Get in touch today.

Published with permission from TechAdvisory.org. Source.

Topic Office 365
January 13th, 2015

iPad_Jan12_BSince the arrival of the iPad back in 2010, businesses have been able to stay connected and easily work on-the-go like never before. Still, many people are constantly looking to increase their iPad’s versatility through different applications available in the App Store. And now, thanks to Duet Display, you can effortlessly turn your iPad into your second Mac screen!

Duet Display, developed by a former Apple engineer, Rahul Dewan, will turn your iPad into an external screen for your Mac, and does so using a cable that you already use to charge and sync your iPad. To be precise, it’s actually two apps — one for your iOS device and a companion app for your Mac that lets it recognize an iPad or iPhone as a second screen.

How does Duet Display work?

  1. Download Duet Display from the Apple Store for $14.99
  2. Install Duet Display for OS X
  3. Duet Display will add a little settings icon to the right side of your menu bar and requires a password when you’re installing it on your Mac. This is because the app needs to install display drivers.
  4. Open the Duet Display app on your iPad and plug it into your Mac with a lightning cable (or a 30-pin cable if you’ve got an older iPad that’s still supported).
  5. Now you can enjoy working with two screens!
Because your iPad is plugged in, you won’t have to worry about your iPad’s battery. And while you’re using Duet Display on the iPad, you’ll still get your regular iOS notifications. You can also set your computer to use all the pixels on your iPad’s Retina display (2,048x1,536 pixel resolution), or you can set your iPad to regular resolution too. Duet Display works with all Macs running on OS X Yosemite and any iPads or iPhones running iOS 5.1.1 or above, meaning it will work with your old iPad. The only downside is you can only connect a single iOS device for now.

The growing number of applications in the App Store means there are often new ways to make use of your iPad being introduced. Looking to learn more about the iPad and its capabilities? Contact us and see how we can help.

Published with permission from TechAdvisory.org. Source.

Topic iPad
January 1st, 2015

hardware_Dec25_BThere are many essential pieces of software needed to keep the modern business running, with one of the most important being the antivirus scanner. These programs are a major component in keeping your systems and computers secure from the various Internet-based threats. While install rates are near 100% in businesses, some companies have been letting their antivirus subscriptions expire.

What happens when an antivirus subscription expires?

While each program will treat an expired subscription slightly different, generally speaking, most will still function in some way. You will normally be able to run a scan, but you likely won't be able to deal with any malware or security threats. Features like automated scanning will also be turned off.

Other programs will stop updating the essential virus and malware databases that are used by the program to identify and clean new malware. This means that while you will be secure from known viruses and security flaws up to the date of the last database update, you will not be secure against newly discovered viruses.

Some popular programs like Kaspersky offer an antivirus scanner trial version or a program that comes with a newly purchased computer.With programs like these, they will normally stop functioning once the trial period is over. Yes, they will still open, but you won't be able to scan or perform any tasks.

In short, when your subscription expires, your systems will no longer be secure, or as protected as they should be. Interestingly enough, in mid-November 2014, Microsoft released its Security Intelligence Report 17. This report found that computers and systems with expired malware were only slightly less likely to be infected than systems without any malware scanners installed.

What do I do if my subscription is about to expire?

Before your subscription expires you should take steps to back up all of your systems and data. The reason for this is that should something happen you have a clean backup to revert to. Once this is carried out, then consider renewing your subscription. Most programs allow you to do this directly from the scanner itself, so it is often fairly straightforward.

As a business owner however, you are going to need to keep track of your systems and licenses. What we recommend is creating a spreadsheet with information on the subscription applied to all systems. Take account of when the scanner was installed on each system, how long the subscription period is for, and when it will expire.

What if my subscriptions are about to expire, but I don't like my current program?

There may come a time when the scanner you have selected simply isn't living up to your expectations. Maybe it takes too long to scan, uses too many resources, or simply isn't able to protect all of your systems. Regardless of the reason, switching scanners is always an option.

If you are thinking of moving to another scanner, we strongly recommend that before you do anything, you back up your systems. You can then start looking for other systems. We strongly recommend that you contact us, as we can help identify a solution that will work for your business and systems. We can then help ensure that the transition is carried out in a way that will not leave your systems open to attack.

We may have a managed antivirus solution that will work for your business. By using a system like this, we can help protect your systems, keeping them secure and always up to date, all without you having to get involved. All you need to do is get in touch to find our more.

Published with permission from TechAdvisory.org. Source.

Topic Hardware
December 31st, 2014

security_dec24_BTake some time and research how companies are hacked and you will quickly come to realize that there are a wide variety of methods at a hackers disposal. One of the increasingly common, and effective strategies being employed is spear phishing. In early December 2014, a new spear phishing attack was uncovered, one that has proven to be quite effective against large businesses, and could possibly target small companies as well.

What is spear phishing?

Spear phishing is an advanced form of phishing where attackers troll the Internet for relevant information about you and then create a personalized email that is sent to you. This email is usually developed so that it appears to be coming from a friend or trusted partner and contains links to a site or program that can initiate an attack or steal information.

More often than not, these links are to websites where you enter account information, passwords, and even bank account details, or any other personal information which can be used to break into computers and even steal your identity.

What is this latest spear phishing attack?

This new form of spear phishing, being carried out by an organization who calls themselves FIN4, has actually been around since as early as mid 2013. When they attack Wall Street listed companies they are doing so to steal valuable plans and insider information.

What we know is that they send highly savvy and targeted emails to people at a company, trying to harvest Microsoft Outlook account information. Once they have this crucial data they then target others inside, or connected to, the organization, with the same email, while also injecting the code into ongoing messages. This method can spread the attack quickly, leading to a potentially massive security breach.

In the email examples of this phishing threat, the attackers write mainly about mergers and other highly valuable information. They also include a link to a forum to discuss the issues raised further. These emails come from people the recipient already knows, and the link is to a site that asks them to enter their Outlook account and password before gaining access. When this information is entered, it is captured by the attacker and used to launch more attacks.

What can we do to protect our systems?

From what we know, this attack is being carried out largely against law firms, finance companies, and other large organizations. While this discounts many small businesses, there is a good chance that the attackers will turn to small businesses operating with larger companies at some point.

Because this is an email-based attack, you need to be extra vigilant when opening all emails. Be sure to look at the sender's address, and read the body of the email carefully. While hackers generally have good English skills, they aren't fully fluent, which means you will notice small mistakes. Also, keep in mind previous emails sent by the recipient. If the tone and style is off, then the email may be fake.

It is important to always look carefully at all links in email messages. If a link looks suspicious, then ask the recipient for more information or to tell you where the link goes. If you come across any site asking you to enter account information, be extra careful. Look at the URL address in your browser, if it doesn't sat HTTPS:// before the address, then it may be a good idea to avoid this.

If you have any questions on spear phishing and how you can prevent it, contact us today to see how we can protect your business.

Published with permission from TechAdvisory.org. Source.

Topic Security