Author Archives: Maria Koblish

Facebook Quizzes = Identity Theft Risk?

Enjoy taking social media and Facebook quizzes? Beware of giving away too much personal information.

Even before the stay-at-home life we’re living now, social media quizzes have been very popular.

They typically take a nominal amount of time to complete, and it can be fun to compare your answers with those of all the other people who’ve taken the same quiz.

Now that many people have increased free time on their hands, these quizzes can be even more irresistible.

“While these social media and Facebook quizzes can seem harmless, these should typically be avoided,” said Aaron Allen. “These quizzes can ask for things like the name of your first pet, your childhood best friend, or your birth city. If you think about it, these are same types of things that are used for your security questions when you’re setting up, say, an online bank account.”

A popular questionnaire invites you to share a picture of every car you’ve ever owned. Tread carefully, because a common security question is, “What was your first car/vehicle?”

Other questions that could provide scammers personal content include:

  • What is your mother’s maiden name?
  • What is your date of birth?
  • What is your favorite color?
  • In which year did your graduate high school?
  • What is the name of the street you grew up on?

Quizzes aren’t the only place where you can overshare.

Blog posts, social media, and any public online forum are areas where you may unwittingly provide too much personal information.

“Always be vigilant online,” stressed Allen. “If you have a funny feeling about something, avoid it. You never know how information you share will be used – or abused.”

5 Cybersecurity Tips for Remote Workers

Working outside of the confines of your office – and internal network – may actually be liberating to many. The change of scenery may boost productivity and even allow you to be a tad bit more flexible in your work schedule.

While remote, you’ll need to keep maintain a high degree of focus and digital hygiene to help keep your data safe.

Here are five easy-to-follow cybersecurity tips for remote workers to help stay secure while working outside the office walls.

1. Be vigilant about Coronavirus-related attacks

Cybercriminals take advantage of unfortunate situations, and the current pandemic is no different. Attackers can pose as health officials requesting personal information. These can be in the form of calls, emails, and even texts.

2. Keep your devices and security software up to date.

Updates for hardware and software oftentimes contain security patches. Thus, it’s important to keep everything updated. If not, you run the risk of having vulnerabilities that can be exploited.

3. Utilize Multi-Factor Authentication.

Have the option to utilize Multi-Factor Authentication? Do it! Multi-Factor Authentication is essentially another layer of defense when it comes to accessing accounts. Every additional layer makes it that much harder for attackers to get at your data.

4. Be careful when using public Wi-Fi.

When out and about, don’t just blindly connect to the first available Wi-Fi connection. Take a moment to carefully review your options. If you’re in an establishment, ask an employee for the correct network and, if needed, the necessary credentials.

5. Don’t forget about physical security.

While staying vigilant about your digital security, don’t forget about physical security. When taking a break, don’t leave your laptop or mobile devices out in the open.

 

 

Maze Ransomware

Maze ransomware? A new ransomware strain? Well, that’s nothing new. Ransomware has been evolving for years, mutating into even more insidious versions and keeping business owners and security professionals on their toes.

But this new strain has been particularly troublesome.

So much so that the FBI recently warned against this so-called Maze ransomware. The threat actors have been known to threaten to publicly posting data stolen during its attacks if the victims refused to meet their demands. And that is what’s happening.

The hackers behind the attacks are known to pose as government agencies or even, ironically, security vendors. They have been targeting US organizations since late 2019. They’re M.O. differs from the run-of-the-mill ransomware attack, which typically just seeks to encrypt the data. With Maze, the criminals will exfiltrate the data before encryption.

“So, what do I do about this ransomware threat?” you might be asking.

Here are some tips you can follow to help keep your systems safe from maze ransomware and other threats:

  • Keep all systems patched and up-to-date. This helps ensure known vulnerabilities are shored up.
  • Multi-factor authentication can add a potent extra layer of security. Extra additional security checkpoints make it harder for someone to hack into a system.
  • Network monitoring can provide system-enhanced vigilance against unusual activity.
  • Provide cybersecurity awareness to your employees. If you use a Managed Service Provider or Managed Security Provider, invite them to your office(s) to provide training sessions on the latest cyber threats.
Comprehensive Cybersecurity, from Endpoints to Inboxes

Ransomware…

Phishing…

Data breaches…

Business Email Compromise…

It seems there’s always something in the news about a new strain of malware, or a breached network, or a computer system locked down and held for ransom, or an email deception that’s led to a loss of hundreds of thousands of dollars…

The threats are real.

The losses are mounting

Cybercrime is at all-time high.

And there’s no sign of slowdown.

Comprehensive cybersecurity is a corporate priority

More and more business leaders are recognizing the need to up their security game.

But the threats coming from around the globe are constantly evolving. It takes vigilance, a dedicated team, best-of-breed hardware and software – as well as a continual effort to analyze the latest trends and tactics of the enemy.

This all takes time and money. And you have a business to focus on.

“Thrive provides complete security for your whole network,” said Brian Walker.

“We realize security is one of the biggest challenges our clients face, and we’ve put together a comprehensive offering that will keep them protected from the unimaginable threats coming from all angles.”

“Per Gartner, cybersecurity spending worldwide is expected to hit $133.7 billion in 2022. We want to provide cybersecurity that’s both extremely effective and cost-effective. Thrive offers a fully managed service that includes all of our cybersecurity-based offerings, and is perfect for small- to medium-sized businesses across all industries.”

 

Anyone can be a target

You may have seen the stories of the large corporations getting hit by cyberattacks. While these companies may be very attractive to attackers, the truth is the SMB sector bears the brunt of the assault.

Because of time, budgetary, or personnel constraints, small and medium businesses may not have the most up-to-date or insurmountable network security. And hackers are very aware.

“Other big targets include those organizations with valuable data,” explained Walker. “Health professionals deal with patient data. Likewise, law firms work with plenty of sensitive information. And financial businesses can literally be a treasure trove if their networks are breached. Security is of utmost importance to these professionals. But the truth of the matter is, anyone can be a target.”

 

Overlapping layers of security

“One of the best ways to defend against the numerous cyber threats out there is a series of layered defenses,” said Aaron Allen. “Managed NextGen Firewall is comprised of overlapping layers of security, encasing your network with powerful protection. If one layer should ever fail, the other layers will be ready to deflect the attacks.”

These Iayers for comprehensive cybersecurity include:

  • Proactive monitoring
    State-of-the art monitoring allows Thrive’s cybersecurity team to detect anomalies and trouble signs so they can proactively address issues before they lead to downtime and big trouble.

  • A secure and managed network
    With increasingly complex user computing demands and the threat of business-ending ransomware and other cyberattacks, the task of managing a company’s network can certainly be formidable. Thrive can configure and manage cutting-edge firewalls and switches, and keep your access points secure, to ensure your staff stays safe and ultra-productive.

  • Email protection
    Email is a huge attack vector. Malicious hyperlinks and innocuous-looking attachments with nasty payloads lurk in inboxes, ready to be clicked and opened. Thrive’s Managed NextGen Firewall utilizes advanced protection, including protection at the DNS level, to help keep your users safe. By severing pathways to malicious sites and ransomware command & control servers, Thrive’s Managed NextGen Firewall effectively neuters many email-based attacks.

  • Defense, in and out of the perimeter
    Properly protecting each device in your network can be challenging. Thrive’s highly skilled techs and sophisticated infrastructure provide the expertise and economy of scale to effectively manage and monitor your whole network, whether you’re a small, focused group or a larger team spread across multiple sites. Thrive’s advanced monitoring allows our team to protect your personnel – whether they’re in the network or beyond in the field.

 

Ready to get cyber-secure with comprehensive cybersecurity?

“Our security experts maintain all your cybersecurity hardware and software, and they stay on top of the latest trends and attacks.”

“This allows you to remain laser-focued on your business and mission. Should you ever need assistance, you’ll have a dedicated rep as well as access to our 24×7 help desk personnel.”

Ready for the ultimate in fully managed network protection? Contact Thrive today.

“We’d love to help you develop a game plan to get secure,” said Walker. “From endpoints to inboxes, we’ll have you covered with comprehensive cybersecurity.”

 

PwndLocker Ups the Ante in Ransoms

We’ve written about Big Game Hunting, where cybercriminals focus on attacking high-value targets instead of a host of smaller targets. We’ve also noted the increasing amounts of ransoms demanded in ransomware attacks in recent years.

A segment of attackers has certainly been on a quest for bigger and bigger ransoms. A new ransomware, dubbed PwndLocker, follows this disturbing trend.

PwndLocker has been hitting local governments and large enterprise targets, requesting eye-watering bitcoin ransoms ranging from $175,000 to over $660,000, per Bleeping Computer.

Also per Bleeping Computer, using a sample shared by renowned security researcher MalwareHunterTeam: PwndLocker, upon being unleashed on a network, attempts to shut down various Windows services. These include Microsoft SQL Server, IIS, Veeam, as well as popular security applications like Sophos, McAfee, and Malwarebytes.

Other targets for shutdown include backup applications, database servers, and commonly used applications such as Word, Excel, and Firefox.

After shutting down processes and apps, and clearing out Shadow Volume Copies that could help with restoring data, the PwndLocker ransomware will start encrypting files.

The ransom note left behind includes payment details and even allows for the complimentary decryption of two files as a show of good faith!

 

Security is a priority

Network security is of utmost importance when ransomware like PwndLocker is being used by attackers.

“Whether you have a small business or a large corporation, you need to make security a priority,” said Brian Walker.

“While the attackers behind PwndLocker are apparently going for larger targets, many cybercriminals are quite indiscriminate.”

“In fact, small and medium businesses can be favored targets because they may not have the level of security that larger organizations typically have. Most smaller businesses won’t be able to pony up extremely large ransoms like the mega-corporations can, but if the attackers can successfully disable multiple smaller companies and make them pay, it can add up.”

“Layering your security is one of the best things you can do to protect your data and your people,” said Aaron Allen. “Attackers will use a variety of tactics, including social engineering, where they utilize campaigns of deceptive emails and messages to infiltrate a network.

“By having multiple defenses — including comprehensive backups of vital data — you create a much more powerful defense than just relying a single security appliance or software.”

“It’s time to strengthen your security,” stressed Walker. “Schedule your free consultation by filling out the form below. We’ve just recently been recognized in the ‘Elite 150‘ managed service providers by CRN. Whether you want us to manage a portion of your security or all of it, we’re here to help you stay safe.”

Job Scams: Easy Tips to Avoid Falling Prey

Job seekers: beware fake job scams.

Job listing scams have actually existed for a long time, per the FBI. However, the technology now being used by scammers along with their increased skill level are making the scam listings much more believable.

And it’s showing up more frequently.

The FBI recently released a Public Service Announcement to warn job seekers of this menace.

So, what’s the threat?

Cyber criminals are using fake job listings to ensnare job applicants. Once they have gotten an applicant in the “review process,” they will gradually begin attempting to obtain sensitive personal information and financial account credentials. They oftentimes even ask the for “start-up” funds to get initial equipment needed for the “job.”

And of course, once the criminals get what they seek, they’ll simply disappear and no longer respond to emails or other communication from the hapless victims.

Read the full FBI announcement here.

 

Tips to avoid job scams

  • Conduct some web research on a company you’re interested in. Cross-reference phone numbers, email addresses, and other details in the listing with what’s on the web. If the employer has posted jobs through their website, check and see if there’s a listing there that corresponds with the one you found on the job board.
  • Be careful when asked to conduct an interview via teleconference applications that use email addresses instead of phone numbers.
  • Be wary of companies that ask for bank information prior to you being hired. Do not send money or conduct wire transfers to these.
  • Do not proceed with an application process if you need to purchase start-up equipment prior to being employed.
  • Never provide personal credit card information to an employer.
  • Guard your social security number and personally identifiable information. This type of information, along with your bank details, is safer to provide to a company in-person rather than electronically through email, text, or a web form.

 

Protect yourself from job scammers

“Vigilance and common sense can be powerful allies in combating internet scams,” said Brian Walker. “When something doesn’t sound right, don’t rush to action. Instead, take a moment to process things.

“Scammers tend to phrase things to elicit a rushed response. Don’t fall into their trap.”

“Cyber scammers are opportunistic,” added Aaron Allen. “They’ll use holidays and important occasions to their advantage. They thrive in busy times of the year, where people may be a bit stressed and may possibly have their guard lowered.

“A healthy skepticism coupled with an awareness of the types of threats out there can help you stay safe. Contact Thrive today.”

InVault Pro Now Offers File Protection Across Your Devices

File protection: What is it, and do you need it?

If you’re wondering if you need file protection as part of your IT service arsenal, ask yourself these questions:

Ever accidentally delete an important file?

Has data critical to your operations ever gotten corrupted?

Afraid of getting hit with ransomware, locking down your work?

Chances are, you’ve lost a business-impacting file that you wished you hadn’t.

Thrive’s DRaaS is a potent backup and business continuity service that has evolved to offer file protection to safeguard your data across all your devices, including workstations and laptops.

 

Ever-present threats to your data

Data has become the lifeblood to businesses small and large. Losing it can cause costly downtime, regulatory fines or, in the worst of cases, even the death knell for your business.

Many of our clients are already using DRaaS to keep snapshots of vital content in case of disaster — including Office 365 data. We’re now offering even more granularity when it comes to keeping your mission critical data out of harm’s way.

 

Flexible, powerful file protection

“Whether you’re inside your network or in the field, using a desktop or laptop, IVP Desktop File Protection Backup offers continuous file and folder backup,” said Brian Walker. “Now you won’t have to worry if an important file is lost or damaged while you’re on the go. If you have an internet connection, you’re data is being backed up.”

“Six-month versioning allows plenty of options to restore from accidental file deletion or corruption, and unlimited data for workstations eliminates worrying about reaching limits,” said Aaron Allen. “This expanded InVault Pro service will certainly be a game-changer, and it will help our clients – who are becoming more distributed and mobile – stay protected in the increasingly hostile digital landscape.

“Ready to compute with confidence with potent file protection? Contact us today for a free data backup consultation.”

Hackable Home Devices: InCare’s Jon Parks Provides FOX13 Tips to Keep Your Family Safe from Cybercriminals

“Any security system that is accessible from the Internet is going to be pretty vulnerable. If you set it up incorrectly.”

So said Thrive’s Jon Parks to FOX13 in a recent cybersecurity-themed report.

FOX13 Investigator Reporter Greg Coy was investigating how to prevent cybercriminals from hacking into your Ring Camera Security system.

App-controlled devices have been all the rage in recent years, and many homeowners have turned to Ring systems to provide peace of mind when it comes to home security.

That peace of mind was rattled when word got out that a hacker gained control of a Mississippi family’s system last December.

FOX13 reached out to Ring for a comment. Their response suggested they believed the account was compromised due to harvested data/credentials and not a device breach.

“Chances are the family had some account information stolen in one of the numerous data breaches,” said Parks. “Target, Home Depot, Equifax… these companies have all had breaches, which means if you had sensitive information with any of those, your info may be up for grabs in the so-called Dark Web, or areas of the internet where hackers exchange data and plan their attacks.”

Parks offered FOX13 easy-to-follow yet powerful ways to keep your accounts and your family safe.

  • Utilize two-factor authentication where possible.
    This provides additional layers of authentication (such as a code sent to an associated mobile phone) that must be entered before accessing an account.
  • Set up a firewall.
    Firewalls can add strong protection against attackers. Ask your internet provider if they provide a firewall.
  • Beware of phishing emails.
    These are deceptive emails that are designed to get you to respond with sensitive information or account credentials. When in doubt, don’t click.

 

Warning Signs to Look for in Aging Computers

Are the computers in your office beginning to show their age? Do you even know how old they are? For the sake of your productivity, it may be time to replace them for a newer model. We’ll go over some warning signs that your computers may be nearing their retirement age.

How to Tell How Old a Computer Is

When a computer starts to get too old, it can become a problem for productivity. In fact, to help avoid this, some even recommend replacing a work computer every four years… but how do you tell how old a work computer is in the first place?

This isn’t always as cut-and-dried as one would think it should be. Some computers and laptops will have a date right on the case, neat the serial number. If there is no date provided, a quick search for the serial number might give you an idea.

You can also check the components of your computer itself, using the System Information tool. In the Search Windows box, type in “sysinfo.’ From the results, access System Information and in the window that appears, you can find plenty of information to help you date the machine. For instance, if the BIOS of the device has never been upgraded, the date will likely tell you how old the machine is, more or less. Searching for other components can help you to confirm this estimate.

As a result, you can get a better idea of whether your computer’s issues are age-related, or if there’s something else creating problems.

Signs That Say It’s Time to Replace Your Computer

There are quite a few factors that can indicate when your computer is due to be retired. While these indicators can each be a sign that something else is going on with your machine, a combination of a few of them is a fairly reliable signal that you and your device will soon have to say goodbye:

  • The computer is huge. In the interest of space, many modern devices are built to be compact, taking up less space than their predecessors did. While this isn’t a hard and fast rule (powerhouse workstations often take up a lot of space out of necessity), a larger, basic-function workstation or laptop is generally an older one.
  • Startup and shutdown take forever. Again, there are a few different issues that could contribute to lengthy startup and shutdown times. Too many applications may be set to automatically run in the background, or your hard drive might be almost full. However, this is another common symptom of an aging device.
  • You’re encountering hardware and software limitations. If your attempts to upgrade your computer’s hardware and software – especially security software – are stymied by a lack of interoperability or support, it’s probably time to consider replacing it. This is even more so the case if your work-essential solutions can’t be upgraded any further or runs slowly, or loading your applications takes notably long and they can’t efficiently run simultaneously.
  • Your computer is loudIf the fans in your device (whether it’s a desktop or a laptop) run loud, it’s a sign that your computer either needs a good cleaning or needs a good replacing. If the issue persists after a thorough cleaning has taken place, that’s a sign that your hardware is working too hard, a sure sign of age-related issues.

If you feel that your hardware is due to be replaced, reach out to Thrive. We have the contacts to help you procure the equipment you need to remain productive and offer the support to keep this equipment going. Contact Thrive today. 

Small Businesses are Prime Targets for Cyber Attackers

Some small-business owners are under the impression that cyber criminals are only looking for large targets.

After all, the big corporations have much more to steal and hold for ransom. Right?

While massive corporations can certainly be coveted targets for cyberattack, the reality is most hackers are quite indiscriminate. And many revel in targeting smaller businesses.

Why is this?

Big corporations typically have the necessary budget, staff, and expertise to provide potent cybersecurity. Successfully attacking a large company requires a supremely crafty attack and/or an egregious security blunder — on the part of the target — to exploit.

Smaller businesses, on the other hand, may not have the resources to cobble together adequate defense. There’s typically a deficiency in resources, knowledge, or budget. Because of this, hackers can have a much higher chance of successfully defeating a small business’s security (if they have any) versus breaching the many-layered defense of a mammoth corporation.

According to Verizon’s Data Breach Investigations Report, of the security incidents in their study:

43% of data breaches involved small businesses.

So, all businesses need to push security to the forefront of their priorities. And no vertical is untouchable.

 

“How do we get cyber-secure?”

You might be asking yourselves this question. Well, you can go the DIY route or hire a an experienced managed security provider.

The former can be quite time-consuming, as you’ll need ample time to ramp up your infrastructure, find talent, and get your security regime up and running. This can certainly be a costly endeavor. And don’t forget the need to stay on top of the ever-evolving threat landscape.

By partnering with a managed security provider, you can hit the ground running with your security. You can instantly tap into the experience and skillset of their team, and you won’t have the burden of keeping up with the latest cyber threats.

“Whether you want us to manage one aspect of your network security to all of it, we’re ready to keep you, your staff, and your data safe,” said Brian Walker. “Our team has a lot of experience protecting companies and organizations in all manner of industries.

“Ready to learn more? Contact us today.”