Some of us attack and engage in our holiday shopping with a plan that rivals the most well thought out strategies. We scour weekly fliers, online ads, and research who will have the best price and coupon code for us to use. In order to shop smart, yes, keeping track of prices is important, but being a genius means that you include cybersecurity and personal limits in your plans.
Here are a few tips that you should include on your shopping list.
- Shop secure. Look for websites that have the https in their address. While this isn’t a surefire bet that you’re on a secure and safe site, it’s a good first step in ensuring you’re at the right Especially if you’re providing your credit card.
- Deals, not steals. Rebates, coupons, and in-store specials are a great way to save money. Make sure that if you are offering up any information it’s to reputable stores, and don’t give out personal information in return for a ‘future offer’. Read the fine print on all deals. Especially if they sound too good to be true.
- Review and research. Don’t assume because a product is on a review website that it is legitimate. Many of these sites are called affiliate sites and merely put up content that redirects you to a page where they receive compensation for the sale, like a referral program. Look at more than one site, read multiple reviews, and if possible, go to the actual store to see the quality of a product.
- Stay on the NICE list. Make a budget and stick with it. You don’t need to overspend to impress. It’s only a good deal if you need it.
- Get started on next year’s list. After holiday sales are a great time to stock up for next year’s gift-giving, but again, only if it is something that you can actually gift and not just an item that you will store away because it is a great price.
*Post Courtesy of Breach Secure Now*
We are very pleased to announce Mike Wilson has rejoined the Databranch team as our new CTO.
Please join us in welcoming Mike to the team and learn more about him below!
AAS Computer Information Systems – Alfred State
CompTIA A+, CompTIA Network+, Microsoft MCP, Cisco CCNA RS.
How did you get into the technology field?
My senior year of high school I worked at a small computer shop and decided I wanted to pursue a career in IT.
When did you join the Databranch team?
I first joined the Databranch team in 2001, fresh out of college. I rejoined the team in July of 2019.
What do you like best about Databranch?
The team atmosphere. Everyone is working together to provide great service.
How would you describe your role at Databranch?
My primary role is to oversee technical operations, ensuring our technical resources align to deliver consistent service levels and swift resolutions. I also have the opportunity to work with clients as an Enterprise Systems Engineer. Overall, my position at Databranch can be summed up in 4 parts: Technical Leader, Manager, Colleague, and Technologist.
What’s an interesting way that you use technology in your personal life?
I utilize Smart Home devices and applications to make daily tasks easier and automated.
How many computers do you own?
I love to golf, play hockey, and enjoy watching football on Sundays!
Our May Newsletter featured clients are Mark Powers, President, and Judy Benjamin, Controller, from Penn-Troy Manufacturing. Their business is located in Troy, PA with a focus on manufacturing valves for waste water treatment and large commercial engines and compressors. We have had the opportunity to partner with them for their IT needs since early 2014 and are excited to celebrate their five year anniversary as a Databranch Comprehensive Care Client this summer!
We were first introduced to the Penn-Troy team when they reached out to us after they were referred to us by another Databranch Featured Client of the Month, Dura-Bilt. Shortly after our initial meetings we began working together and Mark remembers, “I was most impressed when you guys brought in our list of unknown unknowns – things that had real potential to go wrong and we didn’t even know it. I was impressed with how comprehensive the analysis was.”
There is significant distance between the locations of both our offices, but this has never hindered the relationship or level of support. According to the Penn-Troy team, “It’s never been an issue. You guys get here and take care of all of our problems. The remote login sessions your team uses are also very easy to use as well for quick support.”
The biggest benefit they’ve seen to their company since becoming a Comprehensive Care client five years ago, “Peace of Mind. We know that if something fails everything’s backed up, we can call your team, and we get fast response so things are taken care of very quickly.” The main reason Judy likes working with Databranch, “It’s the response to issues and problems from Karyn (Databranch Service Coordinator). If I call and tell her, we have a major issue she gets right on it. It’s amazing how she can prioritize things.” Mark added, “Your team is very proactive. We have our Quarterly Business Reviews and you definitely bring things to our attention before problems happen. Also, everyone is very nice and easy to work with.”
Databranch President, David Prince, describes our relationship as a wonderful partnership and said, “There is real, honest, open communication between our two teams which allows us to work together effectively. Penn-Troy Manufacturing is one of our favorite clients to work with year after year and it is a pleasure to serve a company that values the role technology plays in their daily business operations.”
Final words from Mark and Judy, “It’s like having your IT person here, but not here with access to a full staff instead of just one guy. You fill the role of IT for a smaller company like us very well.”
Traditionally, payment credentials stolen from brick-and-mortar stores were able to command a higher price on the Dark Web than card-not-present data (also known as CNP). However, it seems like the market dynamics have recently shifted, as this information is now being used to target online retailers.
Consequently, the demand for these credentials is far outpacing supply, driving up the price. The economics can be explained by the recent US migration towards chip-based payment cards, which offer a superior level of fraud protection for in-store purchases.
Such news has broad implications for both consumers and companies operating in today’s digital ecosystem. Security has to be a constant priority, since payment trends will give way to new threats, and tomorrow’s vulnerabilities will not be the same as those existing today. In order to keep a continuous pulse on your employee and customer data, consider partnering up with an MSP that implements proactive Dark Web monitoring (like ours).
WinRAR, a Windows data compression tool that focuses on the RAR and ZIP data compression formats for all Windows users (win-rar.com), recently announced that it had patched a 19-year-old security vulnerability that allowed cyber attackers to install malicious files on users’ hard drives. The problem many users will face is that the software does not auto-update so they will need to go through the manual update process to ensure their computer is no longer exposed to the security vulnerability.
What Should I Do?
Databranch recommends users uninstall WinRAR from their systems. WinRAR is a program that used to be needed to create zip folders and unzip folders but now this function is built into the Windows Operating System.
How Do I Uninstall WinRAR?
- Find the Control Panel in your Windows Explorer.
- Click on Programs & Features
- Select WinRAR and Press Uninstall Program
How Do I Find Out About Vulnerabilities Like This Sooner and Protect My Business From Being Affected By Cybercrime?
Databranch offers managed service plans to proactively monitor, detect, and remediate identified security vulnerabilities like this. We were able to remove this program from our managed client’s machines as soon as it became a known issue and our clients were able to continue working without interruption.
To learn more about becoming a Databranch Managed Services client, call 716-373-4467, email email@example.com, or fill out the form below to get started!
Phishing continues to be a top exploit for small business breaches, and companies should take notice. Of the 360,000 spear phishing email attacks examined over a three-month period, the most common types were brand impersonation (83%) and business email compromise (11%). Such breaches can be leveraged to steal payment and personal information.
Here are some best practices for protecting your business:
1) Take advantage of AI
2) Don’t rely solely on traditional security
3) Deploy account-takeover protection
4) Use multi-factor authentication
5) Conduct proactive investigations
6) Train staffers to recognize and report cyber-attacks
7) Conduct proactive investigations
8) Maximize data-loss prevention
Call 716-373-4467 x 15 to review with a Databranch Security Expert!
Countdown Clock Courtesy of tickcounter.com.
In the past, being a small business was enough to divert hackers from targeting your company. However, cyber criminals have discovered ways to generate profit from compromised data, many times through the Dark Web. Many small business owners are beginning to ramp up their cybersecurity efforts, but the Dark Web remains an elusive concept for most.
In some ways, the Dark Web is exactly what it sounds like: an anonymous network of websites and forums where stolen information is put up for sale. How do organizations protect themselves and their customers from ending up on the Dark Web? By employing advanced monitoring tools through security providers and creating security training programs to foster a culture of cybersecurity education and awareness.
Databranch can run a Dark Web Scan for your company’s domain and monitor your credentials in real-time on the Dark Web, notifying you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Reach out to us at 716-373-4467 x 15, firstname.lastname@example.org, or databranch.com/get-started for more info!
The holiday shopping season officially starts this Friday – Check out these tips to stay safe while shopping online!
1. Careful with the Clicks
We all receive more email promotions than usual around this time of year, and we must all use a little extra caution before clicking those links to promotions! You’ll also be tracking all the incoming shipping notifications for your time-saving online orders, and though you may have dodged the crowds, try to stay vigilant as you sort through those shipment and delay notifications for your orders. Look for typos in emails or website links, which may indicate a phishing scam or fake links. Some potential problems to look for (from a report by DomainTools):
- Extra added letters in a domain, like samsclubb.com
- ‘rn’ disguised as ‘m’ such as in potterybam.com
- 1’s disguised as l’s, as in Koh1s.com
- Added affixes such as target.com-dresses.us
Also, there are tons of fake shopping apps out there, so if you want to download a shopping app from your favorite store, best to get it directly from that store’s website to be sure it’s legitimate.
2. Only Shop if There’s a Lock
Websites that have security enabled using SSL (Secure Socket Layer) encrypt data during transmission, making it safe to use a credit card on that site. Look for that little lock in the address bar and a URL with “https” instead of “http” at the beginning.
3. Don’t Shop on Hotspots
Just avoid shopping on public Wi-Fi networks, like in airports or coffee shops. While this may seem like the perfect time to knock out that shopping list, open hotspots are extremely dangerous. Hackers have been known to intercept communications between you and the connection point so that instead of talking directly with the hotspot, you end up sending your information to the hacker. In this case, the hacker has access to all the information you send out—emails, phone numbers, credit card information… And once a hacker has that information, you’ve basically given them the keys to your front door. Be sure to keep software up to date on any device you connect to the internet, to help reduce the risk of infection from malware.
Wherever you do find yourself, it’s important to use a VPN (virtual private network) Service which creates a private tunnel from your device to your service. VPN Servers will encrypt your traffic passing through the public Wi-Fi hotspots.
4. Use Strong and Unique Passwords
Consider making your passwords sentences, like “CountryMusicIsTheBest!” and make them unique to every site. Don’t ever use your work email or any variation of your work password on any third-party websites and monitor for exposure!
Consider finishing out the year strong by using a password manager to assist in dealing with the ever-increasing volume of complex and unique passwords and as always, enable multi-factor authentication (MFA) if it’s available.
We wish everyone a happy and safe shopping this season!
There was an article that came out this week written by the previous CIO of the New York City Law Department (which is also the world’s largest public sector law firm, fun fact), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:
- Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.
- Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team and employees about what they should be doing as individuals and as a team.
- Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!
With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.