Call (716) 373-4467

What Happened?

WinRAR, a Windows data compression tool that focuses on the RAR and ZIP data compression formats for all Windows users (win-rar.com), recently announced that it had patched a 19-year-old security vulnerability that allowed cyber attackers to install malicious files on users’ hard drives. The problem many users will face is that the software does not auto-update so they will need to go through the manual update process to ensure their computer is no longer exposed to the security vulnerability.

What Should I Do?

Databranch recommends users uninstall WinRAR from their systems. WinRAR is a program that used to be needed to create zip folders and unzip folders but now this function is built into the Windows Operating System.

How Do I Uninstall WinRAR?

  1. Find the Control Panel in your Windows Explorer.
  2. Click on Programs & Features
  3. Select WinRAR and Press Uninstall Program

How Do I Find Out About Vulnerabilities Like This Sooner and Protect My Business From Being Affected By Cybercrime?

Databranch offers managed service plans to proactively monitor, detect, and remediate identified security vulnerabilities like this. We were able to remove this program from our managed client’s machines as soon as it became a known issue and our clients were able to continue working without interruption.

To learn more about becoming a Databranch Managed Services client, call 716-373-4467, email info@databranch.com, or fill out the form below to get started!

Get Started

Source: https://www.theverge.com/2019/2/21/18234448/winrar-winace-19-year-old-vulnerability-patched-version-5-70-beta-1

Phishing continues to be a top exploit for small business breaches, and companies should take notice. Of the 360,000 spear phishing email attacks examined over a three-month period, the most common types were brand impersonation (83%) and business email compromise (11%). Such breaches can be leveraged to steal payment and personal information.

Here are some best practices for protecting your business:

1) Take advantage of AI

2) Don’t rely solely on traditional security

3) Deploy account-takeover protection

4) Use multi-factor authentication

5) Conduct proactive investigations

6) Train staffers to recognize and report cyber-attacks

7) Conduct proactive investigations

8) Maximize data-loss prevention

Call 716-373-4467 x 15 to review with a Databranch Security Expert!

https://www.techrepublic.com/article/how-to-prevent-spear-phishing-attacks-8-tips-for-your-business/

Schedule an Appointment with a Databranch Computer & Server Upgrade Specialist!

Countdown Clock Courtesy of tickcounter.com.

In the past, being a small business was enough to divert hackers from targeting your company. However, cyber criminals have discovered ways to generate profit from compromised data, many times through the Dark Web. Many small business owners are beginning to ramp up their cybersecurity efforts, but the Dark Web remains an elusive concept for most. 

In some ways, the Dark Web is exactly what it sounds like: an anonymous network of websites and forums where stolen information is put up for sale. How do organizations protect themselves and their customers from ending up on the Dark Web? By employing advanced monitoring tools through security providers and creating security training programs to foster a culture of cybersecurity education and awareness.

Databranch can run a Dark Web Scan for your company’s domain and monitor your credentials in real-time on the Dark Web, notifying you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Reach out to us at 716-373-4467 x 15, info@databranch.com, or databranch.com/get-started for more info!

https://www.techrepublic.com/article/how-to-protect-your-small-business-from-the-dark-web/

The holiday shopping season officially starts this Friday – Check out these tips to stay safe while shopping online! 

1. Careful with the Clicks

We all receive more email promotions than usual around this time of year, and we must all use a little extra caution before clicking those links to promotions! You’ll also be tracking all the incoming shipping notifications for your time-saving online orders, and though you may have dodged the crowds, try to stay vigilant as you sort through those shipment and delay notifications for your orders. Look for typos in emails or website links, which may indicate a phishing scam or fake links.  Some potential problems to look for (from a report by DomainTools):

  • Extra added letters in a domain, like samsclubb.com
  • ‘rn’ disguised as ‘m’ such as in potterybam.com
  • 1’s disguised as l’s, as in Koh1s.com
  • Added affixes such as target.com-dresses.us

Also, there are tons of fake shopping apps out there, so if you want to download a shopping app from your favorite store, best to get it directly from that store’s website to be sure it’s legitimate.

2. Only Shop if There’s a Lock

Websites that have security enabled using SSL (Secure Socket Layer) encrypt data during transmission, making it safe to use a credit card on that site. Look for that little lock in the address bar and a URL with “https” instead of “http” at the beginning.

3. Don’t Shop on Hotspots

Just avoid shopping on public Wi-Fi networks, like in airports or coffee shops. While this may seem like the perfect time to knock out that shopping list, open hotspots are extremely dangerous. Hackers have been known to intercept communications between you and the connection point so that instead of talking directly with the hotspot, you end up sending your information to the hacker. In this case, the hacker has access to all the information you send out—emails, phone numbers, credit card information… And once a hacker has that information, you’ve basically given them the keys to your front door. Be sure to keep software up to date on any device you connect to the internet, to help reduce the risk of infection from malware.

Wherever you do find yourself, it’s important to use a VPN (virtual private network) Service which creates a private tunnel from your device to your service. VPN Servers will encrypt your traffic passing through the public Wi-Fi hotspots.

4. Use Strong and Unique Passwords

Consider making your passwords sentences, like “CountryMusicIsTheBest!” and make them unique to every site. Don’t ever use your work email or any variation of your work password on any third-party websites and monitor for exposure! 

Consider finishing out the year strong by using a password manager to assist in dealing with the ever-increasing volume of complex and unique passwords and as always, enable multi-factor authentication (MFA) if it’s available.

Fill out the form below to request your free Dark Web Scan for your organization's domain.

We wish everyone a happy and safe shopping this season!

31Oct

There was an article that came out this week written by the previous CIO of the New York City Law Department (which is also the world’s largest public sector law firm, fun fact), discussing the best ways to avoid ransomware. In the article he discussed 3 key points:

  1. Cyber Hygiene: This is an obvious one but cannot be underrated! Passwords must be changed regularly, and everyone must remain diligent while browsing their inbox.
  2. Best practices: Best practices in this context covers updating existing tech, using preventative technologies, and communication. To have the best practice for updating existing tech, put a priority on pushing out patches, use cloud web application firewalls and credential monitoring to stay a step ahead with preventative tech, and communicate with your security team and employees about what they should be doing as individuals and as a team.
  3. Testing disaster recovery plans: This point is self-explanatory, you need a test to see if your backup plans work. You wouldn’t leave the fire alarms untested!

With ransomware being seen all over the world from Atlanta to Moscow to Sydney, it is something every business should take into account.

Request your free security risk assessment and consultation with a Databranch Security Expert here:

https://www.darkreading.com/cloud/3-keys-to-reducing-the-threat-of-ransomware/a/d-id/1333113

With the breach of Reddit being disclosed this week, it’s key to remember the importance of robust cybersecurity, given that the hacker of the site was able to bypass 2FA. The actor was able to do this by using a method called ‘SMS intercept’ which is when the hacker is able to receive the text that contains the code for authentication. One way this is done is by SIM-swap, which is when the attacker convinces the phone provider that he is the target and applies their service to a new SIM card. Another method of attack is when bad actor impersonates the target and tricks the phone provider into transferring the target’s number to a new provider where the attacker is then able to access any 2FA codes coming into the phone.

A more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack. Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful, and publicly too considering Reddit is one of the most popular sites on the internet.

 

Databranch has recently started offering a new Cyber Security offering. We will monitor your credentials in real-time on the Dark Web and notify you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Please call 716-373-4467 x 15, email info@databranch.com, or click here to get started!

 


What Does End of Support Mean?

  • No Updates will be developed or released after the end of support *Almost 100 critical updates have been released so far in 2018*
  • No Compliance with most industry wide compliance standards and regulations.
  • No Safe Haven – All physical and virtualized instances of Windows 7, Server 2008(R2), and Small Business Server 2011 will be vulnerable to security threats.
What Should I Be Doing?
  • Start planning your migration NOW
  • Determine how many instances of Windows 7, Server 2008(R2), and Small Business Server 2011 are being utilized in your current network setup.
  • Assess the upgrade path for applications that currently run on the Windows 7, Server 2008(R2), and Small Business Server 2011 operating systems.
  • Allocate resources and budget for necessary hardware upgrades to transition to Windows 10 and Server 2016.
The good news is we are still over a year away from the end of support date but it’s important to start preparing soon. At Databranch, we have successfully migrated numerous clients from Windows 7, Server 2008(R2), and Small Business Server 2011 to newer, supported operating systems. 
 

Schedule an Appointment with a Databranch Computer & Server Upgrade Specialist!

Countdown Clock Courtesy of tickcounter.com.

 
 


Databranch Offers Monitoring and Alerting of Stolen Digital Credentials, Increasingly Valuable Asset on Dark Web

Olean, NY –8/1/2018 – Databranch announced its new Dark Web monitoring services provided through its partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, Databranch offers around the clock monitoring and alerting for increasingly compromised digital credentials, scouring millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards and illegal black-market sites.

“Databranch views Dark Web ID monitoring services as a critical component of our managed security suite. Through the detection of compromised credentials, we are able to offer another security layer for our clients and respond to threats against their networks in an efficient, proactive manner.” said David Prince, President at Databranch.

 

The Dark Web is made up of various digital communities, and while there are legitimate purposes for the Dark Web, it is estimated that over 50 percent of all sites on the Dark Web today are used for criminal activities, including the disclosure and sale of digital credentials. 

 

“Digital credentials such as usernames and passwords are widely used to connect to critical business applications – the reason these credentials are among the most valuable assets found on the Dark Web,” said Kevin Lancaster, CEO of ID Agent. “Unfortunately, the unaffordability of cyber offerings has played into the cyber poverty line experienced by small businesses. Dark Web ID, however, delivers an affordable model that provides small businesses with the same advanced credential monitoring capabilities used by Fortune 500 companies to organizations in the SMB and mid-market space.”

 

Dark Web ID is the industry’s only commercial solution available to detect customers’ compromised credentials in real-time on the Dark Web. It vigilantly searches the most secretive corners of the Internet to find compromised data associated with your customers’ employees, contractors and other personnel, and notifies them immediately when these critical assets are compromised. There are a few competitors in the market but none completely focused on the Dark Web as ID Agent’s solution.

 

About ID Agent

ID Agent provides a comprehensive set of threat intelligence and identity monitoring solutions to private and public sector organizations and to millions of individuals impacted by cyber incidents. The company’s flagship product, Dark Web ID, combines human and sophisticated Dark Web intelligence with capabilities to identify, analyze and monitor for compromised or stolen employee and customer data, mitigating exposure to clients’ most valuable assets their digital identity. From monitoring your organization’s domain for compromised credentials to deploying identity and credit management programs in order to protect the employees and customers you serve ID Agent has the solution. For more information, visit: http://www.idagent.com or go to LinkedIn, Twitter or Facebook.

 

About Databranch

Databranch, Inc., is an IT consulting and outsourcing provider serving local, national and international businesses in Western New York and Northwestern Pennsylvania since 1985. We help our clients use information technology to cut costs, increase efficiencies and enhance customer service across four main areas: managed technical services, networking, security, and data protection.

The Databranch staff is made up of highly skilled, experienced and certified professionals. Our clients look to us to provide technology solutions that work. We offer consulting services that provide organizations with the best possible solutions for the most affordable price that are executed with a personal touch.

Key Benefits of working with Databranch:

• Reduce complexity of managing your technology infrastructure.

• Gain confidence that your technology is aligned with your business goals.

• Have a team of skilled and certified technology professionals backing you at every step.

• Maintain flexibility, choice and control over your business.

For more information, visit:  http://www.databranch.com or go to LinkedIn, Twitter or Facebook.

Contact:                                                          

Amanda Lasky

Databranch, Inc.

716-373-4467 x 15

alasky@databranch.com

A recent study conducted by IBM provides some context to the same old story that you hear in the news of big bad breaches and how scary they are for your business. The Cost of a Data Breach Study by Ponemon* puts numbers to these stories and provides a wealth of analysis so even someone who has never used a computer before can quantify the seriousness of a breach… as long as they are familiar with money.

The average cost of a breach increased this year by 6.4%, with the per capita cost rising less, but only barely, by 4.8% (page 3). The cost of a data breach varies greatly by country, with the United States average breach price coming in at $7.91 Million and per capita costing $233. Canada’s per capita cost is the second highest out of the nations surveyed at $202 per record, and their average price of a breach is $4.74 million. Australia’s cost of a breach is less than the US and Canada, but Aussies are far from getting off free. The average cost of a breach down under is $1.99 million and the per capita cost averages at $108 (page 13).

The study also explored the main factors that were found to affect the cost of a breach, stating 5 major contributing factors that could make the difference between a manageable breach vs a mega breach. The loss of customers following a breach, the size of the data breach, the time it takes to identify and contain a breach, management of detection costs and management of the costs following a breach are the factors that most contribute to the cost of a breach (page 7). The time it takes to identify a breach being a major contributing factor to the cost of a breach is particularly important due to the fact that organizations saw an increased time to identify a breach this year. This can be contributed to the ever-increasing severity of malicious attacks companies face and highlight the need for proactive monitoring for breaches, as well as a serious focus on cybersecurity on a management level. That’s why tools such as Dark Web ID™ that dredge the Dark Web for personal information and credentials can contribute greatly to decreasing the cost of a breach. Organizations that identified breaches within 100 days saved more than $1 Million (page 9) compared to companies who did not. That says a lot because after all… money talks.

Databranch has recently started offering a new Cyber Security offering. We will monitor your credentials in real-time on the Dark Web and notify you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Please call 716-373-4467 x 15, email info@databranch.com, or click here to get started!

*Source: Ponemon Cost of Breach Study 2018

2FA AI APC backup business continuity BYOD client of the month cloud computing computer services computer support computer upgrade Computer Upgrades Control Chief covid-19 CryptoLocker CryptoWall Cyber Attacks cyber criminal cyberattack cybercrime cybersecurity Cybersecurity Training Dark Web Monitoring Dark web scan data protection Data-Loss Prevention Databranch Databranch Comprehensive Care databranch cto databranch employees Discounts doug wilson dura-bilt email migration email security End of Support Exchange Online Facebook field technician Hardware Refresh heat-induced server crash holiday computer tips holiday internet tips How Long Do I have to Upgrade my Windows 7 Computers? ID Agent Information Technology Internet Security IT Outsourcing IT Services J.P. Morgan malware managed service managed services Microsoft Microsoft End of Support Microsoft Patching Microsoft Support Microsoft Telephone Scam mike wilson mobile device security Multi-Factor Authentication Network Infrastructure Office 2013 Office 365 old UPS password management password security Penn-Troy Manufacturing Phishing Attacks Power Failure proper server environment Ransomware remote access repeatbusinesssystems SBS2011 security security vulnerabilty Server 2008 Server 2008R2 Server Upgrade server virtualization Small Business Small Business Server 2011 smb SMS intercept Social Media stolen credentials Symantec Symantec Backup Exec temperature Tips Two-Factor Authentication Upgrading to Windows 10 UPS virus Western New York Windows 10 Windows 7 Windows Server 2003 Windows Server 2012 winrar