With the breach of Reddit being disclosed this week, it’s key to remember the importance of robust cybersecurity, given that the hacker of the site was able to bypass 2FA. The actor was able to do this by using a method called ‘SMS intercept’ which is when the hacker is able to receive the text that contains the code for authentication. One way this is done is by SIM-swap, which is when the attacker convinces the phone provider that he is the target and applies their service to a new SIM card. Another method of attack is when bad actor impersonates the target and tricks the phone provider into transferring the target’s number to a new provider where the attacker is then able to access any 2FA codes coming into the phone.
A more secure alternative to SMS 2FA is app-based authentication through organizations such as Duo, which is not subject to the same vectors of attack. Stay vigilant out there, because SMS-intercept attacks are going to become more and more prevalent as they have been shown to be successful, and publicly too considering Reddit is one of the most popular sites on the internet.
Databranch has recently started offering a new Cyber Security offering. We will monitor your credentials in real-time on the Dark Web and notify you immediately when these critical assets are compromised, before they can be used for identity theft, data breaches, or other crime. Please call 716-373-4467 x 15, email firstname.lastname@example.org, or click here to get started!
Small businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack small, virtually defenseless businesses.
Don’t think you’re in danger because you’re “small” and not a big target like a Target or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.
In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilized cloud computing, mobile devices and store more information online. Quite simply, most small businesses are low-hanging fruit to hackers due to their lack of adequate security systems.
As a local IT support company, we work day and night to protect our clients from these attacks – and unfortunately we see, on a regular basis, hardworking entrepreneurs being financially devastated by these lawless scumbags – We are determined to WARN as many businesses as possible of the VERY REAL threats facing their organization so they have a chance to protect themselves and everything they’ve worked so hard to achieve.
Free Report Reveals The Critical Protections Small Businesses Need Today
We want to do everything that we can to stop cybercrime, so we have put together a FREE Executive Report titled “7 Urgent Security Protections Every Business Should Have In Place Now” that we have made available at no charge here on our website at www.databranch.com/sittingduck.
Download your free Report today at www.databranch.com/sittingduck or by calling our office at 716-373-4467 ext. 15.
Today we’re launching a new monthly series on the blog called “Ask a Databranch Engineer”. During these posts we’ll compile frequently asked questions from our clients and answer your top questions about information technology in the workplace.
Anyone who watches the news has become all too familiar with this headline, “Data Breach at Company X”. From Target to the FBI, personal identifying information is being exposed at a rapid rate and a top question from our clients is, “What is one thing I can do as a small business to protect my organization’s valuable company data?” Here’s what our team had to say:
Aaron Duell (Systems Engineer): “If you’re not expecting an email and you don’t know the sender, don’t open the email!”
Jason Aderman (Systems Engineer): “Set-up a password protected screen saver. Users should never step away from their computer without locking their desktop and if you do happen to leave your computer unattended an automated screen saver with a password will ensure your computer is protected.”
Matt Hillman (Senior Systems Engineer): “I would rate the need for a complex password as a high security priority. Too many times we find the password is “password”, or the name of the person’s pet, or worse yet, written down right at their desk! A password should be at least 8 characters long, include a combination of upper case, lower case, and numbers, should not be a word easily identified in the dictionary, and is not a variation of the user’s name. Best practice now is to also include spaces and create a phrase, rather than use a single word. Recent operating systems require more complex passwords, but applying these basic rules will make it even more difficult for someone with malicious intent to guess a user’s password. And, it seems to be common sense, but a password should never be shared!”
David Prince (President): “If you get an email with an attachment (doc., PDF., etc.) be very careful and suspicious. If it appears to come from someone you know, I recommend contacting the sender to confirm they sent you an email with an attachment.”
Have a technology question you’ve always wanted answered? Reach out to Amanda Lasky at 716-373-4467 ext. 15 or email@example.com.
Next month our engineers will be answering the following questions, “Should I turn my computer off when I leave the office at night?” and “How can I be sure my data is protected in the cloud?”,as well as any other questions we receive in February.
Last week it was announced that financial institution, J.P. Morgan had suffered from a security breach. This cyber-attack has affected 76 million households and 7 million small businesses, the exact number of individuals who have been exposed is unknown and has not been released.
- The attack is under control and has been stopped.
- The hackers were unable to obtain any credit or debit card information, social security numbers, passwords, or date of birth information.
- If you use Chase.com, JPMorganOnline, Chase Mobile, or JPMorgan Mobile your name, phone number, address, and email have been compromised.
What Should I Do?
- Be prepared for an increase in phishing emails, especially emails that appear to be coming from JP Morgan. A reputable company will never ask for your personal information through an email. If you believe an email is legitimate, take the time to reach out to a company representative at an established phone number. The primary goal of a phishing email is to steal your personal information or money.
Please comment below with any questions or concerns you may have about this recent security breach.
Our Databranch account managers can help you develop a security solution that fits your business’s needs. We offer a comprehensive network security assessment and our engineers have the security expertise to keep your network safe. You can reach us at 716-373-4467, firstname.lastname@example.org, or click here to get started.