Businesses today are aware of the importance of regularly updating the different software they use to keep these running optimally and protected against cyberthreats. However, they often overlook the firmware of their computers and other devices. At best, firmware is only updated if there’s an issue with the hardware. But it’s actually a good idea to always keep firmware updated, and here’s why.

What is firmware?

Firmware is a basic type of software that is embedded into every hardware component in computers, computer peripherals (e.g., keyboards, mice), printers, mobile devices, and Internet of Things devices. It’s also found in some household appliances and gadgets such as TV remote controls, as well as everyday objects like traffic lights.

Essentially, firmware controls the device it’s installed on, sending instructions for how the device communicates with its different hardware components. It is only compatible with the make and model of the particular hardware it is installed on, and it cannot be uninstalled or deleted.

Why is updating firmware important?

According to Microsoft’s 2021 Security Signals report, firmware attacks are on the rise. These attacks involve injecting malware into computer systems to tamper with the firmware on motherboards or hardware drivers. From there, cybercriminals can do any number of things to the infected computers, including remotely controlling the devices, disabling the antivirus software, exfiltrating data, and blocking access to the devices and the data they contain.

Experts recommend installing firmware updates as soon as these become available to effectively protect against firmware attacks and other threats to your business’s cybersecurity. Users will also enjoy increased speed and enhanced performance with a firmware update.

How to install firmware updates

The method for updating firmware differs from device to device. For instance, you can simply download and install firmware updates on both iOS and Android devices. However, for devices such as routers, you will have to apply firmware updates from the manufacturer’s website or administrative console.

Keep in mind, however, that updating firmware can be tedious and time-consuming. In some cases, a firmware update can reset your devices and restore factory settings, causing you to lose custom configurations on your computers, routers, and the like. And if you fail to follow the manufacturer’s instructions to the letter, you risk damaging your systems.

It’s therefore best to leave the installation of firmware updates to the experts. For more information about firmware security and how to safely install firmware updates, or for any questions related to business IT, give our specialists a call today.

The post The importance of updating firmware appeared first on TechSolutions, Inc..

Most businesses are familiar with denial-of-service (DoS) attacks, or attacks that cripple an IT network, system, or machine to deny access to intended users. Not many businesses know, however, that Voice over Internet Protocol (VoIP) systems can be a DoS attack target too. If you have security measures in place against regular DoS attacks but don’t have one for your telephony system, it’s about time you fix that.

Denial-of-service attacks

The end goal of any DoS attack is to overwhelm a system with so many requests that it is eventually forced to shut down. Telephony DoS (TDoS) attack is a subcategory leveled at VoIP systems. Alarmingly, this attack is commonly used against hospitals and 911 phone lines. Some TDoS attackers even demand a ransom to halt the attack, which is similar to ransomware attacks. They take advantage of cryptocurrencies and caller-ID spoofing to make it incredibly difficult to identify attackers.

TDoS attacks generally employ fewer resources than the DoS attacks that are designed to cripple IT systems, which include networks, servers, and software. At its most basic, a TDoS attack requires only an automated phone dialer that calls a target phone number and hangs up — over and over. That very simple strategy can stop anyone else from getting through the line.

What organizations need to do

While your first instinct may be to lock down your VoIP system with complicated security measures, doing so will only do more harm than good. Most businesses can’t operate if they can’t communicate with their customers, business partners, and other third parties.

Although VoIP may be a digital resource similar to other components within your IT systems, the very nature of phone lines makes hiding them behind firewalls and other protections impossible. Fortunately, there are now new security protocols that can protect your communication infrastructure against those who try to use force to gain access to your directory information. These protocols can also identify, reroute, and filter calls coming from known attackers. Get in touch with our team to learn more about these protocols.

If you’re experiencing any abnormalities with your VoIP system, or if you want to deploy the most advanced solution that the market has to offer, our expert team of IT professionals is ready to help you at the drop of a hat — just call today.

The post The dangers of TDoS to your VoIP systems appeared first on TechSolutions, Inc..

Over time, many great ideas are occasionally re-examined and reconsidered by the scientists and businesspeople of the day. Was the world flat or round? Did the other planets revolve around the earth or the sun? Was Michael Jackson the greatest entertainer in history? Additionally, innovators are known for rethinking how we do things. Henry Ford imagined a better way to build cars, Steve Jobs created a better way to use a cell phone, and Ray Croc (and the two other guys who really founded McDonald’s) introduced a new way to serve cheeseburgers. Yes, throughout history, we’ve constantly re-examined our world and used innovation to find new solutions to old problems … but never before at the pace we are doing that today!

Today, we are rethinking almost everything … faster and more completely than we ever have. Change is everywhere, and it often results in an uncomfortable feeling for many people. As we start moving forward from 2020, we find change in our technology landscape, our economic recovery solutions, and our healthcare expectations, just to name a few. Cyberattackers are changing too!

But … so is Cybersecurity. Which is good. Because as the bad guys change and improve their techniques, so should the good guys.

First, cyberthieves have new goals. Ransomware pirates want big money and are attacking almost anyone these days. The cost of ransomware has skyrocketed. It wouldn’t surprise me to find actual ransom quotas being put on the cyberthieves responsible for that in their organization.

Second, hackers have different objectives. Sure, they want your money, but they also want to test the waters of causing massive disruptions to life as we know it. Your $50,000 bitcoin ransom is very different than the effects of shutting down a pipeline or monkeying with the US food supply.

Third, the way cybercriminals attack is different. They are constantly developing new techniques. They find and exploit weaknesses that we did not even know existed a year or two ago.

Finally, methods for defending your business are also constantly evolving. Today, a well-protected business has layers and layers of protection in use to decrease the risk. The firewall, the virus protection, and the server back-up system are not enough anymore. All of the extra layers of protection cost more than it once did. Simply put, it is just the cost of doing business.

Cybersecurity professionals across the country, and the world, are rapidly rethinking the way we protect your business. The game is different now, and so is the way we play the game. We are rethinking everything.
This means three things for most small to mid-sized businesses.

• Work closely with and trust your specialist in Cybersecurity. It is a full-time, multi-disciplined job to keep you protected these days.
• Keep an open mind when your IT team tells you they are changing their approach or when they suggest something new. The solution needs to be different because the problem we are trying to fix is constantly changing.
• Be patient and understand that the added protection many times means increased costs. Try to understand the risks involved and perform your own cost-benefit analysis of mitigating those risks with extra protections that cost more money.

Together, we must rethink our approach. Understand that the goal to protect your business has not changed; however, the way we defend your IT network is always changing.

We are rethinking everything.

The post Rethinking Cybersecurity appeared first on TechSolutions, Inc..

Like most business owners, you may be too busy managing your organization to be concerned about optimized security measures and other technical matters. However, failing to protect your business puts it at risk of data theft and other cyberattacks. Let’s take a look at some ways you can keep your organization safe.

Cover your webcam

If Facebook founder Mark Zuckerberg, former FBI Director James Comey, and National Security Agency whistleblower Edward Snowden all believe their webcams could be compromised, there’s no reason you should feel safe. This is because cybercriminals can use your webcam to spy on you.

They can examine your surroundings, determine your location, and spy on the people you’re with. The attackers can record intimate and vulnerable moments and use these to blackmail you.

Fortunately, guarding yourself against this danger is easy. Covering your webcam should do the trick. You can use regular tape or you can purchase a cheap webcam cover online. Check as well if your webcam has a dedicated kill switch, as this disables the hardware, making it impossible for cybercriminals to spy on you.

Use a privacy shield

Also known as a privacy guard, screen, and filter, a privacy shield is a thin transparent sheet you apply on your computer, laptop, or smartphone screen to limit viewing angles. Once installed, anyone trying to look at your screen from anywhere — except straight on — will see nothing.

Privacy filters are commonly used to protect work devices that display or contain critical files with sensitive data or confidential information. However, work and personal devices are both vulnerable to “shoulder surfing,” the act of peeking at someone else’s screen, with or without ill intent. This is why it’s ideal to use protectors on all the devices you and your staff use.

Get a physical/biometric authentication key

Requiring more than one set of credentials to access sensitive resources has become the standard practice for established websites and applications. With multifactor authentication (MFA) in place, you can gain access to your account only after you’ve entered an authentication code.

Before, two-factor authentication relied mostly on text messages sent to mobile phones. But IT experts now discourage the use of SMS authentication because of the following reasons:

• Text messages aren’t encrypted (i.e., these can be seen in plain text), and can be intercepted in man-in-the-middle attacks.
• Text message notifications may display one-time pins (OTPs) that can be seen by unintended viewers.
• Cybercriminals may redirect text messages to their own devices.
• OTPs can be stolen via SIM swapping.
• Users can be tricked into entering OTPs in a fraudulent login page.

If you’re looking for authentication services that can’t be easily neutralized, try a hardware key like a USB or Bluetooth key that you can always carry around. You can also use biometrics such as a fingerprint, retina, or facial scan. It’s difficult to copy a person’s fingerprint or facial features, making it a secure authentication method.

If you need help setting up two-factor authentication or IT security services, contact our experts. We’ll help you get peace of mind from knowing that your business IT is in good hands.

The post 3 Simple ways to keep your business safe from hackers appeared first on TechSolutions, Inc..

It’s every business user’s responsibility to protect their computers and data from cyberattacks. The good news is that you don’t need to be an IT security expert to keep them safe. You can start increasing your knowledge by learning some of these basic cybersecurity terms.

Malware

For a long time, the phrase “computer virus” was misused to refer to every type of attack that intended to harm or hurt computers and networks. The more appropriate term for these harmful programs and files would be “malicious software” or “malware.” Whereas a virus is a specific type of malware that is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as malware.

Ransomware

Don’t let all other cyberthreats ending in -ware confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is “ransomware,” which is malware that encrypts valuable data until a ransom is paid.

Intrusion prevention system (IPS)

There are several ways to safeguard your network from malware, but an IPS is quickly becoming one of the nonnegotiables. An IPS sits inside your company’s firewall and looks for suspicious and malicious activity that can be halted before it can exploit or take advantage of a known vulnerability.

Social engineering

Not all types of malware rely solely on fancy computer programming. Experts agree that the majority of attacks require some form of “social engineering” to succeed. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or protected information. For cybercriminals, complicated software is totally unnecessary if they can just convince potential victims that they’re a security professional who needs the victims’ password to secure their account.

Phishing

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of defrauding people using an app or a website that impersonates a trustworthy or often well-known business in an attempt to obtain confidential information. Just because you received an email that says it’s from the IRS doesn’t mean that it is. Don’t take such emails at face value — always verify the source, especially if the emails are requesting your sensitive data.

Antivirus

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well-known malware variants.

Zero-day attacks

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to fix the gap in security. However, if cyberattackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

Patch

When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest malware.

Redundant data

When antivirus software, patches, and intrusion prevention fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that if there is a malware infection, you’re equipped with backups.

Our cybersecurity professionals are always available to impart more in-depth knowledge of the many different kinds of cyberthreats. Get in touch with us today and find out how we can help you with your IT security woes.

The post Top IT security terms everyone should know appeared first on TechSolutions, Inc..

Many businesses prefer Microsoft 365 not only because of its powerful features and cost-saving benefits, but also because of its world-class security. However, the cyberthreat landscape is constantly evolving, so using this suite of cloud-based tools and services will always come with security challenges. Fortunately, Microsoft is continuously looking for ways to address these issues to ensure that your environment and data are protected.

Vulnerabilities in SharePoint

Businesses typically use SharePoint Online and on-premises SharePoint sites to store sensitive information like personally identifiable data. Failing to secure SharePoint content against unauthorized users is one way to expose data and your business to malicious actors. This can be critical for companies that are required to comply with stringent data privacy and protection regulations and may face serious consequences for noncompliance.

To prevent this, limit administrator-level privileges and enable encryption. Additionally, set the necessary security restrictions per user for every application.

Unprotected communication channels

Phishing attacks and malware are two of the most common ways cybercriminals infiltrate a system, but there are other paths of attack. Microsoft 365 applications like Microsoft Teams, which can connect to external networks, may serve as a medium for ransomware and other types of attack.

Train your staff to identify potentially malicious files and links. Also, offer guidelines on how to handle and route sensitive files and communication to safe locations.

Security risks in dormant applications

Organizations using Microsoft 365 often won’t use all the tools and services included in the productivity suite. You may use one or several programs like Word, Excel, and SharePoint but rarely use OneDrive. If your business has been utilizing specific programs, note that some dormant applications may be prone to attack. This is why it’s crucial to identify the apps that aren’t being used, and have an administrator tweak user settings to restrict availability on such apps.

File synchronization

Like most cloud services, Microsoft 365 allows users to automatically sync on-premises files to the cloud, such as in OneDrive. This useful feature is not without security risks, however. If a file stored locally is infected with malware, OneDrive will view the file as changed/updated and trigger a sync to the OneDrive cloud, with the infection going undetected.

Office 365 Cloud App Security, a subset of Microsoft Cloud App Security, is designed to enhance protections for Office 365 apps and provide great visibility into user activity to improve incident response efforts. Make sure your organization’s security administrators set it up on your systems so you can detect and mitigate cyber risks as soon as possible.

Cybercriminals will continue to sharpen their hacking techniques, and your organization must keep up to protect your systems, apps, and devices. Call our team of IT experts now if you want to strengthen your business IT security.

The post Microsoft 365 security pain points and how to solve them appeared first on TechSolutions, Inc..

Ransomware is on the rise, but falling victim to one is not the end of the world. You can try some of these ransomware decryptors and maybe one of them will work. These are especially useful against automated “zombie” ransomware types.

The state of ransomware in 2021 so far

Businesses need to deal with ransomware both from outside and within. On one hand, there are more cybercriminals trying to infiltrate your network. On the other hand, careless and unknowing staff can easily let ransomware enter your network. For instance, employees may be tricked into providing their access credentials in phishing sites, or they may click links to websites that upload ransomware downloaders onto their machines.

The statistics are sobering. Ransomware cost businesses more than $75 billion per year. Over the past two years, ransomware attacks have increased by over 97%. And compared to the first two months of 2017, ransomware campaigns that were initiated from phishing emails increased by 109% in the same span of time this year.
According to studies, there will be a ransomware attack targeting a business every 11 seconds in 2021. That is up from every 14 seconds in 2019, and every 40 seconds in 2016. And the trend is that the rate will continue to increase over the years.

Zombie ransomware is easy to defeat

Not every type of infection is targeted to individual organizations. Some infections may result from self-propagating ransomware strains, while others may come from cyberattackers who are hoping targets become so scared that they pay up before doing any research on how dated the strain is and how to remove it.

No matter what the circumstances of your infection are, always check the following lists to see whether free decryption tools have been released to save you a world of hurt:

• Kaspersky Lab’s No Ransom list
• Avast’s free decryption tools
• Trend Micro’s Ransomware File Decryptor
• Heimdal Security’s Free Ransomware Decryption Tools

Prevention

But even when you can get your data back for free, getting hit with ransomware is no walk in the park. There are essentially three basic approaches to prevent ransomware:

• First, train your employees about what they should and shouldn’t open when browsing the web and checking email.
• Second, back up your data as often as possible to quarantined storage. As long as access to your backed-up data is extremely limited and not directly connected to your network, you should be able to restore everything in case of an infection.
• Finally, regularly update all your software solutions (operating systems, productivity software, and antivirus). Most big-name vendors are quick to patch vulnerabilities, and you’ll prevent a large portion of infections just by staying up to date.

Whether it’s dealing with an infection or preventing one, the best option is to always seek professional advice from seasoned IT technicians. It’s possible that you could decrypt your data with the tools listed above, but most ransomware strains destroy your data after a set time limit, and you may not be able to beat the clock. And even if you do, you probably won’t have the expertise to discern where your security was penetrated.

Don’t waste time fighting a never-ending stream of cyberattacks — hand it over to us and be done with it. Call us today to find out more.

The post Here are some ransomware decryptor sites you should keep handy appeared first on TechSolutions, Inc..

Theft of service is the most common type of fraud that impacts Voice over Internet Protocol (VoIP) phone systems. Let’s take a closer look at how it affects VoIP networks and how your organization can prevent or minimize the risk of this type of fraud.

What is theft of service?

VoIP theft of service is the most common type of VoIP fraud. At its most basic level, it involves the theft of your organization’s VoIP account credentials, including usernames and passwords, either by eavesdropping or by introducing malware into your system. Once cybercriminals gain access to your account, they can freely make phone calls or change your call plans, running up your VoIP bill.

In addition, cybercriminals may use the stolen data to carry out other fraudulent activities. They can also use theft of service to flood your VoIP network with promotional calls similar to junk email via an attack called spam over internet telephony, or SPIT. Once they infiltrate your communications network, they might broadcast unsolicited messages or advertisements over your VoIP system. This keeps users from making or receiving calls, which can have a significant impact on your business’s operations.

How can you avoid theft of service?

Preventing VoIP theft of service simply requires using a little common sense and implementing some technical preventive measures.

1. Make your passwords as secure as possible. Passwords must be 8–12 characters long, consisting of a combination of upper- and lowercase letters, numbers, and symbols. For added security, use passphrases, which are sentence-like strings of words. They’re usually longer than passwords, easier to remember, and more difficult to crack.
2. Install firmware patches for your VoIP phones and infrastructure regularly, and keep your antivirus software up to date.
3. Use fraudulent call routing detection and encryption software.
4. Set up an enterprise-grade virtual private network (VPN) for employees working from home. A VPN encrypts incoming and outgoing traffic without compromising call quality.
5. Review your organization’s call logs for any unusual trends or behavior, such as higher-than-usual call volumes or calls made during off-hours.

VoIP is an essential business communication tool, so it makes sense to understand what theft of service is to avoid its impacts on your company’s operations. For more information and useful tips on how to keep your VoIP system secure, drop us a line today.

The post VoIP theft of service: What you need to know appeared first on TechSolutions, Inc..

Encouraging staff to work from home is extremely vital in the midst of the COVID-19 outbreak. By minimizing social interactions and contact risks, you can reduce the spread of the virus. But be warned. Transitioning from a fully managed business environment to a home office can leave you vulnerable to cyberattacks and online scams. Here’s what you and your staff must do to mitigate the cybersecurity risks.

Fortify user accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers do manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all your accounts, consider password managers like LastPass, Dashlane, and Keeper.

To further strengthen your accounts, however, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes generated by SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily known for circumventing geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy, and mitigating the risk of hackers stealing company information.

Patch your software regularly

Although installing software updates can be a major nuisance, they cover critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and distribute the most recent updates on a company-wide scale.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll also want to implement antivirus software to detect and remove any malicious programs that do manage to find their way onto your device. Just remember to constantly update the software so it can effectively detect the newest malware.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change your router password as soon as possible because hackers can easily break into them once they know the router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have this setting, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like ransomware or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with setting up firewalls, avoiding scams, and even enabling MFA, we can provide the IT support you need in this difficult time. Call us now.

The post How to work from home securely appeared first on TechSolutions, Inc..

Data security and privacy should be every small business owner’s top priority in this day when cybercriminals are on the loose. The good news is you don’t have to be a tech genius to make it happen. Here are practical ways to shield your company from cyberattacks. 

Cover your webcam

If Facebook founder Mark Zuckerberg, former FBI Director James Comey, and National Security Agency whistleblower Edward Snowden all believe their webcams could be compromised, there’s no reason you should feel safe. They’re not overreacting because of some ruthless paparazzi that’s hounding them. It’s a fact that cybercriminals can use your webcam to spy on you. 

Though it might sound like a scene from an action movie or crime thriller, this has actually happened on several occasions. Hackers do this either to satisfy their voyeuristic tendencies or, more commonly, to steal personal information. This is a very real threat with disturbing repercussions. 

With your webcam, cybercriminals can examine your surroundings, determine your location, as well as spy on the people you’re with. They can use this information to hold you ransom and threaten to broadcast your most intimate and vulnerable moments if you don’t pay up. 

Fortunately, guarding yourself against this danger is easy. Covering your webcam should do the trick. You can use regular tape or you can purchase a cheap webcam cover online. 

Use a privacy shield

Think of privacy guards as those iPhone screen protectors but with an anti-snooping feature. These are thin covers you put on your computer, laptop, or smartphone screen to limit viewing angles. Once installed, anyone trying to look at your screen from anywhere — except straight-on — sees nothing. 

Privacy filters are commonly used to protect work devices that display or contain critical files with sensitive data or confidential information. However, less sensitive, personal devices are still vulnerable to “shoulder surfing” — the act of peeking at someone else’s screen, with or without ill intent. This is the reason we recommend using these protectors on all devices. 

Get a physical authentication key

Requiring more than one set of credentials to access sensitive resources has become the standard practice for established online services. With two-factor authentication in place, you can gain access to your account only after you’ve entered an authentication code. This is something that the website sends to your smartphone once you’ve entered your account credentials. 

Until recently, two-factor authentication relied mostly on text messages sent to mobile phones. But professionals now realize that phones can be hijacked to redirect text messages. Moreover, authentication codes can be stolen, or users can be tricked into entering these codes via a convincing phishing website. 

If you’re looking for authentication services that can’t be hijacked, stolen, or lost, your best bet is a USB or Bluetooth key that you can carry always. This means nobody — not even you — will be able to access your account without the physical key. Talk about ultimate security at your fingertips. 

If you need help setting up two-factor authentication or IT security services, contact our experts and have peace of mind.

The post How to keep your data safe and secure appeared first on TechSolutions, Inc..