How Prevent Your Network from Being Sold By Hackers

Locked computer ransomware with hands holding money and key flat vector illustration

Believe it or not, your organization’s network can be sold by hackers under the right circumstances. This is the unfortunate reality that we live in, where the commoditization of data and network access has become a real problem. According to a study from KELA, hackers can sell access to compromised networks for a pittance compared to the amount of work you have invested in building your business. If you have your business’s network sold by hackers, it could create a snowball effect of events that can lead to your business’s downfall. Therefore, you must do everything in your power to protect your network and prevent this from happening.

This report from KELA followed Initial Access Brokers, a term used to describe threats that sell access to compromised network infrastructures. These threats are big players in the world of cybercrime, as they can effectively facilitate some of the most devastating threats out there, including ransomware and remote access threats. The report examined one full year of listings by Initial Access Brokers to discover how much value can be assigned to this type of network access.

It is quite shocking to see just how little value is associated with access to your network. Out of the 1,000 listings, KELA found that the average price of network access credentials was about $5,400, with the median price being around $1,000. Other trends examined included the average price of credentials, as well as information on industries affected and countries affected. The top countries affected were the United States, France, the United Kingdom, Australia, and Canada. Top industries affected included manufacturing, education, IT, banking/financial, government, and healthcare.

Just take a moment to imagine how much chaos someone could inject into your business simply by purchasing access to your infrastructure. All it takes is a small investment and access to a VPN for someone to start causing some real trouble for your business. There are quite a few ways that you can minimize the damage done through these methods, including the following:

  • Implement comprehensive security measures

    In terms of sheer security, we recommend unified threat management, or UTM, to handle most of the threats your business could face. This all-in-one solution includes security measures such as a firewall, antivirus, content filter, and spam blocker to minimize exposure to threats.

  • Monitor your network traffic

    If you keep track of who logs onto your network, when, and where they are logging in from, you’ll have a greater chance of identifying suspicious traffic patterns.

  • Implement multi-factor authentication

    Password security is still important, but not nearly as important as having additional measures in place. Multi-factor authentication can help make sure that people logging into your network are who they say they are.

  • Take regular backups of your infrastructure

    You never want to use your data backup, but having it never hurts, and it will give you a nuclear option in the event that someone does manage to gain unauthorized access to your network.

If you have your business’s network sold by hackers, it can damage your business’s entire operations. To learn more about how you can protect your business, reach out to us at (954) 474-2204.

Using Windows Hello to Add Security

Signing in Windows 10 on Surface Pro tablet PC using Windows Hello, which is a face recognition feature which allow users to log in by scanning their faces.

Authentication is a tricky thing for businesses. While people want to be secure, they also want to make that security as convenient as possible. Developments involving solutions like Windows Hello, a biometrics authentication system used by Microsoft, have been pushing this trend forward. Let’s take a look at Windows Hello and see what kinds of authentication features it brings to the table.

What is Windows Hello, Anyway?

Simply put, Windows Hello is an authentication technology that Windows users can utilize to authenticate their identities through the use of biometrics rather than a password. The key feature here is that Hello is designed to be more user-friendly than passwords without putting security on the line. Biometric technology uses proof of a physical attribute, i.e. something you are and compares that to a previously stored record. So, you scan your face, fingerprint, or iris, and if it matches the saved record closely enough, then you are granted access to the device.

How It Works

Passwords have long been considered the standard for computer security, but there are many flaws with them that need to be taken into consideration. Of course, we would never say that you ditch passwords entirely; all we are saying is that there are a lot of best practices to think about in regards to passwords. For example, if a user has over 100 passwords, then each of them must be complex and follow established best practices, which is a lot for your average user to consider when it is so easy to just reuse the same old one multiple times. These types of insecure decisions can lead to poor security as a result.

Windows Hello aims to make security easy through the use of biometrics. It even has a built-in anti-spoofing technology that can keep hackers from tricking the system into admitting them.

Does Windows Hello Belong in Businesses?

If you choose to implement Windows Hello in the workplace, we recommend that you supplement it with other security precautions and features. Microsoft has suggested that this feature will carry over to Windows 11, and password access will be reinforced by other built-in protections.

If you need assistance with implementing a comprehensive security strategy for your organization, 4Corner IT can help. We have the tools you need to keep your network safe. To learn more, reach out to us at (954) 474-2204.

Why It’s Important to Lock Your Computer and Phone

adobeLocked steel padlock in a drilled hole of the black laptop on dark background. Concept of protecting personal data on a computer. A laptop is locked with a lock. Closeup, selective focusstock

Network security is not always about implementing new encryption protocols and using state-of-the-art tools to protect your business. Sometimes, it’s the small things that can make a massive difference. So, if your collective staff can implement this one easy trick, you might be surprised by how beneficial it can be for your network’s security. This practice? Locking your computer and phone.

What Is Locking Your Phone and Computer?

Essentially, your phone and computer can go into a sort of sleep mode when they’re not being used. You do this every time you close the screen on your phone. When your phone “wakes up” to be used, there should be a password required to get back into your phone. Otherwise, anyone can swipe the screen and start reading.

Locking your phone is second nature, and many people have complex passkeys or fingerprints required to do so. Computers are a different matter. Most office workers will stand up and leave their desks without locking their PC. The better practice is to lock your PC, either by performing the lock sequence that will prompt the next user for a password or putting it into a sleep mode that requires a password upon your return.

Let’s take a quick look at the benefits you get from locking your phone and computer.

Keeping Private Documents Out of Sight

The chances that corporate espionage is going to take place at a medium-sized landscaping company might be small compared to a large media conglomerate. Nevertheless, private documents on phones and computers often hide passwords and personal information.

Allowing those resources to be compromised can harm your reputation and leave you open to a litany of problems, including lawsuits.

Your Work Phone and Computer Are Vectors for Malware

Hundreds of people can come and go from a large workplace daily, and it’s not like you can keep track of them all. Unfortunately, it only takes one person with bad intent to find a computer or work phone that is connected to your company’s network and upload malware.

The most common vector for malware these days is email, and many of your company’s resources are geared towards stopping that threat as long as it’s from an external source. However, if someone sends an internal email from a trusted worker’s account and CCs everyone in the building, then it’s safe to say most people would let down their guard enough to open that email.

All it takes is a single terminal to remain unlocked and someone can wreak havoc on your business. Locking your computer and work phones can deter this threat or make at least delay the intruder long enough for them to be caught.

The benefits of locking your phone and computer at work go beyond malware and corporate espionage, though. It stops workers from learning about promotions, pay rates, and internal investigations. Locking your computer can also prevent data from being altered on a project without your knowledge.

Implementing this change is simple, and it does not require a lot of time. Get your team together, teach them how to lock their computers and phones, and test them once in a while to make sure they’re compliant. Not only will this increase security, but it will make your workers feel more like true stakeholders in the well-being of your business.

Check out our blog posts here for weekly content on business, technology, best practices, and more!

Phishing Attacks in 2021 Trending Due To Pandemic

credit card phishing - piles of credit cards with a fish hook on computer keyboard

Hackers have made some nefarious choices over the past several months, many of which involve using the COVID-19 pandemic to spread their influence and steal data through the use of phishing attacks. Let’s explore how these cybercriminals have leveraged a global disaster to their benefit and some ways that you can keep your business secure.

According to SecureList, spam and phishing trends in Q1 of 2021 were heavily influenced by the COVID-19 pandemic, and not in a good way. Here are a few examples of the major threats that surfaced during this time.

Stimulus Payment Scandals

Early 2021 saw many initiatives by government agencies to suppress the financial burden placed on individuals and businesses through the use of economic impact payments and business bailouts. Hackers, of course, wanted to capitalize on this and began using phishing messages to trick people. Targets received messaging that was often specific to their bank and utilized similar branding to official websites. These efforts were all elaborate tricks to convince users to hand over their credentials. Users would unsuspectingly enter their credentials into forms on these fake websites and put their sensitive information at risk.

The Vaccine Race

Back when the COVID-19 vaccine was in short supply or the supply itself was limited to specific groups of people, there was a bit of a race to get to it. This rush created an opportunity for hackers to capitalize on peoples’ desires for security and safety, and they leveraged phishing schemes that used the vaccine to their advantage. They would use language and branding of official health organizations to convince users to click on links in emails, which would then redirect users to fake websites for harvesting credentials or banking information. Even those who got the vaccine received surveys offering free goods in exchange for information.

What You Can Do

It’s no surprise that cybercriminals are using these tricks to subvert security measures. These types of attacks are just more of a string of phishing attacks that must be kept up with in order to maintain network security. Here are a couple of ways that you can make this happen.

  • Utilize Spam Protection: While they aren’t 100 percent effective all the time, spam filters are great for keeping threats out of your inbox. The most advanced phishing attacks could still make their way into your inbox, which is why we recommend taking multiple measures of network security.
  • Train Your Employees: If messages do make it past your spam filter, you will want those who are reading the messages—your employees—to be able to identify the threat and avoid it at all costs. This is where training comes in.
  • Implement Unified Threat Management: Unfortunately, even the best employees will make mistakes, so you will want to have a contingency plan in place for when accidents happen. A UTM gives you just that with a single all-in-one security solution for your network security.

4Corner IT can help your business approach network security in a responsible manner, implementing the best solutions and constantly testing your employees’ awareness of important security practices. To learn more about how we can help you protect your business, reach out to us at (954) 474-2204.

Are Apple’s Devices Really More Secure?

front of apple store with apple logo from outside of store

For the better part of four decades, Apple has bragged that not only are their devices more secure than PCs, hackers don’t bother building threats specifically for their operating systems because their security is so superior. For this reason, Apple has routinely refused advances from law enforcement to share workarounds so that police can get into phones. Apple’s rationale for this constant refusal is that it would undermine their ability to keep the most secure personal computing devices, secure. Federal law enforcement officials went ahead and developed their own workaround and the findings may surprise many Apple aficionados. Let’s take a look:

The Discovery

After years of trying to go through Apple to gain access, they finally worked it out in 2020. In 2021, cryptographers published Data Security on Mobile Devices: Current State of the Art, Open Problems, and Proposed Solutions, which is a position paper that looked to answer three questions:

  1. What security measures are currently in place to help deter unauthorized access to user data?
  2. How do modern devices allow unauthorized access?
  3. How can mobile security be improved to prevent unauthorized access?

Researchers analyzed both the newest Android and iOS platforms and found that neither of them had security preparations that functioned any better than the other. Any person with the right equipment, and the inclination, can in fact, access the OS on either device. This may come as a shock to those people who have been lauding Apple’s devices to be impenetrable.

Before you trash your iPhone, the researchers did “find a powerful and compelling set of security and privacy controls, backed and empowered by strong encryption” in iOS, but the tools presented were not used frequently enough to ensure security is maintained.

Android’s issues were exacerbated, in comparison to Apple’s, due to the vast amount of manufacturers that make Android-run products. They found that many devices lacked communications with Google, resulting in slowly implemented updates and inconsistencies in some devices’ security and privacy controls.

These are just the hardware and software vulnerabilities. In the rest of the report, the researchers detailed the specific vulnerabilities for each platform.

Weaknesses: Apple’s Devices

One of the iPhone’s best features is that it allows users to securely store data to iCloud. According to the researchers of this report, that isn’t all the data Apple takes possession of. When initiated, iCloud takes control of a lot of other data that is sent to Apple, where it is accessible by all different types of entities, hackers and law enforcement included.

This problem is exacerbated as the defenses put forth by Apple are less effective than initially thought. Analysis of this relationship led researchers to suppose that a tool that has been around since 2018 allows attackers to bypass integrated protections to guess user passcodes.

Weaknesses: Android’s Devices

On the other hand, researchers found Android had some serious issues with its local data protection. An example of this can be found in Android’s lack of an equivalent to Apple’s Complete Protection encryption, which leaves Android more open to breach. This is why the FBI can effectively access data from either platform without help from developers.

So What’s The End Result?

Ultimately, both mobile OSs are much more open to data breaches than either manufacturer is willing to admit. It’s never a good practice to assume your data is safe; especially with the default data protection developers have in place. It just goes to show that there is no such thing as impenetrable security, and it is on the users (or the organization) to actively accept these results and do what they need to do to secure their data more effectively.

To do this, you will need to manage these devices with a mobile device management platform and have your employees sign onto a Bring Your Own Device policy. This way your organization is covered in ways that individual devices and mobile platforms simply can’t.

If you would like more information about Bring Your Own Device, mobile device management, or any other platform that helps keep your organization’s data secure, give the IT experts at 4Corner IT a call at (954) 474-2204.