Coronavirus Phishing Emails: How to Protect Against COVID-19 Scams

Email phishing campaigns and malware through emails are nothing new, but when combined with something like a global coronavirus spread, the risk can be even higher—adding significant digital risk on top of the physical risk of infection. It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of an end user enough to get them to open the email.

How do you spot a COVID-19 phishing email?

Coronavirus-themed phishing emails can take different forms, for example, “CDC Alerts”. Cybercriminals have sent phishing emails designed to look like they’re from the U.S. Centers for Disease Control. The email might falsely claim to link to a list of coronavirus cases in your area. “You are immediately advised to go through the cases above for safety hazard,” the text of one phishing email reads.

So, what do the emails look like? Here’s an example of a fake CDC email:

Continue reading Coronavirus Phishing Emails: How to Protect Against COVID-19 Scams

Scams and Staying Safe in Times of Increased Risk

It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of an end user enough to get them to open the email.

During times like this it’s critical you ensure your customers and their end users are aware of the types of scams going on. Make sure you have a communication plan to supply valid information to prevent your users from seeking other sources.  Here’s some spam and phishing techniques for several end goals:

1. Trick a user into clicking on a malware-laden attachment to infect the system. This allows an attacker to gain a foothold in a network to perform more reconnaissance and follow-on actions  within the environment.

2. Convince a user to go to a website that will execute scripts to install malware for the same reasons as above.

3. Masquerade as a charity and convince the user to donate funds or give their credit card number.

4. Impersonate the company the user works for and trick them into giving up their credentials (such as creating a look-alike Office 365 login page to give access to a document).

5. Craft the email to look like an invoice from a vendor or a message from an internal higher-up, convincing someone in accounting to pay the fraudulent invoice.

Wall Street Journal

According to an article by the Wall Street Journal, these scams started in January in heavily affected areas, and are likely to pick up as the threat of infection reaches more locales.

Here are a few methods to look out for, as discussed in the article:

  • Emails from state and local authorities with purported guidance on the situation in your region with attachments or links to other documents
  • Communication from HR, internal officials, or even you (as the service provider to the company) that ask users to log in to view a document or has suspicious attachments
  • Fake news notifications about someone infected in your area
  • Emails regarding outstanding invoices from a vendor of medical supplies

Especially now, as companies begin to institute work-from-home policies, employees who are not used to being in a home environment might be more tempted to click on an email or engage in risky behavior, because they are in a different setting.

There are a few things you can do to help ensure your users practice safer email and online habits during these times:

Seek Information From Legitimate Outlets

Recommend a few “vetted” sites or resources that can supply them with legitimate information, and supply links to them in your communications as well. Most of these also offer guidance for staying safe in public as well as online. For coronavirus, a few of these are:

Regardless of what you supply, make sure you give this advice to your users:

  • Only visit recommended sites or view the official communication emails.
  • Do not click on links in other emails or open attachments from emails that reference the coronavirus outbreak, unless you can verify the sender.
  • Carefully inspect the “From,” “Reply To,” and signatures or text for misspellings and errors. Hint:  if you click “Reply” to an email, you can see the actual “Reply To” email address at that point.
  • Hover over links in emails to view the address the link will take you to. Shortened links and jumbled URLs are a risk as they can hide the actual website you’re taken to.
  • Never supply credentials to a site you accessed from an email, unless you are 100 percent sure the site is legitimate.
  • Supply IT with any emails you receive that may be suspicious.

Ensure Security Across the Environment

If you’re considering allowing employees to work from home to prevent risk of additional spread of the infection, it’s doubly important that you secure the assets the users are taking home. This means ensuring your email security solution is configured with proper settings. You’ll want to prevent malicious emails from making it to inboxes and ensure all devices taken home have up-to-date endpoint security agents and definitions. Finally, make sure your technicians have the capability to remotely support these users securely, as they’ll likely need assistance getting set up in a home environment.

As the virus continues to spread, we can expect more opportunistic actors to engage in email campaigns and attempt to infiltrate or defraud users and the companies they work for.

Looking to advance your IT strategy and security or wanting to supplement your internal IT staff? ECMSI is here to help. Visit us at www.ecmsi.com

How to Work From Home and Remain Productive

Currently, millions of people are trying to work from home (WFH). While remote work may become the new (temporary) normal, it’s important to be prepared to support your company at full capacity whether you’re accustomed to the process or not. The good news is that most workplaces are establishing guidelines to help with the adjustment.

Here’s some tips for working remotely and making sure you remain as productive as possible:

Get Your Technology in Order

Technology is what enables remote work in the first place. While you’re packing your laptop and charger, remember to bring home anything else that might make working from home easier, such as: mouse, keyboard, etc.

Make sure all of your software is up to date. As a remote worker, you’ll be spending a lot of time on platforms to streamline communication with your co-workers like Microsoft Teams, Slack, GoToMeeting or Zoom.

Lastly, make sure your technology actually works from your home. Do you have a strong WiFi signal? Do you need a security key to log in? Are applications accessible from your home WiFi? Make a checklist of all questions and concerns and ask your supervisor, IT department or MSP.

Understand Your WFH Strengths and Weaknesses

Adapting a WFH lifestyle is challenging. It can be distracting when you’re disrupting your morning routine. Experts found that getting ready for work, like you would be heading to the office, puts you in a professional mindset.

Try to maintain normal work hours and shut things down when you would normally leave the office. Take the time to enjoy a walk around the neighborhood on your lunch break, work out, cook lunch or just take a breather. It’s important to still take time for yourself and have a healthy work/life balance.

There’s also benefits that come with working remote. You’re not planning time for your morning commute to the office, or that coffee you just have to stop and purchase. You’re able to cook your own lunch instead of pack a lunch or purchase take out each day. You’re also in control of your schedule and enjoy more time with your family. The positives are there – you just have to find them!

Use Your Webcam

Conference calls are frustrating. There are time delays, interruptions and you can never be too sure who’s talking. These issues and more can be solved through the use of webcam meetings. Working from home can feel isolating and for those who aren’t used to it, it can cause a lot of confusion. By encouraging and enforcing webcam usage, there’s still strong team collaboration and communication that is clear and productive.

Stay Connected

Embracing a WFH lifestyle can feel isolating with the decrease casual and social conversations of the office. By using your communication platforms such as Microsoft Teams and GoToMeeting can fill the gap. Across the globe co-workers are scheduling online social time to have conversations without a scheduled agenda. Try an icebreaker over your team chat, such as: “What’s everyone binge-watching right now?”

Create Your Space

It’s important to have a designated space for a home office. The space you work from should have minimal distractions and keep an organized and tidy space, as if it were your traditional work desk. Pro Tip: use headphones to better focus on tasks and minimize excessive noise.

ECMSI has spared no resource to aid in the access of remote workers for its partners by working diligently to ensure easy, same-day secure remote access. For our partners who rely on ECMSI as their trusted phone vendor, we’ve provided a one-stop smooth transition. By providing solutions that support users to connect from their home computer, ECMSI has significantly reduced downtime and offered the superior productivity and support our partners have come to expect. From global pandemics to the increasing risk of hackers, it’s critical to have an IT support plan in place. ECMSI is here to help – learn what it means to partner with us by calling (330) 750-1428 or visiting www.ecmsi.com

 

Demonstrating Compliance with Data Security Regulations is Easy – If You’re Prepared!

These days, most businesses are subject to data protection laws or regulations of one kind or another. Some come with pretty stiff penalties.

To help demonstrate you’re compliant with access control requirements, you should have clear policies and procedures about who gets access to what, what kind of passwords are required, and how often those passwords are updated. If you don’t have a way of automatically tracking and logging password use, it’s very hard to enforce those kinds of policies — or to show you’ve followed them after an incident.

A password management solution can help by giving you a full view of the passwords and permissions associated with users in your business. You can see which accounts they have access to, exactly when they sign into them, any changes they make to system credentials, and other activities.

Everything under control

With a password management solution, you can assign permissions and adjust them as people change jobs within your company — and when they leave. You can be sure everyone has access to everything they need to do their jobs, without having access they don’t need, which could introduce security risks.

This kind of window into your password environment means you have a better chance of spotting unusual activity that could mean a breach. If your log shows an employee logged into an account in the middle of the night from a different country, there’s a good chance his or her account has been compromised. Catching that early can help you act quickly to assess any damage and change affected passwords right away.

Proof at your fingertips

Proper password management saves you a massive amount of time and worry if you ever have to produce records to demonstrate you’re compliant with access control requirements of privacy and data security laws or regulations. The required information is readily available so you don’t have to devote hours of staff time to tracking it all down. And you have less of a chance of being found non-compliant because you missed a step or couldn’t find something.

Securing your business from cyber-threats is one of ECMSI’s most important jobs, Strong password management system can make it easier for your employees to sign in to their accounts and keep your business safer. For more information or to schedule your free network health assessment, visit: www.ecmsi.com

Do You Know Who Has Access to Your Systems?

The last time an employee left your business, did you revoke their access to your IT systems? Are you sure? Do you have a way to check?

What kind of information could your former employees get if they still hold valid credentials (even though they no longer work there)? Depending on your business, the answer could include client data, proprietary research, or your financial information.

A former employee could use un-revoked credentials to view or download information that might help their new employer lure clients away from you or steal your ideas, which could be very bad for your bottom line. An employee who left angrily (perhaps because they were fired) could be even more dangerous, and might use their login to implant ransomware, viruses, or other malware.

Even if the departed employee would never do anything to harm you themselves, if their computer or records were compromised, someone else could get those same credentials—and that individual might not be so well-meaning.

Protect yourself with centralized access control

There are a number of ways to help make sure your business isn’t exposed to malicious password use after an employee leaves, and they all fall under the umbrella of “access control”: controlling who can view and change what, when and how.

Good access control starts with company policy. It should be part of your HR off-boarding routine to cancel an outgoing employee’s credentials the same way you delete their door code and take back their keys.

That said, when it comes to passwords, revoking credentials manually can be time consuming, depending on how many systems a person had access to and how many unique passwords they used. Manual revocation is also subject to human error: it’s easy to forget a system or miss a step such that an account you thought was closed remains open.

The safer option is to establish a centralized password management and access control system that gives you complete visibility into the use of all your systems, and a single point to activate or revoke permissions. At a glance, you’ll be able to see who has credentials to what systems, and when an employee leaves your company, you can instantly revoke their privileges for anything on your network.

With good access control procedures, you can be more confident in the overall security of your data and systems.

If you have questions about access control and what IT solutions might be right for your business, ECMSI is happy to talk them over with you.  Visit us at: www.ecmsi.com

 

Strong Security Starts With Strong Passwords

If you use the same password for multiple systems—online shopping, email, your company’s cloud bookkeeping solution, etc.—you’re not alone. Even Facebook founder Mark Zuckerburg did that. And in 2016 his LinkedIn credentials were compromised in a major breach. That gave hackers access to his Twitter account, too, because the passwords were the same.

The fact is, with just one user password, hackers can often break into multiple applications and systems. Your whole business can very quickly be put at risk. That’s why a good security practice is to have a different, strong password for every account. A breach will be isolated to that account, and the fallout will be much smaller and easier to manage.

Be extra protective of your sensitive accounts

When it comes to ultra-sensitive accounts like company servers or your banking apps, make extra sure the password you use isn’t one you’ve used anywhere else. Banks usually have strong security measures, but even those won’t protect you if someone tries a password you’ve used somewhere else and it works. The consequences could be disastrous.

Email is another big one to safeguard—work and personal. If someone gets into your email, the potential for damage goes up exponentially. They can send out phishing, ransomware, or other malicious attacks to any or all of your contacts, and they’ll seem legitimate because they’ve come directly from you.

Be unique and strong

Of course, in addition to being unique, your passwords have to be strong, too. At a minimum, that means making each one long. Pick one with at least eight characters, but the longer the better. If you can use phrases of multiple words instead of a single word, that’s even better still. (And for goodness’ sake, don’t use “password”.)

So why don’t more people use unique, strong passwords for every account? Usually because they feel like it’s too much work. If you have dozens or hundreds of accounts, having a different password for each one might seem like a royal pain. And long, complex passwords are definitely hard if not impossible to remember. Fortunately, there are solutions to help manage passwords for you so your brain (or an insecure notebook or spreadsheet) doesn’t have to do all the work. Having the right tools is just as important as having the right practices in place.

ECMSI offers a state-of-the-art, multi-layered security suite to ensure your network and critical data is being protected. We offer a free network health assessment to answer your questions, show you where you’re vulnerable, and what our recommendations are to keep your network healthy and productive. Follow the link below to schedule yours today!

Schedule Your Free Network Health Assessment Today!

IT’s Role in Small to Mid-Sized Businesses

Business executives and leaders are starting to take more notice of the increasingly critical role IT plays in small and mid-sized businesses (SMBs). In a recent study, research reveals the challenges that SMBs consistently face. Smaller businesses have budget constraints that make it tough to keep up with complex trends such as cloud computing, cybersecurity threats and intelligent machines. Let’s take a peek under the hood at what other SMBs say are their top priorities.

IT’s Critical Role

This study  interviewed 250 leaders in companies whose revenue ranged from $5-$50 million. Researchers concluded that these companies know the importance of IT but can’t afford the expense of adopting disruptive technologies that could revolutionize the way they do business.

Today, IT is a critical operational component that helps SMBs become more efficient. Approximately, 93% of the leaders surveyed confirmed that IT plays a strategic role in their day-to-day operations. Budget constraints prevent many of them from upgrading their systems or investing in IT assets that could improve workflow, product tracking and customer relationship management.

What happes when IT is poorly funded?

Unfortunately, it’s not just operations and customer relationship management that suffers when IT departments lack funds. About 66% of SMBs say they aren’t able to keep up with technological advances in their industries due to the cost associated with implementing big changes. Some highlights from this research study that underscore the challenges facing SMB IT departments:

  • About 60% say losing half their revenue growth would be less impactful than losing half their data.
  • At least 67% have experienced system downtime in the past year. Causes include overloaded systems, lack of experienced personnel and aging infrastructure.
  • Almost 3 in 5 leaders said they suffered security breaches in the last year.

What about cybersecurity threats?

Cybersecurity is a major threat for these organizations. However, over half of those surveyed worry about threats associated with cloud-based technology. These fears may be well-founded. The same group of 250 companies experienced disruptions that include:

  • System downtime (66%)
  • Slowdowns (64%)
  • Data breaches (28%)

With cybersecurity falling in the top three concerns, SMBs would do well to allocate more of their IT budget to security efforts. Managing complex systems is tough enough. Small to midsize companies might benefit from partnering with a local Managed Service Provider (MSP) to broaden their coverage with experienced IT professionals.

No business is too small or too old to start implementing managed and professional services. Whether your venture is new and you want to start off on the right foot, or you believe your business needs a boost in productivity, our team at ECMSI is here to help!

www.ecmsi.com

How Successful Businesses Utilize an MSP

It’s impossible for most companies to conduct business without some form of IT system in place. Servers and computers don’t just appear on their own, and they don’t fix themselves when things go wrong. Managed and professional services are a must for any business.

While a typical startup with limited cash flow might consider building and maintaining systems on its own, or with the help of “experienced” friends, this will limit a company’s growth. The key to digital success for businesses of any size or stage is to hire IT professionals for both managed and professional services.

Starting Out Fresh and Professional

Professional services cover all forms of IT work that require hands on action. Core services include upgrading/installing computers, servers, and devices.

For new companies, professional IT services are at the top of everyone’s list, whether they realize it or not. The most basic tasks, such as sending emails, saving files, and making voice calls, require an IT system.

With millions of businesses running on all kinds of systems globally, the IT solutions market is quite intimidating. Consequently, it’s easy to check price tags and decide to put on the IT hat and do things alone. Nothing is worse for a startup than believing IT YouTube videos are as good as a professional engineer. Losing private data because a secretary or friend set up a company’s server could spell trouble for a new business’ future.

Beyond ensuring a company’s system functions properly, professional engineers consider what components will lead to the most productive work environment. This saves both time and money in the short- and long-term.

The Way IT Has Always Been

A company looking to expand might ask a new employee for advice on doubling the size of its network. Just because they listed IT as a skill on their LinkedIn profile doesn’t mean they can handle an entire company’s network. One of the dozens of possible scenarios could end with literally two of everything and excessive amounts of spending. An IT engineer can propose solutions that could even lead to downsizing a company’s physical assets while increasing productivity.

Established companies with IT philosophies like, “we’ve always done it this way,” or “if it isn’t broken, don’t fix it,” are guaranteeing themselves a future of ceased growth or even closure.

Managing Your IT Momentum

Once everything is installed and functioning correctly, the journey has just begun. The next step involves hiring a Managed Service Provider (MSP).

No business enjoys computer or server failures. The frustration alone can affect employees’ or clients’ moods. However, the amount of time a system stays down can have an impact on a company’s productivity and bottom line. Managed IT services seek to end problems before they exist.

Think of an MSP as an all-knowing, ever-present being who tirelessly watches a company’s entire network. Managed services don’t stop when the regular work week does either. Advanced monitoring software routinely alerts engineers to potential issues, who remotely conduct timely fixes.

By investing in managed services, a company can have peace of mind. Their accountant can also keep counting cash instead of troubleshooting every computer problem. An MSP will help keep a business focused on their core activities rather than their IT.

Investing in Your Future by Using Managed and Professional Services

What do experienced friends, secretaries, new employees, and accountants have in common? They aren’t IT engineers. While they are well-meaning people who generate revenue for you elsewhere, they can lose your company money when you re-purpose them as IT professionals.

No business is too small or too old to start implementing managed and professional services. Whether your venture is new and you want to start off on the right foot, or you believe your business needs a boost in productivity, our team at ECMSI is here to help!

You Should Outsource Your IT. Here’s Why:

The involvement of technology in your day-to-day business activities makes it crucial to have a dependable network. For a vast majority of companies, their technology needs are evolving a lot faster than expected. As a business you may find yourself hiring internally, outsourcing to an IT managed services provider or looking for the in between of outsourced and in-house. Here’s some information to help you decide if outsourcing your IT is best for your company:

What are the benefits of outsourcing?

  • Fewer unexpected expenses. When your outsource your IT,  you will find yourself with one, predicable monthly cost.
  • Reduced overhead. By outsourcing your IT, you don’t need to worry about the financial burden of full-time employees.
  • Maintain your in-house talent. If you’re only looking to outsource part of your IT support, you’re freeing up your employees to handle the day-today tasks and keep them focused on their projects at-hand.
  • Increased workflow. If your IT is outsourced, your business will reduce their downtime and not have to waste critical business hours on IT issues.
  • Scalability. An outsourced IT provider should be prepared to meet your IT needs whether your services need to be scaled up or down as time goes by.

What is the downside of outsourcing?

  • Cost for small businesses. For small businesses who have around 10 or fewer workstations, the cost of outsourcing IT could be too expensive. However, you’ll have a better idea of how to budget for your IT strategy in the upcoming year.
  • Time differences. When choosing an outsource IT service provider, it’s important to consider all of your local options. By outsourcing out of your area, you can find yourself encountering decreased response times and lack of communication.

Considering outsourcing your IT?

At a fraction of the cost, partnering with an MSP can help businesses achieve the same end result as adding an entire IT department.  Offloading IT tasks to an MSP means more time and energy to spend on real progress, improvement, and ultimately, growth.

ECMSI is the area’s leading Managed Service Provider with the most proactive IT approach and quickest response time in the industry. To learn more about ECMSI and our services call Shane Nesbitt, IT Consultant, at (330) 750-1428

Contact Us!

 

Are You Defending Against Insider Threats?

Wondering what an insider threat is? An insider threat is an individual or business partner who inappropriately uses company data. It’s important in today’s technology landscape to take proactive steps to prevent insider threats. Here’s some tips to keep your business and employees protected:

#1 Educate Your Team

It’s necessary to keep your team educated on personally identifiable information (PII) and the implications of that information being stolen. PII include full names, Social Security number, driver’s license number, bank account number, passport number, and email address Each employee needs to understand the risks associated with violating specific state or federal regulations regarding data privacy and security.

#2 Deter

Create easy to understand policies in place to prevent an insider from breaching your company data and make sure these policies are strictly enforced. There’s a chance you may be forced to put a someone in charge of holding the company accountable in following policies.

#3 Detect

As a business, you must have security systems in place to identify data breaches and their sources as soon as possible.  It will make your job easier to find the source of the breach with an effective audit trail in place.

#4 Investigate

In order to limit extensive damages, when a security breach is detected, actions must be taken. With an insider threat in mind, you may have to consider revoking access privileges to ensure it can’t happen a second time.

#5 Train

The IT landscape is constantly evolving which means your employees need to be regularly trained on data security. Consider a variety of training tools such as: emails, posters, scheduled meetings and face-to-face interviews.

Are you concerned that your company’s data could be at risk? We’re here to help. ECMSI’s advanced security suite is industry-leading in keeping your critical business data protected and increasing productivity. Call us today: (330) 750-1428 or visit us at  www.ecmsi.com