Ransomware Threats Hidden in Plain Sight

Recent Ransomware Attacks

From a recent attack on the San Francisco 49ers’ network to the IRS’s increased attempts to identify dark money and help bring ransomware groups to jail. Ransomware threats hidden in plain sight are an increasing but preventable threat that is a worldwide issue.

Cloud Infrastructures

Cloud infrastructures are constantly being attacked by ransomware developers who take advantage of known weaknesses in cloud applications, virtual machine software, and virtual machine orchestration software. Ransomware threat actors also target cloud accounts, cloud application programming interfaces (APIs), and data backup and storage systems. Threat actors target these specific systems to prohibit access to cloud resources and encrypt data.

Software Supply Chains

In 2021 Ransomware threat actors also targeted software supply chain businesses around the world.. By focusing on software supply chains, ransomware threat actors can expand the scope of their attacks by gaining access to several victims through a single initial breach.

Holidays and Weekends

Throughout 2021, the FBI and CISA noticed cybercriminals carrying out increasingly damaging assaults against US firms on holidays and weekends. Because there are fewer network defenders and IT support employees at victim firms, ransomware threat actors may perceive holidays and weekends as easy targets for ransomware attacks.

Conclusion

90% of malware attacks are preventable with the top recommendation being multi-factor authentication. This requires entering something you have in addition to a username and password before providing access. Examples of multi-factor authentication would be a trusted device or a software or hardware token. This makes it far more difficult for ransomware to establish a foothold and keeps you better protected. With a large number of attacks occurring daily, ransomware threats hidden in plain sight are an increasing but preventable threat. Contact JENLOR today to take steps to better protect yourself from ransomware attacks. 

Cybersecurity Lessons from 3rd-Party Breaches in Big Retail

Cybersecurity Lessons in Big Retail

What can SMB’s learn from high-profile security breaches in large retail businesses? These cybersecurity lessons in retail can help prevent a security breach from occurring in your big retail business.

IT Retail Security Gaps

Retail IT security has traditionally been reactive and underfunded. From a technological standpoint, retailers have always approached PCI (Payment Card Industry) compliance as a checkbox exercise. Compliant security has resulted in insufficient data protection and poorly integrated point-of-sale solutions that are dispersed across a large geographic area. Furthermore, due to deployment, maintenance, and training problems, endpoint security on point-of-sale systems is frequently overlooked. Retailers are hampered in mitigating security threats due to a lack of staffing and competing objectives, leaving many retailers to delegate important security duties to auditors, contractors, and stores.  

Refund Fraud

Another common hacker tactic is refund fraud. What is the mechanism behind it? There are several choices, including:

A hacker makes a bogus receipt, which means you give them a refund for something they didn’t buy. On the dark web, some fraudulent receipts are for sale.

Someone purchases something with stolen credit card information and then requests a refund to be sent to a different card.

Someone makes it appear as if their package never arrived, leading you to issue a refund. If a person complains about your business on social media, this is a good strategy to use. When it happens once or twice, refund fraud may not seem like a big deal. Scammers and hackers, on the other hand, can work at any level, and you could end up losing a lot of money.

Third-Party Security is a Priority

Third-party IT security breaches have affected innumerable organizations, with high-profile breaches at Home Depot and others making national news. Other organizations that have experienced third-party data breaches include Amazon, T-Mobile, eBay, Macy’s, and Target, which demonstrates how prevalent they are in this day and age.

Key Takeaways for ALL organizations – retail or not

A chain is only as strong as its weakest link.  Fraudulent actors are creative in the ways they seek to compromise business these days, and the level of access 3rd party vendors have at your organization matters.  These are all key pieces of the puzzle when considering how secure you REALLY are.  Reach out to JENLOR today to see how the lessons we’ve learned operating in the IT security landscape for over 20 years can benefit you and your organization for cybersecurity lessons in big retail.

 

How to Respond to a Phishing Attack

How to Respond to a Phishing Attack

Phishing is a common type of cybercrimal attack in which a victim is approached via email, phone, or text message by someone posing as a reputable individual or organization in order to obtain sensitive information, passwords, credit card numbers or other resources. Criminals frequently use the information they obtain to steal money, intellectual property, or a person’s identity.

Phishing attacks are far more common than you might think, so if this has happened to you, you’re not alone. Stay cool and understand that there are steps you can take to better position yourself as you deal with this difficult situation.

Keep Calm

Don’t be too hard on yourself if you fall victim to a phishing attack.  They’ve gotten more sophisticated with every passing day.  You’ll bounce back from this and you’ll learn from this experience.   Take it one step at a time, and you’ll soon be able to put this behind you.

Have Your Computer Checked for Malware

Reaching out to your IT support team to have your system properly examined for malware or viruses is a good place to start.  An experienced IT service provider will have navigated these waters before, and will do what is necessary to ensure that the problem is safely resolved.

New Passwords

Change all your passwords right away.  All of them.  Many phishing attacks work by tricking visitors into thinking they’re visiting a trusted website, such as a social media account or a bank account, in order to steal their login credentials. This information can then be used by attackers to get access to your other accounts.  

Take the time to change your login credentials to prevent the offender from causing more harm, and don’t use the same username and password for all of your online accounts. The attacker will have an easier time stealing your identity and accessing your funds if you do.

Protect Yourself from Future Phishing Attacks

There are many things to learn from this experience.  This is an excellent opportunity to learn how to respond to a phishing attack from your mistakes and harden your IT security posture with 2FA and next-generation security technologies.  Contact JENLOR today to take your first steps towards making this phishing experience your last. 

What Is The Right Way to Set Up Two-Factor Authentication?

Two-factor authentication (2FA) technologies offer the most effective methods we have today to ensure that users are who they claim to be, but not all solutions are created equal.  Let’s take a look at a few kew bullet points to be mindful of when assessing your 2FA options.

When comparing different two-factor authentication methods, keep the following characteristics in mind:

Impact on Security

Effectiveness against risks linked to credential theft, and underlying security and dependability are the most crucial security characteristics of an authentication solution. The primary purpose is to lower your company’s risk of a data breach. It is not worth deploying (at any cost) a system that is readily bypassed or does not provide full protection.

Total Ownership Costs

For a two-factor system, the total cost of ownership (TCO) covers all direct and indirect costs of ownership, including upfront, capital, license, support, maintenance, and many other unknown charges over time, such as professional services and continuing operation and administration costs.

Business Initiatives that are Strategic

Consider how a new security solution will connect with current or future business efforts, such as legacy systems, bring your own device (BYOD), remote work, or the use of cloud apps, when assessing a new security solution.

Compliance regulations, which vary by sector and location, are another business driver to consider. 

Value

The time spent implementing, installing, and adjusting to the solution is referred to as time to value or time to security. Determine how long it will take for your firm to reap the benefits of a two-factor authentication system in terms of security. This is especially crucial following a recent data breach or security incident.

Resources Needed

Consider how much time, money, and other resources you’ll need to connect your apps, manage users and devices, and maintain and monitor your system. Find out what your provider covers and where you need to fill in the blanks.

Getting Started – What You’ll Need. 

Two-step verification requires an email address, a phone number, or an authenticator app (we recommend two separate email addresses, one for usual usage and one as a backup just in case).

Let’s turn on 2FA!

Two-factor authentication solutions from JENLOR combine straightforward usability with powerful security features to guard against the most recent attack tactics while also providing a frictionless authentication experience.

2021 Announcements for Microsoft Licensing

On January 1, 2022, Microsoft’s “Open License Program” will come to an end, affecting not just commercial clients but also the government, education, and charity organizations. The deadline to purchase or renew an Open License is December 31, 2021.

As part of its plan to phase down the Open License program in 2022, Microsoft is transferring perpetual license sales to its Cloud Solutions Provider (CSP) partners. These CSP partners can offer perpetual licenses to businesses through a separate scheme dubbed “Open Value,” which includes a Software Assurance (SA) purchasing option. Microsoft also allows CSPs to sell licenses through the “Open Value Subscription” program, which is a separate sales channel that doesn’t offer perpetual licenses but does cover SA.

Cloud Solution Provider Partner Role

After the Open License program ends, Microsoft Cloud Solution Provider (CSP) partners will be the ones to offer perpetual licenses. Perpetual licenses are non-subscription licenses that do not expire after purchase. The term “perpetual license” refers to a license that is purchased only once and does not expire. It differs from subscription-based licensing, which is purchased on a monthly or annual basis and whose usage rights expire if the license is not renewed.

If businesses use Software Assurance (SA) with those perpetual licenses, which allows them to upgrade to the newest software release, SA will only be available through a separate program in 2022 than the Open License scheme.

Switching to the Open Value program, which offers a SA option for perpetual licenses, was advised in the statement.

The Open Value membership is similarly promoted as having a SA option, however, it does not include a perpetual software license.

If you have more questions about Microsoft Licensing, contact JENLOR today!

Reducing Capital Expenses with Cloud Computing Services

Reducing Capital Expenses

The field of IT infrastructure design and management continues to expand. Cloud computing has changed the way organizations see data storage and management as a fundamental and important element of IT infrastructure development. For companies with established IT departments and equipment, switching to a cloud setup may sound unnecessary and inconvenient. Here are a few great ways cloud computing may help you save money.

Expenses for staffing should be reduced.

A conventional IT department needs not just a significant quantity of gear and software, but also a big and expensive personnel. When it comes to operating a business, good IT personnel are a requirement, but they come at a hefty cost, and staffing budgets are generally the single largest expenditure for IT at firms. While shifting from an in-house process to the cloud does not remove staffing costs, it does result in a significant decrease. In the cloud computing world, this is just another example of economies of scale at work.

An organization that is better and faster

One of the most important aspects of operating a successful business is being organized, and cloud technology is highly helpful in this regard. The cloud can expand capacity for new projects without incurring the high capital expenses associated with establishing new divisions and computer systems within a corporation. Instead, cloud technology allows these new services to be introduced by simply altering orders.

Remove Redundancy Effortlessly

From additional employees and equipment to needless data processing, cloud computing may help a company minimize duplication in many areas. Backups and making extra copies “just in case” are a major concern for many businesses. Cloud backup services successfully reduce the additional cost here by instantly replicating data and apps and storing them in various data centers without imposing hardware expenses or additional time on their clients.

Getting More for Your Money

Managing the many IT services of a business requires computing systems, hardware, and software which all come with their own capacity issues, maintenance, and security concerns. When moving to cloud network management, these costs are in large part eliminated and taken over by the cloud computing service providers. Cloud computing also works specifically on economies of scale, loading systems for maximum utility. Workloads are shared through server infrastructure with a number of organizations and the cloud-computing provider is, thus, able to optimize all hardware needs at their data centers, passing on the savings to all their business clients.

Lower Power Costs

Switching to cloud computing has the added benefit of lowering a company’s power consumption. There is a decrease in hardware as more IT services migrate to cloud technologies. Running an in-house data center always results in servers that are less efficient than they should be, squandering energy. Cloud service providers, on the other hand, consume less energy since each server is fully utilized to manage the data of numerous firms, each of which claims a share of the savings.

Getting Cloud Computing Services 

It’s no surprise that cloud computing services are the way of the future, given the numerous benefits they provide to organizations. With JENLOR’s Cloud Network Implementation Services, you can ensure that your company stays ahead of the curve. Our Pittsburgh IT professionals make cloud migration easier than ever before, providing tailored network consulting services to prevent downtime and keep your company ahead of the curve on all the latest IT trends. Call JENLOR now to book a True Network Evaluation and let us help you find possibilities to improve your company’s bottom line.

How to Stop a Data Breach

Almost every organization today collects and stores personal data about customers, workers, and others.

Data breaches — the theft, loss, or unauthorized publication of personal information — are becoming more common. It’s not simply a large business issue. Small and medium-sized firms, which have less data security capabilities, are more vulnerable.

As a result, it’s critical for businesses of all sizes to take precautions to avoid a data breach.

Here’s how to do it:

Limit who has access to your most sensitive information – Every employee used to have full access to all of the files on their computer. Companies are learning the hard way these days to prevent access to their more sensitive data. There’s no need for a mailroom staff person to see a customer’s financial information. When you limit who may see particular files, you reduce the number of employees who might click on a potentially hazardous link. Expect to see all records partitioned off in the future, so that only people who have a specific need for access will have it. This is a common-sense idea that businesses should have implemented years ago.

Create and update procedures – You may develop processes for data security standards and keep them up to date on a regular basis. This will make it very apparent what your company’s data requirements are. This will also demonstrate to your staff that you value data and remind them that they should do the same. Additionally, it is wise to consider using roles and permissions when it comes to accessing certain types of data.

Data backup and recovery – Malicious data breaches might sometimes wipe out all of your information. It’s critical to back up your data so that it can be retrieved quickly in the event of data loss, a server crash, or even a natural disaster. To safeguard you from losing vital data, your IT staff should have automatic offsite backup solutions in place on a regular basis.

Are you ready to protect yourself from Data Breach? Contact JENLOR today!

Protect Yourself From Ransomware Attacks

Is your computer protected against ransomware attacks? Ransomware is a type of malware (malicious software) which criminals use to extort money. It holds data to ransom using encryption or by locking users out of their device.

FedEx, UK hospitals, and other businesses were hit by a massive ransomware in May of 2017.  Nearly 75,000 computers in 100 countries were affected by malware called WannaCry, which encrypts and locks a computer and demands a $300 ransom to unlock the computer.

Many of the computers attacked are breached because the latest Windows updates have not been implemented.

How do you protect yourself from Ransomware?

  • Never click on unverified linksAvoid clicking links in spam emails or on unfamiliar websites. Downloads that start when you click on malicious links is one way that your computer could get infected.
  • Do not open untrusted email attachments – Do not open email attachments from senders you do not trust. Look at who the email is from and confirm that the email address is correct. Be sure to assess whether an attachment looks genuine before opening it.
  • Only download from sites you trust – To reduce the risk of downloading ransomware, do not download software or media files from unknown websites.

Take Your Protection Against Ransomware to the Next Level!

Hire a successful IT security company will help you find the solutions that match your budget and requirements – ensuring you pay for the correct amount of security you need.

Are you ready to protect yourself from Ransomware Attacks? Contact JENLOR today!

 

Benefits of Working Virtually

As a result of COVID-19, the workplace will be forever changed. Employers in Pittsburgh are facing this challenge as they decide to go hybrid or have employees come back to work in 2021.  Here are 5 Reasons why your company should embrace hybrid working.

  1. Supporting Your Employees  

Your company might be going through a great deal of stress. There is a lot to consider while going hybrid with your employees. You need to figure out how to implement techniques for new and refined work cultures. However, your employees are facing a great deal of stress too and they need your support. Many employees are parents who are managing their children’s online schooling, while others are providing care to their young children or old parents as they are reluctant to leave them with third-party caretakers.

To effectively manage a hybrid workplace, you as an employer can hold meetings with virtual sessions. You can use calendar apps to manage your meeting schedule with employees, and always stay up to date on employee tasks. When you support your employees, they will stay loyal to you and stay for the long term.

  1. Productive Employees  

When you let your employees work from home they become more efficient. Working from home can eliminate the headaches and hassles involved with traveling to work, and employees can

invest more time in performing work-related activities without having to waste time on travel.

You’ll also end up with employees taking less sick time or calling off. Employees who are a little under the weather can still get work done most of the time if it means not having to go into the office. Another bonus? No sharing illnesses.

  1. You’ll Save Money!  

Working from home means either no office or at the very least, a lot less office space. If you don’t want to make the switch to a completely remote environment, try staggering your employees’ work-from-home days to save on office space. With no office or smaller office space, you will save on office supplies, snacks, or coffee. Having a smaller office or no office will definitely help your company save money.

  1. You, Will, Have a Wider Pool of Applicants  

Going hybrid means you can hire the best employees all around the world! Offering this type of benefit can help employers attract young, highly skilled employees that might not otherwise be interested in a role. This can be particularly beneficial in locations or professions with skills shortages, as small businesses can widen their nets and work with the most talented individuals, regardless of where they are located.

Yes, this does mean way more applications to look through. However, wouldn’t it be nice to have an employee that can do the job perfectly without training?

  1. Less Time on Commuting to Work!  

In 2019, an average US worker spent almost 9 days commuting. That’s the time the employee should have spent working were they not stuck in the traffic. Don’t you think your business would have been better off had the employee spent this time on work?

Thinking of working virtually with your company for the long-term? Contact JENLOR today!

How an Outsourced IT Partner Can Boost Productivity For Your Business

Did you know the average office worker wastes 21 days per year due to IT issues? Outsourcing IT to JENLOR will stop those wasted days and boost your company’s productivity!

The perks of outsourcing 

No distractions to your or your employees – when an IT disaster strikes, your company’s  productivity can take a huge hit. When an IT disaster hits, it becomes a distraction for not only  you, but for your entire staff. If your network goes down, if a computer or hard drive breaks, or if  there’s a hiccup with your email or server, your entire office and its productivity come screeching  to a halt. Having an experienced IT partner that can come in and fix the issue quickly will keep  your business going!

Reduce the risks of an IT problem – When you hire an IT partner, it is their job to keep your  systems up-to-date. Having all your systems running and up-to-date lowers the risk of having an  IT problem.

You’ll save money and time – When you outsource to an IT partner, you will don’t have to pay  employee benefits, holidays, paid time off and overtime! This will also save you time hiring  someone and training them.

In a nutshell, by outsourcing an IT partner it will free up time, add value to your company, and  most importantly boost your company’s productivity!

Thinking about outsourcing your IT department? Contact JENLOR today!