Archive for category: Security Alert

windows 7 end of life is coming

 Your Biggest Security Threat May Be Your Windows 7 Operating System

/0 Comments/in , , /by

windows 7 end of lifeThanks to shows like The Walking Dead, we’re all prepared for a zombie apocalypse. We know how to fight off zombies, avoid getting bitten, and when to run. But what happens when the apocalypse is much more likely to happen and zombies have already been welcomed into your organization? This scenario is far too real for many businesses: Windows 7 will soon be the zombie in your office that will infect everything.

Windows 7 End of Life (EOL) Is Less than 6 Months Away

Effective January 14, 2020, Windows 7 will no longer be supported by Microsoft. The OS will continue to launch and run, but users will no longer receive updates or support. After the EOL date, systems still running Windows 7 will be considered unprotected, and as such, will be subject to higher security risks. It is important that all current users of Windows 7 migrate to Windows 10 prior to this date so that they can continue to receive regular security updates to help protect their devices from malicious attacks. It’s already past the time when organizations should be taking steps to update to Windows 10. In fact, Windows 7 lost mainstream support from Microsoft in 2015 and it’s basically been on life support since then. Now they’re pulling the plug altogether, and any organization still relying on the platform will encounter operational difficulties as well as enormous security risks. There will be no more security patches issued and no more support extensions available.

Make the Move to Windows 10 Now

While Windows 10 did present some challenges for early adopters, those challenges have, for the most part, been resolved. It is a much more intuitive version of Windows, offering better collaboration tools, stronger security, and more efficiency, no matter the size of your business. But the key thing to remember is that Windows 10 is still supported by Microsoft, which means you will receive security updates and layers of protection that you will lose with Windows 7.

Remember WannaCry?

In 2017 the WannaCry ransomware cryptoworm infected more than 200,000 computers in 150 countries, costing companies millions – if not billions – of dollars. WannaCry was able to spread because the hackers took advantage of vulnerabilities in unsupported versions of Windows to access networks. It literally spread like a wildfire around the world. To avoid a similar situation with Windows 7, it is vital that you get in touch with your Managed Services Provider (MSP) today and schedule time to set up a plan to move your network to Windows 10.

Windows 7 Upgrade FAQs

There are many questions about the Windows 10 upgrade process, and we’re here to answer them and assist in the process. In the meantime, here a few quick FAQs to cover a few of the questions asked most often:

Q: What about Windows 8? Isn’t that a less expensive option?

We often talk about the need for organizations to be proactive instead of reactive in order to be more secure and make the best use of their IT investments. Moving to Windows 8 leaves you in a reactive and vulnerable state, because end of support for Windows 8 has already been announced. The few dollars you might save today will be spent making another shift far too soon. We strongly advise you to go ahead and make the move to Windows 10 now.

Q: Can I upgrade my existing PC to Windows 10?

A: Yes, you can upgrade compatible Windows 7 PCs (based on certain requirements with a full license – ask your CITM if you are unsure if your hardware is eligible for this upgrade). To take advantage of the latest hardware capabilities, we recommend moving to a new PC with Windows 10.

Q: What happens if I continue to use Windows 7?

A: You can continue to use Windows 7, but once support ends, your PC will become more vulnerable to security risks. Windows will operate but you will stop receiving security and feature updates.

Q: Can Windows 7 still be activated after January 14, 2020?

A: To avoid security risks and viruses, Microsoft recommends that you consider upgrading to Windows 10 well in advance of the end of life (EOL) date for Windows 7. Once the EOL date arrives, you will not be able to install any new Windows 7 instances or receive patches, old or new, for existing systems.

Act Now to Protect Your Organization from Windows 7 Security Risks

If you are a current Windows 7 or Windows Server 2008 R2 user and you don’t already have an upgrade plan in place, please talk to your Client IT Manager or Account Manager to discuss the transition so that there is no lapse in your security coverage. Here at The ITeam, we understand that replacing hardware and software can be a daunting task, so if you have any questions at all, don’t hesitate to reach out to your ITeam Account or Client IT Manager to discuss your options. We are here to help make this as seamless and budget friendly as possible! Get in touch today.

How To Avoid Becoming a Repeat Defender of Ransomware

/0 Comments/in , /by

Can your system be infected with the same ransomware twice?

Technically, yes.

If your IT department does not make the appropriate corrections to your cybersecurity infrastructure following a cyber-attack, leaving your infrastructure essentially vulnerable with the same weaknesses, a hacker will be more than happy to reinfect your systems.

However, performing the appropriate updates and installing the necessary patches does not always secure you against the same ransomware either.

Hackers are using more advanced technology every day, leaving organizations susceptible to new methods of attack.

Defensive approaches aren’t enough

How To Avoid Becoming a Repeat Defender of RansomwareUnfortunately, it isn’t enough to play defence against the tactics that hackers are now using.

One infection could easily lead to another if you prove to be an easy target.

Your main concern should be your overall strength against any attack, rather than concern over the same ransomware breaching your defences twice.

For organizations that utilize constant cybersecurity monitoring and other preventative approaches to their security strategy, their systems are less likely to be infected by the same ransomware or other malware a second time.

But many organizations spend too much time repairing holes made by malicious attempts to access data, rather than reinforcing the entire IT infrastructure.

Cybercriminals are using a classic bait-and-switch

Although the ransomware used is technically not the same, cybercriminals are discovering that they can double their luck by attacking twice in the same email distribution.

Hackers distributing phishing emails will load one set of emails with one ransomware, and another set of emails with different ransomware.

This tricks the organization into thinking they have already set up defences against one strain, only to be taken advantage of hours or days later by yet another strain.

Any ransom paid to retrieve stolen information must be paid again to the very same hackers who had previously demanded payment.

Ransomware is always evolving

The answer to whether your systems can be infected twice by the same ransomware depends more upon your level of cybersecurity than the efficiency of hackers.

New distribution methods are proving successful against organizations of every size and taking a proactive approach to cybersecurity – playing offence and anticipating attacks – is the only way to truly protect your data.

First steps involve educating all employees on what a phishing email looks like, as well as establishing constant monitoring systems that can alert you in advance of breaches.

If you think your systems have been compromised by ransomware, the first step is to immediately mitigate the damages. The next step is to conduct a complete analysis of your systems and implement a proactive action to prevent future breaches and to protect your sensitive data. Hackers will stop at nothing to profit from your data; you should stop at nothing to protect it.

The ITeam understands the cybersecurity issues facing Canada businesses. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

Why Call Center Fraud is Becoming More Problematic

/0 Comments/in , /by

Hackers are becoming more difficult to detect, and their tactics seem more creative every day.

And while there are those skilled hackers who attempt to breach sophisticated cybersecurity systems, there are many hackers who rely on opportunity more than skill.

Consequently, call center fraud has increased significantly in the past few years, resulting in data breaches coming from areas that organizations aren’t accustomed to managing.

The call center is a weak link

Why Call Center Fraud is Becoming More ProblematicThere are several reasons why call centers have become a primary target for cyber-attacks. Online channels are more secure than ever, and EMV credit cards have made it more difficult for purchases to be made without the card or customer present. Therefore, call centers have become one of the easiest ways to gain access to privileged information. Organizations are so busy navigating cross-channel business platforms that they fail to realize the weaknesses that exist within their call center processes. If hackers want access to other networks, the call center is where they will likely start.

Technology makes it easier for hackers

A single call center can offer many opportunities to a basic-level hacker, with technology that is easy to obtain. There are simple programs that will reset PINs and VoIPs to show a false caller ID or an unidentifiable number. Through such methods, hackers can attempt a variety of criminal activities ranging from account takeovers to the gathering of information about either customer accounts or the organizations they are attempting to breach. It only takes a small slip-up from an employee to offer basic information that will provide access to sensitive data.

The customer is always right

The biggest vulnerability at call centers results from the fact that the primary focus is on customer service rather than identifying fraud. The entire premise of a call center is to solve customers’ problems, which is increasingly difficult when hackers are attempting to impersonate legitimate customers. Current methods of authentication are often ineffective since they tend to prompt for basic information, such as a birth date or a social security number, which are easily stolen. If a hacker answers all the right questions, even with a bit of missing information, they can fraudulently gain access to an account.

Two-factor authentication and other secure methods of verifying customer identity are more important than ever. Not every hacker is a computer mastermind, and now, they don’t have to be. Call center fraud will continue to increase unless proactive measures are taken. Call centers are often on the frontline for an organization’s consumer base; therefore, protecting customer data is a crucial task that must be taken seriously.

The ITeam understands the cybersecurity issues facing Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

Security Alert: Meltdown and Spectre Vulnerabilities

/0 Comments/in /by

What Are Meltdown and Spectre?

Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug.

It’s really a design flaw in the hardware that has been there for years.

This is a big deal because it affects almost every computer, including PCs, laptops, smartphones, and servers.

This hardware bug allows malicious programs to steal data that is being processed in your computer memory.

Normally, applications are not able to do that because they are isolated from each other and the operating system.

This hardware bug breaks that isolation.

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents.

So, What Are We Doing About This?

There are two updates required by all computers.

The Windows updates were approved last week and should already be deployed to your computers.

A firmware update is also required and this is going to take some time; many of the patches are not even available yet.

Our team will work with you to schedule a time when the firmware updates can be applied as they become available.

Thankfully, there are no known active threats exploiting these vulnerabilities.

In the meantime, we need you to be extra vigilant, with security top of mind and Think Before You Click.

Please don’t hesitate to contact your ITeam Account Manager or IT Manager for more details.

The ITeam understands the cybersecurity issues facing Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

Important Take-Aways from the Equifax Data Breach

/0 Comments/in /by

If cybersecurity wasn’t at the top of your to-do list, the recent Equifax data breach should have you on high alert.

Between May and July 2017, names, social security and social insurance numbers, birth dates, addresses, and driver’s license numbers were stolen, along with over 200,000 credit card numbers.

This breach primarily affected 145.5 million consumers in the United States, but thousands in Canada and the UK have been affected as well.

This data breach has the cybersecurity community reeling, and businesses and individuals alike are wondering what the next step is.

What’s shocking for many IT professionals is that despite available technology, breaches are usually caused by the simplest mistakes.

Proper preventative measures within the security infrastructure of any business could slow down hackers and even stop them entirely.

Here’s what you can do in light of the Equifax breach:

From the Business Perspective

The fallout of the Equifax data breach has compelled businesses of all sizes to ramp up cybersecurity. It is a critical element of any modern organization, and it’s risky to assume that large companies, such as Equifax, are the only targets, since hackers rely on inadequate security measures that are particularly evident in small businesses.

Unfortunately, breaches are not 100-% preventable. However, this is not to say that with strong security measures, these breaches can’t be drastically mitigated. By adequately preparing for a potential breach, you may greatly reduce the number of people affected and the amount of data compromised. Here are some ideas to help you prevent the next major security breach:

  • Segment networks – Too many user controls permit too much access. If your infrastructure is properly segmented, a breach can be restricted to small areas, prohibiting access to the entire database.
  • Require multi-factor authentication – This is a common method of security, requiring more than one method of authentication to verify a user’s identity.
  • Employ robust data encryption – Design your security system so that even if malicious attempts are successful, a hacker can’t interpret the contents.
  • Foster a commitment to functionality – Key to any successful cybersecurity strategy is some assurance that systems are working as they should. This involves regular updates as well as internal audits.

From a Personal Perspective

If you have a credit history, there is a chance that your information was compromised by the Equifax breach. Preventative measures can be utilized by consumers as well as businesses, and the following tips will help protect against identity theft:

  • Check to see if your data was compromised. The Office of the Privacy Commissioner of Canada has instructions and further guidance.
  • Check credit reports – Many credit card companies now provide your credit score for free. Investigate any changes in your credit, such as new accounts.
  • Request a credit freeze – Although this doesn’t prevent access to current accounts, no new accounts can be opened in your name.
  • Monitor your accounts closely –Alert your financial institutions of suspicious activity.
  • File taxes early – The earlier you file your taxes, the less likely it is that someone else will be able to file using your sensitive information.
  • Enroll in a credit monitoring service.

There is no such thing as perfect security, but with the right technological overhauls, a data breach does not have to be devastating. Protecting your data is the top priority, so make sure your cybersecurity efforts are at least on par with the existing threats. Let The ITeam help with your security through our managed it services.

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OK