Hacks in 2021: What We Can Learn

The hacks discussed in previous articles (here, here, and here) can teach us an extremely important lesson: the importance of not recycling passwords as well as using a password manager that is protected behind multi-factor authentication.

Multi-Factor Authentication is Essential

For those who don’t know, multi-factor authentication is the use of another device(normally a smartphone), to generate a random password that changes quickly, so that even if someone hacks your permanent password, they cannot access your account. But that does not mean that protecting your password becomes unimportant.

Here is a fact: if you have used the same password on every site, or even just many sites, for the last 10 years, then it is almost a guarantee that that password has at some point been compromised. If you have used the same password everywhere for the last few years it could be compromised. The safest course of action is to have a password manager that uses a unique password for every single website, preferably a random generated string of information.

With several billion accounts hacked per year, there is a high likelihood that any password that has been used for more than three years has been compromised. And the reality is that the situation companies currently find themselves in models itself after asymmetrical warfare. The fact is that every company needs to be secured against every attack, which takes real planning and preparation to ensure two things, that the number of hacks is reduced, preferably to none, and that the cost of a breach does not exceed the cost that would close the business.

Hacking is More Prevalent Than Ever

Hacks can be done with no cost and no equipment by using certain exploits. Renting a botnet for a few hours can cost between a few dollars to a few thousand depending on their technical needs. The average cost for a single record to be lost costs a company $158 on average. For companies with thousands, or tens of thousands of customers, a breach that steals all of their records can be deadly to their company’s survival.

And when it comes to how much it costs to buy these user’s data? It can range from anywhere from a few dollars to a few grand, to highly specialized information that may be worth millions. But oftentimes, it is listed on the dark web for a few hundred dollars, even for databases with hundreds of millions of users.

For example, when Myspace and LinkedIn were hacked, it was reported that the group behind the attacks had been selling the information in whole for only the equivalent of $2,000 in bitcoin. On the reverse side of that attack, that was a breach that ended up costing LinkedIn tens of millions of dollars.

Why mention how ubiquitous this stolen information has become in hacking circles? Because oftentimes they will buy the data not because the grand plan involves getting access to your Spotify account and using that to obtain free music, but because that username/password combination has probably been used on at least one other website, and that website might just give them access to something more valuable. And sometimes, they will target one entire but specific group, company or organization, or sometimes just one person, by buying millions of user accounts and its associated data.

Protect Your Passwords

One important thing you can do to ensure that you have the most up to date passwords is, of course, to make sure that you use a password generator and a password manager with multi-factor authentication to store the passwords. That way the only way that someone can gain access to a specific account is through brute force, or if the entire website was hacked. In the event that the website is hacked, the ultimate reasoning behind using unique website passwords is that one password being lost does not compromise your security.

Ideally, you need to have every single person in your organization have every password or email associated with work be unique, and secured with multi-factor authentication. You yourself should also ensure that you put all of your passwords into a password manager, and ensure that you have them all changed to unique passwords. As well, you need to make sure that you are using a password manager that alerts you if the website you are using has been associated with a breach. These apps will let you know if any of your user accounts need to be changed, and if any of your other passwords or usernames are shared, and if so, what action should be taken.

Protect Your Server

It is also important to make sure that you are taking steps against your server being accessed. IBM has done research on the cost related with breaches. Not only has the average breach ballooned up to nearly $8.9M for each breach in the United States (compared with roughly $3.9M in the United Kingdom), but that cost has been rising, steadily, over the last decade. 

In the last year or two though, they noticed an interesting trend. A slight increase, but in the last year, a very slight decrease. But the cost of an attack on someone who is unprepared has risen. On the other hand, the cost for someone who is prepared for a cyberattack is less than half. Someone who has all of their data and accounts secured enough to survive a ransom attack will end up only having to deal with half of the cost that the people who have to pay their attackers will.

Healthcare remains one of the most expensive industries. Steps to take include logging all interactions on your server, and having an AI analyze them for potential dangers. Currently, cybercrime costs the world economy between $600B and $1.5T, but by 2025 that number could rise as high as $10.5T. With the entire world’s economy only worth $80.5T, that means ⅛ dollars we spend will go either to stopping cybercrime or be lost in the commission of a crime.

Always Be Prepared

Preparation and fighting fire with fire will become more important than ever as we move into the next phase of these attacks: constant, never-ending attacks initiated not by determined humans, but by AI controlled by humans. It is not our goal to scare you, but it is important that you understand the risks and dangers that are not going to go away.

The reality is that you can prepare. But soon, preparation will not just be something that smart businesses will take part in, but an essential part of doing business publicly. Even for businesses that are all in-person based, if you or a receptionist or your accountant keeps information anywhere, it could be susceptible to attack. Same with even basic information on employees and customers. And the risk only increases as you move into businesses that do most of their work on computers, or businesses that operate online or deal with sensitive information. 

https://mytekrescue.com/hacks-in-2021-what-we-can-learn/?utm_source=rss&utm_medium=rss&utm_campaign=hacks-in-2021-what-we-can-learn

How to Reset the Password on Almost Any Windows Computer (Updated for Windows 10)

UPDATED 7-09-2020

There is a fault (maybe it’s a feature) in most later versions of Windows that allows someone with physical access to the computer to change the passwords of users, create new users, and elevate users to administrators. This article will show you how to do this. We are not going to go into extreme detail on this. We are going to assume that you have some basic computer repair skills. We are a San Marcos, TX based managed IT Support business, so we use this hack very often.

Time to Complete: 30 minutes or less
Difficulty level: Medium
Tools needed: A Windows Install Disk that matches the operation system on the computer

Note: This method works with several Windows OS’s. We are going to show you how to do it on a Windows 10 computer.

Step 1 – Replace Utilman.exe with CMD.exe

Boot into the install CD or USB Installer that matches your operating system. If you do not have one there are several tutorials out there that can help you make one.

Click on Troubleshoot, then Advanced options, and finally Command Prompt.

At the command prompt type the following command:

copy c:\windows\system32\utilman.exe c:\

…and press Enter. You should see a “1 file(s) copied ” confirmation.

Now type this command and hit Enter:

copy c:\windows\system32\cmd.exe c:\windows\system32\utilman.exe

Answer with Y to the question about overwriting of the utilman.exe file. You should now see another file copy confirmation.

Reboot the computer normally into Windows.

Step 2 – Manipulate the users you need

When the Windows logon screen is available, click the Ease of Access icon at the bottom-left corner of the screen. An ADMINISTRATOR Command Prompt will open. There are several commands you might need to use below. In them replace “myuser” with the actual username. Replace “newpassword” with your desired password.

Enter the following command to get a list of users:

net user 

Enter the following command to change the password of an existing user.

net user myuser newpassword

Enter the following command to create a new user:

net user myuser newpassword /add 

Enter the following command to elevate an existing user to an administrator:

net localgroup administrators myuser /add 

Once you have ran than commands that you need to run, log in and double check your work.

Step 3 – Putting Utilman.exe Back

Reboot into the install CD or USB Installer that you used earlier.

Click on Troubleshoot, then Advanced options, and finally Command Prompt.

At the command prompt type the following command:

copy c:\utilman.exe c:\windows\system32\utilman.exe

Confirm the overwriting by answering Yes. Reboot your computer. Profit!

https://mytekrescue.com/how-to-reset-the-password-on-almost-any-windows-computer/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-reset-the-password-on-almost-any-windows-computer

Hacks in 2021: Businesses Attacked by Nation-States

In an ArsTechnica article from November 18th, 2020 reports were made of the fact that exploits were used to target companies specifically, done on behalf of a group sponsored by a nation-state. Some of these exploits included using Zerologon to give admin access to new user accounts on Windows Servers.

How These Exploits Work

Because of the way that Windows Servers authenticate using something called NetLogon, attackers were able to make use of an exploit that allowed them to include a set of zeroes that tricked NetLogon into authenticating the user’s logon as an admin. And instead of using this power to target government agencies specifically, they engaged in a campaign of corporate sabotage, data breaches and information theft.

This was specifically done for economic reasons not personal in nature. This is important information to know because  According to the New York Times in Oct of 2020, a state-backed group who was responsible for hacking local and federal computer systems relating to elections (a clear example of something an enemy state would have an interest in) also was responsible for a string of hacks that targeted both nuclear power plants and general energy grids, and energy plants in particular through their Wi-Fi systems.

Potential Disasters

While they have not yet acted on what they have infected, they have in fact infected a large number of power grids, with the malicious code sitting deep inside the systems of these grids. While their intentions were not stated, in previous attacks that were similar to this one in 2017, they actually did shut down plants. At the time the stated assumed reason was economic sabotage, but it may have been a test run that laid the groundwork for the current state of affairs, where infections on power grids are endemic and at any time could potentially be pushed forward all at once.

And that is almost scarier than if their main reason to attempt these attacks was to simply economically slow us down or cause chaos. The idea that a potential huge attack could be in the wings, simply waiting for us to cross them before it becomes activated. In the future, cyber security will be not just a private issue, but a public one as an infected phone could infect a government employee’s phone, and ultimately lead to a point of failure.

Data Breaches

Another commonality in the last few years is that there have been widespread breaches in user account data from major websites and companies. These include passwords, usernames, emails, and  other personal identifiable information, or PII. Some of these attacks have also included information such as credit card data, financial reports, bank account information, Social Security numbers, and answers to personal questions.

The most widespread attacks have taken place on internet-based services in companies. This includes things such as forums, online shops, crypto exchanges, blogs, and other sites that are likely to have minimal security or at least be unlikely to be prepared for a targeted cyber attack. What this means is that if you have a password that you use on almost every site, at this point it is almost a guarantee that some site you have used in the past has been hacked.

The ubiquity of these attacks have at this point affected hundreds billions of accounts, and many people multiple times. In general, people assume that the attacks and subsequent release of information that accompanies these hacks only happens to websites of ill-repute. And it is true that how these lists get shared are generally released either in the form of anonymous social media or file sharing dumps on torrent websites, or through specific selling of the information to buyers normally found through the dark web, but just because the sharing is done through means that are less than above board, does not mean that the websites themselves weren’t modern, updated websites that were considered trustworthy.

Any Company Can be a Target

For example, Adobe, Spotify, eBay, Equifax, Marriott, LinkedIn and more have been targeted in recent years, generally stealing some or all of the related customer information. Obviously the stories that have stuck with the public consciousness tend to include events such as the attacks that happened on Billy Madison, an infamous site for cheaters, or a different attack that happened on the website “Adult Friend Finder.”

There is a sense from reporting on these and stories like these that this was always going to be the ultimate result from using a website that may have a less than stellar reputation in the eyes of many. But the reality is that every website is equally susceptible, for example, Yahoo, which had nearly 3 billion users’ data leaked, was a website at one point used by almost everyone, and was one of the most widely used email services. Some of that information was gained through exploits in software that the company used, which while not totally out of their hands, is something that could happen to anyone.

But where these companies could have done more is to ensure that they were training their employees so that their 5000 employees do not represent 5000 potential points of failure in their cybersecurity plan. Courses need to be held for anyone with access to secure databases and non-public networks. In some cases, separate personal and work devices will be the best option going forward. As well, yearly updates and best courses of actions should be planned so these attacks do not happen again, something many of these companies could not survive. 

https://mytekrescue.com/hacks-in-2021-businesses-attacked-by-nation-states/?utm_source=rss&utm_medium=rss&utm_campaign=hacks-in-2021-businesses-attacked-by-nation-states

Hacks in 2021: The “Federal Government Breach”

In a previous post, we discussed the high-profile series of hacks involving Microsoft Exchange Servers. In the months prior to those events, there was another somewhat related attack against the federal government that allowed a large data breach of a huge number of Americans’ personal info. This, to date, has been the largest hack ever against the United States government. In the second of our “Hacks in 2021” series, we’ll take a closer look at the “Federal Government Breach” to figure out why the attack was so effective, who the targets were, and what it can tell us about the nature of state-sponsored hacking groups.

A Brief Run-Down of the Attack

While the US government will be the most remembered victim of this attack, there were over 200 large organizations targeted, including political, social and financial organizations. The actual attack itself was carried out over 8 or 9 months, fueled by two different exploits used against SolarWinds and another one against VMWare. The devastating nature of this breach lead lot of experts to say what they have been saying for a while now—it’s time to treat digital information like any other part of America that we defend, investing resources into preventing breaches from happening in the future.

Why the Attack was Effective

There were quite a number of reasons that this attack was so effective, so secret, and so widespread. For starters, there were ultimately nearly a dozen different exploits that were used to carry this out. To make matters worse, the attacks didn’t become public information until December of 2020 even though they began in March 2020. Secondly, most of the hacks made use of proprietary software. While software like this is specialized and thus more resistant to attacks in general, it is weaker against targeted attacks at some points. In fact, it is this weakness that allowed someone to modify the Orion software undetected while also accessing their network itself undetected.

On top of everything, the attack made use of a lot of online services that the government was switching to as the first wave of the COVID-19 pandemic swept over the United States. A combination of new policies and what is essentially the fog of war allowed the attack to be done in secret. Finally, what the attackers couldn’t access directly they could access by using the user’s emails to authenticate or sign in to clearance for other related systems being granted to the attackers. 

Unraveling the Attack

In addition to being so effective, this breach (generally referred to as the “Federal Government Breach”) was extremely difficult to unravel. The extent of the damage and even the number of victims was difficult to assess for a number of reasons.

Who Were the Victims?

With certain attacks, it is easy to alert the customers that have been affected. One of the reasons this breach was so devastating was that it was not immediately clear who specifically was affected in the aftermath of the Orion hack. In some previous attacks, it was far easier to know if someone was affected. In this case, however, not everyone who downloaded the vulnerable software was infected, and not everyone who used Orion stopped using it. Thus, it required an investment of thousands and thousands of man hours to make sure that every affected client was helped to avoid infection.

What Information Was Stolen?

One of the scarier parts was that, into early 2021, the government was still trying to find out exactly what was taken and what was affected. In some cases, it is not clear what was or was not affected. This attack’s ramifications may not be fully known for several more years, as the data from this attack has not been put to full use by the attackers. For this reason, the federal government’s Cybersecurity and Infrastructure Security Agency (CISA) recommended that every SolarWinds customer should rebuild their systems from scratch, even though SolarWinds itself did not have their customers do this.

Which Branches of Government Were Affected?

All three branches of government were hurt by this attack, but the executive branch was hit hardest because it has the most sensitive information. This branch includes everything from the Department of Agriculture to the Department of Education and the Department of Defense, along with all of the associated private information they have access to. Additionally, some local governments were even hurt by this. Some cyber security officials had begun to analyze the attack before it went public, and they published tools to deal with the exploit. Ultimately, however, many of the recommendations revolved around the fact that had Orion been open-source, then this vulnerability would have been well known. But because they hid their source code, picking up what the problem was and potential future problems became essentially impossible. 

Motive & Targets

When it comes to motive and targets, that of course varies widely depending on who is being targeted and who is implementing the attack. That being said, there are some common themes. As an example of one thing that many attacks have in common is that they will go after personal information from websites and password sets to go along with it. This is valuable to several groups.

Criminals Looking to Make a Profit

First and foremost, this is valuable to hackers who are looking to simply sell that information outright and turn a profit. These thieves will post stolen information either in part or in whole for sale on a number of encrypted dark web websites. Personal data is also valuable to those looking to find ways to use that data to exploit weaknesses and infect victim’s computers for financial gain. This type of hacker might use the stolen information to form a botnet, to host ransomware, to copy keystrokes for banking info, to commit identity theft, or for a combination of all of these schemes.

State-Sponsored Hackers

Another group who might want sensitive website data is state-sponsored hackers, who in this example would value a website that has had its user data hacked along with a set of cleartext or readable passwords. This group would find great value in data like this because it can be used to obtain their objectives, namely gaining access to the personal information and networks of individuals who happen to work for the federal government. Through this, they are able to infect personal devices that may eventually make their way into government buildings. From there, they can use the compromised personal devices to infect networks or to log in to a government system or website that has classified information. For state-sponsored hackers, there is also use insofar as anything that increases the number of infected devices they have access to increases the likelihood they will gain information that will let them infect more computers. The end goal is that some of these devices they infect will have access to the classified information they are looking for.

While all of this is related specifically to impersonal data gathering to gain access to locked systems, state-sponsored groups also use personal information and compromised data as an asset of spycraft. If you have access to something they want, they will use what they have on you for the purpose of blackmail. With the amount of personal data they could theoretically collect on someone, they will know not only what to use, but what data the target is most sensitive about.

What We Can Learn

While cyber warfare and traditional conflicts/spycraft do not seem wholly interrelated, nation-states use what they can where they can to further their goals. Digital information is just another tool that can be used to gain an upper hand in warfare and power struggles. State actors, however, are not always acting in ways that are specific to attacking government and government-affiliated targets for purposes relating to intelligence gathering. As recent events have also shown us, businesses are not safe from being targeted by state-sponsored hackers—something we will delve deeper into in the next entry in this series.

https://mytekrescue.com/hacks-in-2021-the-federal-government-breach/?utm_source=rss&utm_medium=rss&utm_campaign=hacks-in-2021-the-federal-government-breach

Hacks in 2021: Microsoft Exchange Servers

We have all seen it in the news. “Large Multinational Corporation is hacked by foreign actors financed through the government.”  The corporation may change, the government behind it may change, and it may be carried out by freelancers or connected hackers. In the end, these events are becoming more and more common. One of the most recent that has been in the news for the ripple effect it sent out is the exploits and subsequent hacks used to gain access to Microsoft Exchange servers. Below, we will take a closer look at this infamous incident to see what cyber security lessons we can learn from it. Over the next few posts, we will also be looking over similar attacks so that we can see the commonalities. 

How the Hack Worked

Microsoft Exchange servers handle domain level email messages and calendars, and they sync everything so that it can be accessible anywhere. Having access to not only the user accounts but also the admin level accounts gives someone control over all kinds of things, including local connected devices. Criminals were able to find an exploit in the Exchange Server software, and they used this exploit to give themselves admin privileges. From there, they were able to install backdoors and run whatever scripts they wanted.

Why The Hack Was So Devastating

There are several reasons that this attack was so devastating. For one, Microsoft Exchange is the most commonly used email exchange service. As such, it has a level of ubiquity that meant that there was a huge number of potential victims, and many of its users were less than diligent about the exploit. Another reason that this attack was so dangerous was that it made use of existing tools and scripts to control the servers, and it made use of existing protocols to gain entry. This meant that anyone who had already been targeted did not have the hack “undone” by the patch that Microsoft would subsequently release. In addition, there was not just one zero-day exploit, but ultimately 4 interrelated vulnerabilities that allowed hackers to take their exploits further.

Exploits That Made Use of Native Scripts

At first, attackers were able to figure out the algorithm behind authenticating new users, allowing them to create new users on the server. The next vulnerability involved them to invite new false users onto the server and give them admin privileges. With admin privileges, they were able to use another exploit that inserted backdoors onto the server and placed them wherever they wanted. Many of the web shells (what gives a hacker control and access to servers, while allowing legitimate servers to continue to access the service, by routing all info through the web shell) used were already written and known, and still were unable to be removed through a patch alone. This was partially because of the use of some native scripts and tools that couldn’t be removed without crippling the software, and other back doors could be stored literally anywhere, so that not even uninstalling the software from the server would always stop it.

The Ubiquity of the Product

This is why everyone with a business that might have been running Microsoft Exchange needs to be in contact with a company that provides cyber security services and consulting. While no new back doors will be created, whatever is out there is still a threat. This attack also targeted a software that not just a large number of businesses make use of, but something that a majority of businesses use from all levels. This is what made the attack so pervasive—the sheer ubiquity of the actual product with the exploit itself. 

How It all Began: January 2021

As far as timeline of events goes, the first time that the hack was brought to the attention of Microsoft or any security companies was on January 5th, 2021. DEVCORE noticed it had affected two of their clients and let Microsoft know at this point. Within a week, another company had noticed ongoing attacks as well and had pinpointed the most likely bad actors. They were a state-sponsored hacking group that resides within a nation-state, and they were not punished at all, but rather rewarded by their sponsoring state. That is because that specific nation-state and other similar nation-states understand that in the 21st century, knowledge is power as it has always been. But now, it is possible to gain the upper hand—and thus power—over your opponents from a world away.

Previously, to gain access to files that only those with high level clearance had access to would be to plant an agent (which was essentially impossible) or to turn an agent to work for a foreign government as a double agent. The ability for foreign nations to actually gain access to documents without having to alert anyone of the belligerent government, through theft or some similar means, was also far more difficult. Now that governments have wide ranging contracts with private companies, vulnerabilities manifest themselves more frequently because of the fact that there are so many services used. And now that everything is more connected than ever, that means huge organizations and companies who work with the government are targeted alongside the public agencies. Companies may even be targeted to get access to another company that does work with the agency being targeted by the hacking groups. They use this information to gain access to even more information in a vicious cycle, made all the more effective because of the fact that with fewer in-person offices, more information than ever is going to be sent through services like Exchange.

How the Hack Proliferated: March 2021

From January to March, the Microsoft Exchange hack remained known only to very established actors in the hacking community and cyber security community, and these experts took whatever precautions they could without Microsoft’s intervention. Then during the first week of March, someone posted code on GitHub that, while not usable, was a proof of concept that demonstrated the attack was completely possible. Though this person posted it only to spur the security community into action, it also meant that not everyone could make use of it. All the same, almost anyone with mid to expert level knowledge of script writing could make use of it, which is why GitHub removed it eventually. With the cat out of the bag, the code kept popping up on public websites in more and more usable forms, and from there it became impossible to control the internet’s proliferation of material you don’t want proliferating.

Eventually, by the second week of March, one company noted that the number of attacks happening was tripling every two to three hours. It’s important to understand that it likely took all of January for the number of attacks to triple the first time, but eventually the growth was so huge that every few hours the problem was doubling to tripling in size. It went from one or two main actors to around a dozen, then to likely hundreds or thousands by the end. By the time that it had gone so public, a patch had been made available by Microsoft, and the public at large was aware of the hack. However, that still left a large number of businesses vulnerable if they didn’t act quickly to apply the patch. 

Why Small to Medium Sized Businesses Were Most Vulnerable

Another important aspect of the attack is that the conditions in which a company would become and remain vulnerable are most likely to happen to small and medium size businesses. This is especially true for any business that doesn’t have a cyber security plan in place or runs proprietary software that requires them to disable auto updates. Businesses who are not receiving any type of regular maintenance are also at risk, as are those who only receive support from general-focus IT companies rather than one who specializes cyber security. Servers that are not set to auto-update or don’t have someone who is knowledgeable enough to manually apply updates are generally those that belong to smaller to medium size companies. These companies are likely to not have dedicated security staff, and more importantly these companies are likely to use proprietary software that is not updated regularly and could thus break if the wrong updates are applied.

Vulnerabilities like this can best be fixed by having an outside group whose knowledge base can be used to protect your business. Proper prevention and care will take an experienced team, and having an internal team on full time is not feasible for most businesses.

https://mytekrescue.com/hacks-in-2021-microsoft-exchange-servers/?utm_source=rss&utm_medium=rss&utm_campaign=hacks-in-2021-microsoft-exchange-servers

Social Engineering Attacks: What They Are and How to Avoid Them

With the recent high-profile hacks that have been reported on by major media outlets, cybersecurity has taken a larger place in the public conscious than ever before. While some of these hacks were perpetrated by foreign governments against other governments, others were carried out by and against private organizations. In rare cases, these hacks were successful because someone was able to exploit existing security measures to gain access to publishing code and implement exploits from there. More commonly, however, these attacks were carried out via a much more simple approach: social engineering. Below, we’ll discuss how social engineering hacks play out, what they mean for your company, and what you should be aware of moving forward as a business owner.

What Is Social Engineering?

Social engineering is common tactic criminals use to gain access to organizations and their data. Instead of exploiting or cracking security measures, social engineering relies entirely on eliciting someone’s trust, using personal information to manipulate someone, or using an individual’s information to manipulate security measures. Through these methods, an attacker can gain access to emails, server logins, system accounts and general data—both customer and financial. Sometimes, the criminal will use social attacks to gain access to a network or database and insert malicious code to accomplish their ends.

What Does This Mean for My Company?

It means that while not all of your employees will need to have the tech literacy of an IT professional, they will need to be able to recognize the basic forms of social engineering attacks to avoid them in the future. This can be accomplished through training and reports based on potential outcomes. Employees should know best practices to avoid falling victim to a social engineering scheme, and they should understand how devastating the consequences can be for the company if they do fall victim.

What Should Someone Be Aware of as Possible Avenues for Attack?

Far and away the most common route in which someone will hack you through manipulation is via email. Some dangerous emails will look official, and some will not. Watch out for subject lines such as, “Your account has questionable activity on it”, “4th of July Hotel Deals”, “Large Corporation Monthly Bill Change Update”, and other emails that do not seem personal in any way. It is all a numbers game, and the numbers will always be in the attackers’ favor if your company isn’t prepared.

You will also want to make sure that you have the proper systems in place to ensure compartmentalization and the sterility of both office networks and business data. Attacks can happen in many ways, which means that your entire business is only as strong as its weakest link. This is especially true in a work from home environment, but it extends beyond that. If one employee gets a virus on her phone that allows access to her email, that could be all that is needed for an attacker to gain full access to the company’s systems.

For example, imagine an employee who gets a virus on their personal laptop through social media. This employee has a dedicated computer for work, but they sometimes bring their personal laptop in to the office for personal use. All that is needed is for this person to connect the infected laptop to the office network, and they could potentially infect the entire network and all devices connected to it. An interconnected network full of different devices also means that if something as simple as a printer with Wi-Fi gets infected, then without a proper cyber security plan in place you could be at risk of a total hack or ransomware. Making sure that any unapproved network access does not cripple the entire company is just as important as avoiding threats in the first place.

What Should We Do to Prepare?

If some of your employees are working from home, it’s important to institute security policy—potentially one that limits any activity that could expose them to viruses on their machine. Alternatively, a policy could be built around each individual device. It is important to run monthly tests and have reports, which are both something a cybersecurity professional can help you with. As mentioned above, another important aspect is educating your employees so that they know what scams look like and how to avoid viruses on their work computers. It may also be worth it to implement a network for personal devices and another for work devices. This way, if someone’s phone gets infected, it won’t end up infecting coworkers’ devices and by extension their user accounts.

https://mytekrescue.com/avoiding-social-engineering/?utm_source=rss&utm_medium=rss&utm_campaign=avoiding-social-engineering

Which Social Media Platforms Should Your Business Use?

Since the beginning of the twenty first century, social media has become an essential tool for businesses of nearly every type and every size. Social media allows businesses to network with others, advertise to potential customers, communicate with fans, share information, and complete many other important tasks.

Which Social Media Platforms Should Your Business Use?

Depending on multiple factors, you will have to decide which specific social media platforms your business would like to utilize. The demographics of your audience and your social media goals will both have an effect on the platforms that you choose to use and the ways that you choose to use them. If you want to create an in depth online presence, it is often useful to hire a professional social media manager.

Facebook

Facebook has specific business tools that are designed to help businesses target their ideal customers and attract them through paid advertisement. These tools can be highly effective but it is important to understand that there is a financial cost associated with using them.

LinkedIn

LinkedIn is specifically designated as a professional platform so it is especially important for businesses to establish a presence on it. This platform can be useful if you are hiring at your business or if you want to network with other businesses in regards to partnerships, events, investments, or other mutual tasks.

Instagram

Instagram is a great app because it allows you to share photo content with fans of your business, customers of your business, and/ or clients. Instagram also has excellent tools for sharing video and live video. Live video can be a great way to personalize your business social media accounts.

Tik Tok

Tik Tok is one of the newer social media platforms but it is extremely popular, especially among younger generations. If you are targeting a younger demographic, it is essential to have a presence on this app. Tik Tok is also a great way to share short video content related to your business.

Youtube

If you are looking to share more in-depth video content, YouTube can be a great tool. YouTube allows you to share longer videos that can be permanently linked for sharing on other social media platforms as well.

Pinterest

Pinterest boards assemble together links, photo content, video content, and other forms of content to establish social mood boards. Businesses in the clothing industry, baby industry, wedding industry, and food industry may especially find this app to be useful.

Twitter

Twitter is one of the most informal apps that businesses use to establish an online presence. Businesses often establish a more trendy, fun, and youthful presence on this app. It is also extremely popular for interaction between businesses, between businesses and fans, and between businesses and celebrities.

Conclusions on Social Media for Business

No matter which social media platforms your business chooses to use, it is important to pay attention to the type of presence that you create. Be professional but also personal and friendly on social media accounts for your businesses. It can be very helpful to hire professional assistance when doing this. Replying to comments and messages helps as well.

https://mytekrescue.com/which-social-media-should-your-business-use/?utm_source=rss&utm_medium=rss&utm_campaign=which-social-media-should-your-business-use

Tips to Keep Marketing Emails out of the Dreaded Spam Folder

Every business owner wants to do whatever they can to ensure their business grows and continues to keep in contact with their clients. One great way to do this is by having customers on an email list. When customers are on a marketing list, the business can send out periodic emails to the customers to inform them about promotions, new items or simply to connect. Unfortunately, some business owners learn their emails are not going to the top of their customer’s emails but are instead going into the spam folder. There are some things that can be done to help the emails land in the right spot.

Instruct Subscribers to Whitelist Email Address

Many of the top email providers have a spam filter. This means they look for certain things within an email that are usually congruent to spam emails. When a subscriber whitelists an email address, this ensures emails from a particular source will never go into the spam folder. The only way for an email to be added to someone’s whitelist is for the customer to do it or for someone on their team to do it. It is important to understand that not all subscribers might know how to whitelist an email. For this reason, it is imperative for the person sending emails to include instructions and even pictures on how to do it. The instructions can be included in the first welcome email the subscriber will receive.

Receive Permission Before Sending Emails

Some people may be under the impression they can send emails to anyone; however this is not the case. Business owners should always get permission to send marketing emails. If someone did not sign up for emails, there is a chance they will report it as spam. If a sender’s emails get reported as spam repeatedly, there is a chance their emails will automatically start going into the spam folder. Before sending emails, business owners must have a way of gauging a person’s interest.

Choose the Right Email Marketing Program

Sometimes business owners may overlook details about the email marketing program they choose for their campaigns; however the wrong email marketing program can cause a person’s emails to mistakenly go to the spam folder. One way that email providers choose what emails to send to spam can be based on the program that is used. If an email marketing program gets numerous complaints for sending spam emails, there is a chance they will send other emails from the same program to spam as well. It is important to always use a program that has a good reputation and is legitimate. Sometimes the legitimate program may be a bit more expensive; however, it is worth the extra cost associated with it. A legitimate email marketing program will also have filters in place to help the emails to not get tossed into spam folders.

Take Adequate Time to Proofread Emails

Many times business owners are extremely busy and would like to get information out to their clients as quickly as possible; however it is quite important to take the necessary time to proofread all emails that are sent out. If there are numerous grammatical issues with an email, typos, and sentences that do no make sense, there is a chance the email could be placed with spam emails. It is even a good idea to run emails through some form of grammatical correction software before sending the email to customers. By doing this, there is less chance the email will be sent to spam because all issues or most issues will be corrected. One program that many people use is Grammarly, and there are many similar tools to choose from.

Beware of Subject Lines

When creating emails it is important to share great information, and that starts with the subject line. If the subject sounds like spam, then some email spam filters will label it as such. Sometimes emails that talk about discounts, deals or have exclamation points in the subject line can end up in the spam folder. Even if the emails come from reputable companies, there is still a chance they will be regarded as spam. So, it is best to pay close attention to the subject line that is used.

Remove the Email Address of Certain People

Another way email providers determine if someone is sending spam is by seeing how many of the emails that a person sends information to are actually active. If the percentage is relatively low, the email provider could relate this to spam. So, to deter this from happening, it is recommended to remove inactive email addresses from the marketing campaign. If someone has not opened the emails in a very long time, then those addresses should be removed. If there is a small number of people on the email list that is not opening emails, then that is to be expected. If a large number of people are not opening emails, then the marketing strategies should be revisited. This shows that something is not working properly.

Utilize a Spam Checker

Many people who create emails on a regular basis purchase a spam checker tool to do everything possible to keep their emails from going to spam. The spam checker tool will be able to show how possible it is that a certain email will go to spam, and it will suggest strategies to reduce that likelihood.

Be Clear About Who the Sender is

It is best to be as clear as possible on who is actually sending the email. The sender is what recipients will see in the “from” field of the email. There should never be any special characters or anything like this in that particular field. If there are special characters, the likelihood the email will be filtered into spam rises significantly. In the “from” field, there should be a person’s name or the company’s name.

Conclusion

All of these are great tips to deter marketing emails from ending up in the spam folder. If these tips are followed, there is a better chance that an email campaign will see positive results because the recipient will actually receive the email.

https://mytekrescue.com/keeping-emails-out-of-spam/?utm_source=rss&utm_medium=rss&utm_campaign=keeping-emails-out-of-spam

tekRESCUE Receives Best of Hays 2020 Award

tekRESCUE was once again a contender in the Hays county “Best of Hays” awards this year. Our team was excited to receive top recognition in three categories for 2020! These included:

Best Security Company

BEST COMPUTER TECH SUPPORT

bEST cOMPUTER rEPAIR

Best Community Volunteer

In addition to these company-wide distinctions, our own IT technician Austin Koester was awarded Best Community Volunteer for his work with Family 4 Life, a non-profit organization dedicated to reuniting siblings separated by adoption. 

tekRESCUE is proud to accept these awards, and we extend our heartfelt thanks to the voters of Hays county for voting us “Best of Hays” once again this year! We are delighted to continue offering the best technology services to our community in 2021.

About Best of Hays

The Best of Hays contest takes place in Hays county every spring. Historically Hays county residents voted via newspaper ballots for businesses in a wide range of categories, from best overall company to best sweet tea. However, for the last two years all voting has been done digitally with great success in participation. 

Residents nominate their favorite businesses for each category and after the nomination period (dates vary by year) voters choose between the top three businesses nominated for each category to determine Best of Hays winners. Voting maintenance, final tallies, and award distribution is all completed by the San Marcos Daily Record. 

About tekRESCUE

tekRESCUE is headquartered in San Marcos, TX and has been serving Hays county and the surrounding Central Texas areas for over a decade under the leadership of CEO Randy Bryan. Randy already had a long history of technology expertise when he decided to start tekRESCUE. In his experience he saw business after business struggle to deal with the many aspects of technology necessary to succeed in the digital world. His dream in starting tekRESCUE was to offer a way for businesses of any size to get support and find solutions for any of their technology needs – all in one place.

Today tekRESCUE has evolved into a complete technology provider, offering everything from top of the line cybersecurity solutions to all-in-one digital marketing. We serve businesses across Texas and look forward to expanding further in the future. 

Seeking technology solutions for your business? Schedule a 20 minute strategy call with Randy to discuss options for your business. For more information about services we offer, please see below.

Schedule Your 20 Minute Strategy Call

SCHEDULE NOW

Our Services

Cybersecurity

tekRESCUE now offers complete cybersecurity for businesses. This includes network and device protection, managed IT for your office, threat detection and incident response, as well as assistance maintaining HIPAA compliance. tekRESCUE is a HIPAA compliant business.

LEARN MORE

Website Development

Whether you need a brand new website for your business or need a touch up for an existing website, tekRESCUE can help. We specialize in sleek, modern sites and offer security and hosting options for those that need it.

LEARN MORE

Digital Marketing

Our team of experts work to improve your presence online using time-tested SEO techniques, social media management, and targeted ad campaigns. From getting your business to #1 in Google to improving your social media audience and interaction, we’re a one-stop-shop for your digital marketing needs.

LEARN MORE

https://mytekrescue.com/best-of-hays-2020-award/?utm_source=rss&utm_medium=rss&utm_campaign=best-of-hays-2020-award

Why Full Stack Cyber Security Is Important—and Why Your Business Needs It

If you’ve never been hacked before, you might think, “Come on, would hackers really target me or my business?” And the answer is yes they would. Data shows that cyber attacks are extremely common and can happen to any business or website. These attacks result in huge monetary losses more often than not, but having the right security measures in place can go a long way to not only minimize the damage of a successful attack but also deter attackers in the first place.

Below, we’ll take a deeper look into the many reasons why full stack cyber security is essential for any business in today’s age where serious cyber attacks are more common than ever.

1) Costly Attacks Can Happen to Any Business

Understanding the Scale of Cyber Attacks

According to Cybint Solutions, up to 57% of businesses will be targeted at some point with a hack, 62% with phishing and social engineering attacks, and 51% with direct denial of service attacks. And more than that, if you have a website, almost every single website that is listed on Google will have at least attempts made to crack the admin password. Even if this is not a full blown attack, it shows the sheer scale of hacks that currently exist.

Understanding the Costs of a Successful Attack

Up to 43% of businesses were the victim of a successful breach within the last year. When it comes to small and medium sized businesses, the average successful data breach will cost 2.2 million dollars. And while this is an average figure, and some cost significantly less and some cost tens of millions, the cost of each breached record can cost a company up to $300 in lost clients, restitution, data security cleanup and more, both according to IBM. 

2) Security Measures Make a Real Difference

Minimizing the Damage of an Attack

With all of these negative factors, what can your business do? An IBM report also looked at the cost of all businesses that were hacked, and the average hack resulted in losses of more than $5.2 million. With a response team in place and encryption set up by a cyber security firm, however, these losses were reduced by nearly $720,000. And by having automated security technologies set up by a team (think AI that defends and scans for hacks and runs automated penetration tests) you can more than half the cost of a data breach to $2.6 million, combined with the savings from having a team in place can lead to severely decreased costs, should a breach be successful.

Deterring Attackers in the First Place

Most hackers are hackers of opportunity. Once they see that your systems are well defended, they will generally decide that it is not worth the effort. So besides the fact that any breaches would be far less likely to be fatal to your business, they are also far less likely and can lead to you not having to deal with it at all in the first place.

3) Many Threats Are Internal

Understanding the Vulnerabilities

Finally, sometimes the largest threats are actually things that exist in your company already. These include things such as unsecured routers, employees with bad tech hygiene, bad systems in place for sharing and exporting data, lack of encryption, out of date software and more. Since all it takes is one of your software or hardware providers to be hacked (say, a manufacturing automation, a point of sales system or a medical billing software), one small vulnerability can potentially lead to catastrophic results when exploited.

Addressing the Vulnerabilities

Having a full-stack company come in will allow the weakest points of entry to be detected and will ensure that it does not get exploited. By having a network that automatically scans for what default traffic looks like, you can detect if a piece of software has become breached and can prevent anything disastrous from happening to your network in the first place. 

https://mytekrescue.com/full-stack-security-importance/?utm_source=rss&utm_medium=rss&utm_campaign=full-stack-security-importance