Invincia Blog

Category: Email Security

  • 6 Simple Steps to Enhance Your Email Security

    6 Simple Steps to Enhance Your Email Security

    Email is an essential communication tool for both businesses and individuals, but it has also become a prime target for cyberattacks. As these attacks become more sophisticated, it’s critical to improve your email security. According to reports, 95% of IT leaders say cyberattacks have become more advanced, and over half have witnessed AI-powered attacks in their organizations. By taking proactive steps, you can protect sensitive information, prevent unauthorized access, and maintain the integrity of your communications. Here are six simple ways to enhance your email security.

    1. Use Strong, Unique Passwords

    Passwords are your first line of defense when it comes to protecting your email accounts. Weak passwords make it easy for cybercriminals to gain access. Strengthen your email security by creating strong, unique passwords that are difficult to guess.

    Create Complex Passwords

    A strong password should include a combination of:

    • Uppercase and lowercase letters
    • Numbers
    • Special characters

    Avoid using common words, phrases, or easily guessable information like your name or birthdate. Complex passwords make it harder for attackers to crack your account.

    Use a Password Manager

    Keeping track of multiple complex passwords can be difficult. A password manager can help by generating and securely storing unique passwords for all your accounts. This way, you only need to remember one master password, simplifying the process while boosting security.

    Avoid Reusing Passwords

    Using the same password across multiple accounts increases your vulnerability. If one account is compromised, others using the same password are at risk. Ensure each of your email accounts has a unique password to prevent a single breach from affecting multiple accounts.

    1. Enable Two-Factor Authentication (2FA)

    Two-factor authentication (2FA) adds an additional layer of security to your email accounts. Even if someone steals your password, they won’t be able to access your account without the second form of authentication.

    Choose a 2FA Method

    Common 2FA methods include SMS codes, authenticator apps, and hardware tokens. SMS sends a code to your phone, while authenticator apps generate time-sensitive codes on your device. Hardware tokens provide physical devices that generate codes. Select the method that works best for you.

    Set Up 2FA for All Accounts

    Make sure to enable 2FA for all your email accounts. Most providers offer this feature, and setting it up takes just a few minutes. This simple step significantly boosts your email security.

    1. Be Cautious with Email Attachments and Links

    Attachments and links are common tools used in phishing and malware attacks. Clicking on a malicious link or downloading a harmful attachment can give attackers access to your system. Stay cautious to avoid these traps.

    Verify the Sender

    Before opening an attachment or clicking on a link, verify the sender’s identity. If an email from a known contact seems suspicious, reach out to them through another method to confirm it’s legitimate. For emails from unknown senders, it’s best to avoid engaging with the content altogether.

    Scan Attachments

    Use antivirus software to scan email attachments before opening them. Many email providers offer built-in scanning tools, but having additional antivirus protection adds another layer of security.

    Avoid Clicking Suspicious Links

    Hover over links before clicking to see where they lead. If the URL looks strange or unfamiliar, don’t click it. Instead, go directly to the site through your web browser to ensure it’s safe.

    1. Keep Your Email Software Updated

    Keeping your email software up to date is crucial for maintaining security. Updates often contain security patches that protect against new vulnerabilities. Ensuring your email client is up to date helps guard against potential threats.

    Enable Automatic Updates

    Most email clients and operating systems offer automatic updates. Enable this feature to make sure you don’t miss any critical security patches.

    Regularly Check for Updates

    Even with automatic updates, it’s good to manually check for updates from time to time. This helps ensure your email client is functioning securely and efficiently.

    1. Use Encryption for Sensitive Emails

    Encryption ensures that the contents of your emails are protected, making them readable only by the intended recipient. This is especially important when sending sensitive information via email.

    Encrypt Sensitive Emails

    If you need to send sensitive data, always use encryption. Many email providers offer built-in encryption options, but you can also use third-party tools for added security and end-to-end encryption.

    Educate Recipients

    Make sure your recipients know how to securely access encrypted emails. Provide them with clear instructions on how to decrypt the message to avoid any confusion or security gaps.

    1. Monitor Your Email Activity

    Regularly monitoring your email activity can help you detect any suspicious behavior early. By staying vigilant, you can take swift action if something seems off.

    Set Up Activity Alerts

    Many email services offer activity alerts that notify you of unusual login attempts or changes to your account settings. Enable these alerts to stay informed about your account’s security status.

    Review Account Activity Regularly

    Check your account’s login history and connected devices regularly. If you notice any unfamiliar activity, change your password immediately and investigate further.

    Respond Quickly to Suspicious Activity

    If you detect anything unusual in your account activity, take immediate action. Change your passwords, review your security settings, and consider adding extra security measures like 2FA.

    Secure Your Email with Expert Solutions

    Email security is vital for safeguarding your personal and professional information. We offer solutions that help protect against email breaches and reduce phishing risks. Contact us today to discuss how we can enhance your email security.

  • Data Breach Damage Control: Avoid These Pitfalls

    Data Breach Damage Control: Avoid These Pitfalls

    Data breaches are a harsh reality for businesses, no matter their size. When a breach occurs, how a company responds is crucial. The immediate actions taken can greatly affect a business’s reputation, financial health, and legal standing. With the average cost of a data breach now at $4.88 million USD, having an effective damage control strategy is essential. However, there are common mistakes that can make the situation worse. This article outlines the key steps to take after a breach and the pitfalls to avoid in order to minimize the impact.

    1. Pitfall: Delaying the Response

    One of the worst mistakes a business can make after a data breach is waiting too long to respond. The longer the delay, the greater the risk of further data loss and a decline in customer trust.

    Act Immediately

    The first step is to act as quickly as possible. Once a breach is detected, your incident response plan should be activated. This includes containing the breach, assessing the damage, and notifying those affected. The faster you respond, the better you can limit the damage.

    Notify Stakeholders Without Delay

    It’s important to promptly inform all stakeholders, including customers, employees, and business partners. Delays can lead to confusion and worsen the situation. Be transparent about:

    • What happened
    • The data that was compromised
    • What steps are being taken to resolve the issue

    This transparency helps maintain trust and allows those affected to take appropriate actions.

    Engage Legal and Regulatory Authorities

    Depending on the type of breach, you may also need to notify regulatory bodies. Failing to do so in a timely manner can lead to legal penalties. Make sure you understand and comply with all notification requirements in your jurisdiction.

    1. Pitfall: Poor Communication

    During a data breach, communication is critical. Inadequate or unclear messaging can lead to misunderstandings and frustration, further damaging your company’s reputation.

    Set Up Clear Communication Channels

    Establishing clear and accessible communication channels is essential. This can include:

    • A dedicated hotline
    • Regular email updates
    • A website page with real-time information

    Ensure that communication is consistent, transparent, and accurate throughout the crisis.

    Avoid Jargon and Complex Terms

    When addressing non-technical stakeholders, avoid using technical jargon. The goal is to make the situation clear and easy to understand. Explain what happened, what steps are being taken, and what actions customers need to take.

    Provide Consistent Updates

    Even if there are no significant changes, keep stakeholders updated regularly. This reassures them that you’re actively managing the situation and working towards a resolution.

    1. Pitfall: Failing to Contain the Breach

    Once a breach is identified, failing to quickly contain it can result in even more damage. It’s essential to take immediate action to prevent further data loss.

    Isolate the Affected Systems

    The first step is isolating the systems that have been compromised. This could involve:

    • Disconnecting them from the network
    • Disabling affected user accounts
    • Shutting down vulnerable services

    This prevents the breach from spreading to other systems.

    Assess the Scope of the Breach

    After containment, evaluate the extent of the breach. Identify what data was compromised, how the breach occurred, and the scope of the exposure. This information will be critical for notifying stakeholders and planning the next steps.

    Implement Remediation Measures

    Once the breach is contained, address the vulnerabilities that were exploited. Take steps to ensure the breach doesn’t happen again by deploying the necessary patches and system updates.

    1. Pitfall: Ignoring Legal and Regulatory Obligations

    Failure to comply with legal and regulatory requirements can lead to severe consequences. Many regions have strict laws governing how businesses must respond to data breaches. Non-compliance can result in hefty fines and legal action.

    Understand Your Legal Responsibilities

    Make sure you’re aware of the legal obligations in your jurisdiction. This includes understanding the timelines for breach notifications and knowing exactly who needs to be informed and what information must be provided.

    Document the Response Process

    Properly documenting your response to a breach is essential for demonstrating compliance. Keep a detailed record of:

    • The timeline of events
    • The actions taken to contain the breach
    • All communications with stakeholders

    This documentation is critical if your response is ever subject to legal scrutiny.

    1. Pitfall: Overlooking the Human Element

    Often, the human aspect of a data breach is overlooked. Human error can be a contributing factor, and the emotional impact on employees and customers must be addressed as part of the response.

    Support Your Employees

    If employees’ data has been compromised, provide them with support. This could include:

    • Offering credit monitoring services
    • Clear communication about the breach
    • Addressing their concerns directly

    Providing support to employees helps maintain morale and trust within the company.

    Address Customer Concerns

    Customers may feel anxious and worried after a breach. Respond to their concerns with empathy and clarity. Provide them with actionable steps to protect themselves and offer assistance where possible. A compassionate response can go a long way in preserving customer loyalty.

    Learn from the Incident

    Use the breach as an opportunity to improve. Conduct a thorough review of the incident, identifying what went wrong and how it can be prevented in the future. Implement security training and awareness programs for employees to minimize the risk of future breaches.

    Get Help Managing Data Breaches from IT Experts

    Data breaches are difficult to navigate, but the way your company responds can make a huge difference. Need expert IT support to help prevent and manage breaches? Our team can help reduce the impact and secure your business from future threats. Contact us today!

  • The Ransomware Werewolf – When Your Systems Are Held Hostage

    Full moon rising, systems slowing, files vanishing… your network has been infected, and it’s turning into something monstrous. It’s the ransomware werewolf, prowling the night, holding your data hostage until you pay up. This IT nightmare is a terrifying transformation that no business wants to endure. But fear not—there are ways to keep your systems from howling at the moon. 🌕🐺

    The Nightmare
    Ransomware attacks are vicious, sudden, and leave your data locked away behind a digital cage. Once infected, your files are encrypted, and the only way to get them back (without a proper backup) is to pay a hefty ransom. Even then, there’s no guarantee you’ll see your data again. It’s like trying to strike a deal with a werewolf—you might lose your data or even your network security. 🧛‍♂️🖥️

    How to Avoid the Transformation

    1. Silver Bullet Solutions: Keep your software updated. Outdated systems are like leaving your windows open on a stormy night—an open invitation for trouble. 🔧💻
    2. Cursed Email Filters: Use advanced spam filters to block suspicious emails from entering your system. If it looks like a trick, don’t treat it. 🎃🚫
    3. The Silver-Lined Cloud: Use cloud services to back up your critical data. Even if the werewolf attacks, you’ll have a safe copy ready to go. ☁️✨
    4. Beware of the Bite: Train your team to spot suspicious activity and report it immediately. Often, the first sign of ransomware is a slow network, unexplained pop-ups, or encrypted files. 🕵️‍♂️🔍

    Ransomware is no myth, but you don’t have to be afraid. At Invincia Technologies, we provide silver-bullet solutions to protect your business from IT werewolves and other digital beasts. From antivirus protection to backup solutions, we ensure that your systems are always safe and sound—even when the full moon rises. 🌕💪

    Avoiding these Halloween IT nightmares is as simple as partnering with the right experts. Want to learn more? Contact us, and we’ll make sure your business sleeps soundly through the night. 🏢🛡️

    Until next time… keep the lights on. 💡

  • The Phantom Data Breach – A Tale of Unseen Threats

    On a dark and stormy night, as your business hums along quietly, an unseen force sneaks into your network, siphoning off valuable data. It’s the phantom of the data breach, a sinister specter that lurks in the shadows, waiting to strike when you least expect it. Unfortunately, this isn’t just a Halloween story—it’s a very real IT nightmare that can happen to businesses of all sizes. Let’s shine a flashlight on these creepy crawlers and uncover how to banish them before they haunt your system. 🔦🕷️

    The Nightmare
    Data breaches are like ghouls; you never know when they’ll appear. They’re sneaky, silent, and can wreak havoc on your business if you’re not prepared. Whether it’s stolen customer information, leaked trade secrets, or compromised financial data, a breach can result in financial loss, damaged reputation, and even legal penalties. Imagine waking up to find your data sold on the dark web—chilling, right? 🕸️

    How to Avoid the Curse

    1. Eerie Encryption: Keep data safe with strong encryption. If a hacker tries to grab your data, it’ll be as useless as an ancient scroll without a cipher key. 🗝️
    2. Beware the Phishing Zombies: Educate your staff to avoid suspicious links and attachments, no matter how tempting they may seem. Those emails promising free candy are just a trap! 🍬🧟‍♂️
    3. Ghostly Backups: Regularly back up your data and store it in a secure location. Even if your system is haunted by a breach, you’ll have the means to resurrect your data and carry on. 👻🔄
    4. Summon the Firewall: Ensure your firewall is up to date and strong enough to keep the monsters at bay. It’s your first line of defense against the undead of the cyber world. 🔥🧱

    Don’t let your business fall victim to the phantom data breach! At Invincia Technologies, we ward off digital ghouls and keep your data secure. Our cybersecurity experts are the ultimate ghost hunters, banishing breaches and keeping your IT environment safe from things that go bump in the night. 💻🔒

    Stay tuned for our next Halloween IT nightmare… if you dare. 😈🎃

  • Google & Yahoo’s New DMARC Policy Shows Why Businesses Need Email Authentication… Now

    Email authentication has been garnering more attention lately, and there’s a good reason for it. The rise of phishing as a significant security threat continues unabated. Phishing remains the primary culprit behind data breaches and security incidents, a trend that has persisted for years.

    A significant transformation is underway in the email landscape, driven by the need to combat phishing scams. Email authentication is swiftly becoming a prerequisite for email service providers. Given its critical importance to your online presence and communication, it’s imperative to heed this shift.

    Among the world’s largest email providers, Google and Yahoo have rolled out a new DMARC policy effective since February 2024. This policy essentially mandates email authentication, targeting businesses utilizing Gmail and Yahoo Mail to send emails.

    But what exactly is DMARC, and why has it suddenly become so pivotal? Don’t fret; we’ve got you covered. Let’s delve into the realm of email authentication to grasp why it’s now more vital than ever for your business.

    **The Issue of Email Spoofing**

    Imagine receiving an email purportedly from your bank, urging immediate action. You click a link, provide your details, and suddenly, your information is compromised. This scenario is what we commonly term email spoofing, where scammers disguise their email addresses to appear as legitimate individuals or organizations. They often spoof a business’s email address to deceive customers and vendors.

    These deceptive practices can wreak havoc on companies, resulting in financial losses, reputational damage, data breaches, and the loss of future business. Regrettably, email spoofing is on the rise, underscoring the critical need for email authentication as a defense mechanism.

    **Understanding Email Authentication**

    Email authentication verifies the legitimacy of an email, including validating the server sending it and reporting unauthorized uses of a company domain. It operates through three key protocols:

    – SPF (Sender Policy Framework): Records IP addresses authorized to send emails for a domain.
    – DKIM (DomainKeys Identified Mail): Allows domain owners to digitally “sign” emails, confirming their legitimacy.
    – DMARC (Domain-based Message Authentication, Reporting, and Conformance): Instructs receiving email servers on how to handle SPF and DKIM checks’ results and alerts domain owners about domain spoofing attempts.

    While SPF and DKIM serve as protective measures, DMARC furnishes crucial information for security enforcement, thwarting scammers from exploiting your domain name in spoofing attempts.

    Here’s how it functions:

    1. You establish a DMARC record in your domain server settings, informing email receivers (e.g., Google and Yahoo) about authorized IP addresses for sending emails on your behalf.
    2. Upon receiving your email, the recipient’s mail server verifies if it’s from an authorized sender.
    3. Based on your DMARC policy, the recipient can take action, such as delivery, rejection, or quarantine.
    4. You receive DMARC authentication reports, informing you about the delivery status of your business email and any domain spoofing attempts.

    **Significance of Google & Yahoo’s New DMARC Policy**

    Google and Yahoo previously provided some level of spam filtering but didn’t strictly enforce DMARC policies. However, their new DMARC policy, effective February 2024, elevates email security standards:

    – Businesses sending over 5,000 emails daily must implement DMARC.
    – Both companies have policies for those sending fewer emails, focusing on SPF and DKIM authentication.

    Expect email authentication requirements to persist, necessitating attention to ensure smooth business email delivery.

    **Benefits of Implementing DMARC**

    Implementing DMARC offers several benefits for your business:

    – Protects brand reputation by preventing email spoofing scams.
    – Improves email deliverability, ensuring legitimate emails reach recipients’ inboxes.
    – Provides valuable insights through detailed DMARC reports, enhancing email security posture.

    **Taking Action: Implementing DMARC**

    Given escalating email security concerns stemming from email spoofing, implementing DMARC is paramount. Here’s how to initiate the process:

    – Familiarize yourself with DMARC options.
    – Consult your IT team or IT security provider.
    – Regularly track and adjust DMARC settings.

    **Need Assistance with Email Authentication & DMARC Monitoring?**

    DMARC constitutes a vital piece of the email security puzzle. If you require assistance with implementing these protocols, reach out to us today to schedule a discussion.

    Article used with permission from The Technology Press.

  • Coming to terms with COVID security reality

    survey of more than 1,100 American workers conducted by PwC suggests the divide between cybersecurity teams and the end-users they are trying to protect has only widened in the wake of the COVID-19 pandemic.

    While most cybersecurity and IT leaders have increased access to cybersecurity training since the bulk of employees suddenly began working from home in March, only 30 percent of employees said their employer trained them on to secure data, and only 23 percent said their company provided a compelling case for why employees need to have good data security habits.

    Well over a third of respondents (39%) said they find it burdensome and restrictive to comply with all the security guidelines of their organization. Less than a third, however, also said they are required to authenticate their identity to access corporate networks/data (31%).

    Less than a third (29%) also said their employer provided devices so they could work outside the office without having to employ their personal devices. In addition, more than half (51%) of the Millennials and 45 percent of so-called Gen Zers admitted they use applications on their work devices that their employer has expressly prohibited.

    Perhaps most troubling of all, though, only just over a quarter (26%) of respondents strongly agree that they can escalate a security incident they may have caused without fear of reprisal.

    Increased cybersecurity challenges

    Cybercriminals have apparently taken note of reckless employee behavior. A global survey of 1,000 CXOs conducted by Tanium, a provider of endpoint management and security tools, find 90 percent have seen an increase in cyberattacks due to the pandemic. The most common of these were attacks involved data exposure (38%), business email or transaction fraud (37%), and phishing (35%).

    A full 98 percent of respondents said they experienced security challenges within the first two months of the pandemic. The top three challenges identified are new personal computing devices (27%); overwhelmed IT capacity due to virtual private network (VPN) requirements (22%); and increased security risks involving video conferencing (20%).

    A full 88 percent of respondents also had trouble patching systems, with 43 percent specifically citing difficulties patching personal devices belonging to workers. Just over a quarter (26%) admit they effectively side-lined patching systems at a time when Microsoft alone released more than 100 fixes on successive Patch Tuesdays.

    Preparing for an extended battle

    While most IT teams are to be applauded for enabling a mass transition to working from home in a matter of a few days, it’s clear that from end-user training to zero-trust architecture there are lots of cybersecurity issues that need to be addressed. Many organizations assumed the COVID-19 pandemic would be roughly equivalent to an extended blizzard that would shut down the office for a few weeks. Increasingly, it’s looking like combating the COVID-19 pandemic will be an extended battle that requires fundamentally new approaches to how IT is delivered and secured.

    Naturally, each organization always will need to decide just what the right level of business risk should be given the sensitivity of the data that needs to be protected. However, organizations are being presented with a unique opportunity to approach cybersecurity with a blank piece of paper that should not be wasted.

    _______________

    Re posted with permission from: https://blog.barracuda.com/2020/08/03/coming-to-terms-with-covid-security-reality/

    Written by:

     

  • Adjusting to the New Normal

    Adjusting to the New Normal is the Only Way to Success

    As remote working becomes a norm, creating a digital workspace that empowers employees to work with agility and resiliency has become extremely critical. From enabling access to centralized resources from a greater range of devices to allowing seamless, real-time communication across departments, streamlining the file sharing and document management process, to paving the way for collaborative teamwork – organizations need to support their mobile workforce holistically.

    COVID-19 has completely changed how businesses operate and its impact will be visible for a long time. What’s important is for organizations to adjust to this new way of working and drive efforts in ensuring productivity of the mobile workforce.

    Digital Security While Working Remotely

    Companies of all sizes are under attack. Meanwhile, remote work has become a necessity for modern organizations.

    Remote work presents a unique challenge for information security because remote work environments don’t usually have the same safeguards as in the office. When an employee is at the office, they are working behind layers of preventive security controls. While not perfect, it is harder to make a security mistake while at the office. However, when computers leave the perimeter and people work remote, new risks arise for the company and additional security policies are essential.

    These are the top remote work security issues businesses should be wary of.

    • Managing Devices and Employees
    • Insecure Passwords
    • Phishing Emails
    • Using Unsecured Personal Devices & Networks
    • Video Attacks
    • Weak Backup & Recovery Systems

    Users can  become complacent about  cybersecurity practices. They often assume your company’s IT department takes responsibility for protecting them even outside of the office.

    Enhance Your Organization’s Cybersecurity with Invincia’s Managed IT Security Services

    Cybersecurity for remote workers requires constant vigilance. If you’re nervous about your current remote security policies, give us a call. We’ll assess and implement the precautions necessary to ensure your remote employees can work safely and productively.

    At Invincia, we’re committed to excellent customer service and continuously strive to exceed your expectations. Our certified engineers are dedicated to solving your business challenges – 24 hours a day, seven days a week.

    Contact us today to chat about how our managed IT support services can help build your future securely.

  • How MSPs are supporting clients during the COVID-19 pandemic

    The COVID-19 pandemic and the sweeping shutdowns to contain the spread of the virus brought about significant impacts on businesses. Many small companies realized they lacked the resources to rapidly adopt a remote work setup and tapped their IT partners to help address their technology demands. Here’s how managed IT services providers (MSPs) are rising to the challenge.

    Providing infrastructure and service desk capabilities

    In today’s digital work landscape, MSPs are keeping their noses to the grindstone to fulfill customer demands and help keep businesses running. While many small companies have taken the first step of transitioning to remote work, they still need help managing the logistics.

    Right now, MSPs are providing customers with IT infrastructures and taking on a host of network tasks, including configuring hardware, establishing remote connections, and managing backup and storage options, among other activities. These all help to ensure that company networks are reliable enough to facilitate a remote workforce.

    MSPs are also offering service desk capabilities, providing companies with a centralized resource for employees, customers, and business partners to answer questions, troubleshoot problems, and facilitate solutions. Appropriate and timely support is crucial, especially in times of great uncertainty.

    Simplifying cloud adoption

    Cloud solutions are ideal if IT environments must be quickly modified to meet changing demands or difficulties, which is why MSPs are now helping businesses leverage a variety of cloud technologies and even move their data and applications online.

    And because cloud migration can get complex, many MSPs are also offering managed migration plans that help companies transition key workflows and processes to the cloud safely and efficiently.

    Offering remote support where possible

    The current travel restrictions and social distancing measures make work-related travel difficult and risky. And with highly distributed workforces, many companies would rather source local service technicians for break/fix assistance, cabling, and other IT solutions.

    Partnering with MSPs ensures that systems and networks are protected all the time and critical support is provided within 24 hours. What’s even better is that some providers have technicians in different locations, making it easy to provide tools, resources, and support even in hard-to-reach areas.

    Delivering flexible solutions

    As business needs continue to shift, MSPs must move in lockstep and provide support wherever they can. Here are some other ways MSPs are helping their clients navigate these trying times:

    Assisting with IT projects
    Because of how broad and challenging IT projects can be, it’s not uncommon for companies to lack the right skills and resources to handle them. MSPs are helping them by providing the expertise and technologies needed to pursue these projects, allowing companies to keep moving forward.

    Foregoing long-term contracts
    Some companies need IT support and services but can’t afford to commit to long-term contracts. Similarly, some want to augment their IT only for the duration of the COVID-19 pandemic. What’s great is many MSPs are providing flexible IT solutions, giving customers all the services and support they need, when they need them.

    Offering faster response times
    Especially now that downtime could likely spell the end of a business, companies seek quick turnaround times. Since MSPs typically offer 24/7 support and tout specialists with a wide range of experience and knowledge, they can proactively address issues and ensure that IT infrastructures are working as efficiently as possible.

    Providing better customer service

    As many businesses are still adjusting to the new normal, providing positive customer experiences will go a long way to earning trust and ensuring customer loyalty post-crisis. By being compassionate and empathetic to the situations of their customers, MSPs are showing companies that they’re navigating these trying times together.

    Call our IT experts today to help configure the perfect remote work setup for your business (727) 674-1455

     

    Published with permission from our partner, INFIMA Cyber Security. Blog Link

  • Lady Gaga & Springsteen’s Law Firm Hacked

    Attackers compromised a law firm, stealing a huge trove of data on A-List celebs.

    The media & entertainment law firm of Grubman Shire Meiselas & Sacks suffered a vicious cyber attack.  The 756GB in stolen files appears to contain data on dozens of high profile celebs, also including Mariah Carey, Cam Newton and John Oliver.

    The ransomware attack was perpetrated by a group called “REvil,” also known as “Sodinokibi.”

    The REvil group has its own A-List of previous attacks, including Travelex and Brooks International. A hallmark of their attacks includes stealing data before ransoming the organization.

    “Cybercriminals use the threat of releasing the stolen data as leverage to extort payment.”

    In this case, the compromised data could be very valuable to the law firm and, in turn, the attackers.

    “The trove of data allegedly stolen includes contracts, nondisclosure agreements, phone numbers and email addresses, and “personal correspondence.

    To prove their case, the hackers posted snippets of the stolen data on a dark web forum. This is very similar to this attack on a Texas law firm earlier this year.

    The attacks on law firms will continue. They hold tons of sensitive data, and cyber criminals know it. As always, they will go after the softest targets.

    Are you ready to take action?
    Start with booking quick call to learn how Invincia’s Managed IT Security can help your company.

    To learn more, set up a call with our (non-pushy) team here!

    Original article here.
    [https://variety.com/2020/digital/news/entertainment-law-firm-hacked-data-breach-lady-gaga-madonna-bruce-springsteen-1234602737/]

  • Cyber readiness starts with awareness

    News emerged in a new report last week that just 10% of European and US firms are “cyber ready”, despite surging attacks.

    The study from insurer Hiscox — which spanned the UK, US, Germany, Belgium France, Spain, and the Netherlands — should be something of a wake-up call for IT and cybersecurity leaders. SMEs, in particular, are said to be in the firing line.

    Although technical controls certainly play their part in helping to mitigate risk and improve preparedness, the report revealed that cultural changes and a more proactive approach to training are equally important. Perhaps it’s time for the security industry, in general, to take a more holistic approach to threat prevention that’s not so solution-centric.

    Attacks soar in 2018

    The percentage of firms classed as “experts” in cyber-readiness actually dropped from 11% last year. Yet the threats facing them have never been more pronounced: 61% reported an attack over the past year, up from less than half (45%) the year before. The figure rose even higher in France (67%) and Belgium (71%). The frequency of attacks has also increased, as has their cost: up 61% from $229,000 last year to $369,000 in this year’s report, with medium and large firms bearing most of the financial impact.

    According to an FBI report also out last week, total losses from global complaints to the Bureau’s Internet Crime Complaint Center in 2018reached $2.7bn, with nearly half ($1.3bn) coming from Business Email Compromise attacks. Ransomware losses also surged, from $2.3m to $3.6m, although many more attacks go unreported.

    Read the full article here