Phishing in Your Own Waters

If you own a small business or professional services firm, you depend on your employees to have enough tech savvy and common sense to avoid links in email messages or on websites that open your system to bad actors. No matter how much you trust them, you need to verify they’re doing the right thing. You can test your human security defenses by using your own phishing expedition to see how they’re doing.

We’ve become acquainted with independent cybersecurity firms by attending conferences over the years. We learn a lot from our peers and presenters – such as it takes an average of 244 days to detect a system breach and that using the cloud will be a necessity by 2028. We’ve also emphasized the need to have a thorough security audit, but as an IT firm, there’s only so much we can do. We also think that an IT firm is not the best organization to really get into the granular details of your security because we all have a vested interest in finding problems to fix.

An independent security expert can find the smallest breach openings in your system and tell you what needs to be done. One of the most fascinating tools they use is a phishing campaign aimed at everyone who works in your organization. They can plant fake links and QR codes and any other tool that a hacker can use to get someone to open a window into your system. They also have tools to mimic the follow-up methods that hackers use once somebody makes the initial click – or the first phone call to a bogus number.

The educational value of using your own phishing expedition is enormous. Not only will it help you patch up holes in your organization, but it also becomes a great teaching tool about why everyone needs to be vigilant. As we use more and more data to conduct business – and in our personal lives – it becomes more and more important to protect that data. You should remember that your organization is part of a data custody chain – a chain that can branch off in many directions. Intruders are highly sophisticated and well-funded – as well as very patient. They will do whatever it takes to get into your system and build tunnels to other systems. You put your reputation and integrity on the line every time you take in data and send it out.

AI will be able to generate untold amounts of data, but there is little it can do to eliminate misinformation automatically.

Eliminating misinformation requires real human intelligence and deliberate, active steps to prevent that first breach – the one that could take 244 days to find. At the risk of sounding like a broken record, in every location and on every device used to conduct your business:

  • Use a firewall and make sure it’s up to date.
  • Use anti-virus and malware software and make sure it’s up to date.
  • Install updates to operating systems and application software on every device you have. Those updates contain security patches and bug fixes to prevent intrusions.

We can help you arrange for a comprehensive security audit that includes a phishing expedition and a deep dive into your equipment and practices. Call us – 973-433-6676 – or email us to discuss your needs and develop a security action plan.

Delete, Delete, Delete

Too many people still hit the “unsubscribe” link instead of the “delete” key when dealing with spam emails and texts. Then they wonder why they get even more spam. It’s simple: You’ve identified yourself as a live person, and you’ll click on something sooner or later.

The problem came to the forefront when one of our clients got hacked. In conversation, they complained about getting too much junk email – no matter how often they hit that “unsubscribe” link. They were beside themselves, but that didn’t need to be the case. And with the Presidential and Congressional election campaigns expected to be full blast for the next 15 months, you can expect to be inundated with unwanted emails.

Here are our junkyard tips for handling junk email and texts.

First and foremost, remember that “unsubscribe” and “delete” are not the same thing. When you hit the unsubscribe link, you are sending a response to an entity you never agreed to have a relationship with. You’ve let them know they hit a live, active email address they and their partners can exploit. It’s like letting a stranger into your house, and they immediately invite their buddies in to raid your refrigerator and see what else is around.

If you hit the delete key, you’ll erase that email – or text – from your device simply and immediately. That’s it. No interaction. They may figure it’s a valid email address or mobile phone number, but they can’t tell for sure it’s active, and they may decide to take yours off their list.

Our rule on unsubscribing is: Only unsubscribe from a list you subscribed to. We all get on various mailing lists for stores or as part of getting a special discount. You should not have any problem disengaging.

The same rules apply to text messages. Delete them. You can report them as junk if you like, but it’s enough to delete them. Be wary of any email or text that starts with “Hi, how are you?” Most are an attempt to hack your system. Just delete them.

With email or text, don’t click on links from strangers. Be careful about the sender. Hackers are getting much better at spoofing corporate logos and adding one character somewhere to a URL to fool you. It’s always safer to open a browser independently on your device and go to a website from there.

In addition to the political fundraising getting into full swing, the holiday shopping season is about to begin. You’ll get even more junk and see even more attempts to hack your system with offers “you can’t refuse.” Don’t just refuse them; delete them. For some hackers, this is the ideal time to plant malware or ransomware by catching you with your guard down.

If you think that you have taken in malware or ransomware by mistake, shut off your device and call us at 973-433-6646. We’ll help you take the steps to remove any malicious software on your device and get you safely back online.

Verizon Forcing Email Decision; We Recommend You Exit

Verizon is dripping out the announcement that it will migrate its email business to AOL, which the communications giant acquired in 2015. It’s a rolling process that will take place over the next several months, and everyone will get specific instructions based on your account. Your clock will start ticking when you get an email notification from Verizon, and you’ll have the choice of: 1.) migrating to AOL and keeping your Verizon email address or 2.) exiting to an email provider such as Outlook or Gmail. When you get your email, you’ll have a short time to make your decision. If you don’t choose one option, you’ll lose access to your “verizon.net” account. Here’s why you should take the second option.

Keep in mind that you can make the switch from Verizon now and retain access to your Verizon contacts and messages for six months. If you don’t decide, Verizon will close out your email accounts. If you have copiers, scanners, servers and other equipment that rely on email addresses to function, those devices will stop working after you choose your options or your time runs out.

We think Verizon is leading a move by utility companies – phone and cable carriers – to get out of the email business because it’s too complicated and time-consuming to provide as a free service. Just to get this out of the way, Verizon’s first option, switching to AOL, is less complicated right now. You’ll be able to keep your existing addresses, with “verizon.net,” but you can keep your addresses and log in through AOL’s system from now on. That might be a temporary solution because you can keep all your contacts.

But we don’t like it for the long term. While you may think that you’re getting a lot of spam now through your Verizon filters, we think that will increase with AOL. Spam is more than a nuisance; it’s a way for hackers to get into your system. Although you can catch most hacking attempts with common sense, hackers know that if they throw enough spam at you, one of them will get past even the most vigilant user. We don’t think security is a major concern. AOL tightened up its security after it was hacked in 2014, before Verizon bought it.

However, we think the “utility company” extensions will disappear as those companies get out of the email business. That means you’ll need to make a switch at some point, and it makes sense to do it now, before you add more contacts. Switching now may make particularly good sense for copier and scanning companies and other similar service providers that use email addresses. We’ve had some Verizon email addresses for some services, and we’re moving away because those addresses will disappear at some point.

We recommend switching to an email provider that will be in the business for the long term, such as Outlook or Gmail. You should be able to keep that address for as long as you like. Besides not having to worry about losing the email address, you’ll gain much more flexibility in shopping for a new ISP. We know it’s a hassle to move all your contacts and messages and tell people your new address. It’s also a pain when people don’t update their own contact lists or when autofill puts in an old address. For all those reasons, you might as well start to move away from Verizon/AOL, as well as from any other utility.

The two email services that come to mind are Outlook and Gmail. In listing the option to move away, Verizon tells you to follow the instructions from your new provider. You could also get your own domain and have that hosted through Outlook or another email service provider. You can keep your domain for as long as you like, and because you’ll be hosting it and calling the shots, you can do away with the advertising that seems to be more prevalent and more annoying.

Regardless of which new provider you choose, you’ll need to establish your new email address and set up your mailbox – or mailboxes – before you close out your old one. Then, you can follow the steps to transfer addresses and messages and set up your rules for how you manage messages.

We can help you in two ways:

  1. Choose an email provider: Outlook and Gmail are two that come to mind, but there are many others, and each one has its own strengths and weaknesses, depending on what you need. We can review the ways you access email, such as a computer, phone or tablet, and whether you need integration and/or collaboration tools.
  2. Set up your new account and transfer all the data: This is extremely critical. Although your new service will have instructions and although you’ll be able to find help through online forums, it’s not always easy to get right settings for your new account and then transfer your contacts and messages. It’s also not easy to back up all of contacts and messages. If you don’t have an accessible back-up and you make a mistake in the transfer process, you could need to jump through hoops to get it all done – at the least – or lose everything – your worst-case scenario.

If you have a “verizon.net” email address, call us – 973-433-6676 – or email us as soon as you get a notice to discuss your options (keep your address, keep your address temporarily or switch immediately to a new email service). If you have an April 13 deadline approaching, and you need to have a plan in order now. If you didn’t get an email, you will, and you’ll need to be prepared to make important decisions quickly. It wouldn’t hurt to start planning now. You can spend hours and hours of frustration solving this issue, or you call us to handle your transition without stress.