Who’s in Your Electronic Wallet?

Complacency is likely to be the greatest threat to your online security. The FBI recently reported that the padlock icon and HTTPS:// in a website cannot be trusted all the time in letting you know a site is safe. With the cost of SSL-TSL certificates falling, it’s cheap for crooks to set up malware sites and lure you in. We’ve discussed on-line shopping security and keeping other transactions secure, but the FBI’s warning compels us to revisit a few ideas.

First, what is an SSL-TSL certificate? The certificate is an acknowledgement that the owner of a website has installed SSL or TSL technology provide secure communications over a computer network. The certificates are granted by third-party providers, such as VeriSign, which is now owned by Symantec. The certificate shows us HTTPS (Hyper Text Transfer Protocol Secure) in a secure website’s URL. You can view the certificate by clicking on the lock symbol on the browser bar.

What do SSL and TSL stand for? In short, SSL stands for Secure Sockets Layer, the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. It’s designed to prevent criminals from reading and modifying any information transferred, including potential personal details. TLS (Transport Layer Security) is just an updated, more secure, version of SSL. Symantec still refers to security certificates as SSL because it is a more commonly used term. SSL certificates can also cover other internet- based communications, and they come in various levels. If you are curious, you can click here to read more from Symantec than you might want to know.

What you should know, the FBI reports, is that cybercriminals are more frequently incorporating website certificates when they send emails that imitate trustworthy companies or email contacts. They’re typically phishing schemes used to acquire sensitive logins or other information by luring potential victims to a malicious website that looks secure.

We’ve published many articles that call for the internet industry to provide more safeguards, but as we’ve always noted, cybercriminals are working just as a hard to defeat current and developing security tools. One industry executive hit the nail on the head by noting that cybercriminals can’t work around an aware user, who has been trained to look for misspellings in the URL of a web page and knows not to trust a padlock icon. Addressing her firm’s corporate business targets, the executive called on organizations to invest in solid, continuing training programs.

We echo the FBI, which says the following (familiar) steps can help reduce the likelihood of falling victim to HTTPS phishing:

  • Do not simply trust the name on an email: question the intent of the email content.
  • If you receive a suspicious email with a link from a known contact, confirm the email is legitimate by calling or emailing the contact; do not reply directly to a suspicious email.
  • Check for misspellings or wrong domains within a link (e.g., if an address that should end in “.gov” ends in “.com” instead).
  • Do not trust a website just because it has a lock icon or “https” in the browser address bar.

The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to HTTPS/SSL/TSL issues in a phishing expedition, write “HTTPS phishing” in the body of the complaint.

You can protect yourself by being prudent and deliberate when opening emails and clicking on links, and you can support your efforts by installing, updating and using anti-virus and anti-malware protection programs. We work with several trusted providers, including Symantec, and we can help you select and set up the programs that best meet your needs. Call us – 973-433-6676 – or email us if you think your security may have been compromised or if have any questions about online security verification.

Hack Attack Continues vs. Businesses and People

While government-sponsored hacking and disinformation makes big news, don’t take your eye your eye off the ball when it comes to protecting your personal and corporate data. A report from a consulting firm, Positive Technologies, painted a dark, dark picture, saying the second quarter of 2018 showed a 47 percent increase over 2017. You need to remain vigilant, even when events are beyond your control. Nobody is immune.

As reported in Tech Republic, Positive Technologies said the most common methods of cyberattack are:

  • Malware (49%), with spyware or remote administration malware being the most widely used forms of infection.
  • Social engineering (25%) is the term for manipulating users into believing a message, link, or attachment is from a trusted source, and then infecting targeted systems with malware, stealing money, or accessing confidential information.
  • Hacking (21%) exploits vulnerabilities in software and hardware, causing the most damage to governments, banks, and cryptocurrency platforms.
  • Credential compromise (19%) targets password managers used for storing and keeping track of passwords.
  • Web attacks (18%) are online racketeering attempts to extort website operators for profit, sometimes by threatening to steal client databases or shut down the website.
  • DDoS (5%) tends to be the weapon of choice for business rivals, disgruntled clients, and hacktivists. Political events can drive attacks on government institutions. Criminals can use DDoS attacks to take websites offline and demand payment from the victims.

Attacks can be made in tandem, such as the common duo of using phishing emails to trick users into downloading malware.

Financial and healthcare institutions, retailers, and government databases remain prime targets, but higher education institutions and even school districts are being attacked. Wired reports that this past March, the Department of Justice indicted nine Iranian hackers in alleged attacks on 144 US universities and 176 in 21 other countries. They were also cited for attacking 47 private companies.

Hackers are homing in on the money. Positive Technologies said targeted attacks are outnumbering mass campaigns, with attacks directed at companies and their clients, as well as cryptocurrency exchanges. Data theft is driving an increasing number of attacks, with many criminals seeking personal data (30%), credentials (22%), and payment card information (15%). To steal this data, hackers are compromising online platforms, including e-commerce websites, online ticketing systems, and hotel booking sites.

The scary part for us is the report you can never be sure that criminals don’t have your credit card number from one source or another. Even a brand-new smartphone in a store can have pre-installed malware.

People and businesses can take steps to keep their data safe by installing updates for operating systems and application software and installing antivirus protection on all systems and endpoints and keeping it up to date.

Businesses can encrypt all sensitive information, perform regular backups, minimize the privileges of users and services as much as possible, and use two-factor authentication. Enforcing a password policy with strict length and complexity requirements, and requiring password changes every 90 days, can also help protect systems.

We offer security audits for businesses, and we can answer any questions individuals have about protecting themselves from cyberattacks. Call us – 973-433-6676 – or email us to set up an appointment.

Advice from the FBI

If you’re a longtime client or reader of Technology Update, you can say the FBI has either listened to us or validated us with its recent call to restart your routers. Our national law enforcement agency says that routers can be vulnerable to hackers, and one of your best defenses is to restart them. There’s more you can do, but restarting a router is easy to do.

First, let’s look at the restart process, which clears out a lot of junk piles – junk piles that make great hiding places for the bad guys who want to use your network as the entrance to your entire computing world. Rebooting can also help your network’s performance, just like a reboot or restart helps your computer. All you need to do is:

  1. Unplug your router and modem – or combined gateway, which includes your router/modem and VOIP telephone – from the power source. If there is an adapter that plugs into your unit, you can usually do it right there. Do the same for any network switches you might have. If you have batteries for backup power in any equipment, make sure you pull them out.
  2. Wait at least 30 seconds. This is important to help junk clear out, and it signifies your system is offline. Waiting a minute wouldn’t hurt.
  3. Reconnect your system, starting with your modem if it’s a separate unit. If you have a gateway, connect that. If it doesn’t power on automatically, press the power button. Wait at least a minute to give your ISP time to authenticate your connection and assign a public IP address.
  4. Reconnect your router and wait two minutes. This gives your router time to boot back up and gives everything on your network time to get new private IP addresses assigned by the DHCP service in your router. If you removed the power from any switches or other network hardware, now is the time to power those back on. Just give them a minute or so, too. If you have several devices, be sure to power them on from the outside-in, based on your network map.

If you don’t understand anything in the fourth step, it’s a good idea to call us for help. We can follow the map and help you test everything on your network to make sure it’s all working properly. You can also reset your modem if you are concerned about security and/or performance, and that’s something we can help you with, too. Call us – 973-433-6676 – or email us with questions or to set up an appointment.

Who Really Sent That Email?

We’re seeing a pattern in security problems caused by “fake emails.” Although the pattern is not restricted to business emails, they seem to show up more frequently in offices. Here’s what’s happening.

Just like good marketers, email spoofers and hackers have noticed that Wednesdays and Thursdays are “light days” for email traffic. If someone who’s not overwhelmed by email gets no messages (OK, this might be theoretical), it doesn’t raise eyebrows because they’re not accustomed to a huge number of messages. When traffic gets back to its normal level on Friday, nobody bats an eye or says anything. That leaves the hackers free to move about.

What we’ve found when that happens is that a hacker has created a rule to move email messages to a place where they can do their dirty work. One of their tricks is to change a log-in to a fake website that looks like one you frequently visit. When your password is not accepted, you have them send you a link to change your password. When you sign into the fake site with the real password, they can use it to update your info on the real site and keep all of the function for themselves.

That “password” scenario is the one that seems to be most common way for hackers to gain their access, and as in most cases, the cybercriminals count on the fact that you’ll be too busy to notice anything unusual – and that you won’t say anything until well after the fact.

While offices – even SOHO businesses – seem more susceptible to this type of attack, anyone can be a victim. Here are a couple of telltale signs that you might be under attack.

The first is that you get an email that directs you to a website that you can’t log into because your password is invalid. If you use a “master password” application, that should tip you off right away. If you enter passwords for your sites and have them written down in a safe place, consult your records. If you can’t enter a password that you firmly believe is correct, that should be a tipoff, too.

The second telltale sign is that people got messages that looked like they were coming from their office’s email system. To see if something like that is a fake message, you have to find the IP address for the computer. If it didn’t come from your computer system, that could be the tipoff, but not always. In one case we had to solve, a New Jersey company was victimized by a New York IP address, but that didn’t raise any concerns at first because the company does a lot of business with New York IP addresses.

We can use a number of tools to help pin down the IP address from where the email originated, and the earlier we can get on the case, the better the chances of resolving your issue. If you want us to look at a message, you need to follow this procedure:

  1. Drag the message from your email inbox to your desktop. You’ll see it as an envelope.
  2. Email us that envelope as an attachment.

If you are convinced you have a threatening email, call us right away – 973-433-6676 – so that we can ask you a few “yes or no” questions and help you take appropriate steps before the consequences get really costly. If your questions aren’t urgent, email us for answers or to set up an appointment to talk. Email security problems will only get worse as time goes on.

The Not-So-Hidden Costs of Free Apps

Facebook is free. You can get a free Starbucks app that gives you savings. You can use any number of free navigation apps, such as Waze or Google Maps. They may be free of fees, but they have costs, but they have costs, and that may be at the practical heart of privacy.

Our purpose here is not to get into the specifics of how you can delete apps like Facebook from your computers and devices. You can find a lot of those steps within the apps themselves. Nor is our purpose here about whether you should delete those apps. Facebook continues to come under fire – and to fire back – as the news changes every day.

In our opinion, the issue of Facebook and Cambridge Analytica, which brought a lot of this discussion to a head, happened in 2015. Facebook shared data with Cambridge Analytica under an agreement, but when the agreement was terminated, the data wasn’t deleted. In some ways, we are now looking at several issues, so let’s separate them. I did download all of my personal information that Facebook has about me, and some of it was scary. The scariest part was that they have all of my contact information, and I could see the names of all the people who may have requested to “friend” me but did not accept.

In a way, all of the info didn’t surprise me, and we should all note that Google probably has more information about all of us than Facebook. Like it or not, our likes and dislikes, which are all reflected in what we say on Facebook and in Google product reviews, to name a few, plus all the searches we do and websites we visit all become valuable information for advertisers who want to focus on those who are most likely to buy a product. John Wannamaker, the Philadelphia-based department store owner, said some 150 years ago that he knew only half his advertising dollars were working; he just didn’t know which half. Today’s analytics help businesses and political campaigns make their dollars work more efficiently.

That’s where “free” comes in. We like free apps, free things and being free to express opinions. But it has a cost: whatever level of privacy you are willing to give up. Yes, those “terms and conditions” and “privacy statements” are long and difficult to read, but we all know the drill. In return for being able to use their apps and be eligible for certain perks, we give them the ability to track our locations and share information with their business partners. If anything, the Facebook fiasco has raised our awareness of what goes on behind the scenes, and we may be less willing to give everyone unlimited access to our preferences and whereabouts when given the opportunity.

Another related issue is the Internet of Things, or IoT. All the “smart” home systems, including the smart speakers from Amazon, Google and Apple, collect data based on the info you request, the songs you play and even the merchandise you buy using their systems. Two things we don’t know are: 1.) Do they collect information even when you haven’t activated them? 2.) Who has access to the information they collect?

Moving forward, I am not going to drop out of Facebook. But we can all download the info Facebook has collected on us and look at the apps and advertisers we are tied into through Facebook. We can delete those we don’t want.

Looking at all the data collected about us and figuring out what to delete or hide can be a daunting task, but we can help. Call us – 973-433-6676 – or email us to make an appointment to review whatever information you can collect from the apps you use. We’ll do the best we can to find that happy medium between convenience and security. But even if you decide to drop off the internet and just pay cash for bills and goods and services, your privacy still cannot be ensured.

Don’t Go to the Dark (Web) Side

The story of the hacking frenzy would be incomplete without mentioning the dark web. Some adventurous souls might think they can just drop in for a quick visit to see what’s it like and leave, but two thoughts come to mind: Trying to leave the Hotel California and a lamb sauntering into a lions’ den. Resist the temptation to take a peek.

Trying to poke around the dark web just for grins is the equivalent of going to a bad neighborhood at 2 a.m. just for sake of seeing what it’s like. It’s the place where stolen information, such as driver’s license numbers, credit card numbers, health records and the like are bought and sold. It’s no place for thrill seekers.

Yes, there are websites that will provide you with information on how to get to the dark web, and privacy is critical. Those who trade illicit information guard their privacy very tightly, and they use special VPNs (virtual private networks) to make sure they minimize detection by other criminals or law enforcement officials. And, you also want to minimize your exposure to other criminals who won’t think twice about stealing info and money from you.

Cybercriminals using the dark web never use any common ISPs (internet service providers) or browsers. That’s like walking into the bad neighborhood wearing a bright-colored reflective jacket. Rather, the dark web relies on special browsers designed to be undetectable. Users are advised to disconnect and/or disable recording devices such as microphones and cameras.

Dark web transactions are generally done using Bitcoin or some other form of cryptocurrency that makes it difficult, if not impossible, to trace the hands through which money passes. Users of the dark web generally use multiple aliases and anonymous email addresses to hide their identities and locations.

Criminals on the dark web know that other criminals and law enforcement agencies are marshaling all the tools they can to crack the dark webs, and the sophistication on both sides is constantly evolving. If you suspect some members of your family or employees might be thinking about taking a little peek at the dark web, let them know it can be an extremely dangerous undertaking. Once anyone wanders in, they’re prey for hardened criminals, and it’s unlikely they can wander back out.

If you’re concerned about whether someone in your home or office may have compromised your system’s security in some way, call us – 973-433-6676 – or email us for a security audit. If there’s something going on, we can take steps to mitigate the effects.

Spoofs and Email Management

Spoofing email addresses is so common that you might as well accept the fact that you have to scrutinize every message you get. With our switch to a new Office 365 management portal, many clients have been getting emails allegedly from Microsoft, and some are more obvious spoofs than others. It might be time to look at your email management processes.

Hackers use spoofing as a way to get into your computer or network. They are relying on your carelessness to click a link that allows them to introduce some sort of malware that will give them access to your critical personal or corporate data and your address book or contact list. Once they get in there, they can replicate the same message that snared you and hope they get lucky with a few more careless people.

To clean out the malware, we need to isolate the message to see what the hacker is spreading through your system. We’ve received a number of calls from clients in the past few weeks about problems with spoofing, and our issue has been the size of clients’ email folders. Simply put, when there are 100,000 messages stored in the inbox, finding the spoofed message that caused the problem can be extremely time-consuming.

In all likelihood, you’ve run into a similar problem when trying to find a specific message. Outlook gives you some search parameters for finding any message you may have saved, but because of the way most people search, you get a lot more possibilities, and that still slows down your search. And, of course, the more messages you have stored in one place, the longer it takes your program and you to find the message you want.

Setting up an email management system can make your searches more efficient, and it can also help you or any IT support team isolate a message that might be causing a problem with your system. Again, Outlook has a few tools, but you might want to start by creating a system of subfolders within your inbox. For example, I file all emails by client, and within each client, I file them by the year. That makes it easy to get to a place to find a message I want to retrieve. It’s similar to the way most of you would set up folders for documents, photos and videos, and business records.

Of course, that system is only as good as the effort you put into moving messages to folders. If you suffer from a severe case of email overload, you may want to consider an archiving program that works on the back end of your email program. It can be especially helpful for a business, particularly where employees deal with multiple people from the same organization. For as little as $3 per month, it can set up and execute a system that even isolates people within a company, making it easier for you or anyone in your organization to get to a specific message to resolve any kind of problem – customer service or malware.

While home users may not be concerned with customer service issues, there are times when you need to find a message to resolve a problem, and good organization can make a busy life a little less hectic. We can help you set up set up Outlook folders or find and set up an archiving system that works best for your needs. Give us a call – 973-433-6676 – or email us to discuss your email management issues and explore the most appropriate solutions.

Cybersecurity Scorecard

Cybersecurity has dominated our conversation for the past year, and a report from SonicWall, which provides security tools worldwide for networks to email and everything in between, shows where we’re making progress and where new threats lie.

First, the good news. In data gathered in the past year from the SonicWall Global Response Intelligent Defense (GRID) Network, the good guys and the bad guys made advances. The most notable of the advances the company found were:

  • The number of new POS (point of sale – mostly credit and debit cards) malware variants decreased by 88 percent since 2015
  • SSL and TLS encrypted traffic increased 34 percent year-over-year
  • Major exploit kits Angler, Nuclear and Neutrino disappeared
  • Unique malware attack attempts dropped to 7.87 billion from 8.19 billion in 2015

On the other hand:

  • Ransomware attacks grew 167x from 2014 to 2016 to an astounding 638 million attacks during the year
  • SSL/TLS encrypted malware was exploited 72 percent more often in 2016 than in 2015
  • Internet of Things (IoT) devices were compromised to launch record-setting DDoS attacks
  • Despite significant efforts by Google to patch vulnerabilities, Android continued to be exploited by cyber criminals

SonicWall notes that the technology to solve many of the new challenges cyber criminals threw at victims in 2016 already exists.  SSL/TLS traffic can be inspected for encrypted malware by NGFWs (next-generation firewalls), which are hardware- or software-based network security systems that detect and block sophisticated attacks by enforcing security policies at various levels. For any type of new advanced threat like ransomware, it’s important to understand that all network-based solutions should block network traffic until a safe verdict is reached before passing that traffic through to the intended recipient.

In 2017, there are two areas that SonicWall joins us in telling you to be particularly on-guard: ransomware and the Internet of Things (IoT).

Companies in the United Kingdom were 3x more likely to suffer ransomware attacks than in the United States, but don’t breathe easy. The US experienced the highest number of ransomware attacks in 2016 because of large volume of business.  While we as individuals and small businesses depend on companies like SonicWall to provide the tools to detect and stop ransomware, we need to follow strict security procedures – all of which should be well-known to us by now:

  • Install updates for all of your software for operating systems and apps. They contain the security patches and bug fixes that shore up the breaches in your systems.
  • Be extremely careful about the emails you open and the links you click.
  • Back up your data continuously to a system that is either not always online or that uses authentication. This will help ensure that you don’t accidentally revert to an encrypted back up if you’re hit.

The IoT has been massively compromised because of poorly designed security systems by device manufacturers. To protect yourself, SonicWall reminds you to make sure your devices are behind next-generation firewalls that scan for IoT-specific malware and that you segregate IoT devices on a separate zone to make sure they don’t affect the rest of your network if they’re compromised. To that, we add that you immediately change user names and passwords – and that you make those passwords strong. Some 70 percent of IoT breaches worldwide are in the US.

More protection was made available for Android mobile phones and devices, but they still remain vulnerable to overlay attacks. SonicWall recommends that companies using Android devices keep the option to “install applications from unknown sources” unchecked and both options to “verify applications” checked. They also recommend you avoid rooting and that you install anti-virus and other mobile security apps – and that you enable “remote wipe” in case your device is stolen or compromised with ransomware.

If you’re interested in a deeper dive and more technical explanations, we invite you to read SonicWall’s whitepaper on cybersecurity.

We can help you with a cybersecurity audit for your office or home and for all mobile devices. Call us – 973-433-6676 – or email us for an appointment.

Don’t Wait When Hacked

A client got hacked at 5 p.m. and discovered it at 8 p.m. They waited until the next morning to call us. Our advice to them was to shut down their system. Our advice to you is don’t wait – but please use some common sense. We don’t appreciate calls at 5:30 in the morning because you can’t connect to the internet or get your email, but a hack is a whole other story.

If you think you’ve been hacked, shut down – as in “power off” – your computer or your system immediately. If nothing’s running or connected, nothing more can be taken from you, nor can anyone get deeper into your system. Once you call us, we can examine every part of your system and help you take steps to secure it before you and everyone in your business or home goes back online.

If we’ve learned anything from news reports, no system is immune from attack. But there are a number of steps you can take to make an intrusion more difficult – and for small businesses and homes, they may be enough to deter anyone from making a huge effort to invade your system.

In the case of the client who was hacked, he did not have administrative rights to his computer – and that was a big help in minimizing the damage. Administrative rights give those who have them the authority to make all sorts of changes to a computer or a group of networked computers. In addition to adding and removing programs and managing data files, administrative rights can be used to grant permission to other users to perform all of those actions.

In a small business, it makes sense to give several people administrative rights to keep business flowing smoothly. Even if you have automated systems to take care of certain functions, you may need to give people permission to do certain things. However, you need to pay attention to security to benefit from the convenience of this flexibility. We recommend:

  • Keep the number of people who need administrative rights to a bare minimum.
  • Make sure those people change passwords frequently and that they use strong passwords.
  • Limit permissions to certain functions to prevent a hacker from getting carte blanche to your entire system.
  • Set up separate users and log-in credentials for performing administrative functions and delete them after those functions are performed.

The same recommendations can apply to a home computer or home network, with the requirement that children and seniors should not have the ability to install or remove programs.

We also can repeat steps we’ve suggested before:

  • Do not use any simple usernames and passwords for any piece of equipment that is connected to the internet. Every device has a default name and password, and hackers know them all.
  • Use strong passwords and change them often. Strong passwords are usually complex passwords. Hackers have software to figure out certain patterns of numbers and letters, and they can pick up information about anyone from public records. Try not to relate your passwords to that information, but for any password, use a combination of upper and lower case letters, numbers and special characters.
  • Download and install updates from the publishers of your application software. In most cases, the updates contain bug fixes and patches to improve the security of your applications.
  • Keep your anti-virus and malware software up to date and active.

Again, if you get hacked, don’t wait to call us. Time is of the essence. Shut down everything and call 973-433-6676 for immediate help.

Of course, preventive measures offer the best protection. Call us or email us to arrange a security audit of your system. And don’t wait until you’re hacked to do it.

Smarten Up! The Spoof is On

I was at a client’s office when the email – to her as president of a service organization – arrived, asking for a wire transfer of money. Other members of the organization got the same message, and some actually sent money. A scammer had spoofed a name or email address that was recognizable. This is becoming a growing problem. Is technology making us stupid?

The answer is “no,” but it is making us careless because it gives us the ability to do too many things too easily with too little forethought. That, in turn, leads to doing stupid things – and that’s what spoofers and other Internet-based thieves are counting on now and will continue to do so.

Email seems to open the doors to your computer and your data more conveniently than anything else. The biggest breach opportunities come when you click on something or follow through on instructions because you didn’t take the time to look carefully at an email and when you send sensitive information in an unencrypted email.

Spoofing is the most effective way to get you to open an email and link yourself to trouble. It’s remarkably easy to recreate a company’s logo and attach a fake email address to it. When many people see what they think is a legitimate logo, they just click to open. If nothing jumps out as a red flag, they’ll continue to a bogus website, and BINGO, it’s too late.

People are particularly susceptible to spoofs at this time of the year. Online merchandise sales continue to grow at holiday time, and merchants or shipping companies often send tracking info so you’ll know when your packages should arrive. If you take a little time to look at the message, you’ll probably see that the domain attached to the shipper or merchant bears no resemblance at all to the company. You might also note that the message itself is generic – and it likely has misspelled words or syntax that just doesn’t fit how we converse in the United States.

If you want to verify the tracking on a package, you can go onto the merchant’s or shipper’s website and enter a tracking number you received when your order was confirmed. If you don’t have that number, there is often a way to get the information.

Similarly, as we move from the holiday season to the tax season, be especially careful of financial-related information. There’s a reason why your financial advisor doesn’t let you leave trade information on voicemail or email. They don’t want your financial data left out in the open, and you should feel the same way. When financial advisors and institutions – and even healthcare providers – have messages for you, they generally tell you to access them on their secure websites – and require you to sign in.

DO NOT click a link on an email you think was sent to you by anyone who wants financial, health or other sensitive personal data. If you know the website, open a new browser window and go to the website by typing in the website address. Even if the domain name in an email looks correct, something like “[email protected]” can really link to “you’vebeenscammed.com.”

And, of course, never, never send user names, passwords, credit card info, bank accounts, Social Security numbers (even the last four digits) or other personal information in an email. Unless you and the other party have activated a mutually agreed-upon encryption process, the data is wide open. Email messages can go through multiple communications systems, and it’s impossible to know when a data thief is waiting to pick off any number of random messages at any point. They can pick off thousands in the blink of an eye and then take their own sweet time pulling out key info and wreaking havoc.

It all goes back to convenience vs. security, with a dose of distraction thrown in for good measure. We’ve had clients accidentally open a door to their computers, and the invaders took their info and denied the owners access to their systems. Fixing it on the computer end generally requires a visit from us, and then there’s the nerve-wracking hassle of working with other companies to close your breaches. When you have to go through all of that, it’s more than just an inconvenience.

We’re not telling you anything you don’t know. We are telling you to take a deep breath and a closer look at your email and the links inside them. We’re also telling you not to send sensitive information in emails. If you think you may have had a breach in your security, we can help you patch up your computer system. We can also help you set up an email encryption system. Call us – 973-433-6676 – or email us with your questions or to have us help resolve an issue.