WiFi Jammers

A recent TV news report on criminals in Morris County using Wi-Fi jammers to disable security cameras and communications grabbed our attention. It should grab yours, too.

The news report focused on a crime ring that’s using Wi-Fi jammers to break into homes. In some cases, they’ll install their own surveillance cameras in a property’s landscaping to know when residents leave their homes. In this case, the homeowner was in his basement when he heard a loud noise coming from the ground floor of his residence. He used his home surveillance cameras to see someone attempting to enter his home. He soon lost his camera and phone service, indicating to police that a Wi-Fi jamming device was in use. The resident was still unable to utilize his cellular phone to call for assistance due to the jamming device.

Let’s look at that last sentence first. The reason the resident couldn’t use his cellphone is because it was likely set to make calls on the Wi-Fi network if the network is available. Our guess is that he could have made the call if he had turned off Wi-Fi on his phone. Heed that point when you face an emergency.

That can be especially true when it comes to security devices. Hard-wired devices perform better and more reliably. Yes, it sounds old-fashioned, but it works. If you have a security system installed by an alarm company, it’s likely hard-wired and connected to a monitoring station via a cellular network – and it has a battery backup in case the power goes out.

Wi-Fi networks are low-hanging fruit for criminals, and we make that fruit more accessible through our own ignorance or laziness. You can’t make your Wi-Fi totally jam-proof, but you can make your network more secure.

The following steps are nothing new to long-time clients and readers of this newsletter, but let’s run through them anyway:

  • Whenever you install a new device – especially a security device – that’s tied to your Wi-Fi network, IMMEDIATELY change the default username (it’s usually “admin”) and the password (it’s usually 1234).
  • Make sure your firewall software is up to date and running to keep out unwanted intruders. It’s one thing to be jammed. It’s another thing to be invaded.
  • Make sure you keep all software for operating systems, hardware and apps up to date and running. Updates contain security patches and bug fixes as well as performance enhancements. A single weak link anywhere in your technology chain can expose your entire system.

In our opinion, a security camera system that’s hardwired to a central location in your home but is accessible through the internet – independently of Wi-Fi – is best. We can help you with the internet connection and show you how to access your security system from anywhere in the world.

We can also help you prevent intrusions by outsiders by providing a thorough security audit of your technology system and making recommendations to improve security. That can include the installation of new systems and user training.

We all have a lot at stake in our homes and businesses. With the rise in hacking and the use of technology to break down our defenses, it makes sense to take every step you can to harden those defenses. Call us – 973433-6676 – or email us to talk about your needs. And make sure you turn off Wi-Fi on your cell phone in an emergency.

Phishing in Your Own Waters

If you own a small business or professional services firm, you depend on your employees to have enough tech savvy and common sense to avoid links in email messages or on websites that open your system to bad actors. No matter how much you trust them, you need to verify they’re doing the right thing. You can test your human security defenses by using your own phishing expedition to see how they’re doing.

We’ve become acquainted with independent cybersecurity firms by attending conferences over the years. We learn a lot from our peers and presenters – such as it takes an average of 244 days to detect a system breach and that using the cloud will be a necessity by 2028. We’ve also emphasized the need to have a thorough security audit, but as an IT firm, there’s only so much we can do. We also think that an IT firm is not the best organization to really get into the granular details of your security because we all have a vested interest in finding problems to fix.

An independent security expert can find the smallest breach openings in your system and tell you what needs to be done. One of the most fascinating tools they use is a phishing campaign aimed at everyone who works in your organization. They can plant fake links and QR codes and any other tool that a hacker can use to get someone to open a window into your system. They also have tools to mimic the follow-up methods that hackers use once somebody makes the initial click – or the first phone call to a bogus number.

The educational value of using your own phishing expedition is enormous. Not only will it help you patch up holes in your organization, but it also becomes a great teaching tool about why everyone needs to be vigilant. As we use more and more data to conduct business – and in our personal lives – it becomes more and more important to protect that data. You should remember that your organization is part of a data custody chain – a chain that can branch off in many directions. Intruders are highly sophisticated and well-funded – as well as very patient. They will do whatever it takes to get into your system and build tunnels to other systems. You put your reputation and integrity on the line every time you take in data and send it out.

AI will be able to generate untold amounts of data, but there is little it can do to eliminate misinformation automatically.

Eliminating misinformation requires real human intelligence and deliberate, active steps to prevent that first breach – the one that could take 244 days to find. At the risk of sounding like a broken record, in every location and on every device used to conduct your business:

  • Use a firewall and make sure it’s up to date.
  • Use anti-virus and malware software and make sure it’s up to date.
  • Install updates to operating systems and application software on every device you have. Those updates contain security patches and bug fixes to prevent intrusions.

We can help you arrange for a comprehensive security audit that includes a phishing expedition and a deep dive into your equipment and practices. Call us – 973-433-6676 – or email us to discuss your needs and develop a security action plan.

Shooting Yourself in Your IT Foot

We got a call recently from an MIA client who was trying to save money by relying on their “resident IT expert.” They could have shot themselves in the foot, but somehow, a few dance steps worked in their favor. They dodged this bullet, but not everyone is that lucky.

Our client is a multi-generational company, and one of its long-time employees served as their “resident IT expert.” A couple of members of the younger generation called us in because something didn’t seem to be right with their system. They thought their system was beyond repair for all intents and purposes. What concerned us most were two answers that we got for most of our questions:

  1. “I don’t know.”
  2. “We don’t have that information.”

When we logged into their system, we looked at their router and firewall and started to look at their setup. This time, we got some answers.

“Do you have another office?”

“Yes.”

“Does it connect to your system here?”

“Yes.”

The connection was made through a desktop computer that was sitting in a corner of the office – a computer that nobody ever touched. It was wide open; they allowed remote access to the desktop, and there was no protection against any kind of intruder. The hacker was able to get in and hijack their software by encrypting it.

We made phone calls to all of their application software vendors to learn how everything interacted, and we learned that they used Carbonite to back up their data. Trying to recover it was useless because all the data was corrupted, but we were able to get in. What we saw was eye-opening.

It turned out that they were hosting one small application that opened the door. Then we saw that nothing had been backed up for the entire year – and the ports were wide open. They also had an antiquated email system that was hijacked. Their in-house person never foresaw any issues with their setup and didn’t know the consequences of any settings that were tweaked or ignored.

We recommended they contact the hacker and see what it would cost to ransom their data, but they preferred to re-enter all of their data for the year. They had hard copies.

Before they began their recovery, we installed a new server and firewall, and while working with one of their software companies, we learned they had a copy of the data up to Aug. 1. Before they began any work, we set up a new email system and new log-in credentials.

It looked like they had dodged a hail of bullets, but within a day, their in-house person was already compromising their system by installing a bunch of utilities and other software. We put a stop to that, and that halted their system leaks and plugged their gaps. However, the whole process of investigating their processes and systems and buying and installing their new systems cost them almost $7,000 – plus their internal cost to re-enter what now amounted to one month’s worth of data. You could also add in a cost factor for aggravation.

In today’s age of a hacker-happy internet, you need a security audit to make sure your vulnerabilities are shored up. Call us – 973-433-6676 – or email us to set up your security audit. It will take an hour or two and cost less than $200. Hackers are highly sophisticated. How much could a breach of your system cost you? Don’t be penny wise and pound foolish.