Brain Trust Technologies LLC
TOLL FREE: (877) 288-5527
  • Home
  • Why Brain Trust
    • Partners & Certifications
    • Affiliations
  • Services & Solutions
    • Managed Services
    • Hosted Solutions
      • Business Solutions
    • Hardware & Software Sales
    • Professional Services
    • Business Continuity
  • Blog
  • Resources
    • White Papers
    • Brain Trust Reports
    • Case Studies
    • Newsletter Archive
  • About Us
    • Referral Program
    • Contact Us
  • Support
RSS

Hackers hijack PCs to steal cryptocurrency

February 22, 2018 admin Hardware 2018february22hardware_c, cryptocurrency, cryptojacking, cybersecurity, dark web, hardware, hijack, malware, processing power

There’s a new cyberattack in town, and it’s out to get your Bitcoins. Cryptojacking has grown in popularity over the past few months mainly because of the increasing value of cryptocurrency. So if you notice your computer slowing down, hackers may already be using your hardware to make easy money.

Hijacked hardware
Cryptojacking secretly uses your computer to calculate complex mathematical problems to generate cryptocurrency. They get inside by using phishing emails to lure victims into clicking on a link, which then runs malicious cryptomining programs on the computer. Any cryptocurrency produced then gets delivered to the hacker’s private server.

But hackers have developed an even more insidious tactic. By infecting websites with ads and plugins that run cryptojacking code, any visitor who loads the web page instantly gets infected with the malware, sending their computer’s processor into overdrive trying to generate cryptocurrency.

Unlike most malware, cryptojacking software won’t compromise your data. But it will hijack your hardware’s processing power, decreasing performance while increasing your power and cooling bills. So instead of paying for the computing power themselves, hackers can simply use thousands of compromised computers.

Surge in cryptojacking
It’s difficult to tell how much hackers are making with cryptojacking, but there’s a good chance that this type of attack will be as popular as ransomware was in 2017. In fact, for as little as $30, anyone can purchase a cryptojacking kit from the dark web to force other computers to generate Bitcoin or Monero for them.

According to several reports, even sites like The Pirate Bay, Openload, and OnlineVideoConverter are allegedly using cryptojacking exploits to diversify their revenue streams.

The biggest reason why this is becoming so popular is because it’s a low-risk, high-reward scheme. Instead of extorting money directly from the victim, hackers can secretly generate digital currencies without the victim knowing.

If it is detected, it’s also very hard to track down who initiated the attack. And since nothing was actually “stolen” (other than a portion of computing power), victims have little incentive to apprehend the culprit.

Prevention and response
To avoid cryptojacking, you need to incorporate it into your monthly security training sessions. Teach your employees to practice extra caution with unsolicited emails and suspicious links. Using ad-blocker or anti-cryptomining extensions on web browsers is also a great way to stay protected.

Beyond prevention, use network monitoring solutions to detect any unusual behavior with your computers. For example, if you notice a significant number of PCs running slower than usual, you should assume that cryptojacking is taking place.

If you’ve confirmed that it is, advise your staff to close browser tabs and update browser extensions as soon as possible.

Cryptojacking may seem less threatening than some malware we’ve discussed in the past, but it can incur real power, cooling, and performance costs to your business when several systems are compromised. To make sure you don’t end up enriching any hackers, call us today. We offer hardware solutions and cybersecurity tips to keep your business safe and sound.

Published with permission from TechAdvisory.org. Source.

Virtual DR for ransomware protection

February 2, 2018 admin Business 2018february2business_c, business continuity, cybersecurity, disaster recovery, ransomware, virtual dr, virtualization

The massive success of ransomware like WannaCry and Petya have spurred other cybercriminals to develop their own ransomware and sell it on the black market. This means we can expect more ransomware attacks in the future. To prepare your business, you need virtualized disaster recovery solutions. Here’s why.

Virtual DR
Virtual DR solutions allow you to create point-in-time copies, or “snapshots,” of operating systems, data, and virtual machines as they appear at a given point in time. These snapshots can then be loaded onto any workstation with everything still intact. In the event of a ransomware attack, administrators can essentially roll back the system to a point before the malware hit.

What’s great about point-in-time copy features is that they are automated. Just schedule the snapshots, and your virtual DR software will do the rest. And although virtual DR solutions vary, most of them have the capacity to store thousands of point-in-time copies, giving you plenty of restore points to choose from.

Why virtual DR trumps traditional DR
Traditional DR methods don’t have these features. Even though most computer operating systems have a system restore functionality, modern ransomware strains are designed to disable them. On the other hand, virtual DR software isolates point-in-time copies and restore functionality from virtual machines, which means they can’t be affected if one virtual machine was compromised with ransomware.

Another reason why traditional DR is not a great option is because there is a lot of manual labor involved. You have to copy all your data into a backup drive, reinstall applications, and reconfigure hardware. By the time you’ve recovered from the ransomware attack, the financial and reputational damage caused by downtime will have taken its toll on your business.

When recovering your system, you want as little hassle as possible. With virtual DR, you can load a clean, ransomware-free snapshot onto your system in less than 30 minutes.

However, implementing virtual DR can be complex, especially if you don’t have much IT expertise. But if you partner with us, this won’t be a problem! Call us today to get robust solutions that guarantee business continuity.

Published with permission from TechAdvisory.org. Source.

3 simple and easy cyber-security tips!

January 22, 2018 admin Hardware 2018january22hardware_c, authentication, cybersecurity, data protection, easy security, two-factor, webcam

Data security and privacy should be a top priority in this age of constant and downright dangerous cyber attacks. However, in your quest for ultimate security, don’t forget to implement these non-technical steps to shield your business’s IT resources.

Cover up your webcam

There must be some credibility to doing this if Facebook founder, Mark Zuckerberg, former FBI director, James Comey, and NSA whistleblower Edward Snowden all believe their webcams could be compromised. This is not just another paranoid celebrity reaction to ruthless paparazzi, there’s a genuine reason behind it. Kindly take a moment to consider the following scenario: hackers using your webcam to spy on you.

Though it might sound unrealistic, this actually happened on several occasions. Sometimes for purely voyeuristic reasons and sometimes what appeared to be espionage. This is a very real threat with disturbing repercussions. Hackers aim to gain personal information based on your surroundings, deduce your location, as well as spy on the people you’re with, ultimately using this information to hold you ransom, threatening to broadcast your most intimate and vulnerable moments if you don’t pay up.

Fortunately, guarding yourself against such danger is really easy and some painter’s tape over your webcam should do the trick. If you’re not confident about regular tape, you can purchase a cheap webcam cover online or at any hardware store.

Purchase a privacy shield

Think of privacy guards as those iPhone scratch protectors, but with an anti-snooping feature. These are thin covers you put on your computer, laptop or smartphone screen to limit viewing angles. Once installed, anyone trying to look at your screen from anywhere — except straight-on — sees nothing. Privacy filters are commonly used to protect work devices, particularly which display or contain critical files with sensitive data or confidential information. However, less sensitive, personal devices are still vulnerable to ‘shoulder surfing’ — the act of peeking at someone else’s screen, with or without ill intent, which is why we recommend using these protectors on all your devices.

Use a physical authentication key

Requiring more than one set of credentials to access sensitive resources is common sense, and has become standard practice for established online services. With something called two-factor authentication in place, you gain access to your account only after you’ve entered the authentication code, which the website sends to your smartphone once you’ve entered your account credentials. Until recently, two-factor authentication relied mostly on text messages that were sent to mobile phones. But professionals have now realised that phones can be hijacked to redirect text messages.

Moreover, authentication codes can be stolen, or users can be tricked into entering these codes via a convincing phishing website. If you’re looking for authentication services that cannot be hijacked, stolen or lost, your best bet is a USB or Bluetooth key you can carry on your keychain. This means nobody — not even you — will be able to access your account without the physical key. Ultimate security at your fingertips.

If you need help setting up two-factor authentication, or any IT security services, contact our experts and experience true peace of mind as we fortify your data to no end.

Published with permission from TechAdvisory.org. Source.

Beware of what you save in web browsers

January 9, 2018 admin Security 2018january9security_c, auto-fill, chrome, cybersecurity, firefox, Passwords, privacy, safari, web browsers

Passwords are a double-edged sword. If you make them too simple, they’ll be easy to guess; if you make them too complex, they’ll be impossible to remember. One solution is to create an uncrackable password and save it to your browser. Unfortunately, recent research suggests that tactic could drastically reduce your privacy.

Why auto-fill passwords are so dangerous

In 2015, the average internet user had 90 online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

The process of tricking a browser or password manager into giving up this saved information is incredibly simple. All it takes is an invisible form placed on a compromised webpage to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit. These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish. AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.

One simple security tip for today

Turn off auto-fill in your web browser. It’s quick, easy, and will go to great lengths to improve your account security.

  • If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Manage Passwords
  • If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
  • If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe. For managed, 24×7 cybersecurity assistance that goes far beyond protecting your privacy, call us today.

Published with permission from TechAdvisory.org. Source.

2017’s most valuable IT solutions

January 2, 2018 admin Business 2018january2business_c, ai, business value, cloud, cybersecurity, iot, machine learning, mobile payments, ransomware

It’s the perfect time of year to evaluate last year’s technology investments and make adjustments for the year to come. Whether 2017 left you with extra cash in your pocket or desperate for a better way to get work done, here’s a roundup of the best IT news from the past year.

Small businesses love the cloud

According to research from IDC, more than 70% of businesses with 10-99 employees took advantage of cloud technology in 2017, and that number is expected to rise this year. This is largely due to IT providers demonstrating that the cloud is just as, if not more, secure than on-premises solutions. The list of possibilities for what can be hosted in the cloud on a small-business budget is getting longer every day — if you’re not devoting resources to this technology, it’s time to jump onboard.

Mobile payments earn users’ trust

Like the cloud, making credit card purchases using a mobile device suffered from a trust deficit in its early stages. For good reasons, consumers have been conditioned to treat IT security with caution, and storing financial information on a smartphone that could wirelessly transmit that information to cashiers sounded dangerous.

However, after two years of availability without any major incidents, the number of users who have used smartphone-based wallets like Apple Pay has doubled. Accepting these payments is relatively simple for small businesses and opens up new business opportunities.

Cybersecurity becomes affordable for SMBs

Ransomware had yet another year of explosive growth, and small businesses were a primary target. Thankfully, managed IT services providers met the increased demand for cybersecurity services with intelligent data backup and network protection solutions tailored for SMB budgets. There will be even more ransomware attacks in 2018, which means you should be investing in more cybersecurity services than you did last year.

The Internet of Things gains popularity

Just a couple years ago, Internet of Things (IoT) devices were novelty gadgets for people with money to burn. Everything was being connected to WiFi networks: egg trays, pet-activated video chats, belts, you name it. But due to more useful applications in 2017, nearly a third of US businesses are now taking advantage of IoT gadgets. Connected thermostats, door locks, and AI assistants make it easy to save money, increase security, and boost productivity.

“Artificial Intelligence” is widely adopted

Although we’re still far from building computers that can truly think for themselves, 2017 was the year that computers got much better at creatively organizing and interpreting data for us. From digital assistants that answer your phones to customer relationship management platforms that intelligently uncover sales opportunities, IT solutions for business are getting significantly cheaper and smarter. Experts predict that more than 30% of businesses will use AI by next year and we recommend you join their ranks.

Technology investments are no different from any other investment. There will always be risks and you should always consult with an industry expert first. When you’re ready to get more value out of your IT, give us a call and we’ll get started on your 2018 plan!

Published with permission from TechAdvisory.org. Source.

VPNs: Why you need them

December 6, 2017 admin Security 2017december6security_c, cybersecurity, Encryption, ip leaking, privacy, server, virtual private network, vpn

Installing powerful antivirus software and setting strong passwords are no longer considered the bare minimum in cybersecurity. With hackers, government agencies, and ISPs constantly monitoring networks and your online habits, hopping onto a Virtual Private Network (VPN) is crucial for keeping your surfing habits private. Here’s why.

What is VPN?

Simply put, a VPN is a group of servers you connect to via the internet. Once you’ve established a connection, your computer acts as if it’s on the same local connection as the VPN, making it seem like you moved to a different location.

When you surf the web through a VPN, all the data transmitted and received is also encrypted, preventing anyone — from hackers to government agencies — from monitoring your online activities.

Why should you have one?

Of course, security and privacy are major reasons why you would want a VPN. For example, if you’re connected to a public WiFi network — like the ones you typically see in local cafes and airports — using a VPN encrypts the information you’re sending or accessing online. This means things like credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

VPNs are also useful for accessing geo-restricted websites. If you’re traveling abroad and certain US websites are blocked in that region, you can simply connect to a VPN located in the US to access the sites you need.

Which VPN should you choose?

Given the increasing demand for secure online privacy, VPNs are surging in popularity. The following considerations can help you find the right one.

1. Cost
While free VPNs are available, we strongly suggest you avoid them. These keep logs of your internet activity, and in some cases sell them to the highest bidder. Maintaining a VPN service is also expensive, which means the free ones will likely plaster ads on your browser to make a quick buck.

Paid VPNs like SurfEasy and StrongVPN often come with more robust features and configurations that keep you secure. What’s more, they don’t keep a record of the sites you visit and hound you with pop-ups that lead to dangerous websites.

2. Location
The physical location of VPN servers is important if you want to access region-blocked websites. So if you’re planning on accessing a UK-based service, your VPN provider must at least have servers installed in London.

3. Capacity
Read through a VPN provider’s terms of service to determine how much data you’re allowed to use. If possible, find out how many servers a VPN provider has. If they have plenty of servers online, you can rest assured that they have the capacity to support your internet browsing.

4. Device compatibility
Another important factor to consider is whether the VPN can be used across multiple devices. Nowadays, employees work on laptops, tablets, and smartphones, so you’ll want a VPN that’s compatible with all these.

5. IP leaking
Finally, a great way to evaluate a VPN service is to sign up for their free trial service and visit https://ipleak.net/, which will allow you to check whether your real IP address is actually being leaked. If it manages to track your physical location, you need to opt for a more reliable VPN service.

VPNs are now a vital component of cybersecurity, and if you need help selecting the right one for your business, consult with our security experts today. We also offer comprehensive cybersecurity services so no hacker or third party can get their hands on your data.

Published with permission from TechAdvisory.org. Source.

Equifax sheds light on incident response

October 3, 2017 admin Security 2017october3security_c, cybersecurity, data breach, equifax, incident response, security

What would you do right now if you discover that your business’s database is hacked and a huge number of your customers’ data gets leaked? Speechless, with dismay, but you need to act, decently. In this case, it helps to have a good incident response plan in place, so your business won’t suffer the same fate as Equifax, which is an interesting story we’re about to tell.

What happened to Equifax?

Equifax, the huge American credit agency announced in September 2017 that its database was hacked, resulting in a leak of tons of consumers’ private data, including personally identifiable information of around 143 million US citizens. It included names, social security numbers, addresses, birthdates, and credit card and driver’s license numbers.

Equifax responded by setting up a new site, www.equifaxsecurity2017.com, to help its customers determine whether they had been affected and to provide more information about the incident.

Soon after, Equifax’s official Twitter account tweeted a link that directed customers to www.securityequifax2017.com, which is actually a fake site.

Fortunately for Equifax’s customers, the fake phishing site was set up by a software engineer who wanted to use it for educational purposes and to expose flaws in Equifax’s incident response practice. So, no further harm was done to the already-damaged customers, and Equifax is left with even more embarrassment.

So what did Equifax do wrong?

One of the huge mistakes Equifax made in responding to its data breach was setting up a new website to give updated information to its consumers outside of its main domain, equifax.com.

Why? You first need to know that since the invention of phishing scams, phishers have been creating fake versions of big companies’ websites. That’s why so many major corporations buy domains that are the common misspellings of their real domains.

You should also know that phishers can’t create a web page on the company’s main domain, so if Equifax’s new site was hosted there, it’d be easy for customers to tell whether the new page was legitimate and not be fooled by a fake domain name.

What’s obvious from this embarrassing misstep is that Equifax had never planned for a data leak. And this is an unforgivable oversight by a company that handles the information of over 800 million consumers and more than 88 million businesses worldwide.

Don’t repeat Equifax’s mistake

Whether your business is a small startup or as big as Equifax, it needs to prepare for a data breach. Besides having a comprehensive network defense plan, you also need to have the right incident response plan in place.

So what you should do after you’ve discovered the leak is, first of all, be upfront with your customers and notify them as soon as possible.

You also need to establish a message that includes the following information:

  • How the leak occurred
  • How the leak could affect your customers
  • How you will prevent future attacks
  • What your company will do to support affected customers

You should also create a web page to keep your customers up to date. But remember, the new web page should be under your company’s primary domain name.

As we’ve seen from Equifax, an incident response plan that’s robust is a must. Feel free to talk to our experts about how you can come up with an acute one — so you won’t have to repeat Equifax’s apologetic statement, since it doesn’t help the company redeemged reputation at all.

Published with permission from TechAdvisory.org. Source.

It’s time to redefine the word “hacker”

August 16, 2017 admin Security 2017august16security_c, black hat, cybersecurity, gray hat, hacking, white hat

What do you call someone who hunts for security gaps in computer hardware and software? A hacker, right? What about someone who takes their findings to vendors to help them improve the quality of their products? There is more than one type of hacker, and understanding the difference is important.

A complicated history

Since all the way back in the 1950s, the term hacker has been vaguely defined. As computers and the people who worked with them became more accessible, the word was used to describe someone who explored the details and limits of technology by testing them from a variety of angles.

But by the 1980s, hackers became associated with teenagers who were being caught breaking into government computer systems. Partially because that is what they called themselves, and partially because the word hacker has an inherently aggressive ring to it.

Today, several of those pioneering hackers run multimillion-dollar cyber security consulting businesses. So what should you call someone who uses their knowledge for good?

“White hat” hackers

Sometimes referred to as ethical hackers, or plain old network security specialists, these are the good guys. Whether it’s selling what they find to hardware and software vendors in “bug bounty” programs or working as full-time technicians, white hat hackers are just interested in making an honest buck.

Linus Torvalds is a great example of a white hat hacker. After years of experimenting with the operating system on his computer, he finally released Linux, a secure open-source operating system.

“Black hat” hackers

Closer to the definition that most people outside the IT world know and use, black hat hackers create programs and campaigns solely for causing damage. This may be anything from financial harm in the form of ransomware to digital vandalism.

Albert Gonzalez is one of the many poster children for black hat hacking. In 2005, he organized a group of individuals to compromise poorly secured wireless networks and steal information. He is most famous for stealing over 90 million credit and debit card numbers from TJ Maxx over the course of two years.

“Gray hat” hackers

Whether someone is a security specialist or a cyber criminal, the majority of their work is usually conducted over the internet. This anonymity affords them opportunities to try their hand at both white hat and black hat hacking.

Today, there are quite a few headlines making the rounds describing Marcus Hutchins as a gray hat hacker. Hutchins became an overnight superstar earlier this year when he poked and prodded the WannaCry ransomware until he found a way to stop it.

During the day, Hutchins works for the Kryptos Logic cybersecurity firm, but the US government believes he spent his free time creating the Kronos banking malware. He has been arrested and branded a “gray hat” hacker.

The world of cyber security is far more complicated than the stylized hacking in Hollywood movies. Internet-based warfare is not as simple as good guys vs. bad guys, and it certainly doesn’t give small businesses a pass. If you need a team of experienced professionals to help you tackle the complexities of modern cyber security, call us today.

Published with permission from TechAdvisory.org. Source.

How to keep your mobile devices safe

August 9, 2017 admin Hardware 2017august9hardware_c, cybersecurity, hardware, mobile device, smartphone, threats

Increased productivity and constant collaboration are two of the main reasons why businesses have integrated a mobile policy into their business. This means an increased use of mobile devices such as smartphones and tablets in daily operations. But as the number of mobile users continues to grow, so does the number of cyber crime. Reduce your IT staff’s headaches by following these steps in protecting your mobile devices.

Ensure mobile OS is up-to-date

Apple and Android’s operating system updates improve overall user experience, but their most important function is to fix security vulnerabilities. You can reduce your business’s exposure to threats by installing updates for ALL devices as soon as they become available. Some people wait for a few weeks or months to update their device’s OS. This gives hackers ample time to exploit vulnerabilities on devices that run on outdated operating systems.

Install business applications only

Downloading apps seems harmless, but lenient mobile devices policies on what should and shouldn’t be downloaded on company devices could lead to staff downloading and installing non-business-related apps from third-party stores, most of which are notorious for malicious advertising codes and other threats.

Be careful with public Wi-Fi networks

Emergency situations might compel you to use password-free Wi-Fi networks in hotels, airport, cafes, or any public place. Connecting to an open network could expose your confidential information and sensitive company data to hackers connected to the same network.

You can avoid this by providing a practical internet data plan, preferably one that includes roaming services, for remote workers. And if you really have to connect to an open Wi-Fi, don’t use the connection for transferring sensitive data.

Enable phone tracking tools

Losing a company-issued mobile device is a scenario many would rather not contemplate, but it happens. Devices can be misplaced or stolen, and enabling a useful app such as ‘Find my iPhone’ for iOS devices, ‘GPS Phone Tracker’ for Android, or any other device-tracking app in Apple’s App or Android’s Google Play stores helps users locate lost phones, or otherwise delete data in stolen devices. Downloading and setting up the app takes just a few minutes, and it will give you peace of mind knowing that even if your phone is lost or stolen, its contents will not be compromised.

Screen SMS carefully

SMS messaging may not be as effective as email phishing, but SMS phishing can also be used to trick users into clicking malicious links. Hackers send messages purporting to be from someone you know or a legitimate source that asks you to urgently send confidential data. You can either delete these messages, block unknown senders, or alert your IT department in case you encounter a possible scammer.

Mobile devices are becoming more critical to operations. And with more devices open to attack, businesses must bolster their cybersecurity efforts. Hackers will exploit every possible vulnerability, and that includes those in unsecured smartphones and tablets. Get in touch with us if you need comprehensive security solutions for your business.

Published with permission from TechAdvisory.org. Source.

Lessons learned from the WannaCry malware

May 25, 2017 admin Security 2017may25security_c, cybersecurity, employee training, malware, perimeter security, phishing, ransomware, software updates, wannacry

WannaCry is one of the few malware campaigns to become a household name. It’s educated countless people on the reality of ransomware and the vulnerability of their data. If you’re still worried about whether you’re at risk, we’ve collected everything you need to know right here.

Ransomware review

Ransomware is a specific type of malware program that either encrypts or steals valuable data and threatens to erase it or release it publicly unless a ransom is paid. We’ve been writing about this terrifying threat for years, but the true genesis of ransomware dates all the way back to 1989.

This form of digital extortion has enjoyed peaks and troughs in popularity since then, but never has it been as dangerous as it is now. In 2015, the FBI reported a huge spike in the popularity of ransomware, and healthcare providers became common targets because of the private and time-sensitive nature of their hosted data.

The trend got even worse, and by the end of 2016 ransomware had become a $1 billion-a-year industry.

The WannaCry ransomware

Although the vast majority of ransomware programs rely on convincing users to click compromised links in emails, the WannaCry version seems to have spread via more technical security gaps. It’s still too early to be sure, but the security experts at Malwarebytes Labs believe that the reports of WannaCry being transmitted through phishing emails is simply a matter of confusion. Thousands of other ransomware versions are spread through spam email every day and distinguishing them can be difficult.

By combining a Windows vulnerability recently leaked from the National Security Agency’s cyber arsenal and some simple programming to hunt down servers that interact with public networks, WannaCry spread itself further than any malware campaign has in the last 15 years.

Despite infecting more than 200,000 computers in at least 150 countries, the cyberattackers have only made a fraction of what you would expect. Victims must pay the ransom in Bitcoins, a totally untraceable currency traded online. Inherent to the Bitcoin platform is a public ledger, meaning anyone can see that WannaCry’s coffers have collected a measly 1% of its victims payments.

How to protect yourself for what comes next

Part of the reason this ransomware failed to scare users into paying up is because it was so poorly made. Within a day of its release, the self-propagating portion of its programming was brought to a halt by an individual unsure of why it included a 42-character URL that led to an unregistered domain. Once he registered the web address for himself, WannaCry stopped spreading.

Unfortunately, that doesn’t help the thousands that were already infected. And it definitely doesn’t give you an excuse to ignore what cybersecurity experts are saying, “This is only the beginning.” WannaCry was so poorly written, it’s amazing it made it as far as it did. And considering it would’ve made hundreds of millions of dollars if it was created by more capable programmers, your organization needs to prepare for the next global cyberattack.

Every single day it should be your goal to complete the following:

  • Thorough reviews of reports from basic perimeter security solutions. Antivirus software, hardware firewalls, and intrusion prevention systems log hundreds of amateur attempts on your network security every day; critical vulnerabilities can be gleaned from these documents.
  • Check for updates and security patches for every single piece of software in your office, from accounting apps to operating systems. Computers with the latest updates from Microsoft were totally safe from WannaCry, which should be motivation to never again click “Remind me later.”
  • Social engineering and phishing may not have been factors this time around, but training employees to recognize suspicious links is a surefire strategy for avoiding the thousands of other malware strains that threaten your business.

Revisiting these strategies every single day may seem a bit much, but we’ve been in the industry long enough to know that it takes only one mistake to bring your operations to a halt. For daily monitoring and support, plus industry-leading cybersecurity advice, call us today.

Published with permission from TechAdvisory.org. Source.

1 2 3

Recent Posts

  • Can AI empower customer service agents?
  • Leave no room for hackers to operate
  • Keep your laptop from overheating

Recent Comments

    Archives

    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015

    Contact Us

    • Email
      billing@braintrusttechnologies.com
    Brain Trust Technologies LLC

    6749 S. Westnedge Ave

    Suite K, #128

    Portage, MI 49002-3556

    Southwest Michigan: (269) 290-7137

    St. Louis: (314) 558-0623

    Toll Free: (877) 288-5527

    © 2022 Brain Trust Technologies, LLC. All Rights Reserved