6 Warning signs your Computer has Been Attacked by Malware

With the rise of eCommerce and online banking, cybercrime has evolved. Like criminals who pull smash-and-grab jobs, they go where the money is. However, unlike bank robbers, cybercriminals do their best to avoid detection by letting malware do the work for them. Viruses and ransomware sneak into PCs to quietly steal passwords, financial credentials, and other personal information to be sold on the black market for profit. Not all malware is stealthy though. Here are 6 of the telltale signs:

Slow computer

Are your operating systems and programs taking a while to start up? Is your data bandwidth suspiciously slow? If so, your computer may potentially have a virus.

However, just because your PC is running slower than usual doesn’t necessarily mean that it’s infected, as there could be other causes to your computer slowing down. First, check if you’re running out of RAM. For Windows, open task manager (press Ctrl + Shift + Esc) and go to the Performance tab and check how many gigabytes of RAM are used up under the Memory section. For Mac OS users, you can open the Activity Monitor app and, under System Memory, you should be able to find out your RAM usage.

Other causes could include lack of space on your hard drive or even damaged hardware. Once you’ve ruled out other possible causes, then malware may have infected your device.

Blue screen of death (BSOD)

If your PC crashes regularly, it’s usually either a technical problem with your system or a malware infection. You might not have installed the latest drivers for your device or the programs you’re running could possibly be incompatible with your hardware. If none of these problems are apparent in your PC, then a virus could be clashing with other programs and causing your crashes.
To check what caused your last BSOD, go to Control Panel > System and Security > Administrative Tools > Event Viewer and select Windows Logs. Those marked with “error” are your recorded crashes. For troubleshooting solutions, consult forums or your IT department to figure out what to do next.

Lack of storage space

There are several types of malware that can manipulate and corrupt the files saved on your computer. Most tend to fill up your hard drive with suspicious files. Ransomware, for example, is a notorious type of malware that denies you access to your data until you pay a so-called ransom. There are more aggressive forms of ransomware, like NotPetya, known for exploiting security holes to infect computers without needing to trick users.

If you find any unknown programs that you have never installed before, notify IT personnel in person immediately (do not email them) and have them handle the situation for you. Your device might not be the only one in your network that is infected with suspicious programs.

Suspicious modem and hard drive activity

Combined with the other warning signs, if your hard disk is working excessively while no programs are currently running or if you notice that your external modem is always lit, then you should scan your computer for viruses.

Pop-ups, websites, toolbars, and other unwanted programs

Pop-ups come from clicking on suspicious pages, such as those where users are asked to answer survey questions to access a website’s service or install free applications. While they’re inherently harmless, they could be downright annoying. Refrain from clicking pop-up pages and just close them instead. Run malware scans and update your browsers.

You might think that downloading free applications is harmless, but the installation process can inject malware into your device. When you’re installing a program from the internet or even app stores, it’s easy to just skim over the terms and conditions page and repeatedly press next. This is where they get you. In the process of skipping over certain installation steps, you might have agreed to accepting a new default browser and opening unwanted websites and other programs filled with viruses. Be cautious when downloading something for free.

You’re sending out spam

If your friends are telling you that you’ve been sending them suspicious messages and links over social media or email, you might be a victim of spyware. Warn your friends not to open anything that appears to be spam and make sure to reset your passwords across all your devices and enable multifactor authentication.

Knowing how malicious software affects your computer can help you take the necessary precautions and steps to rectify the situation as soon as possible. Regardless of whether or not your system has experienced these symptoms, it’s always smart to perform regular malware scans to ensure your business is safe. To find out more about malware and IT security, contact Net Activity today.

Are YOU Prepared For the End Of Windows 7?

On January 14, 2020, the world will bid a fond farewell to the beloved Windows 7 operating system. Well, sort of. Microsoft has declared that, after that date, it will no longer update or support the system. It’s the final nail in the coffin for a trustworthy, oft-touted software package that’s been running on fumes since newer versions hit the scene. And, as with any funeral, there are some arrangements to be made for the millions of businesses that have stuck it out to the end. Here’s everything you need to know about the coming changes – and what you should do now to prepare.

The End Of An Era

The news of Microsoft closing down Windows 7 support may come as a surprise to some of us, but the operating system has been on its last legs for a while. In fact, Microsoft stopped adding new features and honoring warranties for the platform back in 2015. When 2020 comes, it will cease releasing patches and updates for good.

This doesn’t mean that Windows 7 PCs will suddenly stop working in January; you’ll still be able to boot up in the operating system if you keep it installed. But if you value your privacy, your data and your sanity, it’s time to upgrade.

Those Microsoft updates that pop up from time to time don’t exist just to annoy you; they patch security vulnerabilities and protect you against new viruses and malware. Without that ongoing support, Windows 7 users will become fish in a barrel to sophisticated cybercriminals looking for a quick buck.

That’s why it’s essential that you call in the professionals to prepare your business for the switch to Windows 10 – or an alternative operating system – now, not later.

It’s A Requirement, Not A Choice

Upgrading your operating system well in advance of the Windows 7 end-of-life date may seem like a decision you should make for your peace of mind, but it’s even more critical than that. Of course, as time leaves Windows 7 behind, it’s certain that pieces of software will steadily become incompatible with the OS. Programs your company uses day-to-day suddenly becoming unusable will present serious headaches, but the real problem lies in the security of your network.

Windows developers are in a constant arms race with cybercriminals looking to exploit vulnerabilities in their platform. Each patch brings a host of bug fixes and security upgrades, but cybercriminals almost always find a new way in. Thus, the developers hastily put together a new patch, and the cycle continues.

When an operating system loses support from these developers, its users are left completely vulnerable to hackers. Like fruit flies drawn to a rotting apple, they flock to the abandoned platform and dig into the networks of those stubbornly clinging to the outdated OS. This process is expected to be especially nasty after Windows 7’s end of life, since so many businesses still use the OS and likely will forget (or refuse) to upgrade.

If you value your business at all, it’s not a choice. You need to upgrade before time runs out.

Avoid The Crunch

Not only should you enlist your IT experts to facilitate the upgrade, but you should do it ASAP. As the clock ticks down on Windows 7, tech companies are expecting a flood of upgrade requests as businesses scramble to leave the OS behind before it’s too late. Many of these IT providers will have a lot on their plate later in the year as they hurry to upgrade hundreds, if not thousands, of individual PCs. If you wait it out, you’re likely to find yourself at the back of a long, long line, potentially to the point that you breeze past January 14 without a solution. If you do, you’re almost certain to regret it.

Every day, the need for an upgrade becomes more urgent. Give the task the ample time required, and avoid needless stress. Reach out to Net Activity below to start the upgrade process today.

Millions Of Facebook Usernames And Passwords Stored By Accident

Are you a Facebook user? If you are, it may be time to change your password. KrebsOnSecurity recently reported that it found hundreds of millions of Facebook user account names and passwords stored in plain text and searchable by more than twenty-thousand Facebook employees. At present, there is no official count, but Facebook says the total number of records was between 200,000 and 600,000.

That’s a big number, which makes this a serious incident, but in truth, it represents only a fraction of the company’s massive user base.

Although there’s no indication that any Facebook employee abused their access to the information, the fact remains that it was accessed regularly. The investigation to this point has revealed that no less than 2,000 engineers and developers made more than nine million internal queries to the file.

Facebook software engineer Scott Renfro, interviewed by KrebsOnSecurity, had this to say about the issue:

“We’ve not found any cases so far in our investigations where someone was looking intentionally for passwords, nor have we found signs of misuse of this data.

In this situation, what we’ve found is these passwords were inadvertently logged but that there was no actual risk that’s come from this. We want to make sure we’re reserving those steps and only force a password change in cases where there’s definitely been signs of abuse.”

This is just the latest in an ongoing series of security-related issues Facebook has found itself in the midst of. While the company is wrestling with making changes to prevent such incidents in the future, that’s small comfort to the millions of users that have been adversely impacted over the last year.

According to the official company statement, unless you receive a notification from them, there’s nothing you need to do and no need to change your password. But given the importance of data security, if you’d rather be safe than sorry, it certainly couldn’t hurt.

Planning For Catastrophe: Business Continuity & Disaster Recovery

80% of businesses suffering a major natural disaster go out of business within three years.  Your business runs 365 days a year; your systems run 24/7 and your data is needed in real-time. To ensure that your business continuity is protected, you must take a proactive approach that ensures that everything is protected. This means all of your systems, data, and files are protected against all types of disastrous events. Business continuity planning should be the number one priority when preparing for a catastrophic disaster.

So, what types of disasters-exactly-should your business be prepared for? Let’s take a look:

• System Disasters. This is your hardware, software, all systems and data centers; when they fail, you want to make sure that your business doesn’t have to. The 2018 Cyber Resilience Report found that 67% of companies in 61 countries experienced at least 1 cyber incident in the last year, caused primarily by phishing & social engineering, malware, spear phishing, denial of service, and out-of-date software, rendering the organization’s own network either contaminated or inoperable.
• Natural Disasters. Due to global climate change, natural disaster occurrences have increased and intensified. Since 2010, we have suffered 2,018 natural disasters (averaging 336 per year). The US is second only to China for the number of natural disasters. Natural disasters have cost the global economy $2.5 trillion since 2000. 80% of businesses suffering a major disaster go out of business in three years.
• Human Error Disasters. The most frequent, most common, and often most detrimental cause of disasters that can disrupt business continuity is unintentional human error. 70% of the successful attacks on businesses came from internal threats like employees and contractors. Even small data losses – those with fewer than 100 files lost – cost between $18,120 and $35,730. A single poor choice by a single employee can lead to catastrophic data loss.

Any one of these disasters could destroy your business, or at the very least, cost you thousands of dollars.

Your business continuity planning is essential; one key component in that planning is thinking big picture and covering all your bases.

What does that mean?

Ensure employee well-being. Communication during and following an emergency presents a variety of challenges. So, crafting an employee safety and communication plan that works is absolutely essential. Obviously, email is the easiest way to reach a large group of employees, but if your company’s email server is down, you are out of luck. A call tree, sometimes referred to a phone tree, call list, phone chain or text chain, is another popular method for distributing important information to employees during and following an event.

Keep customers in the loop. Managing customer relationships is obviously critical to the ongoing success of your business. As such, it is important to craft a plan for distributing information to your customers during and following a disaster event. The scope of your customer communications plan will vary widely depending on the nature of your business.

Enable IT uptime. To understand the IT piece of disaster recovery and business continuity today, it helps to look at the not-so-distant past. It really wasn’t very long ago that backup meant daily incremental and weekly full backups to tape or a dedicated disk backup target. Disaster recovery from offsite tapes were-and are-painfully slow and bring considerable downtime. Your IT disaster recovery plan should be built around two concepts; your recovery time objective (RTO) and recovery point objective (RPO). RTO is the amount of time that it takes to get a system restored following a failure or disaster event, and RPO is the point in time to which your data can be restored.

A better way to enable your IT uptime is to run applications from image-based backups of virtual machines. This capability is commonly referred to as “recovery-in-place” or “instant recovery.” Recovery-in-place dramatically improves RTO because operations can continue while primary servers are being restored. RPO is reduced as well—snapshot-based, incremental backups at 15 minute intervals are a common practice.

Keep your business moving. Some possible considerations for your organization to focus on when planning for a disaster are insurance coverage, employee training and facilities issues. In addition, knowing your downtime impact is crucial to your recovery efforts. Many organizations today have limited tolerance for application downtime and if your employees or customers do not have access to essential applications and data, there will be a direct impact on productivity and revenue. While this sounds obvious, many organizations do not consider the actual costs of downtime for a business.

To better understand the cost of downtime and how it can cost your company dollars, our Cost of Data Loss Worksheet is a great tool to begin measuring exactly where your business vulnerabilities are and how to better protect your data assets and continuity.

Would You Rather Text Than Talk? 7 Essential Tips For Business Texting

You use your iPhone or Android for everything else. Your spouse even texts you to grab some milk at the store or to tell you they’ll be gone when you get home. It’s quick, easy and gets the job done. Why not in business too?

Well here’s the thing…even though text messaging might be your main form of communication for everyday social communications with friends and family, there’s an unspoken idea that you shouldn’t text colleagues and business associates. However, business text messaging is such an easy way to stay in contact with other people on the job, as long as you avoid some awkward texting gaffes that can cause issues in the workplace. So…if you’re going to text for business purposes, follow these 7 texting tips to keep it professional:

1. Know when texting is appropriate

Despite the omnipresence of cell phones today, not all users have text messaging services enabled. This means that users can incur extra charges to send and receive messages. So before sending someone a text message, ask if it’s okay. You can also go ahead and assume it’s okay if the other party initiates the texting. Avoid texting outside of normal work hours, and especially late at night—you never know when the ‘ding’ might wake someone up!

2. Be respectful of those in your physical presence

Whether you’re in a meeting with a client, or having dinner with your future boss, show respect for their time by saving the text messages and phone calls for later. To quickly switch into meeting settings, just set your cell phone to airplane mode, and your texts will be held until you disable it.

3. Avoid relying on texting for urgent matters

Sometimes time-sensitive matters arise, such as a meeting being rescheduled. But you cannot guarantee that you will get hold of someone in time through texting. For this reason, it is best use more formal methods, such as calling or emailing if you cannot speak to a colleague in person. For truly urgent matters, you may use multiple modes of communication, but do so only when circumstances call for it.

4. Group texts should be used sparingly

Group texts may seem like a convenient way of reaching out to multiple people, but it can be really irritating to be on the receiving end of them. Responses go to everyone, which isn’t always clear to the participants. That means they can receive message after message from contacts that they may not even know. And remember the point about not texting people whose cell phone plans incur extra charges? That definitely applies here, too. Instead of a group text, opt for a meeting, conference call, or email thread.

5. Don’t send bad news via text

Text messaging is an inherently informal method of communication, and as such should not be used for more serious matters. If you need to deliver bad news to someone, it’s best to do it in person. In some circumstances, you may have to deliver it via email or phone, but try to imagine how the person on the other end of the line might react to the news first.

6. Use emojis sparingly or not at all

With smartphones came along some fun new features, such as emoticons, or ‘emojis’. But while there’s an emoji for just about any occasion, resist the urge to saturate your texts with them. Using emoticons may come across as unprofessional, so don’t go overboard if you do choose to send them. And if do so with someone you know well, stick to the classics, like simple smiley faces.

7. Structure your text in a professional manner

This means no casual abbreviations (e.g. “lol”), typing in all caps, or misspellings. Try to keep your message brief and to the point, otherwise send an email instead. Always sign your name on your initial message as well, unless you’re confident that the recipient will know who it is.

If you do text in a business environment, especially with a customer or prospect, follow these 7 tips to ensure that you are perceived as the true business professional that you are!

Keep Your Business Alive with BCP

• Cloud backups are affordable and cost much less than onsite backups Backups can be automated, therefore saving you time
• Cloud providers usually back up your data to multiple locations (so if one of their facilities goes down, your backups are still safe at another site).
• Backups can be accessed from anywhere, whether it’s at an employee’s home or at an alternate office.
• If you need to access them, backups can be restored quickly

Protect Your Business From the Dangers Of Shadow IT with Office 365

The term “Shadow IT’ refers to apps and devices used as work that operate outside your company’s sanctioned policies and protocols.

Shadow IT takes many forms, like conversations on Facebook Messenger, Google Hangouts, Gmail or Skype.  It can include software from Excel macros to cloud-bases storage apps such as Dropbox, Google Docs and Evernote.  Or collaboration spaces like Slack, Asana and Wrike.  And then there are devices: ISB sticks, smartphones, tablets and laptops within your network that you have no control over.

Robert J. Moore, CEO of RJMetrics, relates how companies like Slack and Dropbox craft their pricing models to encourage rapid proliferation.  One day, a few of his engineers were using Slack, then all the engineers, then the whole rest of the company was using it. “We’ve reached a point of no return and paying for it was pretty much our only option.”

What are the hidden dangers of shadow IT?

 When users on your network adopt apps and devices outside your control, protocols aren’t followed, systems aren’t patched, devices get infected without people knowing it and data breaches happen…As a result, confidential information can be exposed, accounts taken over, websites defaced, goods and services stolen, and precious time and money lost.

Not only that, you end up with siloed information in unknown places, data compliance and missed opportunities for bulk pricing.

The obvious solution would be to crack down and forbid use of all but company-approved devices and apps.  Unfortunately, that tends to slow things down, stifling productivity and innovation.

 So how can you protect your business from the risks of Shadow IT?

1. First, find the Shadow IT in your organization. Start with surveying your employees. Ask them what software and services they use regularly. You’d be surprised how many unauthorized tools you’ll uncover, simply because the employees don’t realize they’re practicing Shadow IT. Second, track network traffic. Using the right scanning techniques will help you identify unauthorized software and systems that are using your network.
2. Cut loose the “control” mentality. It’s no longer feasible to simply ban certain apps.  If you don’t give employees the software they prefer, they just start using their own. They can easily access a vast and growing variety of apps, all without your help-or control.
3. Recognize the delicate balance between risk and performance. Evaluate risk on a case by case basis.  Then take control of high-risk situations and keep an eye on the rest.
4. Foster open communication. Get employees involved in creating intuitive policies.  You can turn them from your greatest risk to your greatest asset by leveraging their input and ownership of protective protocols.  This helps maintain security while keeping practical needs for performance in mind.
5. Develop a fully tested plan. Even if it’s only 70% complete, a tested plan will be far more useful when the need inevitably arises than a 100% complete plan that’s not fully tested. Most managers underestimate the confusion that occurs in the first few days following a breach. Unfortunately, that confusion can create a defensive rather than constructive atmosphere centered on discovering how, when and where the breach occurred. A comprehensive incident response plan can go a long way toward achieving a speedy resolution, and keep an otherwise manageable event from turning into a full-blown business crisis.
6. Find the right balance. Focusing only on security and asset protection can drag down business performance quickly. However, balancing risk with performance enables you to maximize your return from investments in detection and response. It also helps you become more adept at adjusting as the security landscape changes. By developing your organization’s ability to recognize threats and respond effectively to incidents, you can actually take risks more confidently and drive business performance to a higher level.
7. Make sure you know what applications your employees are using with a software package like Microsoft 365 Cloud App Security.  This tool will enable you to discover all cloud use, authorized or unauthorized, that is occurring on your network. Unapproved activity can be monitored and a risk assessment provided for the application.

Remember that, while monitoring Shadow IT can be a time-consuming process, the use of unauthorized applications is not necessarily the enemy.  It can in fact be an opportunity for you to discover business needs and empower employees via technology. Download our guide to learn more.

Now We Know…2018 Was A Record-Breaking Year For Data Breaches

We knew fairly early in the year that 2018 was on track to beat 2017 and set a new record for the number of data breaches in the year.

Afterall, 2017 had shattered 2016’s record the year before. Now that the final numbers are in though, we can see just how big an increase we’ve seen in the number of data breaches from one year to the next.

The numbers aren’t pretty. With 12,449 reported data breaches in 2018, we’ve seen a staggering 424 percent increase year over year. 2019 is already shaping up to be another record-breaking year. All that to say, our problems with hackers and data security are getting worse, and there’s no end in sight.

As with last year, the United States leads the pack in terms of the total number of records exposed by data breaches. Although in terms of raw numbers, the US’s total was fairly modest. It’s simply that all of the year’s biggest breaches occurred here.

At least part of what’s driving the phenomenon of the steadily increasing number of breaches is the fact that there are a staggering number of user login credentials for sale and re-sale on the Dark Web. These are purchased for modest sums and used by hacking groups all over the world to try their hand at breaking into various networks.

Unfortunately, given the sorry state of password security, it’s often months before a hacked account sees its password changed. That gives nefarious elements plenty of time and loads of opportunities to inflict whatever damage they will, and they’re only too happy to comply.

With the grim statistics above firmly in mind, it’s time to make data security at your firm your top priority. Based on the numbers, it’s not a question of whether you’ll be hacked. It’s only a matter of when. Download our free Self Assessment and find out how where you stand with network security.