Cybersecurity

In part 3 of this series, we will review the security solutions that make up our Best list. The Best list outlines nearly all of the solutions that we feel an organization should utilize to reach a maximum level of cyber security posture. In part 1 we reviewed our short list of security solutions to […]

In this part of our three-part series “What Security Solutions Do I Actually Need for my SMB”, we are going to explore the Better option of solutions. The Better option includes the baseline items in the Short list, plus a few additional solutions. In part 1 of this series, we reviewed our baseline Short list

Disclaimer: I am in IT, so I feel the more solutions used, the better – but the article below is my honest take on the bare minimum solutions necessary to help protect your organization from malicious threats and then how to ‘ramp-up’ to reach a level of cybersecurity maturity The solutions that make the Short

Multi-Factor Authentication (MFA) is one of the most powerful data breach prevention tools. MFA is extremely effective at eliminating fake sign-in attempts to resources such as applications, online accounts, and Virtual Private Networks (remote access VPNs). Despite this, almost half of companies are not using it. Why are so many companies not using multi-factor authentication?

For Small and Medium-sized businesses (SMB) Managed IT Services used to be deployed on location, for in-office environments. Recent world events, such as the pandemic, propelled the demand for a remote workforce and hybrid environments, and we support our clients with employees who use devices to do business from home. We want everyone to benefit

By now everyone is aware of scam emails, and what phishing is. It is very prevalent. It takes over our inboxes on an everyday basis, posing security threats to our sensitive data. It can lead to identity and money theft, systems, and network vulnerability, data loss, and damage to your reputation. It can happen to

The new reality of COVID pandemic-enforced changes is now a major contributor to an increase in the remote workforce. The major changes in business operations are something that companies large and small have in common around the globe. At the height of the pandemic, an estimated 69% of workers had to change their in-office hours

Oh, the infamous phishing! It seems everywhere you look there is a cybersecurity article about it. That’s because is still the most efficient way for cybercriminals to deploy cyberattacks. We are not an exception, here are a few more articles we have on Phishing: How to spot a phishing email [5 easy tips] Phishing Scam:

On September 30, 2022, Microsoft released guidance regarding Zero-Day Vulnerability CVE exploits discovered in Microsoft Exchange Server in August of 2022.  This guidance appeared in various industry alerts – including the  New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), where the alert has been provided to assist organizations in guarding against the persistent malicious actions

I received a call the other day from an unknown number on my cell phone. I did not pick it up, as I tend to do with unknown callers, and let it go to voicemail. After hearing the voicemail left, I was slightly amused. A very nice, young, American-sounding female was letting me know that

With cybersecurity on the rise, Multi-factor Authentication is a go-to for an additional security measure for your devices and data points. Question: What is Multi-factor Authentication … and Which Method is Best? Answer: Multi-factor authentication is a method of securing data and applications after a user presents two or more credentials to verify the user’s

Maintaining a strong cybersecurity posture is more important than ever. With so many businesses investing in digital transformation technologies, the ramifications of a cyber attack would be devastating.  Combine this with the fact that many organizations have standardized the work-from-home model and you’ve got a recipe for serious disruption. But it’s not all doom and

The Internet of Things (IoT) devices are outnumbering the population of our planet. It is estimated that the planet has over 20 billion devices. The cybercrime results in business-related economic losses in the astounding amount of approximately $8 trillion – EIGHT TRILLION! Beyond its financial cost, the cybercrime disrupts critical and strategic infrastructure of the

A new vulnerability has been discovered for the Microsoft Office Suite named “Follina”.  It is triggered by opening malicious MS Office documents. Follina is a zero-day discovery. It does not appear that there are any exploits just yet, but due to the nature of this exploit, attackers will start to utilize it.   “Zero-day” is

As we go into the long Memorial Day weekend, many users will be checking their phones for new emails, or taking advantage of holiday shopping deals and making online purchases. Cybercriminals are aware of this and will use tactics to try and get you to open a malicious email. While you may think you are receiving

This week, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) released its Garden State Cyber Threat Highlights, providing insights into the threats and malicious activity directly targeting New Jersey networks. These threat warnings included ones related to Russia/Ukraine and Cuba. The NJCCIC is the State of New Jersey’s center for cybersecurity information sharing, threat

Phishing takes advantage of human error, and some phishing emails use sophisticated human engineering tactics to fool the recipient into sharing private information or infecting a network with malware. One phishing email can be responsible for a company becoming a victim of ransom demands in exchange for data or access to your business network.  It

Protecting your organization, large or small, from cyber attacks rests to a great extent on the IT security infrastructure and processes that are in place and managed by in-house and/or outsourced IT professionals. It is interesting to note that more than half of all cyber attacks are directed at small and mid-sized businesses. According to

Last week, the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) released an advisory stating that it did not see any specific or imminent cyber threat to New Jersey related to the Russia/Ukraine crisis.  However, it went on to say that it is likely that Russia’s aggressive cyber activity will increase and spread.  Therefore, it

Public networks expose your business to security threats. Switching to a virtual private network (VPN) can greatly help in reducing those threats. Many companies rely on public networks for communication and data sharing. It allows them to cut costs and allocate their funds elsewhere. However, reliance on public networks also raises several security issues.  

Tax season is here and attackers have been aggressively targeting popular tax software to harvest credentials. The software provider Intuit has issued a few security notices of a significant increase in fake emails pretending to be sent by Intuit’s notification system.   Intuit has now joined the ranks of household names such as American Express,

As you know, for an organization to enjoy continued success and growth, it needs a management that can effectively oversee key areas of daily business operations such as administration, finances, and marketing. But what about technology? Constantly changing and increasingly complicated, it makes sense to outsource technology to our team of skilled professionals. You need

To accommodate working from home and, now with schools starting, remote learning, both parents and students will use various devices that require an internet connection. These devices will likely use a home wireless (Wi-Fi) network; however, the Wi-Fi router may not be set up securely. If a Wi-Fi network is left unsecured, a threat actor

The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) has issued an alert after increased reports of a new round of emails containing Emotet infected attachments. Emails containing the Emtot infected attachments slowed during the summer, the threat actors behind the Emotet trojan continue to increase their activity, with a large uptick occurring starting in

There are numerous ways data can be put at risk. A number of different events will have an impact on customers and pose a threat to your brand, as well as your ability to provide services.   1. External Bad Actors – Clearly, this is the risk that gets the most headlines. Cyberattacks from hackers,

Twitter stated that the company detected what they believed to be “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.”  Twitter CEO Jack Dorsey tweeted several hours later that it was a “tough day for us at Twitter.” Twitter acknowledged that some users’ features

Through powersolution’s membership of the Cyber Health Working Group (CHWG)*, a new phishing campaign has been detected and reported on. This phishing campaign is designed around COVID-19 themed emails that contain a link to a phishing page that attempts to collect credentials for multiple banks. The attackers then use the information collected to extort funds

Did you know that 60% of businesses that suffer a cyber attack go out of business within six months? The vast majority of damage is due to the inability of the company to respond because they have not developed a cyber prevention and response strategy. If your e-commerce system, website, email, or customer data was

How Employees Slip Up When you look around at your digital landscape, you can probably point to any number of ways that a cyber attack might occur — but can you identify your single greatest threat? Employees, the greatest asset to most high-performing organizations, also represent one of the biggest threats. However, there are ways

In a recent US-CERT/CISA alert on Dridex malware and its various iterations, information is confirmed that this malware has the capability to impact confidentiality of customer data and availability of data and systems for business processes. According to industry reporting, the original version of Dridex first appeared in 2012, and by 2015 had become one

According to released information from Barracuda Networks, Microsoft Office 365 account takeover attacks are one of the most prevalent email attacks for the Office 365 platform. Barracuda states that approximately 29% of Organizations on Office 365 have had at least one account compromised by a bad actor. Account Takeover An Office 365 account takeover attack

In a past month, Microsoft  has released patches for over 70 vulnerabilities in its products. The company has been under the fire from users and system administrators for quite some time. The pressure was following the stream of vulnerabilities, including two of a zero-day type flaws. The zero-day vulnerabilities are still being actively exploited in

We have received numerous reports and examples today of an advanced phishing email being used to harvest Office365 credentials. The email is sent through a compromised account of an individual that is familiar, such as a colleague, business partner, vendor, etc. The attacker gets your email address from the compromised mailbox and then sends you

Cybercrime is a big and nasty business. According to Cybersecurity Ventures, small business (organizations with fewer than 250 employees) becomes a prevalent and profitable target: 58% of them were cyberattack victims in the recent year, and the astounding amount of $6 trillion is expected to be the cost of cybercrime the by the year 2021.

Today, one of the largest data breach data sets was released containing roughly 773 million unique records of email addresses and passwords. Microsoft Regional Director and MVP Troy Hunt obtained the original data set, titled ‘Collection #1’ from a hacker forum. The original data set contained 2,692,818,238 rows of email addresses and passwords. That’s right,

A new phishing attack is using fake non-delivery notification in an attempt to steal users’ Microsoft Office 365 credentials. These credentials will then be used to send messages from the users account, further spreading malicious emails and software. In this case, the attack begins when a user receives a fake non-delivery notification email from ‘Microsoft.’

Each year, SplashData., Inc, a leader in password management, analyses leaked passwords to find the top commonly used passwords. In 2018, SplashData, Inc. had five million passwords to work from, most of them from hacks in the US and Europe. According to the statistics, almost 10% of people have used at least one common password