Knowledge Base

Knowledge Base

  • Knowledge Base HOME
    Knowledge Base HOME Where you can find all the latest articles to the Intrada Knowledge Base.
  • Categories
    Categories Displays all the different categories within the Intrada Knowledge Base.
  • Tags
    Tags Tags are setup to help find articles related to a specific focus.
  • Users
    Users Meet the Staff and see what they have to share.
Subscribe to this list via RSS Blog posts tagged in Security
2704

The Monthly “Steal” by David Steele

The Monthly “Steal” is a bit of relevant technology information intertwined with personal thoughts, opinions and some real life experiences. It is written by David “Steele” and is free, hence a “steal” from a “Steele”.

206 Hospitals in 29 States were hacked effecting 4.5 million patient records in 2015. According to an article recently published in the Washington Post in February, a Los Angeles hospital paid $17,000 in bitcoin ransom to unload computer records.

 

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Hollywood Presbyterian Medical Center CEO Allen Stefanek said. “In the best interest of restoring normal operations, we did this.”

Digital FingerprintBut hospitals are not the only target. JPMorgan Chase, Home Depot and Target were all victims of cyber-attacks in 2014.   It is no secret that personal information is valuable; the FBI released an article that indicated that in 2013, over 2 million health care records were compromised which was 31% of all reported data breaches. Cyber criminals are selling the information on the black market at a rate of $50 for each partial electronic health record (EHR), compared to $1 for a stolen social security number or credit card number.

What’s amazing is that most companies still don’t take cyber security serious or value the importance of properly securing customer data. Companies install door access systems, alarm systems, locked server racks and camera systems all focused on physical security, but when asked how they are securing their customer data, there is often a lack of detail. Most IT companies and computer professionals practice “General Network Management” or “Best Practices”. There are general guidelines that, when followed correctly, produce safe and secure computer networks. Where most companies struggle is how to confirm that best practices are being followed, usage policies are enforced and employees, IT staff and vendors are trained and held accountable.  

In 1996, the Federal Government created the Health Insurance Portability and Accountability Act – HIPAA. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs. The Rule requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization. HIPAA focuses mainly on medical and patient rights but the same requirements located under the HIPAA Security Rule provide a solid foundation and accountability to ensure “General Network Management” or “Best Practices” are valid and are providing a solid network environment. Before, IT companies would send a network technician and tell them to secure the network. Now, they send in a network technician and say this network needs to be HIPAA or Payment Card Industry (PCI) compliant providing both the IT company and the customer with accountability.

Many companies may say, “but I don’t deal with medical so why do I need to be so secured. When IT companies are hired, they are trusted with financial information, personal information and company information. By applying a HIPAA or PCI compliance requirement to your network will force vendors and staff to be more aware and involved in both the physical and function security of information. In most cases, the cost to properly secure and manage a network is a fraction of the cost associated with a data breach or privacy violation.

Hospital-Map_20160422-145801_1.jpg

Resources:

FBI Cyber Division - April 8, 2014

The Washington Post - February 18, 2015

Cyber Attacks on U.S. Companies in 2014 - By Riley Walters - October 27, 2014

David Steele, Partner / Webmaster

djsteele@intradatech.com
570-321-7370
Facebook Twitter LinkedIn Google+ RSS Feed

Last modified on Continue reading
0
2050

Fish and Hook ScamsDon’t take the bait. There has been a huge increase in phishing scams received in emails that appear to be harmless or legitimate, but lure you into their net then steal your privacy, infect your computer or hold your data hostage.

This can be very damaging and costly to the company and computer network. The following information is provided to help you educate your staff and prevent damaging infections.

Common Phishing Hooks:

Email Link

LINKS IN THE EMAIL: links in the body of an email might look valid, but when you click on the link it takes you to a totally different address. If you hover over the “baited” link, most browsers will display the actual link you would be directed to in the bottom left corner.

At Symbol

EMAIL ADDRESS: Spammers use what is called “Spoofing” to present you with an email address that looks convincing, but it’s actually hiding the bogus email account. Common scams include emails stating there is a package waiting at the post office or there has been a questionable charge on your credit card and you must sign in to confirm the charge. I, personally, don’t click on any links in emails that relate to financial accounts such as credit cards or utilities. If I get an email – I open a browser and go to the site directly to verify account status or I call the company customer service line.

Grammar

GRAMMAR: Most scams have incomplete sentences, poor grammar, and lack of customer brand and contact information. If it does not seem right, there is a good chance it is not valid.

Email Attachment

ATTACHMENTS: Scammers will attach files that, when opened, will try to install malware and infect the computer. The best protection is not to open any attachments that you didn’t expect or were not sent from a valid source. Do not enable any macros or approve the installation of software.

Cloud Download

FREE SITES: Avoid websites that require you to install an application to access free files including fonts, music, videos, games or other applications. Validate the site is safe before downloading and installing any applications.

The latest lure in phishing scams is ransomware. The user is tricked into running a program or accessing a website that runs a program that will encrypt and lock all your data. Your data is held hostage and then requires payment to purchase the password to unencrypt your data. This can be a real sinker because it may encrypt all data across a corporate network, including network drives.

If you have received a questionable email,

contact the HELP DESK and have the email verified.

All applications should be approved before installing for both company acceptable usage and protection from malware infections.

If you would like to read the entire article on Avoid Getting Caught in a Phishing Scam or other articles from Intrada Technologies, visit: www.intradatech.com/knowledgebase.

Last modified on Continue reading
0
1901

In a world of ever growing dependence on technology, we sometimes leave ourselves vulnerable to security risks simply through complacency.  When the internet became part of our everyday lives people were skeptical about the security of this “invisible web” that was, at the time, a little clunky and scary to anyone born when Apple was just another type of fruit, and Windows were well Windows.  It seems though, that with the modern improvements in web pages, and the ever growing availability of the internet across many different devices (they now have Wi-Fi enabled refrigerators that can text you when you're low on milk) that maybe we've lost that vigilance while surfing and even in our everyday lives.

We've come along way since those days of “Napster” and “Netscape Navigator”, but the sad reality is that while the internet may have become prettier, but not too much safer.  The reality is that NO security software anywhere, no matter how modern, can guarantee 100% that a nasty new infection won't hijack your PC and leave you stranded on the side of the “Information Super Highway” that we've all come to rely on, even if only to check your email or to follow your friends and family on Facebook.  That being said, 100% of security software is useless if you give permission for scammers to access your PC. I know what you're thinking, “Why would I give a 'scammer' access to my PC?” well chances are you already have.

One of the more simple types of phishing scams involves “piggy-backed” software.  I’m sure you've been there, you're installing a new piece of software and unbeknownst to you a tiny little checkbox sits checked at the bottom of the install wizard, but you just keep clicking NEXT because you REALLY want to use this new software.  That's when you notice “PC Optimizer PRO” is now running every time you startup your PC and now your computer is running poorly.  “Wait, 'PC Optimizer PRO' says it can fix this for $99.99 I just have to sign up with a credit card.”  BOOM, now they have your information and they are going shopping, but this isn't even the worst case scenario.  The true threat today comes in the form of a courtesy call.

b2ap3_thumbnail_Microsoft-logo.pngIt's about 5 o’clock at night and you’re sitting down for supper, the phone rings. “Hello”, you answer.

“Good evening” the other voice replies, “My name is 'Chip' and I am calling on behalf of ‘Microsoft’” he continues.

“Our systems have indicated that your Windows Updates may have become corrupted by an infection, are you in front of the PC and able to get me access right now?”

“Oh no”, you reply. “Yes, okay I’m on the computer now”

“Great, could you please do the following…?”

b2ap3_thumbnail_FrustratedwithComputer.jpgThey then walk you through getting them access to your PC, after all this is “Microsoft” they know what they’re doing.  The problem is…this ISN’T Microsoft.  Once inside the “tech” disables your input so you can't use your keyboard and mouse, then the screen goes black. The PC is still on but you can't see what they have access to or what they're doing. In a panic you turn off the computer, but it's too late, they're in and they got what they came for.

While this is an EXTREME example, it happens every day.

Another scenario involves the same process as above except there never was an infection and you just paid $100 for them to do absolutely nothing, or maybe they leave behind a piece of software that captures all of your keystrokes, including passwords, social security numbers, account numbers, etc.

This isn't meant to be a doom and gloom scare tactic to frighten you. This is reality, and these things CAN happen to you or your friends and family.  There is hope though!  IT professionals fight day in and day out to find and eliminate these threats, but we can’t be everywhere, nor can we catch everything.  The best offense is a good defense.  Here are a few tips to help keep you safe:

 

  1. (Microsoft, Dell, Amazon, etc.) None of these companies will contact you without YOU first contacting them.  If someone calls claiming to be from ANY of the major IT companies, ask for a name and job title and a number and extension to return a call to.  Most of the time the “tech” will try desperately to keep you on the line, this is a sure sign of a scam.  If the “tech gives you a personal cell phone number (not an 800 or 888), this is a MAJOR red flag!
  2. Pop-up web pages aren’t just annoying they’re infectious.  Pop-ups stating that your PC is “infected and you need to go to this site to clean your PC” are 99.9% scams.  Don’t follow these links, avoid clicking on the pop-up windows as this can activate an infection.  CTRL+ALT+DEL and restart your PC all together as a last resort to avoid malware.
  3. Be Aware!  Always have a general awareness of where you are on the web.  Be cautious of anything that looks “out of place” on a favorite web site. It is easy to be directed away from safe areas to not-so-safe sites so watch what you are clicking on.
  4. If you’re not sure STOP! If you get to an area or if a message pops up that you don’t understand stop where you are.  Don’t accept any prompts that you don’t recognize or haven’t seen before.
  5. The best course of action for any of these situations is to take your PC to a LOCAL trustworthy IT company like us at Intrada Technologies* to verify any issues and secure the device.

 *Malware removals from Intrada Technologies start at $69.95(+tax).

Just remember that technology is amazing and very useful so long as it’s treated with its proper respect.  More than ever the internet is a very complex, powerful tool that can be used to accomplish incredible things, good or bad!

b2ap3_thumbnail_Intrada-Technologies---200-px---72-dpi.jpg

 

Last modified on Continue reading
0
Tagged in: scam Security
1988

SCAM ALERT

Microsoft LogoWe have received several calls from people reporting that Microsoft has contacted them at home to inform them of a problem with their computer. Cybercriminals don't just send fraudulent email messages and set up fake websites. They might also call you on the telephone and claim to be from Microsoft. They might offer to help solve your computer problems or sell you a software license. Once they have access to your computer, they can do the following:

  • Trick you into installing malicious software that could capture sensitive data, such as online banking user names and passwords. They might also then charge you to remove this software.
  • Convince you to visit legitimate websites (like www.ammyy.com) to download software that will allow them to take control of your computer remotely and adjust settings and leave your computer vulnerable.
  • Request credit card information so they can bill you for phony services.
  • Direct you to fraudulent websites and ask you to enter credit card and other personal or financial information there.
  • Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.

If you have been called and already gave the individual access to your computer, it is recommended to have your computer checked and cleaned by a professional right away. It is also recommended to change computer password and online accounts.

Will Microsoft ever call you? There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes.

Report phone scams

Help Microsoft stop cybercriminals by reporting information about your phone scam.
http://support.microsoft.com/reportascam

In the United States, use the FTC Complaint Assistant form.
https://www.ftccomplaintassistant.gov/#crnt&panel1-1

For more on this scam, visit: https://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

David Steele, Partner / Webmaster

djsteele@intradatech.com
570-321-7370
Facebook Twitter LinkedIn Google+ RSS Feed

Last modified on Continue reading
0

Contact Information: 
    31 Ashler Manor Drive
    Muncy, PA 17756

Hours of Operation:
    Monday to Friday 8 AM > 6 PM EST
 
 800-858-5745

Mission Statement

Intrada is built on the premise that the management of information technology for business is like legal advice or accounting. It is not a do-it-yourself job.

Smart business people who are not technically savvy need quality resources for reliable hardware, software, service, and support. Businesses rely on these vendors as trusted friends or partners in their business.

Intrada serves its clients as that trusted partner. We make sure that our clients have what they need to run their businesses, with maximum efficiency and reliability.

Many of our client's needs are mission critical. Intrada gives them the assurance that we will be there when they need us.