Good news! More bad news.

CISA (Cybersecurity and Infrastructure Security Agency) is an organization that was established to help fight against cyber crime. As this group learns and collects data on the different types of crime, they update their Known Exploited Vulnerabilities catalog (KEV).  The KEV is updated often; just in June CISA updated the catalog 49 times. How often are you updating the key points in your digital infrastructure, and what are the metrics you’re using to do all of this by?

That’s a lot to ask of the average person (the average person being someone not in IT). And so there are many companies and programs that automate these various updates. Instead of taking a look at all or many of the areas you could be updating regularly, let’s take a look at one: patches.

First, before we talk about updating and managing patches, let’s make sure we understand what a patch is. Patches are basically the updates to software, operating systems, and certain hardware systems that typically address security issues and vulnerabilities within the application. When your computer notifies you that it needs to Restart to apply updates, it needs to install the latest security patches. Now that you know what they are, let’s talk about managing them.

The pros of automation is that you can set it and forget it. The cons of automation are that you can set it and forget it… until it kicks up a bunch of red flags. Recently a patch was released and some companies and federal agencies implemented it without first testing it. This caused major internal issues like problems with authentication, which meant employees couldn’t login to the services they needed to do their work.

Some basic steps to help avoid issues (but will require you to do more work) are:

  • Make sure you have a current list of ALL software and OS in use.
  • Set up rules and procedures for patch management.
  • Keep up with new patches.
  • Before you implement them throughout, test all your patches.
  • Always have a backup of working editions.
  • Make sure your patches are downloaded from secure sources.
  • Keep a patch management or configuration management log.

If you’re having issues with things like this, don’t go at it alone or trust just anyone. Betterchips Consulting can help keep you compliant and manage tasks like this properly. With decades of high level experience, we understand how important it is to not only keep you safe from outside attacks, but also keep you safe from the things meant to protect you.

Betterchips - Technology Know-how

Happy holidays from your international cybercriminal syndicate

Betterchips - Technology Know-how

The 4th of July is one of the nation’s largest celebrations. As many Americans and non-Americans come together to enjoy this time off, reconnect with family and friends, and perhaps share a beer or two, cybercriminals are in the wings waiting for their moment to shine. 

Most companies have come to expect phishing schemes and cyber attacks around holidays such as Thanksgiving and Christmas, but all-to-often, we ignore and overlook the other holidays. Criminals see time away from your computer as an opportunity to explore and exploit your unattended network. 

The facts are clear, the vast majority of breaches occur because someone let the wrong person in the virtual door. Once on the other side, hackers will spend time going through your data, watching interactions and transactions, and deciding on what you need most. It may be months before you are made aware of their presence, and the more time away from your systems, the less likely you’ll catch them before it’s too late.

Some key reasons holidays are great opportunities for criminals…

  • Employees are usually thinking about other things during holidays, and a preoccupied mind is more apt to slip up and click on the wrong thing.
  • Less eyes inside the network means more free time for criminals to snoop around. Long periods of being offline make it harder to track suspicious activity.
  • When purchasing on a budget or under time constraints, sometimes better judgment takes a back seat to what appears to be a great deal.
  • A limited staff or a staff that doesn’t usually work with your systems (but is covering it while you’re away) could be the gate keeper a seasoned hacker is looking for. 
  • With lots of emails from family and coworkers being circulated around the holidays, criminals will exploit your trusting nature and pretend to be someone you know. 
  • Working remotely can be dangerous. Public hotspots are a prime access point for tech savvy criminals to obtain access to your data.

It only takes a few extra moments to prevent someone from gaining access to your digital assets. Stop and inspect any emails or text messages you receive. Even if the message appears to be from a familiar source, take a second to double check. Use your known means of contact to reach out to the sender, and get confirmation the email or text was sent from them. If it’s coming from an address you recognize but the content seems suspicious, don’t interact with the message. Wait till you have a chance to speak with the sender directly. If you’re working remotely, try to avoid public hotspots, and if you have to use unsecure networks, make sure your antivirus software is current. Remember all it takes is one mistake and everything you’ve worked for could suddenly be up for ransom or worse, erased forever.

IF your company should find itself under attack with a data breach or compromised security, contact Betterchips immediately. The quicker Betterchips can get involved, the more likely your company’s digital assets can be saved or restored. Don’t let precious time go to waste, contact Betterchips now… Yes, we work holidays.

Don’t get caught!

Let’s be honest, since before Napster, people have pirated copies of programs, games, and music, for both personal use and profit. Then, with the invention of things like in-home CD-R’s and MP3’s, digital piracy leapt into the future. The vast majority of thieves will never see a courtroom, but are you willing to take that chance with your business? 

Today’s companies are heavily reliant on software. From registers and card readers to subscriptions with companies like Adobe and Microsoft, virtually every aspect of a business has been touched by software. So why would anyone want to get caught stealing the software that their business relies on?

Software companies invest large sums of money developing and improving their programs, and hate to see companies and individuals using their products without paying, even if it’s unintentional. The fines and fees associated with getting caught with software that isn’t licensed properly or is being misused, can be astronomical. Even if you didn’t mean to use the software maliciously, software companies only understand that you used it and they didn’t get paid for it.

Software companies will insist you pay them for the entire time you used their products and any fines and fees they have outlined in their contracts. And speaking of contracts, pay close attention to the ones you’ve signed. Some are blanket licenses that cover your company entirely, while other contracts only cover a set number of users within your company. Some companies have renewal rates that need to be paid at a set time, while some companies only want you to pay them once and provide you with ongoing support thereafter. It’s imperative you understand the terms you sign up for, it can make all the difference if they should come back around and ask you to pay them additional money. 

Is it worth rolling the dice and taking a chance on whether or not your company is caught up on all its licenses and compliances? How important is having access to the programs you use day in and day out? How will losing access to these programs affect your company’s productivity, or will you even be able to operate? These are questions you should be asking yourself and your management. 

Having a quality MSP company looking out for your digital assets can help prevent costly mistakes like this from happening. A company like Betterchips Consulting not only works to make sure your data is safe and your digital assets are operating optimally, but they also maintain and monitor your licenses and make sure you stay compliant.

Does your network trust no one?

95% of breaches occur because of user error. That’s right, your precious data and all the initial setup you’ve done to protect it will likely be undone by one of your own. If you’ve never heard of zero trust, there’s a good chance your security profile is based on a protocol established in the 90s… you’re not still using Webcrawler, are you? 

The 90’s centralized data center and secure network perimeter is given a major uplift with zero trust. The concept is simple: your network treats everything as potentially hostile. Period. But some are misusing the term in order to market other products.

Let’s be clear, your business probably isn’t understanding technology jargon, keeping up with the latest tech trends or navigating cybersecurity. But this doesn’t mean you should also be taken advantage of due to ignorance. Here are the core details of zero trust.

  • Every connection is terminated. Before anything ever hits its destination, the item is inspected. This is different from traditional network security that inspect items once they reach their destination.
  • Data is protected using context based policies. Basically, a zero trust infrastructure will continually evaluate a number of factors to make sure the person or program requesting the data has all its ducks in a row.
  • Attack surfaces are reduced. In a traditional network setting where a user may want to access a program on a network, in zero trust, the user and app are directly connected. This greatly reduces the possibility of contamination laterally.  

Yes, there’s a lot going on behind the scenes of your network, and yes, you should definitely keep it up-to-date and as secure as possible. Things like zero trust, which VPN to use, compliance and regulations, policy and procedures, and cybersecurity, are just some of the things a qualified MSP like Betterchips Consulting handles on your behalf. You have enough to worry about running operations day-to-day, let us help ensure all your hard work is safe, secure, and performing optimally.

Good Intentions, Bad Advice

Cybercrime is up a staggering 600% since covid has become an active member in our lives. Companies are more reliant on technology and the internet than they’ve ever been, and this means ample opportunities for criminals to gain access. From inconsistent practices in the office to poor network infrastructure, the laundry list of means to gain entry by bad actors is long and steadily growing. So the question has shifted from “what if?” to “when?”.

Many victims fit the same profile: they (or their systems) become compromised and they are robbed or extorted out of a large sum of money.  When an incident first becomes realized, victims take the logical first steps and contact their lawyer. The lawyer almost always does what they think is best and advises their client to contact the local authorities and the FBI. This is absolutely a crime and we strongly recommend getting the authorities involved, but what we believe to be the first right move is to contact a company that can immediately begin working directly with a company and help to close any doors and potentially recover what has been taken.  Law enforcement is so overwhelmed and understaffed, there is simply little they can do to assist victims of cybercrime.

Time is truly of the essence and where all crime should be reported, every hour, every day, and every week that goes by and nothing is done internally to begin restoring a customer’s digital assets, means the likeliness (already slim to none) of recovering what was taken is dramatically reduced.  Furthermore, as many companies are horrified to discover, not only are they robbed of monies and valuable data, the ability to continue working is halted.  This is why roughly 60% of small businesses close within 6 months of being attacked. 

We strongly suggest that every lawyer (not just every law firm) have a vetted and verified company to refer to their clients should they require immediate assistance. Along with contacting the authorities and filing a report, the first step should be contacting a company like Betterchips Consulting, so that while the authorities gather details and log the crime, we can begin the process of making this right.  Do not do a disservice to your clients by not having a trusted partner ready and able to assist.

Abandoned Business as the Result of Failed Data Protection

Lincoln says goodbye and attackers say hello

Abandoned Business as the Result of Failed Data Protection

Cyber crime isn’t a “them” problem, it’s an “us” problem, but to be more specific, it’s a “you” problem. Over 40 percent of cyber attacks targeted small businesses, and this is probably due to the fact that small businesses (roughly 86%) are ill prepared to defend against these attacks. Many companies assume that they’re too small or their business isn’t directly reliant on technology or the internet. But with one wrong click, many businesses are finding themselves locked out of important data, basic day-to-day functions and operations, or worse, without the funds to continue business. 

After 157 years of providing students with a higher education, Lincoln College located in Illinois, shut its doors in May of 2022. Lincoln College has a predominantly Black student body, and if you look back on what 157 years has been like for both Black institutions and the Black demographic, it’s a shame that the straw that broke the camel’s back was a cyber attack.

For full disclosure, the pandemic also played a role in this decision, but like most other institutions and businesses that suffered, Lincoln College was looking forward to getting things back on track. The ransomware attack put a halt on the college’s ability to conduct life sustaining business, “All systems required for recruitment, retention, and fundraising efforts were inoperable.” 

Since the pandemic, cyber criminals have not only ramped up their attacks but also expanded who they attack; they are constantly looking to exploit the most vulnerable and easily accessible. Let’s be clear, if a college that was founded in 1865 is at risk of a cyber attack, there’s a strong chance your organization is in their sights as well. Betterchips Consulting can’t always help undo what damage has been done, but we can help prevent the attacks from happening in the first place. 

Betterchips Consulting can help your group update policy and procedures, as well as insure hardware, software, and compliance requirements are all up to date. If you should find your company the victim of an attack, we can help resolve and remedy the situation.

A Technology Threat Actor

A war on your security

A Technology Threat Actor

With evidence that Russia used cyber attacks and digital media to influence and affect the outcome of the 2016 election, it’s safe to assume that with the war in Ukraine not going as they hoped, and sanctions closing off sources of revenue, Russia will intensify their digital assault on global pockets of wealth and technology.

The government’s Cybersecurity and Infrastructure Security Agency (CISA) has recently begun to promote their Sheilds Up campaign. This is the site’s opening statement…

Russia’s invasion of Ukraine could impact organizations both within and beyond the region, to include malicious cyber activity against the U.S. homeland, including as a response to the unprecedented economic costs imposed on Russia by the U.S. and our allies and partners. Evolving intelligence indicates that the Russian Government is exploring options for potential cyberattacks. Every organization—large and small—must be prepared to respond to disruptive cyber incidents. As the nation’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyberattacks. When cyber incidents are reported quickly, we can use this information to render assistance and as warning to prevent other organizations and entities from falling victim to a similar attack.

CISA has compiled a dynamic list of steps individuals and businesses alike should take in order to help fight against any potential attacks.

Fix the known security flaws in software. This could be resolved by simply making sure your applications are always current.
Implement multi-factor authentication (MFA) as often as possible. This ensures that even if your password is compromised, accessing your data will still be difficult for unauthorized users.
STOP BAD HABITS! Replace outdated software that is no longer receiving support from its manufacturer. Replace systems and products that operate off static or common unchangeable passwords.
Sign up for CISA’s Cyber Hygiene Vulnerability Scanning. Register for this service by emailing vulnerability@cisa.dhs.gov. Once initiated, this service is mostly automated and requires little direct interaction. CISA performs the vulnerability scans and delivers a weekly report. After CISA receives the required paperwork, scanning will start within 72 hours and organizations will begin receiving reports within two weeks. Note: vulnerability scanning helps secure internet-facing systems from weak configurations and known vulnerabilities and encourages the adoption of best practices.
While zero-day attacks draw the most attention, frequently less-complex exposures to both cyber and physical security are missed. Get your Stuff Off Search – S.O.S. – and reduce Internet attack surfaces that are visible to anyone on web-based search platforms.

When you find your data assets have been compromised, or your compliance and software are no longer current and supported, or that your growing company requires a quality stateside MSP to help navigate its digital future, we at Betterchips Consulting would like to offer our support and service. Betterchips Consulting is here to help companies understand, protect, and sustain their digital assets.

An Auditor Reviewing Documents with a Magnifying Glass

The stats don’t lie… just the bad guys.

An Auditor Reviewing Documents with a Magnifying Glass
Auditor makes internal audit of company and checks financial report with magnifying glass.

Ever heard of the FTC’s (Federal Trade Commision) Consumer Sentinel Network database? The FTC’s Consumer Sentinel Network (Sentinel) is a database that receives reports directly from consumers, as well as from federal, state, and local law enforcement agencies, the Better Business Bureau, industry members, and non-profit organizations. Twenty-five states now contribute to Sentinel. Law enforcement agencies from local to international utilize the data to spot trends, monitor bad businesses, improve procedures, and enforce the law. 

The results are in for 2021, and things are looking up… in the amount of reports filed and monies lost. There were over 5.7 million reports filed, including 2.8 million worth of fraud. The fraud alone cost Americans 5.8 billion dollars, which is a 70% increase from the year prior. 1.4 million Imposter scams brought in over 2.3 billion dollars, up from 1.2 billion in 2020. And based on the trends from every year, 2022 will break the current numbers before the year’s out.
The sudden shift to working from home caught businesses and consumers off guard, and now that there’s a shift to things going back to normal, bad actors are once again waiting to take advantage. IF your company should find itself under attack, with a data breach, or compromised security, contact Betterchips immediately. The quicker Betterchips can get involved, the more likely your company’s digital assets can be saved or restored. Don’t let precious time go to waste, contact Betterchips now.

419 Strikes Again

There’s a good chance you’ve never heard of ‘419 fraud’ but you have heard of the Nigerian Prince scam; actually these two things are one and the same. In Nigeria the code for the crime this scam falls under is 419, and it was adopted by the FBI. 

This scam has been around since before the internet, with villains using snail mail and fax machines to carry out their heinous acts. And although the means to communicate have changed, the crime, though as old as time, still manages to swindle hundreds of thousands of dollars annually out of the pockets of those seeking to get rich quickly. This is one of the reasons the Nigerian government is slow to act, as they believe the people getting scammed are also committing a crime by trying to take money out of the country illegally (same or otherwise). But how does this scam work? 

The Nigerian Prince scam is a variant of a 19th century scam called the Spanish Prisoner, and the Spanish Prisoner is a variant of a scam called the Pigeon Drop… so basically, this ruse has been around for a very long time. In all of these iterations, a mark (the victim) is tricked into believing that if they put up funds for a “noble” or “reasonable” purpose, they in turn will be rewarded many times over. The scammers start by telling the mark that they need to get money raised so that a notable person can get out of a hostile situation quickly and safely. Once the figure is free and clear, they will compensate the person for being so kind. During the scam, the tricksters will come up with reasonable reasons the victim must provide more money, and this will continue until either the mark is broke, or they have finally caught on.

The damage unfortunately doesn’t conclude there for many of the victims. Since there’s a good chance personal information has been shared (banking details, identification, and so on) even once the scammers have been made out, they will take this information and proceed to use it to open accounts and make purchases. This scam can have long lasting and devastating effects for those who fall prey to it, and because the culprits are in other countries, the chance of catching them is slim to none.

The rule of thumb is simple; if it’s too good to be true, it is. The FBI offers these suggestions:

  • If you receive a letter or e-mail from Nigeria asking you to send personal or banking information, do not reply in any manner. Send the letter or message to the U.S. Secret Service, your local FBI office, or the U.S. Postal Inspection Service. You can also register a complaint with the Federal Trade Commission’s Complaint Assistant.
  • If you know someone who is corresponding in one of these schemes, encourage that person to contact the FBI or the U.S. Secret Service as soon as possible.
  • Be skeptical of individuals representing themselves as Nigerian or foreign government officials asking for your help in placing large sums of money in overseas bank accounts.
  • Do not believe the promise of large sums of money for your cooperation.
  • Guard your account information carefully.

IF your company should find itself under attack, with a data breach, or compromised security, contact Betterchips immediately. The quicker Betterchips can get involved, the more likely your company’s digital assets can be saved or restored. Don’t let precious time go to waste, contact Betterchips now.

IT Professionals Performing Cybersecurity Operations

Tech service is totally in right now… or out.

IT Professionals Performing Cybersecurity Operations

Does your company have in-house tech support? If so, can your it support handle every aspect of your IT needs or does the company still require outside support?  If your company does not have in house IT support, where does it go for help when IT issues come up? When issues come up, has the company had to hire different IT firms to tackle different problems? When it comes to IT support there’s a plethora of questions to be asked and just as many ways to answer them.

Some reason companies chose to have in-house IT support:

  • In-house IT support understands the daily operations of the company
  • In-house IT support can respond quickly to problems during business hours
  • Privacy and confidentiality 

Some reasons companies have no in-house IT support are: 

  • The cost to hire a full time employee is not within their budget.
  • Having 24/7 IT support isn’t possible/difficult with a paid employee.
  • There’s no perceived value in having IT support.
  • Typically in-house IT is non-specialized, and capable of handling general IT tasks.

Many times technical support and customer service are thrown into the same category, because for most companies, when a customer/employee is having a technical issue, the experience is negative, and so by default, it must fall under customer service. But… What SMBs are finally realizing is that having technical support that goes beyond replacing mouse batteries and installing printer drivers, is an invaluable ace in the back pocket. With technology and cybersecurity advancing daily, companies that rely heavily on their networks and the data housed within those systems, could find themselves quickly falling behind. 

A weakness in technology support could lead to systems failing, efficiency and work productivity being compromised, falling out of compliance, or an outdated software and security protocol could mean big opportunities for cyber criminals. And if a company cannot afford or does not want to have an in-house team, the only option left is to seek outside consultation.

The drawbacks to having outside IT support:

  • Finding the right fit for your company.
  • A firm may not be capable of handling a wide range of tech related issues.
  • A niche firm may be overwhelmed easily by a variety of requests.
  • Many IT firms only offer remote support.

Not all firms are created equally, so it’s good to understand both your company’s needs and wants, and what each outside firm is capable of providing.

The benefits of having outside IT support:

  • An outside firm can provide a professional team at a fraction of the cost.
  • An outside firm can usually tailor your services to fit your needs and budget.
  • An outside firm is always available and won’t get sick and call in.
  • Many outside firms can easily scale up as your business grows.
  • Outside firms can provide 24/7 support, and some may also offer onsite support.
  • The right outside firm can provide your business with everything it needs to be protected and operate smoothly, for the fraction of having 

IF your company should find itself under attack, with a data breach, or compromised security, contact Betterchips immediately. The quicker Betterchips can get involved, the more likely your company’s digital assets can be saved or restored. Don’t let precious time go to waste, contact Betterchips now.