Telesys Voice and Data Blog

Social media has been an emerging technology in recent years, and has produced many threats. Hackers have learned that they can take advantage of these communication mediums to launch dangerous new attacks on unsuspecting users. With enough ingenuity on a hacker’s part, they can potentially steal the identity of a social media user. Here are some of the best ways that your organization can combat identity theft through social media.

First, it helps to understand why social media is such an attractive vector of attack for identity thieves. For one, the anonymity provided by the Internet has long been a staple reason why it’s been commonly used by hackers to steal sensitive information from organizations. This was (and still is) done through spam and scam emails, but nowadays, strategies have changed enough where individuals have to be more cognizant of their personally identifiable information, because by using social media constructs like Facebook, Instagram, Twitter, and the like, they are much more exposed. Enterprise-level spam filters are readily available to all kinds of organizations, prompting hackers to step up their game and create nefarious new ways of stealing information.

Spear phishing tactics were the result of these efforts. Intending to bypass the likes of spam blockers and content filters through seemingly legitimate sources, phishing tactics come in a variety of forms, with the most successful of these coming from sources that hide the true intentions of the one making the attack. The Internet can mask the true identity of hackers so that they can seem to be someone else, either in an email scam, social media attack, or otherwise. This is known as spoofing, and has been a infiltration tactic for decades.

In particular, social media can provide attackers with a lot of information without them working too hard. Think about the kind of information that you might have on your personal Facebook or Twitter feed. Do you have a phone number? What about an email address or physical address? Do you have any information about the musicians you listen to, or the books that you enjoy? All of this information (and more) can be used to help a potential scammer steal your identity and use it for various ill offenses - the gravest of which could be stealing your identity and using it to attack those you hold dear.

Imagine what could happen if someone were to steal the credentials to your social media pages and use them to impersonate you. They could fool all of your closest friends and family into giving up whatever information they are looking for. For example, they might be able to coax your parents or loved ones into parting with personally identifiable information such as your Social Security number or credit card number, which could be used to open new lines of credit or make fraudulent purchases. Regardless, the threat posed by identity theft through social media is considerable, and you must take precautions to ensure that you don’t fall for these traps in the future. Here are some ways that you can make sure this doesn’t happen.

• Be on the lookout for suspicious activity on your accounts: If you suspect for even a second that your accounts have been compromised, be sure to change your passwords so that they can’t be used to hurt those closest to you.
• Look out for dangerous messages sent to you: If you suddenly receive messages from those who you haven’t heard from in a long time, and their behavior is suspicious, perhaps it’s best to ignore these messages or alert those who you think may be affected.
• Limit the information you share on social media accounts: Information can’t be stolen if you don’t choose to share it. Consider implementing more powerful privacy settings for your accounts.

Businesses are just as vulnerable to spear phishing attacks as individuals, if not more so. If you are like billions of others, social media has become an important part of your life, and quite possibly, your business. To ensure that you are doing what you can to protect yourself and your organization from the threats that social media and other innovative communications technologies enable, consider reaching out to the IT professionals at Telesys Voice and Data.

We are going to switch things up a bit and walk you through a retelling of a ransomware attack through the eyes of a business owner. Usually when we talk about these types of threats, we approach it from our perspective and talk about what you should do to prepare and what the threats are, but we wanted to try to show you what an event like this could feel like, for you, in your position, and in your own eyes. We hope that this will raise awareness of how crippling an event like this can be on your company, and we hope you let us know if this perspective helps you, your colleagues, and your staff get a more personal sense of what ransomware can do. Enjoy!

What a day it has been!

Typically, when I have a day like I just had, I wouldn’t sit here and write about it, but since our story is sure to help people, I thought that I should. Besides, my adrenaline is still pumping, and I don’t think I can sleep yet anyway.

The day I had was terrifying but started just like any other. I got through my morning routine and made my way to the office. I even stopped at the shoppe to get coffee. Once I entered the building I knew something was wrong. I had two employees beat me to the office. They were milling around almost aimlessly in the hallway. Before I even reached my desk, I was inundated with bad news.

“We are locked out!”
“What are we supposed to do?”

After getting past my employees into my office, I tried to ascertain what the problem was. It was evident very quickly that we had a major problem on our hands.

@!#?! It’s ransomware! I can’t believe it!

It could only be ransomware.

I wasn’t sure what allowed this to happen. Did one of my staff click on a bad link? Was our network vulnerable from the get go? Since the ransomware had spread onto the network, I could tell that the affected computer had to be used to manage other endpoints, pushing ransomware to all the endpoints the terminal had managed. This is why the computers that were on the network had the same message. This means that it ended up stealing usernames and passwords to open each endpoint and lock down the data on them.

It is during this period that the entity that unleashed this beast on us would look to take as much data as they could. It turned out that my company was using a global password configuration and the ransomware spread throughout our network like wildfire. So, when I was met with the message, I knew exactly what I was dealing with.

I never for a second thought that it would happen to us. Our business doesn’t deal with major financial institutions or medical records, so it would seem to keep us safe from these kinds of security breaches. I guess I’m just the latest person to ask, “why us?”

For those who don’t know, ransomware is any type of malicious application that “kidnaps” the data and holds it for ransom. It can shut down the files of a single computer, or in our experience, it can spread over the network to several endpoints; effectively shutting down operations for long stretches of time. I wanted to share my experience to help you know what to expect if you are one of the unfortunate business owners that have to have all the answers.

Don’t Panic
No matter how prepared you are for something like this, at first, you feel panic. Typically, you are immediately overwhelmed and are left kind of dumbfounded, glancing around the room, looking for answers that aren’t there. Regrettably, if you are doing that, the damage is done and there is nothing you can do about that. Scenarios race by in your head and the more they turn negative, the more the fear builds up in the base of your neck, in your throat, or in the pit of your stomach. You need to stay as calm as you can and begin troubleshooting immediately. The thing about ransomware is you can’t just wait it out. Once that wave of fear subsides, you have to make a measured response, because you likely have people that are on the clock, and an IT infrastructure that is locked down.

After the initial shock, I went to work.

Fighting Ransomware
I learned quickly that there are two main types of ransomware:

• Locker - Malware that locks the computer or device.
• Crypto - Malware that encrypts data and files.

The type we were unfortunate enough to encounter was WannaCry, a crypto ransomware that has infected millions of people worldwide by taking advantage of an unpatched Windows vulnerability. As a small business, our technology management was pieced together, but after this event, and all we’ve learned from it, we will definitely be sure to make our staff cognizant of how to avoid situations like this.

For us, we had three machines infected with a variant of WannaCry. The ransomware stated that if we pay $300 in Bitcoin for every machine that was locked, we could get our data back... and the clock was ticking, literally.

At that point, we had three options. We could abandon the machines and buy new ones, we could pay the hackers that had encrypted our data, or, we could attempt to restore our systems.

Part of me wanted nothing more than to just abandon the machines, bust our IT budget for the year and be done with it. We instead decided to try to restore the machines to a prior version, because paying the hackers was never a real option. First of all, any person that could inflict this kind of fresh hell on a small business was not to be trusted; and, I felt if I were to pay the ransom, there was no guarantee that we would a) get our files back; or, b) not get harassed again by the same people.

Since cost was a factor, we reached out the IT professionals at Telesys Voice and Data, and they walked us through the process of restoring our terminal and the two machines connected to it. Luckily for us, they had the knowledge and expertise to help us get through this horrible time. We will lose quite a bit of work, but, as of right now, it looks like we are going to come out of this whole thing much better than the majority of companies that have dealt with it.

I know we were lucky. I know we have to try harder. I know we aren’t out of the woods just yet, but I have to thank the people at Telesys Voice and Data. They really came through for us!

Ransomware attacks are rampant. If your small business isn’t proactive about its network security and if you don’t train your people on what to look for, you could be dealing with a problem that could potentially sink your business. For more information about ransomware, WannaCry, or other threats your organization faces today, call us today at (800) 588-4430.

If your business were to be struck by a Distributed Denial of Services (DDoS) attack, would it be able to recover in a timely manner? Do you have measures put into place to keep them from hampering your operations? While most organizations claim to have sufficient protection against these dangerous attacks, over half of them have simply proven to be ineffective against DDoS.

Students generally love it when classes are cancelled for whatever reason, but thanks to a cybercriminal group called TheDarkOverlord Solutions, a school in Flathead Valley, Montana was disrupted for an extended period of time. This downtime resulted in a disruption of operations for over 30 schools, as well as the threat to the personal information of countless teachers, students, and administrators due to a ransomware attack.

Dealing with disasters are a part of doing business. You know how difficult it is to recover from a devastating flood or storm. While businesses tend to suffer from these situations, countless individuals suffer every time a natural disaster hits. Just take a look at the United States in recent weeks. Even though you may want to donate to people suffering from hurricanes, there are illegitimate charities out there that want to make a quick buck off of your generosity.

As digital systems have been adopted by more businesses, data has become a bigger tool. This is due to businesses having the initiative to direct this data into creating strategy. Today, data services are a desirable component for a business to embrace. Let’s take a closer look at how businesses are expanding their use of their data.

In both the home and the business, security cameras are becoming more and more commonplace as a means of preserving security. However, some malware can turn these devices, and others, into cyber security threats.

The vice president for Fort Worth-based Telesys Voice and IT Services, a network and technology management company, Titus said his company joined the local BBB in 2009 to strengthen their brand. "We wanted to align ourselves with a standard of trust in business. The BBB is an organization that has been upholding the standards of trust in business for over 100 years.

"In our business, transparency and trust are important. Customers need to have a trustworthy partner for their IT and technology needs," Titus said. "Our company values these things, and we found we could identify with the BBB brand."

Botnets are proving to be a difficult hurdle for security professionals, and it’s easy to understand why. Distributed Denial of Service attacks that can knock down servers or services, as well as hordes of remote-controlled zombie computers, are two of the most dangerous ways that hackers use botnets to serve their purposes. What can you do to protect your business from botnets?

Hackers are always getting their hands into sticky situations, but one of the hot topics in world politics--the 2016 United States presidential election--is one of the nastier ones in recent years. In the past few months alone, hackers have reportedly breached not only the Democratic National Committee, but have also infiltrated at least two state election databases.

Sometimes when your workstation feels bogged down, a relatively cheap and simply hardware update can make a huge difference in performance. Adding more RAM (Random Access Memory, often just referred to as memory) can be a game changer for your bogged down PC.

As a business adopts certain “best practices,” it is important for business leaders to consider why they are adopted, and more importantly, are they really for the best? There are many problems that subscribing to false best practices can produce, and so it becomes important to identify, adjust, and resolve them.

This guide was created so that business owners, office managers, and IT departments can provide it as an educational resource to showcase some of the most basic IT security practices that can be implemented in your workplace. We recommend printing this out and handing it out to your staff for maximum results.

It’s imperative that your organization’s software is managed properly. If you can’t do this, then your operations can suffer in the long run. While this might sound like a lot of work, software management isn’t as difficult as it sounds if you break it down into compartmentalized tasks. Ultimately, you can group it into three major steps: leveraging available assets, testing strategies, and understanding the software.

It sure does seem that the term “network” is tossed around an awful lot. Network security, network maintenance, social networking, network switch… but what is a network, really? That is precisely what we shall dive into here.

The way that business is conducted today, the right technology is more of a necessity than a privilege. There are plenty of benefits that it can bring that an organization requires in order to stay competitive. For our tip, we’ll walk through a few ways that your business can be improved through the adoption of certain solutions.

Sometimes when your workstation feels bogged down, a relatively cheap and simply hardware update can make a huge difference in performance. Adding more RAM (Random Access Memory, often just referred to as memory) can be a game changer for your bogged down PC.

A business’ IT solutions aren’t the kind of thing that you can worry about once and never touch again - this is why manufacturers and developers are always sending out upgrades. However, you also need to have a strategy ready before you go to implement these upgrades. For this week’s tip, we’ll review how to put this strategy together.

Traditionally, small businesses don’t use their data in the same way as larger companies. This is largely because they may not think they have a lot of data. Well, I’m here to tell you that even small businesses can have big data. Let’s go over three ways small business can use their data to their benefit.

Gmail and the applications associated with it seem to have some level of inherent trust among users. We just don’t anticipate threats to come in via something from Google. However, it does happen, as a recent spat of phishing has shown using Gmail and Google Calendar. What’s worse, this particular scam has been around for some time.