A Huge Database of Fitness App Information Has Been Found Unprotected…

If you use any type of fitness app, you will want to check this out…

GetHealth, an American based company that collects information from fitness wearables, helps users record the data on their computers.

Recently, security researchers located over 61 million user records in the Internet – UNPROTECTED – including passwords, dates of birth, names, and other identifiable information.

There is no real way to know if you were one of those people – but here is what you CAN do…

Update everything:

• Chrome just put out an important update that patches a significant vulnerability.
• Microsoft also put out multiple new updates.
• Apple was compromised last week and also released an update.

Why do these updates matter? 

Your fit device is sending your personal information to the platforms you use to organize it. Maybe it is a Gmail, maybe it’s an Apple phone. By updating your software regularly, you’re consistently installing new patches that reduce your vulnerability to hackers skimming info off the web.

Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

What if You ARE Hit With Ransomware?

About a week ago, we posted some important guidelines for avoiding a ransomware attack.

But what if you ARE hit with ransomware? Then what?

Check out these 5 steps for recovery – and if you haven’t implemented a backup plan, start working on one now!

1. Isolate and shut down critical systems – containment should be prioritized during an attack. It is possible all networks have not been infected. Your first goal is to STOP THE SPREAD.
2. Enact your business continuity plan – hopefully you have one! This should include details on how to restore critical data and systems to get back online.
3. Report to law enforcement – many businesses hesitate to do this, but it is necessary for a quick recovery. Law enforcement agencies can provide resources that would be otherwise unavailable.
4. Restore from backup – which means…make sure you are BACKED UP! Many companies fail to back their data up, thinking they will not be targeted by an attacker. Bad decision! Always back your data up!
5. Remediate common entry points – if you routinely run risk assessments, you will have a good idea of where these might be. If you do not, it is time to get someone in there now! Responding to a ransomware attack without knowledge of your vulnerabilities is like going in blind. Recovery is going to take significantly longer.

If you do not have a well-thought-out and tested plan in the event of an attack, it is time to grab these 5 steps, gather your team, and create one!

You do not want to delay this!

Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

Nothing is safe even a computer hardware manufacturer caught Ransomware

Hospitals, retailers, and financial institutions tend to be the targets of choice for the hackers today. But this does not mean you can put your guard down if you are not one of these businesses, hackers are still after your company. In reality any company can find itself in the cross hairs of a hacker.

In early August (~August 6, 2021) a new victim was revealed Taiwanese motherboard manufacturer Gigabyte. There were several things that had occurred:

1. Manufacturing in Taiwan were shutdown
2. A few of the company’s web-based systems, including its online support were also brought down.

The investigation into the matter is ongoing and will for some time. According to the article the attack was part of the RansomExx strain of ransomware.

What occurred:

• Hackers were able to exfiltrate about 112 GB of data
• The Record was able to obtain some of the data it found on the Dark Web as proof that RansomExx was behind the attack.

The Ransom EXX hackers began in 2017 their first strain was called Defray. In the beginning it was aimed at healthcare and educational institutions. It was not used in many high-profile attacks.

Fast-forward a few years about a year ago RansomExx had developed new malware. This time it was infecting both Windows and Linux based systems. In March 2021 the group started going after VMWare ESXi. VMWare and Linux are commonly used within corporate environments. Some smaller organizations use VMWare to host virtual machines.

Here are a few of the victims of RansomExx:

• Konica Minolta
• Tyler Technologies
• The Montreal transit system
• The Texas Department of Transportation
• The Brazilian judiciary.

Do not become the next victim these big organizations have teams of IT staff and IT security professionals keeping an eye on their networks.

If you would like DK Systems to perform a network assessment and verify your network is safe give us a call: 414-764-4465

Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

3 Ways to Protect Against Ransomware

We have seen an alarming number of ransomware attacks since the start of 2021…

If you are in a small or medium size company, you know the chances of surviving an attack are slim and costly.

During a recent panel, security experts outlined 3 ways to protect your business from ransomware – they are things we think every business owner should know.

1. Update your email security and deploy URL filtering – new strains of ransomware will override some security tools including encryption. Regular updates to your security measures will ensure there’s no easy instant access for attackers.
2. Have a well-thought-out and religiously tested backup plan – most businesses do not plan ahead for a ransomware attack, which sets them up for immediate disaster. Do not casually discuss possibilities for a backup. TEST it thoroughly so you know it will not fail in the event of a breach.
3. Train end-users – when people are aware of ransomware, they can avoid it. Many small and medium businesses cut corners where security training for employees is concerned – making them one of the highest points of entry for the hacker.

The worst possible approach to data security is, “It won’t happen to us.” The likelihood that it WILL happen to you is rising. Make sure you’re playing OFFENSIVELY, not defensively.

P.S. Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

A Recent Instagram Bug Proves “Private” Is not Actually Private

We all have some form of social media…

Most of us place a good deal of trust in the privacy settings on Facebook, Instagram, Snapchat, and other platforms…

But a recent bug on Instagram allowed attackers to view private data including archived posts, IGTV reels, and stories – all without following the user.

A bug bounty hunter disclosed the issue on April 16th, 2021…

And get this – it was not patched until June 15th – almost two months later!

This is exactly why we hear security experts warn people not to post personal things online. Nothing on the Internet is private. Even with privacy settings.

Worried about some of the content you have posted online? It might be time to reevaluate what you put out there…

Experts do not expect this type of behavior to stop anytime soon.

In fact, if anything, they expect it to increase.  What are you employees, family members, and colleagues posting and how might that affect you?

P.S. Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

If You have Been Breached, You are Probably Still On the Hit List

A common assumption is, if you have experienced a breach – specifically a ransomware attack – it will not happen again. Pay them and they will move on…

Not so.

In fact, businesses who have been attacked have an 80% chance of being attacked again! That is 4 out of 5!

And being attacked by ransomware is not just about paying or not paying… 

Consider:

• huge losses in revenue
• Big drop in brand or services reputation
• A high likelihood of having to lay off employees

26% of businesses interviewed had to close entirely…

Simply because a ransom has been paid and you have survived does not ensure it will not happen again…it is hard to deal with all of these factors once. But twice?

We have had some major big name attacks recently…Colonial Pipeline, JBS USA (our biggest meat packing company) and others.

Some of the victims (Colonial, for example) were not ready. In fact they did not even know they were on the radar.

No one PLANS to be targeted by a hacker. It just happens. 

Taking note of the vulnerabilities hackers exploited in recent attacks can help us be vigilant and prepared before a breach – or a second breach – occurs.

P.S. Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

How Likely Are You to Get Hacked Today?

Undoubtedly, you have received one of those annoying emails from your bank or social media account alerting you of a compromise…

What happens next is extremely frustrating – the bank cancels your card…you wait a week to get a new one…or if it was your Facebook profile, you have to mass message a million people you never talk to and advise them not to click on the phony link they got “from you.”

The same kind of stuff happens in business…and usually it is linked to human error…someone did not change their password, someone clicked on a bad link, etc.

So how likely are you to get hacked today?

Do not ask your IT department – because they do not know. Try measuring your risk…It is not as easy as it sounds…

What kind of protections are in place? More importantly, are they being properly utilized?

Think about it this way – you can mount a security alarm in the entryway of your home, but if it is not connected to the security company, it will not do much for you when an intruder breaks in…

A room full of equipment is useless…and likely means you’ve been breached or are about to be…

You need visibility – where are your assets, what or who is protecting them, and are there holes waiting for the cybercriminal to break through?

Everyone has them…the question is do you know where yours are.

P.S. Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.

Here is Why Security Consolidation is a Good Idea

IF YOU ARE RUNNING MULTIPLE LAYERS OF SECURITY – from different vendors – it is time to consolidate.

Here is why:

Small-medium size businesses do not have gigantic security budgets or big security departments…if you are one of them, you know how hard it is to protect company data with a small budget.

Multiple solutions equals FRAGMENTED visibility to certain parts of your internal environment, making it easier for hackers and cyber criminals to bypass existing security.

Visibility is critical (DETECTION) – it does not matter if you have a bunch of security solutions in your office… If you cannot adequately see (DETECT) what is going on, you are basically ASKING a hacker to choose you…

Good consolidation combined with heavy automation – enables small security teams (or an outsourced team) to do more with less…

And of course, most small teams lack the real expertise required to operate security solutions effectively…

If you are looking for an MSP provider who also knows security, you will want to consider these critical items:

• 24X7 proactive monitoring of the organization’s environment
• Real-time detection/response technologies
• Management of events, alerts, customer inquiries, and incidents
• Proactive threat intelligence and threat hunting
• Remediation guidance – emergency response.

P.S. Also, if you’ve not received my eBook on a few important IT Security Basics, request it here for free.