Submit a Ticket | Upcoming Events | PCS Connect | Call us (478) 971-1834

What Does Windows End of Life Mean to my Business?

You’ve all heard the panic. Windows is cutting off support for its widely popular version 7 software. January 14, 2020 will officially mark Windows 7 End of Life. Many companies have used Windows 7 since its onset in 2009 and are still actively using it today. That means you will need to migrate every single device. It’s possible you’ll need to upgrade your hardware as well. So, what’s the big deal? Can you just stick with Windows 7 or will your computer self-destruct?

 

The good news is that your computers will work just fine after the End of Life date. However, just because your computer will function doesn’t mean it’s wise to hold onto outdated software. The largest concern for Windows 7 users is security. Since updates and support will no longer be available, your device will be extremely vulnerable to cyber threats. In fact, this is a bit of a hacker’s dream. They are standing by, knowing people will neglect to update their operating system.

 

Windows 7 is actually already in its ‘extended support’ phase and has been since 2015! Microsoft ended mainstream support including new features and warranty claims. Yet, throughout this time Windows has kept virus patches and security bug fixes up to date. With End of Life, that will go away. IT and security experts alike strongly suggest migrating your operating system to something current before the Windows EOL date. Theoretically, you could pay for Windows 7 extended support on each individual device, but the costs will build up faster than simply migrating. Not only that, but specific security and bug fixes will also be more expensive and charged on an individual basis.

 

Currently, there are a few options to choose from when it comes to Windows 7 EOL. Don’t be cheap and go to Windows 8. Though it is a newer version, it’ll only be a matter of time before you need to migrate all over again. You could transition to Windows 10 (recommended). If you are worried about cost efficiency, you could try a free operating system like Linux. It will take some research to find the specific Linux platform that’s best for you, but it may be worth it if you’re someone who likes to tinker. Then, of course, you could swap to a Mac altogether. Just keep in mind that Apple’s products are pretty expensive and you may need to re-purchase certain business applications.

 

It’s important to begin working with your IT Company on this migration as soon as possible. They’ll take a look at the devices you are using, determine how many are utilizing Windows 7, and ensure your hardware isn’t out of date. Not all computers will be able to handle a new operating system, which could make a migration take much longer, more difficult, and costlier as you upgrade hardware. Your IT company will provide a recommended path for an upgrade with a clear budget and timeline for completion.

 

Overall, take some time to plan your transition. Talk to us if you need additional help or options. Most of all though, get moving now. EOL will be here in no time.

Why are you so popular?

You’ve heard about many of the scams that exist on the internet now. It’s tough to simply look at your emails without noticing several phishing emails sitting in your inbox. Lately, the largest influx of social engineering scams has come from social media.  As of right now, worldwide social media users total 2.34 billion according to Statista. That is a lot of people to target, and hackers are taking advantage. How? Fake accounts. Forbes estimates that there are over a half billion fake social media profiles in circulation today. There are four main ways these cyber-criminals are utilizing social engineering via social media.

Swaying Public Opinion

The most recent large-scale example of utilizing fake accounts to sway public opinion was meddling in the 2016 election. When investigating, Facebook not only found millions of fake Facebook accounts, but they also found that there were Facebook ads created to sway American voters. The ads and posts came from profiles that looked legitimate, but in all reality were conjured up simply to create influence with minimal effort. In addition to their obvious desire to affect election results, if people clicked on the ads, their computers were often infected with malware that would give away valuable personal info.

Fake Advertising

Have you seen the pages that say a celebrity talk show host is giving away XYZ prize or a big-name brand is handing out free gift bags if you share and like the page? All scams. The perpetrators hide behind names that look similar to the authentic celebrity or brand and rely on unwitting people to click, share, and like. These hackers then follow-up by selling your information to third-parties or targeting you with malware advertising to get you to keep coming back.

This technique goes all the way back to 2011 after Steve Jobs passed away. A fake FB ad claimed that Apple was giving away iPads in honor of his passing. Well, that ad went viral and thousands of people clicked on the link, which in turn infected their computers and devices.

Minimally Invested Profiles

Social engineering has gotten more complicated with (MIP) minimally invested profiles and (FIP) fully invested profiles, found mostly on Facebook and LinkedIn. MIPs are created in bulk, and they usually have very little original content on them, as well as a sexy or provocative profile photo. These hackers go around making friend requests willy-nilly in hopes that their picture will intrigue people to add them. They'll eventually send you malware via FB messenger or put rogue posts on your Facebook wall.

Fully Invested Profiles

The FIPs that get created take a little more time and effort, however, they are more efficient because they really look the part. To an untrained eye, a profile like this could pass as an acquaintance. The best way to crack this mystery profile is by looking at their friends, seeing if you already have a friend by that name, as well as scouring the content of their posts. If this raises even one red flag, it's likely it’s a fake profile.  People using this technique target you on Messenger with infected content, usually videos that lure you in because you “know” the sender.

These are just a few of the main ways that social engineers are using social media to target people. While snooping on your co-workers, checking to see what crazy Uncle Larry just posted, or simply browsing through memes, always be diligent and aware of your internet surroundings. In addition, make sure your firewall and antivirus are up to par! Don’t let a social engineer manipulate you into surrendering your information.

Ransomware: Why It’s Getting Publicity and What to Do About It

Even though ransomware attacks decreased in 2018, they remain a major threat in the cybersecurity landscape. So much so, that ransomware was recently featured on 60 Minutes. The story primarily covers three major instances of ransomware, two that affected municipalities, and a third that targeted a hospital.

All three were attacked in a way that encrypted every single one of their files and also encrypted some of the files within their backups, sending the organizations back to operating on pen and paper. Two, despite FBI recommendations, ended up paying the ransom to restore their data quickly, while the third decided not to pay the ransom and went about remediation on their own. 

The hospital was hit with a $55,000 bill, while one municipality (Leeds, AL) was able to negotiate payment down to $8,000. These ransom sums may not appear astronomically high, but that’s exactly how the hackers keep going. If they requested millions in ransom, no one would pay. An amount in the solid five-figures, though, feels doable for most organizations to get their precious data restored. The third entity (Atlanta, GA) suffered millions of dollars in losses and time in efforts to recover. Some of their data could never be recovered.

The story presented a very clear picture of the dangers surrounding ransomware; however, there were two major issues in the story. First, the entities covered were obviously major entities implying that you needed to be in the public eye to be affected. This is certainly not the case. In fact, nearly 50% of small business owners say their business was affected by a cybersecurity attack in the last year. Ransomware is not just for highly public entities. 

Perhaps more importantly, the story painted paying the ransom as the cheaper and often faster way to go. In very rare occasions, paying the ransom is the only option; but if you’re stuck in a ransomware trap, we do not recommend jumping straight into paying the ransom. Here’s why:

  1. Sure, after you pay the sum (typically in bitcoin), the vast majority of hackers suddenly become ethical and return your files. Let’s look at the reality, though. You’re relying on someone who just took your data hostage for an exorbitant fee to return that data to working order simply because you held up your end of the unwanted bargain. Sounds a lot like using hope as a data recovery strategy to us. At any point the hacker could respond, “Thanks, but no thanks!” or “Well, we thought this would be a sufficient amount; but we ran into snags with your recovery. We’ll actually need x number to finish the job.” 
  2. Prevention is a better strategy. If your back-up is set up correctly with an on-premises and multi-tenant off-site solution, you should be able to roll back to data that existed before the ransomware attack. Granted, you may lose some data in the process if the encryption gets into the backup like it did in the attacks covered in the 60 Minutes story. Losing some data is a lot better than putting yourselves up the creek financially by paying a major ransom. In addition to proper backup, ensure that you’re effectively training employees and stringently monitoring data coming in and out of your network. 
  3. Isolation is possible. In short, don’t store all of your valuable data in one place. If, on the off-chance, ransomware breaches your network, you don’t want to give it an open door to encrypt absolutely everything of value. Keep all critical applications on isolated networks to maintain global network safety. 

Ransomware attacks may be on the decline. However, that just invites the hackers to come up with a more creative way to scam you out of time and money. Perhaps phone ransoms are coming next. Regardless of what the hackers create, make sure you’re prepared and don’t have to rely on paying a hefty ransom to keep your business in operation. 

How Social Engineering is used by Cybercriminals to Steal Your Info

Cybercriminals are no longer some kid in a basement working on a computer. They are highly educated “professionals” with degrees in not only IT but psychology and other arears of human behavior. They use this knowledge to put together clever social engineering campaigns to trick you into giving them the information they are looking for. Below are some of the methods they use to achieve this end.

Email.
Although we are swamped with SPAM on a daily basis and we use SPAM filters and anti-SPAM solutions there is only so much the SPAM systems can do in trying to figure out the real email verses the bad email. The rest is on you. If you are like me you spend a few seconds on a new email to determine if it is something you need to read or delete. These cybercriminals are so good at what they do that they often have their emails chosen to read over the legitimate ones. We all know about the Nigerian prince that needs your help to get his money out the country all he needs is a few thousand deposited in an account to secure the deal. But most of the newer ones will attempt to trick you into believing the email comes from Netflix or your bank or Amazon etc… These are just some of the way’s social engineers’ prey on unsuspecting and trusting people. If sending money or willingly giving up information isn’t involved, then there is usually malware within the email. The links that can be clicked on will deploy malware to infect your computer files and obtain information about you or encrypt all your files and hold them hostage for a ransom. It’s amazing how prevalent these scams are. But if you’re educated on them, you won’t become a victim.


Posing as someone you know.
This can take several different forms, however the most obvious is copycat Facebook profiles. This is another prominent scam that cybercriminals use to trick people into thinking they are receiving a friend request from someone they know. The profile will often contain a few photos from the original person’s profile so it looks a tad more real. As unsuspecting friends add this profile, it begins to look more legitimate because of similar friends and associates. This profile can ask for money or send links containing malware to infect your computer, or even corrupt your Facebook profile gaining access to personal information. Another way cybercriminal can gain access to your information is by posing as someone within your company. They can send an email that looks like it’s from your boss when really its fake. Usually, something about the email address will be a bit off, if you’re paying attention. Letters are swapped around or a .net becomes a .com at the end of the email. As soon as you open it or click on a link, there goes malware infecting your computer. This scam is usually highly effective because it gets sent to everyone in the company, and people often take it as real from the boss.

Target people is through advertisements.
Considering ads are pretty much everywhere online now, creating ransomware ads is incredibly easy and a bit difficult to spot among the hundreds of people see every day. For this type of social engineering, cybercriminals literally deploy ad campaigns showcasing a product or a service. When you click on the ad, it downloads malware or ransomware onto your computer. Most of the time these ads are for anti-virus software or a pop-up will come on your computer saying your computer has been infected and to click the link to clean the virus. Tricky, tricky cybercriminals.