IT Connect Newsletter

by
ransomware-email

7 Things You Need to Know About Ransomware

ransomware-emailRansomware is a well-named type of cyberattack. Cybercriminals taking this approach kidnap your data. After accessing your network, they encrypt files and demand payment for the passcode. Here are the top seven things you need to know about this business threat.

#1 It Can Happen to You

Cybercriminals rely on your false confidence. Don’t think “it won’t happen to me.” Attacks on government, education, healthcare, or financial institutions get publicity. Yet organizations of all types and sizes are targeted.

#2 Ransomware Spreads Fast

Ransomware is malware, malicious software that can reach throughout a network. So, if Jane from accounting opens a ransomware file, every single computer on your business network could be infected. The virus can spread between businesses, too. Consider the debilitating WannaCry ransomware attack of 2017. Within four days of its first detection in Europe, the strain had spread to 116 countries.

#3 Ransomware Targets People

A common method to send out phishing emails in the hope of having people enter their access credentials. Targeted business communication emails work, too. The attacker gets to know your business first. Then they send an email impersonating a colleague, supplier, or customer asking you to take action or update contact details by clicking on the link or downloading a file.

#4 Ransomware is Costly

Once the ransomware is installed on your system, it locks down your files. To regain access to the files, you need the password or decryption key the attacker supplies when you pay up; that’s if they keep their end of the bargain once you pay the ransom. These are crooks you’re dealing with after all!

In Coveware’s analysis of Q3 2019, the average ransom payment increased by 13% to $41,198 as compared to $36,295 in Q2 of 2019. And that’s just the cost of the ransom. Indirect costs include the cost of downtime, lost revenue, and long-term brand damage. There’s also the expense of removing the ransomware, forensic analysis, and rebuilding systems.

The average ransomware attack in Q3 2019 resulted in 12.1 days of downtime. – Coveware

#5 Ransom Requires Cryptocurrency

Ransom payment is usually made by bitcoin or another cryptocurrency. Your business needs to buy cryptocurrency with actual cash, then transmit the ransom. They choose cryptocurrency because it’s very difficult to trace. It doesn’t help you that bitcoin is not something you can charge back like a credit card.

#6 A Recovery Plan Helps

Planning in advance can help you respond more reasonably. Document plans to disconnect infected computers from the network as soon as possible. Also, power down any machines that could be vulnerable to avoid spreading contagion.

You should also discuss in advance whether or not your business will pay a ransom. Weighing the costs and benefits without a deadline on the decision can help you react more strategically.

#7 You Can Take Action

You don’t have to sit around worrying and waiting for a ransomware attack. There are many things you can do to help prevent this type of attack:

  • Filter traffic, preventing it from coming into your network in the first place.
  • Scan inbound emails for known threats, and block certain attachment types.
  • Use antivirus and anti-spam solutions and regularly upgrade and patch vulnerable software.
  • Educate all users about social engineering.
  • Allow remote access to your network only from secure virtual private networks.
  • Back up your data to more than one location so that you can restore any impacted files from a known source.

Ransomware is a lucrative, relatively easy mode of attack for cybercriminals. They could target your business. Contact us today for help implementing the best protection practices to keep your data safe. Call us at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by
abandoned-domainsemail

Don’t Let Crooks Hijack Your Domain

abandoned-domainsemailDoing business today you are as likely to give out your website address as your email or phone number. Your Web domain is your business identity on the internet. Don’t risk falling victim to the cyberthreat known as domain hijacking.

You build up a business site to represent your brand online. Every bit of content, and all the fonts and images you selected, reflect your business. You probably also have email addresses at the domain name (e.g. sales@yourbusinessname.com). So, imagine the pain of finding out that someone else has stolen your domain.

When your domain gets hijacked, you lose control of your website, its email addresses, and all associated accounts. And it’s not easy to recover them.

The Infosec Institute shares examples:

An advertising agency spent US$15,000 and 19 months recovering its stolen domain.

The owner of ShadeDaddy.com lost US$50,000 and had to lay off six of its eight employees. He said domain name theft is “like your house got stolen.”

How does a domain get stolen?

There are several ways this can happen to a business or individual.

The simplest is that your domain name expires, and you don’t know it. Domain registrars must send notice one month and one week before the domain expires. But the reminders might go to an email address that is no longer active or to the Web company that set your site up years ago and with whom you no longer communicate.

Once your domain rights lapse, the site gets disabled. After that, the domain name goes back into a pool of domain names for anyone to buy.

There are people who make money from purchasing domains. They hope to make money off your company’s desperation to get its domain back. Or they profit from redirecting traffic from your reputable Web address to their own.

Then there are the hijackers. These cybercriminals also want to profit from Web traffic redirects or to access your domain emails to send false invoices. They might intercept emails sent to your domain to learn proprietary information. They could change the content on your site or redirect traffic to a hub for online gambling, or worse.

The hijackers might steal your domain by gaining access to the email account you used to set up the domain. Cybercriminals might use phishing emails to obtain the access credentials. They use the password reset mechanism to take over your account and transfer the domain to a different registrar.

Your domain registration company could be compromised, too. It helps to pick an accredited registrar for your domain registration.

Any of these scenarios can have a serious, lasting impact on your business. Once someone else has access to your domain address they can do whatever they want with it.

Protect Against Domain Hijacking

The first step is to protect your access credentials. Leveraging two-factor authentication can also help prevent hijackers from stealing your domain. A registry lock can also help. It requires more communication if someone tries to change domain registration. This lets you know of suspicious activity and gives you some time to react.

It’s also important to know who is managing your domain name and how it is being managed. A Managed Service Provider can take care of this ongoing process for your business. Reach out to our Web experts today! Call us at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

“So Slow!” Is it your Computer or your Internet Connection?

“Why is this computer running so slow?” It’s a common complaint. The question is whether it’s your computer or your internet connection.

You may feel your computer is moving at a snail’s pace, but it used to be cheetah-fast! You’re going to want to identify and address the issue to get back up to speed. Yet it’s hard to know whether to blame your computer or the internet, especially now that so many computer applications rely on internet connectivity.

So, how do you determine whether it’s your computer or connectivity that’s the problem? If you are having the problem only on one device in a network, you can guess it’s the computer not the connectivity. Otherwise, think about when you are having slow woes.

If you notice programs are taking longer to load up, your computer may not be up to the task. Running large applications such as Adobe Photoshop, Microsoft Office, or some accounting packages can cause slowdowns. The hardware may be overwhelmed. You may not have enough available storage space. Sometimes your computer’s parts are simply too old and not fast enough.

Even a new computer could be the problem if it’s an inexpensive one. Or perhaps you didn’t get enough random access memory (RAM). Your computer needs RAM to run applications or games; it’s the short-term memory of the computer. This is where the computer loads all the things it thinks it might need soon so that it can process them quickly. Without enough available RAM, the computer has to work harder (and slower) to get the results you want.

No wonder common advice for people dealing with slow computers is to invest in more RAM. If your device is less than five years old, you can often upgrade the RAM inexpensively, or switch to a solid-state drive (SSD). An SSD reads and writes differently than a traditional hard drive, which allows it to access information faster.

Meanwhile, buying a replacement computer may be the answer if your device is more than five years old.

Then Again, Maybe It’s the Internet Connection

On the other hand, you might notice computer slowness when online. Web pages might be slow to load, or you might be waiting ages to access YouTube videos.

If the lag is happening on only one website, it could be that site’s problem. Otherwise, internet slowness could be a provider problem. Or you might have a poor connection.

One way to confirm a connection issue is to check your internet speed. A site such as fast.com or speedtest.net can measure your speed, then you can compare it against the connection speed you’re paying for. Don’t know that? Check your service bill. You may have a slow internet speed plan. Maybe you haven’t changed it in years but have added many more devices. In that case, you’ll want to call your service provider about an upgrade… or confiscate the kid’s devices when you want to stream a favorite show.

When testing, you are looking for a speed of at least 10 Mbps. Anything below that, and you’ll start seeing slowdowns and start hearing the complaints from all corners of the house. To put that in perspective, Netflix needs at least 5 Mbps to stream in HD.

Other Tidbits to Tackle Slowness

You might also try rebooting your computer or your modem and router. If you leave these running all the time, never actually turning them off, they can get stuck in a slow rut.

If you’re on Wi-Fi, that could also be the root of your problem. Maybe you’re on a network with too many users making demands. For instance, if everyone in your family is streaming on their devices, expect a slowdown. You might be in a signal dead zone. In that case, you could look into a Wi-Fi mesh network.

Ultimately, there are many reasons for a slow computer or internet connection. Don’t get stuck with a tortoise of technology. A managed services provider can find the root cause and get you running faster. Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

The Trouble with Trusting Your Online Friends

Trust is the foundation of a good relationship – you trust friends to be loyal, sincere, and honest. But when you blindly trust online friends, you could be opening yourself up to cyberattack.

When you hear about a big data breach on the news, you may think you don’t need to worry. You may think, “I don’t do business with that company, so the crooks can’t steal my identity.” Or “my email address and password weren’t involved, so it’s not my problem.” Yet it could be.

One of your friends or family members’ personally identifying information may be hacked. Then, cybercriminals could use that as a stepping stone to get to you.

Think you’re safe when you interact with friends and family on Facebook or Instagram? Those aren’t the sites breached! Again, think twice.

Many people reuse their username and password on more than one site. Imagine the bad guys get hold of an individual’s credentials from a malware attack on a major retailer, or they buy that person’s credentials for a banking site on the Dark Web after a breach. The crooks might try the credentials on those sites to see if they can gain access, but they are also likely to try those same credentials on other sites, too.

What to Watch Out for Among Friends/Family

Hackers prey on our impulse to trust others. They have greater odds of success impersonating a Facebook friend asking for help. If a Nigerian prince emails out of the blue and asks for money, most of us know by now to delete the message immediately. But if Aunt Peggie does the same thing via Facebook, you’re more likely to fall for it.

The same thing happens with malicious content. We all know not to click on attachments from people we don’t know and trust. After hacking a social media account, cybercriminals email all that person’s friends. They might say something appealing such as, “you’ve got to check out this latest hilarious video of my son!” We want to see our friend’s son being funny, so we click, and the trouble starts.

One more note: be wary of whom you accept into your “friends” circle online. Adding your niece’s best friend or your work colleague’s husband may seem like a good idea, but, that’s one more possible vulnerability.

Impersonations of people you trust aren’t only happening on social media. You might get emails that appear to be from companies you trust, vendors you know, or work colleagues. For instance, you might get an invoice from your housekeeping service. It looks like usual, with the same services listed, but the banking details are different. If you don’t catch on, you’ll be paying the crooks instead of your cleaners.

Or you might get an email from a “co-worker” asking you to remind them of a password or account number. It seems like a simple request from someone who can afford to be casual about security with you. But don’t fall for a “hey, what was that password again?” request.

Another area of daily life that cybercriminals target is online selling sites such as eBay. They might hack an account with solid feedback to post items for sale. They’ll accept your payment but never deliver the goods.

Ultimately, don’t rely on that browser lock suggesting a site is secure or the fact that you already know so and so. You may not be actually dealing with that individual. Always confirm, using another method of communication, before sending sensitive info or money.

A managed services provider can help you secure online interactions and home computing networks. Want to learn more? Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

What is a Firewall, and Why Does It Matter?

Hearing “firewall” in the context of computing can be confusing. How does a tall, blazing fire separating rescue teams from people trapped apply to computers?

Well, imagine the rescue team using heavy blasts of water to save the day. A hacker is as motivated to get at your data. They will try everything to bypass your security. They want to get inside your network perimeter. In a business office, computers and printers are often networked together. This lets Jane in accounting and Kevin in graphic design access the same business tools.

In computing, a firewall sits between that internal network and the internet outside. It’s kind of like a nightclub bouncer. You definitely want it to be as burly and intimidating as possible to keep the riff-raff out. The firewall helps reduce or prevent unwanted traffic from getting through.

The Packet Filtering Firewall Approach

Your firewall can be hardware, software, or both. A packet-filter firewall monitors and controls network traffic. It filters data entering the network according to predetermined rules. IT experts set up a firewall to examine small amounts of data (called “packets”) to see if they contain threats. It checks packet data against criteria such as allowed IP addresses and packet type. If the data is suspect, the firewall stops those packets. If not, the data will continue on to its destination.

Firewalls stop certain software from sending and receiving data to and from the internet. This reduces the number of entry points for viruses or illegitimate traffic. After all, a club wouldn’t want to hire the bouncers to cover seven different doors.

A firewall also monitors outgoing traffic. Why’s that? Because an infected computer in your network could be sending out malicious information. If your company has fallen victim to a malware attack that turns a computer into a bot, it might be “phoning home.”

Unlike E.T. trying to get back to the safety of his home planet, the malware is checking in with its Zombie master. It’s helping to strengthen the bad guy’s ability to attack victims.

Firewalls can help prevent denial-of-service (DoS) attacks. In a DoS incident, thousands of computers are used to send an overwhelming amount of traffic to a network. It’s like putting 10,000 people in an elevator with an occupancy limit of 20 – expect a crash.

One famous 2016 attack seriously disrupted Amazon, Visa, PayPal, Netflix, AirBnB, and more.

Other Types of Firewall

Packet-filtering firewalls aren’t your only option. Stateful inspection is helping to make firewalls even smarter. These check where the packet came from, where it is going, and what application requested it. This end-to-end examination is more rigorous. All the parameters must match trusted information for the packet to pass through. This approach offers a smart, fast way to inspect for unauthorized traffic.

When setting up any firewall, it is important to avoid any unintentional openings. A hole in a chainlink fence renders perimeter security useless. A hole in a firewall leaves your network vulnerable.

Need help deciding on the right type of firewall for your business? Want to be sure your firewalls are going to withstand attack?

Our experts can help set up and test your firewalls. Contact us today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

Could Your Backups Survive A Ransomware Attack?

More and more businesses and organizations are getting stung by ransomware demands. Hospitals, schools, social networks…some days it seems like an epidemic that leaps around arbitrarily, and hackers are raking in millions.

Tallied across the word…billions.

Ransomware attacks are devious in their simplicity. A user in the target business is tricked into opening a file, usually through a phishing email or download. The file contains malware which instantly encrypts your data and demands money in exchange for the password.

No payment = no password = no data.

All of the target businesses should have backups, which they could simply revert to without paying any money, but the FBI reports more than $209 million was sent to hackers in the first quarter of this year alone. Keep in mind, this was just payments within the US, and only counts those who came forward.

Last year it was only $25million.

Aren’t backups helping?

Sometimes the backup solution fails and the data can’t be retrieved. This is particularly true in cases where the solution has been in use for years and something failed along the way.

In other instances, the target business has a backup that can be restored, but it doesn’t include everything they need for full recovery.

Finally, and the most common reason so many businesses are forced to pay the ransom:  the ransomware attack affects the entire system – including attached and synchronized backups. If the backup is also caught in the ransomware encryption, it becomes useless as a recovery method and the only options are to pay or lose the data forever.

Each day spent trying to recover the data is a drain on valuable business resources and in many cases, results in massive revenue loss.

The only defense is to block the malware before it can infect the first workstation, and then continue the protection with a comprehensive backup strategy for all workstations and servers.

Give us a call to discuss how we can help secure your business against ransomware today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

Is Your Tech Partner a Team Player?

Business is about relationships. One important relationship today is with a technology partner. This partner will consult on hardware, software, security, and other IT concerns. You can focus on other business priorities, but is your tech partner actually a good team player?

There are a lot of businesses that call themselves technology partners. The term can be broadly defined.

Technology vendors who sell specific hardware or software solutions will promise a partnership, but they will focus on a relationship that benefits their business goals.

For instance, they will generally try to steer you toward buying the products that they themselves make. Vendors will also bill your business for support when you need it. Yet that creates a conflict of interest: they profit from your inconvenience. That’s not the type of partner you want on your team.

A True Partnership with your MSP

Managed Service Providers (MSPs) are another type of technology partner. They look to add value to the team.

In MSP partnerships, your business pays a monthly fee to keep everything working. Your MSP manages your IT and protects your end-user systems. You are paying them to prevent problems before they happen. Unlike reactive vendors, MSPs work to enhance business security and compliance.

Partnering with an MSP adds experts to your team who learn your business needs and look to improve efficiency and flexibility. Besides the convenience of predictable pricing, an MSP will also suggest ways to help reduce IT costs. MSPs have relationships with many different vendors, so they can get the best price when offering you access to new technology.

In introducing new hardware or software, or making upgrades to streamline processes, an MSP is usually brand agnostic. Sure, they may have favorites due to good experiences with a particular brand, but they will still put your business needs first and always find the best solution for you. They’ll want to explore how the work gets done, get to know the IT environment, and seek employee input.

The MSP experts will sit down with you to find out the business challenges that need to be addressed. Then, they do the research and propose the best solutions for your users and environment. To continue the sports analogy, MSPs have more than one single play in their playbook: they draw up the tech strategy that best suits your business needs.

The MSP is also in it for the long haul. A vendor may be looking only to be a partnership that leads to product or service sales and tech support calls. The MSP model is built on collaboration and communication. These are IT experts who thrive on seeing their clients develop, optimize, and succeed.

Plus, MSPs can join forces with businesses of any size. They’ll bring the same team play to the IT playing field for small and home businesses as they would for enterprise-sized organizations.

Key Takeaway

In gauging whether your technology partner is a team player, consider the relationship benefits. You may get the technology you think you want from a vendor, but they are also focused on profiting from the partnership?

Your MSP should take the time to learn about user experience and business objectives to ensure their solutions and services add value. Instead of benefiting from things going wrong at your business, your technology partner should have an incentive to prevent problems from ever happening.

If you want a MSP technology partner who will find the right solution for the benefit of the team, CPI can help with our Flat Fee IT Solution!

Contact our experts today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

4 Common Compliance Issues You Might Be Missing

Information security is on every business’s radar these days. Data drives so much of what we do. Looking to contain the risks, many sectors have established IT compliance regulations. Whether meeting a standard or not, don’t overlook these common areas of concern.

Governments and regulatory agencies have established compliance standards for the financial, legal, healthcare, and energy sectors. Other organizations abide by best practices for data protection and improving system security. Whether mandated or not, the goals remain similar:

  • Improve security protocols.
  • Identify vulnerabilities.
  • Prevent breaches.
  • Reduce losses.
  • Increase access control.
  • Educate employees.
  • Maintain customer trust.

Shortcomings can mean compliance concerns, industry fines, customer churn, and brand reputation damage. Being proactive about these four common issues can benefit companies in any industry sector.

Common Issues that Thwart Compliance

Companies with Bring Your Own Device (BYOD) policies save $350 annually per employee, according to CISCO, but cost savings aren’t the only reason organizations are embracing BYOD. Letting people use personal mobile devices at work improves productivity and engages employees.

Yet allowing BYOD in the work environment can make the organization more vulnerable. There is greater risk of:

  • spread of malicious applications or viruses;
  • employees accessing business materials using unsecured Wi-Fi;
  • people who have left the company continuing to have access to proprietary systems.
  • None of these are good from a compliance point of view.

Personal portable devices may not have the same access controls as business computers, which makes them more vulnerable if lost or stolen.

This brings us to a second common compliance concern: physical security. A business may do a brilliant job of securing its devices on-site. It has firewalls, patches security regularly, and asks employees to update passwords, but what happens if a laptop, mobile phone, or USB drive is stolen or lost?

All devices accessing business systems and networks from off-site should use encryption. With remote monitoring and management, IT staff can control security configurations regardless of the end-user environment. Mobile device management allows your IT team to secure, locate, or erase any mobile device used for business.

Counting on Others for Compliance

Another area of concern is third-party connections. Again, your business may be top of the class as far as the five core functions of cybersecurity – Identify, Protect, Detect, Respond, and Recover – are concerned, but what if your vendor’s security isn’t up to snuff.

Do you have business partners that are storing your sensitive data? Or does a supplier have access to personally identifying customer or employee information? Third-party risk is a real thing – ask Target. Cybercriminals stole data for 40 million debit and credit cards via the retailer’s HVAC company.

Cybercriminals could use a third party’s lax security to target you. Make sure that your vendors are taking cybersecurity as seriously as you do.

Even in your own business environment, cut the number of people who have access to sensitive data. Obviously, you’ve hired people you think you can trust, but you can still better ward off the insider cybersecurity threat by:

  1. educating employees about the importance of strong passwords, securing devices, and physical security;
  2. informing people about social engineering (e.g. phishing emails or fraudulent business communications);
  3. limiting personnel access to data, network, or systems based on necessity;
  4. having a policy to revoke access permissions and reclaim devices from any employee leaving the company.

Ensuring compliance takes technological know-how and awareness of the evolving threat landscape. This vigilance, communication, and education require time and effort. Put the right policies and procedures in place with our help. Contact our experts today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

5 Best Practices for Buying Technology for Employees

Buying technology for personal use can be exciting once you get past the price tag. Yet there are many factors to consider when investing in technology for employee use.

There are many digital tools available to improve the day-to-day way people do their jobs. Providing the right tech can increase productivity, streamline processes, and improve employee engagement. Yet determining which solutions are smartest for your team takes work.

Investing in a technology that doesn’t suit the needs of your staff can hurt your business:

  • Learning a new technology takes time away from other mission-critical tasks.
  • Employees resent the change when the tech further complicates their day.
  • Staff feel unheard and disrespected when asked to use digital tools that don’t help.
  • Disgruntled employees disengage, which hurts customer experience.
  • Employees look for an easier way to do their work and may change work environments as an answer.

Best practices for buying employee technology

Providing the best technological tools supports a more productive, energized, and motivated workforce. These best practices help bridge the gap between IT ambition and actual employee experience.

Know how work gets done

Many decision makers think they know how work is done, but they haven’t actually been in the trenches in years. Looking at the metrics to analyze process efficiency isn’t enough. Purchasing officers need to understand the employee’s daily journey. They need a good answer to the question “how is this technology going to make my work experience better?”

Understand the IT environment

Just as technology is evolving, the work environment is adapting too. Before buying employee technology, determine where people are working most. Are they in the office or remote? Do they sit all day at a desk or need to be on the move? Are they customer-facing? Or do they need more collaborative tools with internal teams?

Don’t make any IT purchases without weighing up whether the technology can handle the use it’s going to get. If someone is going to need access to the technology on a shop floor, a brand-new desktop is going to be a bust, whereas an employee who travels all the time for work is going to prefer a rugged but lightweight laptop.

Aim for uniformity

Bringing a shiny new Apple computer into a PC environment can be problematic. Loyalty to one manufacturer or software can help people embrace new tools quicker. Additionally, it makes buying parts and warranty much easier. You’re also more likely to be able to take advantage of product integrations and interoperability.

Develop consistent relationships

If you’re buying a lot of technology at one time you may be eligible for volume pricing. Plus, if you’re returning again to a supplier you’ve worked with in the past, you could ask about a loyalty bonus.

Working with a managed service provider to find the right tech solutions is also useful. Their supplier relationships can lead to volume discounts, better-than-retail pricing, and improved warranties.

Seek employee input

New technology introduces change into the work environment, but people don’t love change, especially if they feel a new system or software is being pushed upon them. It will help to ask staff what tools or technology they want. Often they already know!

Technology is an essential part of how people experience work. It’s easy to get seduced by a bright, shiny new device or promising feature. Instead, make decisions based on whether the technology can do what you need it to do and whether it’s going to make the employees’ work environment better or worse.

Need help making decisions about the right technology for your teams? We can help. CPI can help! Contact our experts today at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.

by

LetMeIn101: How the Bad Guys Get Your Password

Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.

Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.

Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.

Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.

Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.

If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.

Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.

The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.

Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.

Tip: Be cautious about your online activity on computers or networks you don’t trust.

Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.

Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.

These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?

Contact our experts today! Call us at (416) 645-2469, (905) 667-0441 or email us.   

Want to be notified when our next blog is posted, sign up here.