We are celebrating spooky season with a horror story of IT done wrong, a cautionary tale warning about the perils involved when a company does not consider their IT infrastructure a priority. Hear the tale of a company that decided to do business without a Managed IT Service Plan in place.
It is no secret that Allegiance Technology Solutions is a Managed IT Service Provider. For those unfamiliar with that term, Managed IT Service refers to outsourcing your IT support and maintenance, rather than hiring internal IT employees. Depending on the size of your business, Managed IT Service plans provide a cost-efficient technology support system that makes sense from a financial standpoint. With a good Managed IT Service Provider, you can have peace of mind that the technology your employees rely on will be supported and maintained, so you can focus on growing your business.
However, there are companies out there that can’t justify the monthly overhead costs associated with a Managed Service Plan. They believe they can’t afford the monthly cost, or they don’t see the value or benefits of having a Managed Service Plan in place. So they put off such things as required maintenance or scheduled updates. Although a company can ride for some time without proper maintenance, eventually their luck will catch up with them, and problems occur. A mission critical application crashes, or hardware starts to fail. Eventually, something is going to fail. And it usually happens at the worst time possible, right when you need it to work the most!
The Case of the Reluctant Accountant
Case in point: XYZ Accounting Services, a fictitious name for a real Certified Public Accountant company, recently experienced such a problem. XYZ prepares taxes for many clients, and heavily relies on a specific application to process, record and file tax documentation on behalf of their clients. The application was running on a very old server running Microsoft Windows Server 2012.
Yeah, the Windows Server version that was based on the horrid, unbeloved Microsoft Windows 8. Shivers!
Remember this interface? The one that Microsoft wants us to forget?
XYZ had contracted our services many times over the years to fix one-off technical problems, choosing to pay our emergency support rate rather than agree to a monthly contract. Despite several conversations about the benefits of a Managed IT Service contract, XYZ stubbornly refused our monthly service, thinking it was cheaper to pay the emergency fee on an as needed basis.
On a recent emergency support call, it was discovered that the hard drives in their aging server were starting to fail. After several hours of work, we set up a band-aid solution for them so they could continue to work. We warned the head of XYZ Accounting Services that their server was beginning to fail, data might become corrupted, and the hardware needed to be replaced ASAP. He asked for a quote to replace the server.
After receiving the quote, XYZ decided the cost was going to be too much to handle. And the aging server continued to limp along. Until one day, a few months later, it could limp no more.
Again, Allegiance Technology Solutions was called upon to provide emergency support. But the server had served its last record. It had computed its last calculation. It was time to release that old server to the great junkyard in the sky.
The server had to be replaced, there was no band-aid solution that was going to work this time. After lengthy discussions, and a quick turnaround from our support team, a new server was being built while the data from the old server was being recovered. And a new Managed IT Service contract with Allegiance Technology Solutions was born.
Finally, the new server was in place. The application was installed and the data had been restored. But after working for a few days, XYZ employees realized that not all of the data they were expecting to see was there.
Duh! Duh Duhhhhh!
Gasp! Our horrors were confirmed! The data was corrupted!
Our team went back to work, doing a deep scan of the failing hard drives. We were able to use advanced data recovery tools on a Linux computer to recover more data, which was eventually restored to the new server. XYZ was finally back up and running! And they will be able to run for many years with a new maintenance agreement in place.
If only XYZ Accounting Services had chosen to use us as their Managed IT Service Provider BEFORE there was a problem. We would have had daily backups ready to restore their data. We would have performed proactive hardware and software maintenance, increasing the reliability and longevity of the system. We would have been able to advise XYZ about upcoming hardware replacements way before there was a failure. And their emergency and weeks of downtime would have been completely avoided.
Life After Death
We are happy to say that XYZ is now a Managed IT Service client. XYZ has learned a valuable lesson in technology maintenance, that it is something that should not be ignored. Now their emergencies are no longer emergencies, as they have the service and expertise of Allegiance Technology Solutions just a phone call away.
Now, XYZ’s computers are protected by world-class antivirus software. Server data is now being backed up daily. We have remote access tools installed in case their staff needs quick access to tech support. We have 24-hour security monitoring in place to alert us of security issues and real-time server health. And now they have a proper network with professionally installed Ethernet cabling, enterprise class wi-fi access points, and internet protected by industry standard firewalls.
What About Your Business?
If you own a business and are interested in protecting your technology assets, increasing security, or just want to avoid a catastrophe like the one above, contact us today and we can discuss a Managed Service Plan that fits your business needs. Until then, stay safe out there!
Many homes nowadays are equipped with security alarm systems. These modern security systems feature sensors for fire, smoke, heat as well as break-in detection. Security cameras are another common feature that can be included in modern security systems. A standalone security system provides its owners with peace of mind, but doesn’t offer much in terms of functionality.
Smart home enthusiasts outfit their homes with powerful smart home systems such as Control4. Control4 takes different aspects of your home, such as lighting, motorized door locks, audio, thermostats and more, and allows them to work in concert with each other. This networked automation provides new levels of convenience, such as one button control, scheduled interactions and remote access, while providing increased power savings.
But did you know that home security systems can be fully integrated into a Control4 smart home setup?
Above: Action shots of Jesse integrating a home security system into a Control4 smart home setup.
Control4 is a convenient way to control all the smart devices in your home. The real power of Control4 lies in its ability to integrate security with other smart home functions. You can set up custom “scenes” that simultaneously adjust your security settings, lighting, and temperature based on certain triggers. For example, you could create a scene called “Away” that locks all entrances, sets the alarm, turns off all lights and sets the thermostat to an eco-friendly temperature, all with one button press on your mobile phone.
Most likely, your alarm system will come with its own control panel that allows you to enter your pin code, enable and disable the alarm, and check for faults in the system. However, all those functions can also be accessed from any Control4 interface installed in your home, increasing the availability and flexibility of the system. The pictures above demonstrate security system functions fully integrated into a Control4 interface, to include views of the security cameras on the premises.
By integrating your security system with Control4, you’re not just enhancing security; you’re enhancing the overall functionality of the entire smart home system. With Control4’s seamless integration, you can tie together various devices and systems, creating a truly intelligent and responsive home environment that works exactly the way you want it.
If you value both convenience and security, integrating your home security system with Control4 is the way to go. Experience the power of real-time monitoring, remote control, and a unified interface that puts you in charge of your home’s security. Whether you’re just getting started with smart home technology or looking to expand your existing setup, Control4 opens up a world of possibilities. Contact us to learn about all the installation options available. Headquartered in Pembroke, GA, we service Savannah, GA and the surrounding areas, including Skidaway Island, Tybee Island, Statesboro, Pooler, Richmond Hill and Hilton Head SC.
In our continuing series on cybersecurity issues, we discuss the fragility of relying solely on passwords to protect our identity and our data online. We will peel back the curtain and show you some different methods used by hackers. We will also discuss some simple methods you can employ to keep your personal information protected.
How hackers crack passwords
Passwords are used for pretty much every service we use online today. From our bank accounts to our Facebook profiles, passwords are just a first step in securing your data. Hackers can use a variety of methods to “crack” or obtain passwords. Once they have your login credentials, they can quickly do damage to your finances, impersonate you online, or simply sell those passwords on the Dark Web. Knowing how these hackers obtain passwords will help you defend against their malicious attacks, keeping your online identity safer.
Brute Force Attack: This method uses computers to try every possible combination of letters, numbers and symbols against a login system. From 000000 to zzzzzz and beyond, trying this method will eventually yield a working password. However, it may take a long time to find the password. The longer the password, the longer it takes to crack. This graphic from BitWarden illustrates the time it takes to crack a password nicely. As we can see from the graphic, a 7-character password takes mere minutes to crack, while a 15-character password can take centuries to crack:
Dictionary Attack: This type of attack is similar to a Brute Force Attack, except instead of constantly generating passwords, it tries a list of words in a dictionary. That dictionary can be a standard dictionary or it can be customized list of words to increase efficiency.
Rainbow Attack: This attack uses precomputed tables of hashed passwords to speed up the cracking process.
Malware Retrieval: This type of attack infects the user’s device with malicious software designed to steal password data from a computer or network and send it somewhere the hacker can retrieve it later.
Social Engineering: Although we tend to think of hackers sitting in some dark room in front of a computer, hackers can be out in public looking for opportunities to gain access to secure areas. They may study a target for weeks or months, developing solid strategies while learning people’s schedules. Once they successfully enter the secure area, they look for obvious places where people write down and store passwords, such as notebooks stored in desk drawers, and sticky notes stuck to the back of user’s keyboards.
Phishing Phone Calls: In this method, the hacker calls the user or has the user call a phone number. Posing as a technician or agent from a legitimate business, they try to trick the person into giving them their password, payment info or other identifying information. Sometimes this is teamed up with a malicious browser popup claiming that the computer is infected and needs to be fixed by a computer technician on standby at a supplied phone number.
Email Phishing Attacks: In this method, specially crafted emails are sent to hundreds of people. These emails can be quite deceptive, looking like legitimate emails from well-known companies such as Microsoft, Apple, Google, Facebook, Paypal and even major banks.
Guessing: Yes, hackers can sometimes get lucky and guess a password. This may be an educated guess, such as knowing the name of a person’s pet or favorite sports team. Or they could just be guessing popularly overused passwords such as Password123 or abc123.
How to protect yourself from hackers
To keep your identity and account data protected, follow these tips and suggestions to keep your online accounts secure.
Use long, complex passwords that contain upper and lower case letters, numbers and symbols. The longer the password, the harder it is to crack with brute force methods.
Don’t use easily guessable passwords like Password123.
Don’t use a single word as a password! This will prevent successful dictionary attacks. If you do want to use a single word, incorporate numbers and symbols. Sometimes you can use numbers and symbols in place of letters. For example, use 3 for E, ! instead of i, @ for A, etc.
Don’t use words or names that can be easily traced back to you. For example, don’t incorporate your name or the names of your loved ones into your passwords. Don’t use easily guessable pet names, sports teams or city names that people can easily associate with you. You would be surprised how much of your data is readily available online, especially if you use social media.
If you think words are an easy way to remember your password, consider using a passphrase. A passphrase is a password made up of 3 or 4 words, separated by a hyphen. This typically yields a password is many characters long. For example, Coastal-Green-Turtle would be considered a strong password. Because of its length and complexity, a brute force attack would take centuries to crack a typical passphrase.
Consider using a randomly generated password. There are several tools online for free, but make sure it is hosted or sponsored by a reputable source.
Don’t use the same password for different accounts. If one account gets compromised, potentially they all could be compromised if the passwords are the same.
For accounts that support it, Turn on Two-Factor Authentication whenever possible. Alternatively, you can use biometrics to secure your data, such as using the fingerprint reader or FaceID on your phone.
If you have a problem remembering passwords, consider using a password manager, like LastPass. Password managers will typically automatically fill in your login information to sites and applications, after it authenticates you as the primary user.
Don’t write passwords down on paper. And don’t store passwords online in a non-secure location or method.
If you do need to write down passwords, make sure you keep them locked up in a drawer or cabinet.
For online accounts:
Keep online accounts to a minimum. The less accounts you have, the less likely you will be targeted.
Only use services from trusted businesses.
For social media accounts, limit the kind of personally identifiable information that you post.
Change the privacy settings on your social media accounts. This will also help limit what hackers can learn about you online.
Dedicate one credit card for online purchases. Make sure that credit card offers online theft protection. In case your identity is stolen, and fraudulent charges are made, you won’t be personally responsible for those unauthorized charges.
Don’t accept a friend request from someone who is already your friend on the service. It is most likely a fake account created to fool you. Check with the actual person first before accepting these kinds of friend requests.
Concerning Computers and Email:
When you receive a suspicious email, carefully check the sender’s email address. If you get an email from a large company, but the sender’s email address is Gmail, it is most likely a scam.
Hover over all links in the browser before clicking on them. Make sure the URL is actually going to the place it says it is going to.
Never open or download attachments from suspicious emails.
Have separate email addresses for different activities. For example, you could have an email address dedicated to financial accounts, one dedicated to job searches, an email address dedicated to online purchases. You can even have an email address dedicated to services you only intend to use for a short time.
Install and use malware protection software from a trusted company.
Lock or shut down computers in public or work environments when they are not in use. A computer cannot get infected when it is off!
On the Phone:
As spam callers and spambots are making record number of bogus phone calls, only answer calls for people you know.
Don’t volunteer personal information or credit card information on any phone calls you did not initiate.
If you get a popup saying your computer is infected with a virus, don’t call any phone number that it provides. Rather, take it to a trusted computer repair shop or friend that works on computers to help you clear the malware.
Out in Public:
Don’t discuss personal or financial information in public areas.
Don’t give strangers any personal information.
Stay vigilant when in a new area. Pay attention to those that are paying attention to you.
At your place of business, don’t hold open any doors to secure areas for anyone.
Don’t let people enter secure areas with your credentials.
Keep an eye out for unfamiliar people in your work area.
By following some of the suggestions listed above, you will decrease your chances of getting your data stolen or your accounts compromised. If you are concerned that you may have been the victim of identity theft, you can have a dark web scan performed on your behalf.
Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised. Contact us if you are interested in using our cybersecurity protection services for your business.
By now, you may have heard of the Dark Web. Perhaps it was featured on a news broadcast or it came up during a conversation with your techie friends. The Dark Web refers to the infamous private corners of the internet that are only accessible through special software that mask your IP address. On the Dark Web, you can do just about anything, from joining a book club to hiring an assassin. Maybe you want to play a chess match online? Yes, you can do that! Looking to purchase stolen credit card information? You’re in the right place!
What makes the Dark Web so… dark? After all, there is much more to it than illegal activity, much like the activities you could engage in on the public internet.
The Dark Web gets its fame for a few good reasons: anonymity and privacy. While innocent activity does occur on the Dark Web, its notoriety comes from the crime that occurs there.
Cybercriminals access the Dark Web routinely. In fact, many rely on the Dark Web to obtain the info they require to carry out their crimes. Cybercriminals also come to the Dark Web to sell or exploit the information they have already compromised. Which brings us to the real problem: Cybercriminals are buying and selling stolen data to carry out a plethora of crimes.
For those of us who understand how to protect their identity online, we may feel confident that we’re doing everything properly to prevent our data from ending up in the wrong hands. But how do we know with certainty that we’re safe? There’s only one true way to find out: A Dark Web scan.
What Is a Dark Web Scan?
Simply put, a Dark Web scan searches for breaches and compromised credentials for your online accounts. This type of scan can help identify if your email address has been involved in any data breaches and what information was compromised in that breach.
The value of performing a Dark Web scan is undeniable. Uncovering that you’ve been involved in a breach allows you to take steps to ensure that your compromised data isn’t used against you or on your unauthorized behalf. Although it is impossible to recover your stolen data once it hits the Dark Web, there are actions that you can and should perform following the discovery.
If you are interested in seeing if your accounts have been compromised, contact us so that we can perform a one-time Cybersecurity Risk Assessment for your business. Not only will we perform a Dark Web scan, we will also survey your business environment, compile the data and present you with a report of issues found. Keep in mind that 24-7 Cybersecurity Monitoring services are included in our standard IT Managed Service plans.
Your Data Is found on the Dark Web – Now What?
If you discover that your data is available online, what should you do to protect yourself? Change your passwords immediately following news of a data breach for any sites and services that you use. Once a breach is identified, changing your password on that account and any other account you may have reused that password on is critical.
Moving forward, passwords should never be reused across accounts. All passwords should be complex, difficult to guess and reasonably long. You may want to consider a few options:
Create a passphrase, which many consider best practice. A passphrase is a series of words that may make no sense as a sentence, but will be harder for cybercriminals to crack due to its length. Passphrases are much easier to remember than a series of random letters, numbers and symbols. Here is an example passphrase to help you visualize the idea: Water-Orange-Telephone.
Remembering several difficult to guess passwords is no easy feat. A password manager is highly recommended for added security and convenience. This will allow you to store all your passwords in one place, requiring you to remember only one strong, difficult password.
Two-factor authentication is also a great added security feature to confirm your identity. 2FA, also known as MFA or Multi-factor authentication, will require a second form of identification aside from your password to gain access to your accounts. This might come from a code sent as a text message to your phone or email, or in a dedicated authentication app. If you decide to use an authentication app, use one from a trusted service provider, such as Microsoft Authenticator or Google Authenticator.
A One-Time Scan Will Not Protect You
A Dark Web scan can help you identify current risks and data breaches you have already been involved in, but what happens next? Maybe you were involved in multiple data breaches. You found what data was compromised and you changed your passwords as a follow-up. Does that mean you won’t be involved in another data breach next week? Or perhaps you were already involved in another data breach that has not yet been brought to light. If you don’t continuously search the Dark Web, you are putting yourself at risk of the unknown. The next time your data is compromised, it may go unnoticed or unused for days, months, or even years. If you aren’t constantly monitoring, you are potentially leaving your data up for grabs for cybercriminals to use at their leisure.
Dark Web Monitoring – The Protection You Need
Allegiance Technology Solutions provides 24-7 Cybersecurity Monitoring services for our Managed IT Service clients. Our service will proactively monitor the Dark Web for you and notify you immediately when your data is found to be compromised. There is minimal effort needed to protect your business when you partner with us. We will automatically monitor for your organization’s email domain on the Dark Web. If we find anything floating around out there, you can rest assured that you will be notified, and we will be there to help protect your personal and company data. When it comes to the security of your company data, we want to provide you peace of mind so you can focus on other areas of your business.
Cybercriminals are relentless and show no signs of slowing down. They will continue to wreak havoc on every industry where they can profit. Much like cybercriminals, the Dark Web is not going away either. Remember, after all, it’s a place where you can innocently join a literature club, or you know, steal someone’s entire identity.