Home » Blog » hacking

Tag: hacking

6 Simple Tips to Protect Your Customer Data

As cyber-attacks continue to make headlines, hackers are exposing or selling customer data files in record numbers. But just like with any threat, there are actions you can take to minimize risk and ensure your business retains a positive reputation among customers.

  1. Stop using the same password on repeat. Set a mandate for all staff that passwords must be unique for each user and for your workplace. That means it can’t be remotely like the one on their home PC, tablet or online banking. Passwords are hacked more than ever, so when you’re prompted for a password change, dig deep and really think about what goes into a hacker-proof password. If remembering them is a problem, consider one of the latest password management tools.
  2. Go on a shredding spree. How much sensitive data is being dumped into the recycling bin? Valuable customer data is often taken from the bins of small businesses and quickly sold or published. It’s not just good practice to shred sensitive documents, it’s the law. Take 5 seconds to run documents through the shredder or book in the services of a secure shredding company.
  3. Ditch the accounting spreadsheets. Still using an Excel doc for all your number-crunching? Besides making your accountant’s job harder (and more expensive), you’re opening your business to a massive range of vulnerabilities. Even with password-protection, spreadsheets aren’t designed to safeguard your financials or those of your clients. Upgrade to a proper accounting solution with built-in customer data protections and security guarantees.
  4. Train staff explicitly. You can’t rely on common sense because what you think is a given might be news to someone else. It can be extremely beneficial to hold special data-safety training sessions once or twice a year as a reminder, as well as take the time to induct new staff into the way things are done.
  5. Limit access to data. Just like the bank manager who guards the keys to the vault, you can limit who accesses your data. Revoke employee access as soon as they leave your business for good, and set rules around who can access what – and when. Do they need access to sensitive information while working from home? Should they be able to change the files, or only view them?
  6. Keep your software updated. Possibly the most preventable hack, having outdated software can be an open invitation for cyber-criminals. They look for known weaknesses in business software and waltz right in. While the nagging pop-ups and reminders to update can feel like a selling ploy, they’re actually helping your business to stay in the safe zone. Updated software gives you protection against new viruses and hacking techniques, plus closes off those nasty weaknesses.

If you would like to make sure your business is secure from data breaches, give us a call!

How to Make Computer Issues A Thing of the Past

We repair many computers and laptops each week, but unfortunately this is often ‘closing the barn door after the horse has bolted’. Computers have a habit of dying at the worst possible time – like when an important project is due tomorrow, or before you copy family photos to a backup. We’ve combined our repair services with preventative measures to ensure this doesn’t happen to you. Our managed IT services can remotely take care of all the computers in your house, protecting you against both threats and system failure.

Anti-virus always up-to-date: While many homes have anti-virus software installed, they don’t often have the latest virus and threat definitions. These systems are at risk every minute they spend online, as the anti-virus simply will not pick up and stop an unknown threat.

New viruses and hacking threats arise every day, and there are entire companies dedicated to creating anti-virus updates to catch them. We can make sure your anti-virus definitions are always up-to-date, keeping your computer secure against even the newest viruses.

Software patches: Hackers like to spend their time figuring out new ways to break into computer systems. Software companies like Microsoft and Apple release regular patches to close these security holes. The patches are supposed to be applied automatically, but we often find that isn’t the case – patches didn’t download, were canceled or produced an error. Our services involve remotely checking that each patch has been applied successfully, and troubleshooting if required. As an added advantage, any time new features are packaged into an update, you’ll find them already installed for you.

Early failure detection: Some parts in your computer send out alarm bells when they’re about to die. Unfortunately, they’re not literal alarm bells (that would be too convenient), but information in the background that needs to be interpreted or manually checked. We can monitor these and advise repairs as required.

Data protection: Hard drives which store your information do eventually wear out, but they’re one of the parts that send out early failure warnings. We can monitor this and give you ample warning so that you have time to back up your important files. When it’s time, we’ll work with you to arrange drive replacement, making sure to either clone or re-install your operating system, whichever suits your needs best.

Tune-ups: Even the most cared for computer will slow down over time. Hard drives become cluttered, operating systems corrupt and ghosts of uninstalled programs still remain. We can remotely schedule and run a regular maintenance routine that will keep your system running in top condition and lightning speeds.

Our managed IT service happens entirely behind the scenes, so there is no disruption to your experience. You simply enjoy the benefits of having your own IT specialist team at one flat, low cost. You and your family continue to use your computer/s as normal, the only difference is problems are fixed BEFORE they happen and your system has the very best security against threats.

Start with managed IT services today. Call us at 570-779-4018

Ransomware: It is not just a scare tactic

It is not just a scare tactic, and it is not going away

Ransomware activity continues to rise, and it doesn’t appear to be slowing down for 2017. In 2016 it spiked by 6000%, and it is on track to be a 1 billion dollar a year “business.” IBM study.

Software teams are building ransomware kits to sell on the Dark Web. RaaS (Ransomware as a service!) is a thing. This means there are illegal companies making money from designing kits to build ransomware. So, not only are criminals making money from ransomware, the distributors don’t even have to be good at programming or hacking to do it. There is enough of a demand that a small team of programmers is making money from selling the software to commit the crime. It is also making it extremely hard for old fashion virus scanners to catch the activity because each criminal is adding their own twist.

How it happens

  • Phishing email
  • user clicks on link or attachment
  • ransomware makes contact
  • C&C server generates & retrieves an encryption key
  • ransomware scans infected a machine, looking for files
  • ransom demand
  • connects to other machines and infects them
  • ransomware builds an inventory of encrypted files
  • scan other machines over the network

Business Targeting

It used to be consumers or simplistic shotgunning techniques. Now there is more and more direct targeting. Business targets make sense to the bad guys. Consumers or individuals might just start from scratch, but businesses are more likely to pay a ransom. It is much more lucrative form them to target small business.


Spearphishing is direct targeting your personal account using techniques to fool you into trusting the source. The criminal could use social media sites to gather information. The email may be crafted specifically for you and may even look like it comes from a person you know. One click is all it takes. And it isn’t just email anymore. Messaging, texting, and other apps can lead to infection.



What do you do about it?

Backup! Backup! Backup!

Step number one should be making sure your backup is up to date and ready to be restored. One “newer” option is DRaaS (disaster recovery as a service) but even a simple disk backup is better than nothing. Regardless, you need to spend time analyzing your current setup and determining if you need to take further steps to protect your data. If you have multiple, granular, safe and secure backups and can restore your data, you don’t have to pay the ransom.


Keep your devices and systems on the latest version and patches. This should include firmware. Less exploitable software and devices mean that if you do get infected, it is less likely to spread.

Endpoint Protection!

Yes, you still need endpoint protection. While signature based isn’t what it used to be, companies are making strides and it is still worthwhile. You should look for something with anti-malware, anti-ransomware, and anti-exploit features. And you should protect all your devices: Mobile, desktops, laptops, physical and virtual servers.

Network/Gateway Security 

This should include some type of email protection even if you are using an outside source (Gmail, Office 365, Hosted solution) to host your email. You should also have a firewall with a strong IPS/IDS (intrusion protection system/intrusion detection system). Use VPNs whenever possible. This includes cloud and virtual. Do not make the mistake of assuming that these technologies make your network safer.

Also, please do not use a consumer class gateway/firewall. And if you insist on using one, change the default password!

Establish a Security Policy

This one may sound simple but it is possibly the most important and hardest to implement. You need to train your users. You need to train yourself. You need to have plans in place in case something does happen.

Ransomware: It's is not just a scare tactic
Ransomware: It is not just a scare tactic

What to do if you think you have been hacked

What should you do if you think you have been hacked? Is there a new big site that has been hacked in the news? Not a surprise. What about those small sites that don’t even know they have been hacked that never make the news? Is something strange going on with one of your accounts?

First and foremost, change your passwords. If you use the same password for your e-mail as your hacked account, change it immediately before you doing anything else. You should use different passwords for different accounts. Especially your e-mail account!


How do you know?

Check your account activity. Does your account say you have done something or purchased something that you know you did not? Has your contact information or any other settings been altered in any way?

Check your inbox and deleted items.  Have you signed up for new services that you don’t remember signing up for?

Is your computer or device running slower than usual or behaving in odd ways? Use a malware scanner and virus scanner to check your devices thoroughly.

These could all be signs that you have been hacked. Even if these don’t appear in your accounts or computer, but you know you logged into one of those big sites in the news, reset your passwords anyway.


Reset your passwords

Make sure you use different complex passwords at each site.  Especially your e-mail account! Did I type that already?  Of course, I did! It is important. One of the easiest ways to keep track of and generate complex passwords is with a password manager.  Check our password manager article out here. Password managers like LastPass can be integrated into your workplace.  I still love LastPass and even use it on my phone now. If you used unique complex passwords at all your sites, you would only have to worry about the hacked one.

Not sure what password to use or what is a complex password?  Try these links:  Microsoft password checker, Password Generator

Use two-factor (2FA) authentication whenever possible. You should be thinking about your email here! Most of the big free email providers offer some level of 2FA. Also, consider using biometrics to ease the pain of entering passwords.

If it is too late and someone else changed your passwords, most of the major services have a system to recover your accounts. Rember that part about 2FA and using a different password for your e-mail? Well here is where it can really help since most of these services send a link to your email.


Let other people know

You should let your contacts know you think you have been hacked. One the way hackers attempt to use your hacked accounts is by sending messages or e-mails to people that trust you. They are more likely to follow a link or believe something you sent.


De-Authorize your apps

If you were hacked, there is a good chance the hacker logged into a device and authorized apps too.  This means even if you change your password, they will still have access.  You can usually find this feature under the security settings of the service you allowed access too.  Here are links to the big ones: Google, Facebook, and Twitter.