Tropical Depression Tech Alert

Tech Alert!  Tropical Depression 14 Forecast to Impact Texas/Louisiana Coast

TD14 is expected to turn into a tropical storm (wind speeds 39-73 MPH) or a Category 1 hurricane (wind speed 74+ MPH) making landfall somewhere along the Texas/Louisiana coast by early next week.

A key component of our Disaster Recovery Plan is reliable, safe and up-to-date backups.  If your backups are managed by Nieto, we want to provide assurance that every step has been taken to make sure your data is protected.

Not Ready for Hurricane Season?

If you have concerns, contact our office today.  Our technicians are on-call 24×7 and are here to help. Call 713.893.5667

Is Your Office Technology Prepared for Hurricane Season?

Now that many businesses are re-opening or returning to the office, there is yet another potential disaster lurking on the horizon: Hurricane Season.

Nieto Hurricane Preparedness

“As Americans focus their attention on a safe and healthy reopening of our country, it remains critically important that we also remember to make the necessary preparations for the upcoming hurricane season,” said Secretary of Commerce Wilbur Ross.

NOAA’s Climate Prediction Center is forecasting a likely range of 13 to 19 Atlantic named storms (winds of 39 mph or higher), of which 6 to 10 could become hurricanes (winds of 74 mph or higher), including 3 to 6 major hurricanes (category 3, 4 or 5; with winds of 111 mph or higher)

Nieto Technology Hurricane Prep

Prior to a disaster, ask yourself the following:

  • Do you have a disaster recovery solution in place?
  • Do you trust it?
  • When was the last time your backup was tested?
  • How long does it take to recover from your current backup solution?
  • How long can you realistically be down? 1 hour? 1 day?
  • What is the financial cost of downtime to your business?
  • When a disaster occurs, is there an offsite copy?

Not Ready for Hurricane Season?  

If you need help answering any of these questions, or you are not satisfied with the answers, contact Nieto Technology for an evaluation today! 713.893.5667

Is Your Password One of BILLIONS Now Up for Sale on the Dark Web?

Usernames and passwords for everything from network administrator accounts and banking information to video streaming services are being bought and sold every day.

Cybersecurity researchers at Digital Shadows, a digital risk protection company, estimate that over 15 billion stolen account credentials are available on the dark web – some circulating for free! “Many breached accounts are shared multiple times – suggesting that despite being hacked, the user remains unaware of what has happened.”

How Much is Your Account Worth to Criminals?
Prices range from free to over $100,000 depending on value.

Corporate Attacks:  Administrative account information for a corporation can sell for as much as $120,000.  If attackers are use that access to disrupt an entire network with a ransomware attack (ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid)  and demand millions of dollars in exchange for returning access, the criminals might consider the cost worth it.

Personal Attacks:  Obviously, bank accounts are a prime target for cybercriminals.  While a compromised account might worth everything to you, a cyber criminal only has to pay an average of $70.71 to get your data.   Other accounts like streaming services, social media, data subscriptions and oddly enough, anti-virus software, range in price from free to around $20.

How Do You Protect Yourself?
The what-ifs are scary.  Losing your savings, privacy, business holdings and sense of security are realities, but there are steps to protect yourself and your organization.

  1. Unique password that is made up of random letters (upper/lower), symbols and numbers.
  2. Utilize different passwords for different accounts.  This is made easier by password manager tools.
  3. Change passwords regularly.  There’s a chance your data is already on the dark web.  If you are concerned, change your passwords.
  4. Apply multi-factor authentication for an extra layer of protection, because even if the password is breached, there’s an alert that informs you that someone tried to get into your account.
  5. Never send passwords or account information via email.  Text or call instead.

Office 365 users,

  1. check for forwarding to ensure emails are not being set outside your organization or intended recipient
  2. Turn off Outlook web access if not a necessity
  3. Monthly review of all user accounts, remove any old or incorrect accounts
  4. Review IP location report to reveal any login attempts from unknown locations/countries

Weak Passwords are the #1 reason accounts get hacked.

  • A dictionary word with some letters simply replaced by numbers (e.g., a1rplan3 or aer0plan0).
  • A repeated character or a series of characters (e.g., AAAAA or 12345).
  • A keyboard series of characters (e.g., qwerty or poiuy).

Not sure if you are protected?  

Nieto Technology can help make sure your accounts are secure.  Call today to schedule a review of your account security. 713.893.5667

Safe Return To The Office

Create a “Return to the Office” taskforce.

Depending on the size of your organization, consider appointing someone, or an entire team, to lead the efforts of assessing and optimizing the office for return.

Over-communicate to your staff.

Make sure they understand the precautions you have taken, and assure them they can return to the office safely.

Create a “Return to the Office” schedule.

Your goal is to manage how many people are simultaneously in the office. Consider developing a schedule based on employees’ needs, abilities, and desire to be in the office.

Establish an ongoing “Work From Home” policy.

This will help to ensure your office isn’t overly crowded and will help employees who still need to be at home feel comfortable doing so.

Review and update your policies.

Look at sick leave, vacation time, travel policies, etc., and determine if you should make any changes or updates based on the COVID-19 global crisis.

Encourage good hygiene practices in the office.

Practices include frequent hand washing, use of hand sanitizers, eliminating high-touch areas, and wiping down work spaces.

Remind employees to stay home if they feel ill.

Make sure to stress that if they, or someone they have come in contact with, exhibits any known COVID-19 symptoms they should not come to the office.

Check with officials about screening guidelines.

Reach out to your legal advisor and local health authorities for guidance before deploying any health screening procedures, such as temperature checks, etc.

Establish an open line of communication with staff.

Create a cadenced stream of communication with your employees and ensure they understand the channels available to them should they have questions or concerns.

 

Download Printable Flyer

 

Prepare for COVID-19 Scams

Businesses across the U.S. should be on high alert and prepare for COVID-19 scams as fraud increases across phone and online sites.

People are concerned and looking to protect themselves, their families, and their employees.  But the risk is not just getting sick. In addition to health concerns, there is an increased danger of being victimized by fraud. Knowing how to prepare for COVID-19 scams is key!

Weekly Call Traffic Volume Breakdown
(In Comparison to Pre-COVID-19 Levels)

Nieto Technology Covid-19 Callers Spike

Week 1: March 16-23 | Week 2: March 24-30 | Week 3: March 31- April 6

 

Next Caller, a New York-based call verification company says that there has been a 30% increase in high-risk calls on average, and a staggering 41% increase for financial institutions.

Like the stealthy transmission of COVID-19, you might not even know that you’ve been scammed. While the phishing process uses familiar tactics to dupe people, the COVID-19 pandemic means that fraudsters can deploy techniques to gain the trust of unsuspecting or distraught individuals.

These new schemes use phony websites, mobile apps, emails, phone calls, and mail pretending to be official communication from healthcare providers, insurance companies, financial institutions, religious groups, delivery services, and government agencies.

Once an individual takes the bait by opening a link or creating a login on a website, the fraudster can use the compromised information to advance the scheme elsewhere.

Next Caller CEO Ian Roncoroni said: “Contact centers don’t stand a chance when criminals can successfully pose as customers. It’s the perfect storm for fraud.”

How to Protect Yourself and Your Business from Covid-19 Scams.

Be wary of any new emails containing links or attachments, take care when shopping online, and to make sure you are buying from a genuine site or seller.

Make sure your email (both personal and business) is secure and train your employees to spot suspicious communications and avoid falling victim to fraud.

Where here to help you prepare for COVID-19 scams! Contact Nieto Technology Partners (http://www.nieto.com) today to see how we can help secure your email and train your users to be on the lookout for these scams.

Source: ZDNET.com

 

What COVID-19 Scams should I lookout for?

  • Fake stimulus checks that extract real bank account information
  • Change information on accounts to later drain cash, savings, or point balances
  • Sending physical checks and debit cards then stealing them out of the mailbox
  • Opening new lines of credit or securing loans on the individual’s behalf
  • Creating new businesses using some of the individual’s information

 

 

Funding Your Business Start-Up

Are you planning to start your own business? The job market is over-saturated, making it more difficult
for new graduates and seasoned workers to find relevant, well-paying jobs.  As a result, people often turn to  new business startups to have financial stability and support their families. However, starting a successful business is not easy, especially in the beginning. Planning, execution, opportunity identification, and threat mitigation are the biggest time consumers, but more often than not, the underlying concern is budget.

In the beginning especially, a substantial investment is required to start even the smallest brand.
If you are worried or confused about how to get the funding you need for your startup, read on. The following are some of the easy options you can avail to get funding for your venture.

Family and friends
Family and friends are the safest and easiest bet for anyone who is planning to start a business.
You can ask them to help you with your venture and then pay them later. It is not only easy on
your mind, but also your pocket because no tension of deadline and interests that increase as the
limit exceeds. Moreover, if you have a caring family and loyal friends, they will always root for
you and want the best for you due to which giving you some sort of loan will not be an issue for
them if they can afford.

Small business loan
Banks provide business loans through which you can start your venture and then pay back the
amount in installments. These are the amount which you select and the installments are also of
your choice. Therefore, a lot of entrepreneurs opt for this option as they get a handful amount to
properly kick start their brand without any major limitations.

Crowdfunding
Nowadays, crowdfunding has become a major option to collect money for various things. If you
have excellent social skills and convincing power, crowdfunding won’t be an issue for you at all.
Simply post on your socials and convince people how you really need the amount.

Barter system
One of the easier ways to collect funding is trade equity or service. For example you can cut
down your total budget by providing your service in return of a SEO consultant New York service
for your brand website. It will help you lower down the total amount needed for the startup
which could be easier to collect from wherever.

Bootstrap
Bootstrap is one of the most preferred ways by entrepreneurs across the world. It actually means
to invest your own savings or income to start a new business. Mostly prefer this option as it
saves them from the embarrassment that a person faces when asking for money from someone.
Or simply, depending on your family and friends could be a self-esteem killer and who in the
right frame of mind would want that.

Part-time job
If you already have a job which is paying you good. You can keep it as it is and do your business
work in post work hours. It will help you financially and especially if your venture doesn’t
perform very well in the beginning, you will have a stable income coming to feed yourself and
your family.

If you want to start a business, discussed above are some of the options that can be considered to
fight the financial problems that are faced by every entrepreneur. Give it a try and make your
startup much easier and simpler.

Tips for IT Storm Preparedness


Tips for IT Storm Preparedness

Before the storm

  • Ensure all systems are fully backed up.
  • Ensure that you have a copy of your data stored offsite
  • Review your Disaster Recovery plan.
  • Pick up equipment off of floors and place on shelves, tables or desks to prevent damage in the event of a flood or water leak.
  • Ensure that you’ve met with your IT team to discuss how you prefer to handle IT during and after the storm. For example, you may declare a support blackout during the storm and for 24 hours after the storm so that the IT team can focus on addressing any damage.
  • Ensure that you have a process for tracking the status of techs. Some may be without power and may need assistance themselves.

During the storm

  • Human life is more important than IT. Ensure everyone stays safe. Do not take unnecessary risks.
  • Stay away from low-hanging or fallen power lines and report them immediately to the utility company that services the area.
  • If the water has risen above the electrical outlets, ensure the breakers are turned off. DO NOT ENTER THE WATER in areas that are flooded. Ensure a license electrician inspects the circuits before restoring power.
  • If water enters your server room from above, shutdown the servers and turn off the breakers to the areas affected. Once power is off, cover the gear with tarps.

 

After the storm

  • Open up any equipment that was exposed to water and look for damage.
  • Make sure the equipment is dry before testing.
  • Clean any contamination as quickly as possible.
  • Utilize your spare inventory to replace production equipment damaged by the storm.
  • Contact Nieto Support support@nieto.com or 713-893-5667 for assistance.

 

Ransomware is real


Ransomware

Hackers have recently exploited malicious software stolen from the National Security Agency (NSA) and are executing damaging cyberattacks that have affected companies and individuals in dozens of countries worldwide. Transmitted via email, the malicious software locks users out of their computer systems and demanded ransom before users could be let back in — with a threat that data would be destroyed if the demands were not met.

If you believe you are affected by Ransomware or want to know more, contact Nieto Support immediately at support@nieto.com or (713) 893-5667.

What is Ransomware and what does it do?

Ransomware stops you from using your PC by holding your PC or files for “ransom”. It does this by infecting your PC and locking your screen or encrypting your files.

Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

Ransomware Prevention

The following are best practices for the prevention of ransomware:

  • Install a Dell SonicWall firewall with Total Secure. Ensure that all communication ports are closed except those that are absolutely necessary to conduct business.
  • Install and use Continuum on all servers and PCs, which will install Webroot and Malwarebytes.
  • Make sure all software on your PC is up-to-date.
  • Avoid clicking on links or opening attachments or emails from people you don’t know or companies you don’t do business with.
  • If using Internet Explorer, ensure you have smart screen turned on.
  • Ensure that Adobe Flash is turned off.
  • Turn off Office macros, if they’re enabled. (In Office 2016, you can ensure they’re off from the Trust Center > Macro Settings, or just type “macros” in the search box at the top, then open the “Security” box.)
  • Have a pop-up blocker running in your web browser.
  • Regularly backup your important files.
  • Turn on File History (in Windows 10 and Windows 8.1) or System Protection for previous versions (in Windows 7 and Windows Vista). In some cases, these might have been turned on already by your PC manufacturer or network administrator
  • Use a backup system that stores files in a manner where they cannot be altered.
  • Stay out of the bad corners of the Internet. A bad ad on a legitimate site can still inject malware if you’re not careful, but the risks increase if you’re surfing where you shouldn’t.

Ransomware Recovery

We don’t recommend you pay. There is no guarantee that handing over the ransom will give you access to your files again. Paying the ransom could also make you a target for more malware.

How do I get my files back?
How to recover your files depends on where your files are stored and what version of Windows you are using. If you suspect a PC is infected, remove it from your network to prevent it from damaging files on network shares.

Before you try to recover files, contact Nieto Support at (713) 893-5667 to assist you in cleaning your PC and recovering your files.

Email attacks exploit unpatched Microsoft Word vulnerability

 

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

The first report about the attacks came Friday from antivirus vendor McAfee after the company’s researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects “all Microsoft Office versions, including the latest Office 2016 running on Windows 10.”

The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.

When the rogue documents used in this attack are opened, they reach out to an external server and download an HTA (HTML Application) file that contains malicious VBScript code. The HTA file is disguised as an RTF (Rich Text Format) document and is automatically executed.

“The successful exploit closes the bait Word document, and pops up a fake one to show the victim,” the McAfee researchers said. “In the background, the malware has already been stealthily installed on the victim’s system.”

By searching back through its data, McAfee has tracked down attacks exploiting this vulnerability to late January.

Following McAfee’s report, security researchers from FireEye also confirmed that they’ve been aware of these attacks and exploit for several weeks and have coordinated disclosure with Microsoft.

According to FireEye, the malicious Word documents are sent as email attachments. The company hasn’t provided examples of the malicious emails, but because this is a previously undisclosed, zero-day vulnerability, the attacks are likely targeted toward a limited number of victims.

Both McAfee and FireEye noted that the exploit can bypass most memory-based mitigations included in Windows. That’s because the vulnerability is a logic bug rather than a programming error.

Microsoft is scheduled to release its monthly security updates on Tuesday, but it’s not clear if a patch for this vulnerability will be included. The company did not immediately respond to a request for comment.

In the meantime, users should be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.

See full Article…

http://www.pcworld.com/article/3187800/security/email-based-attacks-exploit-unpatched-vulnerability-in-microsoft-word.html