Ransomware 3.0 | Cyber Risks in IoT Devices

news from microsoft

Ransomware 3.0

Ransomware attacks continue to get worse. They have now expanded to extort not just the companies, but also contractors and customers, in a “Triple Threat”. In addition to encrypting a victim company’s data, they will also exfiltrate, or download, copies of company data and emails. They will ask for one ransom to decrypt the computers, a second ransom to not make the stolen data public, and then the newest ransom attack. They reach out and present the data to customers, contractors, and business partners and demand a ransom from them in order to not have the data published. With phishing emails still being the number one attack vector for ransomware, be sure you have sufficient protection for your company. A combination of quality user education, phishing exercises and awareness campaigns, and system endpoint protections provides an in depth defense to this constantly evolving threat.

What does this mean for your business?

Back To Business I.T. has you covered. Our cybersecurity training programs are customized to meet the needs of your workforce and are designed to create a “human firewall” inside of your business. Building upon that, we offer state-of-the-art intrusion detection systems to stay one step ahead of cybercriminals. Don’t become a cyber statistic. Contact our team today and get Back To Business.

LinkedIn breach could mean your information was exposed

Just when you thought you had seen it all, think again! LinkedIn is the latest victim of phishing attacks. According to USA Today, firms are stating that cyber attackers are now posing as “boring, authentic, cubicle-office dwellers.” On top of these reported phishing attempts, CyberNews reports that the cyber attackers have also scraped data from 500 million LinkedIn accounts. The information leaked includes LinkedIn IDs, full names, email addresses, phone numbers, and various other sensitive information. Due to the leak of information, customers may be susceptible to increased email and text spamming or phishing.

What does this mean for your business?

Tighten up your security measures, and encourage your employees to do the same. Be conscious of strangers requesting to follow your LinkedIn profile. Consider changing your password periodically. Enable two-factor authentication for your account if possible. This additional layer of security serves as another barrier between your information and bad actors on the internet.

Manufacturing systems and IoT devices present high risk

IOT and other embedded manufacturing systems can present a high risk to your data and operations if not properly secured. Basic security steps can greatly improve your overall risk posture. From doorbells and cameras to CNCs and additive manufacturing systems, there are simple steps you can take to reduce the risk and exposure of the business side of your operations.

What does this mean for your business?

Your network is unique, and your security measures should be too. Your manufacturing systems and devices should be protected using industry best practices. Preventative steps such as changing default passwords, keeping your systems properly patched, and separating crucial systems from the rest of your network can make the difference between a few minutes of down time, and your entire operations coming to a halt. Our team is experienced in manufacturing environments, and passionate about our clients’ security. Contact us today to learn what we can do for your operations.

Microsoft announces 24 new issues posing cybersecurity threats

Microsoft announced the discovery of 24 issues in a wide range of IoT and OT devices. These issues allow malicious individuals to execute code on or crash your devices. This affects a wide range if industrial, medical, and enterprise devices. It is vital to your security to have an active inventory of the assets on your network, monitor them for vulnerabilities, and patch them regularly.

What does this mean for your business?

Our team of experts stands ready to help your organization take care of risks inside your network that you might not know are there. Cyberattacks are at an all-time high…and getting worse every day. We are here to help!

Cybersecurity risks continue to evolve, and so do our tools to fight them. We are passionate about protecting small businesses, and stay up to date on technology and cybersecurity best practices. Contact us today and let us show you how our cybersecurity services can help your business stay safe in an uncertain world.

Call us at 937-490-5600 or Contact Us to learn more or get started.

Protect Your Identity and Learn About BEC Scams

BEC scams

Today is the first annual Identity Management Day! We join the National Cybersecurity Alliance and the Identity Defined Security Alliance to raise awareness and share resources for identity protection.

Protecting our data and promoting privacy is becoming more important to the wellness and security of our lives both professionally and personally – and not just on Identity Management Day. Cybercriminals are continually evolving their strategy and tactics to compromise their targets; it is paramount that end users stay aware of the dangers that lurk beyond the firewall.

One of the most common threats seen today are “Business Email Compromise” scams – or BECs. These involve criminals impersonating key organizational staff or vendors – perhaps an executive, HR, or other members of leadership – with the end goal being the fraudulent transfer of money.

The most common type of BEC scam is invoice or payment fraud. 

  • 65% of organizations faced BEC attacks in 2020.
  •  In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
  • In 2020, 80% of firms experienced an increase in cyberattacks.
  • 62% of BEC scams involve the cybercriminal asking for gift or money cards.
  • Payment/invoice/billing scams skyrocketed by 155% in 2020.

Don’t become a cyber statistic! Read on for tips on how to recognize (and avoid) these increasingly popular email scams.

Be Skeptical

If it seems strange, investigate. Last minute changes in instructions or recipient account information is a red flag that something could be wrong. Trust your gut.

Don’t Click it

Verify information related to any contacts associated with the request. If it is a vendor requesting something, do not contact them through information provided in email – use trusted information on file. If you get a strange request from someone you work with, call them on their known phone number. A quick call can save a big headache!

Double Check that URL

If there is a URL in the email, make sure it’s associated with the business it claims to be from. Discrepancies are a likely indicator that hostile actors may be involved.

Spelling Counts

Make sure to check for misspellings in domain names. Cybercriminals will often exploit similar names, hoping that the recipient will only glance at it and not realize it is different. Writing style will also be very simple and brief with little information added.

Look for Other Clues

Does it seem strange that the CEO is contacting you personally, via email, with an urgent request? Is a manager, with whom you just had a meeting, asking you to send money? Are you receiving invoices from clients that you aren’t responsible for? All of these are common tactics that are used that can be caught by paying attention to oddities.

See Something? Say Something!

If something looks suspicious, report it to your I.T. department or your MSP! If you’ve been of victim of a BEC scam, file a detailed complaint with www.ic3.gov.

Want to learn more about how to protect yourself and your business from cybercriminals?

Back To Business I.T. specializes in creating and managing secure I.T. environments and has the tools and experience to provide proactive, customized cybersecurity training for businesses of all sizes. Don’t become a cyber-statistic! Get in touch today and let us help you take steps to ensuring your cyber safety.

7 Cybersecurity Tips for SMBs

Cybersecurity tips

7 cybersecurity tips for small and medium-sized businesses (SMBs), brought to you by Back To Business I.T.


Antivirus and Filters

Scanning your systems regularly to detect malware and potential vulnerabilities should be at the top of the list when it comes to cybersecurity measures. Putting web and email filters in place can help block nefarious traffic and messages from ever reaching your systems.

Restrict Access

Along the same lines of defense as Antivirus and Filters, use restrictions to limit staff access. The same way you restrict departmental access depending on where a person works, it’s a good idea to implement internet restrictions. This way employees are limited to the websites they can access on company computers – and thus lessen the risk that they’ll wander into some dark alley on the internet.

Train Your Staff

One of the biggest cybersecurity risks any company faces is its people. To err is human, right? And err we do. Phishing emails are the most common cyberattack, and how over 90% of successful breaches begin. Educate your staff on best cybersecurity practices. Our cybersecurity awareness training offers not only educational materials, but simulated training exercises to test employees’ preparedness in a safe sandbox environment. Contact us to learn more.

Step Up Your Authentication Game

Setting up multi-factor authentication means that system access has a two-layer protection. Requiring both a password and a pin, for example, will likely reduce your risk of unauthorized access. Much like having biometric and pin or pattern access on your phone protects your data from prying eyes – two-factor authentication on your systems can keep your data safer.

Patch and Update, Faithfully

Clicking that ‘update later’ button is usually a bad idea. Updates ensure your system has the latest information on potential vulnerabilities. Patching does just that – patches certain ‘holes’ or fixes bugs in the system. This is part of why it’s critical to use up to date hardware/software – so you can be sure the manufacturer is working constantly to keep it as secure as possible. 

Back Up Your Data

In the case of a breach, having your data backed up can make the difference between paying the ransom or not. Cybercrime isn’t the only reason to back up your data though – as other events can affect system functionality and disrupt your business.  In the context of cybersecurity, it can give you the upper hand. If your data is securely backed up, there’s usually less down time in the event of an attack.

Have a Cybersecurity Policy in Place

All the good intention in the world won’t take the place of a solid information security policy. Make sure your staff is aware of the processes and best practices for cybersecurity in your company. You’ve worked hard for your business, protect its future.

Here at Back To Business I.T., we’re a business too. We have the same concerns and face the same challenges. Our customizable solutions are meant to change as your business grows – fitting your needs, and your budget. Take your business to the next level with a technology partner you can trust. Contact us today!

Skip to content