What Are Botnets & What Do You Need To Know?

Botnets Blog

A new technological threat has been increasing in popularity and strength in recent years - botnets. These are not the kind of botnets that productively crawl search engines to provide you with the best search results, these botnets are malicious and have the potential to hijack your computer.

Here's what you need to know about botnets:

WHAT ARE THEY?

Botnets are controlled by an administrator, meant to either crawl the internet or directly hack into your computer. These botnets are highly illegal, and are typically used for the purpose of making money or stealing data. Once a botnet hacks into your device, it runs in the background of your computer as your device gets added to a network of other computers that have been attacked. Your computer then waits on commands from the botnet administrator. Some of these commands include emailing spam to a significant number of users, shutting down websites, generating fake website traffic for financial gain, or generating "pop-ups" that entice users to pay a fee to get a botnet off of their computer. Botnets are not decreasing in popularity, as Fortinet found 268 unique botnets through their data so far in 2018, which is a 3% increase from their last study.

Related: Be Prepared to Fight Cybercrime with User Training 

WHAT ARE THE RISKS?

The initial risk of your computer being hijacked by a botnet is that it can run in the background and remain undetected for a significant amount of time. During this time, other risks include the loss of money, access to your data, stolen passwords, and potentially complete control of your device. According to the 2018 Fortinet study, 58% of botnet infections last one day. That may not seem like a long period of time, but 24 hours is all it takes for your organizational data to be compromised.

HOW WILL YOU KNOW IF YOU'VE BEEN INFECTED?

Botnets are usually very hard to detect - occasionally an antivirus software may pick up on botnet activity, but they are typically designed to fly under the radar. If your computer has been infected with a botnet and added to a large network, your device may start to consistently run slowly. If you are worried about whether or not your device has been infected, or if a website you want to view has malicious content, visit this Fortinet Web Filter Lookup as a resource.

Related: Cylance - Proactive Protection for Your Business

PROTECTING YOUR BUSINESS

There are several precautions you can take to avoid getting infected by a botnet. First of all, be sure that your computer operating systems are updated as soon as new updates are available. Botnets are often installed within the flaws of your operating system, so staying on top of updates could protect your system later on. Ensure you have implemented security software that can provide proactive protection for your business. It's also important to be weary of clicking on suspicious website links or attachments, especially from emails that don't seem right.

For the tell-tale signs of what NOT to click on, click here. 

Download The Social Engineering Red Flags Flier

Malicious botnets are consistently searching for easy targets. Make sure you keep your devices updated, educate your team on what suspicious links and attachments look like, and pay attention to whether or not your device begins to run slowly. Consult your IT team if you feel uneasy about your computer being compromised. It's always better to be safe than sorry and to becoming an easy target for botnets.

Topics: Security, Threat Landscape, Cybersecurity, Botnets

What Are Password Managers And Why Are They Important

PASSWORD SAFETY-1First, take a moment to test how secure one of your top-of-mind passwords really is by clicking this link:

https://lastpass.com/howsecure.php

Did the test tell you that you needed a stronger password? Did it tell you that your password is strong enough? Do you use that same strong password for everything?

When users have to make up a password, two strategies are typically used:

  1. They use a password that is simple and easy to remember.
  2. They use one strong password for every single account. 

These strategies are good in theory, but bad when it comes to security purposes, which is why password managers are highly recommended to break the cycle of bad password practices.

It's something everyone does several times a day - typing in a password. And for 92% of people surveyed by SecureAuth Corp. and Wakefield Research, the SAME passwords are being typed in for all of their accounts. While this may seem like the easiest solution to consistent password annoyances, this type of online behavior leads to the 91% of Americans who have experienced an online breach at some point in their life. See the correlation?

According to LastPass, passwords are the key to our digital lives, and users often forget the importance of passwords because of the "inconvenience" they may cause when trying to do things online. The importance of the information that is kept online is worth going the extra mile to protect, which is why we recommend the use of password managers to ensure your organization and its' employees are maintaining secure online habits.

WHY PASSWORD MANAGERS

Having one strong password simply isn't good enough anymore with the current technological landscape.

Over time, users have gradually become connected to more and more accounts that require passwords, which generated the habit of users wanting to use one password for everything to avoid getting locked out of accounts. While it may be habitual to input the same password for everything, the increased amount of data breaches that are seen in the media have made it apparent that it's best to have a unique password for every account that requires one, to ensure overall account security.

That's where password managers such as LastPass or 1Password come into play. These applications assist users in organizing and safely storing all of their different passwords. Gone are the days of putting pen to paper and storing sticky notes around your desk with all of your passwords on it, now all passwords can be easily accessed and found in one application. When logging into an account, all you have to do is retrieve your password for that account if it's not memorized from your password manager. An extra 15-30 second step that can save you time and money in the long run. Not to mention, your accounts are way more secured as a result. 

WEAK PASSWORD TESTS

Ensuring your employees are maintaining a high standard of strong passwords is also necessary in keeping your organization protected. Five Nines conducts tests internally to monitor all user passwords for any potential vulnerabilities. These tests are similar to the one you took above, but on an organizational scale. Conducting these tests not only provides peace of mind that employee passwords are secure, it also holds employees accountable in keeping password safety top of mind. These tests are conducted along with the use of password managers for an extra boost of security.

Maintaining high security of your IT environment requires time, money, and extra effort. Compromising internal files and data due to poor password practices simply isn't worth it. Take the time to set up a password manager account, encourage fellow employees to do the same, and take the extra few seconds to  avoid a security breach.

It's worth it, we promise.

It's always best to be prepared for the worst to keep your organization at its' best. Click below for a free Ransomware Rescue Guide to have on hand that will guide your team through the initial steps of a potential ransomware attack if you ever experience one.

Click Here For Your Free Ransomware Rescue Guide

 

Topics: Security, Threat Landscape, Cybersecurity

Cylance: Proactive Protection For Your Business

Cylance Reformatted

As cybercrime continues to evolve, it's time to look beyond traditional approaches to malware detection. 

In this webinar, we will discuss all things Cylance. This power hour covers everything from simple definitions to how Cylance works within an IT environment, as well as how Five Nines utilizes Cylance to protect businesses from advanced malware. 

WHAT YOU'LL LEARN:

  • What is ransomware and malware?
  • Preventing cyberattacks with artificial intelligence 
  • Using artificial intelligence to predict and prevent threats
  • A complete overview of Cylance
  • Why companies choose to utilize Cylance
  • How Cylance works through a technical demonstration

Presenter: 

Ryan Christensen: System Administrator at Five Nines

Sit back, grab some popcorn, and watch this FREE Five Nines Power Hour Webinar: Cylance - Proactive Protection For Your Business. 

Watch the Cylance Webinar 

 

Topics: Managed IT Services, Threat Landscape, Cybersecurity, Business Continuity, Webinars

Be Prepared To Fight Cybercrime With User Training

Cyber Crime Blog Reformatted

In the tech industry today, even the most reliable tools can be used against you. Five Nines has recently discovered phishing attempts that are in the form of an Office 365 verification email. Wouldn’t you be enticed to click on the links in this email?

Phishing Example.png

Unfortunately, just because it is Office 365, and just because many Office 365 tools are hosted online, does not mean it is any safer. When it comes to cybercrime, you must have a healthy paranoia about everything. Anything is open game.

WHAT TO LOOK FOR

A lot of these phishing attempts happen through email, mobile messages, or unprotected webpages. Here are a few quick tips we recommend:

  • Double check the sender’s email address, is it from a suspicious domain? Are there any tiny grammatical errors? (EX. micorsoft-support.com)
  • Why is the sender asking you to click on a link? Is it to avoid negative consequence or to gain something of value? Think twice about whether it’s a link you should be clicking on.
  • Did you receive the email at an unusual time that is not during business hours?
  • Are there misspellings in hyperlinks?
  • Does the attachment in the email relate to the content of the message?

Download The Social Engineering Red Flags FlierWe have put together a complete flier full of even more red flags to look for when it comes to phishing attempts. Download the flier, read it over, and share it with your team. P.S. it’s free.

Keep in mind, phishing attempts may be in the form of reputable organizations and programs, such as Microsoft and their Office 365 software. For consistent FBI updates on current cybercrime schemes, click here. 

WHAT TO DO ABOUT IT

There are a couple of important components that must be put into place to keep your organization protected from clever cybercrime tactics. First, the antivirus you use is very crucial in protecting your business. Five Nines utilizes Cylance, if you don’t know a lot about this antivirus Five Nines just hosted a Cylance webinar, download it here.

Cylance Power Hour

Antivirus aside, one of the more impactful solutions to prepare for potential cybercrime attempts like the one above is user training and awareness implementation. Five Nines believes giving users the confidence to navigate their devices with the knowledge to identify real threats plays a huge role in fighting against cybercrime. It only takes one wrong click to cause a breach in your IT environment.

Situational training is very helpful, as it provides real scenarios of actual phishing attempts and puts your employees to the test to see if they can identify these attempts themselves. Giving your teams the right tools they need to not only be efficient and productive, but also aware and alert will give your IT environment a significant advantage.

If you’d like to see examples of how Five Nines implements user training, click here for our free Gone Phishing webinar recording.

AN ONGOING PHENOMENON

Cyber crime and phishing attempts will not be going away anytime soon, in fact this phenomenon is predicted to get worse each year. It’s a threat everyone needs to be aware of and prepared for.

According to Cybersecurity Ventures, cybercrime is currently the greatest threat to every company in the world. By 2021, cybercrime is predicted to cost the world up to $6 trillion on an annual basis. These costs derive from destruction of data to productivity loss to the restoration of hacked data systems.

The statistics are scary and intimidating, but you don’t have to fight cybercrime alone. Avoid having someone on your team click on something like the email above by implementing user training within your organization.

Five Nines offers user awareness training to make sure all teams are prepared for the possibilities of phishing attacks and other cybercrime initiatives. If this is of interest to you, click the button below and we will start the conversation about how to train your team.

Cybercrime is growing, but so are protective measures. Take action and prioritize cybercrime prevention to avoid being part of the statistics.

Preparing Your Team With User Awareness Training

Topics: Outsourced IT, Managed IT Services, Phishing, Threat Landscape, Cybersecurity

Planning For The Worst With An IT Business Continuity Plan

 IT Business Continuity

Viruses strike, hardware fails, users click on things they shouldn’t, natural disasters and theft, the list goes on. When disaster strikes, how much are you willing to lose? Learn more about today's threat landscape, how to protect your business, and how to plan for when your defenses fail.

Miss the NE Tech Summit? Download our free presentation to learn more about how you can implement an IT Business Continuity Plan for your organization. 

Presenters: 

Jeff Newton - Senior Account Executive at Five Nines

Adam Palmer - Senior Systems Engineer at Five Nines

Sit back and learn about the NE Tech Summit Session about Planning For The Worst.

Click Here for Free Presentation Download

 

Topics: Security, Threat Landscape, Cybersecurity, Business Continuity