INFORMATION TECHNOLOGY FOR SMBs
Our blog articles archive includes it security tips, cybersecurity alerts, state of IT reports, and tips on information technology for small and medium size businesses.
Recommendations for ensuring recovery and continuity in the face of the growing cybersecurity threats to SMBs
Businesses must prepare the front line of defense against ransomware attacks: your employees. Today’s companies must provide regular and mandatory cybersecurity training to ensure all employees are able to spot and avoid a potential phishing scam in their inbox, a leading entrance point for ransomware. Businesses must leverage multiple solutions to prepare for the worst. Today’s standard security solutions are no match for today’s ransomware, which can penetrate organizations in multiple way. Reducing the risk of infections requires a multilayered
DNS hijacking, DNS poisoning, or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries. This can be achieved by malware that overrides a computer’s TCP/IP configuration to point at a rogue DNS server under the control of an attacker, or through modifying the behaviour of a trusted DNS server so that it does not comply with internet standards. These modifications may be made for malicious purposes such as phishing, for self-serving purposes by Internet
Microsoft has published today 80 security fixes across 15 products and services, as part of the company’s monthly batch of security updates, known as Patch Tuesday. Of the 80 vulnerabilities patched today, two are so-called zero-days — security flaws that had been exploited before fixes are released. The two zero-days are CVE-2019-1214 and CVE-2019-1215. Both are elevation of privilege (EoP) vulnerabilities. EoP vulnerabilities are usually exploited by malware to gain the ability to run malicious code with administrator privileges on
Did you know that in the U.S. 70% of employees lack a basic understanding of cybersecurity best practices? Vulnerabilities in your organization can lead to a major fallout in case of a cyberattack. Cyberattack simulation and invocation and test of incident response protocols help businesses and regulators practice an effective coordination in the event of a systemic cyberattack, but many organizations underestimate the importance of the testing. Organizations participation in cyberattack exercises: 26% of organizations overall never participate in any
If you want to run commercial transactions, or process your website’s data online securely, you need an SSL certificate for your website. Basically, it gives you the valid encryption for the website – and if you ever wondered what is the difference between domains that have http:// or https:// in the URL, this is it: letter S in https:// means that it is a secure, encrypted connection. Most common everyday use for the SSL is in the e-Commerce. SSL stands
Local governments are increasingly being targeted by cyber threats. These attacks typically come in the form on ransomware, holding the municipalities’ data hostage until either the ransom is paid or data is restored from a backup. Examples of ransomware attacks in 2019: June 20, 2019: Riviera Beach, Florida, discloses ransomware attack and payment. May 7, 2019: City of Baltimore hit with ransomware attack. April 2019: Cleveland Hopkins International Airport suffered a ransomware attack. April 2019: Augusta, Maine, suffered a highly targeted malware attack that froze the
A cybersecurity breach in any industry is a serious matter. Healthcare professionals are some of the most vulnerable targets. Not so long ago, one of the largest batch of data containing just over 9.2 million health insurance records was offered for sale on dark web – a huge blow for PHI. How sure are you about your records not being compromised? Data breach and Dark Web sales are a big worry not just because of HIPAA compliance. The most profitable
The New Jersey Institute of Technology is hosting the event from July 22 to July 25, featuring presentations and break-out sessions about a variety of technological innovations. The post VOICE Summit, expecting 5,000 attendees, kicks off at NJIT appeared first on NJBIZ.
A new malware framework has been discovered padding statistics on social sites and ad impressions, according to new research from Flashpoint. Researchers explained that over the course of the past three months, the malware framework has been responsible for more than one billion fraudulent Google AdSense ad impressions. The malware uses three separate stages of installation to deliver a malicious browser extension that performs fraudulent AdSense impressions and generates likes on YouTube videos. It also watches hidden Twitch streams. The
INTERVIEW WITH DAVID DADIAN OF POWERSOLUTION.COM Interview with David Dadian of powersolution.com New Jersey Innovation Institute, an NJIT Corporation, July 16, 2019 Tamara Williams of New Jersey Innovation Institute (NJII) spoke with David Dadian, one of our Health IT Cohort members, about powersolution.com’s experience securing and supporting IT environments in physician practices, which many times are exposed to data losses and HIPAA violations due to a practice’s lack of understanding of the risks and/or not giving the right level of
The word spoof means falsified. A spoofed email is when the sender purposely alters parts of the email to make the message appear as though it was authored by someone else. Commonly, the sender’s name/address and the body of the message are formatted to appear from a legitimate source. Sometimes, the ‘spoofer’ will make the email appear to come from a private citizen somewhere. A spoofed message can appear to be sent from a coworker, a bank, a family member