Can Private Browsing Protect You Online?

private-browsing-protect-online-social

1. Get a virtual private network (VPN)
VPNs aren’t just for business and downloaders now, they’ve gone mainstream. Once set up, it creates an encrypted connection from your computer to the VPN providers computer. The other computer could be in another city or another country. When you visit a website, it can only see the VPN computer – not yours. You essentially run around the internet pretending to be another computer, in another location. Since your connection is encrypted, even your ISP can’t see what you’re doing online, making your usage anonymous.

The downsides: Because your internet usage has to route through another computer first, your browsing and download speed could be affected. They can be tricky to set up and not all VPNs offer the same privacy levels (the better ones tend to be more expensive). Some websites may even block visits from people using VPNs, so you may end up switching it on/off as required.

2. Go incognito
Most browsers have a private browsing mode, each called something different. For example, Google Chrome calls it ‘incognito’, Microsoft calls it ‘InPrivate’. Before you take the name at face value, it’s a good idea to talk about how they define ‘private’. Unlike a VPN where you can dance around the internet anonymously, private browsing simply means it won’t show up in your browser history, or what you entered into forms. This feature is free, so you always have the option to use it, and it’s actually more helpful than you might think. Common uses include price shopping to reset sale timers and access local-only pricing and overriding usage limits on certain sites. Some sites use cookies to control your free trials and private browsing can help you get around that. For example, some news sites limit you to 5 free articles a month unless you pay. Private browsing can extend that trial quite easily!

The downsides: It can’t pre-fill saved passwords and it won’t help you type in the website name even if you’ve been there before.

3.  Think about who’s watching
While you might be naturally careful when using a public computer have you thought about who’s watching what you do on your work computer? Some workplaces have employee monitoring software that tracks all sorts of data, including taking screenshots of your desktop. It helps them create rules about computer usage but it may also provide them with evidence you’ve been breaking those rules. Stepping out to the internet cafe can be even more risky, as people can install keyloggers that record every keystroke, including your credit card numbers and logins. You’ll never know your activities are being recorded, even if you use private browsing.

The downsides: None. Awareness of the risks and the possibility of being watched ensures you’re more likely to use the internet safely.

While private browsing can help keep your internet usage under wraps, it’s not a magic bullet to cover all possibilities. Many people believe they’re invisible AND invulnerable while private browsing, a mistake they end up paying for. You’ll still need solid anti-virus and password habits to protect against threat, and to be a smart internet user who avoids suspect websites. Consider the options above as privacy-enhancing measures, not one-stop solutions.

Need help with your online privacy? Give me a call at  (828) 290-8237

How to Securely Dispose of Old Computers

dispose-old-computers-social

Getting new computers for your business is exciting, but what happens to the old ones? Depending on the age, some people sell them, others throw them out. That’s the easy part. The problem is the sensitive data on them. There are passwords, account numbers, license keys, customer details, medical information, tax returns, browser history…. the works! Each computer, whether laptop, tablet or desktop, contains a treasure trove of sensitive information that cyber criminals would love to get their hands on.

Unfortunately, hitting delete on your files doesn’t actually make them disappear. These mistakes have cost businesses millions of dollars over the years.

Most businesses are unaware that specialized data cleanup is necessary, others think calling someone to collect the computers will cover all the bases. A 2016 experiment proved just how dangerous the situation can be when they bought 200 used hard drives and found 67% held unwiped, unencrypted sensitive data, including sales projection spreadsheets, CRM records, and product inventories. Frighteningly, they didn’t need any special hacking skills to get this data, it was all right there and helpfully labelled. It’s also not surprising that with simple data recovery tools, people have also been able to access British NHS medical records and missile data, all waiting patiently on a discarded hard drive.

Why hitting delete doesn’t help

Data on a hard drive works like a book with an index page. Every time data is written, it pops a quick entry into the index so when you need it again, it knows where to look. The index is used for files you create as well as system files you can’t even see. Sensible, right? Except if you delete a file it’s more like changing the index to say nothing is on page 10 and you can write something else there when you’re ready. But if you manually flip to page 10, you’ll find the information is still there – the file still exists until it’s been written over – it’s the index reference that got deleted.

Wiping data before disposal

There are software tools you can get to do it yourself, as well as dedicated security firms, but your best option is to choose an IT business you know and trust. With that in mind, a methodical approach is required to ensure not a single drive is left untreated. You don’t want to leave data behind, or even clues that a motivated person could extrapolate any private information from. The approach might include using checklists to maintain security, or dedicated processes to guide each step in decommissioning. Careful records should also be kept, including who signs off on completion of the retirement, and where the computers are sent afterwards. A proper inventory and auditing process may slow the rollout of the new computers slightly, but it’s always better than having your old data come back to haunt you.

I can migrate any needed data, backup the information to your server or external drive, then wipe or destroy the hard drives for you.

Upgrading your business computers should be a happy time for you and your employees, so with a little forward planning, you’ll be able to keep everyone smiling and all your data secure.

Need help with your old hardware? Call me today at (828) 290-8237!

What’s That Weird Noise Coming from Your Computer?

computer-noise-social

New computers are whisper quiet, seeming to run on pure magic, but after a while computers can start making some pretty weird noises. Clicks, clunks, and about-to-take-off jet noises are the most common, but when should you worry? Your computer has a number of moving parts and even some stationary parts that can make noises. If you’re listening, your computer might be telling you about its current health and how you can help it run smoother, for longer.

When you hear a clicking noise: This could be normal if it’s more like a soft tick. Mechanical hard drives work a bit like a record player with a needle and platter, so you might simply be hearing it spin up and move the needle around. When it starts sounding like a loud click it’s usually the needle hitting the platter too hard or bouncing around. If your hard drive has started making alarming noises, you should get it looked at as soon as possible. Just like a record player, scratches that ruin your data are possible, and if ignored for long enough, it doesn’t just skip and have trouble reading the drive, the whole thing can become unusable.

A technician can copy the files onto a new drive before it gets to that point, but retrieving data from a destroyed hard drive is rarely achieved without CSI-level expenses. It’s easier and much cheaper to replace the hard drive at the first sign of failure.

When you hear a clunking noise: Unsurprisingly, this one causes certain alarm. Computers aren’t meant to go clunk!  It may be a simple matter of a cable having shifted into the path of a fan and getting clipped during the spin. Remember when you pegged a card between your bicycle spokes? It might sound a little like that, skipping every now and then as it’s pushed away and drops back again. If that’s the case, a technician can quickly secure the cable back where it belongs.

When you hear a jet-engine noise: Most computers and laptops have fans to keep them cool. The fans have to spin to move the air around, and the faster they’re spinning, the more noise they make. We start to worry when the jet-engine noise gets out of hand and it’s not just while you’re playing a resource-intensive game or doing some video editing. Constant jet-engine noise indicates your computer is struggling to cool itself down, perhaps because the fan vents are clogged with dust, your computer is in a poorly ventilated space, or the fan itself is worn. Each fan has ball bearings inside that wear out over time, making extra noise while it does the best it can. I can replace individual fans quickly and give your system a checkup to make sure nothing else has been affected.

When it’s beep city: Your computer’s friendly beep as you switch it on actually has multiple meanings. It’s not just saying hello. The single beep you normally hear indicates that it’s run a self-test and everything is fine. When your computer is very unwell, you might hear more beeps than usual. This is because each beep combination is a code to technicians, letting us know what’s gone wrong.
Certain beep combinations mean the memory is loose or damaged, others that the video adapter has a problem, etc. If your computer has started beeping differently, let me know so I can decode it and repair the problem for you.

Some noises your computer makes will be normal, others a sign of deeper issues. Even if your computer seems to be operating correctly, a sudden onset of weird noises could mean failure is just around the corner. Taking early action ensures problems don’t escalate, costs are kept low, and your files remain where they belong.

Got some weird noises coming from your computer? Give me a call today at (828) 290-8237.

Is it Time to Retire That Program? Here’s How to Tell for Sure

retire-program-social

Your business has likely been using the same set of applications for some time. Perhaps since the day you started, a long time ago. While you’ve been replacing computers and devices regularly to maintain your competitive advantage, the standard installation has remained largely the same. The programs do the job and everyone knows how to use them, so why upgrade? In some cases, it’s completely fine to keep that legacy program.

However, there are some aspects you should consider:

Support Available
Occasionally, and more frequently with software from smaller developers, the author has moved on from supporting the program. Perhaps they’ve closed the business, sold it, or pivoted directions completely. Either way, they’re no longer interested in helping you get the best from the program. Every time your employees come up against a problem they have nowhere to turn and productivity takes a hit as they try and come up with a workaround. Meanwhile, you run the risk that it could suddenly stop working after a Windows update, begin clashing with other essential software, or even create gaping holes in your security.  As you are aware, even the bigger companies like Microsoft stop supporting software after a while, as they have with earlier versions of Windows. Having support available to both assist and protect is a huge asset to your business.

Hardware Compatibility
Imagine picking up a brand new computer and trying to insert a 5 ¼ floppy disk – that’s the 1980s retro square ones bigger than your hand – it doesn’t matter how effective that program will be, modern technology simply has no idea what to do with it. Thanks to the rapid advancement of computer hardware, you may find a simple component refresh leaves your legacy program completely incompatible. The latest CPU that’s supposed to speed things up suddenly brings your entire business to a standstill, purely because it’s too advanced. Many owners work around this by keeping some older systems running exclusively for that program, but as the classic hardware fails, you may find yourself struggling to find replacement parts or technicians able to install them.

Security Vulnerabilities
Broadly speaking, the longer a program has been around, the longer hackers have had to discover its weaknesses. It could be a flaw in the program itself, or in the operating system that runs it. For example, the application may only run on Windows XP, but Windows XP is one of the earlier versions that Microsoft has stopped supporting. As the older operating systems and programs aren’t being patched, cyber criminals pour more energy into finding flaws they can exploit. It’s open season in their minds, and a free ticket to all your connected systems.  It’s how hospitals across the UK found themselves infected with ransomware last year, simply because they were running programs with known weaknesses.

As it’s not always feasible to replace a program immediately, I can help you run it on a virtual machine. That is, running the older operating system or program from within another program. You’ll have increased security, an element of support and a strong backup system while you work to find a replacement program. These types of solutions are very specialized and resource hungry though, so let me know if you need help. The other option is to migrate to a new program that does what you want, and is supported, hardware compatible and secure. If you’ve been running the old program for some time, this may feel quite daunting at first. Before you rule it out, keep in mind you’ll also be gaining the benefits of faster software, more integrated processes and a highly flexible system.

Need to talk through your options? Give me a call at (828)290-8237.

5 Tech Travel Tips You Can Use

tech-travel-social

Travelling soon? For most people, this also means making sure your tech is packed and ready for the adventure. Smartphones, ebook readers, tablets, laptops and smart watches are now so light and portable that you’d never think of leaving them behind, plus they can add a ton of value your experience. Here are a few tips to consider before you hit the road.

1.  Backup to the cloud
While you’re jet setting around, relaxing on a beach or hiking your way to freedom, your tech is always going to be exposed to a level of risk. This might range from accidentally leaving your laptop at a cafe to having it stolen from your bag, but either way the problem is the same – your data is now gone. If you’ve backed up your devices to the cloud (eg Evernote, Microsoft OneNote or Google Drive) you’ll be able to access your files easily and securely from anywhere.

Hot tip: Scan or save important documents like itineraries and passports to the cloud.

2. Pack the right cables
Begging random strangers for a loan of their cable isn’t much fun, so remember to bring the exact cables and chargers you’ll need. Most smartphones and tablets use universal plugs like Micro USB, USB C or Apple Lightning, so you can get away with only packing one cable. Many locations now offer powered USB ports but be sure to also pack the right charger as well, it’s a convenience you’ll appreciate. If you’re travelling overseas and the socket is different, remember to pack a plug converter, and depending on your destination, you might even find the voltage is different. It’s a good idea to check whether you also need a voltage converter before you try and charge.

3. Download offline data
It’s no secret that global roaming can give nasty bill shocks. The easy access data you normally use over Wi-Fi or get included in your cell plan has us all accustomed to being connected. While travelling, you might find yourself in a location where data costs a fortune or it’s not available at all. Download any files you might need, including important documents like itineraries and bookings, so that you can access them even without a connection.

4. Update and scan
Just like you’d make sure you’ve got the right vaccinations and travel gear, make sure your tech is ready to travel too. Set aside a few minutes to run updates for your operating systems and apps, as well as your anti-virus. Go one step further and run a manual anti-virus scan too. The last thing you want to deal with one your trip is a cyber attack!  While you’re doing your pro-active thing, turn on password protection for all devices so that only you can unlock them.

Hot tip: Use a complex password that is hard for thieves to guess.

5. Mark your territory
Almost exactly the way it sounds, let everyone know this tech belongs to you. Write your cell number on portable devices in case you get separated so whoever finds it can give you a quick call and save the day.  Don’t want to use permanent marker on your shiny tech? Grab some sticky labels you can peel off when you get home.

You can also get little Bluetooth tracking tags to stick to your gear, so that if you ever lose something you can chase it down. Similarly, you might like to consider enabling the ‘find my feature on Apple devices. Having this feature switched on also means you can disable your device remotely, an excellent security option if it’s been stolen.

Need help preparing your tech for travel? Give me a call at (828) 290-8237.

Why Periodic Security Assessments Should Be Your New Normal

securityassessments-social

By now you know that building up your cyber security is just as important as building up your cash flow. Both are essential to your success, but while most businesses keep an eye on the financials, they tend to think cyber security is something they can set and forget. Unfortunately, cyber criminals are constantly coming up with new methods of attack and the security you had in place yesterday may not be sufficient today.

Instead of reacting to breaches and taking on the costs of downtime, lost files and destroyed trust, a periodic security assessment can identify blind spots that place you at risk. Once you know about these problems, you’re able to proactively setup adequate protection before cybercriminals strike. It’s best to use independent IT experts who can audit your security from an outside perspective, often seeing risks that would otherwise be missed.

Regulations change – Are you affected?
Many businesses are kept to strict government regulations around the way they store, process and protect data. Their operating license depends on staying as secure as possible. All regulations require regular security assessments but they vary in scope and time frame. As regulations change, so do the security assessment requirements. You can imagine how much stricter they are now compared to just 5 years ago. I can ensure your business is meeting the relevant regulations, diving deep to be certain you’re safe.

Security patches and updates are vital
It’s so easy to fall behind on your security patches, after all, it seems like there’s a new update every week and each one takes precious time to apply. Cyber criminals are targeting businesses running late, and it’s basically easy pickings for them. If you’re unpatched where it counts, it’s like inviting them in. When we conduct your security assessment, we can take a look at your history and see if your business has a robust patch plan in place and make sure you’re up to date. If there’s an issue that’s placing you at risk now, impacted you in the past, or will in the future, we’ll find it.

Viruses are always evolving
Just like the human variety, computer viruses are nothing to welcome into your workplace. They’re constantly evolving to skip past anti-virus scans and do damage in new and interesting ways. Cyber criminals know people are more aware of the traditional infection methods like downloading an attachment or inserting an infected USB, so they’re getting more and more creative. Your security assessment doesn’t just include ticking that you have the latest anti-virus, it includes identifying where you’ve had the most breach attempts and where your biggest vulnerabilities are. This type of precise awareness has a lasting impact on reducing your risks.

Your business may have changed
As your business has grown over the years (or shorter if you’ve experienced a recent surge), your entire setup has changed. More employees, expanded remote access, additional vendors, supplementary locations…the list really is endless. With each change has come a new risk, particularly if your security has been growing around you. It might be that your password policies haven’t been updated since you began, or that you still have the old voicemail system even though phones are within easy reach of customers. This is perhaps one of the most useful areas a security assessment can help with, as you and your employees are accustomed to the business working in a certain way, whether that way leads to risk or not. Our experts will be able to see things from a different perspective, particularly as we make sure to think the same way a cyber criminal would.

What to do with your assessment results
Once we’ve finished the assessment you have a benchmark for progress. You’ll know exactly what you need to do, how I can help, and perhaps most importantly, which actions take priority. Moving ahead, future security investments will be smarter as you focus on the high-payoff areas. You’ll also know exactly what you’ve done well and where your security strengths lie. Employees will see how much you value security, which helps to create a stable culture, and you’ll be able to report your commitment to customers, confirming they’re making the right choice by staying with you.

Book your security assessment today. Call me at (828)290-8237.

Should You Pay for a Ransomware Attack?

ransomware-social

Getting hit with a ransomware attack is never fun, your files get encrypted by cybercriminals and you’re left having to decide: should we pay to get them back? It’s a scene that’s played out across the world with plenty of businesses saying ‘yes.’ Here’s what you should consider if you’re ever in this situation.

Do you trust them?
Besides the fact that they’re criminals holding your data hostage, how confident are you that they’ll send the decryption key? Most attackers demand you send the payment via untraceable Bitcoin, so you have no recourse if they take it and run. You’re also equally trapped if they decide they asked too little and come back with increasingly higher demands. If they do send the decryption key, be aware they still have access to your systems and can hit you again at any time until your network is disinfected. Businesses don’t exactly want their breach publicized either, so many don’t admit to paying the ransom, whether it went to plan or otherwise.

Can you manage the impact?
Best case scenario, you can wipe the affected drives and restore from a clean backup without paying the ransom. You might even decide the encrypted files aren’t that important and simply let them go, or even wipe a whole laptop or workstation. The attacker will usually give you a countdown to motivate a payment, with a threat of deletion when it hits zero. If the data isn’t that valuable, or you have confirmed backups, this urgency has no effect. There are also new types of ransomware like KillDisk which can permanently wipe your entire hard drive or even network.

How much do they want?
Cybercriminals rarely send out global attacks with set amounts, instead, they prefer to customize the ransom based on how much they think you can pay. Large corporations and hospitals are hit with very high demands, while small business demands are more modest. They may be criminals, but they’re smart people who know your financial limits. They’ll also consider how much similar businesses have paid and how quickly, then expect you to follow suit.

Are your backups good?
Many businesses are discovering too late that their backup systems aren’t robust enough to withstand this type of attack. Either they’ve become infected too, they weren’t up-to-date or they backed up the wrong data. It’s worth doing some quick checks on your backup processes as even if you have to take the system down for a day as you recover, you’re still light years ahead of those without them.

What’s your policy?
More and more often, businesses are adding ransomware to their disaster recovery plans and having predefined actions mapped out. Seemingly simple inclusions like who has final say over the payment decision can stop chaos in its tracks. Employees and management alike can then approach the situation calmly, ready to make the best decisions for the business.

Stay safe in the first place
Ransomware is showing no signs of slowing down. As more businesses keep them funded the cybercriminals are steadily launching new attacks and making it their full-time job. Most attacks come via phishing emails – those emails that trick employees into clicking a link – and they can be extremely convincing. While training helps people spot them, it’s no guarantee. Using business-class spam filters can catch many of these types of emails before they land in your employee inboxes so that triggering a ransomware attack becomes something that happens to other businesses, not yours.

Secure your data systems now, I can help! Call me at (828) 290-8237.

What’s Best for Your Computer: Shut Down or Sleep?

power-off-social

Most homes are trying to reduce power costs by turning off lights and appliances, but do the same rules apply to computers? After all, it requires more than flicking a switch on your way out the door. Some people believe you should shut down after every use to save wear and tear, others believe you should never shut down your computer – ever. Others simply want to make sure the pages and apps they left open are still there waiting for them. So, who’s right and what are they really doing?

Back when computers were clunky behemoths that took a long time to start, you’d go nuts at the person who shut it down when it was your turn. If you have an older computer, maybe you still do.  Modern computers actually have two options for their downtime: Shut down or sleep.

When it shuts down, the system goes through and closes any open programs (often prompting you to save first), then gradually cuts power to all components. It’s a methodical process that seems quite fast to us but is actually made of 100+ intentionally ordered steps. If there’s a sudden blackout or you hold the power button until it turns off, it means the steps aren’t followed and damage is possible. The second option is to put your computer to sleep. This can be triggered by an automated timeout or a user click. Your system uses a special type of memory called RAM to hold all your running programs exactly as you left them but use minimal power. The hard drive stops spinning, the graphics card lets the screen go black, and even the system fan slows to become almost silent. When you wake it by moving the mouse or pressing a key, it ‘wakes’ again almost instantly.

Reasons to Shut Down

A switched off computer isn’t drawing power which is a tick for the environment. But shutting down is about more than saving power. It can sometimes give improved stability over a machine that’s been running for days/weeks. This is because every time you shut down, you give your computer a chance to clear out all temporary junk files it’s been carrying in memory. It also triggers various health checks on startup that may otherwise be missed, important routines like checking for updates or scanning for viruses. It’s certainly more convenient to spend an extra minute booting up than lose everything to a cyber-attack. For older computers or those under heavy strain like gaming or video editing, shutting down also provides a necessary chance for the components to cool down.

Reasons to Sleep

Speed is the big selling point here. You can literally sit down and start working where you left off without the delays of bootup, finding your program, opening your saved files, scrolling down… it’s all right there and ready. You can even tell it how long to wait before putting itself into sleep mode, just in case you get called away and forget. Windows updates still run in the background, so that’s okay, but it’s important to note that your computer might get stuck waiting for a reboot that never comes.  Those pending updates may stack up, ineffective until it either forces a reboot or becomes unstable enough that you give in to a restart.

The best method is….

Since the whole point of having a computer is that it’s ready to work when you are, I recommend shutting down at night at least once a week when it’s definitely not in use but using sleep mode during the day. Updates will get all the rebooting they need, memory is refreshed for the new day, and you’ll get the best of both worlds – speed and stability.

I can help your computer boot faster, give me a call at (828) 290-8237.

How to Survive A Hard Drive Crash: What You Can Do Today

survive-a-crash-social

There’s been a massive digitization of the population, which despite keeping everyone entertained and connected, comes with one gaping flaw – a hard drive crash could wipe out your data in an instant. Nobody’s immune, grandparents routinely rock the latest smartphones and post on Facebook. Nearly all schoolwork is done on computers or tablets, ebook sales far outstrip their paper cousins, and photo printing is a rarity. Unless there’s a physical requirement like putting a photo into a frame, all our data is staying digital.  People’s entire lives, their memories, and work are on personal hard drives, yet a large majority of households have no backups.

If you’ve ever lost your data or had your computer stolen, you know the panic and rage that follows…turning the house upside down, hoping desperately to find that USB stick that maybe your data was copied to, once upon a time…before collapsing onto the couch as it sinks in: there’s nothing left.
While hopefully your hard drive is still in good shape, surprise failures do happen. The mechanics don’t last forever, and even brand-new drives can be blitzed by a power surge. Theft is always a risk, as is user error like deleting files accidentally, or even getting hit by a nasty virus that destroys or holds your files for ransom. That last one is tricky. Most households are using apps like Dropbox, iCloud or OneDrive as their backup, thinking if their hard drive crashes or gets stolen, they’ll just download the files from there. Unfortunately, those very handy apps are no help if you’ve been hit with ransomware. Almost instantly as the malware encrypts your local files until you pay up, those sync apps upload the infected versions – for your convenience. Older, safe versions of the files no longer exist, because these apps are designed to give a constant mirror of your drive, not a backup.

Stop for a moment and think about what you’d lose right now if your hard drive failed. What’s on there? Household management files like tax info, warranties you’ve scanned in, photos of your children or grandchildren, videos of first steps and school plays, maybe even your wedding video? While some losses are merely inconvenient, like recreating your budget or rebuilding your recipe collection, other losses are heartbreaking.

What You Can Do

Backing up at home used to be something only tech geeks did, but like everything cool, it’s gone mainstream. I recommend a 3-2-1 approach: 3 copies of your data, with 2 local at your home and 1 offsite.

Typically, this means keeping your regular hard drive where your data is now, one copy of precious files on a backup USB drive, and one that automatically uploads to the secure cloud as you add new files. That way, the USB drive protects your data if your computer dies, and the cloud copy protects you if something happens to the computer and your USB drive, like fire, flood or theft. It’s a good idea to make sure you unplug that backup USB drive afterwards and pop it into a drawer, as connected devices can easily become infected during an attack or stolen during a break-in.

Two of these methods require you to actually pay attention, which is where many households struggle. It’s a rare home where someone takes the time to sit down each week and carefully run a backup. Not that it’s tricky, but unless you’re one of those geeks it’s pretty boring and not a high priority after a long day! That’s why I recommend a cloud backup solution for many people.

You’ll be able to retrieve files at will, without having to roll back your entire drive, and know your solution has caught even the smallest file change without you needing to flag or mark it in any way. Even better, because it’s in the cloud, you can access your secure backup from anywhere. Left a work file at home? No problem, it’s in your cloud backup. On vacation and need to check a detail or show off a photo? No problem, it’s in your cloud backup. .

If you’re ready to protect your data before you lose it, give me a call at (828) 290-8237.

Fake Invoice Attacks Are on the Rise – Here’s How to Spot (and Beat) Them

fakeinvoice-social

Businesses around the world are being struck with a cyber-attack that sends victims a fake invoice that looks real enough to fool to most employees. It’s an old scam that used to see bills faxed or mailed in, but it’s made its way into the digital world and instances are on the rise.

Chances are you’ve already seen some of the less effective attempts, like an email advising your domain is expiring, except it’s not from your host and your domain is nowhere near expiration. These new attacks are more advanced, in that they look completely legitimate and are often from contractors/suppliers you actually use. Logos are correct, spelling and grammar are spot on, and they might even refer to actual work or invoice numbers. The sender name may also be the normal contact you’d associate with that business, or even a co-worker, as cybercriminals are able to effectively ‘spoof’ real accounts and real people. While it’s worrying that they know enough about your business to wear that disguise so well, a successful attack relies on you not knowing what to look for, or even that fakes are a possibility. With that in mind, here are two types of invoice attacks you might receive:

The Payment Redirect

This style of fake invoice either explicitly states payment should be made to a certain account, perhaps with a friendly note about the new details, or includes a payment link direct to the new account. Your accounts payable person believes they’re doing the right thing by resolving the invoice and unwittingly sends company money offshore. The problem usually isn’t discovered until the real invoice from the real supplier comes in or the transaction is flagged in an audit. Due to the nature of international cybercrime, it’s unlikely you’ll be able to recover the funds even if you catch it quickly.

The Malware Click

Rather than go for the immediate cash grab, this style of attack asks your employee to click a link to download the invoice. The email may even look like the ones normally generated by popular accounting tools like Quickbooks, making the click seem safe. Once your employee has clicked the link, malware is downloaded that can trigger ransomware or data breaches. While an up-to-date anti-virus should block the attack at that stage, it’s not always guaranteed, especially with new and undiscovered malware. If it does get through, the malware quickly embeds itself deep into your systems, often silently lurking until detected or activated.

How to Stay Safe

Awareness is key to ensuring these types of attacks have no impact on your business. As always, keep your anti-virus and spam filters up to date to minimize the risk of the emails getting through in the first place. Then, consider implementing a simple set of procedures regarding payments. These could include verifying account changes with a phone call (to the number you have on record, not the one in the email), double checking invoices against work orders, appointing a single administrator to restrict access to accounts, or even two-factor authorization for payments.

Simple pre-emptive checks like hovering the mouse over any links before clicking and quickly making sure it looks right can also help. Like your own business, your contractors and suppliers are extra careful with their invoicing, so if anything looks off – even in the slightest – hold back on payment/clicking until it’s been reviewed. Fake invoices attacks may be increasing, but that doesn’t mean your business will become a statistic, especially now that you know what’s going on and how you can stop them.

I can help increase your security. Call me at (828) 290-8237.