SME, Inc.

  • Home
  • About Us
  • Services
    • Cloud Solutions
    • Compliance Solutions
      • ALTA Best Practices
      • CMMC
      • DFARS
      • HIPAA
      • PCI DSS
      • Security Awareness Training
    • Data Center Services
      • Hosting
      • Monitoring
      • Hands & Eyes
    • Managed Security Services
      • Asset Management
      • Nextwall™ Managed Firewall
      • IDS/IPS
      • Managed Anti-Virus
      • VPN/Remote Access
      • Vulnerability Assessment Services
        • External Vulnerability Assessment
        • Internal Vulnerability Assessment
        • Web Application Testing
    • Technical Support
      • The SME Tech
      • Backups
      • Remote Support
  • Blog
  • Contact Us

February 19, 2021 By SME, Inc.

Ransomware Prevention: Backups & Data Recovery

Ransomware attacks have caused many organizations to lose highly important or sensitive data. Most recently, it has come to light that Kia, the vehicle manufacturer has suffered a ransomware attack where the attackers are demanding $20 million in payment in order to decrypt the data. 

While prevention is the best defense for ransomware, once a ransomware attack has already occurred, the best chance to recover the data is to maintain regular data backups, otherwise you’re only option left is to pay the ransom, and in some cases, even that does not guarantee your data will be decrypted. However, as critical as it is to protect your data — you must also take measures to prevent backups from getting encrypted by ransomware as well.

What is Ransomware?

Ransomware is a form of malware, or virus that encrypts data and files on a victim machine, which then prevents users from accessing their files. When ransomware infects a system, it starts searching for files and then begins encrypting them, oftentimes it will encrypt all of the files on the machine. Attackers hold the key that can decrypt the files, which they commonly will offer to give to the victim once a ransom payment has been made, but it is not always a guarantee.

Most ransomware will display a ransom notice/pop-up to users, usually by replacing their desktop background image or placing a text file with instructions in the folders it has encrypted. The ransom notice demands payment, which may be between hundreds and several thousand dollars, most typically to be paid in cryptocurrency to keep the transaction anonymous, and untraceable. 

Backup and Recovery, aka Disaster Recovery

Data backup and recovery is the process of backing up your important data in the event of a loss and setting up secure systems that allow you to recover the data as a result. Data backup requires the storing copies and archives of computer data to make it accessible in case of data compromise, corruption, or loss due to deletion. 

Data can only be recovered from an earlier time if it has been backed up. This is often referred to as operational recovery. Recovery from a backup typically involves restoring the data to the original location, or to an alternate location where it can be used in place of the lost or damaged data. A proper backup copy is stored in a separate system or medium, such as tape, from the primary data to protect against the possibility of data loss due to primary hardware or software failure.

Disaster Recovery Can Prevent Loss Due to Ransomware

Performing and maintaining regular backups and part of a Disaster Recovery plan is the best way to protect yourself against Ransomware. If you have a clean backup of your data when a ransomware attack hits, and are also able to prevent ransomware from reaching the backup and encrypting it too, then you have a safe and easy way to recover without having to pay the ransom.

Here are some best practices and tips to protect your backups against ransomware:

  • Keep an offline backup — keep a copy of the backup offline. If/when ransomware hits, the malware can attack anything that the infected system has access to. Keep an offline backup, this will mitigate the risk. Another tip is to use traditional backup tapes, which are impossible for ransomware to attack.
  • Make use of immutable storage — also known as WORM (Write-Once-Read-Many), immutable storage can store data and lock it to prevent further modification. Immutable storage ensures backups remain unchanged.
  • Endpoint protection on servers containing backups — modern endpoint protection platforms can detect ransomware as it begins to infect a system, mostly by recognizing its strange behavior. These platforms can lock down the infected systems and isolate them from the network to prevent the ransomware from spreading. This can be extremely useful for all organizational endpoints but is especially important on the backup server itself.
  • Increase backup frequency — see how often you are backing up your own data. Backup frequency will determine how much data can be lost in a ransomware assault. Even if you are backing up once a day or once every few hours, consider the cost of losing all the data since the previous backup. 

The 3-2-1 Backup Method

The 3-2-1 backup method is a recommended best practice for recovery and backup, and can also help mitigate ransomware risks. No backup strategy is foolproof, but following the 3-2-1 rule is probably the most recommended way to prevent data loss.

Here is how 3-2-1 backup works:

  • Keep 3 copies of your information — one main copy and two backups.
  • Use 2 distinct media formats — for example, SSD drive, tape, magnetic disk or cloud storage.
  • Keep 1 of those copies offsite — the most secure option is to store data to a tape and deposit it in a very secure location. Another option is to automatically take a snapshot of the data and send it to a disaster recovery location.

Tips for Testing Backups

  • Test from your regular backups, in whatever media you use.
  • Don’t just test a couple of files. Make sure you can restore entire directories, servers, or applications.
  • Restore to a different computer or server.
  • Keep a copy of the install disks for your backup software with the backups themselves.
  • Be sure to document the process for restoring or reinstalling applications, especially if there are any special tips or tricks needed to perform the task. Put this into a text file in the application so that it gets backed up with everything else.

SME offers both Managed Backup solutions and Cloud Backup Storage solutions that ensure reliable backups of your data, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Filed Under: Uncategorized

February 14, 2021 By SME, Inc.

What Hackers Love: Corporate Edition

Happy Valentines Day from the SME family. Many of us enjoy this time of the year, but did you know that hackers do too. 

But what exactly do hackers love…?

Last week we posted our blog post What Hackers Love: Home Edition, where we covered a few topics that hackers typically love when attacking or breaching home networks. This week we’ll be covering a few topics that hackers love to look for when attacking enterprise networks.

These topics cover businesses of all sizes. From the small mom and pop shop, or the online business, to large organizations. What’s discussed here is applicable to any business.

Hackers Love: Unpatched Systems

Unpatched systems, and software can be a magnet for malware and viruses. Especially if it is a widely used app like Adobe Flash or Internet Explorer. A classic example is the Conficker worm on Windows that was discovered in late 2008, which took advantage of unpatched versions of Microsoft Windows.

From 2019-2020, the most exploited software applications were Adobe Flash, and Internet Explorer

https://www.verdict.co.uk/top-software-vulnerabilities-2019/

Around 60% of small businesses get hacked every year as hackers are finding new ways to break into computer systems. As cyber attacks become more prevalent, proper network security is more important than ever to reduce, and mitigate the risk of a data breach and maintain not only your customers’ data, but their confidence in your company and your reputation.

Many companies are taking proactive security measures to lower their risk of vulnerabilities — one of the major ones being patch management. Patch management has often been ignored as part of cyber security, but its importance and the benefits it can provide shouldn’t be ignored.

Hackers Love: Lack of Encryption

Encryption is the process through which data is encoded so that it remains hidden from or unreadable to unauthorized users. Encryption helps protect sensitive data, and can enhance the security of communications between not only apps and servers, but between yourself and your customers. When data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.

If you think your business is too small to benefit from encryption technology, think again. Encryption has largely been thought of as a more advanced form of data security, expected to be seen in large enterprises rather than small companies. However, cyber threats are growing among organizations of all sizes, especially small businesses, which are more likely to have fewer resources with which to protect themselves than large corporations. As the threat landscape continues to grow, encryption is becoming an increasingly critical component of any company’s security strategy.

Organizations large and small, and across industries are implementing encryption technology to protect their customers and employees Personally Identifiable Information (PII), company secrets, financial data, and more. Malware attacks, and phishing are on the rise, password protection is not enough, and even if your data is hosted in the cloud, at the end of the day, you’re still at risk. 

Hackers Love: Flat Networks / No Network Segmentation

Network segmentation is the practice of breaking up a larger computer network into several small sub-networks that are isolated from one another. Network segmentation is also a key part of PCI DSS compliance requirements. The PCI Security Standards Council calls for the use of network segmentation in order to help isolate all system components that are used to store, process, or transmit credit/debit cardholder data or other sensitive authentication data.

Setting up and configuring network segmentation can be a tad bit of a hassle starting out but the benefits of segmenting your network can massively outweigh the challenges. Some key benefits of network segmentation include:

  • Slowing Down Attackers, Buying You More Time. If an attacker breaches your network, and that network is segmented, then it will take some more time for the attacker to break out of that segmented portion of the network to get at the resources they’re actually after.
  • Increases Data Security. Segmenting networks makes it easier to protect the most sensitive data and internally-facing network assets. This extra layer of separation between servers containing sensitive data and everything else outside of the network can drastically reduce your risk of data loss or theft.
  • Reaffirms Policy of Least Privilege. Network segmentation makes it easier to restrict user access to sensitive information and systems. If a user’s access credentials are compromised—or abused, this can be invaluable for protecting that information. Essentially, network segmentation helps protect your business against both internal and external threats.
  • Reduces Damage from Attacks. Because strong network segmentation can help keep attackers from breaking out of a system before you’ve contained the breach and cut off their access, it can help to minimize the damage caused by such breaches.

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Filed Under: Uncategorized

February 5, 2021 By SME, Inc.

What Hackers Love: Home Edition

It’s February so you know what that means, Valentine’s Day is right around the corner. Not only do many of us enjoy this time of the year, hackers do too.

So what exactly do hackers love…?

Hackers Love: Default Credentials for Networks & IoT Devices

One of the easiest ways a hacker can gain access to your network, or devices is through weak password policies. Are you still using the same password that came with the router you bought? Or the Wi-Fi camera system you have set up? Nine times out of ten, these devices that you have purchased and connected to your network are using default usernames and passwords, that are also very easy for a hacker to guess. Whenever you purchase a new device to connect to your home network, always change the default username and password, and use strong passwords! If you need help creating one, use this website to generate a strong password.

Any sort of device that you can find on the market these days that is aimed at convenience and connects to your home network is referred to as IoT, or the Internet of Things. 

https://eclature.com/10-most-popular-iot-devices-in-2020/

For more tips on securing your home network and IoT devices, check out our blog post on how to better secure your home network.

Hackers Love: Password Reuse & Weak Passwords

As mentioned above, hackers love default credentials, so it is imperative to always change those default usernames and passwords to something else that is harder for the hackers to break into. This does not mean you should create usernames or passwords that are easy to guess, or continuously reuse the same password over and over; whether it be for home networks and devices of the online services and apps you use everyday. 

You should get in the habit of creating long, strong passwords that will be very difficult for a hacker to guess, and even in this case, do not reuse the same password for another service. There is nothing easier to do than guess someones password, lookup their email address(es) in https://haveibeenpwned.com/ ,use some OSINT (Open Source Intelligence) and a little bit of Social Engineering , or run a brute force attack to guess what their password(s) might be.

To become more efficient and aid in convenience, use a password manager like LastPass, or BitWarden. A password manager makes it easier for you to manage all of the passwords you use for your online accounts and even offline accounts. Better yet, many of these services are free. Here’s a list of some of the most highly rated password managers.

Hackers Love: People Who Click Stuff

One of the most common causes of data breaches or malware infections is from unwitting people who click stuff that they’re unsure of. More commonly referred to as phishing, and still remains at the top of the list for a hackers tool kit. The increase in frequency and sophistication only drives hackers to use phishing schemes more and more against their targets. As long as people are unknowingly clicking on malicious links, or attachments, or downloads, this trend will continue. 

In order to better familiarize yourself with phishing and to increase your own cyber hygiene, check out our blog posts.

Simple Steps to Securing Yourself Online

Phishing

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Filed Under: Uncategorized

January 28, 2021 By SME, Inc.

Data Privacy Day 2021

Privacy is important, it’s why people lock the doors to their cars, or their houses at night, install home security systems on their homes, or even take out a lock box at a bank. So why should privacy of one’s data be treated any differently? as more and more  of our personal data becomes stored online,, and we share more information online, data privacy is becoming more important than ever before.

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

Hundreds of millions of people are completely unaware of and uninformed about how their personal information and private data is being used, stored, or shared in our online society. Data Privacy Day aims to inspire communication and empower individuals and organizations to take action in order to better protect themselves and their personal data online. The US, Canada, and dozens of countries across Europe recognize January 28th as international Data Privacy Day. These countries have united in an effort to empower individuals and organizations to respect privacy, safeguard data and enable trust world wide.

Data privacy relates to how data, or personal information about each of us should be handled based on its relative importance. But what does relative importance mean? An example of this is like telling someone you just met your name, or giving them your phone number. However, you wouldn’t tell a stranger or most people for that matter your  Social Security Number, or tell anyone the pin to your ATM card; information of that level of importance you want to keep protected right?

This goes with data privacy online as well!

In the digital age, information and data is everything. It’s how many major businesses make millions or billions each year. By obtaining and selling information or data about each and every one of us! We typically think of data privacy as critical personal information, otherwise known as Personally Identifiable Information (PII), or Personal Health Information (PHI). Information like our Social Security Number, health and medical records, financial data, including bank account, debit and credit card numbers. 

However, the most basic of information still can be considered sensitive,like our full names, addresses and birthdates. This type of information can be used in social engineering or phishing against unwitting users.

One final recommendation to help you keep your online and personal data private is to regularly assess and update the privacy settings on your social media accounts. If you don’t, you may be sharing a lot more than just your name with complete strangers and even potential cyber-criminals — a clever enough cyber-criminal could use that information to steal your identity or a lot more.

Here at SME Inc, our goal is to make IT easier, this includes assisting you in protecting your privacy online. We provide both Security Awareness Training, Phishing simulations, and several other Compliance Solutions. To find out more about these services or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net

Filed Under: Uncategorized

January 25, 2021 By SME, Inc.

SME is now a Designated RPO through the CMMC Accreditation Body

RPOs in the CMMC ecosystem provide pre-assessment advice, consulting services, and recommendations to government contractors and other organizations. RPOs are essentially the “facilitators” and consultants to advise DoD suppliers on how to prepare for a successful CMMC assessment, but do not actually conduct Certified Assessments**. 

SME’s team of cybersecurity experts will work with you to prepare and navigate CMMC and work with you to maintain your maturity levels.

As a CMMC-AB designated Registered Provider Organization (RPO), and staffed with Registered Practitioners (RP) that are trained in CMMC methodology, our engineers will develop your Compliance Action Plan and ensure a seamless execution of your CMMC controls and work with you to achieve CMMC compliance.

The engineers at Systems Management Enterprises, Inc. (SME, Inc.) are specialists in evaluating, identifying and achieving the security required to meet maturity level requirements by the Department of Defense (DoD). In hiring SME’s RPO services, you will have the peace of mind in knowing that we have the training required to understand what it means to be CMMC compliant and how to help you get there.

To find out more about our RPO services visit, https://cmmc.smeinc.net,  or if you have any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net

**RPOs are not authorized to conduct a certified assessment.

Filed Under: Uncategorized

January 13, 2021 By SME, Inc.

What is Security Awareness Training, and Why You Should Be Doing It…

You Are The Weakest Link

Security Awareness Training Educates and Empowers Your Employees

No one can guarantee 100%, full-proof cyber protection. Today’s hackers are clever and have devised very sophisticated malware that can leave victims completely devastated in the blink of an eye. Recent reporting and studies show that 90% of all data breaches were caused by human error. What this means is that ultimately, security is a people problem; the average, every day employee is the weakest link in the organizational change. 

Any one of us can be a key target for cybercrime and attacks are continuing to increase in size, sophistication and cost. This is why Security Awareness Training is so important; but what exactly is it?

One of the newest buzz word filled phrases that is getting tossed around corporate environments, and executive meetings is Security Awareness Training. Described in broad terms, is the process of providing formal cybersecurity education to your employees about a variety of information security threats to ensure they can follow organizational practices and policies in order to better leverage and be an active part in the overall security of the organization. 

Having employees that are cybersecurity conscious doesn’t only benefit your employees at the workplace, they will take what they have learned home with them and apply it to their daily lives as well.

Security Awareness Training can protect assets and prevent downtime

Security Awareness Training helps prevent breaches and attacks

Data breaches can be devastating for organizations small and large, with recent breaches costing the victimized organizations into the billions of dollars. This is why data breaches should be the first thing that comes to mind whenever you’re thinking about Security Awareness Training. In comparison to the potential cost of a breach, Security Awareness Training is inexpensive and should not be given a second thought on whether or not its ROI is viable.

Increase Security Posture of the Company

Security Awareness Training programs try to put emphasis on the value of a secure culture and will measure its score right from the beginning. This is then stored as the baseline before the awareness training is started and assessed over time as the company matures in creating a more secure culture.

Security professionals will then continuously monitor the parameters of your security culture through advanced awareness training platforms and develop and nurture a culture of security within the organization.

Compliance and Regulatory Requirements

Oftentimes, organizations must comply with certain industry regulations or frameworks such as CMMC, ALTA Best Practices, PCI , HIPAA, Sarbanes-Oxley, NIST, or ISO and can be expected to deliver security awareness training to their employees once or perhaps twice a year. Even though Security Awareness Training may not be needed by small and medium enterprises/organizations for compliance reasons, they can also benefit from training their employees to avoid phishing attacks, account takeovers, or other well-known means that cybercriminals use.

Allows You To Build Out More Robust Defenses

Investing in Security Awareness Training allows you to build more robust defenses against costly breaches. These higher end technological defenses require input from people, and setting your employees on a path towards being more security aware is the only way to go.

From here, they will know when to turn your firewalls on, understand and acknowledge security warnings, update software and apply patches on time thus creating more security conscious, robust defenses.

Another angle that makes this a critical necessity is the fact that today’s hackers don’t approach their attacks through technological means but rather use people through social engineering or phishing, which is often considered an easy way into a protected network.

Investing in Security Awareness Training can also help you gain more customers. If you have not included cybersecurity precautions into your RFP process, you are not going to be considered by IT-decision makers or high-profile contracts. Customers will feel more confident if they are going to be dealing with people who are well informed and trained in cybersecurity standards and practices. 

Security Awareness Training Makes Us More Socially Responsible

Cyber attack campaigns like those that used the WannaCry and NotPetya malware are clear examples to go by because these pieces of malware spread and very shocking speeds. Once a network is infected, malware can spread within seconds.

Organizations with little to no security awareness training can put the rest of the organizations that are connected to them at risk of possible infection, provided that your customers, suppliers, or others are connected to your network. Investing in Security Awareness Training benefits not only you, but everyone else you’re connected to.

** Please note that Security Awareness Training is not a one off operation, it is an ongoing effort. As the threat landscape and hackers TTP’s  continues to change and evolve, as does the need to properly train and educate your employees continuously.

Here at SME Inc, we provide both Security Awareness Training, as well as Phishing simulations, to find out more about these services or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net

Filed Under: Uncategorized

December 31, 2020 By SME, Inc.

Happy New Year!

Stay tuned to our blog in the upcoming 2021 year for more cybersecurity and tech related new & content! From all of us here at SME Inc, we hope that everyone had a safe and Happy Holiday and continue to have a Happy New Year!

Filed Under: Uncategorized

December 23, 2020 By SME, Inc.

Cybersecurity Tips for the Holidays

Tis the season! The Holidays are upon us, now more than ever many of us have opted for online shopping instead of standing in line for that Wi-Fi connected slow cooker that you just can’t live without. Even though this holiday season is much different than any prior to it, there is one constant that we all need to keep in mind and be cognizant of; and that is the personal security for ourselves while shopping online. Even though a large majority of us have had to adjust or cancel our traditional holiday activities amid the pandemic, online scammers, identity thieves, and hackers have not, and are at the ready to take full advantage of the huge boom in e-commerce activity as people are trying to get their last minute shopping done.

Fortunately, here at SME our motto is to Simply Make IT Easier! So with that, we’re going to provide some helpful tips on how to keep yourself safe online during the holiday season.

Examine Your Email and Text Messages Carefully

Review all emails and SMS messages closely, especially those that are coming from name brand retailers offering hard to beat deals or promotional offers. 

  • Never open an attachment or link in the email or text message. Instead go to the company’s website and look for the promotion there. If the sale is as good as the email says, it will be posted on their website.
  • Check the email or SMS for spelling/grammatical errors.

Check Out The Link!

To further reiterate on this tip, hover over the link in the email but do not click it, if the URL for the link looks phishy, then it probably is!

Only Shop On Sites You Know

Not all of the online retailers we come across on the web are trustworthy. This is why it is extremely important that you only shop at sites that you know, such as the official stores for brick & mortar retailers like Target or Walmart.

Hackers are known to send out fake holiday e-gift cards with malicious links to steal personal information, or they will post fake promotions for items at a significantly lower price. Always be sure to research to make sure it is a safe site before purchasing anything.

Shop Securely

Only purchase from online stores that are secure. Be sure to check and make sure that the website you’re wanting to shop on uses HTTPS/SSL encryption. To do this, look in the browsers address bar, two ways to identify a secure connection is if the URL says https:// , or if there is a lock/shield icon in the left or right of the address bar.

Do Not Use a Debit Card for Purchases

When it comes to practicing your own DIY cybersecurity, opt for using a form of payment other than your bank linked debit card. If a hacker is able to steal your debit card information, they can wipe out any account that may be linked to that card. Instead choose a payment method like a credit card, or a 3rd-party payment system like PayPal, Venmo, or CashApp. Most major credit card companies offer zero-liability protection to customers, and using payment systems like PayPal, or Venmo are also more suitable than using a debit card as the online store never actually receives your card information.

Lockdown Your Logins & Diversify Passwords

You’re probably tired of hearing this, but you should be creating and using long and unique passwords/passphrases as well as using some form of multi-factor authentication to further secure your online accounts. Many online stores/apps offer the ability to integrate directly into the bio-metric authentication methods (facial recognition, fingerprint scanning) via our mobile devices, and some opt for a one-time pass code that is sent directly to your mobile device. This provides one extra step of security that will aid in preventing your account from being compromised.

Monitor Online Accounts & Statements

Another easy and often overlooked way of keeping yourself secure, not only during the holiday season but any time of the year; keep tabs on your banking and credit card statements. Check your online financial accounts, or any paper statements you may receive in the mail for any discrepancies, if you notice that purchases have been made but you didn’t make them, contact your credit card or the 3rd-party payment system you used immediately. 

You can also take advantage of text and email based alerts that many banks, credit card companies, and 3rd-party payment systems offer.

Always Be Skeptical, and Avoid Phishy Behavior

Use common sense when shopping online! As you’re probably tired of hearing, if the deal seems too good to be true, then it probably is! If you think an email looks a little phishy, then it is most likely a scam.

Unfortunately enough, charity donation scams are also a serious issue during the holidays. Online criminals know that many people regard the holidays as a time of giving and wanting to spread joy to others, and will attempt to take advantage of this generosity by making fake charity donation requests. 

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Have a Safe Holiday and a Happy New Year!

Filed Under: Uncategorized

December 16, 2020 By SME, Inc.

Cybersecurity Tips for the Holidays

Tis the season! The Holidays are upon us, now more than ever many of us have opted for online shopping instead of standing in line for that Wi-Fi connected slow cooker that you just can’t live without. Even though this holiday season is much different than any prior to it, there is one constant that we all need to keep in mind and be cognizant of; and that is the personal security for ourselves while shopping online. Even though a large majority of us have had to adjust or cancel our traditional holiday activities amid the pandemic, online scammers, identity thieves, and hackers have not, and are at the ready to take full advantage of the huge boom in e-commerce activity as people are trying to get their last minute shopping done.

Fortunately, here at SME our motto is to Simply Make IT Easier! So with that, we’re going to provide some helpful tips on how to keep yourself safe online during the holiday season.

Examine Your Email and Text Messages Carefully

Review all emails and SMS messages closely, especially those that are coming from name brand retailers offering hard to beat deals or promotional offers. 

  • Never open an attachment or link in the email or text message. Instead go to the company’s website and look for the promotion there. If the sale is as good as the email says, it will be posted on their website.
  • Check the email or SMS for spelling/grammatical errors.

Check Out The Link!

To further reiterate on this tip, hover over the link in the email but do not click it, if the URL for the link looks phishy, then it probably is!

Only Shop On Sites You Know

Not all of the online retailers we come across on the web are trustworthy. This is why it is extremely important that you only shop at sites that you know, such as the official stores for brick & mortar retailers like Target or Walmart.

Hackers are known to send out fake holiday e-gift cards with malicious links to steal personal information, or they will post fake promotions for items at a significantly lower price. Always be sure to research to make sure it is a safe site before purchasing anything.

Shop Securely

Only purchase from online stores that are secure. Be sure to check and make sure that the website you’re wanting to shop on uses HTTPS/SSL encryption. To do this, look in the browsers address bar, two ways to identify a secure connection is if the URL says https:// , or if there is a lock/shield icon in the left or right of the address bar.

Do Not Use a Debit Card for Purchases

When it comes to practicing your own DIY cybersecurity, opt for using a form of payment other than your bank linked debit card. If a hacker is able to steal your debit card information, they can wipe out any account that may be linked to that card. Instead choose a payment method like a credit card, or a 3rd-party payment system like PayPal, Venmo, or CashApp. Most major credit card companies offer zero-liability protection to customers, and using payment systems like PayPal, or Venmo are also more suitable than using a debit card as the online store never actually receives your card information.

Lockdown Your Logins & Diversify Passwords

You’re probably tired of hearing this, but you should be creating and using long and unique passwords/passphrases as well as using some form of multi-factor authentication to further secure your online accounts. Many online stores/apps offer the ability to integrate directly into the bio-metric authentication methods (facial recognition, fingerprint scanning) via our mobile devices, and some opt for a one-time pass code that is sent directly to your mobile device. This provides one extra step of security that will aid in preventing your account from being compromised.

Monitor Online Accounts & Statements

Another easy and often overlooked way of keeping yourself secure, not only during the holiday season but any time of the year; keep tabs on your banking and credit card statements. Check your online financial accounts, or any paper statements you may receive in the mail for any discrepancies, if you notice that purchases have been made but you didn’t make them, contact your credit card or the 3rd-party payment system you used immediately. 

You can also take advantage of text and email based alerts that many banks, credit card companies, and 3rd-party payment systems offer.

Always Be Skeptical, and Avoid Phishy Behavior

Use common sense when shopping online! As you’re probably tired of hearing, if the deal seems too good to be true, then it probably is! If you think an email looks a little phishy, then it is most likely a scam.

Unfortunately enough, charity donation scams are also a serious issue during the holidays. Online criminals know that many people regard the holidays as a time of giving and wanting to spread joy to others, and will attempt to take advantage of this generosity by making fake charity donation requests. 

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Have a Safe Holiday and a Happy New Year!

Filed Under: Uncategorized

December 7, 2020 By SME, Inc.

5 Basic Tips to Securing Your Home Network

As 2020 is dwindling down to its eventual close, this year has put many of us at wits end trying to conform to the new normal (for the time being). One of the more difficult situations that many people have dealt with throughout this entire ordeal is access to reliable internet. Now more than ever, people are reliant on having access to the internet at their homes, whether they are working from home, or attending school virtually.

As more and more people are getting online, and just as many devices are being connected to home Wi-Fi’s, a large majority of these people are not taking the necessary steps and measures to ensure that they are properly protecting themselves, and their devices from hackers. 

Recently, from the Xfinity Cyber Health Report from Comcast which combines data from a consumer survey collected by the xFi Advanced Security platform says that internet users vastly underestimate how often home networks are targeted by cyber threats. Comcast reports that xFi Advanced Security has blocked nearly six billion active threats – representing an average of about 104 cybersecurity threats per home per month.

Large corporate networks have their own IT teams or even IT security teams to protect them against attacks. Thankfully, you don’t need your own security expert to secure your network at home. With just a few simple tips, most potential attacks can be prevented.

Change The Default Password & Use a Strong Password

Without a doubt, the first and foremost thing we all should do when setting up a network router, or access point is to change the default password. These default passwords can be easily found online, and it is not uncommon for manufacturers to use the same password across multiple products that they sell. To add salt to the wound of manufacturers reusing passwords, clever hackers have compiled numerous password lists and rainbow tables of these different default passwords. 

To alleviate this issue, and to further add to the overall security posture of your home network, you should use an extremely strong password. To make this easy on yourself, there are several websites that offer the service of generating a random strong password for you.

Change the Default Wi-Fi Name

You have most likely looked at the available wireless networks around you when connecting to an open one at Starbucks or the local coffee shop. The infamous FBI Surveillance Van, Nacho Wi-Fi, or The LAN Before Time are just a few of the most popular Wi-Fi names of 2020. The technical term for the Wi-Fi name is the SSID (Service Set Identifier). Changing this to something punny, and quirky may seem like a good way to get a laugh out of people but we’ll get to why you shouldn’t do that next. Instead, you should change the SSID to something that you can easily remember yourself.

Disable Network SSID Broadcasting

To double back on the previous tip, it is suggested that you disable your network from broadcasting its SSID, in layman’s terms; hide the network from showing up as nearby networks. If you block your network from broadcasting its SSID, your Wi-Fi becomes a hidden network. Devices that already have connection data stored will still be able to connect, but others won’t see it. In many cases, the network list that others see will include a line that says “Hidden network.” Without knowing the name of the network, it is impossible to connect to it.

Enable Wi-Fi Encryption

It should go without saying that we all should be using a strong encryption standard on our home networks. Most Wi-Fi routers and access points come with three different encryption standards, WEP, WPA, and WPA2, with WPA2 being the most secure of the three. When choosing your network’s level of security, it is recommended to go for WPA2, if available, or WPA as these levels are more secure than WEP. We should also note that one (with barely any hacking skills) can crack into a WEP encrypted network in less than 60 seconds.

Always Keep Firmware Updated

Wireless router and access point firmware, like any other software, can contain flaws or vulnerabilities that can cause major issues unless they are fixed by firmware updates from the manufacturer. Always install the latest firmware available on the system and download the latest security patches to ensure no security hole or breach is left open.

These steps are simple to learn, and when properly followed, can ensure that your home network will be even more secure than it is now. 

Since Christmas is right around the corner, and this is the season of giving, I’m going to provide one more extremely helpful tip that most people never even think of doing.

If you’re going on a trip, and are going to be away from your house for a few days or weeks, turn off your Wi-Fi.

Filed Under: Uncategorized

  • « Previous Page
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next Page »

Contact Us

    Your Name

    Your Email

    Subject

    Your Message

    Recent Post

    Government contractors play a critical role in supporting various agencies and handling sensitive information. To … More »

    What Our Clients Say

    "SME handles all of our internet hosting needs, providing a reliable, high-performance, secure and cost-effective platform for us to host web-based systems for biotech companies. We have been consistently impressed with the responsive, knowledgeable and professional service we receive."

    Simply Making IT Easier!TM
    Local: 703-378-4110
    Toll Free: 855-2-SMEINC
    Email: info [at] smeinc.net

    Copyright © 2023 · Systems Management Enterprises, Inc. · Privacy Policy · Terms of Service