Email Security Tips

In this line of business there’s always something new; a new product, a new service, a new technology. One of the few things however that hasn’t changed is spam emails.

There was a bit of a golden age of email, that ended about two years ago. It was after the terrible period when email was so riddled with spam and malicious links that the only effective way to combat it was to to simply block or ignore all email from anyone you’ve never previously received email from. Effectively creating your own personal list of allowed senders.

Then our email providers got smarter, spam filters got better and spam for the most part became much less of a hassle as our email providers were quietly delivering the emails that it knew we didn’t want to our Junk or Spam folders.

Then came Phishing.

Truthfully the war between those trying to protect our digital lives and those trying to exploit it never ended. It’s a perennial cat-and-mouse game, a see-saw which will inevitably move the balance of power back and forth over time. We are currently in a time where that power has unarguably shifted out of our favor.

Phishing emails, or worse yet, Spear-Phishing emails are those that specifically target you or users like you, and attempt to trick you into divulging sensitive information or directly extract money for the benefit of the bad-actor. They’re more prevalent today than ever and there’s no easy way to prevent them. There are some things you can, and absolutely should do to protect yourself (and others) from these emails.

1. Enable Multi-Factor Authentication

Whatever service you use for email, it should give you the option to enable multi-factor (sometimes referred to as two-step) authentication. The most popular providers do (Gmail, Outlook.com, Yahoo, AOL), if your provider doesn’t you should very seriously consider changing providers.

Multi-Factor Authentication or MFA is a security feature that asks for not only a password to access your account but also some other piece of information that only you should have. Typically this is a code sent you during the login process.

For reasons beyond the scope of the blog post you should avoid using the SMS option and always choose using an authentication app if given the option.

2. Pay Attention

The reason spam and phishing emails continue to be sent is because they continue to be effective. People click on them and type in their passwords. The best thing you can do is be suspicious. Don’t trust the name displayed in the “from” field, check the email address itself. If the email is asking you to take some action verify it with the requester first with a quick phone call. If the email is asking you to update a password don’t click the link in the email, go to the website yourself in another tab. A good rule is to not click on links inside emails and don’t download attachments from people your don’t know and are not expecting.

3. Use an Email Security Service

We’re back to the days when typically the email service you’re using isn’t going to be sophisticated enough to protect your from spam and phishing emails. There are companies that have the ability to detect spam and phishing emails, warn you of the potential danger and in some cases remove the email even before it hits your inbox.

Another feature some of these services often include is training for users. They can send fake spam and phishing emails so that users learn to be more discerning, and provide training for users who fall prey. They also can provide reports so you know which users may need additional mandatory email security training.

These services are only available for businesses and typically incur an additional charge per user per month but they are well worth the time and frustration they save.


Worried about email security at your company or organization? Give us a call and let’s work on a solution together.

Cryptojacking: Hackers Don’t Always Want Your Data

Among the various cyberthreats that currently exist, there is an increase in the number of systems that are being hacked for the purpose of cryptomining.  Cryptomining, also known as cryptojacking, which is the illicit  mining of bitcoin and other cryptocurrencies using compromised systems is rapidly replacing ransomware as the exploit of choice. Hackers are exploiting systems in order to use that computer processing power, storage, and memory to earn cryptocurrency by running programs that mine cryptocurrencies.

The cryptojackers can access your systems through all the standard means of breaking into vulnerable systems that don’t have appropriate security updates. Even network devices like your home router, cellphones, and internet of things devices (like Amazon Echo and Google Home; or a smart fridge or tv) can be susceptible to being exploited. And in the process, they can run up your electricity bill.

You may not know that you’ve been hacked, other than system performance slowdowns (when noticeable) and higher electric bills. The usual ransom notes, or markers of stolen passwords or credit card numbers are not present, because they are not necessarily trying to access your personal data. Moreover these hackers try to avoid detection for as long as possible to increase their potential earnings.

While the primary purpose of the hack is not to steal your data, you still face a threat if someone has compromised your network to perform cryptocurrency mining. It still represents a breach of security and the hackers can at any point maliciously target your data or systems. Additionally, the stealing of your computing resources could adversely affect the operations of your systems, and thus your business.

To limit your exposure to cryptocurrency mining hacks, keep your servers and computer systems up to date. Penetration testing can identify any vulnerabilities in web-based custom applications that you use. As a managed services provider and Miami IT consultants, we keep clients’ systems safe and design solutions that protect the systems and data of businesses. Call us for cybersecurity assessments.

CryptoLocker Malware

What you need to know to keep your computer secure.

As technology and computer’s advance, so do the viruses, trojans, and malware that plague your operating systems. Perpetual updates to anti-virus programs, malware scanners, and firewalls usually keep up with these nefarious activities, but one such malware has proven to be resistant to security updates. The now infamous CryptoLocker is a ransomware trojan which targets computers using Microsoft Windows. The malware appeared in September of 2013.

A CryptoLocker infection can be acquired from various sources. The most common is from an email attachment. When a computer is infected and CryptoLocker is initiated, the malware encrypts files stored on your PC’s local, mounted, and even networked drives. Your files are encrypted by using an RSA public-key cryptography, which means that the key to access your files is stored on the CryptoLocker’s server. Visit bitcoin code German to see how it operates. When your computer is infected, a message will appear offering you the ability to decrypt your data with a payment through BitCoins or other types of coins and cryptocurrency (find more information at https://ethereumcodebot.com/). Additionally, you must pay the ransom by a deadline or risk losing the deletion of the private key and therefore losing access to your private files. If the deadline is missed, CryptoLocker offers to decrypt the data for a much higher ransom.

Here’s what you need to know:

– Always avoid email attachments from unknown senders.
– Back up your PC files consistently.
– Avoid storing passwords, sensitive financial data or other personal information on your computer.
– If CryptoLocker infects your PC, removing the malware itself will not give you access to your encrypted files.
– If your computer is infected, do not try to connect a storage device to recover your back up files.
– Most users report that paying the ransom will allow you to recover your files.
– Consult an IT professional if your computer has been infected with CryptoLocker.

With these general safety tips, most users can avoid common viruses and malware. In the event of a computer or network infection, please call our help desk immediately at 1-888-930-1117.

It’s Time To Say Goodbye To Windows XP

The year was 2001 when Microsoft released Windows XP to the world. Windows XP has been a part of our lives for almost 13 years. The original release of Windows XP was by no means perfect, and it required 3 Service Packs and 5 years before Microsoft built what will most likely go down in history as one of it’s most popular operating systems.

Over the past decade PC’s have moved from high-end equipment to be more comparable to an appliance; you need it, but once you’ve decided which one to purchase, you expect to use it until it breaks. Because of this, they are still millions of people still using Windows XP with no major issues. Now, Microsoft has decided that it’s time for users to move on and they have officially announced that as of April 8, 2014 that Windows XP will be considered ‘end of life’, will no longer be supported and they will no longer release security updates/patches for it.

Broken Windows
Image Credit: Deb Hultgren

Why Should You Care?
Both home and business users should pay special attention to Microsoft discontinuing security updates for Windows XP. No more security updates or patches means that any new vulnerabilities in Windows XP will not be fixed. To put this in perspective, Microsoft releases patches for Windows (XP, Vista, 7, 8) on the second Tuesday of every month and these updates almost always include security fixes for newly discovered issues. This means that there’s a very high chance that by the second Tuesday in May of this year all of your Windows XP machine will be vulnerable to exploitation. This will likely result in your PCs being infected and placing your entire network at risk. Due to the nature of these vulnerabilities its highly unlikely that anti-virus or anti-malware software will offer any protection.

What Can You Do?
Unfortunately there’s no way around it, the Windows XP machines must go, they will pose a significant and serious security threat to your network if they remain in use. If your organization currently has machines running Windows XP you should start purchasing new machines or plan a desktop infrastructure upgrade project with your IT department or provider. This should include replacing all Windows XP machines with newer systems OR upgrading them to at least Windows Vista (although you’d be much better off with Windows 7 or Windows 8). You may also take this as a chance to evaluate your entire IT infrastructure to ensure all of your equipment is current with the latest, updates and current support subscriptions.

If you need assistance in procuring and migrating to new desktops/laptops in your organization, Invizio provides IT support and desktop infrastructure roll-out services. Give us a call today.