Wednesday, June 26, 2019

Survey Shows Employees Would Compromise Company Data


A recent report published by nCipher confirms what many business owners have known for a long time.  Their employees are the weakest link when it comes to data security.

The nCipher report, however, adds a disturbing exclamation point to the data with a few details you're likely to find shocking.

First, fully 71 percent of C-Suite employees surveyed in the UK would knowingly and willingly cover up a data breach if doing so meant escaping the fines associated with it.  This, contrasted with just 57 percent of managers and directions.  The latter number is still distressingly high, but nothing compared with the C-suite.

Second, don't make the mistake of thinking that it's just the people you have installed in the corner office that are willing to put your business at risk. A disappointing 25 percent of office employees indicated that they'd be willing to sell corporate information for as little as £1000, with 5 percent of office employees saying that they'd simply give it away for free.  10 percent said they'd need at least £250 to make it worth their while.

Dan Turner, the CEO of Deep Secure, had this to say on reading the report:

"The cost of employee loyalty is staggeringly low.  With nearly half of all office workers admitting they would sell their company's and clients' most sensitive and valuable information, the business risk is not only undisputable, but immense in the age of GDPR and where customers no longer tolerate data breaches.

Given the prevalent use of digital and cyber tactics to exfiltrate this information, it's critical that businesses invest in a security posture that will help them both detect and prevent company information from leaving the network."

Wise words indeed. Unfortunately, given the realities above, that means keeping a closer eye on your own people.

You may be thinking this could never happen at your company. However, many times employees unintentionally compromise company data. Phishing attacks are buried in emails that “look” official.  An inexperienced employee is ask for information that opens the door to your data. SpartanTec, Inc. can train your employees on what to look for and how to avoid data breaches. Call us today to schedule a consult. 

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer







Friday, June 21, 2019

What You Need To Know About Managed IT Services

The term used to relate to IT support is referred to as managed IT services and every day, an increasing number of businesses are using it. However, what does it really mean and how can you tell if an IT support company isn’t only using the word as a tool for marketing, but is really providing flat rate services that are presented as managed services.

Managed IT servicesGreenville lets businesses to offload IT tasks to a service provider, referred to as managed services provider, which takes on the responsibility to monitor, manage, and solve problems related to the IT systems of a business round the clock.

History of Managed IT Services

Managed services started with break fix services. The firms that helped service small networks before have been hamstrung by the insufficiency of tools to fix the problem. The networks they service developed as basic systems, typically made by a self-taught network amateur turned professional. The maintenance was break fix only, which means if something is broken, the company calls and they come running to repair it, hopefully.

As time went by, the people who provided this support came up with programs and procedures to visit the site regularly to perform a system review of the user information and logs searching for indications of issues well before they turn into big problems. In some instances, a complex checklist was utilized to monitor processor usage, disk usage, and more.

The issue was that the support people can only see what was taking place on that specific day. In case something happened later on, they will never know about it unless the customer calls and informs them about it.

Backup Issues and other Errors Continue To Happen

The professional test of the back up unit was on the visit, which often resulted in at least a few days of missed backups. The unit was prone to other human mistakes when the on site tech support, trying to be as accommodating as possible, would handle the end user symptoms and won’t have time to deal with the real issues. This resulted to a constant battle for the support people as they tried to persuade customers that they were just causing themselves more dangerous issues later on by not being proactive.

It Paved The Way For Fortune 500 Companies As Well As Their Huge Networks

Meanwhile, the software and hardware vendors have added new and better methods for the systems to signal issues as soon as possible. Simple Network Management Protocol had started to be developed since the 1990s and was being integrated to personal computers. The first systems that can watch these tools and convert all of the data into usable details were complex to manage, were geared only to huge networks, and were prohibitively costly for small firms. In 2005, systems began to mature that led smaller firms to make the most out of the same features and advantages just like the large companies. This triggered the Managed Services movement.

Managed Services Were Finally Made Available For Small and Medium Sized Companies

Today’s managed services software lets provides work towards two primary goals"

1.     All the things on the network that will lead to a user symptom or risk will trigger an alert before or when it occurs, and the managed service provider will be informed about it.
2.     Every alert they obtain is something crucial and requires to be dealt with.
3
      The more closely a managed services provider can get these two objectives, the more perfectly they could accomplish a truly managed service and the more they could get away from “everything becoming an emergency” situation.


SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer


Thursday, June 13, 2019

Malware Focused On Mobile Banking Greatly Increased In 2019


Researchers at Kaspersky Lab have been tracking a disturbing new trend.

In the first quarter of 2019, the company has noted a massive 58 percent increase in modifications of various banking Trojan families that have been used in attacks against more than a quarter of a million users around the world.

This increase is troubling in that it paints a picture of hackers taking much more interest in and developing tools that are specifically designed to target users who access banking services from mobile devices, which is a target rich environment indeed.

The company had this to say about their findings:

"As is customary, first place in the Top 20 for Q1 went to the DangerousObject.Multi.Generic verdict (54.26 percent) which we use for malware detected using cloud technologies.

Cloud technologies are deployed when the antivirus databases lack data for detecting a piece of malware, but the company's cloud already contains information about the object.  This is basically how the latest malicious programs are detected.

The rapid rise of mobile financial malware is a troubling sign, especially since we see how criminals are perfecting their distribution mechanisms.  For example, a recent tendency is to hide the banking Trojan in a dropper - the shell that is supposed to fly to the device under the security radar, releasing the malicious part only upon arrival."

The bottom line is that if you use your mobile device to access banking services of any kind, be aware that you are increasingly seen as a target.  In fact, given the latest findings, you're rapidly becoming the preferred target of a growing body of hackers.

As ever, your best defense is vigilance.  Don't install apps from untrustworthy sources. Before adding any new app to your phone, do some due diligence to minimize your risk of inadvertently installing something not just unwanted, but incredibly dangerous.


SpartanTec, Inc. provides services to protect your company’s data from inadvertent attack caused by employee negligence or lack of understanding on how to handle email and phishing attacks. Call us today for an in-depth analysis of your systems and to assist with training you and your employees on how to be safe in today’s internet world.

SpartanTec, Inc.
Greenville, SC  29601
(864) 326-5914


Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer

Thursday, June 6, 2019

New Security Vulnerabilities Found In Intel Processors

Remember the Spectre and Meltdown CPU vulnerabilities discovered early last year?  Well, hold onto your hat, because they've got company.

Recently, researchers discovered a new class of side-channel vulnerabilities in Intel processors that impact every modern chipset the company makes, including those used in Apple devices.

The new vulnerabilities exploit weaknesses in something called 'speculative execution' which is a core design feature of modern processors. This feature allows them to speculatively execute instructions based on conditions the system has 'learned' are likely to be true.  If those assumptions are proved to be valid, then the execution continues.  If not, it is discarded. The net effect of this design is to increase overall system performance speed, but it also opens up the door for additional risk.

The researchers had this to say about their latest discoveries:

"The new vulnerabilities can be used by motivated hackers to lead privileged information data from an area of the memory that hardware safeguards deem off-limits.  It can be weaponized in highly targeted attacks that would normally require system-wide privileges or deep subversion of the operating system."

Collectively, these new vulnerabilities are being referred to as 'MDS speculative execution' flaws, and have been identified as follows:
  • CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM), part of the RIDL class of attacks.
  • CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS), also part of the RIDL class of attacks.
  • CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS), also called 'Zombieload' or RIDL (Rogue In-Flight Data Load).
  • CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS), also known as a Fallout
Of these, the ZombieLoad attacks seem to be the most worrisome of the lot.  They impact the largest number of chips, encompassing everything Intel has produced from 2011 onwards, but all of these are considered serious security flaws.  Worse, there are no fixes yet, and no word yet on when a fix might be forthcoming.

Safeguard your network and information by working only with the best IT consultants. Call SpartanTec, Inc. now


SpartanTec, Inc.
Greenville, SC 29601
(864) 326-5914
https://spartantec-greenville.business.site/

Cities Served
Greenville, Spartansburg, Mauldin, East Park, Overbrook, West Greenville, Greer