CRC post hacker conference

Posted by on Oct 18, 2017 in CRC IT Posts | 0 comments

James and I attended this year’s Def Con conference which focused on how attackers gain access to your networks and data. We spent three days watching people hack into hardware devices like credit card processing machines as well as hack into regular software like Microsoft Word and Excel…. We even saw hackers gain access into the polling machines used in this last election (took them 90 minutes to get in). We also learned that 90% of major medical facilities are not secure, though by being a CRC client your security options are much better managed and affordable than the major hospitals. Unfortunately, experts in the cybersecurity industry agree that things will get worse before they get better. So, what can you do to protect your network? The answer is educating your employees and locking down your network as much as possible. Here are some examples of how to do that.

 

Educate new employees: We have assisted twice in the last month with infections that hit the server that were due to new employees downloading infected email attachment. You may have drilled in your security policy with your current employees but new employees might be too trusting and open attachments from people they don’t know or afraid to ask the questions. Continue cyber security education in your office meetings and have your employees review and sign your security policy on their first day.

 

Credit card machines: At Def Con we saw a talk on how to hack into a credit card machine. It takes about 15 minutes. Ideally your credit card machine would be on a phone line in your office and put in a safe inaccessible location when it’s not being monitored. If it’s plugged into the internet, it should be segmented from the network. If your practice management requires you to have it attached to your network for integration with your software, extra security controls and policy need to be put in place to be PCI compliant and secure. Contact us at help@crctechs.com for recommendations.

 

Email: Most data breaches continue to start with emails that look unsuspecting. These emails can look like they are from people you may recognize but whose accounts have been compromised by the bad guys. They can come in as a resume for a position you have open but it’s really a Microsoft Word document with a virus imbedded. They can also come from what looks like companies you trust like google asking for your account information for a add-on or to open a “encrypted” email from someone you supposedly know. They also come as fake emails from delivery companies like FedEx and UPS. How do you combat this threat?
– Check non-PHI attachments on virustotal.com. This site will scan attachments with over 40 different virus scanners.
– Call to verify the sender did indeed attach something for you to open. If you weren’t expecting a email with an attachment from a known contact, double check that it’s legit. A phone call is quick… restoring your data form a virus attack is not.
-Use your Spidey senses. If it doesn’t look right, feel free to contact CRC to take a look!

 

Misleading tech support: Fake tech support continues to trick people into letting them onto their computer remotely. They will try to get you to give them your credit card number and install software on your computer. If you have a screen that pops up on your computer telling you your computer is infected and to call a phone number to resolve the issue, contact CRC immediately. We can confirm it’s not a virus and get you back up and going quickly.

 

Feel free to contact CRC if you have any questions on how to further lock down your network. We can schedule a call with you and one of our techs.

 

If it looks odd.. it might very well be.. call us right away and we can help verify its legitimacy