Ferrum Technology Services Blog

If you own an Asus laptop, there is a chance that a recent update could have installed malware, and we are urging anyone who has an Asus device reach out to us to have it looked at.

A new ransomware attack has surfaced, this time mostly targeting IT companies and their clients. The attack is specifically targeting the Kaseya platform. Kaseya is management software that many IT companies use to remotely manage and support technology. The attack in question attacked Kaseya’s supply chain through a vulnerability in its VSA software; this attack is notable because of how it targeted the supply chain, not only striking at the vendor’s clients—notably IT companies—but also their customers. Basically, this attack had a trickle-down effect that is causing widespread chaos for a massive number of businesses.

It’s no secret that passwords have long held center stage when it comes to data security, but if we’re to be honest, a password just isn’t sufficient to protect your business. Don’t get us wrong: passwords remain immensely important, but their role has diminished with the availability of other, more advanced security features. One of these features is something called multi-factor authentication.

Phishing attacks are a major problem that all businesses must be prepared to handle. Sometimes it comes in the form of messages or web pages designed to steal information from your employees, but other times it might come in the form of phone calls asking for IP addresses or network credentials under the guise of your IT department. It’s especially important that your staff members understand how to identify these tricks, and it all starts with phishing training.

A new ransomware threat has surfaced, this time targeting unpatched and end-of-life products in SonicWall’s line of Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products. The threat is currently being exploited in the wild, so if you utilize these devices in your business, it is your responsibility to take action to mitigate damages caused by these ransomware attacks now.

We get more email correspondence than ever. Unfortunately, many of these messages are spam. Some are even worse: Phishing attempts looking to fool you into providing information that can be used to infiltrate your business account or network. This month, we thought we would go over some of the telltale signs that you are dealing with a probable phishing attempt and how to properly manage the loads of spam you get in your inbox each day. 

Data breaches are an unfortunate reality that businesses have to contend with, but small businesses often do not give them the consideration that they deserve. It is critical that you consider security challenges and take these risks seriously. Let’s examine how you can overcome some of the many challenges that small businesses have with cybersecurity.

Countless high-profile ransomware attacks have surfaced over the past several years, all against targets like manufacturers, pipelines, hospitals, and utility companies. Obviously, these attacks are a cause for concern, but some small businesses might make the mistake of thinking themselves too small to target. Unfortunately, this is simply not the case; we’ll help you protect your business from these devastating cyberattacks.

Hackers are a crafty bunch. They will use any and all means to infiltrate businesses, including some that are downright shameful. One of the most devastating ways that hackers make these attempts is through the use of phishing attacks, or attacks where they essentially trick users to click on links in emails or hand over confidential information.

With so many accounts required on an everyday basis, it’s no surprise that people often struggle with passwords and password security. One way that individuals try to manage the countless passwords used on a daily basis while keeping them secure is through the use of password managers. What does a password manager do, and why should you consider implementing one for your business?

The COVID-19 pandemic forced many organizations to transition to online work, a notion that many businesses felt was previously out of the question. This transition came with its fair share of frustrations, but eventually businesses figured out that remote work offered various benefits. That said, one of the biggest issues also manifested, and was in the form of security.

In today’s business environment, where ransomware strikes just as often as just about any other threat out there, you need to take as many precautions as possible so that your organization does not become another victim or statistic. All it takes is looking at reports from various security firms to understand just how important even the most basic of security measures—the password—is toward keeping businesses safe.

It should come as no surprise that cybersecurity is an important consideration for a business, which means it is important that you are aware of how effective your security practices are. Evaluating this is best accomplished by testing your team and their preparedness… but how often should you do so?

Now that Google’s Android Messages application has end-to-end encryption, it might be a good time to discuss the concept of what end-to-end encryption actually is and why it’s important. Let’s take a closer look.

A survey from Splunk and Enterprise Strategy Group indicates that organizations tend to invest a significant amount of their capital into cybersecurity. Even more interesting is that 88 percent of respondents in this survey reported that they would increase these investments, with 35 percent reporting that they will be substantial. What other insights can we glean from this survey?

As is often the case with ransomware attacks, the situation with the Colonial Pipeline hack has grown more complex as more information regarding the attack has been discovered. Here are some of the major developments that you should keep top of mind in the wake of this devastating ransomware attack.

Your organization’s network security is dictated in part by your security solutions, but your employees also play a large role in maintaining it. If you want to make sure that your employees are not inadvertently putting your organization at risk, you need to ensure they are getting the proper security training. Here are a couple of ways you can make security training less like pulling teeth and more engaging for your employees.

Some industries have specific standards that must be met regarding data security and privacy. For healthcare and its related industries, you have HIPAA, the Health Insurance Portability and Accountability Act, which protects the privacy of patient records and requires that organizations maintain them in a specific fashion. To make this a bit easier is HITRUST, the Health Information Trust Alliance. How are these two intertwined and how do they make the privacy regulations in the United States easier to understand?

Unfortunate as it might be, one single solution is not going to eliminate any and all of your cybersecurity woes. That said, there are plenty of ways that you can mitigate the majority of threats and minimize their chances of success. One of the best ways is to construct a culture of cybersecurity awareness within your organization that encompasses all employees, including upper-level management and the C-suite. Here are 11 ways that you can build up an enduring culture of cybersecurity awareness for your business.

The past year has been tough on businesses, if only because of how unpredictable everything has been. As far as network security goes, however, most of the threats that were plaguing companies before the pandemic are the same ones that IT administrators are dealing with today. Curiously, it seems that a week can’t go by without a major data breach. Why is this happening? Simply put, the fundamentals of security management are being neglected. Let’s take a look at three practices that need to be followed in order to keep your organization from being a victim of a scam or cyberattack.