Facet installs and maintains firewalls as part of their managed security solution. Find out why we recommend a HaaS approach to firewalls.
A firewall is the first line of defense against intrusion in your network. Firewalls are a crucial component of your layered security strategy, but they can be a large cost and investment, especially for small businesses. Avoid surprise replacement costs with a Firewall for Life solution from Facet.
Many of our customers have made the switch. Continue reading to see if a Firewall for Life is the right fit for your business!
It’s economical.
Traditional firewall solutions have HIGH upfront costs. While most cybersecurity solutions are software-based, a firewall is a physical hardware device. Hardware always fails eventually, and unpredictably.
This causes big headaches for small and medium sized businesses. In a traditional firewall situation, the customer purchases a new firewall upon the failure of the current device. This is a large, unplanned expense, especially for small companies.
With a Firewall for Life plan, you pay the same amount, every month, for the best firewall for your business. If the firewall fails, we replace it. Every three years, even if your current solution is going strong, we replace your firewall with the newest, most powerful firewall for your business, with no additional cost to you.
Our customers love this plan because it takes some of the guesswork out of IT budgeting. You know the exact number you’re going to pay each month for your firewall.
It provides better protection.
I may not need to stress to you the importance of a good firewall. As the filter for all your network traffic, your firewall is your first defense against every cyber crime, attack, and potential breach that poses as a threat to your company and livelihood. A good firewall is worth its weight in gold.
Facet uses next-generation firewalls (NGFW) to build security-driven networks. They provide higher visibility, consistency, and coordinated end-to-end security policy to ensure optimal user experience.
NGFW also offer automatic dual ISP (internet service provider) switching. NGFW take the hassle out of dual ISP setups by automatically checking connection speeds and switching your network to the most advantageous provider. You no longer have to manually switch over to your second ISP or make a service call when your primary provider is having connection issues.
It creates less work for you.
A NGFW for Life solution from Facet is a fully-managed security device at an affordable price point. Facet maintains and monitors your device, ensuring we are alerted if it stops working or requires repair or replacement.
For IT managers, a HaaS Firewall for Life solution from Facet works with your existing team to ensure that your security is up-to-date and compliant with the latest standards. We offer HaaS firewalls as a standalone product for in-house IT teams or as part of our Managed Security offerings. With one less fire to put out, you can focus on managing your network with Facet as a trusted partner.
For business owners, the Firewall for Life solution means peace of mind. With Facet to manage and maintain your firewall, you have one less fire to put out and more time to focus on growing your business.
Let’s partner together on a NGFW plan that fits your business’s needs. Facet’s security solutions are proven to be an effective barrier that can protect your business from cybersecurity threats. That’s a worthwhile investment for every business.
Contact us today via the contact form below, or call us at (309) 689-3900 (8AM-5PM, Monday-Friday). Check out our blog for more educational resources!
Fear, Lies, and Greed: Blackmail Phishing Scams Play on Embarrassment for Huge Payouts
Why am I getting this email? I didn’t do anything wrong!
A friend of mine recently sent me a screenshot of an email via text. The subject line was a random string of characters, from a sender with a domain ending in “.com.us.”
The sender introduced himself and said he had identified a password she used on the web (the characters in the subject line), and proceeded to threaten “exposing” recordings, photos, and media of illegal acts that she had supposedly committed. Her text followed, “I know this is a scam but how did they get my password?? I use this password everywhere!”
Blackmail scams have become ubiquitous as more passwords are involved in large-scale data breaches and phishing tactics improve. Scammers use lists of breached passwords to frighten and coerce victims into paying large “hush” sums. In typical form, the scammer demanded that she send .1 bitcoin (at the time, around $4,000 USD) to their BTC address or risk “sensitive information being sent to [her] friends and family.”
These emails play on shock value and manufactured feelings of guilt and shame. Often, the emails claim to have a compromising video of you that they threaten to send to your contacts. Sometimes, they claim to have caught you in an illegal act. Sure, you may know they have no such video, but your password in the subject line is enough to raise your blood pressure, and cyber criminals know it!
How do you tell if an extortion email is a phishing scam?
The vast majority of extortion emails are phishing attempts. The scammers don’t have a video of you, and they just got your password from a leaked list that is publicly available on the dark web.
Most extortion emails include one or more of the following elements:
1. Your password (current or past) in the subject line or first sentence of the email.
2. An opening such as, “I know everything about you,” and generally an assertion such as “I now have total control over your computer and webcam, and I’ve seen everything.”
3. An accusation of an embarrassing act caught on camera or photographed, generally explicit in nature.
4. A threat to send the media to friends and family in your contacts.
5. A demand for money, generally in the form of Bitcoin or Ethereum.
6. A sense of urgency, such as a deadline by which you must send the money in order to “delete” the content.
In fact, most of these emails follow the exact same template and formula—a quick Google search will show you some examples.
What should you do when you get a blackmail or extortion email?
So, what should you do when you get an extortion email like this? Stay calm and take the following measures to ensure your privacy and safety. Remember, these emails are becoming more widespread because they are highly effective. High-pressure tactics and embarrassment lead victims to send large amounts of money to prevent the dissemination of videos and photos that never existed at all.
1. Stay calm and assess the situation rationally.
When you receive an email that gets your heartrate up, the first step is to take some deep breaths and stay calm. Remember that you didn’t do anything wrong, and emails like these are sent out by the thousands every day.
2. Do not send money or cryptocurrency to anyone.
Never send money or cryptocurrency to scammers. It will not ensure your privacy nor will it prevent them from contacting you again. Rather, it will embolden them to ask for more money as they know they have you on the line.
3. Change your passwords.
Some blackmail emails use a password that was published during a data breach as the subject line. If you still use this password anywhere, change it immediately, on every site on which you’ve used it. Some password managers will flag sites on which you have used a password involved in a breach, which can be helpful. Use a different password for different sites–it may seem inconvenient, but it’s worth it! If you would like additional peace of mind, Facet offers dark web scans and monitoring which can be used to identify vulnerable passwords.
4. If you have any questions, contact a professional.
We are here to help if you ever receive an extortion or blackmail email. While most scammers are offshore and cannot be prosecuted in the US, we can help you take steps to avoid receiving those emails in the future, such as email filtering services and other cybersecurity safeguards.
You never have to feel uncomfortable about calling us—you can always ask to speak to a specific technician or employee who you trust. We are committed to your privacy and confidentiality.
Email filtration is one step to greater security. At Facet, we advocate the use of a layered security policy at every company. Even if a particularly good phishing or ransomware email makes it through the filter, other services can prevent data breaches and other disasters. The best security builds a fortress around your company and your data.
An important note:
This advice comes with a caveat: if you have reason to believe that you have received an actual blackmail attempt via email, you need to contact the police. Webcam monitoring malware exists, so I don’t want to downplay the possibility, but it is exceedingly rare for “average” people to be targeted and there’s not exactly a pulse on how often that happens. Again, a good cybersecurity protection plan and policies can help prevent such things. Some people cover their webcam with a small piece of tape for peace of mind, and many laptops now come with a physical shield that can be pulled over the camera.
If you have any questions or would like more information on spotting and avoiding blackmail or extortion emails, feel free to give us a call at (309) 689-3900 or fill out our contact form. We have many educational resources available to companies to help train their employees to identify phishing scams and common psychological tactics used in phishing.
How far would you go to protect your company’s data? How about your customers’ data?
Every day, business owners are confronted with this exact question when they become victims of ransomware schemes. According to an industry report by Coveware, the average ransomware payout in the third quarter of 2020 was $233,817 (source). Some are much cheaper, even as low as $60,000, but cyber criminals are smart enough to tailor their ransom amount to the size of the company and how much they think you’ll be able to fork over quickly.
You may choose to negotiate the amount. This is expected—often the total payout can be negotiated down by as much as 20%, but after that point, you’re at the mercy of your captors. If you choose to pay the ransom, you may get your data back, but there is no guarantee (honor among thieves and all that). Studies show that about 60% of people who pay the ransom get all or most of their data back. Others get only a small amount, and some never see it again. Scary! Plus, companies that pay large ransoms encourage hackers to continue to pursue payouts with ransomware. They’re only in the business because it remains profitable for them.
That’s why I have backups, you may be thinking. It’s true; backups can save you from lost data and prevent downtime. Recently, however, the bad actors have upped the stakes for compromised companies: if you don’t pay, they’ll post your data and your clients’ data to dark web marketplaces for sale. As with getting your data back, there is no guarantee that paying the ransom will prevent this in 100% of cases. Some criminal syndicates that run ransomware schemes will immediately post a small amount of data on “bragging rights” websites, anyway. Trust me, you can’t win here.
How to Prevent Email Ransomware Attacks
The best method proven to prevent email-based ransomware attacks is a solid defense strategy. You can often intercept an email ransomware attack at a couple points in the process: you can prevent the email from reaching your inbox, or you can prevent the software from being downloaded.
Spam Filtering
Prevent ransomware emails from reaching your inbox with the help of an email filtering solution. Many emails with ransomware attached are designed to look like they came from an internal source. A good email filter can catch many of these emails before they ever hit your inbox, quarantining them to prevent ransomware and other malware.
Your email may have a “built-in” spam filter, but these filters are not the most accurate when it comes to keeping harmful emails in quarantine. Email filters like those offered by Facet use artificial intelligence (AI) and other tools to successfully identify and block ransomware attempts, even when they come from legitimate-looking sources. These filters go several steps further to prevent access to your system than traditional spam filtering included with email.
Employee Education and Training
I know you’ve been hearing a lot about employee education from us lately. It’s because it’s the single most effective way to prevent a ransomware attack on your system. Email filters work wonders, but no method prevents 100% of attacks. Your team must practice vigilance and awareness to properly avoid ransomware and loss of data.
Facet offers employee education in a few forms. In addition to resources for training that you can conduct yourself, we also offer phishing simulation services. Phishing simulations are a proven way to decrease your cybersecurity risk across your entire company.
Gone Phishing
Phishing simulations involve sending emails that mimic the characteristics of common phishing and ransomware emails. Instead of containing harmful software or truly stealing your credentials, however, the emails direct those who click on the “harmful” link or enter their password into the fake website to training videos and materials to better prepare them to identify future threats.
Check in with Your IT Provider
If you are already a Facet customer, consider a quick check-in to confirm that your security options and services are all up-to-date. Facet has recently hired a dedicated Security Analyst to assess current threats and industry trends, as well as a Customer Advocate to continue in our goal of better serving our customers. You can use the contact form below or call our main phone number to schedule an appointment and review your security options and recommendations.
Consider an In-Depth Audit of Your Security Practices
If you are looking for an even deeper dive, consider a Security Plus Audit. The Security Plus Audit is an intensive evaluation of your company’s cybersecurity stance, including dark web dives and more. This service is an invaluable way to gain insight into your position and get a roadmap to cybersecurity peace of mind.
This month’s recipe is courtesy of Network Technician Brad Strickler. He says this recipe is a favorite that is asked for often at family gatherings.
Snickerdoodle Cheesecake
Ingredients: 1 log sugar cookie dough 3 Tablespoons cinnamon sugar 3 9-oz. blocks cream cheese (softened) 1 cup granulated sugar 1/4 cup sour cream 3 large eggs 2 teaspoons vanilla extract 1/4 teaspoon ground cinnamon pinch of salt
Directions:
1. Preheat oven to 350 degrees and grease an 8″ springform pan. 2. In a large bowl, combine cookie dough annd cinnamon sugar, mix until evenly incorporated. Press half of the dough into the bottom of the springform pan (Leftover dough can be baked as cookies). 3. In another large bowl, beat cream cheese until smooth. Add sugar and sour cream and beat until light and fluffy. Add the eggs one at a time, beating well between each addition. Stir in vanilla, cinnamon and salt. Pour batter over the cookie dough crust. 4. Bake until slightly jiggly in the center, about 1 hour. Turn off the oven and open the door slightly and let the cheesecake cool for 1 hour. Then refrigerate until completely cooled, from 4 hours to overnight. 5. Roll remaining dough into small balls then flatten slightly on a baking sheet. Bake until starting to turn golden around the edges, about 10 minutes. Let cool on a cooling rack. 6. Before serving, sprinkle top of cheesecake with extra cinnamon sugar. Garnish with snickerdoodle cookies (or snack on the cookies separately).
IT security experts will often tell you that employees are the greatest security vulnerability in any company. We warn of social engineering emails and phone calls, reused passwords, work emails used on personal accounts, and dozens of other behaviors that can put your business at risk for breaches and hacks.
According to a cybersecurity report by Kaspersky in 2019, 90% of data breaches occur due to human error. Other sources cite “employee negligence” as a top cause of data breach. Negligence is its own issue, but it’s important to take responsibility as an employer for proper training that could prevent a data breach.
Employee education can save your company millions of dollars. Consider employee education and training the cheapest form of IT security available to companies of any size. Be sure to also take into account the potential costs of data loss—how much would you lose in time and resources in the event of a breach?
Instead of thinking of employees as a liability, consider your team to be a great untapped asset for network security. These five easy behaviors can make a huge difference in your security!
1. Lock your computer when you step away: We may trust our coworkers with our PC, but there are security risks involved when you leave your computer unattended and open. When you walk away from your computer, take a second to press Windows Key + L to lock your screen and protect any sensitive data.
2. Avoid flash drives, especially “found” flash drives: Flash drives are useful, but they can easily be loaded with malicious programs or used to steal data. One of the oldest forms of social engineering involves dropping a flash drive in a parking lot and waiting for an employee to pick it up, thinking it simply a lost flash drive, and put it in a computer to see who it belongs to (or to snoop around). It can then install software on the employee’s computer, sometimes without the employee ever knowing. If it’s not your personal flash drive, avoid putting it in your computer.
3. Don’t let just anyone into your server area: Be careful who you allow to get access to your server. Sometimes people will pose as IT providers to get physical access to your server. If you did not have a scheduled appointment and don’t recognize someone who says they’re from Facet, you can always call us to see if we sent someone out to your location.
4. Verify email senders before clicking links: Always check the “from” field in any email you get before clicking on a link. Many scams involve fake links (and “from” addresses that are spoofed) to get your login information. If you get a password reset email or other account notice unexpectedly, go directly to the site in question via a browser rather than clicking the link in the email. These couple seconds can save you a lot of trouble!
5. Develop a healthy sense of skepticism: The most important thing to teach your team is to treat most online and phone interactions with a healthy sense of skepticism. This means taking that extra few seconds to really think about something before pulling the trigger, and not letting a sense of urgency take over. For example, if you get an email with an offer, take a little extra time to verify that it’s a legitimate offer from a real, reputable company.
Employee training may take time, but the practice can save your business thousands in the long-term. For more information, or to request on-site employee training, contact Facet today. We offer a variety of training, including phishing email simulations, training videos, and printed materials.
This month’s recipe is from Facet’s Accounting Clerk, Tammy McBride! Tammy says this recipe is a favorite at parties and gatherings and is great if you love Snickers bars and apples.
Ingredients:
6 small apples, cored and chopped (Tammy uses Granny Smith apples with the peels left on)
6 (1.86-ounce) Snickers Bars, cut into bite-sized pieces
1 (5.1-ounce) box instant vanilla pudding mix
1/2 cup milk
1 (12-ounce) container Cool Whip
1 cup marshmallows, optional
1/2 cup caramel sauce
Instructions:
Whisk together pudding mix and milk in a large bowl. Fold in Cool Whip.
Fold in apples, chopped Snickers, and marshmallows.
