Hey there my friends. While much of the world is working from home, guess who else has been working remotely? Cyber criminals. It’s unfortunate, but in this fear-ridden climate,…
Month: March 2020
OMG - Counter Productive Persistence
Hey guys attila here from Cylanda in this quick short on OMG otherwise known as one minute growth ideas for you and your business we’re going to talk about a very fun word two words that I really like it’s called counterproductive persistence counterproductive persistence there you go two words counterproductive persistence is something that we come across all the time is when we keep trying to solve that problem trying to finish that task keep trying to do the same thing over and over and over again and as we know doing the same thing over and over sometimes leads to insanity counterproductive productive persistence is recognizing that you’re stuck in a loop or maybe your co-workers or your team is stuck into it and it’s time to maybe just take a quick moment reset maybe take a minute of silence give yourself a little bit of stepping away from the problem to go back and come back had it stronger with a better perspective and to make better choices so remember counterproductive persistence it’s something that you and your team may be encountering every day and now you know what to do about it and that it really does exist stay safe out there I’m Attila with Cylanda
The Importance of Strengthening Your Cyber Security Culture
A once widely held belief that IT is in charge of all things cyber security is changing across industries. Cyber security culture now must include everyone who has access to data. However, how clear is the understanding of this culture to every department in your organization? A report from ISACA and CMMI Institute found that only 34% of employees know what their role is where cyber security is concerned. This would indicate that the cyber security culture that is supposed to be all-inclusive is not hitting the mark. This is concerning when employees represent the weakest link in a cyber security plan–they leave “doors” open that cyber criminals easily detect. This happens mainly with poor password hygiene and the ease with which employees click on links that contain viruses. All of this can be prevented with a better education campaign.
Changing the Culture While a true culture change within an organization can take years, cyber security culture can’t wait that long. Everyone must share the same beliefs that are inherent in a high-functioning cyber security strategy. This will require commitment to change, which can be among the most difficult aspects of any shift in company culture. The process can be improved by offering a cause and effect scenario, which outlines various situations in which an employee can be the source of a disruption.
Basically, it comes down to accountability. Know Your Role If everyone knows the risks, do they also know what they can do to help? Do they have a distinct definition regarding their role in the strategy to prevent getting hacked? Some organizations have taken to regular “fire drills” where they initiate a staged event and everyone leaps into action. In this case, employees are each tackling their specific task and memorizing the steps they need to take. This will enable them to know exactly what to do if and when something actually does go awry.
Communication Your security team should be a sounding board for potential and current issues. People will make mistakes, and they should be encouraged to openly discuss them with the appropriate people without fear of retribution. Accountability is important, and by establishing a sense of trust, the organization will benefit. An option that could help shift the cyber security culture in your organization is going to a third party for the tools and services that improve safety, reduce risk and help define a more comprehensive strategy. Getting this assistance puts less pressure on your security team, giving them the flexibility to handle on-premise situations that can also lead to better security practices. Contact us today to learn more.
9 website security tips from experts
Here are 9 website security tips that can make a big difference if you take a day to work on them. Statistically, a regular small business website is attacked 44 times per day.
We see a lot of articles about simple 10-step tips on how to improve web security and how to make sure your website is safe from hackers, but sometimes it takes a bit more than good passwords and frequent updates. 
1. Start with password management tools. Every account should have a different password, so an evil-minded attacker can’t access all your accounts when one of them gets compromised.
Let your password manager calculate a strong password for you so that it would be extremely hard to brute force them. And of course – use two-factor authentication wherever you can.
2. Choose a good hosting provider for your website. Sometimes your website can be secure but if the host is targeted and their security is low it can get your website compromised as well.
Try managed hosting providers if you don’t feel confident enough to build a good technical environment for the site. Make sure to read the reviews.
Read more about if you should rely on hosting security here and learn about the dangers of shared hosting here.
3. Avoid running multiple sites on one server. Also, create a separate database for each site instead of using different prefixes. This will help you keep the sites isolated and will save you a lot of money if one of them gets hacked.
4. Back up your website regularly. Some hosting providers do it for you but no matter how secure your website is, there is always room for improvement.
At the end of the day, keeping an off-site backup somewhere is perhaps the best antidote no matter what happens.
5. Separate database from the file server. Experts recommend maintaining separate web servers and database servers for better website security. Though the cost may be prohibitive for small organizations, it does make sense when you have to handle customer credentials and other data.
6. Use HTTPS/TLS to encrypt data. There are more reasons than security in that but keeping your visitors/customers data secure should be your number one priority.
Change the admin username – During WordPress, Joomla or other CMS installation, you should never choose “admin” as the username for your main administrator account. Also, Disallow file-editing inside the CMS.
7. Disable features you don’t use. For example: disable registrations and commenting on your website if you’re not benefiting from them.
Remove all the plugins and themes that are not critical for your website functionality (especially the ones that are disabled or inactive).
8. Always patch regularly. Know what software your website is running, regularly check if there are any new vulnerabilities on any of your software and always update/patch them as soon as possible.
9. Build layers of security around your site. Just as you lock your doors before leaving your house and install antivirus software on your desktop computer before browsing the web, you should also have a security system to serve as your website’s first line of defense against hacking attacks.
We all agree – to achieve success in today’s world it is necessary to maintain an online presence, but it is equally as important to preserve it as well. Nowadays it’s more than important to invest in security.
Dangers of using USB Flash Drives
Malicious USB sticks are leveraged where an attacker needs physical access to a computer.
The first notorious incident was observed back in 2010 when the notorious Stuxnet worm was distributed via USB sticks to launch attacks on the networks of an Iranian facility.
Plugging an unattended USB flash drive to a host system or network is no less than a threat. Such drives can be infected with viruses and ransomware which later can be used to disrupt the operation of a business.
Purpose of using malicious USB sticks
Malicious USB sticks are leveraged where an attacker needs physical access to a computer. The first incident was observed back in 2010 when the notorious Stuxnet worm was distributed via USB sticks to launch attacks on the networks of an Iranian facility.
Other malware that used USB flash drives for propagation include:
The Duqu collection of computer malware.
The Flame modular computer malware.
What can a bad USB stick do?
A malicious device can install a wide range of malware such as backdoors, trojans, and information stealers. They can also install browser hijackers that will redirect a victim to the hacker’s website of choice, which could host more malware, or inject adware, spyware or greyware on target computers.
How to protect systems from malicious USB drives?
Do not plug unknown flash drives into computers that are critical to an organization, This is a social engineering tactic where the attacker relies on the curiosity of people.
Don’t use the same flash drive for home and work computers. This can reduce the risk of cross-contaminating your computers.
Always enable security features such as fingerprint authentication to secure USB drives. This will help protect the device from hackers.
Keep the software on your computer up-to-date as the update includes crucial patches for known vulnerabilities.
OMG - Silence
Hey guys Attila here from Cylanda in this episode of OMG otherwise known as 1-minute growth ideas we’re going to talk about silence. Can you believe that? You know during the workplace it’s like people are uncomfortable with silence you know just being quiet for a moment. Sometimes will give you the answer that you’re looking for, you know you’ve got a lot of problems a lot of people asking you questions want you to do things guess what one minute of silence can save you 20 minutes of hardship, discontentment, arguments, making the wrong choice and so I challenge you today one minute of silence can you do it when everything is going crazy and you’re not sure where to turn one minute silence can help your brain reset. That’s what we’re here to do right preset make better choices and get better maybe today Im Attila with Cylanda Stay Safe
OMG - Eat that frog
Hey guys Atilla here you know most of us me included use something called a calendar to keep track of our days and plan things out ahead of time and you know well a lot of us use these things I do as well some of us still use these things which are these paper calendars if you can believe it right and I use both and there’s something that goes onto my calendar every day and this is something that’s hard to do digitally but very easy to do on paper and that’s called putting your frog onto your calendar it’s really easy right you draw a little frog and then right next to that frog you put the big frog you got to eat that day what that means is what’s that big mean thing that you need to do. do you need to perhaps you know have a sit-down conversation with someone who needs a little bit of your attention and give them some guidance maybe your kid has some problem at school and you need to address that maybe there’s some challenge financially that you need to figure out a solution to right.
These are the kind of problems that we all have to face because there’s a you know we all have similar situations and you know putting that big frog on your counter first means that you know get it out of the way first thing in the morning. If it goes on until the afternoon it can drag on for days or not weeks so getting that frog out of the way is my recommendation to you. What frog do you have today that maybe you didn’t take care of this morning and you know you should and maybe you’re putting it off eating that frog is not my analogy that’s something I think from perhaps zig Ziglar. He was a great you know inspiration to a lot of people who are out there in the business world and hopefully if he got it from somewhere else then he’s given credit to that person but anyways I’m Attila with Cylanda and hopefully this is giving you a little bit of an idea and inspiration for today.
3 quick tips for parents working from home
Good morning there my friends. Today marks day 1 of Honolulu Mayor Kirk Caldwell’s emergency order today which requires Oahu residents to stay at home and work from home. It…
Cylanda continues operations during Honolulu emergency order
Honolulu Mayor Kirk Caldwell issued an emergency order today which requires Oahu residents to stay at home and work from home. This will go into effect on Monday, March 23, at 4:30 p.m. and will end on April 30 at 4:30 p.m. However, he also stated that “I believe that in all likelihood that it’ll be extended beyond April 30.”
Since the City and County of Honolulu identifies us as an essential service, we will continue operations and support for customers. We have already implemented a Coronavirus policy in our offices that protects employees and complies with CDC and federal guidelines.
We understand the impact this emergency order may have on your business. Our Security Operations Center remains available, prepared and ready to assist with remote worker migration, support and security. Simply call (808) 861-9595 or contact support at sos@cylanda.com.
We are here to be a helping hand during this unprecedented time of need.
Stay safe out there
How your computer can give you Coronavirus Covid-19
Hey guys, the world is nervous and talking about Covid-19 the new deadly strain of the Coronavirus. Here in Hawaii folks are buying toilet paper – all of it from anywhere it’s sold. There are parking lot fights at Costco and worse yet, you can’t get toilet paper. The whole island is out, so what does that mean to you? Absolutely nothing because what we’re going to talk today about something very important – how not to spread viruses by using your computer.
Most computers have keyboard, buttons and many touch points that can spread germs from one person to the next. For example, were I to hand my laptop over to someone else, I’m also handing off any germs sitting on any of those touch points. So, how can you keep your computer equipment clean so that the computers doesn’t spread the Coronavirus from person to person? Before we get into that, let me mention that these are all best practices and good hygiene in general when using electronics equipment.
To start, let’s talk about my best friend – disinfecting wipes. Getting your hands on a tube typically isn’t hard (except for now), so if you’re fortunate enough to have a stockpile, they are very tear resistant and perfect for cleaning computer equipment without damaging it. For example, I have a Microsoft Surface laptop and according to Microsoft’s website, disinfecting wipes are recommended for cleaning the device. After using them, the computer is now cleaner than ever and it’s been disinfected. No germs, yay!
While mainstream media and the CDC has been focused on reminding everyone to wash their hands, do you know what else should be kept clean? Your ears! And what do you use at the workplace that involves your ears? That’s right, your phone. So keep your phone nice and clean using those same disinfecting wipes! For years I’ve been called the neat freak, always cleaning my phone. From experience, I’ve had people use my phone, cough and sneeze all over it and leave. I wouldn’t know, use the phone and catch whatever that person had. No thank you. Keep your phone and computer clean!
Next think about ways to boost your immune system. I know it may be considered “new age” or homeopathic but you know what, why not try everything? Who wants to get sick? I know I don’t and I’m sure you don’t either. I personally drink kombucha – it is an acquired taste though. Kombucha is gross but full of probiotics that can give your gut, the seat of your immune system a little boost. Think about other ways to boost your gut biome such as supplements and probiotic capsules. Probiotic yoghurts are great but supplements much more bacteria per capsule there than you’ll find in any single source, including Kombucha or yoghurt.
Lastly, f you really want to try something new, there are essential oils. My favorite is the “4 Thieves blend” and to get the benefits of it, put a little bit of water into a diffuser, a few drops of oil and let it mist your workspace. You can get a diffuser practically anywhere such as drugstores, Amazon and even TJ Maxx. The reason that I personally like “4 Thieves” is because of its backstory. According to the long-told historic tale, the use of thieves oil dates back to the year 1413, the time of the infamous Bubonic Plague (aka The Black Death) that devastated a large portion of France. The Black Death spread like wild fire amongst the citizens, and the doctors alike. It seemed impossible to be in the vicinity without contracting it and at the time, the sickness really did mean ultimate demise.
During this time, however, four thieves were captured and charged for stealing from the sick and dying. The thieves never contracted the plague, despite the close contact with the Black-Death victims.
At that time the crime these 4 men committed was punishable by being burned alive. However, the judge was so intrigued by how these men had stayed immune to this terrible disease that he told them if they shared their secret he would spare them of this punishment.
The Thieves told the judge their secret: they were perfume & spice merchants who were unemployed due to the closure of the seaports and the devastation of the plague. They had prepared an essential oil recipe that when applied to their hands, ears, temples, feet & a mask over their mouths, kept them safe from infection. The judge stayed true to his word. The men were not burned alive, but instead they were hanged for their crimes.
From then on, doctors who treated Black Death victims put the herbal infusion on their hands, ears, temples & feet, and wore beak-like masks stuffed with cloths containing this special blend. The beak is how doctors got the long-lasting nickname “quack”. You may recognize this somewhat terrifying uniform as a scary Halloween costume worn today. Exactly the way you’d want your doctor to dress, right?
Essential oils are something to try in your workspace, perhaps get a bit of disinfectant in the air. If nothing else at least your surroundings will smell cleaner. So as a quick recap, use disinfecting wipes on your computer or phone, boost your immune system with probiotics and try essential oil disinfecting mist to minimize airborne viruses.
Stay safe and stay healthy out there.
3 things at-home workers need to know about Coronavirus Covid-19
Hi guys. According to Cloudflare, the company that monitors a sizeable portion of the traffic on the internet, March has seen an average of a 10% increase of online traffic…
New Russian scammers prey on US data breach victims
Hi guys, doesn’t it feel like a lot of data breaches have happened over the past year? Some of the more memorable ones include The United Nations, Microsoft, Facebook, T-Mobile, 7-Eleven, Capital One, NASA, Flipboard, FEMA, Dow Jones, Dunkin’ Donuts, Houzz and Equifax. Wow! Unfortunately, each one has had, let’s say “unique” effects on their respective industries and of course it’s been us as citizens and consumers who are the ones paying the price for these company’s negligence and poor cyber hygiene.
While you and I personally don’t have much say in how these companies handle these data exfiltration events, the Equifax settlement did seem like a step in the right direction. But the reality is that most people feel cynical about all these big companies being able to really protect our personal information.
Unfortunately, this latest scam put together by Russian scammers taps right into those fears. They assembled a fake government website that appears to be run by the “US Trading Commission” that claims will give you financial compensation for “leaking your personal data.” While this sounds legit and perhaps is something our government could do, namely give money to victims of data breaches, considering how expensive it can be to get back on track after identity theft, there is no such thing as the “US Trading Commission.”
If you get a phishing email and inadvertently get taken to one of these fake sites, you’ll be prompted to fill out a number of forms that of course, ask you for personal information such as name, social security number, bank account number, credit card numbers and so on, so that you can get paid. Suspicious yet?
The Takeaway
If you or someone you know starts entering in personal information on any website, be sure it’s not a phishing one. There are very few actual companies or agencies that request this kind of personal information and often it may be filled out in person at their local branch office. The U.S. government will never request you for personal information over the web. If you are owed money or need to provide information, they will contact you via traditional mail. No exceptions!
Stay safe out there.
New bank payment scam lets criminals control your computer
Never a dull moment here at the Cylanda Watchtower. The criminals are still at it, this time trying to trick unsuspecting victims into opening an email that looks like it’s from a bank trying to wire funds into your account.
Clicking the link in that phishing email means there’s bad news for you ahead. It will deliver a malicious remote access trojan called Remcos. The malware is an information stealer and surveillance tool that includes such fun features as logging the keys you press on your keyboard, taking screenshots of your computer screen and stealing clipboard contents to secretly harvest usernames and passwords as you use your computer.
The Takeaway
Surprise surprise, this isn’t probably the last phishing email you’ll ever receive. If you have an employee security awareness training program in place, it might be helpful to have a refresher on how to identify the telltale signs of a phishing email. It’s also a great idea to check your security software to make sure it’s up to date and if it has the ability to block you from accidentally visiting malicious websites, just in case an email like this ends up tricking someone at your organization. If you need help with either of these, feel free to reach out. We can help.
Stay safe out there.