COVID-19 Update For Massachusetts Clients

Governor Charlie Baker has ordered all non-essential businesses to close, effective noon Tuesday, March 24. "Baker said non-essential businesses shall close their physical workplaces and facilities to all workers, customers, and the public." The governor also stated  "Everyone is advised to stay home and limit all unnecessary activities," while announcing that he and state health officials are issuing a stay at home advisory for the residents of Massachusetts. Both will remain in effect until April 7. Source: CBS

What does this mean for our clients? Businesses that provide essential services are exempt. Among the businesses that will remain open are grocery stores and businesses that support them, gas stations, pharmacies and all medical facilities, and manufacturers of medical equipment, pharmaceuticals, and restaurants. Governor Baker is expected to release a full list of businesses defined as essential later today. If your business does not fall under an essential category and you would like to get your office setup for remote working, please email us immediately. We have resources in place to allow us to continue to provide you with the level of service, responsiveness, and support you have come to expect from IES. We are considered an essential business and are available for you, even with these orders in effect. However, effective Monday, March 23 at 10pm, all IES agents will be working remotely to support our clients and will only be legally allowed to go onsite to provide support if your business falls under an essential category. As always, we are reachable using any of the following methods: Phone: 781-816-9437 Email: contactus@iesadvisors.com Live Chat: iesAdvisors.com (click the chat icon that appears in the lower right corner of every page)Request Remote Login Setup

Here are some cyber security tips you should know when working remotely.

One of the key preventative measures for the spread of COVID-19 is social distancing. Luckily, in this increasingly connected world we can continue our professional and private lives virtually. However, with huge increases in the number of people working remotely, it is vital that we also take care of our cyber "hygiene".

Awareness and preparedness are both vital - you'll want to be sure you have the following basics: 

• Secure wifi connection. Most wifi systems at home these days are correctly secured, but some older installations might not be. With an insecure connection, people in the near vicinity can snoop your traffic.
• Fully updated antivirus system in place.
• Up to date security software. Security tools such as privacy tools, add-ons for browsers etc need to be up to date. Patch levels should be regularly checked.
• Remember to back up periodically. All important files should be backed up regularly. In a worst case scenario, staff could fall foul of ransomware for instance. Then all is lost without a backup.
• Lock your screen if you work in a shared space. (You really should be avoiding co-working or shared spaces at this moment - social distancing is extremely important to slow down the spread of the virus).
• Make sure you are using a secure, encrypted connection to your work environment.

Things employers should do: 

• Provide initial and then regular feedback to staff on how to react in case of problems. Who to call, hours of service, emergency procedures and how they evolve.
• Give suitable priority to the support of remote access solutions. Employers should provide at least authentication and secure session capabilities (essentially encryption).
• Ensure adequate support in case of problems.
• Define a clear procedure to follow in case of a security breach.
• Consider restricting access to sensitive systems where it makes sense.

If you have any questions about these tips or need to setup remote login to your office, give us a call at 781-816-9437.

Coronavirus COVID-19 Readiness: Work from virtually anywhere, anytime.

Like you, we're monitoring the latest news about the Coronavirus. That's why we're doing all we can to make sure our staff is standing by to aid with all your technology needs. We want you to have confidence that you can contact us anytime. In the event of a government mandated quarantine, not much will change. You can still: •Call our office 24/7 at 781-816-9437 to reach a tech •Open a support ticket 24/7 at iesAdvisors.com/portal •Chat live instantly with a tech from 9am - 10pm Monday - Saturday via our website •Email contactus@iesadvisors.com for a same day response Thankfully we are able to service most of our customers' issues remotely via the Internet using the latest in technology.

Working Remotely One of the many services available to our clients is the ability to remote into your work computer from another location. Some clients are already utilizing this service. Best of all, there is one low yearly cost. Here’s what we need to know to setup your account: •The business owner or manager needs to authorize us to setup your remote access account. •The name of each computer you want to access remotely and who will access it. •Each user’s email address. (Once the accounts are setup, we send instructions on how to use the system via email). •A secure password for each user to access the portal. Click the button below to launch the request using your default email application. We’ll reach out to setup your remote access up ASAP!

Request Remote Access Now

Phishing is real...Just ask Shark Tank host Barbara Corcoran.

Shark Tank judge Barbara Corcoran lost nearly $400,000 in an elaborate email scam that tricked her staff.

Corcoran said someone acting as her assistant sent an invoice to her bookkeeper earlier this week for a renovation payment. Staff believed there was "no reason to be suspicious" about the email because she invests in real estate, so the bookkeeper wired $388,700 to the email address. 

The problem was that the email address didn't belong to her assistant. The scammer imitated her assistant's email address and misspelled it with one letter. The mistake wasn't caught until the bookkeeper emailed the assistant's correct address for a follow-up.

Corcoran fell for a phishing scam, which is common: Nearly 30,000 people reported being a victim of that type of scam last year. Together they reported nearly $50 million in losses, according to the FBI's 2018 Internet Crime Report.

Phishing attacks are common methods of stealing usernames, passwords and money. Hackers pretend to be a trustworthy source to convince you to share personal data. To be safe, it's important to make sure the sender is authentic before clicking on a link.

Source: CNN Business

Yes, the NSA discovered a major security threat in the Windows 10 operating system. No, the Russians are not suddenly hacking you.

The IT world was waiting on pins and needles yesterday for a high profile Microsoft Windows 10 security patch, and the US National Security Agency (NSA) has enlightened us as to why. Apparently the government agency has discovered a serious flaw in Windows 10 that could expose users to surveillance or serious data breaches.

The NSA confirmed (link) that the vulnerability affects Windows 10 and Windows Server 2016. It said that it flagged the dangerous bug because it "makes trust vulnerable." However, it wouldn't say when it found the flaw and declined to discuss it further until Microsoft released a patch.

The vulnerability was found in a Windows component called crypt32.dll, which handles "certificate and cryptographic messaging functions," according to Microsoft. An exploit in that area could affect authentication on Windows desktops and servers, sensitive data on Microsoft's Internet Explorer and Edge browsers and many third-party applications. Hackers could also use it to spoof digital signatures, making malware look like a legitimate app.

A software patch was released yesterday to critical Windows 10 clients including the US military and managers of key internet infrastructure. Microsoft has since released updates for all customers, urging them to install them "as quickly as practical." as this flaw is being noted the second most severe in Microsoft's rating system. Microsoft has confirmed it has not yet been exploited, but is still a major security issue.

Venmo Scam Alert

If you use the app Venmo, be aware there is a scam going around.

With this scam, you will receive a text message telling you your Venmo account is about to be charged and If you want to cancel the withdrawal, you need to log on and decline it.

The message allows you to log on with any phone number and password. (The password we used to test this scam was wrong, but it had me continue on). It then asks you to verify who you are by entering the bankcard number and other personal/financial info.

The scam uses the same same colors and fonts as the Venmo App.

Do not use the pages provided by the text to enter into your account. Go directly to your Venmo app or use their Internet website.

If you have fallen victim to this scam and entered your personal information, contact your bank or credit card company immediately.

Is your business PCI compliant? Avoid fines for breaches!

Major breaches like TJMaxx and Target have been widely publicized in the past, but breaches at smaller businesses have received very little attention. This is mainly because information about these smaller occurrences have been very hard to come by due to two reasons.

First, not all states have disclosure laws requiring merchants to disclose breaches and secondly, card associations are not required to disclose individual cases.

According to a Wall Street Journal article, most breaches come from small businesses who are not up to date with technology or compliance laws. Here are some of the article highlights:

• More than 80% of the credit card breaches have occurred at small businesses.
• Visa levied $3.3 million in fines for non compliance against small businesses in just one year.
• MasterCard did not disclose their fines.
• Any business that accepts credit cards must agree to be PCI complaint.

Take for example the case study of Lodi Beer, a microbrewery and restaurant in California who unknowingly stored 11,728 credit card records in their point of sale system. (Track data from the credit card's magnetic strip cannot be stored according to PCI standards). When that data was breached, Visa and MasterCard fined Abanco, the restaurant's merchant account provider, $27,000. Abanco then in turn passed that fine onto the restaurant. In addition to the fines, this merchant has spent over $50,000 in remediation costs, legal fees, upgrades, etc. That is a huge amount of money for a small business. Had they been up to date with their technology, this situation could have been avoided.

Here are some interesting facts that you should know about PCI compliance standards:

• Visa, MasterCard and the other card brands have put the responsibility  of maintaining compliance status on the processor or merchant account provider. They've successfully done this with a policy of making them responsible for paying fines when breaches occur.
• While these processors are responsible for fines, they will almost always pass whatever they're fined onto the merchant.
• If merchants are ultimately responsible for the fines, it is their responsibility to maintain PCI standards and stay up to date with their technology.

IES would love to help you become compliant. Give us a call at 781-816-9437 or check us out online at iesAdvisors.com.