You get a text from an unknown number: "Hey Mom, I dropped my phone in the toilet. This is my new number. Can you send me $500 for the bill? I'll pay you back."

Your heart skips. Your kid is in trouble. You reach for your wallet.

Stop.

That's not your kid. That's a scammer who sent the same message to thousands of people, hoping a few parents would panic and wire money before thinking.

This scam has been around for years, but it's surging again. Scammers know parents don't think straight when they believe their child needs help. They use urgency and vague stories to bypass your common sense.

Here's how to protect yourself:

Call your actual kid. Use the number you already have. If they answer confused, you just dodged a bullet.

Ask a question only they'd know. "What did we name your first goldfish?" works better than "Is this really you?"

Never send money through gift cards, wire transfers, or Venmo to unknown numbers. Legitimate emergencies don't require iTunes cards.

Tell your parents. Older generations are heavily targeted because scammers assume they're less tech-savvy and more trusting.

Scammers are good at their jobs. They study human psychology and exploit the moments when we're most vulnerable. The best defense is a three-second pause before you act.

When your phone buzzes with an emergency, take a breath. Verify before you trust.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: February 6, 2023

Most of us have heard the saying, "Laughter is the best medicine." But when it comes to keeping your technology safe, is laughter really the answer?

Well, maybe not, but it can certainly help you remember some important tips! Here are a few ways to keep your tech secure without taking yourself too seriously:

Use a password manager: Trying to remember all your passwords is like trying to remember every joke you've ever heard. Use a password manager to keep track of them all and make your life easier.

Update your software: Keeping your software up to date is like keeping your joke repertoire fresh. You don't want to be caught telling the same old jokes (or using outdated software) that could leave you vulnerable to attack.

Back up your data: Losing your data is no laughing matter. Make sure you regularly back up your important files to avoid a tech catastrophe.

Be wary of phishing scams: Phishing scams are like bad jokes - they're easy to spot once you know what to look for. Be careful of suspicious emails and never give out personal information.

So while laughter may not be the actual cure for all your tech woes, keeping a sense of humor can make the process of staying safe a little more enjoyable. And remember, at Sparrowhawk Technology, we're here to help keep your technology safe and easy to use - no joke!

Originally published: October 11, 2022

It's October and that means it's Cybersecurity Awareness Month! Promoted by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) since 2004. October has been designated as Cybersecurity Awareness Month to help individuals protect themselves online as threats to technology and confidential data become more commonplace.

This month, I will write more and will try to help explain some of the cybersecurity concerns that face individuals and businesses alike. I hope this blog reaches people and helps put these issues and solutions into an easier form to understand.

Security Tip #1:

Install Software Updates as soon as they come out. These updates often include patches for security flaws. These vulnerabilities are used by hackers to compromise systems in order to do a variety of things from encryption (ransomware) to using your system as a resource (crypto-mining) and of course stealing data. Your computer, phone, and tablet can all be compromised using these methods. Keep them updated and protect yourself!

Originally published: September 26, 2022

Here is a quick tidbit of information to think about. Hackers are not just targeting large corporations for cyberattacks! That statement is not meant to feed the FUD (fear, uncertainty, and doubt) monster. It is to give you information that if you are an employee of a small or medium-sized organization, you may be even more at risk of being targeted for cyberattacks.

These days cybercriminals target smaller organizations because they assume that these organizations have fewer defenses in place to protect their interests. Worse yet, many businesses wait until after something happens to try to protect their organization. This is a faulty way to think, I encourage you to take a moment and think about how much you have invested in your company's security... It may have only been a little or possibly none, which could be just for the past year, but a lot can happen in a year. I recommend taking a moment and ensuring that all your computers and equipment are up to date with all the fixes/patches that they have available to start your dive into your own security. Whether it be at home or at work you can become a victim of a cyber criminal but with just a little preparation you can stop 70% of the attacks that you could be vulnerable to.

Share these tips with your employer, with your friends, and with your family!

- Never share your password with anyone. Additionally, use complex passwords, and use different passwords using a password manager.

- Look for red flags in emails such as a sense of urgency or a request for sensitive information. Carefully check the domain of the sender's email address and remember that any domain can be spoofed.

We hope you continue to protect yourself in the future and if you ever need some assistance or want to have a conversation remember Sparrowhawk Tech is here to keep your technology safe.

Originally published: September 26, 2022

Password security is sounding like a broken record these days. The news talks about yet another password breach, every site you need to log into requires a password and you are constantly reminded that it needs to be very long, very complicated, and ultimately something you cannot remember. I thought - maybe a bit more explanation would be needed to help explain this nightmare we call "Passwords".

The first thing you should know is that passwords are something very personal to you, typically people use something relatable to them such as a pet or relative, it includes important dates and things that would be most easy for them to remember. If you fall into this category, don't worry, you are not alone. Here is the problem with that line of thinking. Your social media profile (Facebook, Twitter, Instagram, etc.) probably has most of the information that your password contains already in it. No; someone is not going to be looking at your Facebook and instantly know your password. BUT: an experienced hacker may use a scraping tool to gather all the words from your social media profile and words used in your comments to build what is called a word list. This list contains every word you have put onto social media. They will then use a tool to "Brute Force" your password using different combinations of these words.

You may have read at one time that a 12-character password takes billions of years to crack. Well, computers have gotten a lot better at this over the years and the new estimate on how long it takes to crack a 12-character password is now 2 seconds if it is just comprised of numbers.

What do I do!?!?! Don't worry, there is always a resolution for these issues. First understanding what the problem is will be the first step to resolving it. The problem being how in the world do I create a long and complicated password and then remember it? The good news is that its fairly easy. Think of a sentence, yes go back to grammar school and a properly punctuated sentence works. The password "sparrowhawk" takes 2 hours to crack, but what about the password: "Sparrowhawktechisawes0me!" well good luck cracking that in a trillion years. Better yet, using spaces is an amazing security measure in a password! A password such as "Sparrowhawk Tech is number 1!" works on every level and a secret that nobody tells you is that spaces in a password cannot be defined in a word list and therefore cannot be easily cracked!

But there is also the problem that everyone is supposed to use a different password for every site. This is something I fully condone! You should, you must! This protects you if that site is compromised and they get your password, if you use the same password to your bank you have given them access that quickly. Credential stuffing makes use of passwords gained from breaches against other sites trying to see if someone reused a password.

There is a solution for this as well! Use a password manager, something like LastPass is a password manager that you can use that will create a new password for you and remember this new password and even better it will automatically fill it out for you! There are many password managers and at the end of the day, a notepad at home with all your passwords is far more secure than using the same password for everything.

Some recommended password managers that come to mind are LastPass, 1Password, and KeePass. There are many more, these are amazing, you can install them on your smart phone, your computer, and your tablet. Remember one password and have much greater security than before!

Continue to protect yourself and if you ever need some assistance or want to have a conversation remember Sparrowhawk Tech is here to keep your technology safe.

Originally published: September 26, 2022

Did you know that one of the most often looked over aspects of IT security is actually Physical Security? With today's complex threats, physical security has unfortunately taken a back seat...

As few as 15 years ago, if you mentioned security to someone in the business world, they would immediately think about alarm systems, badge readers and door locks. The focus today is on logical security - threat management, breach detection, intrusion prevention, etc. With the threats we face today from all over the world, logical security is very important. Physical security has unfortunately been relegated to the realm of secondary concerns.

According to csoonline.com "the world of CISSP certification, physical/environmental security has historically been one of the nine domains. As of 2015, it was combined with another domain that includes other items, further evidence of its diminishing importance in the minds of many security experts." With physical securities role being diminished, in regards to the most sought-after technology security certification, the public has shown that they are starting to overlook it as a concern. However, I know that physical security is still of vital importance to information security, and is dangerous to overlook.

Whether it be through an open lobby where a person can walk into the business directly without someone to stop them, an unlocked data center where an intruder could get to your IT systems without anything stopping them, poorly secured doors, lack of surveillance, or inadequate intruder detection a person could cause havoc, steal valuable information, or gain full time access to your network without anyone even noticing. Many times the first instance of a foothold on a network comes from a form of physical breech. A company will spend hundreds of thousands of dollars securing their network perimeter but will leave computers unlocked and servers sitting on a shelf out for people to gain access to. All it takes is one person to have access to a server for less than 30 seconds and your entire business could potentially be taken offline or worse have all valuable information regarding the business and clients looted.

It sounds scary but it is the truth, overlooking your physical security at your business puts you at great peril.

It is always a wise idea to put defensive measures in place wherever possible, install doors and locks to prevent access to computers, enable screensavers that require passwords to unlock computers, enforce the Windows+L shortcut (Lock computer) when people leave their computer. Install security cameras such as Verkada cameras anywhere valuable information is stored. Even if the server room is locked there should be a camera located in it, looking at your servers.

If you want a physical security assessment please feel free to contact us and we will be happy to assist you in getting your physical security in order, whether it be through security controls or cameras we are specialized in finding weaknesses and teaching you how to counter them.

We stand by ready to help you keep your technology safe.

Originally published: September 26, 2022

Has anyone talked to you about Phishing lately? I am guessing that if you have been reading anything online or in a business article you have seen this mentioned at least once.

The real question is, do you know what Phishing really is and better yet do you know how to not fall victim to it?

Simply defined, Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

So, what is Phishing? The word "Phishing" comes from the analogy that Internet scammers are using email lures to "fish" for passwords and financial data from the sea of Internet users. The term was coined in the 1996 time frame by hackers who were stealing America On-Line accounts by scamming passwords from unsuspecting AOL users.

I admit, everyone is prone to fall victim to this type of attack, in fact it is in our nature to act quickly when approached with vitally important issues that we believe may affect us personally. This is where Phishing "hooks" the user they have targeted. This is why these scammers have used these following 11 top subject lines in their Phishing emails:

1. Review or Quick Review

2. Bank of ; New Notification

3. Charity Donation for You

4. FYI

5. Action Required: Pay your seller account balance

6. Unauthorize login attempt

7. Your recent Chase payment notice to

8. Important: (1) NEW message from

9. AMAZON : Your Order no #812-4623 might ARRIVED

10. Wire Transfer

11. Assist Urgently

If you click on the links contained in these malicious emails you fall prey to these scammers and you can compromise your identity, your username/password, your network or computer security, and a slew of many other things.

The best word of advice for these is "Think before you click". If you look closely at the email you will find tell tale signs that it is not legitimate, whether it be a link that does not go to the actual website that is supposedly contacting you or bad grammar/spelling.

Be careful out there in the Wild West that we call the Internet these days, there is always a bandit wanting your money. If you want to know more contact us and we can conduct training for you and your employees or just have a candid conversation about Phishing.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: March 30, 2018

Unfortunately, in the digital world we live in it is a must that we use usernames and passwords for everything. The downside of this is that it brings a greater risk every time you enter a set of credentials you are giving someone else the keys to your castle in some ways.

In case you did not know, the popular app "MyFitnessPal" and website (which is owned by Under Armour) disclosed that in February their datastores were breached and 150 million user's sensitive data was stolen. This data included usernames, passwords, and email addresses.

The problem that I see with the reporting of this breach and the action that MyFitnessPal is taking to force users to change their passwords is that yes - you changed your password to their site, but what about all the other sites that you used the same username and password on? That is our problem - we reuse the same usernames and passwords for everything!

Unfortunately, the "bad guys" don't sit around thinking of different aspects of your life trying to figure out what your password is. Today's hackers normally operate in this way: a group of shady jerks target vulnerable websites that you may use, but are not protected nearly as well as, say, Bank of America. Sometimes, scoring access to a customer database is as easy as tricking a low-level employee with a fake email. Once a thief scores your information including email and password - usually acquired in bulk - the first thing they do is try it on every account linked to your email.

Do you see the problem now? I cannot stress this point enough - DO NOT USE the same password for everything important in your life.

Are you worried now? I sure am. The first thing to do is to see if your data has been included in any of the more recent hacks. A website called "Have I been Pwned" gathers the email addresses that were compromised in these hacks and formulates a database. You can enter your email address to determine if it was compromised. This service is free and has an option to be alerted if your email shows up in future hacks. DO THIS.

The next thing you need to do is change your password - not just on the site that was compromised but on EVERY site that you used that same email and password combination on.

If you have the option to enable two factor authentication (2FA) do so at this time, this is one sure fire way to keep some jerk from logging in as you.

This trend will continue as there is no true way to stop thieves from stealing, and the most vulnerable part of all technology tends to be the humans who interface with it.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: December 1, 2017

Lack of cybersecurity training ranked #1 as the cause of ransomware infections among small businesses in 2017.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: October 25, 2017

This week we have learned of another version of Ransomware that has been found, this version called "Bad Rabbit" is in Europe now but could be here any day, or another version of it could jump over the ocean. It leads me to the question; what do you know about Ransomware? Not just the word that is in the news - do you know what it is, what it does, and how it happens? Worse yet what do you do when you do get it?

I can speak in depth on this subject as having been through and attack like this before. It is an ugly situation which evolves so quickly that you have already lost all of your data before you know what happened or that it is even happening. By the time you figure out that it is going on you have most likely lost most of your business data. I was lucky and I had prepared for such an incident, I knew that no matter how much training users had or how much security I put in place that there is always a gap that something can come through. I had backups - this was the savior and I want it to be for you as well.

How it works:

1. End user receives an email that appears to be from their boss, friend, family member, or another trusted person. The email contains a URL to an application such as Salesforce, Workday or ZenDesk, etc...

2. When you open the link it directs the user to a website which seems legitimate. The page is actually a landing page for an exploit kit.

3. Upon loading the page, the web server begins communicating with the victim machine, finding vulnerabilities and attempting to push malicious code.

4. Once execute, the program deletes existing shadow copies to limit recovery options.

5. The binary uses PowerShell to propagate copies of itself and begins encrypting files of specific extensions.

6. After encrypting the victim's files, the malware sends the encryption key back to the command-and-control server.

7. The server then sends a ransom message to the victim.

To amplify the victim's distress, ransomware often includes a countdown clock with a deadline for paying the ransom - or else the decrypt key will be destroyed.

So, what do you do next? If you have done proper preparations you can restore your servers or systems back to the state they were in right before the attack.

If you encounter this terrible situation Sparrowhawk can help you out, we specialize in affordable backup solutions for businesses, which can restore you back to a running state quickly.

Sparrowhawk - keeping your technology safe.

Originally published: October 8, 2017

If you have been paying attention to the news for the past couple weeks you know that yet another very large data breach has happened and billions more passwords and other personal data has been stolen. (Yahoo breach) This just another, in a long string, of examples of how much you may think your data is safe it truly is not. It is true that most companies have accepted that they will at one point lose important data either by hackers or virus in many circles it is not just a matter of if but when. This is something that you should also think about personally.

If you are like most people (myself included) you use a great password, you have put a lot of thought into it and know that you have followed all of the general guidelines to make a good password - long, capitalized and non-capitalized letters, special characters... and the list goes on. After all this work you know that your password is invincible to someone trying to break into your system. Here is the problem though - you use this password for everything. In fact, you find that this password is so good you use it for banking, your systems accounts, Amazon, etc... Well, what happens when one of those places you trust to guard your password has a data breach? Whoever enacted the breach now has access to all the other places you have used the password.

So the question is, what can I do as this seems to be a problem without a good solution? Well, there is a solution and it's not nearly as hard as you may think - Password Managers! The use of a password manager can help you to have many different various and complicated passwords which you can use without even having to remember them. This is one of the best solutions which you can employ to help protect your passwords. They rely on only one "master" password, this password will unlock an encrypted file which contains all your passwords that you can then access and use.

I personally use LastPass Who uses the slogan "Simplify your life". They integrate into all browsers and will even fill in your passwords into websites for you. All you need to do is remember your one password.

There are other options as well, for work I use a program called KeePass. This program does not rely on an internet connection and remains on your machine as an encrypted file which you unlock with the password. This is a great option for work where you need a lot of internal passwords for machines and systems.

I recommend if you have not done so already - change your password and get a good password manager so the next time a company loses your data it is only the data on their site and not access to your entire world.

Sparrowhawk - Keeping your technology safe.

Originally published: September 10, 2017

This week we learned of one of the nations three largest credit institutions having one of the largest most in-depth breaches of data security and loss of private information in U.S. History.

The way that hackers gained access to company data that potentially compromised sensitive information for 143 million American consumers, including names, addresses, birthdays, Social Security numbers and driver's license numbers has all come down to gaining access to files in the company's system. From somewhere in mid-May to July hackers exploited a US website application vulnerability to gain access to these files.

To further worsen the situation, just days after the company admitted that it detected a breach, three executives from the company sold a combined $1.8 million in stock. More suspicious than that is that it took over a month for the firm to disclose that there was a breach in the first place.

Unlike some of my other posts this post does not deal with much of the technical side of how to prevent a data breach but rather how to not conduct business with your customers if it does happen. Of course the best way to deal with this is to defend your data in every way you possibly can. Keep your infrastructure security up to date and make sure to always take time for security, it may take a bit longer but in the long run it is better.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: September 3, 2017

I suspect that you may have heard about how scammers are starting to use the most recent events in Texas to garner money from people. In fact it has already reached a point where several US Government agencies are issuing warnings about it. Such as the US Computer Emergency Readiness Team (US-CERT) issued a reminder that malware purveyors frequently use natural disasters and other breaking news items of broad interest to trick people into clicking on malicious links or opening booby-trapped email attachments.

Terrible people have been using bad events to try to con people out of money for years, one would venture to call it one of the oldest tricks in the book. But now with the digital age we find that they are smarter than ever before – presenting very compelling information and pictures which makes one believe that you are truly going to help someone out.

In the sense of giving I believe that most of us want to do good and help each other out. It is part of our being that drives us to help. So, please keep in mind when you are compelled to do so that you should be careful in what you are looking at and what you are doing. Use only trusted sites which you know have been around and are doing good in the world. DO NOT click on links to donation pages from people you do not know or from sources which are not legitimate.

Anymore it takes more than Anti-virus to protect your system it takes careful steps in preventing others from attacking it in the first place.

Please think before you click and Keep Your Technology Safe.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: August 27, 2017

According to Black Hat's 2017 survey, "Portrait of an Imminent Cyberthreat," phishing is one of the greatest and most time-consuming challenges security professionals face today.

Unfortunately this is due to the fact that phishing and social engineering have become the easiest way for people to breach company and personal IT security assets and/or cause damage from a distance.

Users tend to overlook basic security concerns in the favor of "getting the job done". This can be due to many factors such as lack of training or lack of concern. Unfortunately without a strong support for security practices from the senior levels of management with a re-enforcement from mid level management. Adherence to security policies which are given during training received by all employees there is no other true combat for phishing schemes and social engineering attacks.

Unfortunately even with the most advanced technical security controls on your machines, your security is still vulnerable to users who are not fully educated in social engineering and how to identify phishing messages.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: August 25, 2017

Small businesses are being hacked and falling victim to malware and ransomware attacks at a high rate they just do not make the news. This is taking place because of many different reasons but most of them include the incorrect way that people think "we are too small for someone to care" or worse yet, we do not need a cyber-security policy – we have never had a problem before.

Unfortunately, the misguided way of believing that it can't happen to us is far from the truth. Worse yet for the small business is how quickly the attackers are turning to them as their targets. Large companies have entire departments dedicated to preventing and mitigating such things. Smaller businesses have possibly one IT person who is trying hard to keep operations smooth and does not focus on the security every day.

This is why I created Sparrowhawk Technology, I want to be that stop gap for your company. I can let you know where your blind spots are in security and help you fix them.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: August 15, 2017

One of the newer phishing attacks is using PowerPoint slide decks to attack a known Windows vulnerability. The malicious PPT file triggers an exploit for the CVE-2017-0199 vulnerability, which starts the infection process and gets malicious code to run using the PowerPoint Show animations feature, which downloads a file logo document if successful.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: August 14, 2017

Industry Robots to Windmills are all at risk to malicious intent hackers. In recent reports there are many vulnerabilities that exist in these systems making them susceptible to unauthorized activity to business extortion. Make sure to secure your whole infrastructure!

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: August 14, 2017

Google has recently released an update to iOS that will alert you to potentially harmful links. This helps you and your employees identify whether a link is legitimate or fake.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: August 14, 2017

The person who first created the Password policy that we have all been using has admitted it was a mistake.

It turns out that long phrases that you remember are much better and far more secure than the complicated password with various special characters and random capitalization.

Sparrowhawk Technology - Making your technology safe and easy to use.

Originally published: July 14, 2017

As an experiment a UK based Wi-Fi provider added a "community service clause" to its usual terms that stated users may be required, at Purple's discretion, to carry out 1,000 hours of community service that may include: "cleansing local parks of animal waste," "providing hugs to stray cats and dogs," "manually relieving sewer blockages," "cleaning portable lavatories at local festivals and events," "painting snail shells to brighten up their existence," and "scraping chewing gum off the streets." – Of course, they did not follow through but it shows how much we overlook agreements when clicking through them to gain access to the Internet on a public system.

Sparrowhawk Technology - Making your technology safe and easy to use.