The Michigan IT Experts

As a result of this increase in phishing attacks, endpoint security has grown much more focused, but the issue with phishing isn’t necessarily an issue with the strategies surrounding your technology--rather, it’s an issue relating to your organization’s users and their tendency for failure. Now, we know this sounds a little harsh, but it’s been proven time and again that employees need security training on how to handle credentials and other sensitive information. Let’s take a look at a couple different types of attacks you can be exposed to, and what you can do to keep your organization from becoming just another company that has suffered from a data breach.

Deceptive Phishing
Deceptive phishing is one of the most common types of phishing scams, and it aims to fool unsuspecting users into handing over sensitive information. This happens when the hacker sends a message to users that impersonates an actual person or company that the organization has some sort of relationship with. These hackers use deceptive phishing to convince users to hand over information like passwords, usernames, account numbers, etc. Since official credentials are being used to access these accounts, it doesn’t immediately become a security concern.

For the most part, these deceptive phishing messages are either ignored by the users, caught by filtering technology, or disregarded when they’re accessed. Unfortunately, the handful that actually do fool the end user are worth the hundreds-of-thousands that are sent to others. To keep your business from making this fatal mistake, you need to focus on increasing awareness of what makes phishing attacks so much different from your average legitimate email.

Some of the telltale signs of phishing messages include misspelled words, problems with sentence structure, and suspicious attachments or URLs. Always hover your mouse over a link before clicking on it to determine its location, and never download an attachment unless you know who’s sending it. Another thing to look out for is any financial institution or vendor demanding payment or access to your account--there are other, more official methods of outreach for methods such as these; and no bank or similar institution will ever, ever ask you for passwords.

Spear Phishing
Spear phishing attacks are targeted attempts against a specific user. For example, someone who sees a message from a coworker might let their guard down, but this doesn’t necessarily mean the message is safe. It just means that some hacker managed to find a way to mimic the sender in a way that is extremely convincing. Spear phishing attacks will often know the target’s name, title, company, work phone number, and much more--all to seem as authentic as possible so the user will click on a malicious attachment or URL.

Even social media isn’t safe from this trend. LinkedIn, for example, is one of the most common places where spear phishing is leveraged. It might be used for connecting with other business professionals, but it’s not hard for a hacker to imitate a business professional. We aren’t saying that you need to avoid social media like the plague, only that you should approach it with some sensible caution.

Pharming
That being said, more people are learning about these attacks by the day, meaning that some hackers have ceased these types of attacks for fear of their efforts being for naught. Instead, they turn to a practice called pharming, which is using an organization’s DNS server to change the IP address associated with the website name. This gives them a way to direct users to malicious websites to steal their legitimate credentials.

To prevent this from happening, it’s very important that you tell your staff to be sure they are entering their credentials into a secured site. The best way to make sure this happens is to look for the “https” in the hyperlink, as well as a padlock icon next to the address. It also never hurts to have an antivirus solution on each endpoint within your organization.

NuTech Services can help your business stay as secure as possible. To learn more, reach out to us at 810-230-9455.

What Are Biometrics?
Biometrics are a method of authentication that uses some sort of physical attribute or qualifier rather than a password or a key code. Some examples include fingerprints, voice patterns, typing rhythms, and so much more. They are easier to use than your typical passwords or key codes, and even better, they can be used in conjunction with traditional security measures and practices.

Let’s take a closer look at what some of these biometrics are, as well as the most practical way to implement them.

Biometric Types
There are two major categories for biometrics: physical identifiers and behavioral identifiers. Physical identifiers are by far the most common:

• Signatures: Signatures are one of the unique ways you can identify an individual, and you’ve surely seen this biometric used at least once somewhere or another. Whether it’s a transaction or an agreement, a signature can do much to guarantee someone’s authenticity.
• Fingerprints/Physiological Attributes: This particular biometric is often used to secure smartphones. Fingerprints can be used to determine the identity of the user, as well as various other physiological attributes, like palm scanning, retinal scanning, and facial recognition.
• Voice: Voice-based authentication is common all over the place these days, whether it’s a personal user issuing commands to a virtual assistant or a business using voice authentication to navigate automated answering systems.
• DNA: The technology to implement DNA sequencing into authentication is still a ways off, but it’s closer than you might think.

There are other behavioral identifiers that are used for biometric authentication. While these methods are still in development, here are a few examples of them:

• Typing Patterns: People all write in different ways, and the same goes for typing. Therefore, this can be used to determine the authenticity of the user based on their keystrokes and the pressure applied to the keys.
• Navigation and Engagement: In a similar fashion, the way that people navigate applications and systems can also determine identity. Mouse movements are quite showing, as well as how we hold devices.

Reliability (and Risks) of Biometrics
Biometrics are proving problematic to an extent, mostly because they can be inconsistent. Voices can vary depending on the user’s health or age, and faces can change based on a clean-shaven (or bearded) face, a haircut, or a pair of glasses. There are ways to work around this system, and with biometric authentication, there is much that needs to be taken into account.

Security is a Major Concern
This kind of data needs to be heavily protected, as it not only exposes sensitive information, but personal information as well. These kinds of credentials are also not easily changed, as they are heavily based on physical traits. For these reasons, biometrics may take some time to be adopted as the norm.

What are your thoughts on biometrics? Let us know in the comments.

New Gestures
The latest version of Android OS contains a built-in new gesture navigation system, but it might not be turned on automatically. To turn this on, go to Settings > System > Gestures. Then you must tap on Swipe on Home Button and press the on-screen toggle switch. You will see the change propagate almost immediately--the three-icon setup will change to a singular pill-shaped icon.

Navigation isn’t much different from the other builds, either. Tap the pill icon to bring back the homescreen and long press it to bring up your Google Assistant. You can then swipe up twice or long-swipe from the home icon to bring up your app drawer.

Another change that needed to occur is that Android 9.0 Pie removes the dedicated button for recent applications. Users now need to singular short swipe up from the bottom of the screen to open up a carousel gallery that shows all recently opened apps. You can then navigate by swiping between apps or using the home icon to swipe fast-left or right to move through the apps more quickly. To clear the apps, swipe up on the specific app window. To clear all of the apps, just scroll all the way to the left and tap the Clear All button to exit out of all running applications.

Android 9.0 Pie actually tries to predict what you’re likely to need next. These commands are within the apps. If you find it useful, you can drag these suggestions, found at the top of your app drawer, onto the screen. You can then find the shortcuts offered by each app by long-pressing the specific application’s icon. This includes opening an application in split-screen mode, a considerable improvement from Android 8.0 Oreo.

Device Notes
One extremely useful feature for smartphone users is the ability to open your device using a fingerprint scanner, but an even better one is when you can use the scanner on devices that don’t feature an in-display fingerprint reader to keep your screen from turning off.

The alarm clock in Android 9.0 provides some additional functionality. When your notification panel is open (swipe down from the top), you only need to tap on the clock in the system tray to open your clock app and manage the alarms.

What do you think about Android 9.0? What are your favorite features? Let us know in the comments.