Skip to main content
Cogent Technology Solutions

Blog

Be Cyber Smart – Passwords

Written by Larry Strunk
October is Cybersecurity Awareness Month, one of the themes is ‘Be Cyber Smart’ and own your role in keeping your devices and accounts secure. Part of owning your role is using secure passwords.
As part of Cybersecurity Awareness month, we are posting our password best practices.

MAKE A LONG, UNIQUE PASSPHRASE – Length trumps complexity. A strong passphrase is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember.

CHANGE PASSWORDS AFTER BREACHES – If a company or website you do business with or have an account with has a data breach, change your password right away. If you have used that password somewhere else, change it everywhere you used it.

RANDOM IS BETTER THAN PREDICTABLE – Kz7w$ is better FallistheB3ST! Don’t use information that is easy for people to guess. Using your birth month and year for a pin, or a list of your childrens first names is fairly easy for someone to guess.

DON’T REUSE PASSWORDS – Keep them unique. This is hard to do but critical to limit damage when one of your accounts gets hacked phished, or otherwise compromised.
Instead of changing your password every month, change them less frequently so you aren’t tempted to put it on a sticky note at your desk.

Practicing cyber smart password practices is difficult given all the sites we need to log in to. Consider using a password manager to help. A password manager securely stores your passwords and can fill in your login page automatically. We like LastPass, but 1Password and KeePass are also good solutions. Contact us to learn more about password managers or help in creating strong passwords and password policies.
Uncategorized

Do you need Windows 11 now?

Written by Larry Strunk
Windows 11 desktop with Do You Need Windows 11 Now? overlaid.

Windows 11 was released on October 5th, and you have probably seen some ads for it.  We have been test driving a pre-release version of Windows 11 for a while now.

From what we’ve seen, this isn’t a major update. The changes in Windows 11 are mostly the new user interface. Other new features make working with multiple monitors and huge high resolution monitors a bit easier to manage.

For business uses, we are not recommended upgrading to Windows 11 right now. By default, we are blocking the upgrade to minimize disruption. Windows 10 will continue being supported through October 14th, 2025, and computers that are 5 years old can’t run Windows 11.

If you are buying a new computer for home and personal use, don’t be concerned if it comes with Windows 11, it is not much different under the hood from Windows 10 and shouldn’t have many compatibility issues.

Uncategorized

Beware of Covid-19 Vaccine phishing emails

Written by Larry Strunk



On Friday December 18th, the US DOJ seized two domain names that were claimed to be the sites of companies developing treatments for Covid-19.

The sites were really being used to
collect personal information of visitors and then use them for further phishing and malware attacks.

Don’t make the mistake of thinking there aren’t more fraudulent sites looking to steal your information or infect your computer.



Credential phishing emails use social engineering to exploit some of the basic questions and concerns that users and employees will have about the Covid-19 vaccines;
How soon will a vaccine be available?
Will it be safe?
How can I get it?
When can I get it?
How much will it cost?
Should I get it?

Credential thieves will promise to provide one or more answers to the above questions to tempt you to click the links and sign in or supply your personal information.
If you receive an email with links to answer the above questions, Think before you click!

Below is a screenshot of an actual phishing attempt using the Covid-19 vaccine to get users to click the link in the email and fill out a form.

If the user clicks on the link, they are taken to a fake site that is made to look like Adobe’s document cloud service asking you to login.

Once you sign in, the crooks get your login to use for other purposes. If you do have questions about the vaccine, don’t get them from an unsolicited email, text message or social media messaging apps.
Go to a trusted source directly, ask your medical professionals, or your County Health Department.
Think before you click!

Security

Holidays Bring the Worst Out in Cyber Scammers

Written by admin

We are in the peak of shipping scam season. Sent via email or text, the simple message that a delivery may not make it by Christmas is all that’s needed to get you invested enough to need to find out more, click links, provide credentials, etc.
Any legitimate shipping notification will provide some details you already known (e.g., the company shipping the item, your address, etc.)

If you receive an urgent shipping delay notice, don’t click on the links in the message. If you think it might be about a package you are expecting, contact the store, you are expecting the shipment from. If that’s not possible, try to track the package via the shipping companies’ website.

Do you know the red flags for Holiday Phishing emails?

We partner with a company called KnowBe4 to provide security training to help you and your staff be better able to recognize scam and phishing emails. Please contact us to learn more.

Important, Security,

10 Holiday Cybersecurity Alert Tips

Written by admin

Happy Thanksgiving!
It’s Holiday Season for the cyber crooks as well as all of us.
But not the way you might think. They go into scam-overdrive mode.
Black Friday and Cyber Monday are the busiest online shopping days and the bad guys are planning to get rich with your money. So, here are 10 Holiday Cybersecurity Alert Tips:

  1. Be wary of ads, giveaways, and contests that seem too good to be true. These run rampant during the holiday season!
  2. Pay close attention to the websites you visit and shop on. It’s safest to only use those you trust. Watch for mispelled site names.
  3. Watch out for holiday greeting cards that may not be the sender you think! Don’t open these unless you’re certain you can trust who they came from.
  4. Keep an eye on your bank accounts and monitor your credit report regularly.  Watch for unexpected charges. It’s easier to miss fraudulent charges when you are doing a lot of on-line shopping.
  5. Be careful with messages regarding shipping changes. Always use official channels to stay updated.
  6. Keep all devices up to date with basic security measures to lessen your chance of becoming the victim.
  7. Only connect to known Wi-Fi networks; beware of network names that have typos or extra characters.
  8. Use strong, unique passwords on all accounts. This is a good time to update passwords!
  9. Be safe on all social media; don’t overshare and take the time to review your privacy settings on the platforms you use.
  10. Keep devices in view (or know where they are) throughout the course of all holiday travel.
Security, Tips and How To

New Text Message Scams

Written by Larry Strunk

Just like email scams, text message scams use current events to trick you in to responding and giving away your personal information. Text message scams ratchet up the urgency and scare tactics to fit the short message format and try to get you to respond without much thought. The latest text-based scam tied to current events is using COVID-19 tracing to get you to download an app or visit a website and give personal information.

You receive a text message saying “Someone who came in contact with you tested positive or has shown symptoms…More info at link” If you tap on the link, you are sent to an official looking website that starts asking for personal information, or attempts to download an app that will ask for access to your information.  Don’t tap the link. (Source)

In Michigan, you may get a text message from the ‘2051’ prior to being called by contact tracers from the state or county health departments. The phone call itself will come from 866-806-3447, ‘MI COVID HELP’ or your local health department.

Health department tracers will never ask you for personal identification like your Social Security Number, driver’s license, or credit card information. 

If a caller claims to be working for the health department and asks for personal identification or financial information, it is a likely a scam. For more info on how Michigan is conducting contact tracing, go to the Michigan.gov site about tracing.

Security, Uncategorized

Microsoft Warns of a Massive Covid-19 Excel Phishing Attack via email

Written by admin

The emails claim to be from ‘Johns Hopkins Center’ bearing “WHO COVID-19 SITUATION REPORT”. The attached Excel file, if opened, shows security warning show a graph of supposed coronavirus cases in the US. The file contains a malicious Excel 4.0 macro which downloads & runs NetSupport Manager remote administration tool (RAT).

Microsoft has seen several hundreds of unique attachments designed to avoid antivirus scanners. We expect that the details of the attack will change over time with new faked senders, new email subjects and different file types.

The best way to avoid the attack is to be skeptical and “Think Before You Click”. Johns Hopkins does not send attachments in their update emails.

Be skeptical and cautious – Don’t respond to sensational email marketing. If you are not sure if an offer is real or fake, use your browser and trusted sites to research further.

Fore more info see this post from our Security Awareness Training Partner, KnowBe4.

Important, Security, ,

Don’t reuse passwords! (and other password guidelines)

Written by Larry Strunk

Last week, 530,000 Zoom accounts and passwords were for sale on the dark web (5 for a penny). Investigators think that the accounts were not ‘hacked’ or stolen from Zoom or exposed by a vulnerability. Instead, the account list was likely created from an old data breach. This is called credential stuffing. The crooks take known email addresses and password pairs and try them on other services.

This event is a good reminder that reusing passwords is bad. If one of your accounts has a data breach, or your password gets hacked by other means, the bad guys will try that account name and password on every other site they can. If you have reused that compromised password, you are now in a race with the credential thief. to change your password at every service you used it.

Our guidance on passwords:

One password per service – Keep them unique. This is hard to do but critical to limit damage when one of your accounts gets hacked phished, or otherwise compromised.

Longer is better – But only if you follow other good practices. ThisIsMyPassword is long, but it’s not a good password!

Random is better than predictable – dgr4&J2Q is better than Thing1&Thing2

The most likely way your password will get to crooks these days is a data breach or getting it from you directly via a phishing attack. The strongest password doesn’t help much once the bad guy has it. That’s what makes sharing passwords between sites so bad.  Let’s say that you were tricked into signing in to a fake Facebook login page. Now the bad guys have your info and can try your Facebook login at all of your other accounts.

With the number of accounts each of us has, it can be very hard to follow the one password per service rule. 

Using a password manager makes one password per account easier than typing the same password several times a day. A password manager securely stores your passwords and can fill in your login page automatically. We like LastPass, but 1Password and KeePass are also good solutions. Contact us to learn more about password managers or help in creating strong passwords and password policies.

Security, Tips and How To,

Phishing Attacks and Scams are Surging

Written by Larry Strunk

Whenever the news is dominated by an event, we see an increase in phishing and scam attempts that use that event to trick people into giving up their logins or download malware.

The COVID-19 (coronavirus) pandemic is no exception. The number of email and scam web sites using COVID and coronavirus are growing exponentially, just like the virus.
What to do? You need to stay vigilant at all times and “Think Before You Click”

Many of the attempts are using the same techniques we’ve seen during hurricanes, earthquakes, and wildfires. The email will often be made to look like they came from your boss, a government official, or trusted contact. They may offer you exclusive information you have to download or click on a link to get.

Be skeptical – If the email seems like it’s from someone you know or work with, verify they sent the email via phone or chat.

With more of us working from home, credential thieves are pushing out spoofed file sharing emails asking you to log in to retrieve a file from a coworker. They do a good job of making the email look like a typical email from OneDrive, Dropbox or another file share site. The difference is the link will take you to a convincing fake login site designed to get your account information.

Be skeptical – If an email appears to be from someone you know or work with and has a link or button to download a file, verify they sent the email via phone or chat.

Scam/Spam email has also increased, these email and ads are offering high priced ‘Coronavirus Masks’ or ‘CDC recommended’ disinfectant. There has also been an increase in fake charities seeking donations. If you are lucky when buying into one of these scams, the scammer will only receive the price you paid for the fake CDC wipes. If the scammer is particularly nasty, they will keep and use your payment information.

Be skeptical and cautious – Don’t respond to sensational email marketing. If you are not sure if an offer is real or fake, use your browser and trusted sites to research further.

Security, ,

Staying productive and sane while working from home

Written by Larry Strunk

The coronavirus (COVID-19) has required social distancing and shelter in place directives that have forced a large number of people to work from home.  While working from home does allow us to avoid a commute and even work in sweats and a t-shirt, it comes with challenges.  Going to work in an office provides structure and focus.  After all, you cannot jump up and do a load of laundry or have your significant other or children pop in to ask you a question.

I have been working from home since 2013 and have compiled some of my best work from home tips below.

Keep as much of your existing morning routine as practical. This helps you transition from ‘being at home’ and ‘being at work’. It’s easier to stay focused on work if you have a routine that transitions you mentally from at-home mode to at-work mode.

Create a space to work. As much as possible in your home, create a separate space to work. Avoid working on your bed or couch if possible. If you don’t have an office area, the kitchen table or island can work well. Don’t forget to pay attention to the ergonomics of your work area, painful back, shoulders or wrists don’t help with productivity or your health.

Create a schedule and include breaks. This is another practice that helps keep the distractions surrounding you from affecting your work. It is also very easy to end up working, when you should be focused on your home and family and resting.
When working from home you might need to schedule your breaks, it is easy to forget to take them and even easier for them to end up being hours long when you see the undone home projects that are also waiting for you.

Establish rules and ‘signals’ with the other people in your home. This is one of the most difficult items to manage. Clear rules for things like TV/volume and an agreed upon signal for when you can’t be interrupted will help. Even though I’ve been working from home for 7 years, this still takes work, we have had to adjust that more since there are now four people working from home here. If you have more than one person working from home, make sure you share your meeting schedules.

Make time to interact with your co-workers.  It’s easy to get isolated when working from home. Use the phone, web meetings and chat to stay connected to people.

Reduce on-screen distractions on your computer. If you are using remote desktop software (LogMeIn, Splashtop, etc) set your view of your work computer to full screen. This will help keep the distractions of your personal pc out of sight. If you are working directly on your home PC, consider creating a ‘Work’ user on your computer, with none of your personal bookmarks or social media accounts logged in.
The idea is to get the things you do for ‘fun’ on your computer from tempting you while you are working.

Tips and How To